Merge tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd

Pull tpm fixes from Jarkko Sakkinen: "Bunch of fixes for rc3" * tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd: tpm/tpm_ftpm_tee: add shutdown call back tpm: selftest: cleanup after unseal with wrong auth/policy test tpm: selftest: add test covering async mode tpm: fix invalid locking in NONBLOCKING mode security: keys: trusted: fix lost handle flush tpm_tis: reserve chip for duration of tpm_tis_core_init KEYS: asymmetric: return ENOMEM if akcipher_request_alloc() fails KEYS: remove CONFIG_KEYS_COMPAT

Merge tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd
Pull tpm fixes from Jarkko Sakkinen: "Bunch of fixes for rc3" * tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd: tpm/tpm_ftpm_tee: add shutdown call back tpm: selftest: cleanup after unseal with wrong auth/policy test tpm: selftest: add test covering async mode tpm: fix invalid locking in NONBLOCKING mode security: keys: trusted: fix lost handle flush tpm_tis: reserve chip for duration of tpm_tis_core_init KEYS: asymmetric: return ENOMEM if akcipher_request_alloc() fails KEYS: remove CONFIG_KEYS_COMPAT
Linus Torvalds
2 parents 80a0c2e511 1760eb689e
Showing 16 changed files Side-by-side Diff
crypto/asymmetric_keys/asym_tpm.c
crypto/asymmetric_keys/public_key.c
drivers/char/tpm/tpm-dev-common.c
drivers/char/tpm/tpm.h
drivers/char/tpm/tpm2-cmd.c
drivers/char/tpm/tpm_ftpm_tee.c
drivers/char/tpm/tpm_tis_core.c
include/linux/tpm.h
security/keys/Kconfig
security/keys/Makefile
security/keys/compat.c
security/keys/internal.h
security/keys/trusted-keys/trusted_tpm2.c
tools/testing/selftests/tpm2/test_smoke.sh
tools/testing/selftests/tpm2/tpm2.py
tools/testing/selftests/tpm2/tpm2_tests.py
@@ -470,6 +470,7 @@
 	if (ret < 0)
 		goto error_free_tfm;
  
+	ret = -ENOMEM;
 	req = akcipher_request_alloc(tfm, GFP_KERNEL);
 	if (!req)
 		goto error_free_tfm;
@@ -184,6 +184,7 @@
 	if (IS_ERR(tfm))
 		return PTR_ERR(tfm);
  
+	ret = -ENOMEM;
 	req = akcipher_request_alloc(tfm, GFP_KERNEL);
 	if (!req)
 		goto error_free_tfm;
@@ -61,6 +61,12 @@
  
 	mutex_lock(&priv->buffer_mutex);
 	priv->command_enqueued = false;
+	ret = tpm_try_get_ops(priv->chip);
+	if (ret) {
+		priv->response_length = ret;
+		goto out;
+	}
+
 	ret = tpm_dev_transmit(priv->chip, priv->space, priv->data_buffer,
 			       sizeof(priv->data_buffer));
 	tpm_put_ops(priv->chip);
@@ -68,6 +74,7 @@
 		priv->response_length = ret;
 		mod_timer(&priv->user_read_timer, jiffies + (120 * HZ));
 	}
+out:
 	mutex_unlock(&priv->buffer_mutex);
 	wake_up_interruptible(&priv->async_wait);
 }
@@ -204,6 +211,7 @@
 	if (file->f_flags & O_NONBLOCK) {
 		priv->command_enqueued = true;
 		queue_work(tpm_dev_wq, &priv->async_work);
+		tpm_put_ops(priv->chip);
 		mutex_unlock(&priv->buffer_mutex);
 		return size;
 	}
@@ -218,7 +218,6 @@
 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 		    struct tpm_digest *digests);
 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
-void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
 			u32 *value, const char *desc);
  
