From 8a37fc44c6618ca0ede761809d0ecaf605f832fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:38:58 +0100 Subject: tpm-tis: remove unused locty_number MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This field slipped in commit 5086bf9784. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 1 - 1 file changed, 1 deletion(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 42d647d363..880ca1a572 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -89,7 +89,6 @@ struct TPMState { qemu_irq irq; uint32_t irq_num; - uint8_t locty_number; TPMBackendCmd cmd; char *backend; -- cgit v1.2.3 From 67af320cd653a107c0bbdf0d2e6c51b24403c64d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:38:59 +0100 Subject: tpm: move TpmIf in include/sysemu/tpm.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a better location than hw/tpm, since we are going to use the interface from outside hw/tpm. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_int.h | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h index 9c045b6691..1df5883f3c 100644 --- a/hw/tpm/tpm_int.h +++ b/hw/tpm/tpm_int.h @@ -13,28 +13,8 @@ #define TPM_TPM_INT_H #include "qemu/osdep.h" -#include "qom/object.h" -#define TYPE_TPM_IF "tpm-if" -#define TPM_IF_CLASS(klass) \ - OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF) -#define TPM_IF_GET_CLASS(obj) \ - OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF) -#define TPM_IF(obj) \ - INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF) - -typedef struct TPMIf { - Object parent_obj; -} TPMIf; - -typedef struct TPMIfClass { - InterfaceClass parent_class; - - /* run in thread pool by backend */ - void (*request_completed)(TPMIf *obj); -} TPMIfClass; - -#define TPM_STANDARD_CMDLINE_OPTS \ +#define TPM_STANDARD_CMDLINE_OPTS \ { \ .name = "type", \ .type = QEMU_OPT_STRING, \ -- cgit v1.2.3 From 8a89c9ac15981c2d15ce4ee6d6ad67da58824a04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:00 +0100 Subject: tpm-backend: store TPMIf interface, improve backend_init() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Store the TPM interface, the actual object may be different from TPMState. Keep a reference on the interface, and check the backend wasn't already initialized. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_emulator.c | 4 ++-- hw/tpm/tpm_passthrough.c | 4 ++-- hw/tpm/tpm_tis.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c index e1a68104d6..5f88975c25 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -186,7 +186,7 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number, static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd) { TPMEmulator *tpm_emu = TPM_EMULATOR(tb); - TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state); + TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif); Error *err = NULL; DPRINTF("processing TPM command"); @@ -201,7 +201,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd) goto error; } - tic->request_completed(TPM_IF(tb->tpm_state)); + tic->request_completed(tb->tpmif); return; error: diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index c440aff4b2..2ad74badca 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -139,14 +139,14 @@ err_exit: static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd) { TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state); + TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif); DPRINTF("tpm_passthrough: processing command %p\n", cmd); tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len, cmd->out, cmd->out_len, &cmd->selftest_done); - tic->request_completed(TPM_IF(tb->tpm_state)); + tic->request_completed(tb->tpmif); } static void tpm_passthrough_reset(TPMBackend *tb) diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 880ca1a572..9a2360e250 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1082,7 +1082,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) s->be_driver->fe_model = TPM_MODEL_TPM_TIS; - if (tpm_backend_init(s->be_driver, s)) { + if (tpm_backend_init(s->be_driver, TPM_IF(s))) { error_setg(errp, "tpm_tis: backend driver with id %s could not be " "initialized", s->backend); return; -- cgit v1.2.3 From 36e8658924cec6427ca00f87ce86f65cfa705d69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:01 +0100 Subject: tpm-tis: no longer expose TPMState MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that there is an interface instead. