[PATCH 0/2] tpm: add optional max xfer size check

[PATCH 0/2] tpm: add optional max xfer size check

[Andrey Pronin]

This patchset introduces an optional maximum transfer size that can
be specified by a tpm driver. Setting the max_xfer_size helps to catch
the cases when burstcnt is incorrectly reported by the device (e.g. >64
for spi - happened in practice) and gracefully handle such situations.

Andrey Pronin (2):
  tpm_tis_core: add optional max xfer size check
  tpm_tis_spi: add max xfer size

 drivers/char/tpm/tpm_tis_core.c | 17 +++++++++++++++--
 drivers/char/tpm/tpm_tis_core.h | 13 +++++++++++++
 drivers/char/tpm/tpm_tis_spi.c  |  1 +
 3 files changed, 29 insertions(+), 2 deletions(-)

-- 
2.6.6

[PATCH 1/2] tpm_tis_core: add optional max xfer size check

[Andrey Pronin]

If tpm reports a bigger burstcnt than allowed by the physical protocol,
re-query the burstcnt and correct, if needed, if still too large.

In practice, seen in case of xfer issues (e.g. in spi interface case,
lost header causing flow control issues and wrong values returned on read
from TPM_STS). Without catching, causes the physical layer to reject xfer,
while is easily preventable by re-querying TPM_STS.

Signed-off-by: Andrey Pronin <apronin@chromium.org>
---
 drivers/char/tpm/tpm_tis_core.c | 17 +++++++++++++++--
 drivers/char/tpm/tpm_tis_core.h | 13 +++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 8110b52..f5d456c 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -158,6 +158,7 @@ static int get_burstcount(struct tpm_chip *chip)
 	unsigned long stop;
 	int burstcnt, rc;
 	u32 value;
+	bool retry_burstcnt = false;
 
 	/* wait for burstcount */
 	/* which timeout value, spec has 2 answers (c & d) */
@@ -168,8 +169,20 @@ static int get_burstcount(struct tpm_chip *chip)
 			return rc;
 
 		burstcnt = (value >> 8) & 0xFFFF;
-		if (burstcnt)
-			return burstcnt;
+		if (burstcnt) {
+			/* If burstcnt is larger than max allowed xfer
+			 * size, retry once - may be a glitch. Return
+			 * max_xfer_size on the 2nd try to avoid being
+			 * stuck forever.
+			 */
+			if (tpm_tis_burstcnt_is_valid(priv, burstcnt))
+				return burstcnt;
+			if (retry_burstcnt)
+				return tpm_tis_max_xfer_size(priv);
+			dev_warn(&chip->dev, "Bad burstcnt read: %d\n",
+				 burstcnt);
+			retry_burstcnt = true;
+		}
 		msleep(TPM_TIMEOUT);
 	} while (time_before(jiffies, stop));
 	return -EBUSY;
diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
index 9191aab..713aa5a 100644
--- a/drivers/char/tpm/tpm_tis_core.h
+++ b/drivers/char/tpm/tpm_tis_core.h
@@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
 	int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
 	int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
 	int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
+	u16 max_xfer_size;
 };
 
 static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
@@ -144,6 +145,18 @@ static inline int tpm_tis_write32(struct tpm_tis_data *data, u32 addr,
 	return data->phy_ops->write32(data, addr, value);
 }
 
+static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
+{
+	return data->phy_ops->max_xfer_size;
+}
+
+static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
+					     u16 burstcnt)
+{
+	return (tpm_tis_max_xfer_size(data) == 0)
+		|| (burstcnt <= tpm_tis_max_xfer_size(data));
+}
+
 void tpm_tis_remove(struct tpm_chip *chip);
 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
 		      const struct tpm_tis_phy_ops *phy_ops,
-- 
2.6.6

[PATCH 2/2] tpm_tis_spi: add max xfer size

[Andrey Pronin]

