From patchwork Thu Sep 1 21:46:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 12963232 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B7E0C6FA87 for ; Thu, 1 Sep 2022 21:46:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233604AbiIAVql (ORCPT ); Thu, 1 Sep 2022 17:46:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233452AbiIAVqj (ORCPT ); Thu, 1 Sep 2022 17:46:39 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B04387A535; Thu, 1 Sep 2022 14:46:37 -0700 (PDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 281LTPb3015061; Thu, 1 Sep 2022 21:46:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ivPRXb7MUIgXesDTP+qM9+vzzMajKW58yMhYgJF00cY=; b=PdF4Z3hEKBl11+XdMk71Ia0v9GASf5vB8GY3BmGSuqkjCvYK3j5oEGqmEETve2t/F7eY 5DezE2u8gqwDtesECQXGftxMmKhRqmdgqPmI8cLEX5qNCfVYhyLGiKrz+kmEdO/phk8a 5eL7t0gqdSClTRm+xkd8fH2MFoCR9MBOFRrGp9gE3dyc+FdJWxzafsKwLVzWiSEvR1rL BEZkMVxDRWt5WrJQJveC86BCsVsVoINOot0q1nU5npjUfxJXNzG2ClNbaltUiaapOkT8 UXb3Chu8b9pcPHGwpUHpOr4Yod9v8/Vd9yVj1CUDiU14Wl1bAP8Ok5ZT+c1xE7Jrqfdu Gw== Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4pvgh6c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:23 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 281LaZcW025668; Thu, 1 Sep 2022 21:46:23 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02wdc.us.ibm.com with ESMTP id 3j7aw9uyju-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:23 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 281LkMvh11207388 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 1 Sep 2022 21:46:22 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC354C6057; Thu, 1 Sep 2022 21:46:21 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 07838C6055; Thu, 1 Sep 2022 21:46:21 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 1 Sep 2022 21:46:20 +0000 (GMT) From: Stefan Berger To: kexec@lists.infradead.org, devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Cc: nayna@linux.ibm.com, nasastry@in.ibm.com, mpe@ellerman.id.au, Palmer Dabbelt , Rob Herring , Mimi Zohar Subject: [PATCH v8 1/4] drivers: of: kexec ima: Support 32-bit platforms Date: Thu, 1 Sep 2022 17:46:07 -0400 Message-Id: <20220901214610.768645-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220901214610.768645-1-stefanb@linux.ibm.com> References: <20220901214610.768645-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 8_AY4_LUh8XsWeAb8J7UbTW7yPih9Ueh X-Proofpoint-ORIG-GUID: 8_AY4_LUh8XsWeAb8J7UbTW7yPih9Ueh X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-09-01_12,2022-08-31_03,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 malwarescore=0 priorityscore=1501 impostorscore=0 mlxscore=0 bulkscore=0 spamscore=0 lowpriorityscore=0 clxscore=1015 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209010094 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org From: Palmer Dabbelt RISC-V recently added kexec_file() support, which uses enables kexec IMA. We're the first 32-bit platform to support this, so we found a build bug. Acked-by: Rob Herring Signed-off-by: Palmer Dabbelt Reviewed-by: Mimi Zohar --- drivers/of/kexec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c index e6c01db393f9..548dd5b1b5c1 100644 --- a/drivers/of/kexec.c +++ b/drivers/of/kexec.c @@ -250,8 +250,8 @@ static int setup_ima_buffer(const struct kimage *image, void *fdt, if (ret) return -EINVAL; - pr_debug("IMA buffer at 0x%llx, size = 0x%zx\n", - image->ima_buffer_addr, image->ima_buffer_size); + pr_debug("IMA buffer at 0x%pa, size = 0x%zx\n", + &image->ima_buffer_addr, image->ima_buffer_size); return 0; } From patchwork Thu Sep 1 21:46:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 12963233 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BB17C6FA85 for ; Thu, 1 Sep 2022 21:46:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233516AbiIAVqk (ORCPT ); Thu, 1 Sep 2022 17:46:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233353AbiIAVqi (ORCPT ); Thu, 1 Sep 2022 17:46:38 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34D947A506; Thu, 1 Sep 2022 14:46:37 -0700 (PDT) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 281LD2D3006720; Thu, 1 Sep 2022 21:46:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=gruSY6eWw/NEwHExJKnsxDdwOlp80csb3xc/7VDhcAE=; b=ioZAMWuWHiVCCXe7Ggkhw6y4vv3yzLyuJtiWOUVrn8v5RNfv4EjB3LyYmfHAv5N8gDNM