From patchwork Thu Dec 14 16:06:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Steffen X-Patchwork-Id: 10112619 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E20AF60327 for ; Thu, 14 Dec 2017 16:07:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D3ABF299EB for ; Thu, 14 Dec 2017 16:07:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C866C29AA6; Thu, 14 Dec 2017 16:07:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77312299EB for ; Thu, 14 Dec 2017 16:07:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752944AbdLNQHE (ORCPT ); Thu, 14 Dec 2017 11:07:04 -0500 Received: from smtp11.infineon.com ([217.10.52.105]:54471 "EHLO smtp11.infineon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753227AbdLNQHD (ORCPT ); Thu, 14 Dec 2017 11:07:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infineon.com; i=@infineon.com; q=dns/txt; s=IFXMAIL; t=1513267625; x=1544803625; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=DLCnyXg0nIwN+oAaIWb9W7AU/Z2pWo+oVTTdH+kWEX4=; b=cHSThAJ42ROZNco3eUj1SXv0VSoThvnRGL3Dr5mDYIgNUkGLsoAdR4ZL vCFtdGaOeHcrqBbDPYaGv9OLQmw7KtJwuZmTl+GnGmaRNM7DRBGQGzVBR 1cF0n32EI55HTMaHAQUzEZb/HeEYVeq8yW/5rTk5oPtV1ECvQLz9Eheq9 c=; X-SBRS: None Received: from unknown (HELO mucxv003.muc.infineon.com) ([172.23.11.20]) by smtp11.infineon.com with ESMTP/TLS/AES256-GCM-SHA384; 14 Dec 2017 17:06:52 +0100 Received: from MUCSE708.infineon.com (mucse708.infineon.com [172.23.7.82]) by mucxv003.muc.infineon.com (Postfix) with ESMTPS; Thu, 14 Dec 2017 17:06:50 +0100 (CET) Received: from ABGN5CG4522MQD.eu.infineon.com (172.23.8.247) by MUCSE708.infineon.com (172.23.7.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.669.32; Thu, 14 Dec 2017 17:06:47 +0100 From: Alexander Steffen To: , CC: Alexander Steffen Subject: [RFC][PATCH 3/3] tpm-chip: Export TPM device to user space even when startup failed Date: Thu, 14 Dec 2017 17:06:14 +0100 Message-ID: <20171214160614.11808-4-Alexander.Steffen@infineon.com> X-Mailer: git-send-email 2.11.1.windows.1 In-Reply-To: <20171214160614.11808-1-Alexander.Steffen@infineon.com> References: <20171214160614.11808-1-Alexander.Steffen@infineon.com> MIME-Version: 1.0 X-Originating-IP: [172.23.8.247] X-ClientProxiedBy: MUCSE705.infineon.com (172.23.7.79) To MUCSE708.infineon.com (172.23.7.82) Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When one of the commands during the auto_startup sequences does not return TPM_RC_SUCCESS, tpm_chip_register misleadingly returns ENODEV, even though a TPM device is definitely present. An error response during those sequences is indeed unexpected, so to prevent subsequent errors, the kernel should not make use of the TPM device. But user space applications still might be able to communicate with the TPM, so they can be used to further diagnose and/or fix the problem. To allow this, with this patch the device is still exported to user space, even if a TPM error code has been received, but the kernel itself will not be allowed to use the device for anything. This is not a hypothetical scenario, but there are devices in the wild that show this behavior. With this fix, those devices can be recovered from their failed state. Signed-off-by: Alexander Steffen --- drivers/char/tpm/tpm-chip.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 9cbe1ef..c4636e1 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -384,7 +384,7 @@ static int tpm_add_legacy_sysfs(struct tpm_chip *chip) * * Creates a character device for the TPM chip and adds sysfs attributes for * the device. As the last step this function adds the chip to the list of TPM - * chips available for in-kernel use. + * chips available for in-kernel use, if the TPM startup was successful. * * This function should be only called after the chip initialization is * complete. @@ -392,6 +392,7 @@ static int tpm_add_legacy_sysfs(struct tpm_chip *chip) int tpm_chip_register(struct tpm_chip *chip) { int rc; + bool startup_successful = true; if (chip->ops->flags & TPM_OPS_AUTO_STARTUP) { if (chip->flags & TPM_CHIP_FLAG_TPM2) @@ -401,7 +402,7 @@ int tpm_chip_register(struct tpm_chip *chip) if (rc < 0) return rc; else if (rc > 0) - return -ENODEV; + startup_successful = false; } tpm_sysfs_add_device(chip); @@ -424,10 +425,12 @@ int tpm_chip_register(struct tpm_chip *chip) return rc; } - /* Make the chip available. */ - mutex_lock(&idr_lock); - idr_replace(&dev_nums_idr, chip, chip->dev_num); - mutex_unlock(&idr_lock); + if (startup_successful) { + /* Make the chip available. */ + mutex_lock(&idr_lock); + idr_replace(&dev_nums_idr, chip, chip->dev_num); + mutex_unlock(&idr_lock); + } return 0; }