starlingx
/
kernel
Code Issues Proposed changes

Upgrade tpm driver to align with 4.18.0-147.3.1 kernel from CentOS 8.1 

(cherry picked from commit a9e5bdc3399459e7e30286506749d7ab2abc964b)

tpm source code is changed to get from kernel tarball, in order to avoid
build error.
5 UPSTREAM patches are deleted due to upstream already contain them.
disable-arm64-acpi-command.patch is deleted due to it is not needed.
tpm-kmod.spec.patchlist is deleted since it is not used.
kcompat.h in 0002-tpmdd-kcompat-support.patch is removed, and the macro
definition "CONFIG_TCG_TPM_MODULE" is moved to KCFLAGS in spec file.
elfutils-libelf-devel is added in BuildRequires to fix below error:
"
Makefile:977: "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y,
please install libelf-dev, libelf-devel or elfutils-libelf-devel". Stop.
"

Change-Id: I74f1c20a3dc3d61bcf975569dda9bdf85ec76be6
Story: 2007308
Task: 38808
Depends-On: https://review.opendev.org/720325
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
This commit is contained in:
Dongqi Chen 2020-04-16 11:17:09 +08:00 committed by Lin Shuicheng
parent 087df449cb
commit edeca0ad38
12 changed files with 39 additions and 896 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
centos_tarball-dl.lst
View File

@ -1,3 +1,4 @@
!linux-4.18.0-147.3.1.el8_1.tar.gz#linux-4.18.0-147.3.1.el8_1#https://git.centos.org/sources/kernel/c8/0ee7820c1d452ac7f71c1b1f568f74cd6e8458e8#http_script#post-dl-script/tpm-kmod.sh
drbd-8.4.11-1.tar.gz#drbd-8.4.11-1#http://www.linbit.com/downloads/drbd/8.4/drbd-8.4.11-1.tar.gz#http##
e1000e-3.4.2.1.tar.gz#e1000e-3.4.2.1#https://sourceforge.net/projects/e1000/files/e1000e%20stable/3.4.2.1/e1000e-3.4.2.1.tar.gz#http##
i40e-2.10.19.82.tar.gz#i40e-2.10.19.82#https://sourceforge.net/projects/e1000/files/i40e%20stable/2.10.19.82/i40e-2.10.19.82.tar.gz/download#http##

4
kernel-modules/tpmdd/centos/build_srpm.data
View File

@ -1,5 +1,5 @@
COPY_LIST=" \
$PKG_BASE/files/* \
$PKG_BASE/patches/* \
$STX_BASE/downloads/tpm-kmod-e6aef069.tar.gz"
TIS_PATCH_VER=6
$STX_BASE/downloads/tpm-kmod-147.3.1.tar.gz"
TIS_PATCH_VER=1

24
kernel-modules/tpmdd/centos/tpm-kmod.spec
View File

@ -10,32 +10,26 @@
Name: %{kmod_name}-kmod%{?bt_ext}
# the version is the Kernel version from which
# this driver is extracted
Version: 4.12
Version: 4.18
Release: 0%{?_tis_dist}.%{tis_patch_ver}
Group: System Environment/Kernel
License: GPLv2
Summary: %{kmod_name}%{?bt_ext} kernel module(s)
BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl
BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl, elfutils-libelf-devel
ExclusiveArch: x86_64
# Sources.
# the tpmdd is available as a tarball, with
# the git commit Id referenced in the name
Source0: %{kmod_name}-kmod-e6aef069.tar.gz
# the kernel minor version in the name
Source0: %{kmod_name}-kmod-147.3.1.tar.gz
Source1: modules-load.conf
Source2: COPYING
Source3: README
# Patches
Patch01: 0001-disable-arm64-acpi-command.patch
Patch02: 0002-tpmdd-kcompat-support.patch
Patch03: UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch
Patch04: UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch
Patch05: UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch
Patch06: UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch
Patch07: UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch
Patch08: UPSTREAM-0006-tpm-use-struct-tpm_chip.patch
Patch01: tpmdd-kcompat-support.patch
Patch20: UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch
%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//')
@ -108,7 +102,7 @@ of the same variant of the Linux kernel and not on any one specific build.
%build
# build out all the TPM kernel modules
%{__make} KSRC=%{_usrsrc}/kernels/%{kversion}
%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} KCFLAGS="-DCONFIG_TCG_TPM_MODULE"
%install
%{__install} -d %{buildroot}/lib/modules/%{kversion}/kernel/drivers/char/%{kmod_name}/
@ -130,10 +124,10 @@ find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \;
# Always Sign the modules(s).
# If the module signing keys are not defined, define them here.
%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv}
%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.pem}
%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509}
for module in $(find %{buildroot} -type f -name \*.ko);
do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \
do /usr/src/kernels/%{kversion}/scripts/sign-file \
sha256 %{privkey} %{pubkey} $module;
done