DhDrpW8bxxnCoXcuMfRCLMEC4X/Wl2QQg1u/oIHq+NjnC86jN+p29hMo6v2PfapI4IoI fdQyPmyPIU3nFE7tJRIMEZcrNnZpxh0sbNqzdCqbrxyj0sAOFBq7CCT9z0tog0O/AFO4 ChD5IEUaZ0U0oAPIR2BG8jDKH7rt8354Zf+HxjdOCVxkb1AVVgO7K6dSQexC4jt+fOYb 5hvlkLuXr52JNPf7UO/cKMGU0o5opLKU1Is9uq4t885tIKrnvmnGY7ba6MtFrnKk0kx8 iQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4f5gvy0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:26 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 281LEcpQ019800; Thu, 1 Sep 2022 21:46:25 GMT Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4f5gvxe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:25 +0000 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 281LZJwU012098; Thu, 1 Sep 2022 21:46:24 GMT Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma04dal.us.ibm.com with ESMTP id 3j7awacwnc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:24 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 281LkNbn5308996 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 1 Sep 2022 21:46:23 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A55A6C6057; Thu, 1 Sep 2022 21:46:22 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C6C53C6055; Thu, 1 Sep 2022 21:46:21 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 1 Sep 2022 21:46:21 +0000 (GMT) From: Stefan Berger To: kexec@lists.infradead.org, devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Cc: nayna@linux.ibm.com, nasastry@in.ibm.com, mpe@ellerman.id.au, Stefan Berger , Jarkko Sakkinen , Jason Gunthorpe , Rob Herring , Frank Rowand , Mimi Zohar , Nageswara R Sastry , Coiby Xu Subject: [PATCH v8 2/4] tpm: of: Make of-tree specific function commonly available Date: Thu, 1 Sep 2022 17:46:08 -0400 Message-Id: <20220901214610.768645-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220901214610.768645-1-stefanb@linux.ibm.com> References: <20220901214610.768645-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: TKqq_umCHPuN1kpay-xmiI9ot655_6da X-Proofpoint-ORIG-GUID: V1jxbQB1zFNWy15QnMKrZlpGvPTy3gfj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-09-01_12,2022-08-31_03,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 adultscore=0 mlxscore=0 impostorscore=0 bulkscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209010094 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Simplify tpm_read_log_of() by moving reusable parts of the code into an inline function that makes it commonly available so it can be used also for kexec support. Call the new of_tpm_get_sml_parameters() function from the TPM Open Firmware driver. Signed-off-by: Stefan Berger Cc: Jarkko Sakkinen Cc: Jason Gunthorpe Cc: Rob Herring Cc: Frank Rowand Reviewed-by: Mimi Zohar Tested-by: Nageswara R Sastry Reviewed-by: Jarkko Sakkinen Tested-by: Coiby Xu Acked-by: Jarkko Sakkinen --- v7: - Added original comment back into inlined function v4: - converted to inline function --- drivers/char/tpm/eventlog/of.c | 31 +++++------------------------ include/linux/tpm.h | 36 ++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 26 deletions(-) diff --git a/drivers/char/tpm/eventlog/of.c b/drivers/char/tpm/eventlog/of.c index a9ce66d09a75..f9462d19632e 100644 --- a/drivers/char/tpm/eventlog/of.c +++ b/drivers/char/tpm/eventlog/of.c @@ -12,6 +12,7 @@ #include #include +#include #include #include "../tpm.h" @@ -20,11 +21,10 @@ int tpm_read_log_of(struct tpm_chip *chip) { struct device_node *np; - const u32 *sizep; - const u64 *basep; struct tpm_bios_log *log; u32 size; u64 base; + int ret; log = &chip->log; if (chip->dev.parent && chip->dev.parent->of_node) @@ -35,30 +35,9 @@ int tpm_read_log_of(struct tpm_chip *chip) if (of_property_read_bool(np, "powered-while-suspended")) chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED; - sizep = of_get_property(np, "linux,sml-size", NULL); - basep = of_get_property(np, "linux,sml-base", NULL); - if (sizep == NULL && basep == NULL) - return -ENODEV; - if (sizep == NULL || basep == NULL) - return -EIO; - - /* - * For both vtpm/tpm, firmware has log addr and log size in big - * endian format. But in case of vtpm, there is a method called - * sml-handover which is run during kernel init even before - * device tree is