From 80b8a39777a9161d77608ac702c7eeafce5ddce7 Mon Sep 17 00:00:00 2001 From: Haowen Bai Date: Fri, 18 Mar 2022 11:35:25 +0800 Subject: tpm/tpm_ftpm_tee: Return true/false (not 1/0) from bool functions Return boolean values ("true" or "false") instead of 1 or 0 from bool functions. Signed-off-by: Haowen Bai Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_ftpm_tee.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm_ftpm_tee.c b/drivers/char/tpm/tpm_ftpm_tee.c index 6e3235565a4d..5c233423c56f 100644 --- a/drivers/char/tpm/tpm_ftpm_tee.c +++ b/drivers/char/tpm/tpm_ftpm_tee.c @@ -177,7 +177,7 @@ static u8 ftpm_tee_tpm_op_status(struct tpm_chip *chip) static bool ftpm_tee_tpm_req_canceled(struct tpm_chip *chip, u8 status) { - return 0; + return false; } static const struct tpm_class_ops ftpm_tee_tpm_ops = { -- cgit v1.2.3-59-g8ed1b From d0dc1a7100f19121f6e7450f9cdda11926aa3838 Mon Sep 17 00:00:00 2001 From: Xiu Jianfeng Date: Fri, 18 Mar 2022 14:02:01 +0800 Subject: tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() Currently it returns zero when CRQ response timed out, it should return an error code instead. Fixes: d8d74ea3c002 ("tpm: ibmvtpm: Wait for buffer to be set before proceeding") Signed-off-by: Xiu Jianfeng Reviewed-by: Stefan Berger Acked-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_ibmvtpm.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c index 3af4c07a9342..d3989b257f42 100644 --- a/drivers/char/tpm/tpm_ibmvtpm.c +++ b/drivers/char/tpm/tpm_ibmvtpm.c @@ -681,6 +681,7 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, if (!wait_event_timeout(ibmvtpm->crq_queue.wq, ibmvtpm->rtce_buf != NULL, HZ)) { + rc = -ENODEV; dev_err(dev, "CRQ response timed out\n"); goto init_irq_cleanup; } -- cgit v1.2.3-59-g8ed1b From 6422cbd3c52deb1d53a0e60c271f34d882ca8a9d Mon Sep 17 00:00:00 2001 From: Johannes Holland Date: Mon, 21 Mar 2022 10:09:24 +0100 Subject: tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops Only tpm_tis and tpm_tis_synquacer have a dedicated way to access multiple bytes at once, every other driver will just fall back to read_bytes/write_bytes. Therefore, remove the read16/read32/write32 calls and move their logic to read_bytes/write_bytes. Suggested-by: Jarkko Sakkinen Signed-off-by: Johannes Holland Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_tis.c | 67 +++++++++++------------- drivers/char/tpm/tpm_tis_core.h | 58 ++++++++++++++++----- drivers/char/tpm/tpm_tis_spi.h | 4 -- drivers/char/tpm/tpm_tis_spi_cr50.c | 7 +-- drivers/char/tpm/tpm_tis_spi_main.c | 45 +---------------- drivers/char/tpm/tpm_tis_synquacer.c | 98 ++++++++++++++---------------------- 6 files changed, 118 insertions(+), 161 deletions(-) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index d3f2e5364c27..bcff6429e0b4 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -153,50 +153,46 @@ static int check_acpi_tpm2(struct device *dev) #endif static int tpm_tcg_read_bytes(struct tpm_tis_data *data, u32 addr, u16 len, - u8 *result) + u8 *result, enum tpm_tis_io_mode io_mode) { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - - while (len--) - *result++ = ioread8(phy->iobase + addr); + __le16 result_le16; + __le32 result_le32; + + switch (io_mode) { + case TPM_TIS_PHYS_8: + while (len--) + *result++ = ioread8(phy->iobase + addr); + break; + case TPM_TIS_PHYS_16: + result_le16 = cpu_to_le16(ioread16(phy->iobase + addr)); + memcpy(result, &result_le16, sizeof(u16)); + break; + case TPM_TIS_PHYS_32: + result_le32 = cpu_to_le32(ioread32(phy->iobase + addr)); + memcpy(result, &result_le32, sizeof(u32)); + break; + } return 0; } static int tpm_tcg_write_bytes(struct tpm_tis_data *data, u32 addr, u16 len, - const