summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* cipso: don't use IPCB() to locate the CIPSO IP optionPaul Moore2015-02-113-35/+56
| | | | | | | | | | | | | | | | | | | | | Using the IPCB() macro to get the IPv4 options is convenient, but unfortunately NetLabel often needs to examine the CIPSO option outside of the scope of the IP layer in the stack. While historically IPCB() worked above the IP layer, due to the inclusion of the inet_skb_param struct at the head of the {tcp,udp}_skb_cb structs, recent commit 971f10ec ("tcp: better TCP_SKB_CB layout to reduce cache line misses") reordered the tcp_skb_cb struct and invalidated this IPCB() trick. This patch fixes the problem by creating a new function, cipso_v4_optptr(), which locates the CIPSO option inside the IP header without calling IPCB(). Unfortunately, this isn't as fast as a simple lookup so some additional tweaks were made to limit the use of this new function. Cc: <stable@vger.kernel.org> # 3.18 Reported-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Tested-by: Casey Schaufler <casey@schaufler-ca.com>
* SELinux: fix error code in policydb_init()Dan Carpenter2015-02-041-2/+6
| | | | | | | | | | If hashtab_create() returns a NULL pointer then we should return -ENOMEM but instead the current code returns success. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: add security in-core xattr support for pstore and debugfsMark Salyzyn2015-02-041-17/+8
| | | | | | | | | | | - add "pstore" and "debugfs" to list of in-core exceptions - change fstype checks to boolean equation - change from strncmp to strcmp for checking Signed-off-by: Mark Salyzyn <salyzyn@android.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: tweaked the subject line prefix to "selinux"] Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: quiet the filesystem labeling behavior messagePaul Moore2015-02-041-4/+0
| | | | | | | | | | | | | While the filesystem labeling method is only printed at the KERN_DEBUG level, this still appears in dmesg and on modern Linux distributions that create a lot of tmpfs mounts for session handling, the dmesg can easily be filled with a lot of "SELinux: initialized (dev X ..." messages. This patch removes this notification for the normal case but leaves the error message intact (displayed when mounting a filesystem with an unknown labeling behavior). Reported-by: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: Remove unused function avc_sidcmp()Rickard Strandqvist2015-02-041-5/+0
| | | | | | | | | | Remove the function avc_sidcmp() that is not used anywhere. This was partially found by using a static code analysis program called cppcheck. Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> [PM: rewrite the patch subject line] Signed-off-by: Paul Moore <pmoore@redhat.com>
* ima: /proc/keys is now mandatoryDavid Howells2015-02-021-1/+0
| | | | | | | | | | /proc/keys is now mandatory and its config option no longer exists, so it doesn't need selecting. Reported-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
* Merge tag 'keys-next-20150123' of ↵James Morris2015-01-295-40/+20
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
| * X.509: silence asn1 compiler debug outputArnd Bergmann2015-01-231-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | The asn1_compiler process is particularly chatty and produces about the only stdout output for an allmodconfig kernel. In order to follow the general concept of 'no news is good news' for building kernels, this hides all the existing output unless the KBUILD_VERBOSE environment variable is set. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David Howells <dhowells@redhat.com>
| * X.509: shut up about included cert for silent buildArnd Bergmann2015-01-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Every kernel build that includes X.509 support prints out a message like - Including cert signing_key.x509 This may be useful for some cases, but when doing automated build tests, it just means noise. To hide the message, this uses '$(kecho)' for printing the message, which means we still see it when building with V=1, but not at the normal level or when building with 'make -s'. Signed-off-by: Arnd Bergmann <arnd@arnd.de> Signed-off-by: David Howells <dhowells@redhat.com>
| * KEYS: Make /proc/keys unconditional if CONFIG_KEYS=yDavid Howells2015-01-223-28/+0
