Commit 4a94c43323342f1522034d6566c5129a7386a0ab
Merge tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd
Pull tpm fixes from Jarkko Sakkinen: "Bunch of fixes for rc3" * tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd: tpm/tpm_ftpm_tee: add shutdown call back tpm: selftest: cleanup after unseal with wrong auth/policy test tpm: selftest: add test covering async mode tpm: fix invalid locking in NONBLOCKING mode security: keys: trusted: fix lost handle flush tpm_tis: reserve chip for duration of tpm_tis_core_init KEYS: asymmetric: return ENOMEM if akcipher_request_alloc() fails KEYS: remove CONFIG_KEYS_COMPAT
Showing 16 changed files Side-by-side Diff
- crypto/asymmetric_keys/asym_tpm.c
- crypto/asymmetric_keys/public_key.c
- drivers/char/tpm/tpm-dev-common.c
- drivers/char/tpm/tpm.h
- drivers/char/tpm/tpm2-cmd.c
- drivers/char/tpm/tpm_ftpm_tee.c
- drivers/char/tpm/tpm_tis_core.c
- include/linux/tpm.h
- security/keys/Kconfig
- security/keys/Makefile
- security/keys/compat.c
- security/keys/internal.h
- security/keys/trusted-keys/trusted_tpm2.c
- tools/testing/selftests/tpm2/test_smoke.sh
- tools/testing/selftests/tpm2/tpm2.py
- tools/testing/selftests/tpm2/tpm2_tests.py
crypto/asymmetric_keys/asym_tpm.c
crypto/asymmetric_keys/public_key.c
drivers/char/tpm/tpm-dev-common.c
... | ... | @@ -61,6 +61,12 @@ |
61 | 61 | |
62 | 62 | mutex_lock(&priv->buffer_mutex); |
63 | 63 | priv->command_enqueued = false; |
64 | + ret = tpm_try_get_ops(priv->chip); | |
65 | + if (ret) { | |
66 | + priv->response_length = ret; | |
67 | + goto out; | |
68 | + } | |
69 | + | |
64 | 70 | ret = tpm_dev_transmit(priv->chip, priv->space, priv->data_buffer, |
65 | 71 | sizeof(priv->data_buffer)); |
66 | 72 | tpm_put_ops(priv->chip); |
... | ... | @@ -68,6 +74,7 @@ |
68 | 74 | priv->response_length = ret; |
69 | 75 | mod_timer(&priv->user_read_timer, jiffies + (120 * HZ)); |
70 | 76 | } |
77 | +out: | |
71 | 78 | mutex_unlock(&priv->buffer_mutex); |
72 | 79 | wake_up_interruptible(&priv->async_wait); |
73 | 80 | } |
... | ... | @@ -204,6 +211,7 @@ |
204 | 211 | if (file->f_flags & O_NONBLOCK) { |
205 | 212 | priv->command_enqueued = true; |
206 | 213 | queue_work(tpm_dev_wq, &priv->async_work); |
214 | + tpm_put_ops(priv->chip); | |
207 | 215 | mutex_unlock(&priv->buffer_mutex); |
208 | 216 | return size; |
209 | 217 | } |
drivers/char/tpm/tpm.h
... | ... | @@ -218,7 +218,6 @@ |
218 | 218 | int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, |
219 | 219 | struct tpm_digest *digests); |
220 | 220 | int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); |
221 | -void tpm2_flush_context(struct tpm_chip *chip, u32 handle); | |
222 | 221 | ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, |
223 | 222 | u32 *value, const char *desc); |
224 | 223 |
drivers/char/tpm/tpm2-cmd.c
drivers/char/tpm/tpm_ftpm_tee.c
... | ... | @@ -32,7 +32,7 @@ |
32 | 32 | 0x82, 0xCB, 0x34, 0x3F, 0xB7, 0xF3, 0x78, 0x96); |
33 | 33 | |
34 | 34 | /** |
35 | - * ftpm_tee_tpm_op_recv - retrieve fTPM response. | |
35 | + * ftpm_tee_tpm_op_recv() - retrieve fTPM response. | |
36 | 36 | * @chip: the tpm_chip description as specified in driver/char/tpm/tpm.h. |
37 | 37 | * @buf: the buffer to store data. |
38 | 38 | * @count: the number of bytes to read. |
... | ... | @@ -61,7 +61,7 @@ |
61 | 61 | } |
62 | 62 | |
63 | 63 | /** |
64 | - * ftpm_tee_tpm_op_send - send TPM commands through the TEE shared memory. | |
64 | + * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory. | |