Signed-off-by: Andrey Pronin <apronin@chromium.org>
---
 drivers/char/tpm/tpm_tis_spi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c
index dbaad9c..b103373 100644
--- a/drivers/char/tpm/tpm_tis_spi.c
+++ b/drivers/char/tpm/tpm_tis_spi.c
@@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = {
 	.read16 = tpm_tis_spi_read16,
 	.read32 = tpm_tis_spi_read32,
 	.write32 = tpm_tis_spi_write32,
+	.max_xfer_size = MAX_SPI_FRAMESIZE,
 };
 
 static int tpm_tis_spi_probe(struct spi_device *dev)
-- 
2.6.6

Re: [PATCH 1/2] tpm_tis_core: add optional max xfer size check

[Jason Gunthorpe]

On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:

> +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
> +{
> +	return data->phy_ops->max_xfer_size;
> +}
> +
> +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
> +					     u16 burstcnt)
> +{
> +	return (tpm_tis_max_xfer_size(data) == 0)
> +		|| (burstcnt <= tpm_tis_max_xfer_size(data));
> +}

We don't need these accessors, just open code it in the one call
site. That is more clear as the ==0 case is important to understand
that the flow is correct.

BTW, I dodn't think || as the start of a line was cannonical kernel
style.. Did checkpatch accept that?

Jason

Re: [PATCH 1/2] tpm_tis_core: add optional max xfer size check

[Andrey Pronin]

On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote:
> On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:
> 
> > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
> > +{
> > +	return data->phy_ops->max_xfer_size;
> > +}
> > +
> > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
> > +					     u16 burstcnt)
> > +{
> > +	return (tpm_tis_max_xfer_size(data) == 0)
> > +		|| (burstcnt <= tpm_tis_max_xfer_size(data));
> > +}
> 
> We don't need these accessors, just open code it in the one call
> site. That is more clear as the ==0 case is important to understand
> that the flow is correct.
> 
> BTW, I dodn't think || as the start of a line was cannonical kernel
> style.. Did checkpatch accept that?
> 
> Jason

You mean completely open code it inside get_burstcount()? Will do.
checkpatch.pl had no problems with it, but I can move it to the end
of the line, if it feels better.

Andrey

Re: [PATCH 1/2] tpm_tis_core: add optional max xfer size check

[Guenter Roeck]

On Thu, Jul 14, 2016 at 8:25 PM, Andrey Pronin <apronin@chromium.org> wrote:
> On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote:
>> On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:
>>
>> > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
>> > +{
>> > +   return data->phy_ops->max_xfer_size;
>> > +}
>> > +
>> > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
>> > +                                        u16 burstcnt)
>> > +{
>> > +   return (tpm_tis_max_xfer_size(data) == 0)
>> > +           || (burstcnt <= tpm_tis_max_xfer_size(data));
>> > +}
>>
>> We don't need these accessors, just open code it in the one call
>> site. That is more clear as the ==0 case is important to understand
>> that the flow is correct.
>>
>> BTW, I dodn't think || as the start of a line was cannonical kernel
>> style.. Did checkpatch accept that?
>>
>> Jason
>
> You mean completely open code it inside get_burstcount()? Will do.
> checkpatch.pl had no problems with it, but I can move it to the end
> of the line, if it feels better.
>

I would suggest to use checkpatch --strict; it will tell you. It will
also ask you to align continuation lines with '(' on the previous
line. On that, I would suggest to follow the style used in the file(s)
you are working on (or follow guidance from the maintainer).

Thanks,
Guenter

Re: [PATCH 1/2] tpm_tis_core: add optional max xfer size check

[Jarkko Sakkinen]

On Thu, Jul 14, 2016 at 09:13:51PM -0600, Jason Gunthorpe wrote:
> On Thu, Jul 14, 2016 at 06:39:04PM -0700, Andrey Pronin wrote:
> 
> > +static inline u16 tpm_tis_max_xfer_size(struct tpm_tis_data *data)
> > +{
> > +	return data->phy_ops->max_xfer_size;
> > +}
> > +
> > +static inline bool tpm_tis_burstcnt_is_valid(struct tpm_tis_data *data,
> > +					     u16 burstcnt)
> > +{
> > +	return (tpm_tis_max_xfer_size(data) == 0)
> > +		|| (burstcnt <= tpm_tis_max_xfer_size(data));
> > +}
> 
> We don't need these accessors, just open code it in the one call
> site. That is more clear as the ==0 case is important to understand
> that the flow is correct.

