From patchwork Thu May 25 13:12:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 9748385 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4F17860388 for ; Thu, 25 May 2017 13:12:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3E2F82656B for ; Thu, 25 May 2017 13:12:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 32D1427FE4; Thu, 25 May 2017 13:12:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DACDF26E46 for ; Thu, 25 May 2017 13:12:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966330AbdEYNMv (ORCPT ); Thu, 25 May 2017 09:12:51 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:49455 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966061AbdEYNMu (ORCPT ); Thu, 25 May 2017 09:12:50 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v4PD8uJJ041251 for ; Thu, 25 May 2017 09:12:49 -0400 Received: from e15.ny.us.ibm.com (e15.ny.us.ibm.com [129.33.205.205]) by mx0a-001b2d01.pphosted.com with ESMTP id 2ans8xskk0-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 25 May 2017 09:12:47 -0400 Received: from localhost by e15.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 25 May 2017 09:12:46 -0400 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e15.ny.us.ibm.com (146.89.104.202) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 25 May 2017 09:12:42 -0400 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v4PDCgrG43909142; Thu, 25 May 2017 13:12:42 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 80AFAB204E; Thu, 25 May 2017 09:10:18 -0400 (EDT) Received: from sbct-3.watson.ibm.com (unknown [9.2.141.158]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP id 6123CB2046; Thu, 25 May 2017 09:10:18 -0400 (EDT) From: Stefan Berger To: jarkko.sakkinen@linux.intel.com, tpmdd-devel@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, jgunthorpe@obsidianresearch.com, Stefan Berger Subject: [PATCH] tpm: vtpm_proxy: Do not run tpm2_shutdown Date: Thu, 25 May 2017 09:12:36 -0400 X-Mailer: git-send-email 2.5.5 X-TM-AS-GCONF: 00 x-cbid: 17052513-0036-0000-0000-00000212AB20 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007115; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000212; SDB=6.00865444; UDB=6.00429728; IPR=6.00645221; BA=6.00005374; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00015579; XFM=3.00000015; UTC=2017-05-25 13:12:44 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17052513-0037-0000-0000-0000407888B3 Message-Id: <1495717956-14252-1-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-25_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=9 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705250250 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The tpm2_shutdown does not work with the VTPM proxy driver since the function only gets called when the backend file descriptor is already closed and at this point no data can be sent anymore. A proper shutdown would have to be initated by a user space application, such as a container management stack, that sends the command via the character device before terminating the TPM emulator. To avoid the tpm2_shutdown we introduce a TPM_CHIP_FLAG_NO_SHUTDOWN flag that only the VTPM proxy driver sets. This also avoids misleading kernel log messages. Signed-off-by: Stefan Berger --- drivers/char/tpm/tpm.h | 1 + drivers/char/tpm/tpm2-cmd.c | 3 +++ drivers/char/tpm/tpm_vtpm_proxy.c | 3 ++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 25d9858..23b656f 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -170,6 +170,7 @@ enum tpm_chip_flags { TPM_CHIP_FLAG_IRQ = BIT(2), TPM_CHIP_FLAG_VIRTUAL = BIT(3), TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4), + TPM_CHIP_FLAG_NO_SHUTDOWN = BIT(5), }; struct tpm_bios_log { diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 3ee6883..495d316 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -831,6 +831,9 @@ void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) struct tpm2_cmd cmd; int rc; + if (chip->flags & TPM_CHIP_FLAG_NO_SHUTDOWN) + return; + cmd.header.in = tpm2_shutdown_header; cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type); diff --git a/drivers/char/tpm/tpm_vtpm_proxy.c b/drivers/char/tpm/tpm_vtpm_proxy.c index 1d877cc..d439ce7 100644 --- a/drivers/char/tpm/tpm_vtpm_proxy.c +++ b/drivers/char/tpm/tpm_vtpm_proxy.c @@ -573,7 +573,8 @@ static struct file *vtpm_proxy_create_device( vtpm_proxy_fops_open(file); if (proxy_dev->flags & VTPM_PROXY_FLAG_TPM2) - proxy_dev->chip->flags |= TPM_CHIP_FLAG_TPM2; + proxy_dev->chip->flags |= TPM_CHIP_FLAG_TPM2 | + TPM_CHIP_FLAG_NO_SHUTDOWN; vtpm_proxy_work_start(proxy_dev);