39
kernel-modules/tpmdd/patches/0001-disable-arm64-acpi-command.patch
View File

@ -1,39 +0,0 @@
From: Kam Nasim <kam.nasim@windriver.com>
Date: Tue, 26 Apr 2017 12:23:03 -0400
Subject: [PATCH] ARM64 based ACPI commands should not be compiled
---
tpm_crb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/tpm_crb.c
+++ b/tpm_crb.c
@@ -531,7 +531,6 @@ static int crb_acpi_add(struct acpi_devi
struct crb_priv *priv;
struct tpm_chip *chip;
struct device *dev = &device->dev;
- struct tpm2_crb_smc *crb_smc;
acpi_status status;
u32 sm;
int rc;
@@ -564,6 +563,7 @@ static int crb_acpi_add(struct acpi_devi
sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD)
priv->flags |= CRB_FL_ACPI_START;
+#ifdef CONFIG_ARM64
if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_SMC) {
if (buf->header.length < (sizeof(*buf) + sizeof(*crb_smc))) {
dev_err(dev,
@@ -572,10 +572,11 @@ static int crb_acpi_add(struct acpi_devi
ACPI_TPM2_COMMAND_BUFFER_WITH_SMC);
return -EINVAL;
}
- crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, sizeof(*buf));
+ struct tpm2_crb_smc *crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, sizeof(*buf));
priv->smc_func_id = crb_smc->smc_func_id;
priv->flags |= CRB_FL_CRB_SMC_START;
}
+#endif
rc = crb_map_io(device, priv, buf);
if (rc)

200
kernel-modules/tpmdd/patches/UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch
View File