u8 *value) + const u8 *value, enum tpm_tis_io_mode io_mode) { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - while (len--) - iowrite8(*value++, phy->iobase + addr); - - return 0; -} - -static int tpm_tcg_read16(struct tpm_tis_data *data, u32 addr, u16 *result) -{ - struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - - *result = ioread16(phy->iobase + addr); - - return 0; -} - -static int tpm_tcg_read32(struct tpm_tis_data *data, u32 addr, u32 *result) -{ - struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - - *result = ioread32(phy->iobase + addr); - - return 0; -} - -static int tpm_tcg_write32(struct tpm_tis_data *data, u32 addr, u32 value) -{ - struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - - iowrite32(value, phy->iobase + addr); + switch (io_mode) { + case TPM_TIS_PHYS_8: + while (len--) + iowrite8(*value++, phy->iobase + addr); + break; + case TPM_TIS_PHYS_16: + return -EINVAL; + case TPM_TIS_PHYS_32: + iowrite32(le32_to_cpu(*((__le32 *)value)), phy->iobase + addr); + break; + } return 0; } @@ -204,9 +200,6 @@ static int tpm_tcg_write32(struct tpm_tis_data *data, u32 addr, u32 value) static const struct tpm_tis_phy_ops tpm_tcg = { .read_bytes = tpm_tcg_read_bytes, .write_bytes = tpm_tcg_write_bytes, - .read16 = tpm_tcg_read16, - .read32 = tpm_tcg_read32, - .write32 = tpm_tcg_write32, }; static int tpm_tis_init(struct device *dev, struct tpm_info *tpm_info) diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h index 3be24f221e32..6c203f36b8a1 100644 --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -104,54 +104,88 @@ struct tpm_tis_data { unsigned int timeout_max; /* usecs */ }; +/* + * IO modes to indicate how many bytes should be read/written at once in the + * tpm_tis_phy_ops read_bytes/write_bytes calls. Use TPM_TIS_PHYS_8 to + * receive/transmit byte-wise, TPM_TIS_PHYS_16 for two bytes etc. + */ +enum tpm_tis_io_mode { + TPM_TIS_PHYS_8, + TPM_TIS_PHYS_16, + TPM_TIS_PHYS_32, +}; + struct tpm_tis_phy_ops { + /* data is passed in little endian */ int (*read_bytes)(struct tpm_tis_data *data, u32 addr, u16 len, - u8 *result); + u8 *result, enum tpm_tis_io_mode mode); int (*write_bytes)(struct tpm_tis_data *data, u32 addr, u16 len, - const u8 *value); - int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result); - int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result); - int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src); + const u8 *value, enum tpm_tis_io_mode mode); }; static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr, u16 len, u8 *result) { - return data->phy_ops->read_bytes(data, addr, len, result); + return data->phy_ops->read_bytes(data, addr, len, result, + TPM_TIS_PHYS_8); } static inline int tpm_tis_read8(struct tpm_tis_data *data, u32 addr, u8 *result) { - return data->phy_ops->read_bytes(data, addr, 1, result); + return data->phy_ops->read_bytes(data, addr, 1, result, TPM_TIS_PHYS_8); } static inline int tpm_tis_read16(struct tpm_tis_data *data, u32 addr, u16 *result) { - return data->phy_ops->read16(data, addr, result); + __le16 result_le; + int rc; + + rc = data->phy_ops->read_bytes(data, addr, sizeof(u16), + (u8 *)&result_le, TPM_TIS_PHYS_16); + if (!rc) + *result = le16_to_cpu(result_le); + + return rc; } static inline int tpm_tis_read32(struct tpm_tis_data *data, u32 addr, u32 *result) { - return data->phy_ops->read32(data, addr, result); + __le32 result_le; + int rc; + + rc = data->phy_ops->read_bytes(data, addr, sizeof(u32), + (u8 *)&result_le, TPM_TIS_PHYS_32); + if (!rc) + *result = le32_to_cpu(result_le); + + return rc; } static inline int tpm_tis_write_bytes(struct tpm_tis_data *data, u32 addr, u16 len, const u8 *value) { - return