@@ -362,6 +362,7 @@
 	tpm_transmit_cmd(chip, &buf, 0, "flushing context");
 	tpm_buf_destroy(&buf);
 }
+EXPORT_SYMBOL_GPL(tpm2_flush_context);
  
 struct tpm2_get_cap_out {
 	u8 more_data;
@@ -32,7 +32,7 @@
 		  0x82, 0xCB, 0x34, 0x3F, 0xB7, 0xF3, 0x78, 0x96);
  
 /**
- * ftpm_tee_tpm_op_recv - retrieve fTPM response.
+ * ftpm_tee_tpm_op_recv() - retrieve fTPM response.
  * @chip:	the tpm_chip description as specified in driver/char/tpm/tpm.h.
  * @buf:	the buffer to store data.
  * @count:	the number of bytes to read.
@@ -61,7 +61,7 @@
 }
  
 /**
- * ftpm_tee_tpm_op_send - send TPM commands through the TEE shared memory.
+ * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory.
  * @chip:	the tpm_chip description as specified in driver/char/tpm/tpm.h
  * @buf:	the buffer to send.
  * @len:	the number of bytes to send.
@@ -208,7 +208,7 @@
 }
  
 /**
- * ftpm_tee_probe - initialize the fTPM
+ * ftpm_tee_probe() - initialize the fTPM
  * @pdev: the platform_device description.
  *
  * Return:
@@ -298,7 +298,7 @@
 }
  
 /**
- * ftpm_tee_remove - remove the TPM device
+ * ftpm_tee_remove() - remove the TPM device
  * @pdev: the platform_device description.
  *
  * Return:
@@ -328,6 +328,19 @@
 	return 0;
 }
  
+/**
+ * ftpm_tee_shutdown() - shutdown the TPM device
+ * @pdev: the platform_device description.
+ */
+static void ftpm_tee_shutdown(struct platform_device *pdev)
+{
+	struct ftpm_tee_private *pvt_data = dev_get_drvdata(&pdev->dev);
+
+	tee_shm_free(pvt_data->shm);
+	tee_client_close_session(pvt_data->ctx, pvt_data->session);
+	tee_client_close_context(pvt_data->ctx);
+}
+
 static const struct of_device_id of_ftpm_tee_ids[] = {
 	{ .compatible = "microsoft,ftpm" },
 	{ }
@@ -341,6 +354,7 @@
 	},
 	.probe = ftpm_tee_probe,
 	.remove = ftpm_tee_remove,
+	.shutdown = ftpm_tee_shutdown,
 };
  
 module_platform_driver(ftpm_tee_driver);
@@ -978,13 +978,13 @@
  
 	if (wait_startup(chip, 0) != 0) {
 		rc = -ENODEV;
-		goto out_err;
+		goto err_start;
 	}
  
 	/* Take control of the TPM's interrupt hardware and shut it off */
 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
 	if (rc < 0)
-		goto out_err;
+		goto err_start;
  
 	intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
 		   TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
  
  
  
  
@@ -993,21 +993,21 @@
  
 	rc = tpm_chip_start(chip);
 	if (rc)
-		goto out_err;
+		goto err_start;
+
 	rc = tpm2_probe(chip);
-	tpm_chip_stop(chip);
 	if (rc)
-		goto out_err;
+		goto err_probe;
  
 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
 	if (rc < 0)
-		goto out_err;
+		goto err_probe;
  
 	priv->manufacturer_id = vendor;
  
 	rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
 	if (rc < 0)
-		goto out_err;
+		goto err_probe;
  
 	dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
 		 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
  
@@ -1016,13 +1016,13 @@
 	probe = probe_itpm(chip);
 	if (probe < 0) {
 		rc = -ENODEV;
-		goto out_err;
+		goto err_probe;
 	}
  
 	/* Figure out the capabilities */
 	rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
 	if (rc < 0)
-		goto out_err;
+		goto err_probe;
  
 	dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
 		intfcaps);
  
@@ -1056,10 +1056,9 @@
 		if (tpm_get_timeouts(chip)) {
 			dev_err(dev, "Could not get TPM timeouts and durations\n");
 			rc = -ENODEV;
-			goto out_err;
+			goto err_probe;
 		}
  