@ -1,200 +0,0 @@
From 9f3fc7bcddcb51234e23494531f93ab60475e1c3 Mon Sep 17 00:00:00 2001
From: Hamza Attak <hamza@hpe.com>
Date: Mon, 14 Aug 2017 19:09:16 +0100
Subject: [PATCH] tpm: replace msleep() with usleep_range() in TPM 1.2/2.0
generic drivers
The patch simply replaces all msleep function calls with usleep_range calls
in the generic drivers.
Tested with an Infineon TPM 1.2, using the generic tpm-tis module, for a
thousand PCR extends, we see results going from 1m57s unpatched to 40s
with the new patch. We obtain similar results when using the original and
patched tpm_infineon driver, which is also part of the patch.
Similarly with a STM TPM 2.0, using the CRB driver, it takes about 20ms per
extend unpatched and around 7ms with the new patch.
Note that the PCR consistency is untouched with this patch, each TPM has
been tested with 10 million extends and the aggregated PCR value is
continuously verified to be correct.
As an extension of this work, this could potentially and easily be applied
to other vendor's drivers. Still, these changes are not included in the
proposed patch as they are untested.
Signed-off-by: Hamza Attak <hamza@hpe.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
---
tpm-interface.c | 10 +++++-----
tpm.h | 9 ++++++++-
tpm2-cmd.c | 2 +-
tpm_infineon.c | 6 +++---
tpm_tis_core.c | 8 ++++----
5 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/tpm-interface.c b/tpm-interface.c
index fe597e6..1d6729b 100644
--- a/tpm-interface.c
+++ b/tpm-interface.c
@@ -455,7 +455,7 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
goto out;
}
- msleep(TPM_TIMEOUT); /* CHECK */
+ tpm_msleep(TPM_TIMEOUT);
rmb();
} while (time_before(jiffies, stop));
@@ -970,7 +970,7 @@ int tpm_do_selftest(struct tpm_chip *chip)
dev_info(
&chip->dev, HW_ERR
"TPM command timed out during continue self test");
- msleep(delay_msec);
+ tpm_msleep(delay_msec);
continue;
}
@@ -985,7 +985,7 @@ int tpm_do_selftest(struct tpm_chip *chip)
}
if (rc != TPM_WARN_DOING_SELFTEST)
return rc;
- msleep(delay_msec);
+ tpm_msleep(delay_msec);
} while (--loops > 0);
return rc;
@@ -1085,7 +1085,7 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
}
} else {
do {
- msleep(TPM_TIMEOUT);
+ tpm_msleep(TPM_TIMEOUT);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
@@ -1150,7 +1150,7 @@ int tpm_pm_suspend(struct device *dev)
*/
if (rc != TPM_WARN_RETRY)
break;
- msleep(TPM_TIMEOUT_RETRY);
+ tpm_msleep(TPM_TIMEOUT_RETRY);
}
if (rc)
diff --git a/tpm.h b/tpm.h
index 04fbff2..2d5466a 100644
--- a/tpm.h
+++ b/tpm.h
@@ -50,7 +50,8 @@ enum tpm_const {
enum tpm_timeout {
TPM_TIMEOUT = 5, /* msecs */
- TPM_TIMEOUT_RETRY = 100 /* msecs */
+ TPM_TIMEOUT_RETRY = 100, /* msecs */
+ TPM_TIMEOUT_RANGE_US = 300 /* usecs */
};
/* TPM addresses */
@@ -527,6 +528,12 @@ ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
wait_queue_head_t *queue, bool check_cancel);
+static inline void tpm_msleep(unsigned int delay_msec)
+{
+ usleep_range(delay_msec * 1000,
+ (delay_msec * 1000) + TPM_TIMEOUT_RANGE_US);
+};
+
struct tpm_chip *tpm_chip_find_get(int chip_num);
__must_check int tpm_try_get_ops(struct tpm_chip *chip);
void tpm_put_ops(struct tpm_chip *chip);
diff --git a/tpm2-cmd.c b/tpm2-cmd.c
index f7f34b2a..e1a41b7 100644
--- a/tpm2-cmd.c
+++ b/tpm2-cmd.c
@@ -899,7 +899,7 @@ static int tpm2_do_selftest(struct tpm_chip *chip)
if (rc != TPM2_RC_TESTING)
break;
- msleep(delay_msec);
+ tpm_msleep(delay_msec);
}
return rc;
diff --git a/tpm_infineon.c b/tpm_infineon.c
index 3b1b9f9..d8f1004 100644
--- a/tpm_infineon.c
+++ b/tpm_infineon.c
@@ -191,7 +191,7 @@ static int wait(struct tpm_chip *chip, int wait_for_bit)
/* check the status-register if wait_for_bit is set */
if (status & 1 << wait_for_bit)
break;
- msleep(TPM_MSLEEP_TIME);
+ tpm_msleep(TPM_MSLEEP_TIME);
}
if (i == TPM_MAX_TRIES) { /* timeout occurs */
if (wait_for_bit == STAT_XFE)
@@ -226,7 +226,7 @@ static void tpm_wtx(struct tpm_chip *chip)
wait_and_send(chip, TPM_CTRL_WTX);
wait_and_send(chip, 0x00);
wait_and_send(chip, 0x00);
- msleep(TPM_WTX_MSLEEP_TIME);
+ tpm_msleep(TPM_WTX_MSLEEP_TIME);
}
static void tpm_wtx_abort(struct tpm_chip *chip)
@@ -237,7 +237,7 @@ static void tpm_wtx_abort(struct tpm_chip *chip)
wait_and_send(chip, 0x00);
wait_and_send(chip, 0x00);
number_of_wtx = 0;
- msleep(TPM_WTX_MSLEEP_TIME);
+ tpm_msleep(TPM_WTX_MSLEEP_TIME);
}
static int tpm_inf_recv(struct tpm_chip *chip, u8 * buf, size_t count)
diff --git a/tpm_tis_core.c b/tpm_tis_core.c
index b617b2e..63bc6c3 100644
--- a/tpm_tis_core.c
+++ b/tpm_tis_core.c
@@ -51,7 +51,7 @@ static int wait_startup(struct tpm_chip *chip, int l)
if (access & TPM_ACCESS_VALID)
return 0;
- msleep(TPM_TIMEOUT);
+ tpm_msleep(TPM_TIMEOUT);
} while (time_before(jiffies, stop));
return -1;
}
@@ -117,7 +117,7 @@ static int request_locality(struct tpm_chip *chip, int l)
do {
if (check_locality(chip, l))
return l;
- msleep(TPM_TIMEOUT);
+ tpm_msleep(TPM_TIMEOUT);
} while (time_before(jiffies, stop));
}
return -1;
@@ -164,7 +164,7 @@ static int get_burstcount(struct tpm_chip *chip)
burstcnt = (value >> 8) & 0xFFFF;
if (burstcnt)
return burstcnt;
- msleep(TPM_TIMEOUT);
+ tpm_msleep(TPM_TIMEOUT);
} while (time_before(jiffies, stop));
return -EBUSY;
}
@@ -396,7 +396,7 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
priv->irq = irq;
chip->flags |= TPM_CHIP_FLAG_IRQ;
if (!priv->irq_tested)
- msleep(1);
+ tpm_msleep(1);
if (!priv->irq_tested)
disable_interrupts(chip);
priv->irq_tested = true;
--
1.8.3.1

59
kernel-modules/tpmdd/patches/UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch
View File