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 9a2360e250..4670287f82 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -72,7 +72,7 @@ typedef struct TPMLocality { TPMSizedBuffer r_buffer; } TPMLocality; -struct TPMState { +typedef struct TPMState { ISADevice busdev; MemoryRegion mmio; @@ -94,7 +94,7 @@ struct TPMState { char *backend; TPMBackend *be_driver; TPMVersion be_tpm_version; -}; +} TPMState; #define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS) -- cgit v1.2.3 From 689990598a710519eba37e4eb4d8bdebac1aa562 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:02 +0100 Subject: tpm-be: call request_completed() out of thread MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lift from the backend implementation the responsability to call the request_completed() callback outside of thread context. This also simplify frontend/interface work, as they no longer need to care whether the callback is called from a different thread. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_emulator.c | 2 -- hw/tpm/tpm_passthrough.c | 3 --- hw/tpm/tpm_tis.c | 34 ++++++++++++---------------------- 3 files changed, 12 insertions(+), 27 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c index 5f88975c25..47f37d6cac 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -186,7 +186,6 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number, static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd) { TPMEmulator *tpm_emu = TPM_EMULATOR(tb); - TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif); Error *err = NULL; DPRINTF("processing TPM command"); @@ -201,7 +200,6 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd) goto error; } - tic->request_completed(tb->tpmif); return; error: diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 2ad74badca..8c002e4da6 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -139,14 +139,11 @@ err_exit: static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd) { TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif); DPRINTF("tpm_passthrough: processing command %p\n", cmd); tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len, cmd->out, cmd->out_len, &cmd->selftest_done); - - tic->request_completed(tb->tpmif); } static void tpm_passthrough_reset(TPMBackend *tb) diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 4670287f82..95d3afca1d 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -76,7 +76,6 @@ typedef struct TPMState { ISADevice busdev; MemoryRegion mmio; - QEMUBH *bh; uint32_t offset; uint8_t buf[TPM_TIS_BUFFER_MAX]; @@ -410,10 +409,20 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty) tpm_tis_abort(s, locty); } -static void tpm_tis_receive_bh(void *opaque) +/* + * Callback from the TPM to indicate that the response was received. + */ +static void tpm_tis_request_completed(TPMIf *ti) { - TPMState *s = opaque; + TPMState *s = TPM(ti); uint8_t locty = s->cmd.locty; + uint8_t l; + + if (s->cmd.selftest_done) { + for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) { + s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE; + } + } tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE); @@ -431,23 +440,6 @@ static void tpm_tis_receive_bh(void *opaque) TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID); } -static void tpm_tis_request_completed(TPMIf *ti) -{ - TPMState *s = TPM(ti); - - bool is_selftest_done = s->cmd.selftest_done; - uint8_t locty = s->cmd.locty; - uint8_t l; - - if (is_selftest_done) { - for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) { - s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE; - } - } - - qemu_bh_schedule(s->bh); -} - /* * Read a byte of response data */ @@ -1094,8 +1086,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) return; } - s->bh = qemu_bh_new(tpm_tis_receive_bh, s); - isa_init_irq(&s->busdev, &s->irq, s->irq_num); memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)), -- cgit v1.2.3 From 0bd6c8a9cfa4fd5c25a32ed39f3b8cb786b75b58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:03 +0100 Subject: tpm-be: report error instead of front-end MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backend can give more accurate error description, and lift out the job from the frontend. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 95d3afca1d..bf291e6eff 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1074,9 +1074,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) s->be_driver->fe_model = TPM_MODEL_TPM_TIS; - if (tpm_backend_init(s->be_driver, TPM_IF(s))) { - error_setg(errp, "tpm_tis: backend driver with id %s could not be " - "initialized", s->backend); + if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) { return; } -- cgit v1.2.3 From 191adc9476371ad94771609d8b9a968d9332a962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:04 +0100 Subject: tpm-be: ask model to the TPM interface MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No need to store the mode in the backend, or to let the frontend set it itself. