Re: [PATCH v7 15/17] tpm: introduce tpm_chip_start() and tpm_chip_stop()

From: Stefan Berger
Date: Tue Nov 13 2018 - 20:57:06 EST


On 11/13/18 5:34 PM, Stefan Berger wrote:
On 11/13/18 1:36 PM, Jarkko Sakkinen wrote:
Encapsulate power gating and locality functionality to tpm_chip_start()
and tpm_chip_stop() in order to clean up the branching mess in
tpm_transmit().


I ran the vtpm proxy test suite on this series and got this error when running it with 'make check-j5' (https://github.com/stefanberger/linux-vtpm-tests).

It's was actually difficult to hit this bug since I ran it with -j1 , -j2 and so on before.

This is the diff against your nested branch that fixes this bug and the other issue I found:

diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 46aa68756bac..42bce9bc41b1 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -155,7 +155,13 @@ int tpm_try_get_ops(struct tpm_chip *chip)
ÂÂÂÂ ÂÂÂ goto out_lock;

ÂÂÂÂ mutex_lock(&chip->tpm_mutex);
-ÂÂÂ return tpm_chip_start(chip);
+ÂÂÂ rc = tpm_chip_start(chip);
+ÂÂÂ if (rc)
+ÂÂÂ ÂÂÂ goto out_unlock;
+ÂÂÂ return 0;
+
+out_unlock:
+ÂÂÂ mutex_unlock(&chip->tpm_mutex);
Âout_lock:
ÂÂÂÂ up_read(&chip->ops_sem);
ÂÂÂÂ put_device(&chip->dev);
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 5e3d5e95ea46..c3260ae8aca3 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -167,6 +167,8 @@ ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz)
ÂÂÂÂ for (;;) {
ÂÂÂÂ ÂÂÂ ret = tpm_try_transmit(chip, buf, bufsiz);

+ÂÂÂ ÂÂÂ if (ret < 0)
+ÂÂÂ ÂÂÂ ÂÂÂ break;
ÂÂÂÂ ÂÂÂ rc = be32_to_cpu(header->return_code);
ÂÂÂÂ ÂÂÂ if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING)
ÂÂÂÂ ÂÂÂ ÂÂÂ break;