data->phy_ops->write_bytes(data, addr, len, value); + return data->phy_ops->write_bytes(data, addr, len, value, + TPM_TIS_PHYS_8); } static inline int tpm_tis_write8(struct tpm_tis_data *data, u32 addr, u8 value) { - return data->phy_ops->write_bytes(data, addr, 1, &value); + return data->phy_ops->write_bytes(data, addr, 1, &value, + TPM_TIS_PHYS_8); } static inline int tpm_tis_write32(struct tpm_tis_data *data, u32 addr, u32 value) { - return data->phy_ops->write32(data, addr, value); + __le32 value_le; + int rc; + + value_le = cpu_to_le32(value); + rc = data->phy_ops->write_bytes(data, addr, sizeof(u32), + (u8 *)&value_le, TPM_TIS_PHYS_32); + return rc; } static inline bool is_bsw(void) diff --git a/drivers/char/tpm/tpm_tis_spi.h b/drivers/char/tpm/tpm_tis_spi.h index bba73979c368..d0f66f6f1931 100644 --- a/drivers/char/tpm/tpm_tis_spi.h +++ b/drivers/char/tpm/tpm_tis_spi.h @@ -31,10 +31,6 @@ extern int tpm_tis_spi_init(struct spi_device *spi, struct tpm_tis_spi_phy *phy, extern int tpm_tis_spi_transfer(struct tpm_tis_data *data, u32 addr, u16 len, u8 *in, const u8 *out); -extern int tpm_tis_spi_read16(struct tpm_tis_data *data, u32 addr, u16 *result); -extern int tpm_tis_spi_read32(struct tpm_tis_data *data, u32 addr, u32 *result); -extern int tpm_tis_spi_write32(struct tpm_tis_data *data, u32 addr, u32 value); - #ifdef CONFIG_TCG_TIS_SPI_CR50 extern int cr50_spi_probe(struct spi_device *spi); #else diff --git a/drivers/char/tpm/tpm_tis_spi_cr50.c b/drivers/char/tpm/tpm_tis_spi_cr50.c index 7bf123d3c537..f4937280e940 100644 --- a/drivers/char/tpm/tpm_tis_spi_cr50.c +++ b/drivers/char/tpm/tpm_tis_spi_cr50.c @@ -222,13 +222,13 @@ static int tpm_tis_spi_cr50_transfer(struct tpm_tis_data *data, u32 addr, u16 le } static int tpm_tis_spi_cr50_read_bytes(struct tpm_tis_data *data, u32 addr, - u16 len, u8 *result) + u16 len, u8 *result, enum tpm_tis_io_mode io_mode) { return tpm_tis_spi_cr50_transfer(data, addr, len, result, NULL); } static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr, - u16 len, const u8 *value) + u16 len, const u8 *value, enum tpm_tis_io_mode io_mode) { return tpm_tis_spi_cr50_transfer(data, addr, len, NULL, value); } @@ -236,9 +236,6 @@ static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr, static const struct tpm_tis_phy_ops tpm_spi_cr50_phy_ops = { .read_bytes = tpm_tis_spi_cr50_read_bytes, .write_bytes = tpm_tis_spi_cr50_write_bytes, - .read16 = tpm_tis_spi_read16, - .read32 = tpm_tis_spi_read32, - .write32 = tpm_tis_spi_write32, }; static void cr50_print_fw_version(struct tpm_tis_data *data) diff --git a/drivers/char/tpm/tpm_tis_spi_main.c b/drivers/char/tpm/tpm_tis_spi_main.c index 184396b3af50..a0963a3e92bd 100644 --- a/drivers/char/tpm/tpm_tis_spi_main.c +++ b/drivers/char/tpm/tpm_tis_spi_main.c @@ -141,55 +141,17 @@ exit: } static int tpm_tis_spi_read_bytes(struct tpm_tis_data *data, u32 addr, - u16 len, u8 *result) + u16 len, u8 *result, enum tpm_tis_io_mode io_mode) { return tpm_tis_spi_transfer(data, addr, len, result, NULL); } static int tpm_tis_spi_write_bytes(struct tpm_tis_data *data, u32 addr, - u16 len, const u8 *value) + u16 len, const u8 *value, enum tpm_tis_io_mode io_mode) { return tpm_tis_spi_transfer(data, addr, len, NULL, value); } -int tpm_tis_spi_read16(struct tpm_tis_data *data, u32 addr, u16 *result) -{ - __le16 result_le; - int rc; - - rc = data->phy_ops->read_bytes(data, addr, sizeof(u16), - (u8 *)&result_le); - if (!rc) - *result = le16_to_cpu(result_le); - - return rc; -} - -int tpm_tis_spi_read32(struct tpm_tis_data *data, u32 addr, u32 *result) -{ - __le32 result_le; - int rc; - - rc = data->phy_ops->read_bytes(data, addr, sizeof(u32), - (u8 *)&result_le); - if (!rc) - *result = le32_to_cpu(result_le); - - return rc; -} - -int tpm_tis_spi_write32(struct tpm_tis_data *data, u32 addr, u32 value) -{ - __le32 value_le; - int rc; - - value_le = cpu_to_le32(value); - rc = data->phy_ops->write_bytes(data, addr, sizeof(u32), - (u8 *)&value_le); - - return rc; -} - int tpm_tis_spi_init(struct spi_device *spi, struct tpm_tis_spi_phy *phy, int irq, const struct tpm_tis_phy_ops *phy_ops) { @@ -205,9 +167,6 @@ int tpm_tis_spi_init(struct spi_device *spi, struct tpm_tis_spi_phy *phy, static const struct tpm_tis_phy_ops tpm_spi_phy_ops = { .read_bytes = tpm_tis_spi_read_bytes, .write_bytes = tpm_tis_spi_write_bytes, - .read16 = tpm_tis_spi_read16, - .read32 = tpm_tis_spi_read32, - .write32 = tpm_tis_spi_write32, }; static int tpm_tis_spi_probe(struct spi_device *dev) diff --git a/drivers/char/tpm/tpm_tis_synquacer.c b/drivers/char/tpm/tpm_tis_synquacer.c index e47bdd272704..679196c61401 100644 --- a/drivers/char/tpm/tpm_tis_synquacer.c +++ b/drivers/char/tpm/tpm_tis_synquacer.c @@ -35,72 +35,53 @@ static inline struct tpm_tis_synquacer_phy *to_tpm_tis_tcg_phy(struct tpm_tis_da } static int tpm_tis_synquacer_read_bytes(struct tpm_tis_data *data, u32 addr, - u16 len, u8 *result) + u16 len, u8 *result, + enum tpm_tis_io_mode io_mode) { struct tpm_tis_synquacer_phy *phy = to_tpm_tis_tcg_phy(data); - - while (len--) - *result++ = ioread8(phy->iobase + addr); + switch (io_mode) { + case TPM_TIS_PHYS_8: + while (len--) + *result++ = ioread8(phy->iobase + addr); + break; + case TPM_TIS_PHYS_16: + result[1] = ioread8(phy->iobase + addr + 1); + result[0] = ioread8(phy->iobase + addr); + break; + case TPM_TIS_PHYS_32: + result[3] = ioread8(phy->iobase + addr + 3); + result[2] = ioread8(phy->iobase + addr + 2); + result[1] = ioread8(phy->iobase + addr + 1); + result[0] = ioread8(phy->iobase + addr); + break; + } return 0; } static int tpm_tis_synquacer_write_bytes(struct tpm_tis_data *data, u32 addr, - u16 len, const u8 *value) + u16 len, const u8 *value, + enum tpm_tis_io_mode io_mode) { struct tpm_tis_synquacer_phy *phy = to_tpm_tis_tcg_phy(data); - - while (len--) - iowrite8(*value++, phy->iobase + addr); - - return 0; -} - -static int tpm_tis_synquacer_read16_bw(struct tpm_tis_data *data, - u32 addr, u16 *result) -{ - struct tpm_tis_synquacer_phy *phy = to_tpm_tis_tcg_phy(data); - - /* - * Due to the limitation of SPI controller on SynQuacer, - * 16/32 bits access must be done in byte-wise and descending order. - */ - *result = (ioread8(phy->iobase + addr + 1) << 8) | - (ioread8(phy->iobase + addr)); - - return 0; -} - -static int tpm_tis_synquacer_read32_bw(struct tpm_tis_data *data, - u32 addr, u32 *result) -{ - struct tpm_tis_synquacer_phy *phy = to_tpm_tis_tcg_phy(data); - - /* - * Due to the limitation of SPI controller on SynQuacer, - * 16/32 bits access must be done in byte-wise and descending order. - */ - *result = (ioread8(phy->iobase + addr + 3) << 24) | - (ioread8(phy->iobase + addr + 2) << 16) | - (ioread8(phy->iobase + addr + 1) << 8) | - (ioread8(phy->iobase + addr)); - - return 0; -} - -static int tpm_tis_synquacer_write32_bw(struct tpm_tis_data *data, - u32 addr, u32 value) -{ - struct tpm_tis_synquacer_phy *phy = to_tpm_tis_tcg_phy(data); - - /* - * Due to the limitation of SPI controller on SynQuacer, - * 16/32 bits access must be done in byte-wise and descending order. - */ - iowrite8(value >> 24, phy->iobase + addr + 3); - iowrite8(value >> 16, phy->iobase + addr + 2); - iowrite8(value >> 8, phy->iobase + addr + 1); - iowrite8(value, phy->iobase + addr); + switch (io_mode) { + case TPM_TIS_PHYS_8: + while (len--) + iowrite8(*value++, phy->iobase + addr); + break; + case TPM_TIS_PHYS_16: + return -EINVAL; + case TPM_TIS_PHYS_32: + /* + * Due to the limitation of SPI controller on SynQuacer, + * 16/32 bits access must be done in byte-wise and descending order. + */ + iowrite8(value[3], phy->iobase + addr + 3); + iowrite8(value[2], phy->iobase + addr + 2); + iowrite8(value[1], phy->iobase + addr + 1); + iowrite8(value[0], phy->iobase + addr); + break; + } return 0; } @@ -108,9 +89,6 @@ static int tpm_tis_synquacer_write32_bw(struct tpm_tis_data *data, static const struct tpm_tis_phy_ops tpm_tcg_bw = { .read_bytes = tpm_tis_synquacer_read_bytes, .write_bytes = tpm_tis_synquacer_write_bytes, - .read16 = tpm_tis_synquacer_read16_bw, - .read32 = tpm_tis_synquacer_read32_bw, - .write32 = tpm_tis_synquacer_write32_bw, }; static int tpm_tis_synquacer_init(struct device *dev, -- cgit v1.2.3-59-g8ed1b From 9c438fdef8906fe9c025e0106cef6fe491728790 Mon Sep 17 00:00:00 2001 From: "Jes B. Klinke" Date: Tue, 19 Apr 2022 16:37:57 -0700 Subject: tpm: cr50: Add new device/vendor ID 0x504a6666 Accept one additional numerical value of DID:VID for next generation Google TPM with new firmware, to be used in future Chromebooks. The TPM with the new firmware has the code name TI50, and is going to use the same interfaces. Signed-off-by: Jes B. Klinke Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_tis_i2c_cr50.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm_tis_i2c_cr50.c b/drivers/char/tpm/tpm_tis_i2c_cr50.c index f6c0affbb456..4ddb8ff3a856 100644 --- a/drivers/char/tpm/tpm_tis_i2c_cr50.c +++ b/drivers/char/tpm/tpm_tis_i2c_cr50.c @@ -31,6 +31,7 @@ #define TPM_CR50_TIMEOUT_SHORT_MS 2 /* Short timeout during transactions */ #define TPM_CR50_TIMEOUT_NOIRQ_MS 20 /* Timeout for TPM ready without IRQ */ #define TPM_CR50_I2C_DID_VID 0x00281ae0L /* Device and vendor ID reg value */ +#define TPM_TI50_I2C_DID_VID 0x504a6666L /* Device and vendor ID reg value */ #define TPM_CR50_I2C_MAX_RETRIES 3 /* Max retries due to I2C errors */ #define TPM_CR50_I2C_RETRY_DELAY_LO 55 /* Min usecs between retries on I2C */ #define TPM_CR50_I2C_RETRY_DELAY_HI 65 /* Max usecs between retries on I2C */ @@ -742,15 +743,15 @@ static int tpm_cr50_i2c_probe(struct i2c_client *client) } vendor = le32_to_cpup((__le32 *)buf); - if (vendor != TPM_CR50_I2C_DID_VID) { + if (vendor != TPM_CR50_I2C_DID_VID && vendor != TPM_TI50_I2C_DID_VID) { dev_err(dev, "Vendor ID did not match! ID was %08x\n", vendor); tpm_cr50_release_locality(chip, true); return -ENODEV; } - dev_info(dev, "cr50 TPM 2.0 (i2c 0x%02x irq %d id 0x%x)\n", + dev_info(dev, "%s TPM 2.0 (i2c 0x%02x irq %d id 0x%x)\n", + vendor == TPM_TI50_I2C_DID_VID ? "ti50" : "cr50", client->addr, client->irq, vendor >> 16); - return tpm_chip_register(chip); } -- cgit v1.2.3-59-g8ed1b From e0687fe958f763f1790f22ed5483025b7624e744 Mon Sep 17 00:00:00 2001 From: Uwe Kleine-König Date: Tue, 26 Apr 2022 10:06:02 +0200 Subject: char: tpm: cr50_i2c: Suppress duplicated error message in .remove() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Returning an error value in an i2c remove callback results in an error message being emitted by the i2c core, but otherwise it doesn't make a difference. The device goes away anyhow and the devm cleanups are called. As tpm_cr50_i2c_remove() emits an error message already and the additional error message by the i2c core doesn't add any useful information, change the return value to zero to suppress this error message. Note that if i2c_clientdata is NULL, there is something really fishy. Assuming no memory corruption happened (then all bets are lost anyhow), tpm_cr50_i2c_remove() is only called after tpm_cr50_i2c_probe() returned successfully. So there was a tpm chip registered before and after tpm_cr50_i2c_remove() its privdata is freed but the associated character device isn't removed. If after that happened userspace accesses the character device it's likely that the freed memory is accessed. For that reason the warning message is made a bit more frightening. Signed-off-by: Uwe Kleine-König Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_tis_i2c_cr50.