tpm: allow TCPA log area to be empty
diff mbox

Message ID 20180310161637.7723-1-jarkko.sakkinen@linux.intel.com
State New
Headers show

Commit Message

Jarkko Sakkinen March 10, 2018, 4:16 p.m. UTC
TCPA log are can be empty when the TPM is disabled. This commit changes the
behavior of tpm_read_log_acpi() to return successfully in this case.

Cc: stable@vger.kernel.org
Fixes: 55a82ab3181b ("[PATCH] tpm: add bios measurement log")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/char/tpm/tpm_eventlog_acpi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Jarkko Sakkinen March 12, 2018, 11:09 a.m. UTC | #1
On Sat, Mar 10, 2018 at 06:16:37PM +0200, Jarkko Sakkinen wrote:
> TCPA log are can be empty when the TPM is disabled. This commit changes the
> behavior of tpm_read_log_acpi() to return successfully in this case.
> 
> Cc: stable@vger.kernel.org
> Fixes: 55a82ab3181b ("[PATCH] tpm: add bios measurement log")
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

Already applied to my master (bleeding edge) branch in order to
facilitate testing:

git://git.infradead.org/users/jjs/linux-tpmdd.git

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jason Gunthorpe March 12, 2018, 3:02 p.m. UTC | #2
On Sat, Mar 10, 2018 at 06:16:37PM +0200, Jarkko Sakkinen wrote:
> TCPA log are can be empty when the TPM is disabled. This commit changes the
> behavior of tpm_read_log_acpi() to return successfully in this case.

The commit should explain why we'd want this..

eg Why does it matter to create the extra sysfs files to report an empty
log?

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen March 16, 2018, 12:55 p.m. UTC | #3
On Mon, Mar 12, 2018 at 09:02:32AM -0600, Jason Gunthorpe wrote:
> On Sat, Mar 10, 2018 at 06:16:37PM +0200, Jarkko Sakkinen wrote:
> > TCPA log are can be empty when the TPM is disabled. This commit changes the
> > behavior of tpm_read_log_acpi() to return successfully in this case.
> 
> The commit should explain why we'd want this..
> 
> eg Why does it matter to create the extra sysfs files to report an empty
> log?
> 
> Jason

The initialization of the driver will fail otherwise. Not sure if I
understand your question.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jason Gunthorpe March 19, 2018, 2:13 a.m. UTC | #4
On Fri, Mar 16, 2018 at 02:55:25PM +0200, Jarkko Sakkinen wrote:
> On Mon, Mar 12, 2018 at 09:02:32AM -0600, Jason Gunthorpe wrote:
> > On Sat, Mar 10, 2018 at 06:16:37PM +0200, Jarkko Sakkinen wrote:
> > > TCPA log are can be empty when the TPM is disabled. This commit changes the
> > > behavior of tpm_read_log_acpi() to return successfully in this case.
> > 
> > The commit should explain why we'd want this..
> > 
> > eg Why does it matter to create the extra sysfs files to report an empty
> > log?
> > 
> > Jason
> 
> The initialization of the driver will fail otherwise. Not sure if I
> understand your question.

Well, I mean in the sense of what is broken and why is this the right
fix. Why not return -ENODEV?

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen March 19, 2018, 9:24 p.m. UTC | #5
On Sun, Mar 18, 2018 at 08:13:23PM -0600, Jason Gunthorpe wrote:
> On Fri, Mar 16, 2018 at 02:55:25PM +0200, Jarkko Sakkinen wrote:
> > On Mon, Mar 12, 2018 at 09:02:32AM -0600, Jason Gunthorpe wrote:
> > > On Sat, Mar 10, 2018 at 06:16:37PM +0200, Jarkko Sakkinen wrote:
> > > > TCPA log are can be empty when the TPM is disabled. This commit changes the
> > > > behavior of tpm_read_log_acpi() to return successfully in this case.
> > > 
> > > The commit should explain why we'd want this..
> > > 
> > > eg Why does it matter to create the extra sysfs files to report an empty
> > > log?
> > > 
> > > Jason
> > 
> > The initialization of the driver will fail otherwise. Not sure if I
> > understand your question.
> 
> Well, I mean in the sense of what is broken and why is this the right
> fix. Why not return -ENODEV?

Well, because then the device initialization would fail.

Just noticed that this is missing:

Reported-by: Sahil Rihan <srihan@fb.com>

Sahil, would you care to try if this fixes the issue that you are
having or not?