+1 They add only indirection here with no value.


> BTW, I dodn't think || as the start of a line was cannonical kernel
> style.. Did checkpatch accept that?
> 
> Jason

/Jarkko

[PATCH v2 0/2] tpm: add optional max xfer size check

[Andrey Pronin]

This patchset introduces an optional maximum transfer size that can
be specified by a tpm driver. Setting the max_xfer_size helps to catch
the cases when burstcnt is incorrectly reported by the device (e.g. >64
for spi - happened in practice) and gracefully handle such situations.

v2: removed unnecessary accessors in tpm_tis_core.h, fixed style

Andrey Pronin (2):
  tpm_tis_core: add optional max xfer size check
  tpm_tis_spi: add max xfer size

 drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++--
 drivers/char/tpm/tpm_tis_core.h |  1 +
 drivers/char/tpm/tpm_tis_spi.c  |  1 +
 3 files changed, 18 insertions(+), 2 deletions(-)

-- 
2.6.6

[PATCH v2 1/2] tpm_tis_core: add optional max xfer size check

[Andrey Pronin]

If tpm reports a bigger burstcnt than allowed by the physical protocol,
re-query the burstcnt and correct, if needed, if still too large.

In practice, seen in case of xfer issues (e.g. in spi interface case,
lost header causing flow control issues and wrong values returned on read
from TPM_STS). Without catching, causes the physical layer to reject xfer,
while is easily preventable by re-querying TPM_STS.

Signed-off-by: Andrey Pronin <apronin@chromium.org>
---
 drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++--
 drivers/char/tpm/tpm_tis_core.h |  1 +
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index d66f51b..ffc1acb 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -158,6 +158,7 @@ static int get_burstcount(struct tpm_chip *chip)
 	unsigned long stop;
 	int burstcnt, rc;
 	u32 value;
+	bool retry_burstcnt = false;
 
 	/* wait for burstcount */
 	/* which timeout value, spec has 2 answers (c & d) */
@@ -168,8 +169,21 @@ static int get_burstcount(struct tpm_chip *chip)
 			return rc;
 
 		burstcnt = (value >> 8) & 0xFFFF;
-		if (burstcnt)
-			return burstcnt;
+		if (burstcnt) {
+			/* If burstcnt is larger than max allowed xfer
+			 * size, retry once - may be a glitch. Return
+			 * max_xfer_size on the 2nd try to avoid being
+			 * stuck forever.
+			 */
+			if ((priv->phy_ops->max_xfer_size == 0) ||
+			    (burstcnt <= priv->phy_ops->max_xfer_size))
+				return burstcnt;
+			if (retry_burstcnt)
+				return priv->phy_ops->max_xfer_size;
+			dev_warn(&chip->dev,
+				 "Bad burstcnt read: %d\n", burstcnt);
+			retry_burstcnt = true;
+		}
 		msleep(TPM_TIMEOUT);
 	} while (time_before(jiffies, stop));
 	return -EBUSY;
diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
index 9191aab..58e8b14 100644
--- a/drivers/char/tpm/tpm_tis_core.h
+++ b/drivers/char/tpm/tpm_tis_core.h
@@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
 	int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
 	int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
 	int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
+	u16 max_xfer_size;
 };
 
 static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
-- 
2.6.6

[PATCH v2 2/2] tpm_tis_spi: add max xfer size

[Andrey Pronin]

Reject burstcounts larger than 64 bytes reported by tpm.
SPI Hardware Protocol defined in section 6.4 of TCG PTP
Spec supports up to 64 bytes of data in a transaction.

