From patchwork Sun Nov 20 13:31:21 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Lino Sanfilippo <linosanfilippo@gmx.de>
X-Patchwork-Id: 13050031
Return-Path: <linux-integrity-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 801E7C43217
	for <linux-integrity@archiver.kernel.org>;
 Sun, 20 Nov 2022 13:32:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229593AbiKTNcb (ORCPT
        <rfc822;linux-integrity@archiver.kernel.org>);
        Sun, 20 Nov 2022 08:32:31 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46848 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229508AbiKTNc3 (ORCPT
        <rfc822;linux-integrity@vger.kernel.org>);
        Sun, 20 Nov 2022 08:32:29 -0500
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0106AA7;
        Sun, 20 Nov 2022 05:32:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417;
        t=1668951125; bh=A4TNiZ1MIqgxBlywM7kePzrqXJ+tGCscjealDs3aYxw=;
        h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References;
        b=U1MnMRiLo7lFIAsJR2Z3mDisNFMsDebDtqUsFR3FTFIbYphcarJk13Smb84Zi66pJ
         x9fGmLZSeYMFqSl7/hVg082vUAf8wAo5dzqRxaCCX0H/HfrB04kHIgsdnlLkHZA0t9
         zzNm23vt1iG3BcBtdE1crOeaIkdsp+sxpsBD8RKmOxOB5yShWS7KiFdFIJ6H8lisgb
         mvZ1k/lPEYPvNYlhA/dY2vEGyQWoM5+K0WdQXMmQYsj+irdHQXGNF4bAldc17ovkwi
         upBtmO3qrTchrOA20vXXe//XCvo/F0ibq8A8xlzFyQHX+Rh7cJcx17uS9flN9QAXAY
         0wawjg1Mm8Tzg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Venus.speedport.ip ([84.162.7.17]) by mail.gmx.net (mrgmx004
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1McYCl-1pVFMn3grd-00d2kE; Sun, 20
 Nov 2022 14:32:04 +0100
From: Lino Sanfilippo <LinoSanfilippo@gmx.de>
To: peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca
Cc: stefanb@linux.vnet.ibm.com, linux@mniewoehner.de,
        linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
        jandryuk@gmail.com, pmenzel@molgen.mpg.de, l.sanfilippo@kunbus.com,
        LinoSanfilippo@gmx.de, lukas@wunner.de, p.rosenberger@kunbus.com
Subject: [PATCH v10 01/14] tpm,
 tpm_tis: Avoid cache incoherency in test for interrupts
Date: Sun, 20 Nov 2022 14:31:21 +0100
Message-Id: <20221120133134.28926-2-LinoSanfilippo@gmx.de>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20221120133134.28926-1-LinoSanfilippo@gmx.de>
References: <20221120133134.28926-1-LinoSanfilippo@gmx.de>
MIME-Version: 1.0
X-Provags-ID: V03:K1:RuWFAxuNwY2FT86vJNtzPuYEZpoztucbVYAdGLlXTQtT88zV49q
 KCydeoKPHV5YH+pMz6lMCZ862z8nrCJ3t8aj/jBdLg5gaSCgxo++V98TgT3Bfe8hXmM/kvu
 EXrvyyP9q62Z0RzfY5+P72e6mdEqk8/52QS3qmy3tgbRrBSLawXH0Lms0kQ52jgOECIBJuP
 O5XF/9xmFuMhh4Cyklqcw==
UI-OutboundReport: notjunk:1;M01:P0:Q+0a9ri9s2U=;cO6kOhfTm36JQ3YSj3SePfm9L3D
 a+SejTbtWaqb6w8chLd7DuWYH8c62Ia9tV/1HdVKF/rkXduIKgdd/ivkAMP1g3teF8ERiaHm2
 xQ1LYfdhKma84M+6PEElYAdUbRbg4KHOZDGfEwq9JNaFSW2k6BVaiLtklc516N3eY8jKdbuT8
 rSs0TTnrxx0EQsGU7NdJ7a+2zxwDLm5XVHoxpmlpu6/Q5AiAw4jnaxCGRQK+v/ntTnpZoYVW0
 T9F5f53Vx841SzlXntD8zRFVsAr/tVd4ZdbuZ29FQ+qFA+KvFdZJxeI4PH8LWS1kqh2xCMX2m
 2qNyp9nxRFV1fiVACOm5BBl+rJMZ/x5f+YL+R38Ewz2xzZs+Pd8Vyw0cFP8ID92F959fe94EW
 iHlXU9Alu46IVEo/kZfc8h8QmBfmnWAvbYlcrKvZyv+pfzXeTWr1ZMcGcX8Hh0eSHmKEim+uq
 sRLENbcJmW7rH4XIOH0BzFt8CpHYuXmIpsJBlPXInWAlpH2fE0sTC6RifLd3Ty+nIBqxtZBA8
 SbkWppgwKDgq+QGU9PfCyvcIuelbaoxoECxyNT/4DZMmbAow0SxUHri3ZJTu85vuayn2I1Wq2
 3nRsTdELLob/WYTd/u/hR0uiYcE2XZHx/SXw2yp7yBAdydldya0sUoS6OSYsnBc7gUAUSeWW5
 xVWW9vfR1Hk0hC1z6TdttQTT97tDWBKRg0AmcPF274w/9szWITVkg5J3DQMMv8JoLlXmyUDWv
 8MI+mQKPGThXMYN3JLgu1M3AE5sXt/fsuZXbL50LYcD1blDqNKMb7H18Fpi+HXdqJ7GOoKvPD
 rbrnCEWxmBXydZj64yr672yMhGvThzzypGgvi5dUs0ZiR0aghz7HhijvQGnQV4IIWnmei2qbV
 jJcYMNCS9450pQlLT6YZp+z5uyd9WfuG6cd3mR9P8SWkUxau4GDyFg2n/LX/bbnZDWSW0TUwl
 r9I7IpQUDbvEJ9HbkPcy2nYFpQE=
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org

From: Lino Sanfilippo <l.sanfilippo@kunbus.com>

The interrupt handler that sets the boolean variable irq_tested may run on
another CPU as the thread that checks irq_tested as part of the irq test in
tpm_tis_send().