setup. This sml-handover function takes care - * of endianness and writes to sml-base and sml-size in little - * endian format. For this reason, vtpm doesn't need conversion - * but physical tpm needs the conversion. - */ - if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0 && - of_property_match_string(np, "compatible", "IBM,vtpm20") < 0) { - size = be32_to_cpup((__force __be32 *)sizep); - base = be64_to_cpup((__force __be64 *)basep); - } else { - size = *sizep; - base = *basep; - } + ret = of_tpm_get_sml_parameters(np, &base, &size); + if (ret < 0) + return ret; if (size == 0) { dev_warn(&chip->dev, "%s: Event log area empty\n", __func__); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index dfeb25a0362d..6356baaa1393 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -460,4 +460,40 @@ static inline struct tpm_chip *tpm_default_chip(void) return NULL; } #endif + +#ifdef CONFIG_OF +static inline int of_tpm_get_sml_parameters(struct device_node *np, + u64 *base, u32 *size) +{ + const u32 *sizep; + const u64 *basep; + + sizep = of_get_property(np, "linux,sml-size", NULL); + basep = of_get_property(np, "linux,sml-base", NULL); + if (sizep == NULL && basep == NULL) + return -ENODEV; + if (sizep == NULL || basep == NULL) + return -EIO; + + /* + * For both vtpm/tpm, firmware has log addr and log size in big + * endian format. But in case of vtpm, there is a method called + * sml-handover which is run during kernel init even before + * device tree is setup. This sml-handover function takes care + * of endianness and writes to sml-base and sml-size in little + * endian format. For this reason, vtpm doesn't need conversion + * but physical tpm needs the conversion. + */ + if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0 && + of_property_match_string(np, "compatible", "IBM,vtpm20") < 0) { + *size = be32_to_cpup((__force __be32 *)sizep); + *base = be64_to_cpup((__force __be64 *)basep); + } else { + *size = *sizep; + *base = *basep; + } + return 0; +} +#endif + #endif From patchwork Thu Sep 1 21:46:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 12963234 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E522CECAAD3 for ; Thu, 1 Sep 2022 21:46:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233456AbiIAVqm (ORCPT ); Thu, 1 Sep 2022 17:46:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233401AbiIAVqj (ORCPT ); Thu, 1 Sep 2022 17:46:39 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7329F7A536; Thu, 1 Sep 2022 14:46:37 -0700 (PDT) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 281LD1xg006664; Thu, 1 Sep 2022 21:46:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=M+U69VRyRAwdLIoPkJOXwPUrNGgkrhhnbHDnjc11JwE=; b=n+r0F7u26OQzWkeIvk41wXgoSdaeGk1EQ347OfcWlKlWHYIuq1+duUO31G4JA/dJ3k5e P5nzW/lWYhOP7nKkvf7tUoiskjll7pk8gcLXwk9H/fAoaSyscz8hgbykALUUi2Ca7SWC lndC7slfu1ezaulkLG3KuC5ic43XIYgf7B/v1YGjVxnsYDtTiDMyRPxOgIOvvuB7Cw1Z RqCpK42MIp0kTDBBOHdFprQqY2fEJ/+prmVYd+aV0MhP5DZPW0rnsf7jNMxrjMkVnygG uzZo7xL8po7/593kR4oDN9DOmVDAoyChSuKgHvCCVdjLcb/ckR+1UqOICSw9bv8fyO8w ug== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4f5gvyf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:27 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 281Lk1Oc023343; Thu, 1 Sep 2022 21:46:26 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4f5gvxs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:26 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 281LZg9x007294; Thu, 1 Sep 2022 21:46:25 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma03wdc.us.ibm.com with ESMTP id 3j7aw9v0ce-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:25 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 281LkOJs18809138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 1 Sep 2022 21:46:24 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 93135C6057; Thu, 1 Sep 2022 21:46:23 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BF9E3C6055; Thu, 1 Sep 2022 21:46:22 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 1 Sep 2022 21:46:22 +0000 (GMT) From: Stefan Berger To: kexec@lists.infradead.org, devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Cc: nayna@linux.ibm.com, nasastry@in.ibm.com, mpe@ellerman.id.au, Stefan Berger , Rob Herring , Frank