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index bf291e6eff..a780167feb 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1072,8 +1072,6 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) return; } - s->be_driver->fe_model = TPM_MODEL_TPM_TIS; - if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) { return; } @@ -1108,6 +1106,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void *data) dc->props = tpm_tis_properties; dc->reset = tpm_tis_reset; dc->vmsd = &vmstate_tpm_tis; + tc->model = TPM_MODEL_TPM_TIS; tc->request_completed = tpm_tis_request_completed; } -- cgit v1.2.3 From 69c07db04625cb243db6e8a0ac0a8e3973dd961a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:06 +0100 Subject: tpm-passthrough: don't save guessed cancel_path in options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The value is later unneeded, and may leak if the free visitor doesn't consider it since has_cancel_path is false. And for consistency with "path" it shouldn't be returned in get_tpm_options(). Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_passthrough.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 8c002e4da6..048edb1a1a 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -226,9 +226,7 @@ static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt) if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel", dev) < sizeof(path)) { fd = qemu_open(path, O_WRONLY); - if (fd >= 0) { - tpm_pt->options->cancel_path = g_strdup(path); - } else { + if (fd < 0) { error_report("tpm_passthrough: Could not open TPM cancel " "path %s : %s", path, strerror(errno)); } -- cgit v1.2.3 From 803de211aa1447585b91354aa2ae8dddd4ff68e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:08 +0100 Subject: tpm-passthrough: pass TPMPassthruState to handle_device_opts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It doesn't need TPMBackend. Also reorder arguments for consistency. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_passthrough.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 048edb1a1a..9326cbfdc9 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -239,9 +239,9 @@ static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt) return fd; } -static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb) +static int +tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts) { - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); const char *value; value = qemu_opt_get(opts, "cancel-path"); @@ -292,7 +292,7 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) tb->id = g_strdup(id); - if (tpm_passthrough_handle_device_opts(opts, tb)) { + if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) { goto err_exit; } -- cgit v1.2.3 From 9f7c0ef2ffa02b3bf6bc630496b8df67c750edd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:09 +0100 Subject: tpm-backend: move set 'id' to common code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_emulator.c | 12 +++--------- hw/tpm/tpm_passthrough.c | 9 +++------ 2 files changed, 6 insertions(+), 15 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c index 47f37d6cac..94e6660a5a 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -463,22 +463,16 @@ err: return -1; } -static TPMBackend *tpm_emulator_create(QemuOpts *opts, const char *id) +static TPMBackend *tpm_emulator_create(QemuOpts *opts) { TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR)); - tb->id = g_strdup(id); - if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) { - goto err_exit; + object_unref(OBJECT(tb)); + return NULL; } return tb; - -err_exit: - object_unref(OBJECT(tb)); - - return NULL; } static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb) diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 9326cbfdc9..7371d50739 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -284,13 +284,10 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts) return 1; } -static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) +static TPMBackend *tpm_passthrough_create(QemuOpts *opts) { Object *obj = object_new(TYPE_TPM_PASSTHROUGH); - TPMBackend *tb = TPM_BACKEND(obj); - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - tb->id = g_strdup(id); + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj); if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) { goto err_exit; @@ -301,7 +298,7 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) goto err_exit; } - return tb; + return TPM_BACKEND(obj); err_exit: object_unref(obj); -- cgit v1.2.3 From 8df4d8484f607d4973e66e93f2eba0b3f80c4238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:10 +0100 Subject: tpm-passthrough: make it safer to destroy after creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Check fds values before closing, to avoid close(-1). Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_passthrough.