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sahil Rihan March 20, 2018, 10:29 p.m. UTC | #6
PiBPbiAzLzE5LzE4LCAyOjI1IFBNLCAiSmFya2tvIFNha2tpbmVuIiA8amFya2tvLnNha2tpbmVu
QGxpbnV4LmludGVsLmNvbT4gd3JvdGU6DQo+ICAgICANCj4gICAgU2FoaWwsIHdvdWxkIHlvdSBj
YXJlIHRvIHRyeSBpZiB0aGlzIGZpeGVzIHRoZSBpc3N1ZSB0aGF0IHlvdSBhcmUNCj4gICAgaGF2
aW5nIG9yIG5vdD8NCg0KWWVzLCB3ZSBjYW4gdGVzdCB0aGlzIG91dC4gTWlnaHQgdGFrZSBhIGRh
eSBvciB0d28uDQoNClNhaGlsDQoNCiANCg0K
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen March 22, 2018, 2:20 p.m. UTC | #7
On Tue, 2018-03-20 at 22:29 +0000, Sahil Rihan wrote:
> > On 3/19/18, 2:25 PM, "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com>
> > wrote:
> >     
> >    Sahil, would you care to try if this fixes the issue that you are
> >    having or not?
> 
> Yes, we can test this out. Might take a day or two.

Awesome, thank you. I'll add

Reported-by: Sahil Rihan <srihan@fb.com>

if that is OK for you?

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sahil Rihan March 27, 2018, 12:07 a.m. UTC | #8
> On 3/22/18, 7:20 AM, "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com> wrote:

>

>   On Tue, 2018-03-20 at 22:29 +0000, Sahil Rihan wrote:

>   > > On 3/19/18, 2:25 PM, "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com>

>   > > wrote:

>   > >     

>   > >    Sahil, would you care to try if this fixes the issue that you are

>   > >    having or not?

>   > 

>   > Yes, we can test this out. Might take a day or two.

>    

>   Awesome, thank you. I'll add

>    

>   Reported-by: Sahil Rihan <srihan@fb.com>

>    

>   if that is OK for you?


Jarkko, 

We applied your patch to a 4.11 kernel (unfortunately not the latest upstream) and were able to confirm that the char device is now being created correctly. The sysfs enabled node is also present.

And yes, please add the "Reported-by" line.

Thanks,
Sahil
Jarkko Sakkinen March 27, 2018, 8:05 a.m. UTC | #9
On Tue, Mar 27, 2018 at 12:07:14AM +0000, Sahil Rihan wrote:
> > On 3/22/18, 7:20 AM, "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com> wrote:
> >
> >   On Tue, 2018-03-20 at 22:29 +0000, Sahil Rihan wrote:
> >   > > On 3/19/18, 2:25 PM, "Jarkko Sakkinen" <jarkko.sakkinen@linux.intel.com>
> >   > > wrote:
> >   > >     
> >   > >    Sahil, would you care to try if this fixes the issue that you are
> >   > >    having or not?
> >   > 
> >   > Yes, we can test this out. Might take a day or two.
> >    
> >   Awesome, thank you. I'll add
> >    
> >   Reported-by: Sahil Rihan <srihan@fb.com>
> >    
> >   if that is OK for you?
> 
> Jarkko, 
> 
> We applied your patch to a 4.11 kernel (unfortunately not the latest upstream) and were able to confirm that the char device is now being created correctly. The sysfs enabled node is also present.
> 
> And yes, please add the "Reported-by" line.
> 
> Thanks,
> Sahil

And also

Tested-by: Sahil Rihan <srihan@fb.com>

?

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sahil Rihan March 27, 2018, 3:37 p.m. UTC | #10
> And also

>

> Tested-by: Sahil Rihan <srihan@fb.com>


Sure!

Patch
diff mbox

diff --git a/drivers/char/tpm/tpm_eventlog_acpi.c b/drivers/char/tpm/tpm_eventlog_acpi.c
index 66f19e93c216..f5f66dcd6f30 100644
--- a/drivers/char/tpm/tpm_eventlog_acpi.c
+++ b/drivers/char/tpm/tpm_eventlog_acpi.c
@@ -84,8 +84,8 @@  int tpm_read_log_acpi(struct tpm_chip *chip)
 		break;
 	}
 	if (!len) {
-		dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__);
-		return -EIO;
+		dev_info(&chip->dev, "TCPA log area is empty\n");
+		return 0;
 	}
 
 	/* malloc EventLog space */