Signed-off-by: Andrey Pronin <apronin@chromium.org>
---
 drivers/char/tpm/tpm_tis_spi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c
index dbaad9c..b103373 100644
--- a/drivers/char/tpm/tpm_tis_spi.c
+++ b/drivers/char/tpm/tpm_tis_spi.c
@@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = {
 	.read16 = tpm_tis_spi_read16,
 	.read32 = tpm_tis_spi_read32,
 	.write32 = tpm_tis_spi_write32,
+	.max_xfer_size = MAX_SPI_FRAMESIZE,
 };
 
 static int tpm_tis_spi_probe(struct spi_device *dev)
-- 
2.6.6

Re: [PATCH v2 0/2] tpm: add optional max xfer size check

[Jarkko Sakkinen]

On Tue, Jul 19, 2016 at 07:34:18PM -0700, Andrey Pronin wrote:
> This patchset introduces an optional maximum transfer size that can
> be specified by a tpm driver. Setting the max_xfer_size helps to catch
> the cases when burstcnt is incorrectly reported by the device (e.g. >64
> for spi - happened in practice) and gracefully handle such situations.

Acknowledged but I won't review these before the second week of August.

I've been active for early this week to give the feedback for the queued
patch sets and make sure that we deliver a solid 4.8 release.

Back to the vacation...

/Jarkko

> v2: removed unnecessary accessors in tpm_tis_core.h, fixed style
> 
> Andrey Pronin (2):
>   tpm_tis_core: add optional max xfer size check
>   tpm_tis_spi: add max xfer size
> 
>  drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++--
>  drivers/char/tpm/tpm_tis_core.h |  1 +
>  drivers/char/tpm/tpm_tis_spi.c  |  1 +
>  3 files changed, 18 insertions(+), 2 deletions(-)
> 
> -- 
> 2.6.6
> 

[PATCH v3 0/2] tpm: add optional max xfer size check

[Andrey Pronin]

This patchset introduces an optional maximum transfer size that can
be specified by a tpm driver. Setting the max_xfer_size helps to catch
the cases when burstcnt is incorrectly reported by the device (e.g. >64
for spi - happened in practice) and gracefully handle such situations.

v2: removed unnecessary accessors in tpm_tis_core.h, fixed style

v3: simplified logic: simply cap the burstcnt at max_xfer_size, don't
attempt to re-request from tpm.

Andrey Pronin (2):
  tpm_tis_core: add optional max xfer size check
  tpm_tis_spi: add max xfer size

 drivers/char/tpm/tpm_tis_core.c | 9 ++++++++-
 drivers/char/tpm/tpm_tis_core.h | 1 +
 drivers/char/tpm/tpm_tis_spi.c  | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

-- 
2.6.6

[PATCH v3 1/2] tpm_tis_core: add optional max xfer size check

[Andrey Pronin]

If tpm reports a bigger burstcnt than allowed by the physical protocol,
set burstcnt to the max allowed value.

In practice, seen in case of xfer issues (e.g. in spi interface case,
lost header causing flow control issues and wrong values returned on read
from TPM_STS). Without catching, causes the physical layer to reject xfer.

Signed-off-by: Andrey Pronin <apronin@chromium.org>
---
 drivers/char/tpm/tpm_tis_core.c | 9 ++++++++-
 drivers/char/tpm/tpm_tis_core.h | 1 +
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index f22caf8..7c4fa0c 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip)
 			return rc;
 
 		burstcnt = (value >> 8) & 0xFFFF;
-		if (burstcnt)
+		if (burstcnt) {
+			if (priv->phy_ops->max_xfer_size &&
+			    (burstcnt > priv->phy_ops->max_xfer_size)) {
+				dev_warn(&chip->dev,
+					 "Bad burstcnt read: %d\n", burstcnt);
+				burstcnt = priv->phy_ops->max_xfer_size;
+			}
 			return burstcnt;
+		}
 		msleep(TPM_TIMEOUT);
 	} while (time_before(jiffies, stop));
 	return -EBUSY;
diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
index 9191aab..58e8b14 100644
--- a/drivers/char/tpm/tpm_tis_core.h
+++ b/drivers/char/tpm/tpm_tis_core.h
@@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
 	int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
 	int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
 	int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
+	u16 max_xfer_size;
 };
 
 static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
-- 
2.6.6

[PATCH v3 2/2] tpm_tis_spi: add max xfer size

[Andrey Pronin]