| | | | | | | | | | | | | | | | | | | | Now that /proc/keys is used by libkeyutils to look up a key by type and description, we should make it unconditional and remove CONFIG_DEBUG_PROC_KEYS. Reported-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Jiri Kosina <jkosina@suse.cz>
* | Merge branch 'smack-for-3.20-rebased' of ↵James Morris2015-01-291-1/+1
|\ \ | | | | | | | | | git://git.gitorious.org/smack-next/kernel into next
| * | Smack: Repair netfilter dependencyCasey Schaufler2015-01-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On 1/23/2015 8:20 AM, Jim Davis wrote: > Building with the attached random configuration file, > > security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’: > security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no > member named ‘secmark’ > skb->secmark = skp->smk_secid; > ^ > make[2]: *** [security/smack/smack_netfilter.o] Error 1 The existing Makefile used the wrong configuration option to determine if smack_netfilter should be built. This sets it right. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
* | | MAINTAINERS: email updateDmitry Kasatkin2015-01-221-1/+1
| |/ |/| | | | | | | | | Changed to my private email address as I left Samsung. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
* | tpm/tpm_tis: Add missing ifdef CONFIG_ACPI for pnp_acpi_devicePeter Huewe2015-01-221-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a build failure if CONFIG_PNP is set but CONFIG_ACPI is not: drivers/char/tpm/tpm_tis.c: In function ?tpm_tis_pnp_init?: drivers/char/tpm/tpm_tis.c:912:45: error: invalid type argument of ?->? (have ?int?) acpi_dev_handle = pnp_acpi_device(pnp_dev)->handle; If CONFIG_PNPACPI is not set pnp_acpi_device is defined as 0 and thus accesing the handle is not possible. Fixes: 0dc553652102 ("tpm: fix raciness of PPI interface lookup") Reported-by: Jim Davis <jim.epost@gmail.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: James Morris <james.l.morris@oracle.com>
* | Merge branch 'smack-for-3.20-rebased' of ↵James Morris2015-01-225-52/+267
|\| | | | | | | git://git.gitorious.org/smack-next/kernel into next
| * smack: fix possible use after frees in task_security() callersAndrey Ryabinin2015-01-212-11/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We hit use after free on dereferncing pointer to task_smack struct in smk_of_task() called from smack_task_to_inode(). task_security() macro uses task_cred_xxx() to get pointer to the task_smack. task_cred_xxx() could be used only for non-pointer members of task's credentials. It cannot be used for pointer members since what they point to may disapper after dropping RCU read lock. Mainly task_security() used this way: smk_of_task(task_security(p)) Intead of this introduce function smk_of_task_struct() which takes task_struct as argument and returns pointer to smk_known struct and do this under RCU read lock. Bogus task_security() macro is not used anymore, so remove it. KASan's report for this: AddressSanitizer: use after free in smack_task_to_inode+0x50/0x70 at addr c4635600 ============================================================================= BUG kmalloc-64 (Tainted: PO): kasan error ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in new_task_smack+0x44/0xd8 age=39 cpu=0 pid=1866 kmem_cache_alloc_trace+0x88/0x1bc new_task_smack+0x44/0xd8 smack_cred_prepare+0x48/0x21c security_prepare_creds+0x44/0x4c prepare_creds+0xdc/0x110 smack_setprocattr+0x104/0x150 security_setprocattr+0x4c/0x54 proc_pid_attr_write+0x12c/0x194 vfs_write+0x1b0/0x370 SyS_write+0x5c/0x94 ret_fast_syscall+0x0/0x48 INFO: Freed in smack_cred_free+0xc4/0xd0 age=27 cpu=0 pid=1564 kfree+0x270/0x290 smack_cred_free+0xc4/0xd0 security_cred_free+0x34/0x3c put_cred_rcu+0x58/0xcc rcu_process_callbacks+0x738/0x998 __do_softirq+0x264/0x4cc do_softirq+0x94/0xf4 irq_exit+0xbc/0x120 handle_IRQ+0x104/0x134 gic_handle_irq+0x70/0xac __irq_svc+0x44/0x78 _raw_spin_unlock+0x18/0x48 sync_inodes_sb+0x17c/0x1d8 sync_filesystem+0xac/0xfc vdfs_file_fsync+0x90/0xc0 vfs_fsync_range+0x74/0x7c INFO: Slab 0xd3b23f50 objects=32 used=31 fp=0xc4635600 flags=0x4080 INFO: Object 0xc4635600 @offset=5632 fp=0x (null) Bytes b4 c46355f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Object c4635600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object c4635610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object c4635620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object c4635630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk. Redzone c4635640: bb bb bb bb .... Padding c46356e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding c46356f8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 5 PID: 834 Comm: launchpad_prelo Tainted: PBO 3.10.30 #1 Backtrace: [<c00233a4>] (dump_backtrace+0x0/0x158) from [<c0023dec>] (show_stack+0x20/0x24) r7:c4634010 r6:d3b23f50 r5:c4635600 r4:d1002140 [<c0023dcc>] (show_stack+0x0/0x24) from [<c06d6d7c>] (dump_stack+0x20/0x28) [<c06d6d5c>] (dump_stack+0x0/0x28) from [<c01c1d50>] (print_trailer+0x124/0x144) [<c01c1c2c>] (print_trailer+0x0/0x144) from [<c01c1e88>] (object_err+0x3c/0x44) r7:c4635600 r6:d1002140 r5:d3b23f50 r4:c4635600 [<c01c1e4c>] (object_err+0x0/0x44) from [<c01cac18>] (kasan_report_error+0x2b8/0x538) r6:d1002140 r5:d3b23f50 r4:c6429cf8 r3:c09e1aa7 [<c01ca960>] (kasan_report_error+0x0/0x538) from [<c01c9430>] (__asan_load4+0xd4/0xf8) [<c01c935c>] (__asan_load4+0x0/0xf8) from [<c031e168>] (smack_task_to_inode+0x50/0x70) r5:c4635600 r4:ca9da000 [<c031e118>] (smack_task_to_inode+0x0/0x70) from [<c031af64>] (security_task_to_inode+0x3c/0x44) r5:cca25e80 r4:c0ba9780 [<c031af28>] (security_task_to_inode+0x0/0x44) from [<c023d614>] (pid_revalidate+0x124/0x178) r6:00000000 r5:cca25e80 r4:cbabe3c0 r3:00008124 [<c023d4f0>] (pid_revalidate+0x0/0x178) from [<c01db98c>] (lookup_fast+0x35c/0x43y4) r9:c6429efc r8:00000101 r7:c079d940 r6:c6429e90 r5:c6429ed8 r4:c83c4148 [<c01db630>] (lookup_fast+0x0/0x434) from [<c01deec8>] (do_last.isra.24+0x1c0/0x1108) [<c01ded08>] (do_last.isra.24+0x0/0x1108) from [<c01dff04>] (path_openat.isra.25+0xf4/0x648) [<c01dfe10>] (path_openat.isra.25+0x0/0x648) from [<c01e1458>] (do_filp_open+0x3c/0x88) [<c01e141c>] (do_filp_open+0x0/0x88) from [<c01ccb28>] (do_sys_open+0xf0/0x198) r7:00000001 r6:c0ea2180 r5:0000000b r4:00000000 [<c01cca38>] (do_sys_open+0x0/0x198) from [<c01ccc00>] (SyS_open+0x30/0x34) [<c01ccbd0>] (SyS_open+0x0/0x34) from [<c001db80>] (ret_fast_syscall+0x0/0x48) Read of size 4 by thread T834: Memory state around the buggy address: c4635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc c4635400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc c4635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc c4635500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc c4635580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >c4635600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ c4635680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb c4635700: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc c4635780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc c4635800: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc c4635880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com> Cc: <stable@vger.kernel.org>
| * smack: Add missing logging in bidirectional UDS connect checkRafal Krypa2015-01-211-1/+1
| | | | | | | | | | | | | | | | During UDS connection check, both sides are checked for write access to the other side. But only the first check is performed with audit support. The second one didn't produce any audit logs. This simple patch fixes that. Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
| * Smack: secmark support for netfilterCasey Schaufler2015-01-215-8/+196
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Smack uses CIPSO to label internet packets and thus provide for access control on delivery of packets. The netfilter facility was not used to allow for Smack to work properly without netfilter configuration. Smack does not need netfilter, however there are cases where it would be handy. As a side effect, the labeling of local IPv4 packets can be optimized and the handling of local IPv6 packets is just all out better. The best part is that the netfilter tools use "contexts" that are just strings, and they work just as well for Smack as they do for SELinux. All of the conditional compilation for IPv6 was implemented by Rafal Krypa <r.krypa@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
| * Smack: Rework file hooksCasey Schaufler2015-01-211-21/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is one of those cases where you look at code you did years ago and wonder what you might have been thinking. There are a number of LSM hooks that work off of file pointers, and most of them really want the security data from the inode. Some, however, really want the security context that the process had when the file was opened. The difference went undetected in Smack until it started getting used in a real system with real testing. At that point it was clear that something was amiss. This patch corrects the misuse of the f_security value in several of the hooks. The behavior will not usually be any different, as the process had to be able to open the file in the first place, and the old check almost always succeeded, as will the new, but for different reasons. Thanks to the Samsung Tizen development team that identified this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