Since nothing guarantees cache coherency between CPUs for unsynchronized
accesses to boolean variables the testing thread might not perceive the
value change done in the interrupt handler.

Avoid this issue by setting the bit TPM_TIS_IRQ_TESTED in the flags field
of the tpm_tis_data struct and by accessing this field with the bit
manipulating functions that provide cache coherency.

Also convert all other existing sites to use the proper macros when
accessing this bitfield.

Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Michael Niewöhner <linux@mniewoehner.de>
---
 drivers/char/tpm/tpm_tis.c      |  2 +-
 drivers/char/tpm/tpm_tis_core.c | 21 +++++++++++----------
 drivers/char/tpm/tpm_tis_core.h |  2 +-
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index bcff6429e0b4..ce43412eb398 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -226,7 +226,7 @@ static int tpm_tis_init(struct device *dev, struct tpm_info *tpm_info)
 		irq = tpm_info->irq;
 
 	if (itpm || is_itpm(ACPI_COMPANION(dev)))
-		phy->priv.flags |= TPM_TIS_ITPM_WORKAROUND;
+		set_bit(TPM_TIS_ITPM_WORKAROUND, &phy->priv.flags);
 
 	return tpm_tis_core_init(dev, &phy->priv, irq, &tpm_tcg,
 				 ACPI_HANDLE(dev));
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 757623bacfd5..c0008efb95dc 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -351,7 +351,7 @@ static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
 	int rc, status, burstcnt;
 	size_t count = 0;
-	bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
+	bool itpm = test_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags);
 
 	status = tpm_tis_status(chip);
 	if ((status & TPM_STS_COMMAND_READY) == 0) {
@@ -484,7 +484,8 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
 	int rc, irq;
 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
 
-	if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || priv->irq_tested)
+	if (!(chip->flags & TPM_CHIP_FLAG_IRQ) ||
+	     test_bit(TPM_TIS_IRQ_TESTED, &priv->flags))
 		return tpm_tis_send_main(chip, buf, len);
 
 	/* Verify receipt of the expected IRQ */
@@ -494,11 +495,11 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
 	rc = tpm_tis_send_main(chip, buf, len);
 	priv->irq = irq;
 	chip->flags |= TPM_CHIP_FLAG_IRQ;
-	if (!priv->irq_tested)
+	if (!test_bit(TPM_TIS_IRQ_TESTED, &priv->flags))
 		tpm_msleep(1);
-	if (!priv->irq_tested)
+	if (!test_bit(TPM_TIS_IRQ_TESTED, &priv->flags))
 		disable_interrupts(chip);
-	priv->irq_tested = true;
+	set_bit(TPM_TIS_IRQ_TESTED, &priv->flags);
 	return rc;
 }
 
@@ -641,7 +642,7 @@ static int probe_itpm(struct tpm_chip *chip)
 	size_t len = sizeof(cmd_getticks);
 	u16 vendor;
 
-	if (priv->flags & TPM_TIS_ITPM_WORKAROUND)
+	if (test_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags))
 		return 0;
 
 	rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
@@ -661,13 +662,13 @@ static int probe_itpm(struct tpm_chip *chip)
 
 	tpm_tis_ready(chip);
 
-	priv->flags |= TPM_TIS_ITPM_WORKAROUND;
+	set_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags);
 
 	rc = tpm_tis_send_data(chip, cmd_getticks, len);
 	if (rc == 0)
 		dev_info(&chip->dev, "Detected an iTPM.\n");
 	else {
-		priv->flags &= ~TPM_TIS_ITPM_WORKAROUND;
+		clear_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags);
 		rc = -EFAULT;
 	}
 
@@ -707,7 +708,7 @@ static irqreturn_t tis_int_handler(int dummy, void *dev_id)
 	if (interrupt == 0)
 		return IRQ_NONE;
 
-	priv->irq_tested = true;
+	set_bit(TPM_TIS_IRQ_TESTED, &priv->flags);
 	if (interrupt & TPM_INTF_DATA_AVAIL_INT)
 		wake_up_interruptible(&priv->read_queue);
 	if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
@@ -793,7 +794,7 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
 	if (rc < 0)
 		return rc;
 
-	priv->irq_tested = false;
+	clear_bit(TPM_TIS_IRQ_TESTED, &priv->flags);
 
 	/* Generate an interrupt by having the core call through to
 	 * tpm_tis_send
diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
index 66a5a13cd1df..695a2516dce0 100644
--- a/drivers/char/tpm/tpm_tis_core.h
+++ b/drivers/char/tpm/tpm_tis_core.h
@@ -86,13 +86,13 @@ enum tis_defaults {
 enum tpm_tis_flags {
 	TPM_TIS_ITPM_WORKAROUND		= BIT(0),
 	TPM_TIS_INVALID_STATUS		= BIT(1),
+	TPM_TIS_IRQ_TESTED		= BIT(2),
 };
 
 struct tpm_tis_data {
 	u16 manufacturer_id;
 	int locality;
 	int irq;
-	bool irq_tested;
 	unsigned long flags;
 	void __iomem *ilb_base_addr;
 	u16 clkrun_enabled;