65 | 65 | * @chip: the tpm_chip description as specified in driver/char/tpm/tpm.h |
66 | 66 | * @buf: the buffer to send. |
67 | 67 | * @len: the number of bytes to send. |
... | ... | @@ -208,7 +208,7 @@ |
208 | 208 | } |
209 | 209 | |
210 | 210 | /** |
211 | - * ftpm_tee_probe - initialize the fTPM | |
211 | + * ftpm_tee_probe() - initialize the fTPM | |
212 | 212 | * @pdev: the platform_device description. |
213 | 213 | * |
214 | 214 | * Return: |
... | ... | @@ -298,7 +298,7 @@ |
298 | 298 | } |
299 | 299 | |
300 | 300 | /** |
301 | - * ftpm_tee_remove - remove the TPM device | |
301 | + * ftpm_tee_remove() - remove the TPM device | |
302 | 302 | * @pdev: the platform_device description. |
303 | 303 | * |
304 | 304 | * Return: |
... | ... | @@ -328,6 +328,19 @@ |
328 | 328 | return 0; |
329 | 329 | } |
330 | 330 | |
331 | +/** | |
332 | + * ftpm_tee_shutdown() - shutdown the TPM device | |
333 | + * @pdev: the platform_device description. | |
334 | + */ | |
335 | +static void ftpm_tee_shutdown(struct platform_device *pdev) | |
336 | +{ | |
337 | + struct ftpm_tee_private *pvt_data = dev_get_drvdata(&pdev->dev); | |
338 | + | |
339 | + tee_shm_free(pvt_data->shm); | |
340 | + tee_client_close_session(pvt_data->ctx, pvt_data->session); | |
341 | + tee_client_close_context(pvt_data->ctx); | |
342 | +} | |
343 | + | |
331 | 344 | static const struct of_device_id of_ftpm_tee_ids[] = { |
332 | 345 | { .compatible = "microsoft,ftpm" }, |
333 | 346 | { } |
... | ... | @@ -341,6 +354,7 @@ |
341 | 354 | }, |
342 | 355 | .probe = ftpm_tee_probe, |
343 | 356 | .remove = ftpm_tee_remove, |
357 | + .shutdown = ftpm_tee_shutdown, | |
344 | 358 | }; |
345 | 359 | |
346 | 360 | module_platform_driver(ftpm_tee_driver); |
drivers/char/tpm/tpm_tis_core.c
... | ... | @@ -978,13 +978,13 @@ |
978 | 978 | |
979 | 979 | if (wait_startup(chip, 0) != 0) { |
980 | 980 | rc = -ENODEV; |
981 | - goto out_err; | |
981 | + goto err_start; | |
982 | 982 | } |
983 | 983 | |
984 | 984 | /* Take control of the TPM's interrupt hardware and shut it off */ |
985 | 985 | rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); |
986 | 986 | if (rc < 0) |
987 | - goto out_err; | |
987 | + goto err_start; | |
988 | 988 | |
989 | 989 | intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT | |
990 | 990 | TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT; |
991 | 991 | |
992 | 992 | |
993 | 993 | |
994 | 994 | |
... | ... | @@ -993,21 +993,21 @@ |
993 | 993 | |
994 | 994 | rc = tpm_chip_start(chip); |
995 | 995 | if (rc) |
996 | - goto out_err; | |
996 | + goto err_start; | |
997 | + | |
997 | 998 | rc = tpm2_probe(chip); |
998 | - tpm_chip_stop(chip); | |
999 | 999 | if (rc) |
1000 | - goto out_err; | |
1000 | + goto err_probe; | |
1001 | 1001 | |
1002 | 1002 | rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor); |
1003 | 1003 | if (rc < 0) |
1004 | - goto out_err; | |
1004 | + goto err_probe; | |
1005 | 1005 | |
1006 | 1006 | priv->manufacturer_id = vendor; |
1007 | 1007 | |
1008 | 1008 | rc = tpm_tis_read8(priv, TPM_RID(0), &rid); |
1009 | 1009 | if (rc < 0) |
1010 | - goto out_err; | |
1010 | + goto err_probe; | |
1011 | 1011 | |
1012 | 1012 | dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n", |
1013 | 1013 | (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2", |
1014 | 1014 | |
... | ... | @@ -1016,13 +1016,13 @@ |
1016 | 1016 | probe = probe_itpm(chip); |
1017 | 1017 | if (probe < 0) { |
1018 | 1018 | rc = -ENODEV; |