@ -1,59 +0,0 @@
From 19b460f3fe98b0513bf5a52f63e19bc120bd8093 Mon Sep 17 00:00:00 2001
From: Nayna Jain <nayna@linux.vnet.ibm.com>
Date: Fri, 10 Nov 2017 16:33:06 -0500
Subject: [PATCH] =?UTF-8?q?tpm:=20reduce=C2=A0tpm=C2=A0polling=C2=A0delay?=
=?UTF-8?q?=C2=A0in=C2=A0tpm=5Ftis=5Fcore?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The existing wait_for_tpm_stat() polls for the chip status after
5msec sleep. As per TCG ddwg input, it is expected that tpm might
return status in few usec. So, reducing the delay in polling to
1msec.
Similarly, get_burstcount() function sleeps for 5msec before
retrying for next query to burstcount in a loop. If it takes
lesser time for TPM to return, this 5msec delay is longer than
necessary.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~14sec to ~9sec.
Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
tpm-interface.c | 2 +-
tpm_tis_core.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tpm-interface.c b/tpm-interface.c
index 66d671b..9971422 100644
--- a/tpm-interface.c
+++ b/tpm-interface.c
@@ -1050,7 +1050,7 @@ again:
}
} else {
do {
- tpm_msleep(TPM_TIMEOUT);
+ tpm_msleep(1);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
diff --git a/tpm_tis_core.c b/tpm_tis_core.c
index 63bc6c3..d87255f 100644
--- a/tpm_tis_core.c
+++ b/tpm_tis_core.c
@@ -164,7 +164,7 @@ static int get_burstcount(struct tpm_chip *chip)
burstcnt = (value >> 8) & 0xFFFF;
if (burstcnt)
return burstcnt;
- tpm_msleep(TPM_TIMEOUT);
+ tpm_msleep(1);
} while (time_before(jiffies, stop));
return -EBUSY;
}
--
1.8.3.1

37
kernel-modules/tpmdd/patches/UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch
View File

@ -1,37 +0,0 @@
From 86d94390d9b97639fecb3e032120b93004a3036d Mon Sep 17 00:00:00 2001
From: Nayna Jain <nayna@linux.vnet.ibm.com>
Date: Fri, 10 Nov 2017 16:42:19 -0500
Subject: [PATCH] tpm: use tpm_msleep() value as max delay
Currently, tpm_msleep() uses delay_msec as the minimum value in
usleep_range. However, that is the maximum time we want to wait.
The function is modified to use the delay_msec as the maximum
value, not the minimum value.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~9sec to ~8sec.
Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
tpm.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tpm.h b/tpm.h
index d9c3659..6f3297e 100644
--- a/tpm.h
+++ b/tpm.h
@@ -550,8 +550,8 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
static inline void tpm_msleep(unsigned int delay_msec)
{
- usleep_range(delay_msec * 1000,
- (delay_msec * 1000) + TPM_TIMEOUT_RANGE_US);
+ usleep_range((delay_msec * 1000) - TPM_TIMEOUT_RANGE_US,
+ delay_msec * 1000);
};
struct tpm_chip *tpm_chip_find_get(int chip_num);
--
1.8.3.1

123
kernel-modules/tpmdd/patches/UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch
View File