Rowand , Mimi Zohar , Rob Herring , Nageswara R Sastry , Coiby Xu Subject: [PATCH v8 3/4] of: kexec: Refactor IMA buffer related functions to make them reusable Date: Thu, 1 Sep 2022 17:46:09 -0400 Message-Id: <20220901214610.768645-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220901214610.768645-1-stefanb@linux.ibm.com> References: <20220901214610.768645-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: _w0dQRHxx5rDjtzydf7pcIk1e65WX6JO X-Proofpoint-ORIG-GUID: fmf1JyVKmy5BloFXYnG4ykLNy0ToTHTd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-09-01_12,2022-08-31_03,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 adultscore=0 mlxscore=0 impostorscore=0 bulkscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209010094 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Refactor IMA buffer related functions to make them reusable for carrying TPM logs across kexec. Signed-off-by: Stefan Berger Cc: Rob Herring Cc: Frank Rowand Cc: Mimi Zohar Reviewed-by: Mimi Zohar Reviewed-by: Rob Herring Tested-by: Nageswara R Sastry Tested-by: Coiby Xu --- v6: - Add __init to get_kexec_buffer as suggested by Jonathan v5: - Rebased on Jonathan McDowell's commit "b69a2afd5afc x86/kexec: Carry forward IMA measurement log on kexec" v4: - Move debug output into setup_buffer() --- drivers/of/kexec.c | 126 ++++++++++++++++++++++++++------------------- 1 file changed, 74 insertions(+), 52 deletions(-) diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c index 548dd5b1b5c1..15a82b574f36 100644 --- a/drivers/of/kexec.c +++ b/drivers/of/kexec.c @@ -117,45 +117,57 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr, } #ifdef CONFIG_HAVE_IMA_KEXEC -/** - * ima_get_kexec_buffer - get IMA buffer from the previous kernel - * @addr: On successful return, set to point to the buffer contents. - * @size: On successful return, set to the buffer size. - * - * Return: 0 on success, negative errno on error. - */ -int __init ima_get_kexec_buffer(void **addr, size_t *size) +static int __init get_kexec_buffer(const char *name, unsigned long *addr, + size_t *size) { int ret, len; - unsigned long tmp_addr; unsigned long start_pfn, end_pfn; - size_t tmp_size; const void *prop; - prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len); + prop = of_get_property(of_chosen, name, &len); if (!prop) return -ENOENT; - ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size); + ret = do_get_kexec_buffer(prop, len, addr, size); if (ret) return ret; - /* Do some sanity on the returned size for the ima-kexec buffer */ - if (!tmp_size) + /* Do some sanity on the returned size for the kexec buffer */ + if (!*size) return -ENOENT; /* * Calculate the PFNs for the buffer and ensure * they are with in addressable memory. */ - start_pfn = PHYS_PFN(tmp_addr); - end_pfn = PHYS_PFN(tmp_addr + tmp_size - 1); + start_pfn = PHYS_PFN(*addr); + end_pfn = PHYS_PFN(*addr + *size - 1); if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn)) { - pr_warn("IMA buffer at 0x%lx, size = 0x%zx beyond memory\n", - tmp_addr, tmp_size); + pr_warn("%s buffer at 0x%lx, size = 0x%zx beyond memory\n", + name, *addr, *size); return -EINVAL; } + return 0; +} + +/** + * ima_get_kexec_buffer - get IMA buffer from the previous kernel + * @addr: On successful return, set to point to the buffer contents. + * @size: On successful return, set to the buffer size. + * + * Return: 0 on success, negative errno on error. + */ +int __init ima_get_kexec_buffer(void **addr, size_t *size) +{ + int ret; + unsigned long tmp_addr; + size_t tmp_size; + + ret = get_kexec_buffer("linux,ima-kexec-buffer", &tmp_addr, &tmp_size); + if (ret) + return ret; + *addr = __va(tmp_addr); *size = tmp_size; @@ -188,72 +200,82 @@ int __init ima_free_kexec_buffer(void) } #endif -/** - * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt - * - * @fdt: Flattened Device Tree to update - * @chosen_node: Offset to the chosen node in the device tree - * - * The IMA measurement buffer is of no use to a subsequent kernel, so we always - * remove it from the device tree. - */ -static void remove_ima_buffer(void *fdt, int chosen_node) +static int remove_buffer(void *fdt, int chosen_node, const char *name) { int ret, len; unsigned long addr; size_t size; const void *prop; - if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) - return; - - prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len); + prop = fdt_getprop(fdt, chosen_node, name, &len); if (!prop) - return; + return -ENOENT; ret = do_get_kexec_buffer(prop, len, &addr, &size); - fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer"); + fdt_delprop(fdt, chosen_node, name); if (ret) - return; + return ret; ret = fdt_find_and_del_mem_rsv(fdt, addr, size); if (!ret) - pr_debug("Removed old IMA buffer reservation.