| * smack: Fix a bidirectional UDS connect check typoZbigniew Jasinski2015-01-191-1/+3
| | | | | | | | | | | | | | | | | | The 54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a bidirectional check that should have checked for mutual WRITE access between two labels. Due to a typo subject's OUT label is checked with object's OUT. Should be OUT to IN. Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
| * smack: introduce a special case for tmpfs in smack_d_instantiate()Łukasz Stelmach2015-01-191-2/+14
| | | | | | | | | | | | | | | | Files created with __shmem_file_stup() appear to have somewhat fake dentries which make them look like root directories and not get the label the current process or ("*") star meant for tmpfs files. Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
| * smack: fix logic in smack_inode_init_security functionLukasz Pawelczyk2015-01-191-3/+2
| | | | | | | | | | | | | | | | | | In principle if this function was called with "value" == NULL and "len" not NULL it could return different results for the "len" compared to a case where "name" was not NULL. This is a hypothetical case that does not exist in the kernel, but it's a logic bug nonetheless. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
| * smack: miscellaneous small fixes in function commentsLukasz Pawelczyk2015-01-191-5/+9
| | | | | | | | Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
* | tpm: fix format string error in tpm-chip.cJarkko Sakkinen2015-01-201-1/+1
| | | | | | | | | | | | | | | | | | | | dev_set_name() takes three arguments where the second argument is a format string. This patch fixes the call accordingly in tpm-chip.c Reported-by: kbuild test robot <fengguang.wu@intel.com> Fixes: 313d21eeab92 ("tpm: device class for tpm") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | char/tpm/tpm_crb: fix build errorJarkko Sakkinen2015-01-191-1/+1
| | | | | | | | | | | | | | | | SIMPLE_DEV_PM_OPS() was inside #ifdef CONFIG_PM_SLEEP. Fixes: 30fc8d1 ("tpm: TPM 2.0 CRB Interface") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | char/tpm: fixed white spaces coding style issuesBruno E O Meneguele2015-01-182-4/+4
| | | | | | | | | | | | | | | | Fixed some coding style issues reported by checkpatch. Signed-off-by: Bruno E O Meneguele <bmeneguele@gmail.com> [phuewe: ported to latest code] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | MAINTAINERS: Add Patchwork and Git URL for TPMDDPeter Huewe2015-01-171-0/+2
| | | | | | | | | | | | | | Maybe it helps people finding the right tree and also simplifies tracking of their patches Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33/dts/st33zp24-i2c: Rename st33zp24 dts documentationChristophe Ricard2015-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | st33zp24 exists in i2c and spi version. Both have different possible configuration. st33zp24.txt is renamed st33zp24-i2c.txt. Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Change tpm_i2c_stm_st33.h to tpm_stm_st33.hChristophe Ricard2015-01-172-7/+7
| | | | | | | | | | | | | | | | | | | | include/linux/platform_data/tpm_i2c_stm_st33.h can be used by other st33 tpm device driver not using i2c protocol. Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Replace remaining r by retChristophe Ricard2015-01-171-4/+4
| | | | | | | | | | | | | | | | | | Some places are still using r instead of ret. Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Sanity cleanupChristophe Ricard2015-01-171-3/+3
| | | | | | | | | | | | | | | | | | Cleanup header description and correct some indent. Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Remove sparse spacesChristophe Ricard2015-01-171-5/+3
| | | | | | | | | | | | | | | | | | Remove some useless spaces (new line or space) Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFOChristophe Ricard2015-01-171-2/+5