@ -1,123 +0,0 @@
From 2e23fe68b72638a1185f6243528f05f7dc665a3a Mon Sep 17 00:00:00 2001
From: Nayna Jain <nayna@linux.vnet.ibm.com>
Date: Tue, 14 Nov 2017 11:01:56 -0500
Subject: [PATCH] tpm: define __wait_for_tpm_stat to specify variable polling
sleep time
The existing wait_for_tpm_stat() checks the chip status before
sleeping for 5 msec in a polling loop. For some functions although
the status isn't ready immediately, the status returns extremely
quickly. Waiting for 5 msec causes an unnecessary delay. An
example is the send() call in the tpms_tis driver.
This patch defines __wait_for_tpm_stat(), allowing the caller
to specify the polling sleep timeout value within the loop.
The existing wait_for_tpm_stat() becomes a wrapper for this
function.
After this change, performance on a TPM 1.2 with an 8 byte
burstcount for 1000 extends improved from ~14sec to ~10sec.
Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
tpm-interface.c | 15 ++++++++++++---
tpm.h | 3 +++
tpm_tis_core.c | 13 +++++++------
3 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/tpm-interface.c b/tpm-interface.c
index 9971422..69041ec 100644
--- a/tpm-interface.c
+++ b/tpm-interface.c
@@ -1015,8 +1015,9 @@ static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
return false;
}
-int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
- wait_queue_head_t *queue, bool check_cancel)
+int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
+ unsigned int poll_sleep, wait_queue_head_t *queue,
+ bool check_cancel)
{
unsigned long stop;
long rc;
@@ -1050,7 +1051,7 @@ again:
}
} else {
do {
- tpm_msleep(1);
+ tpm_msleep(poll_sleep);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
@@ -1058,6 +1059,14 @@ again:
}
return -ETIME;
}
+EXPORT_SYMBOL_GPL(__wait_for_tpm_stat);
+
+int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
+ wait_queue_head_t *queue, bool check_cancel)
+{
+ return __wait_for_tpm_stat(chip, mask, timeout, TPM_TIMEOUT,
+ queue, check_cancel);
+}
EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
#define TPM_ORD_SAVESTATE cpu_to_be32(152)
diff --git a/tpm.h b/tpm.h
index 6f3297e..e2c9f06 100644
--- a/tpm.h
+++ b/tpm.h
@@ -545,6 +545,9 @@ int tpm_do_selftest(struct tpm_chip *chip);
unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm_pm_suspend(struct device *dev);
int tpm_pm_resume(struct device *dev);
+int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
+ unsigned long timeout, unsigned int poll_sleep,
+ wait_queue_head_t *queue, bool check_cancel);
int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
wait_queue_head_t *queue, bool check_cancel);
diff --git a/tpm_tis_core.c b/tpm_tis_core.c
index d87255f..330b1a7 100644
--- a/tpm_tis_core.c
+++ b/tpm_tis_core.c
@@ -262,9 +262,9 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
status = tpm_tis_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
tpm_tis_ready(chip);
- if (wait_for_tpm_stat
- (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
- &priv->int_queue, false) < 0) {
+ if (__wait_for_tpm_stat
+ (chip, TPM_STS_COMMAND_READY, chip->timeout_b, 1,
+ &priv->int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
}
@@ -285,7 +285,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
count += burstcnt;
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
+ if (__wait_for_tpm_stat(chip, TPM_STS_VALID,
+ chip->timeout_c, 1,
&priv->int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
@@ -302,8 +303,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
if (rc < 0)
goto out_err;
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
- &priv->int_queue, false) < 0) {
+ if (__wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
+ 1, &priv->int_queue, false) < 0) {
rc = -ETIME;
goto out_err;
}
--
1.8.3.1

25
kernel-modules/tpmdd/patches/UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch
View File

@ -1,7 +1,8 @@
From e82060f0cf390ba8e4f79a54e68cef9a38088104 Mon Sep 17 00:00:00 2001
From 4f19722fd1dfbd1f692f4158bcee0c47ba4b1869 Mon Sep 17 00:00:00 2001
From: Nayna Jain <nayna@linux.vnet.ibm.com>
Date: Fri, 10 Nov 2017 17:16:35 -0500
Subject: [PATCH] tpm: ignore burstcount to improve tpm_tis send() performance
Subject: [PATCH 3/3] tpm: ignore burstcount to improve tpm_tis send()
performance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@ -25,14 +26,14 @@ Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
tpm_tis_core.c | 42 +++++++++++++++---------------------------
1 file changed, 15 insertions(+), 27 deletions(-)
tpm_tis_core.c | 43 +++++++++++++++----------------------------
1 file changed, 15 insertions(+), 28 deletions(-)
diff --git a/tpm_tis_core.c b/tpm_tis_core.c
index a338701..a6b4149 100644
index b9f6468..54a6490 100644
--- a/tpm_tis_core.c
+++ b/tpm_tis_core.c
@@ -256,7 +256,6 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
@@ -367,7 +367,6 @@ static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
{
struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
int rc, status, burstcnt;
@ -40,10 +41,11 @@ index a338701..a6b4149 100644
bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
status = tpm_tis_status(chip);
@@ -270,36 +269,25 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
@@ -380,36 +379,24 @@ static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
goto out_err;
}
}
-
- while (count < len - 1) {
- burstcnt = get_burstcount(chip);
- if (burstcnt < 0) {
@ -56,11 +58,10 @@ index a338701..a6b4149 100644
- burstcnt, buf + count);
- if (rc < 0)
- goto out_err;
-
- count += burstcnt;
-
- if (__wait_for_tpm_stat(chip, TPM_STS_VALID,
- chip->timeout_c, 1,
- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
- &priv->int_queue, false) < 0) {
- rc = -ETIME;
- goto out_err;
@ -93,5 +94,5 @@ index a338701..a6b4149 100644
goto out_err;
--
1.8.3.1
2.7.4