-		tpm_chip_start(chip);
 		chip->flags |= TPM_CHIP_FLAG_IRQ;
 		if (irq) {
 			tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
  
  
  
  
@@ -1070,18 +1069,20 @@
 		} else {
 			tpm_tis_probe_irq(chip, intmask);
 		}
-		tpm_chip_stop(chip);
 	}
  
+	tpm_chip_stop(chip);
+
 	rc = tpm_chip_register(chip);
 	if (rc)
-		goto out_err;
+		goto err_start;
  
-	if (chip->ops->clk_enable != NULL)
-		chip->ops->clk_enable(chip, false);
-
 	return 0;
-out_err:
+
+err_probe:
+	tpm_chip_stop(chip);
+
+err_start:
 	if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL))
 		chip->ops->clk_enable(chip, false);
  
@@ -403,6 +403,7 @@
 extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen);
 extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
 extern struct tpm_chip *tpm_default_chip(void);
+void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
 #else
 static inline int tpm_is_tpm2(struct tpm_chip *chip)
 {
@@ -21,10 +21,6 @@
  
 	  If you are unsure as to whether this is required, answer N.
  
-config KEYS_COMPAT
-	def_bool y
-	depends on COMPAT && KEYS
-
 config KEYS_REQUEST_CACHE
 	bool "Enable temporary caching of the last request_key() result"
 	depends on KEYS
@@ -17,7 +17,7 @@
 	request_key_auth.o \
 	user_defined.o
 compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o
-obj-$(CONFIG_KEYS_COMPAT) += compat.o $(compat-obj-y)
+obj-$(CONFIG_COMPAT) += compat.o $(compat-obj-y)
 obj-$(CONFIG_PROC_FS) += proc.o
 obj-$(CONFIG_SYSCTL) += sysctl.o
 obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o
@@ -46,11 +46,6 @@
  
 /*
  * The key control system call, 32-bit compatibility version for 64-bit archs
- *
- * This should only be called if the 64-bit arch uses weird pointers in 32-bit
- * mode or doesn't guarantee that the top 32-bits of the argument registers on
- * taking a 32-bit syscall are zero.  If you can, you should call sys_keyctl()
- * directly.
  */
 COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
 		       u32, arg2, u32, arg3, u32, arg4, u32, arg5)
@@ -264,7 +264,7 @@
 			      size_t, struct keyctl_kdf_params __user *);
 extern long __keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
 				size_t, struct keyctl_kdf_params *);
-#ifdef CONFIG_KEYS_COMPAT
+#ifdef CONFIG_COMPAT
 extern long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params,
 				char __user *buffer, size_t buflen,
 				struct compat_keyctl_kdf_params __user *kdf);
@@ -279,7 +279,7 @@
 	return -EOPNOTSUPP;
 }
  
-#ifdef CONFIG_KEYS_COMPAT
+#ifdef CONFIG_COMPAT
 static inline long compat_keyctl_dh_compute(
 				struct keyctl_dh_params __user *params,
 				char __user *buffer, size_t buflen,
@@ -309,6 +309,7 @@
 		return rc;
  
 	rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
+	tpm2_flush_context(chip, blob_handle);
  
 	return rc;
 }
@@ -2,4 +2,10 @@
 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
  
 python -m unittest -v tpm2_tests.SmokeTest
+python -m unittest -v tpm2_tests.AsyncTest
+
+CLEAR_CMD=$(which tpm2_clear)
+if [ -n $CLEAR_CMD ]; then
+	tpm2_clear -T device
+fi
@@ -6,9 +6,9 @@
 import struct
 import sys
 import unittest
-from fcntl import ioctl
+import fcntl
+import select
  
-
 TPM2_ST_NO_SESSIONS = 0x8001
 TPM2_ST_SESSIONS = 0x8002
  
@@ -352,6 +352,7 @@
 class Client:
     FLAG_DEBUG = 0x01
     FLAG_SPACE = 0x02
+    FLAG_NONBLOCK = 0x04
     TPM_IOC_NEW_SPACE = 0xa200
  
     def __init__(self, flags = 0):
  