\n"); + pr_debug("Remove old %s buffer reserveration", name); + return ret; } -#ifdef CONFIG_IMA_KEXEC /** - * setup_ima_buffer - add IMA buffer information to the fdt - * @image: kexec image being loaded. - * @fdt: Flattened device tree for the next kernel. - * @chosen_node: Offset to the chosen node. + * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt * - * Return: 0 on success, or negative errno on error. + * @fdt: Flattened Device Tree to update + * @chosen_node: Offset to the chosen node in the device tree + * + * The IMA measurement buffer is of no use to a subsequent kernel, so we always + * remove it from the device tree. */ -static int setup_ima_buffer(const struct kimage *image, void *fdt, - int chosen_node) +static void remove_ima_buffer(void *fdt, int chosen_node) +{ + if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) + return; + + remove_buffer(fdt, chosen_node, "linux,ima-kexec-buffer"); +} + +#ifdef CONFIG_IMA_KEXEC +static int setup_buffer(void *fdt, int chosen_node, const char *name, + phys_addr_t addr, size_t size) { int ret; - if (!image->ima_buffer_size) + if (!size) return 0; ret = fdt_appendprop_addrrange(fdt, 0, chosen_node, - "linux,ima-kexec-buffer", - image->ima_buffer_addr, - image->ima_buffer_size); + name, addr, size); if (ret < 0) return -EINVAL; - ret = fdt_add_mem_rsv(fdt, image->ima_buffer_addr, - image->ima_buffer_size); + ret = fdt_add_mem_rsv(fdt, addr, size); if (ret) return -EINVAL; - pr_debug("IMA buffer at 0x%pa, size = 0x%zx\n", - &image->ima_buffer_addr, image->ima_buffer_size); + pr_debug("%s at 0x%pa, size = 0x%zx\n", name, &addr, size); return 0; + +} + +/** + * setup_ima_buffer - add IMA buffer information to the fdt + * @image: kexec image being loaded. + * @fdt: Flattened device tree for the next kernel. + * @chosen_node: Offset to the chosen node. + * + * Return: 0 on success, or negative errno on error. + */ +static int setup_ima_buffer(const struct kimage *image, void *fdt, + int chosen_node) +{ + return setup_buffer(fdt, chosen_node, "linux,ima-kexec-buffer", + image->ima_buffer_addr, image->ima_buffer_size); } #else /* CONFIG_IMA_KEXEC */ static inline int setup_ima_buffer(const struct kimage *image, void *fdt, From patchwork Thu Sep 1 21:46:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 12963235 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29F6CC6FA83 for ; Thu, 1 Sep 2022 21:46:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233979AbiIAVqr (ORCPT ); Thu, 1 Sep 2022 17:46:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233846AbiIAVqo (ORCPT ); Thu, 1 Sep 2022 17:46:44 -0400 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D3CC792F0; Thu, 1 Sep 2022 14:46:43 -0700 (PDT) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 281LiR32008767; Thu, 1 Sep 2022 21:46:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=6SLGPCugKpRUsc8CBCiv8gU5nlrnGURKtVQSUZuujuk=; b=SifBDLaSbUx2amQwZRxRFdzl6AkTCOxFhLBVorbPs/z1QDoO3HZLovB7yS+EP+bNztMB lsqGjhxdLTCwgSFVfq+l2E5wsFiyO/qJz+nK0V+h7BkODtIBWA+oy7RabGJxbPPvkD// mVs1O3KX/1oequpJfxMIaLHp4OgMzTDkQuvFhJ1AgqcSiXxSQdfRDUiLPsIIkvgbIN/q JlRIAGHARD/wHeuwfHBfytWyBjW8NGX7Nh8yMByg4/jNjOjN8bh7fG7P9D2zz9SzF31U OLhfdMIC0Lwd9yO5NQjiSW9xYfEVUygfYoDDx2vqkSivlTkarWs+f9YZ4NOlSu/Un68k OQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4wp01gx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:27 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 281LjFTK010522; Thu, 1 Sep 2022 21:46:26 GMT Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jb4wp01gk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:26 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 281Lah7f025873; Thu, 1 Sep 2022 21:46:26 