linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lino Sanfilippo <LinoSanfilippo@gmx.de>
To: "Tj (Elloe Linux)" <ml.linux@elloe.vision>
Cc: Kees Cook <keescook@chromium.org>,
	James Bottomley <James.Bottomley@HansenPartnership.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	linux-integrity@vger.kernel.org, jsnitsel@redhat.com
Subject: Aw: Re: Bug: TPM returned invalid status
Date: Fri, 9 Apr 2021 11:55:05 +0200	[thread overview]
Message-ID: <trinity-7c4b1b78-7c33-480e-a8bd-0536a4c67599-1617962105587@3c-app-gmx-bs15> (raw)
In-Reply-To: <5e48c9ad-9e53-c079-83d1-7fea50412142@elloe.vision>


Hi,

>
> On 30/03/2021 03:04, Kees Cook wrote:
> >
> > Does this series solve the issue too?
> >
> > https://lore.kernel.org/linux-integrity/1613955394-13152-1-git-send-email-LinoSanfilippo@gmx.de/
> >
> > (I haven't had a chance to test either series with my TPM, but I see the
> > same "TPM returned invalid status" errors recently.)
> >
>
> Unfortunately no. I tested it immediately but forgot to let you know.
>
>
> kernel: Linux version 5.12.0-rc5tpm-fix+ (tj@elloe000) (gcc (Ubuntu
> 9.3.0-17ubuntu1~20.04) 9.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #29
> SMP PREEMPT Tue Mar 30 09:05:15 BST 2021
> ...

Well you tested the series with 5.12-rc5 while it was based on 5.11. Patch 2
in the series is supposed to fix the "invalid status" warning by making sure
that the required locality has been requested before.
To avoid such issues at all and to simplify the whole locality handling (and
also to be prepared for interrupt handling which also requires locality management)
that patch furthermore ensures that the locality is requested only once at driver
startup and not released until driver shutdown.

However between 5.11 and 5.12-rc5 there have been at least two patches that
again introduced a locality request/release combo (d53a6adfb553 "tpm, tpm_tis:
Decorate tpm_tis_gen_interrupt() with request_locality()" and a5665ec2affd
"tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality()").

The latter results in the locality being released again before tpm_tis_status()
is called and thus reintroduced the issue patch 2 fixed.

I will prepare another series based on the latest kernel but at least for 5.11
the series should fix the issue (and also make interrupts working).

Best regards,
Lino


  reply	other threads:[~2021-04-09  9:55 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-25  9:00 Bug: TPM returned invalid status Tj (Elloe Linux)
2021-01-27 17:58 ` Jarkko Sakkinen
2021-01-27 18:00   ` Jarkko Sakkinen
2021-01-27 18:11     ` James Bottomley
2021-01-28  5:59       ` Jarkko Sakkinen
2021-03-30  2:04       ` Kees Cook
2021-04-08  9:03         ` Tj (Elloe Linux)
2021-04-09  9:55           ` Lino Sanfilippo [this message]
2021-04-14 11:05             ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=trinity-7c4b1b78-7c33-480e-a8bd-0536a4c67599-1617962105587@3c-app-gmx-bs15 \
    --to=linosanfilippo@gmx.de \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=jarkko@kernel.org \
    --cc=jsnitsel@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=ml.linux@elloe.vision \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).