  
@@ -362,12 +363,26 @@
         else:
             self.tpm = open('/dev/tpmrm0', 'r+b', buffering=0)
  
+        if (self.flags & Client.FLAG_NONBLOCK):
+            flags = fcntl.fcntl(self.tpm, fcntl.F_GETFL)
+            flags |= os.O_NONBLOCK
+            fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
+            self.tpm_poll = select.poll()
+
     def close(self):
         self.tpm.close()
  
     def send_cmd(self, cmd):
         self.tpm.write(cmd)
+
+        if (self.flags & Client.FLAG_NONBLOCK):
+            self.tpm_poll.register(self.tpm, select.POLLIN)
+            self.tpm_poll.poll(10000)
+
         rsp = self.tpm.read()
+
+        if (self.flags & Client.FLAG_NONBLOCK):
+            self.tpm_poll.unregister(self.tpm)
  
         if (self.flags & Client.FLAG_DEBUG) != 0:
             sys.stderr.write('cmd' + os.linesep)
@@ -288,4 +288,17 @@
  
         self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE |
                          tpm2.TSS2_RESMGR_TPM_RC_LAYER)
+
+class AsyncTest(unittest.TestCase):
+    def setUp(self):
+        logging.basicConfig(filename='AsyncTest.log', level=logging.DEBUG)
+
+    def test_async(self):
+        log = logging.getLogger(__name__)
+        log.debug(sys._getframe().f_code.co_name)
+
+        async_client = tpm2.Client(tpm2.Client.FLAG_NONBLOCK)
+        log.debug("Calling get_cap in a NON_BLOCKING mode")
+        async_client.get_cap(tpm2.TPM2_CAP_HANDLES, tpm2.HR_LOADED_SESSION)
+        async_client.close()
...	...	@@ -470,6 +470,7 @@
470	470	if (ret < 0)
471	471	goto error_free_tfm;
472	472
	473	+ ret = -ENOMEM;
473	474	req = akcipher_request_alloc(tfm, GFP_KERNEL);
474	475	if (!req)
475	476	goto error_free_tfm;
...	...	@@ -184,6 +184,7 @@
184	184	if (IS_ERR(tfm))
185	185	return PTR_ERR(tfm);
186	186
	187	+ ret = -ENOMEM;
187	188	req = akcipher_request_alloc(tfm, GFP_KERNEL);
188	189	if (!req)
189	190	goto error_free_tfm;
...	...	@@ -61,6 +61,12 @@
61	61
62	62	mutex_lock(&priv->buffer_mutex);
63	63	priv->command_enqueued = false;
	64	+ ret = tpm_try_get_ops(priv->chip);
	65	+ if (ret) {
	66	+ priv->response_length = ret;
	67	+ goto out;
	68	+ }
	69	+
64	70	ret = tpm_dev_transmit(priv->chip, priv->space, priv->data_buffer,
65	71	sizeof(priv->data_buffer));
66	72	tpm_put_ops(priv->chip);
...	...	@@ -68,6 +74,7 @@
68	74	priv->response_length = ret;
69	75	mod_timer(&priv->user_read_timer, jiffies + (120 * HZ));
70	76	}
	77	+out:
71	78	mutex_unlock(&priv->buffer_mutex);
72	79	wake_up_interruptible(&priv->async_wait);
73	80	}
...	...	@@ -204,6 +211,7 @@
204	211	if (file->f_flags & O_NONBLOCK) {
205	212	priv->command_enqueued = true;
206	213	queue_work(tpm_dev_wq, &priv->async_work);
	214	+ tpm_put_ops(priv->chip);
207	215	mutex_unlock(&priv->buffer_mutex);
208	216	return size;
209	217	}
...	...	@@ -218,7 +218,6 @@
218	218	int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
219	219	struct tpm_digest *digests);
220	220	int tpm2_get_random(struct tpm_chip chip, u8 dest, size_t max);
221		-void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
222	221	ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