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 7371d50739..aa9167e3c6 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -347,8 +347,12 @@ static void tpm_passthrough_inst_finalize(Object *obj) tpm_passthrough_cancel_cmd(TPM_BACKEND(obj)); - qemu_close(tpm_pt->tpm_fd); - qemu_close(tpm_pt->cancel_fd); + if (tpm_pt->tpm_fd >= 0) { + qemu_close(tpm_pt->tpm_fd); + } + if (tpm_pt->cancel_fd >= 0) { + qemu_close(tpm_pt->cancel_fd); + } qapi_free_TPMPassthroughOptions(tpm_pt->options); } -- cgit v1.2.3 From bef2ed3fd2454586a7c1132ad574b891741d12c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:11 +0100 Subject: tpm-passthrough: simplify create() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use a similar code as tpm_emulator_create(), call handle_opts() and handle failure cleanup with object_unref() in create(). Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_passthrough.c | 36 ++++++++++-------------------------- 1 file changed, 10 insertions(+), 26 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index aa9167e3c6..788be3847d 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -261,49 +261,33 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts) if (tpm_pt->tpm_fd < 0) { error_report("Cannot access TPM device using '%s': %s", tpm_pt->tpm_dev, strerror(errno)); - goto err_free_parameters; + return -1; } if (tpm_util_test_tpmdev(tpm_pt->tpm_fd, &tpm_pt->tpm_version)) { error_report("'%s' is not a TPM device.", tpm_pt->tpm_dev); - goto err_close_tpmdev; + return -1; } - return 0; - - err_close_tpmdev: - qemu_close(tpm_pt->tpm_fd); - tpm_pt->tpm_fd = -1; - - err_free_parameters: - qapi_free_TPMPassthroughOptions(tpm_pt->options); - tpm_pt->options = NULL; - tpm_pt->tpm_dev = NULL; + tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tpm_pt); + if (tpm_pt->cancel_fd < 0) { + return -1; + } - return 1; + return 0; } static TPMBackend *tpm_passthrough_create(QemuOpts *opts) { Object *obj = object_new(TYPE_TPM_PASSTHROUGH); - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj); - if (tpm_passthrough_handle_device_opts(tpm_pt, opts)) { - goto err_exit; - } - - tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tpm_pt); - if (tpm_pt->cancel_fd < 0) { - goto err_exit; + if (tpm_passthrough_handle_device_opts(TPM_PASSTHROUGH(obj), opts)) { + object_unref(obj); + return NULL; } return TPM_BACKEND(obj); - -err_exit: - object_unref(obj); - - return NULL; } static TpmTypeOptions *tpm_passthrough_get_tpm_options(TPMBackend *tb) -- cgit v1.2.3 From 21cb1e63a594e36ff350fba41600190fb0a1f42b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:12 +0100 Subject: tpm-passthrough: workaround a possible race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The TPM backend processing thread has common shared variable race issues. (they should not be so easy to reach since guest interaction with the device is slow compared to host emulation) An obvious one is setting op_cancelled from device thread after calling write(cancel_fd). The backend thread may return before the device thread has set the variable. Instead set it before cancellation. Even if the write() failed, the end result is command get possibly cancelled (even if cancellation came from external sources it doesn't matter much). It's worth to consider removing the backend processing thread for now. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_passthrough.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 788be3847d..73554aa792 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -89,6 +89,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, bool is_selftest; const struct tpm_resp_hdr *hdr; + /* FIXME: protect shared variables or use other sync mechanism */ tpm_pt->tpm_op_canceled = false; tpm_pt->tpm_executing = true; *selftest_done = false; @@ -178,12 +179,11 @@ static void tpm_passthrough_cancel_cmd(TPMBackend *tb) */ if (tpm_pt->tpm_executing) { if (tpm_pt->cancel_fd >= 0) { + tpm_pt->tpm_op_canceled = true; n = write(tpm_pt->cancel_fd, "-", 1); if (n != 1) { error_report("Canceling TPM command failed: %s", strerror(errno)); - } else { - tpm_pt->tpm_op_canceled = true; } } else { error_report("Cannot cancel TPM command due to missing " -- cgit v1.2.3 From 023299d87f7b6cccaede8210755afd0c2eaec41a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:13 +0100 Subject: tpm-tis: simplify header inclusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index a780167feb..81b23b78bb 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -24,17 +24,12 @@ #include "qemu/osdep.h" #include "hw/isa/isa.h" -#include "sysemu/tpm_backend.h" -#include "tpm_int.h" -#include "sysemu/block-backend.h" -#include "exec/address-spaces.h" -#include "hw/hw.h" -#include "hw/i386/pc.h" -#include "hw/pci/pci_ids.h" #include "qapi/error.h" -#include "qemu-common.h" -#include "qemu/main-loop.h" + #include "hw/acpi/tpm.h" +#include "hw/pci/pci_ids.h" +#include "sysemu/tpm_backend.h" +#include "tpm_int.h" #define TPM_TIS_NUM_LOCALITIES 5 /* per spec */ #define TPM_TIS_LOCALITY_SHIFT 12 -- cgit v1.2.3 From d36e7db1fbf1a5cff4aa359dfe5c2e5dd97d3e13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:14 +0100 Subject: tpm: rename qemu_find_tpm() -> qemu_find_tpm_be() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit find_tpm() will be introduced to lookup the TPM device. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 81b23b78bb..fd1511b8eb 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1060,7 +1060,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) { TPMState *s = TPM(dev); - s->be_driver = qemu_find_tpm(s->backend); + s->be_driver = qemu_find_tpm_be(s->backend); if (!s->be_driver) { error_setg(errp, "tpm_tis: backend driver with id %s could not be " "found", s->backend); -- cgit v1.2.3 From 3dfd5a2a50fc4907728eb83569c84b0d98b56582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:15 +0100 Subject: tpm: lookup the the TPM interface instead of TIS device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will allow to introduce new devices implementing TPM. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/i386/acpi-build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index 73519ab3ac..cdb4aa9835 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -208,7 +208,7 @@ static void acpi_get_misc_info(AcpiMiscInfo *info) } info->has_hpet = hpet_find(); - info->tpm_version = tpm_get_version(); + info->tpm_version = tpm_get_version(tpm_find()); info->pvpanic_port = pvpanic_port(); info->applesmc_io_base = applesmc_port(); } -- cgit v1.2.3 From 9af7a721662de8cdfa7b02b7e9cc2c2c30e7bacb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:16 +0100 Subject: tpm: add TPM interface to lookup TPM version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do not hardcode TPM device model to lookup version, use an interface instead. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index fd1511b8eb..4d13335d23 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -990,9 +990,9 @@ static void tpm_tis_realloc_buffer(TPMSizedBuffer *sb) /* * Get the TPMVersion of the backend device being used */ -TPMVersion tpm_tis_get_tpm_version(Object *obj) +static enum TPMVersion tpm_tis_get_tpm_version(TPMIf *ti) { - TPMState *s = TPM(obj); + TPMState *s = TPM(ti); if (tpm_backend_had_startup_error(s->be_driver)) { return TPM_VERSION_UNSPEC; @@ -1102,6 +1102,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void *data) dc->reset = tpm_tis_reset; dc->vmsd = &vmstate_tpm_tis; tc->model = TPM_MODEL_TPM_TIS; + tc->get_version = tpm_tis_get_tpm_version; tc->request_completed = tpm_tis_request_completed; } -- cgit v1.2.3 From 5cf954d02161a974c16b33189192b43da9ac4413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:17 +0100 Subject: tpm: add tpm_cmd_get_size() to tpm_util MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function is generally useful and used in the following patches. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 3 ++- hw/tpm/tpm_util.h | 8 +++++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 4d13335d23..06b30c4783 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -30,6 +30,7 @@ #include "hw/pci/pci_ids.h" #include "sysemu/tpm_backend.h" #include "tpm_int.h" +#include "tpm_util.h" #define TPM_TIS_NUM_LOCALITIES 5 /* per spec */ #define TPM_TIS_LOCALITY_SHIFT 12 @@ -215,7 +216,7 @@ static uint8_t tpm_tis_locality_from_addr(hwaddr addr) static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb) { - return be32_to_cpu(*(uint32_t *)&sb->buffer[2]); + return tpm_cmd_get_size(sb->buffer); } static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string) diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h index 2f7c96146d..aca10c97bf 100644 --- a/hw/tpm/tpm_util.h +++ b/hw/tpm/tpm_util.h @@ -22,7 +22,8 @@ #ifndef TPM_TPM_UTIL_H #define TPM_TPM_UTIL_H -#include "sysemu/tpm_backend.h" +#include "sysemu/tpm.h" +#include "qemu/bswap.h" void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len); @@ -30,4 +31,9 @@ bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len); int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version); +static inline uint32_t tpm_cmd_get_size(const void *b) +{ + return be32_to_cpu(*(const uint32_t *)(b + 2)); +} + #endif /* TPM_TPM_UTIL_H */ -- cgit v1.2.3 From ff5ce21e1b959206f257967d6de2efa6f4e3d188 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:18 +0100 Subject: acpi: change TPM TIS data conditions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The device should be exposed if present. It shouldn't have an undefined version (or else backend init failed, and device should fail too). Finally, make the fields specific to TIS device model. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/i386/acpi-build.