[ 3003.838138] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 3003.838806] PGD 0 P4D 0
[ 3003.838806] Oops: 0010 [#1] SMP PTI
[ 3003.840394] CPU: 3 PID: 111 Comm: kworker/3:1 Not tainted 4.20.0-rc2+ #6
[ 3003.840394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-50-g14221cd-dirty-20181018_164544-sbct-4.pok.ibm.com 04/01/2014
[ 3003.840394] Workqueue: tpm-vtpm vtpm_proxy_work
[ 3003.840394] RIP: 0010:ÂÂÂÂÂÂÂÂÂ (null)
[ 3003.840394] Code: Bad RIP value.
[ 3003.840394] RSP: 0018:ffffa6e6816d7e10 EFLAGS: 00010246
[ 3003.840394] RAX: 00000000ffffffe0 RBX: ffff9698077ad000 RCX: 0000000000000006
[ 3003.840394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9698077ad000
[ 3003.840394] RBP: ffff9698077ad000 R08: fffff59bc6172d08 R09: 0000000000000000
[ 3003.840394] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9698b78f0700
[ 3003.840394] R13: ffff9698b78fbc00 R14: 0000000000000000 R15: ffff9697f8ea10f8
[ 3003.840394] FS:Â 0000000000000000(0000) GS:ffff9698b78c0000(0000) knlGS:0000000000000000
[ 3003.840394] CS:Â 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3003.840394] CR2: ffffffffffffffd6 CR3: 0000000190606000 CR4: 00000000000006e0
[ 3003.840394] Call Trace:
[ 3003.840394]Â ? tpm_chip_start+0xb8/0xe0
[ 3003.840394]Â ? tpm_chip_register+0x15/0x240
[ 3003.840394]Â ? vtpm_proxy_work+0x15/0x30
[ 3003.840394]Â ? process_one_work+0x237/0x5c0
[ 3003.840394]Â ? worker_thread+0x1d5/0x390
[ 3003.840394]Â ? process_one_work+0x5c0/0x5c0
[ 3003.840394]Â ? kthread+0x11e/0x140
[ 3003.840394]Â ? kthread_park+0x90/0x90
[ 3003.840394]Â ? ret_from_fork+0x3a/0x50
[ 3003.840394] Modules linked in: xt_CHECKSUM ipt_MASQUERADE tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables sunrpc virtio_gpu ttm drm_kms_helper drm joydev syscopyarea sysfillrect sysimgblt pcspkr virtio_balloon i2c_piix4 fb_sys_fops virtio_net net_failover virtio_console failover virtio_blk crc32c_intel virtio_pci serio_raw ata_generic virtio_ring virtio pata_acpi floppy qemu_fw_cfg
[ 3003.840394] CR2: 0000000000000000
[ 3003.840394] ---[ end trace 29e5990b605a7ccb ]---
[ 3003.840394] RIP: 0010:ÂÂÂÂÂÂÂÂÂ (null)
[ 3003.840394] Code: Bad RIP value.
[ 3003.840394] RSP: 0018:ffffa6e6816d7e10 EFLAGS: 00010246
[ 3003.840394] RAX: 00000000ffffffe0 RBX: ffff9698077ad000 RCX: 0000000000000006
[ 3003.840394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9698077ad000
[ 3003.840394] RBP: ffff9698077ad000 R08: fffff59bc6172d08 R09: 0000000000000000
[ 3003.840394] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9698b78f0700
[ 3003.840394] R13: ffff9698b78fbc00 R14: 0000000000000000 R15: ffff9697f8ea10f8
[ 3003.840394] FS:Â 0000000000000000(0000) GS:ffff9698b78c0000(0000) knlGS:0000000000000000
[ 3003.840394] CS:Â 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3003.840394] CR2: ffffffffffffffd6 CR3: 0000000190606000 CR4: 00000000000006e0
[ 3003.840394] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34
[ 3003.840394] in_atomic(): 0, irqs_disabled(): 1, pid: 111, name: kworker/3:1
[ 3003.840394] INFO: lockdep is turned off.
[ 3003.840394] irq event stamp: 165206
[ 3003.840394] hardirqs last enabled at (165205): [<ffffffff8b220113>] free_unref_page+0xf3/0x1f0
[ 3003.840394] hardirqs last disabled at (165206): [<ffffffff8b0019ee>] trace_hardirqs_off_thunk+0x1a/0x1c
[ 3003.840394] softirqs last enabled at (165182): [<ffffffff8b785e01>] peernet2id+0x41/0x50
[ 3003.840394] softirqs last disabled at (165180): [<ffffffff8b785de2>] peernet2id+0x22/0x50
[ 3003.840394] CPU: 3 PID: 111 Comm: kworker/3:1 Tainted: G DÂÂÂÂÂÂÂÂÂÂ 4.20.0-rc2+ #6
[ 3003.840394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-50-g14221cd-dirty-20181018_164544-sbct-4.pok.ibm.com 04/01/2014
[ 3003.840394] Workqueue: tpm-vtpm vtpm_proxy_work
[ 3003.840394] Call Trace:
[ 3003.840394]Â dump_stack+0x67/0x9b
[ 3003.840394]Â ___might_sleep+0x149/0x230
[ 3003.840394]Â exit_signals+0x20/0x210
[ 3003.840394]Â ? worker_thread+0x1d5/0x390
[ 3003.840394]Â do_exit+0xa0/0xc70
[ 3003.840394]Â ? process_one_work+0x5c0/0x5c0
[ 3003.840394]Â ? kthread+0x11e/0x140
[ 3003.840394]Â rewind_stack_do_exit+0x17/0x20
[ 3004.389582] tpm tpm1803: tpm_try_transmit: tpm_send: error -14



Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
---
 drivers/char/tpm/tpm-chip.c | 110 +++++++++++++++++++++++++++++++
 drivers/char/tpm/tpm-interface.c | 87 +-----------------------
 drivers/char/tpm/tpm.h | 2 +
 3 files changed, 115 insertions(+), 84 deletions(-)

diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index 157505b0f755..65f1561eba81 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -37,6 +37,116 @@ struct class *tpm_class;
 struct class *tpmrm_class;
 dev_t tpm_devt;