327
kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch
View File

@ -1,327 +0,0 @@
From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001
From: Shuicheng Lin <shuicheng.lin@intel.com>
Date: Sat, 29 Dec 2018 02:51:39 +0800
Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6
3.10.0-957.1.3 kernel
[commit aad887f6641145fec2a801da2ce4ed36cf99c6a5 from Upstream linux-tpmdd repo]
"
From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Sun, 5 Nov 2017 13:16:26 +0200
Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get()
Device number (the character device index) is not a stable identifier
for a TPM chip. That is the reason why every call site passes
TPM_ANY_NUM to tpm_chip_find_get().
This commit changes the API in a way that instead a struct tpm_chip
instance is given and NULL means the default chip. In addition, this
commit refines the documentation to be up to date with the
implementation.
Suggested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> (@chip_num -> @chip part)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgg@ziepe.ca>
Tested-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
"
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
tpm-chip.c | 15 +++----
tpm-interface.c | 133 +++++++++++++++++++++++++++++---------------------------
tpm.h | 2 +-
3 files changed, 76 insertions(+), 74 deletions(-)
diff --git a/tpm-chip.c b/tpm-chip.c
index a321bd5..84710e0 100644
--- a/tpm-chip.c
+++ b/tpm-chip.c
@@ -80,21 +80,21 @@ void tpm_put_ops(struct tpm_chip *chip)
EXPORT_SYMBOL_GPL(tpm_put_ops);
/**
- * tpm_chip_find_get() - return tpm_chip for a given chip number
- * @chip_num: id to find
+ * tpm_chip_find_get() - find and reserve a TPM chip
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
*
* The return'd chip has been tpm_try_get_ops'd and must be released via
* tpm_put_ops
*/
-struct tpm_chip *tpm_chip_find_get(int chip_num)
+struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip)
{
- struct tpm_chip *chip, *res = NULL;
+ struct tpm_chip *res = NULL;
+ int chip_num = 0;
int chip_prev;
mutex_lock(&idr_lock);
- if (chip_num == TPM_ANY_NUM) {
- chip_num = 0;
+ if (!chip) {
do {
chip_prev = chip_num;
chip = idr_get_next(&dev_nums_idr, &chip_num);
@@ -104,8 +104,7 @@ struct tpm_chip *tpm_chip_find_get(int chip_num)
}
} while (chip_prev != chip_num);
} else {
- chip = idr_find(&dev_nums_idr, chip_num);
- if (chip && !tpm_try_get_ops(chip))
+ if (!tpm_try_get_ops(chip))
res = chip;
}
diff --git a/tpm-interface.c b/tpm-interface.c
index 69041ec..036c6b6 100644
--- a/tpm-interface.c
+++ b/tpm-interface.c
@@ -787,19 +787,18 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
}
/**
- * tpm_is_tpm2 - is the chip a TPM2 chip?
- * @chip_num: tpm idx # or ANY
+ * tpm_is_tpm2 - do we a have a TPM2 chip?
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
*
* Returns < 0 on error, and 1 or 0 on success depending whether the chip
* is a TPM2 chip.
*/
-int tpm_is_tpm2(u32 chip_num)
+int tpm_is_tpm2(struct tpm_chip *chip)
{
- struct tpm_chip *chip;
int rc;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL)
+ chip = tpm_chip_find_get(chip);
+ if (!chip)
return -ENODEV;
rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
@@ -811,23 +810,18 @@ int tpm_is_tpm2(u32 chip_num)
EXPORT_SYMBOL_GPL(tpm_is_tpm2);
/**
- * tpm_pcr_read - read a pcr value
- * @chip_num: tpm idx # or ANY
- * @pcr_idx: pcr idx to retrieve
- * @res_buf: TPM_PCR value
- * size of res_buf is 20 bytes (or NULL if you don't care)
- *
- * The TPM driver should be built-in, but for whatever reason it
- * isn't, protect against the chip disappearing, by incrementing
- * the module usage count.
+ * tpm_pcr_read - read a PCR value from SHA1 bank
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
+ * @pcr_idx: the PCR to be retrieved
+ * @res_buf: the value of the PCR
+ * Return: same as with tpm_transmit_cmd()
*/
-int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf)
+int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
{
- struct tpm_chip *chip;
int rc;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL)
+ chip = tpm_chip_find_get(chip);
+ if (!chip)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2)
rc = tpm2_pcr_read(chip, pcr_idx, res_buf);
@@ -848,26 +842,27 @@ static const struct tpm_input_header pcrextend_header = {
};
/**
- * tpm_pcr_extend - extend pcr value with hash
- * @chip_num: tpm idx # or AN&
- * @pcr_idx: pcr idx to extend
- * @hash: hash value used to extend pcr value
+ * tpm_pcr_extend - extend a PCR value in SHA1 bank.
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
+ * @pcr_idx: the PCR to be retrieved
+ * @hash: the hash value used to extend the PCR value
*
- * The TPM driver should be built-in, but for whatever reason it
- * isn't, protect against the chip disappearing, by incrementing
- * the module usage count.
+ * Note: with TPM 2.0 extends also those banks with a known digest size to the
+ * cryto subsystem in order to prevent malicious use of those PCR banks. In the
+ * future we should dynamically determine digest sizes.
+ *