Reject burstcounts larger than 64 bytes reported by tpm.
SPI Hardware Protocol defined in section 6.4 of TCG PTP
Spec supports up to 64 bytes of data in a transaction.

Signed-off-by: Andrey Pronin <apronin@chromium.org>
---
 drivers/char/tpm/tpm_tis_spi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c
index dbaad9c..b103373 100644
--- a/drivers/char/tpm/tpm_tis_spi.c
+++ b/drivers/char/tpm/tpm_tis_spi.c
@@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = {
 	.read16 = tpm_tis_spi_read16,
 	.read32 = tpm_tis_spi_read32,
 	.write32 = tpm_tis_spi_write32,
+	.max_xfer_size = MAX_SPI_FRAMESIZE,
 };
 
 static int tpm_tis_spi_probe(struct spi_device *dev)
-- 
2.6.6

Re: [PATCH v3 1/2] tpm_tis_core: add optional max xfer size check

[Dmitry Torokhov]

On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote:
> If tpm reports a bigger burstcnt than allowed by the physical protocol,
> set burstcnt to the max allowed value.
> 
> In practice, seen in case of xfer issues (e.g. in spi interface case,
> lost header causing flow control issues and wrong values returned on read
> from TPM_STS). Without catching, causes the physical layer to reject xfer.
> 
> Signed-off-by: Andrey Pronin <apronin@chromium.org>
> ---
>  drivers/char/tpm/tpm_tis_core.c | 9 ++++++++-
>  drivers/char/tpm/tpm_tis_core.h | 1 +
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
> index f22caf8..7c4fa0c 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip)
>  			return rc;
>  
>  		burstcnt = (value >> 8) & 0xFFFF;
> -		if (burstcnt)
> +		if (burstcnt) {
> +			if (priv->phy_ops->max_xfer_size &&
> +			    (burstcnt > priv->phy_ops->max_xfer_size)) {

This does not actually need parentheses, otehrwise:

Reviewed-by: Dmitry Torokhov <dtor@chromium.org>

> +				dev_warn(&chip->dev,
> +					 "Bad burstcnt read: %d\n", burstcnt);
> +				burstcnt = priv->phy_ops->max_xfer_size;
> +			}
>  			return burstcnt;
> +		}
>  		msleep(TPM_TIMEOUT);
>  	} while (time_before(jiffies, stop));
>  	return -EBUSY;
> diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
> index 9191aab..58e8b14 100644
> --- a/drivers/char/tpm/tpm_tis_core.h
> +++ b/drivers/char/tpm/tpm_tis_core.h
> @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
>  	int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
>  	int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
>  	int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
> +	u16 max_xfer_size;
>  };
>  
>  static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
> -- 
> 2.6.6
> 

-- 
Dmitry

Re: [PATCH v3 2/2] tpm_tis_spi: add max xfer size

[Dmitry Torokhov]

On Wed, Jul 27, 2016 at 08:49:57PM -0700, Andrey Pronin wrote:
> Reject burstcounts larger than 64 bytes reported by tpm.
> SPI Hardware Protocol defined in section 6.4 of TCG PTP
> Spec supports up to 64 bytes of data in a transaction.
> 
> Signed-off-by: Andrey Pronin <apronin@chromium.org>