| | | | | | | | | | | | | | | | | | | | Add a return value check when reading data from the FIFO register. Cc: <stable@vger.kernel.org> Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: TPM 2.0 FIFO InterfaceJarkko Sakkinen2015-01-171-23/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Detect TPM 2.0 by sending idempotent TPM 2.x command. Ordinals for TPM 2.0 are higher than TPM 1.x commands so this should be fail-safe. Using STS3 is unreliable because some chips just report 0xff and not what the spec says. Before TPM family is detected, timeouts are set to the maximum values for both TPM 1.x and TPM 2.x. In addition to this, suspend/resume functionality is implemented for TPM 2.x. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Will Arthur <will.c.arthur@intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Tested-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: TPM 2.0 CRB InterfaceJarkko Sakkinen2015-01-174-0/+367
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tpm_crb is a driver for TPM 2.0 Command Response Buffer (CRB) Interface as defined in PC Client Platform TPM Profile (PTP) Specification. Only polling and single locality is supported as these are the limitations of the available hardware, Platform Trust Techonlogy (PTT) in Haswell CPUs. The driver always applies CRB with ACPI start because PTT reports using only ACPI start as start method but as a result of my testing it requires also CRB start. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: TPM 2.0 baseline supportJarkko Sakkinen2015-01-175-14/+721
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TPM 2.0 devices are separated by adding a field 'flags' to struct tpm_chip and defining a flag TPM_CHIP_FLAG_TPM2 for tagging them. This patch adds the following internal functions: - tpm2_get_random() - tpm2_get_tpm_pt() - tpm2_pcr_extend() - tpm2_pcr_read() - tpm2_startup() Additionally, the following exported functions are implemented for implementing TPM 2.0 device drivers: - tpm2_do_selftest() - tpm2_calc_ordinal_durations() - tpm2_gen_interrupt() The existing functions that are exported for the use for existing subsystems have been changed to check the flags field in struct tpm_chip and use appropriate TPM 2.0 counterpart if TPM_CHIP_FLAG_TPM2 is est. The code for tpm2_calc_ordinal_duration() and tpm2_startup() were originally written by Will Arthur. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Will Arthur <will.c.arthur@intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Tested-by: Peter Huewe <peterhuewe@gmx.de> [phuewe: Fixed copy paste error * 2] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: device class for tpmJarkko Sakkinen2015-01-177-61/+116
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added own device class for TPM. Uses MISC_MAJOR:TPM_MINOR for the first character device in order to retain backwards compatibility. Added tpm_dev_release() back attached to the character device. I've been running this code now for a while on my laptop (Lenovo T430S) TrouSerS works perfectly without modifications. I don't believe it breaks anything significantly. The sysfs attributes that have been placed under the wrong place and are against sysfs-rules.txt should be probably left to stagnate under platform device directory and start defining new sysfs attributes to the char device directory. Guidelines for future TPM sysfs attributes should be probably along the lines of - Single flat set of mandatory sysfs attributes. For example, current PPI interface is way way too rich when you only want to use it to clear and activate the TPM. - Define sysfs attribute if and only if there's no way to get the value from ring-3. No attributes for TPM properties. It's just unnecessary maintenance hurdle that we don't want. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: Scot Doyle <lkml14@scotdoyle.com> Tested-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: rename chip->dev to chip->pdevJarkko Sakkinen2015-01-1714-94/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | Rename chip->dev to chip->pdev to make it explicit that this not the character device but actually represents the platform device. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Tested-by: Scot Doyle <lkml14@scotdoyle.com> Tested-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: fix raciness of PPI interface lookupJarkko Sakkinen2015-01-174-64/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Traversal of the ACPI device tree was not done right. PPI interface should be looked up only from the ACPI device that is the platform device for the TPM. This could cause problems with systems with two TPM chips such as 4th gen Intel systems. In addition, added the missing license and copyright platter to the tpm_ppi.c. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: Scot Doyle <lkml14@scotdoyle.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: two-phase chip management functionsJarkko Sakkinen2015-01-1714-338/+329