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm_tis_i2c_cr50.c b/drivers/char/tpm/tpm_tis_i2c_cr50.c index 4ddb8ff3a856..974479a1ec5a 100644 --- a/drivers/char/tpm/tpm_tis_i2c_cr50.c +++ b/drivers/char/tpm/tpm_tis_i2c_cr50.c @@ -769,8 +769,8 @@ static int tpm_cr50_i2c_remove(struct i2c_client *client) struct device *dev = &client->dev; if (!chip) { - dev_err(dev, "Could not get client data at remove\n"); - return -ENODEV; + dev_crit(dev, "Could not get client data at remove, memory corruption ahead\n"); + return 0; } tpm_chip_unregister(chip); -- cgit v1.2.3-59-g8ed1b From e57b2523bd37e6434f4e64c7a685e3715ad21e9a Mon Sep 17 00:00:00 2001 From: Stefan Mahnke-Hartmann Date: Fri, 13 May 2022 15:41:51 +0200 Subject: tpm: Fix buffer access in tpm2_get_tpm_pt() Under certain conditions uninitialized memory will be accessed. As described by TCG Trusted Platform Module Library Specification, rev. 1.59 (Part 3: Commands), if a TPM2_GetCapability is received, requesting a capability, the TPM in field upgrade mode may return a zero length list. Check the property count in tpm2_get_tpm_pt(). Fixes: 2ab3241161b3 ("tpm: migrate tpm2_get_tpm_pt() to use struct tpm_buf") Cc: stable@vger.kernel.org Signed-off-by: Stefan Mahnke-Hartmann Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm2-cmd.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 4704fa553098..04a3e23a4afc 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -400,7 +400,16 @@ ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, if (!rc) { out = (struct tpm2_get_cap_out *) &buf.data[TPM_HEADER_SIZE]; - *value = be32_to_cpu(out->value); + /* + * To prevent failing boot up of some systems, Infineon TPM2.0 + * returns SUCCESS on TPM2_Startup in field upgrade mode. Also + * the TPM2_Getcapability command returns a zero length list + * in field upgrade mode. + */ + if (be32_to_cpu(out->property_cnt) > 0) + *value = be32_to_cpu(out->value); + else + rc = -ENODATA; } tpm_buf_destroy(&buf); return rc; -- cgit v1.2.3-59-g8ed1b From af402ee3c045b0cbd10b7e66d2431304ac9e69bb Mon Sep 17 00:00:00 2001 From: Stefan Mahnke-Hartmann Date: Fri, 13 May 2022 15:41:53 +0200 Subject: tpm: Add field upgrade mode support for Infineon TPM2 modules TPM2_GetCapability with a capability that has the property type value of TPM_PT_TOTAL_COMMANDS returns a zero length list, when an Infineon TPM2 is in field upgrade mode. Since an Infineon TPM2.0 in field upgrade mode returns RC_SUCCESS on TPM2_Startup, the field upgrade mode has to be detected by TPM2_GetCapability. Signed-off-by: Stefan Mahnke-Hartmann Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm2-cmd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'drivers/char/tpm') diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 04a3e23a4afc..c1eb5d223839 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -754,7 +754,11 @@ int tpm2_auto_startup(struct tpm_chip *chip) rc = tpm2_get_cc_attrs_tbl(chip); out: - if (rc == TPM2_RC_UPGRADE) { + /* + * Infineon TPM in field upgrade mode will return no data for the number + * of supported commands. + */ + if (rc == TPM2_RC_UPGRADE || rc == -ENODATA) { dev_info(&chip->dev, "TPM in field upgrade mode, requires firmware upgrade\n"); chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE; rc = 0; -- cgit v1.2.3-59-g8ed1b