1019 | - goto out_err; | |
1019 | + goto err_probe; | |
1020 | 1020 | } |
1021 | 1021 | |
1022 | 1022 | /* Figure out the capabilities */ |
1023 | 1023 | rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps); |
1024 | 1024 | if (rc < 0) |
1025 | - goto out_err; | |
1025 | + goto err_probe; | |
1026 | 1026 | |
1027 | 1027 | dev_dbg(dev, "TPM interface capabilities (0x%x):\n", |
1028 | 1028 | intfcaps); |
1029 | 1029 | |
... | ... | @@ -1056,10 +1056,9 @@ |
1056 | 1056 | if (tpm_get_timeouts(chip)) { |
1057 | 1057 | dev_err(dev, "Could not get TPM timeouts and durations\n"); |
1058 | 1058 | rc = -ENODEV; |
1059 | - goto out_err; | |
1059 | + goto err_probe; | |
1060 | 1060 | } |
1061 | 1061 | |
1062 | - tpm_chip_start(chip); | |
1063 | 1062 | chip->flags |= TPM_CHIP_FLAG_IRQ; |
1064 | 1063 | if (irq) { |
1065 | 1064 | tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED, |
1066 | 1065 | |
1067 | 1066 | |
1068 | 1067 | |
1069 | 1068 | |
... | ... | @@ -1070,18 +1069,20 @@ |
1070 | 1069 | } else { |
1071 | 1070 | tpm_tis_probe_irq(chip, intmask); |
1072 | 1071 | } |
1073 | - tpm_chip_stop(chip); | |
1074 | 1072 | } |
1075 | 1073 | |
1074 | + tpm_chip_stop(chip); | |
1075 | + | |
1076 | 1076 | rc = tpm_chip_register(chip); |
1077 | 1077 | if (rc) |
1078 | - goto out_err; | |
1078 | + goto err_start; | |
1079 | 1079 | |
1080 | - if (chip->ops->clk_enable != NULL) | |
1081 | - chip->ops->clk_enable(chip, false); | |
1082 | - | |
1083 | 1080 | return 0; |
1084 | -out_err: | |
1081 | + | |
1082 | +err_probe: | |
1083 | + tpm_chip_stop(chip); | |
1084 | + | |
1085 | +err_start: | |
1085 | 1086 | if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL)) |
1086 | 1087 | chip->ops->clk_enable(chip, false); |
1087 | 1088 |
include/linux/tpm.h
... | ... | @@ -403,6 +403,7 @@ |
403 | 403 | extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); |
404 | 404 | extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); |
405 | 405 | extern struct tpm_chip *tpm_default_chip(void); |
406 | +void tpm2_flush_context(struct tpm_chip *chip, u32 handle); | |
406 | 407 | #else |
407 | 408 | static inline int tpm_is_tpm2(struct tpm_chip *chip) |
408 | 409 | { |
security/keys/Kconfig
... | ... | @@ -21,10 +21,6 @@ |
21 | 21 | |
22 | 22 | If you are unsure as to whether this is required, answer N. |
23 | 23 | |
24 | -config KEYS_COMPAT | |
25 | - def_bool y | |
26 | - depends on COMPAT && KEYS | |
27 | - | |
28 | 24 | config KEYS_REQUEST_CACHE |
29 | 25 | bool "Enable temporary caching of the last request_key() result" |
30 | 26 | depends on KEYS |
security/keys/Makefile
... | ... | @@ -17,7 +17,7 @@ |
17 | 17 | request_key_auth.o \ |
18 | 18 | user_defined.o |
19 | 19 | compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o |
20 | -obj-$(CONFIG_KEYS_COMPAT) += compat.o $(compat-obj-y) | |
20 | +obj-$(CONFIG_COMPAT) += compat.o $(compat-obj-y) | |
21 | 21 | obj-$(CONFIG_PROC_FS) += proc.o |
22 | 22 | obj-$(CONFIG_SYSCTL) += sysctl.o |
23 | 23 | obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o |
security/keys/compat.c
... | ... | @@ -46,11 +46,6 @@ |
46 | 46 | |
47 | 47 | /* |
48 | 48 | * The key control system call, 32-bit compatibility version for 64-bit archs |
49 | - * | |
50 | - * This should only be called if the 64-bit arch uses weird pointers in 32-bit | |
51 | - * mode or doesn't guarantee that the top 32-bits of the argument registers on | |
52 | - * taking a 32-bit syscall are zero. If you can, you should call sys_keyctl() | |