223	222	u32 value, const char desc);
224	223
...	...	@@ -362,6 +362,7 @@
362	362	tpm_transmit_cmd(chip, &buf, 0, "flushing context");
363	363	tpm_buf_destroy(&buf);
364	364	}
	365	+EXPORT_SYMBOL_GPL(tpm2_flush_context);
365	366
366	367	struct tpm2_get_cap_out {
367	368	u8 more_data;
...	...	@@ -32,7 +32,7 @@
32	32	0x82, 0xCB, 0x34, 0x3F, 0xB7, 0xF3, 0x78, 0x96);
33	33
34	34	/**
35		- * ftpm_tee_tpm_op_recv - retrieve fTPM response.
	35	+ * ftpm_tee_tpm_op_recv() - retrieve fTPM response.
36	36	* @chip: the tpm_chip description as specified in driver/char/tpm/tpm.h.
37	37	* @buf: the buffer to store data.
38	38	* @count: the number of bytes to read.
...	...	@@ -61,7 +61,7 @@
61	61	}
62	62
63	63	/**
64		- * ftpm_tee_tpm_op_send - send TPM commands through the TEE shared memory.
	64	+ * ftpm_tee_tpm_op_send() - send TPM commands through the TEE shared memory.
65	65	* @chip: the tpm_chip description as specified in driver/char/tpm/tpm.h
66	66	* @buf: the buffer to send.
67	67	* @len: the number of bytes to send.
...	...	@@ -208,7 +208,7 @@
208	208	}
209	209
210	210	/**
211		- * ftpm_tee_probe - initialize the fTPM
	211	+ * ftpm_tee_probe() - initialize the fTPM
212	212	* @pdev: the platform_device description.
213	213	*
214	214	* Return:
...	...	@@ -298,7 +298,7 @@
298	298	}
299	299
300	300	/**
301		- * ftpm_tee_remove - remove the TPM device
	301	+ * ftpm_tee_remove() - remove the TPM device
302	302	* @pdev: the platform_device description.
303	303	*
304	304	* Return:
...	...	@@ -328,6 +328,19 @@
328	328	return 0;
329	329	}
330	330
	331	+/**
	332	+ * ftpm_tee_shutdown() - shutdown the TPM device
	333	+ * @pdev: the platform_device description.
	334	+ */
	335	+static void ftpm_tee_shutdown(struct platform_device *pdev)
	336	+{
	337	+ struct ftpm_tee_private *pvt_data = dev_get_drvdata(&pdev->dev);
	338	+
	339	+ tee_shm_free(pvt_data->shm);
	340	+ tee_client_close_session(pvt_data->ctx, pvt_data->session);
	341	+ tee_client_close_context(pvt_data->ctx);
	342	+}
	343	+
331	344	static const struct of_device_id of_ftpm_tee_ids[] = {
332	345	{ .compatible = "microsoft,ftpm" },
333	346	{ }
...	...	@@ -341,6 +354,7 @@
341	354	},
342	355	.probe = ftpm_tee_probe,
343	356	.remove = ftpm_tee_remove,
	357	+ .shutdown = ftpm_tee_shutdown,
344	358	};
345	359
346	360	module_platform_driver(ftpm_tee_driver);
...	...	@@ -978,13 +978,13 @@
978	978
979	979	if (wait_startup(chip, 0) != 0) {
980	980	rc = -ENODEV;
981		- goto out_err;
	981	+ goto err_start;
982	982	}
983	983
984	984	/* Take control of the TPM's interrupt hardware and shut it off */
985	985	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
986	986	if (rc < 0)
987		- goto out_err;
	987	+ goto err_start;
988	988
989	989	intmask \|= TPM_INTF_CMD_READY_INT \| TPM_INTF_LOCALITY_CHANGE_INT \|
990	990	TPM_INTF_DATA_AVAIL_INT \| TPM_INTF_STS_VALID_INT;
991	991
992	992
993	993
994	994
...	...	@@ -993,21 +993,21 @@
993	993
994	994	rc = tpm_chip_start(chip);
995	995	if (rc)
996		- goto out_err;
	996	+ goto err_start;
	997	+
997	998	rc = tpm2_probe(chip);
998		- tpm_chip_stop(chip);
999	999	if (rc)
1000		- goto out_err;
	1000	+ goto err_probe;