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma02wdc.us.ibm.com with ESMTP id 3j7aw9uyk2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 21:46:26 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 281LkOKY8585980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 1 Sep 2022 21:46:24 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 820C3C605B; Thu, 1 Sep 2022 21:46:24 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AD694C6055; Thu, 1 Sep 2022 21:46:23 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 1 Sep 2022 21:46:23 +0000 (GMT) From: Stefan Berger To: kexec@lists.infradead.org, devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Cc: nayna@linux.ibm.com, nasastry@in.ibm.com, mpe@ellerman.id.au, Stefan Berger , Rob Herring , Frank Rowand , Eric Biederman , Nageswara R Sastry , Coiby Xu , Rob Herring Subject: [PATCH v8 4/4] tpm/kexec: Duplicate TPM measurement log in of-tree for kexec Date: Thu, 1 Sep 2022 17:46:10 -0400 Message-Id: <20220901214610.768645-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220901214610.768645-1-stefanb@linux.ibm.com> References: <20220901214610.768645-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: RvCde-KthjekM-JPrGses52lsxdrTZLO X-Proofpoint-ORIG-GUID: wbhq41iDXq2Y_OSRzLmSQ2PB39kYbQB9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-09-01_12,2022-08-31_03,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 mlxscore=0 bulkscore=0 impostorscore=0 malwarescore=0 suspectscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501 spamscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209010094 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The memory area of the TPM measurement log is currently not properly duplicated for carrying it across kexec when an Open Firmware Devicetree is used. Therefore, the contents of the log get corrupted. Fix this for the kexec_file_load() syscall by allocating a buffer and copying the contents of the existing log into it. The new buffer is preserved across the kexec and a pointer to it is available when the new kernel is started. To achieve this, store the allocated buffer's address in the flattened device tree (fdt) under the name linux,tpm-kexec-buffer and search for this entry early in the kernel startup before the TPM subsystem starts up. Adjust the pointer in the of-tree stored under linux,sml-base to point to this buffer holding the preserved log. The TPM driver can then read the base address from this entry when making the log available. Invalidate the log by removing 'linux,sml-base' from the devicetree if anything goes wrong with updating the buffer. Use subsys_initcall() to call the function to restore the buffer even if the TPM subsystem or driver are not used. This allows the buffer to be carried across the next kexec without involvement of the TPM subsystem and ensures a valid buffer pointed to by the of-tree. Use the subsys_initcall(), rather than an ealier initcall, since page_is_ram() in get_kexec_buffer() only starts working at this stage. Signed-off-by: Stefan Berger Cc: Rob Herring Cc: Frank Rowand Cc: Eric Biederman Tested-by: Nageswara R Sastry Tested-by: Coiby Xu Reviewed-by: Rob Herring --- v6: - Define prototype for tpm_add_kexec_buffer under same config options as drivers/of/kexec.c is compiled, provide inline function otherwise. (kernel test robot) v4: - Added #include due to parisc - Use phys_addr_t for physical address rather than void * - Remove linux,sml-base if the buffer cannot be updated after a kexec - Added __init to functions where possible --- drivers/of/kexec.c | 216 +++++++++++++++++++++++++++++++++++++++++- include/linux/kexec.h | 6 ++ include/linux/of.h | 9 +- kernel/kexec_file.c | 6 ++ 4 files changed, 234 insertions(+), 3 deletions(-) diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c index 15a82b574f36..dd926e057215 100644 --- a/drivers/of/kexec.c +++ b/drivers/of/kexec.c @@ -19,6 +19,8 @@ #include #include #include +#include +#include #define RNG_SEED_SIZE 128 @@ -116,7 +118,6 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr, return 0; } -#ifdef CONFIG_HAVE_IMA_KEXEC static int __init get_kexec_buffer(const char *name, unsigned long *addr, size_t *size) { @@ -151,6 +152,7 @@ static int __init get_kexec_buffer(const char *name, unsigned long *addr, return 0; } +#ifdef CONFIG_HAVE_IMA_KEXEC /** * ima_get_kexec_buffer - get IMA buffer from the previous kernel * @addr: On successful return, set to point to the buffer contents. @@ -239,7 +241,6 @@ static void remove_ima_buffer(void *fdt, int chosen_node) remove_buffer(fdt, chosen_node, "linux,ima-kexec-buffer"); } -#ifdef CONFIG_IMA_KEXEC static int setup_buffer(void *fdt, int chosen_node, const char *name, phys_addr_t addr, size_t size) { @@ -263,6 +264,7 @@ static int setup_buffer(void *fdt, int chosen_node, const char *name, } +#ifdef CONFIG_IMA_KEXEC /** * setup_ima_buffer - add IMA buffer information to the fdt * @image: kexec image being loaded. @@ -285,6 +287,213 @@ static inline int setup_ima_buffer(const struct kimage *image, void *fdt, } #endif /* CONFIG_IMA_KEXEC */ +/** + * tpm_get_kexec_buffer - get TPM log buffer from the previous kernel + * @phyaddr: On successful return, set to physical address of buffer + * @size: On successful return, set to the buffer size. + * + * Return: 0 on success, negative errno on error. + */ +static int __init tpm_get_kexec_buffer(phys_addr_t *phyaddr, size_t *size) +{ + unsigned long tmp_addr; + size_t tmp_size; + int ret; + + ret = get_kexec_buffer("linux,tpm-kexec-buffer", &tmp_addr, &tmp_size); + if (ret) + return ret; + + *phyaddr = (phys_addr_t)tmp_addr; + *size = tmp_size; + + return 0; +} + +/** + * tpm_of_remove_kexec_buffer - remove the linux,tpm-kexec-buffer node + */ +static int __init tpm_of_remove_kexec_buffer(void) +{ + struct property *prop; + + prop = of_find_property(of_chosen, "linux,tpm-kexec-buffer", NULL); + if (!prop) + return -ENOENT; + + return of_remove_property(of_chosen, prop); +} + +/** + * remove_tpm_buffer - remove the TPM log buffer property and reservation from @fdt + * + * @fdt: Flattened Device Tree to update + * @chosen_node: Offset to the chosen node in the device tree + * + * The TPM log measurement buffer is of no use to a subsequent kernel, so we always + * remove it from the device tree. + */ +static void remove_tpm_buffer(void *fdt, int chosen_node) +{ + if (!IS_ENABLED(CONFIG_PPC64)) + return; + + remove_buffer(fdt, chosen_node, "linux,tpm-kexec-buffer"); +} + +/** + * setup_tpm_buffer - add TPM measurement log buffer information to the fdt + * @image: kexec image being loaded. + * @fdt: Flattened device tree for the next kernel. + * @chosen_node: Offset to the chosen node. + * + * Return: 0 on success, or negative errno on error. + */ +static int setup_tpm_buffer(const struct kimage *image, void *fdt, + int chosen_node) +{ + if (!IS_ENABLED(CONFIG_PPC64)) + return 0; + + return setup_buffer(fdt, chosen_node, "linux,tpm-kexec-buffer", + image->tpm_buffer_addr, image->tpm_buffer_size); +} + +void tpm_add_kexec_buffer(struct kimage *image) +{ + struct kexec_buf kbuf = { .image = image, .buf_align = 1, + .buf_min = 0, .buf_max = ULONG_MAX, + .top_down = true }; + struct device_node *np; + void *buffer; + u32 size; + u64 base; + int ret; + + if (!IS_ENABLED(CONFIG_PPC64)) + return; + + np = of_find_node_by_name(NULL, "vtpm"); + if (!np) + return; + + if (of_tpm_get_sml_parameters(np, &base, &size) < 0) + return; + + buffer = vmalloc(size); + if (!buffer) + return; + memcpy(buffer, __va(base), size); + + kbuf.buffer = buffer; + kbuf.bufsz = size; + kbuf.memsz = size; + ret = kexec_add_buffer(&kbuf); + if (ret) { + pr_err("Error passing over kexec TPM measurement log buffer: %d\n", + ret); + return; + } + + image->tpm_buffer = buffer; + image->tpm_buffer_addr = kbuf.mem; + image->tpm_buffer_size = size; +} + +/** + * tpm_post_kexec - Make stored TPM log buffer available in of-tree + */ +static int __init tpm_post_kexec(void) +{ + struct property *newprop, *p; + struct device_node *np; + phys_addr_t phyaddr; + u32 oflogsize; + size_t size; + u64 unused; + int ret; + + if (!IS_ENABLED(CONFIG_PPC64)) + return 0; + + np = of_find_node_by_name(NULL, "vtpm"); + if (!np) + return 0; + + if (!of_get_property(of_chosen, "linux,tpm-kexec-buffer", NULL)) { + /* + * linux,tpm-kexec-buffer may be missing on initial boot + * or if previous kernel didn't pass a buffer. + */ + if (of_get_property(of_chosen, "linux,booted-from-kexec", NULL)) { + /* no buffer but kexec'd: remove 'linux,sml-base' */ + ret = -EINVAL; + goto err_remove_sml_base; + } + return 0; + } + + /* + * If any one of the following steps fails we remove linux,sml-base + * to invalidate the TPM log. + */ + ret = tpm_get_kexec_buffer(&phyaddr, &size); + if (ret) + goto err_remove_kexec_buffer; + + /* logsize must not have changed */ + ret = of_tpm_get_sml_parameters(np, &unused, &oflogsize); + if (ret < 0) + goto err_free_memblock; + ret = -EINVAL; + if (oflogsize != size) + goto err_free_memblock; + + /* replace linux,sml-base with new physical address of buffer */ + ret = -ENOMEM; + newprop = kzalloc(sizeof(*newprop), GFP_KERNEL); + if (!newprop) + goto err_free_memblock; + + newprop->name = kstrdup("linux,sml-base", GFP_KERNEL); + newprop->length = sizeof(phyaddr); + newprop->value = kmalloc(sizeof(phyaddr), GFP_KERNEL); + if (!newprop->name || !newprop->value) + goto err_free_newprop_struct; + + if (of_property_match_string(np, "compatible", "IBM,vtpm") < 0 && + of_property_match_string(np, "compatible", "IBM,vtpm20") < 0) { + ret = -ENODEV; + goto err_free_newprop_struct; + } else { + *(phys_addr_t *)newprop->value = phyaddr; + } + + ret = of_update_property(np, newprop); + if (ret) { + pr_err("Could not update linux,sml-base with new address"); + goto err_free_newprop_struct; + } + + return 0; + +err_free_newprop_struct: + kfree(newprop->value); + kfree(newprop->name); + kfree(newprop); +err_free_memblock: + memblock_phys_free((phys_addr_t)phyaddr, size); +err_remove_kexec_buffer: + tpm_of_remove_kexec_buffer(); +err_remove_sml_base: + p = of_find_property(np, "linux,sml-base", NULL); + if (p) + of_remove_property(np, p); + + return ret; +} +subsys_initcall(tpm_post_kexec); + /* * of_kexec_alloc_and_setup_fdt - Alloc and setup a new Flattened Device Tree * @@ -483,6 +692,9 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image, remove_ima_buffer(fdt, chosen_node); ret = setup_ima_buffer(image, fdt, fdt_path_offset(fdt, "/chosen")); + remove_tpm_buffer(fdt, chosen_node); + ret = setup_tpm_buffer(image, fdt, fdt_path_offset(fdt, "/chosen")); + out: if (ret) { kvfree(fdt); diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 13e6c4b58f07..744eab28bfb7 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -383,6 +383,12 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* Virtual address of TPM log buffer for kexec syscall */ + void *tpm_buffer; + + phys_addr_t tpm_buffer_addr; + size_t tpm_buffer_size; }; /* kexec interface functions */ diff --git a/include/linux/of.h b/include/linux/of.h index 766d002bddb9..538490e224d3 100644 --- a/include/linux/of.h +++ b/include/linux/of.h @@ -100,6 +100,8 @@ struct of_reconfig_data { struct property *old_prop; }; +struct kimage; + /* initialize a node */ extern struct kobj_type of_node_ktype; extern const struct fwnode_operations of_fwnode_ops; @@ -436,7 +438,6 @@ int of_map_id(struct device_node *np, u32 id, phys_addr_t of_dma_get_max_cpu_address(struct device_node *np); -struct kimage; void *of_kexec_alloc_and_setup_fdt(const struct kimage *image, unsigned long initrd_load_addr, unsigned long initrd_len, @@ -1607,4 +1608,10 @@ static inline int of_overlay_notifier_unregister(struct notifier_block *nb) #endif +#if defined(CONFIG_KEXEC_FILE) && defined(CONFIG_OF_FLATTREE) +void tpm_add_kexec_buffer(struct kimage *image); +#else +static inline void tpm_add_kexec_buffer(struct kimage *image) { } +#endif + #endif /* _LINUX_OF_H */ diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 1d546dc97c50..fa79ffa6f828 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "kexec_internal.h" #ifdef CONFIG_KEXEC_SIG @@ -113,6 +114,9 @@ void kimage_file_post_load_cleanup(struct kimage *image) image->ima_buffer = NULL; #endif /* CONFIG_IMA_KEXEC */ + vfree(image->tpm_buffer); + image->tpm_buffer = NULL; + /* See if architecture has anything to cleanup post load */ arch_kimage_file_post_load_cleanup(image); @@ -248,6 +252,8 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, /* IMA needs to pass the measurement list to the next kernel. */ ima_add_kexec_buffer(image); + /* Pass the TPM measurement log to next kernel */ + tpm_add_kexec_buffer(image); /* Call arch image load handlers */ ldata = arch_kexec_kernel_image_load(image);