Reviewed-by: Dmitry Torokhov <dtor@chromium.org>

> ---
>  drivers/char/tpm/tpm_tis_spi.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c
> index dbaad9c..b103373 100644
> --- a/drivers/char/tpm/tpm_tis_spi.c
> +++ b/drivers/char/tpm/tpm_tis_spi.c
> @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = {
>  	.read16 = tpm_tis_spi_read16,
>  	.read32 = tpm_tis_spi_read32,
>  	.write32 = tpm_tis_spi_write32,
> +	.max_xfer_size = MAX_SPI_FRAMESIZE,
>  };
>  
>  static int tpm_tis_spi_probe(struct spi_device *dev)
> -- 
> 2.6.6
> 

-- 
Dmitry

Re: [PATCH v3 1/2] tpm_tis_core: add optional max xfer size check

[Jarkko Sakkinen]

On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote:
> If tpm reports a bigger burstcnt than allowed by the physical protocol,
> set burstcnt to the max allowed value.
> 
> In practice, seen in case of xfer issues (e.g. in spi interface case,
> lost header causing flow control issues and wrong values returned on read
> from TPM_STS). Without catching, causes the physical layer to reject xfer.
> 
> Signed-off-by: Andrey Pronin <apronin@chromium.org>

Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

I don't have hardware to test this. Someone should validate that it
does not break anything. Christophe, are you able to do this?

/Jarkko

> ---
>  drivers/char/tpm/tpm_tis_core.c | 9 ++++++++-
>  drivers/char/tpm/tpm_tis_core.h | 1 +
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
> index f22caf8..7c4fa0c 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip)
>  			return rc;
>  
>  		burstcnt = (value >> 8) & 0xFFFF;
> -		if (burstcnt)
> +		if (burstcnt) {
> +			if (priv->phy_ops->max_xfer_size &&
> +			    (burstcnt > priv->phy_ops->max_xfer_size)) {
> +				dev_warn(&chip->dev,
> +					 "Bad burstcnt read: %d\n", burstcnt);
> +				burstcnt = priv->phy_ops->max_xfer_size;
> +			}
>  			return burstcnt;
> +		}
>  		msleep(TPM_TIMEOUT);
>  	} while (time_before(jiffies, stop));
>  	return -EBUSY;
> diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
> index 9191aab..58e8b14 100644
> --- a/drivers/char/tpm/tpm_tis_core.h
> +++ b/drivers/char/tpm/tpm_tis_core.h
> @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
>  	int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
>  	int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
>  	int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
> +	u16 max_xfer_size;
>  };
>  
>  static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
> -- 
> 2.6.6
> 

Re: [PATCH v3 2/2] tpm_tis_spi: add max xfer size

[Jarkko Sakkinen]

On Thu, Jul 28, 2016 at 03:53:16PM -0700, Dmitry Torokhov wrote:
> On Wed, Jul 27, 2016 at 08:49:57PM -0700, Andrey Pronin wrote:
> > Reject burstcounts larger than 64 bytes reported by tpm.
> > SPI Hardware Protocol defined in section 6.4 of TCG PTP
> > Spec supports up to 64 bytes of data in a transaction.
> > 
> > Signed-off-by: Andrey Pronin <apronin@chromium.org>
> 
> Reviewed-by: Dmitry Torokhov <dtor@chromium.org>

Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

> > ---
> >  drivers/char/tpm/tpm_tis_spi.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/drivers/char/tpm/tpm_tis_spi.c b/drivers/char/tpm/tpm_tis_spi.c
> > index dbaad9c..b103373 100644
> > --- a/drivers/char/tpm/tpm_tis_spi.c
> > +++ b/drivers/char/tpm/tpm_tis_spi.c
> > @@ -206,6 +206,7 @@ static const struct tpm_tis_phy_ops tpm_spi_phy_ops = {
> >  	.read16 = tpm_tis_spi_read16,
> >  	.read32 = tpm_tis_spi_read32,
> >  	.write32 = tpm_tis_spi_write32,
> > +	.max_xfer_size = MAX_SPI_FRAMESIZE,
> >  };
> >  
> >  static int tpm_tis_spi_probe(struct spi_device *dev)
> > -- 
> > 2.6.6
> > 
> 
> -- 
> Dmitry