+static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags)
+{
+ÂÂÂ int rc;
+
+ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
+ÂÂÂÂÂÂÂ return 0;
+
+ÂÂÂ if (!chip->ops->request_locality)
+ÂÂÂÂÂÂÂ return 0;
+
+ÂÂÂ rc = chip->ops->request_locality(chip, 0);
+ÂÂÂ if (rc < 0)
+ÂÂÂÂÂÂÂ return rc;
+
+ÂÂÂ chip->locality = rc;
+ÂÂÂ return 0;
+}
+
+static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags)
+{
+ÂÂÂ int rc;
+
+ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
+ÂÂÂÂÂÂÂ return;
+
+ÂÂÂ if (!chip->ops->relinquish_locality)
+ÂÂÂÂÂÂÂ return;
+
+ÂÂÂ rc = chip->ops->relinquish_locality(chip, chip->locality);
+ÂÂÂ if (rc)
+ÂÂÂÂÂÂÂ dev_err(&chip->dev, "%s: : error %d\n", __func__, rc);
+
+ÂÂÂ chip->locality = -1;
+}
+
+static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags)
+{
+ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
+ÂÂÂÂÂÂÂ return 0;
+
+ÂÂÂ if (!chip->ops->cmd_ready)
+ÂÂÂÂÂÂÂ return 0;
+
+ÂÂÂ return chip->ops->cmd_ready(chip);
+}
+
+static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags)
+{
+ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
+ÂÂÂÂÂÂÂ return 0;
+
+ÂÂÂ if (!chip->ops->go_idle)
+ÂÂÂÂÂÂÂ return 0;
+
+ÂÂÂ return chip->ops->go_idle(chip);
+}
+
+/**
+ * tpm_chip_start() - power on the TPM
+ * @chip:ÂÂÂ a TPM chip to use
+ * @flags:ÂÂÂ TPM transmit flags
+ *
+ * Return:
+ * * The response lengthÂÂÂ - OK
+ * * -errnoÂÂÂÂÂÂÂÂÂÂÂ - A system error
+ */
+int tpm_chip_start(struct tpm_chip *chip, unsigned int flags)
+{
+ÂÂÂ int ret;
+
+ÂÂÂ if (chip->ops->clk_enable)
+ÂÂÂÂÂÂÂ chip->ops->clk_enable(chip, true);
+
+ÂÂÂ if (chip->locality == -1) {
+ÂÂÂÂÂÂÂ ret = tpm_request_locality(chip, flags);
+ÂÂÂÂÂÂÂ if (ret) {
+ÂÂÂÂÂÂÂÂÂÂÂ chip->ops->clk_enable(chip, false);
+ÂÂÂÂÂÂÂÂÂÂÂ return ret;
+ÂÂÂÂÂÂÂ }
+ÂÂÂ }
+
+ÂÂÂ ret = tpm_cmd_ready(chip, flags);
+ÂÂÂ if (ret) {
+ÂÂÂÂÂÂÂ tpm_relinquish_locality(chip, flags);
+ÂÂÂÂÂÂÂ if (chip->ops->clk_enable)
+ÂÂÂÂÂÂÂÂÂÂÂ chip->ops->clk_enable(chip, false);
+ÂÂÂÂÂÂÂ return ret;
+ÂÂÂ }
+
+ÂÂÂ return 0;
+}
+
+/**
+ * tpm_chip_stop() - power off the TPM
+ * @chip:ÂÂÂ a TPM chip to use
+ * @flags:ÂÂÂ TPM transmit flags
+ *
+ * Return:
+ * * The response lengthÂÂÂ - OK
+ * * -errnoÂÂÂÂÂÂÂÂÂÂÂ - A system error
+ */
+void tpm_chip_stop(struct tpm_chip *chip, unsigned int flags)
+{
+ÂÂÂ tpm_go_idle(chip, flags);
+ÂÂÂ tpm_relinquish_locality(chip, flags);
+ÂÂÂ if (chip->ops->clk_enable)
+ÂÂÂÂÂÂÂ chip->ops->clk_enable(chip, false);
+}
+
+
 /**
ÂÂ * tpm_try_get_ops() - Get a ref to the tpm_chip
ÂÂ * @chip: Chip to ref
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 5865b9671d20..888c9923fca1 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -62,64 +62,6 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
 }
 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);