+ * Return: same as with tpm_transmit_cmd()
*/
-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
+int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
{
struct tpm_cmd_t cmd;
int rc;
- struct tpm_chip *chip;
struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)];
u32 count = 0;
int i;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL)
+ chip = tpm_chip_find_get(chip);
+ if (!chip)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
@@ -984,17 +979,24 @@ out:
return rc;
}
-int tpm_send(u32 chip_num, void *cmd, size_t buflen)
+/**
+ * tpm_send - send a TPM command
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
+ * @cmd: a TPM command buffer
+ * @buflen: the length of the TPM command buffer
+ *
+ * Return: same as with tpm_transmit_cmd()
+ */
+int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
{
- struct tpm_chip *chip;
int rc;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL)
+ chip = tpm_chip_find_get(chip);
+ if (!chip)
return -ENODEV;
rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0,
- "attempting tpm_cmd");
+ "attempting to a send a command");
tpm_put_ops(chip);
return rc;
}
@@ -1164,16 +1166,15 @@ static const struct tpm_input_header tpm_getrandom_header = {
};
/**
- * tpm_get_random() - Get random bytes from the tpm's RNG
- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
- * @out: destination buffer for the random bytes
- * @max: the max number of bytes to write to @out
+ * tpm_get_random() - get random bytes from the TPM's RNG
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
+ * @out: destination buffer for the random bytes
+ * @max: the max number of bytes to write to @out
*
- * Returns < 0 on error and the number of bytes read on success
+ * Return: same as with tpm_transmit_cmd()
*/
-int tpm_get_random(u32 chip_num, u8 *out, size_t max)
+int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
{
- struct tpm_chip *chip;
struct tpm_cmd_t tpm_cmd;
u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength;
int err, total = 0, retries = 5;
@@ -1182,8 +1183,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
return -EINVAL;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL)
+ chip = tpm_chip_find_get(chip);
+ if (!chip)
return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
@@ -1225,22 +1226,23 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
EXPORT_SYMBOL_GPL(tpm_get_random);
/**
- * tpm_seal_trusted() - seal a trusted key
- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
- * @options: authentication values and other options
- * @payload: the key data in clear and encrypted form
+ * tpm_seal_trusted() - seal a trusted key payload
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
+ * @options: authentication values and other options
+ * @payload: the key data in clear and encrypted form
+ *
+ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
+ * the keyring subsystem.
*
- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
- * are supported.
+ * Return: same as with tpm_transmit_cmd()
*/
-int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
+int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload,
struct trusted_key_options *options)
{
- struct tpm_chip *chip;
int rc;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
+ chip = tpm_chip_find_get(chip);
+ if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
return -ENODEV;
rc = tpm2_seal_trusted(chip, payload, options);
@@ -1251,22 +1253,23 @@ int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
EXPORT_SYMBOL_GPL(tpm_seal_trusted);
/**
- * tpm_unseal_trusted() - unseal a trusted key
- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
- * @options: authentication values and other options
- * @payload: the key data in clear and encrypted form
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
+ * @options: authentication values and other options
+ * @payload: the key data in clear and encrypted form
+ *
+ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
+ * the keyring subsystem.
*
- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
- * are supported.
+ * Return: same as with tpm_transmit_cmd()
*/
-int tpm_unseal_trusted(u32 chip_num, struct trusted_key_payload *payload,
- struct trusted_key_options *options)
+int tpm_unseal_trusted(struct tpm_chip *chip,
+ struct trusted_key_payload *payload,
+ struct trusted_key_options *options)
{
- struct tpm_chip *chip;
int rc;
- chip = tpm_chip_find_get(chip_num);
- if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
+ chip = tpm_chip_find_get(chip);
+ if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
return -ENODEV;
rc = tpm2_unseal_trusted(chip, payload, options);
diff --git a/tpm.h b/tpm.h
index e2c9f06..6d847a2 100644
--- a/tpm.h
+++ b/tpm.h
@@ -557,7 +557,7 @@ static inline void tpm_msleep(unsigned int delay_msec)
delay_msec * 1000);
};
-struct tpm_chip *tpm_chip_find_get(int chip_num);
+struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip);
__must_check int tpm_try_get_ops(struct tpm_chip *chip);
void tpm_put_ops(struct tpm_chip *chip);
--
2.7.4

