| Message ID | 20200914061343.79018-1-hao.wu@rubrik.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix Atmel TPM crash caused by too frequent queries | expand |
On Sun, Sep 13, 2020 at 11:13:43PM -0700, Hao Wu wrote: > Since kernel 4.14, we fixed the TPM sleep logic > from msleep to usleep_range, so that the TPM > sleeps exactly with TPM_TIMEOUT (=5ms) afterward. > Before that fix, msleep(5) actually sleeps for > around 15ms. > The fix is https://github.com/torvalds/linux/commit/9f3fc7bcddcb51234e23494531f93ab60475e1c3 > > That fix uncovered that the TPM_TIMEOUT was not properly > set previously. We recently found the TPM driver in kernel 4.14+ > (including 5.9-rc4) crashes Atmel TPM chips with > too frequent TPM queries. > > The TPM crash signature is > ``` > $ tpm_sealdata -z > Tspi_Key_LoadKey failed: 0x00001087 - layer=tddl, code=0087 (135), I/O error > > $ sudo dmesg | grep tpm0 > [59154.665549] tpm tpm0: tpm_try_transmit: send(): error -62 > [59154.809532] tpm tpm0: tpm_try_transmit: send(): error -62 > ``` > > >From the error code "-62", it looks similar to another bug > https://patchwork.kernel.org/patch/10520247/ > where the "TPM_TIMEOUT_USECS_MAX" and "TPM_TIMEOUT_USEC_MIN" > is too small, which causes TPM get queried too frequently, > and thus crashes. > > This patch fix the TPM_TIMEOUT to 15ms which was > the actual timeout TPM chips use before the fix > from msleep to usleep_range. Thus fixed the crash. > > Test Plan: > - Run fixed kernel on system with Atmel TPM chips > and ensure crash does not happen > - Run fixed kernel on system with other TPM chips > (IFX / WEC / STM) ensure not breakages from tpm-tool > --- > drivers/char/tpm/tpm.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h > index 947d1db0a5cc..73259ac0a997 100644 > --- a/drivers/char/tpm/tpm.h > +++ b/drivers/char/tpm/tpm.h > @@ -37,7 +37,7 @@ > #define TPM_RETRY 50 > > enum tpm_timeout { > - TPM_TIMEOUT = 5, /* msecs */ > + TPM_TIMEOUT = 15, /* msecs */ > TPM_TIMEOUT_RETRY = 100, /* msecs */ > TPM_TIMEOUT_RANGE_US = 300, /* usecs */ > TPM_TIMEOUT_POLL = 1, /* msecs */ > -- > 2.17.1 > Hi, This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him a patch that has triggered this response. He used to manually respond to these common problems, but in order to save his sanity (he kept writing the same thing over and over, yet to different people), I was created. Hopefully you will not take offence and will fix the problem in your patch and resubmit it so that it can be accepted into the Linux kernel tree. You are receiving this message because of the following common error(s) as indicated below: - Your patch does not have a Signed-off-by: line. Please read the kernel file, Documentation/SubmittingPatches and resend it after adding that line. Note, the line needs to be in the body of the email, before the patch, not at the bottom of the patch or in the email signature. If you wish to discuss this problem further, or you have questions about how to resolve this issue, please feel free to respond to this email and Greg will reply once he has dug out from the pending patches received from other developers. thanks, greg k-h's patch email bot
Applied the fix on 5.9-rc4, but it looks like it is not enough to fix the issue. There should be other TPM timing changes since 4.15 (where we have tested and ensure it works). Need to look into it a bit to see what should be the fix in the master branch. Thanks Hao > On Sep 13, 2020, at 11:13 PM, Hao Wu <hao.wu@rubrik.com> wrote: > > Since kernel 4.14, we fixed the TPM sleep logic > from msleep to usleep_range, so that the TPM > sleeps exactly with TPM_TIMEOUT (=5ms) afterward. > Before that fix, msleep(5) actually sleeps for > around 15ms. > The fix is https://github.com/torvalds/linux/commit/9f3fc7bcddcb51234e23494531f93ab60475e1c3 > > That fix uncovered that the TPM_TIMEOUT was not properly > set previously. We recently found the TPM driver in kernel 4.14+ > (including 5.9-rc4) crashes Atmel TPM chips with > too frequent TPM queries. > > The TPM crash signature is > ``` > $ tpm_sealdata -z > Tspi_Key_LoadKey failed: 0x00001087 - layer=tddl, code=0087 (135), I/O error > > $ sudo dmesg | grep tpm0 > [59154.665549] tpm tpm0: tpm_try_transmit: send(): error -62 > [59154.809532] tpm tpm0: tpm_try_transmit: send(): error -62 > ``` > > From the error code "-62", it looks similar to another bug > https://patchwork.kernel.org/patch/10520247/ > where the "TPM_TIMEOUT_USECS_MAX" and "TPM_TIMEOUT_USEC_MIN" > is too small, which causes TPM get queried too frequently, > and thus crashes. > > This patch fix the TPM_TIMEOUT to 15ms which was > the actual timeout TPM chips use before the fix > from msleep to usleep_range. Thus fixed the crash. > > Test Plan: > - Run fixed kernel on system with Atmel TPM chips > and ensure crash does not happen > - Run fixed kernel on system with other TPM chips > (IFX / WEC / STM) ensure not breakages from tpm-tool > --- > drivers/char/tpm/tpm.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h > index 947d1db0a5cc..73259ac0a997 100644 > --- a/drivers/char/tpm/tpm.h > +++ b/drivers/char/tpm/tpm.h > @@ -37,7 +37,7 @@ > #define TPM_RETRY 50 > > enum tpm_timeout { > - TPM_TIMEOUT = 5, /* msecs */ > + TPM_TIMEOUT = 15, /* msecs */ > TPM_TIMEOUT_RETRY = 100, /* msecs */ > TPM_TIMEOUT_RANGE_US = 300, /* usecs */ > TPM_TIMEOUT_POLL = 1, /* msecs */ > -- > 2.17.1 >
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 947d1db0a5cc..73259ac0a997 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -37,7 +37,7 @@ #define TPM_RETRY 50 enum tpm_timeout { - TPM_TIMEOUT = 5, /* msecs */ + TPM_TIMEOUT = 15, /* msecs */ TPM_TIMEOUT_RETRY = 100, /* msecs */ TPM_TIMEOUT_RANGE_US = 300, /* usecs */ TPM_TIMEOUT_POLL = 1, /* msecs */