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tpm_register_hardware() and tpm_remove_hardware() are called often before initializing the device. The problem is that the device might not be fully initialized when it comes visible to the user space. This patch resolves the issue by diving initialization into two parts: - tpmm_chip_alloc() creates struct tpm_chip. - tpm_chip_register() sets up the character device and sysfs attributes. The framework takes care of freeing struct tpm_chip by using the devres API. The broken release callback has been wiped. ACPI drivers do not ever get this callback. Regards to Jason Gunthorpe for carefully reviewing this part of the code. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: Scot Doyle <lkml14@scotdoyle.com> Tested-by: Peter Huewe <peterhuewe@gmx.de> [phuewe: update to upstream changes] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm: merge duplicate transmit_cmd() functionsJarkko Sakkinen2015-01-173-45/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Merged transmit_cmd() functions in tpm-interface.c and tpm-sysfs.c. Added "tpm_" prefix for consistency sake. Changed cmd parameter as opaque. This enables to use separate command structures for TPM1 and TPM2 commands in future. Loose coupling works fine here. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Tested-by: Scot Doyle <lkml14@scotdoyle.com> Tested-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm_ibmvtpm: Update email address in maintainers list and ibmvtpm driverAshley Lai2015-01-174-4/+10
| | | | | | | | | | | | | | | | | | Added myself as a maintainer for the IBM vtpm driver and removed myself from the tpm maintainer list. Also, updated the tpm_ibmvtpm driver with my current email address. Signed-off-by: Ashley Lai <ashleydlai@gmail.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Fix coccinelle warnings. Possible NULL pointer dereferenceChristophe Ricard2015-01-171-1/+1
| | | | | | | | | | | | | | | | If !client the kernel mays oops in dev_info when doing client->dev. Reported-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Increment driver version to 1.2.1.Christophe Ricard2015-01-171-3/+3
| | | | | | | | | | | | | | | | Many changes were added to the driver so increment the version. Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Remove useless i2c read on interrupt registersChristophe Ricard2015-01-171-8/+0
| | | | | | | | | | | | | | | | Remove useless i2c read on TPM_INT_ENABLE and TPM_INT_STATUS Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Interrupt management improvementChristophe Ricard2015-01-171-88/+109
| | | | | | | | | | | | | | | | | | | | Improve the irq management by using a new function wait_for_stat. Instead of using a completion struct, we rely on the waitqueue read_queue and int_queue from chip->vendor field. Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Few code cleanupChristophe Ricard2015-01-171-16/+16
| | | | | | | | | | | | | | | | Cleanup code indentation, braces, test variable when NULL. Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33/dts/st33zp24_i2c: Add DTS DocumentationChristophe Ricard2015-01-171-0/+36
| | | | | | | | | | | | | | | | | | st33zp24 tpm can be seen as a trivial i2c device as other i2c tpm. However several other properties needs to be documented such as lpcpd. Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Add devicetree structureChristophe Ricard2015-01-171-50/+116
| | | | | | | | | | | | | | | | | | | | | | | | Add tpm_stm_st33_i2c dts structure keeping backward compatibility with static platform_data support as well. In the mean time to easy this update and to make it much simpler, we: - Moved all gpio_request to devm_gpio_request_one primitive - Moved request_irq to devm_request_irq Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* | tpm/tpm_i2c_stm_st33: Replace tpm_st33_* function with tpm_stm_*Christophe Ricard2015-01-171-25/+25
| | | | | | | | | | | | | | | | For sanity, replace every tpm_st33_* with tpm_stm_* Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>