-static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags)
-{
-ÂÂÂ int rc;
-
-ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
-ÂÂÂÂÂÂÂ return 0;
-
-ÂÂÂ if (!chip->ops->request_locality)
-ÂÂÂÂÂÂÂ return 0;
-
-ÂÂÂ rc = chip->ops->request_locality(chip, 0);
-ÂÂÂ if (rc < 0)
-ÂÂÂÂÂÂÂ return rc;
-
-ÂÂÂ chip->locality = rc;
-
-ÂÂÂ return 0;
-}
-
-static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags)
-{
-ÂÂÂ int rc;
-
-ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
-ÂÂÂÂÂÂÂ return;
-
-ÂÂÂ if (!chip->ops->relinquish_locality)
-ÂÂÂÂÂÂÂ return;
-
-ÂÂÂ rc = chip->ops->relinquish_locality(chip, chip->locality);
-ÂÂÂ if (rc)
-ÂÂÂÂÂÂÂ dev_err(&chip->dev, "%s: : error %d\n", __func__, rc);
-
-ÂÂÂ chip->locality = -1;
-}
-
-static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags)
-{
-ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
-ÂÂÂÂÂÂÂ return 0;
-
-ÂÂÂ if (!chip->ops->cmd_ready)
-ÂÂÂÂÂÂÂ return 0;
-
-ÂÂÂ return chip->ops->cmd_ready(chip);
-}
-
-static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags)
-{
-ÂÂÂ if (flags & TPM_TRANSMIT_NESTED)
-ÂÂÂÂÂÂÂ return 0;
-
-ÂÂÂ if (!chip->ops->go_idle)
-ÂÂÂÂÂÂÂ return 0;
-
-ÂÂÂ return chip->ops->go_idle(chip);
-}
-
 static ssize_t tpm_try_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz,
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ unsigned int flags)
 {
@@ -212,7 +154,6 @@ ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz,
ÂÂÂÂÂ /* space for header and handles */
ÂÂÂÂÂ u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)];
ÂÂÂÂÂ unsigned int delay_msec = TPM2_DURATION_SHORT;
-ÂÂÂ bool has_locality = false;
ÂÂÂÂÂ u32 rc = 0;
ÂÂÂÂÂ ssize_t ret;
ÂÂÂÂÂ const size_t save_size = min(sizeof(save), bufsiz);
@@ -227,34 +168,12 @@ ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz,
ÂÂÂÂÂ memcpy(save, buf, save_size);

ÂÂÂÂÂ for (;;) {
-ÂÂÂÂÂÂÂ if (chip->ops->clk_enable != NULL)
-ÂÂÂÂÂÂÂÂÂÂÂ chip->ops->clk_enable(chip, true);
-
-ÂÂÂÂÂÂÂ if (chip->locality == -1) {
-ÂÂÂÂÂÂÂÂÂÂÂ ret = tpm_request_locality(chip, flags);
-ÂÂÂÂÂÂÂÂÂÂÂ if (ret)
-ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ goto out_locality;
-ÂÂÂÂÂÂÂÂÂÂÂ has_locality = true;
-ÂÂÂÂÂÂÂ }
-
-ÂÂÂÂÂÂÂ ret = tpm_cmd_ready(chip, flags);
+ÂÂÂÂÂÂÂ ret = tpm_chip_start(chip, flags);
ÂÂÂÂÂÂÂÂÂ if (ret)
-ÂÂÂÂÂÂÂÂÂÂÂ goto out_locality;
-
+ÂÂÂÂÂÂÂÂÂÂÂ return ret;
ÂÂÂÂÂÂÂÂÂ ret = tpm_try_transmit(chip, buf, bufsiz, flags);
+ÂÂÂÂÂÂÂ tpm_chip_stop(chip, flags);

-ÂÂÂÂÂÂÂ /* This may fail but do not override ret. */
-ÂÂÂÂÂÂÂ tpm_go_idle(chip, flags);
-
-out_locality:
-ÂÂÂÂÂÂÂ if (has_locality)
-ÂÂÂÂÂÂÂÂÂÂÂ tpm_relinquish_locality(chip, flags);
-
-ÂÂÂÂÂÂÂ if (chip->ops->clk_enable != NULL)
-ÂÂÂÂÂÂÂÂÂÂÂ chip->ops->clk_enable(chip, false);
-
-ÂÂÂÂÂÂÂ if (ret < 0)
-ÂÂÂÂÂÂÂÂÂÂÂ break;
ÂÂÂÂÂÂÂÂÂ rc = be32_to_cpu(header->return_code);
ÂÂÂÂÂÂÂÂÂ if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING)
ÂÂÂÂÂÂÂÂÂÂÂÂÂ break;
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index c7c06de651a0..c42a75710b70 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -523,6 +523,8 @@ static inline void tpm_msleep(unsigned int delay_msec)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ delay_msec * 1000);
 };

+int tpm_chip_start(struct tpm_chip *chip, unsigned int flags);
+void tpm_chip_stop(struct tpm_chip *chip, unsigned int flags);
 struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip);
 __must_check int tpm_try_get_ops(struct tpm_chip *chip);
 void tpm_put_ops(struct tpm_chip *chip);