1001	1001
1002	1002	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
1003	1003	if (rc < 0)
1004		- goto out_err;
	1004	+ goto err_probe;
1005	1005
1006	1006	priv->manufacturer_id = vendor;
1007	1007
1008	1008	rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
1009	1009	if (rc < 0)
1010		- goto out_err;
	1010	+ goto err_probe;
1011	1011
1012	1012	dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
1013	1013	(chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
1014	1014
...	...	@@ -1016,13 +1016,13 @@
1016	1016	probe = probe_itpm(chip);
1017	1017	if (probe < 0) {
1018	1018	rc = -ENODEV;
1019		- goto out_err;
	1019	+ goto err_probe;
1020	1020	}
1021	1021
1022	1022	/* Figure out the capabilities */
1023	1023	rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
1024	1024	if (rc < 0)
1025		- goto out_err;
	1025	+ goto err_probe;
1026	1026
1027	1027	dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
1028	1028	intfcaps);
1029	1029
...	...	@@ -1056,10 +1056,9 @@
1056	1056	if (tpm_get_timeouts(chip)) {
1057	1057	dev_err(dev, "Could not get TPM timeouts and durations\n");
1058	1058	rc = -ENODEV;
1059		- goto out_err;
	1059	+ goto err_probe;
1060	1060	}
1061	1061
1062		- tpm_chip_start(chip);
1063	1062	chip->flags \|= TPM_CHIP_FLAG_IRQ;
1064	1063	if (irq) {
1065	1064	tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
1066	1065
1067	1066
1068	1067
1069	1068
...	...	@@ -1070,18 +1069,20 @@
1070	1069	} else {
1071	1070	tpm_tis_probe_irq(chip, intmask);
1072	1071	}
1073		- tpm_chip_stop(chip);
1074	1072	}
1075	1073
	1074	+ tpm_chip_stop(chip);
	1075	+
1076	1076	rc = tpm_chip_register(chip);
1077	1077	if (rc)
1078		- goto out_err;
	1078	+ goto err_start;
1079	1079
1080		- if (chip->ops->clk_enable != NULL)
1081		- chip->ops->clk_enable(chip, false);
1082		-
1083	1080	return 0;
1084		-out_err:
	1081	+
	1082	+err_probe:
	1083	+ tpm_chip_stop(chip);
	1084	+
	1085	+err_start:
1085	1086	if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL))
1086	1087	chip->ops->clk_enable(chip, false);
1087	1088
...	...	@@ -403,6 +403,7 @@
403	403	extern int tpm_send(struct tpm_chip chip, void cmd, size_t buflen);
404	404	extern int tpm_get_random(struct tpm_chip chip, u8 data, size_t max);
405	405	extern struct tpm_chip *tpm_default_chip(void);
	406	+void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
406	407	#else
407	408	static inline int tpm_is_tpm2(struct tpm_chip *chip)
408	409	{
...	...	@@ -21,10 +21,6 @@
21	21
22	22	If you are unsure as to whether this is required, answer N.
23	23
24		-config KEYS_COMPAT
25		- def_bool y
26		- depends on COMPAT && KEYS
27		-
28	24	config KEYS_REQUEST_CACHE
29	25	bool "Enable temporary caching of the last request_key() result"
30	26	depends on KEYS
...	...	@@ -17,7 +17,7 @@
17	17	request_key_auth.o \
18	18	user_defined.o
19	19	compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o
20		-obj-$(CONFIG_KEYS_COMPAT) += compat.o $(compat-obj-y)
	20	+obj-$(CONFIG_COMPAT) += compat.o $(compat-obj-y)
21	21	obj-$(CONFIG_PROC_FS) += proc.o
22	22	obj-$(CONFIG_SYSCTL) += sysctl.o
23	23	obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o