53 | - * directly. | |
54 | 49 | */ |
55 | 50 | COMPAT_SYSCALL_DEFINE5(keyctl, u32, option, |
56 | 51 | u32, arg2, u32, arg3, u32, arg4, u32, arg5) |
security/keys/internal.h
... | ... | @@ -264,7 +264,7 @@ |
264 | 264 | size_t, struct keyctl_kdf_params __user *); |
265 | 265 | extern long __keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *, |
266 | 266 | size_t, struct keyctl_kdf_params *); |
267 | -#ifdef CONFIG_KEYS_COMPAT | |
267 | +#ifdef CONFIG_COMPAT | |
268 | 268 | extern long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params, |
269 | 269 | char __user *buffer, size_t buflen, |
270 | 270 | struct compat_keyctl_kdf_params __user *kdf); |
... | ... | @@ -279,7 +279,7 @@ |
279 | 279 | return -EOPNOTSUPP; |
280 | 280 | } |
281 | 281 | |
282 | -#ifdef CONFIG_KEYS_COMPAT | |
282 | +#ifdef CONFIG_COMPAT | |
283 | 283 | static inline long compat_keyctl_dh_compute( |
284 | 284 | struct keyctl_dh_params __user *params, |
285 | 285 | char __user *buffer, size_t buflen, |
security/keys/trusted-keys/trusted_tpm2.c
tools/testing/selftests/tpm2/test_smoke.sh
tools/testing/selftests/tpm2/tpm2.py
... | ... | @@ -6,9 +6,9 @@ |
6 | 6 | import struct |
7 | 7 | import sys |
8 | 8 | import unittest |
9 | -from fcntl import ioctl | |
9 | +import fcntl | |
10 | +import select | |
10 | 11 | |
11 | - | |
12 | 12 | TPM2_ST_NO_SESSIONS = 0x8001 |
13 | 13 | TPM2_ST_SESSIONS = 0x8002 |
14 | 14 | |
... | ... | @@ -352,6 +352,7 @@ |
352 | 352 | class Client: |
353 | 353 | FLAG_DEBUG = 0x01 |
354 | 354 | FLAG_SPACE = 0x02 |
355 | + FLAG_NONBLOCK = 0x04 | |
355 | 356 | TPM_IOC_NEW_SPACE = 0xa200 |
356 | 357 | |
357 | 358 | def __init__(self, flags = 0): |
358 | 359 | |
359 | 360 | |
... | ... | @@ -362,12 +363,26 @@ |
362 | 363 | else: |
363 | 364 | self.tpm = open('/dev/tpmrm0', 'r+b', buffering=0) |
364 | 365 | |
366 | + if (self.flags & Client.FLAG_NONBLOCK): | |
367 | + flags = fcntl.fcntl(self.tpm, fcntl.F_GETFL) | |
368 | + flags |= os.O_NONBLOCK | |
369 | + fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags) | |
370 | + self.tpm_poll = select.poll() | |
371 | + | |
365 | 372 | def close(self): |
366 | 373 | self.tpm.close() |
367 | 374 | |
368 | 375 | def send_cmd(self, cmd): |
369 | 376 | self.tpm.write(cmd) |
377 | + | |
378 | + if (self.flags & Client.FLAG_NONBLOCK): | |
379 | + self.tpm_poll.register(self.tpm, select.POLLIN) | |
380 | + self.tpm_poll.poll(10000) | |
381 | + | |
370 | 382 | rsp = self.tpm.read() |
383 | + | |
384 | + if (self.flags & Client.FLAG_NONBLOCK): | |
385 | + self.tpm_poll.unregister(self.tpm) | |
371 | 386 | |
372 | 387 | if (self.flags & Client.FLAG_DEBUG) != 0: |
373 | 388 | sys.stderr.write('cmd' + os.linesep) |
tools/testing/selftests/tpm2/tpm2_tests.py
... | ... | @@ -288,4 +288,17 @@ |
288 | 288 | |
289 | 289 | self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE | |
290 | 290 | tpm2.TSS2_RESMGR_TPM_RC_LAYER) |
291 | + | |
292 | +class AsyncTest(unittest.TestCase): | |
293 | + def setUp(self): | |
294 | + logging.basicConfig(filename='AsyncTest.log', level=logging.DEBUG) | |
295 | + | |
296 | + def test_async(self): | |
297 | + log = logging.getLogger(__name__) | |
298 | + log.debug(sys._getframe().f_code.co_name) | |
299 | + | |
300 | + async_client = tpm2.Client(tpm2.Client.FLAG_NONBLOCK) | |
301 | + log.debug("Calling get_cap in a NON_BLOCKING mode") | |
302 | + async_client.get_cap(tpm2.TPM2_CAP_HANDLES, tpm2.HR_LOADED_SESSION) | |
303 | + async_client.close() |