7
kernel-modules/tpmdd/patches/tpm-kmod.spec.patchlist
View File

@ -1,7 +0,0 @@
0001-disable-arm64-acpi-command.patch
0002-tpmdd-kcompat-support.patch
UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch
UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch
UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch
UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch
UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch

89
kernel-modules/tpmdd/patches/0002-tpmdd-kcompat-support.patch → kernel-modules/tpmdd/patches/tpmdd-kcompat-support.patch
View File

@ -1,35 +1,33 @@
From 70386017de51483cfc9c0fc3e809d6f9867c4c5f Mon Sep 17 00:00:00 2001
Message-Id: <70386017de51483cfc9c0fc3e809d6f9867c4c5f.1507751678.git.Jim.Somerville@windriver.com>
From d2d215014b01dc5c2bce75a2e9e21a3ffefbaa85 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 26 Apr 2017 12:23:03 -0400
Subject: [PATCH 1/1] compat changes for building tpmdd out-of-tree
Subject: [PATCH 2/3] compat changes for building tpmdd out-of-tree
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
Makefile | 110 ++++++++++++++++++++-
common.mk | 332 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
kcompat.h | 39 ++++++++
tpm.h | 3 +
4 files changed, 482 insertions(+), 2 deletions(-)
2 files changed, 440 insertions(+), 2 deletions(-)
create mode 100644 common.mk
create mode 100644 kcompat.h
diff --git a/Makefile b/Makefile
index 23681f0..f3250cc 100644
index a01c4ca..f2736cf 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,9 @@
-#
@@ -1,7 +1,10 @@
# SPDX-License-Identifier: GPL-2.0
#
+
+ifneq ($(KERNELRELEASE),)
+# kbuild part of makefile
# Makefile for the kernel tpm device drivers.
#
-#
+
obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
tpm-dev-common.o tpmrm-dev.o tpm1_eventlog.o tpm2_eventlog.o \
@@ -17,7 +20,110 @@ obj-$(CONFIG_TCG_NSC) += tpm_nsc.o
tpm-y := tpm-chip.o
tpm-y += tpm-dev-common.o
@@ -29,7 +32,110 @@ obj-$(CONFIG_TCG_NSC) += tpm_nsc.o
obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o
obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o
obj-$(CONFIG_TCG_IBMVTPM) += tpm_ibmvtpm.o
@ -37,7 +35,6 @@ index 23681f0..f3250cc 100644
obj-$(CONFIG_TCG_XEN) += xen-tpmfront.o
obj-$(CONFIG_TCG_CRB) += tpm_crb.o
obj-$(CONFIG_TCG_VTPM_PROXY) += tpm_vtpm_proxy.o
+
+else # ifneq($(KERNELRELEASE),)
+# normal makefile
+
@ -141,6 +138,7 @@ index 23681f0..f3250cc 100644
+.PHONY: default noisy clean silent sparse ccc install uninstall help
+
+endif # ifneq($(KERNELRELEASE),)
+
diff --git a/common.mk b/common.mk
new file mode 100644
index 0000000..671ca33
@ -479,65 +477,6 @@ index 0000000..671ca33
+ modules \
+ M="${CURDIR}" \
+ ${2} ${1}
diff --git a/kcompat.h b/kcompat.h
new file mode 100644
index 0000000..cd9578a
--- /dev/null
+++ b/kcompat.h
@@ -0,0 +1,39 @@
+/**********************************************************************
+ *
+ * Copyright (c) 2017 Wind River Systems, Inc.
+* SPDX-License-Identifier: Apache-2.0
+*
+*
+*
+ **********************************************************************/
+
+#ifndef _KCOMPAT_H_
+#define _KCOMPAT_H_
+
+#ifndef LINUX_VERSION_CODE
+#include <linux/version.h>
+#else
+#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
+#endif
+#include <linux/moduleparam.h>
+#include <linux/pm_runtime.h>
+
+#if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) )
+#include <linux/idr.h>
+#include <linux/printk.h>
+
+// would normally be passed in from the Kernel, had
+// we set CONFIG_TCG_TPM=y in the KConfig, however
+// that has the added disadvantage of building the
+// TPM driver in-kernel.
+#define CONFIG_TCG_TPM_MODULE 1
+
+#define acpi_os_map_iomem(x, y) acpi_os_map_memory(x, y)
+#define acpi_os_unmap_iomem(x, y) acpi_os_unmap_memory(x, y)
+
+#define module_pnp_driver(__pnp_driver) \
+ module_driver(__pnp_driver, pnp_register_driver, \
+ pnp_unregister_driver)
+
+#endif
+#endif
diff --git a/tpm.h b/tpm.h
index 4b4c8de..b744e2f 100644
--- a/tpm.h
+++ b/tpm.h
@@ -23,6 +23,9 @@
#ifndef __TPM_H__
#define __TPM_H__
+// WRS: the kernel compat layer
+#include "kcompat.h"
+
#include <linux/module.h>
#include <linux/delay.h>
#include <linux/fs.h>
--
1.8.3.1
2.7.4