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'hw') diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index cdb4aa9835..dd1420b410 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -2038,7 +2038,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, } } - if (misc->tpm_version != TPM_VERSION_UNSPEC) { + if (TPM_IS_TIS(tpm_find())) { aml_append(crs, aml_memory32_fixed(TPM_TIS_ADDR_BASE, TPM_TIS_ADDR_SIZE, AML_READ_WRITE)); } @@ -2204,7 +2204,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, /* Scan all PCI buses. Generate tables to support hotplug. */ build_append_pci_bus_devices(scope, bus, pm->pcihp_bridge_en); - if (misc->tpm_version != TPM_VERSION_UNSPEC) { + if (TPM_IS_TIS(tpm_find())) { dev = aml_device("ISA.TPM"); aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C31"))); aml_append(dev, aml_name_decl("_STA", aml_int(0xF))); @@ -2281,8 +2281,12 @@ build_tpm2(GArray *table_data, BIOSLinker *linker) tpm2_ptr = acpi_data_push(table_data, sizeof *tpm2_ptr); tpm2_ptr->platform_class = cpu_to_le16(TPM2_ACPI_CLASS_CLIENT); - tpm2_ptr->control_area_address = cpu_to_le64(0); - tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO); + if (TPM_IS_TIS(tpm_find())) { + tpm2_ptr->control_area_address = cpu_to_le64(0); + tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO); + } else { + g_warn_if_reached(); + } build_header(linker, table_data, (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, NULL); -- cgit v1.2.3 From 3d01141144583bd12b5d7c76326328e509a677ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:19 +0100 Subject: tpm-emulator: add a FIXME comment about blocking cancel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_emulator.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw') diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c index 94e6660a5a..24cb61162f 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -338,6 +338,7 @@ static void tpm_emulator_cancel_cmd(TPMBackend *tb) return; } + /* FIXME: make the function non-blocking, or it may block a VCPU */ if (tpm_emulator_ctrlcmd(tpm_emu, CMD_CANCEL_TPM_CMD, &res, 0, sizeof(res)) < 0) { error_report("tpm-emulator: Could not cancel command: %s", -- cgit v1.2.3 From c87b35fa71833ec4c34fb4a85f03c47028c44d0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:20 +0100 Subject: tpm-tis: remove redundant 'tpm_tis:' in error messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The reported error message is already prefixed with the -device name & arguments. Before: qemu-system-x86_64: -device tpm-tis,id=foo,tpmdev=foo,irq=21: tpm_tis: IRQ 21 is outside valid range of 0 to 15 After: qemu-system-x86_64: -device tpm-tis,id=foo,tpmdev=foo,irq=21: IRQ 21 is outside valid range of 0 to 15 Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 06b30c4783..0a23203e75 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1063,8 +1063,8 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) s->be_driver = qemu_find_tpm_be(s->backend); if (!s->be_driver) { - error_setg(errp, "tpm_tis: backend driver with id %s could not be " - "found", s->backend); + error_setg(errp, "backend driver with id %s could not be found", + s->backend); return; } @@ -1073,8 +1073,8 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) } if (s->irq_num > 15) { - error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range " - "of 0 to 15", s->irq_num); + error_setg(errp, "IRQ %d is outside valid range of 0 to 15", + s->irq_num); return; } -- cgit v1.2.3 From 51a837e908d6f4bbe94469a4a0edcb76348fe964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:21 +0100 Subject: tpm-tis: check that at most one TPM device exists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 0a23203e75..db101b61d4 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1061,6 +1061,11 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) { TPMState *s = TPM(dev); + if (!tpm_find()) { + error_setg(errp, "at most one TPM device is permitted"); + return; + } + s->be_driver = qemu_find_tpm_be(s->backend); if (!s->be_driver) { error_setg(errp, "backend driver with id %s could not be found", -- cgit v1.2.3 From 493b78303532146c8161b33e878db8af7dca3b81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:23 +0100 Subject: qdev: add DEFINE_PROP_TPMBE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A property to lookup a tpm backend. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/core/qdev-properties-system.c | 64 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) (limited to 'hw') diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c index ec10da7424..c17364655c 100644 --- a/hw/core/qdev-properties-system.c +++ b/hw/core/qdev-properties-system.c @@ -21,6 +21,7 @@ #include "net/hub.h" #include "qapi/visitor.h" #include "chardev/char-fe.h" +#include "sysemu/tpm_backend.h" #include "sysemu/iothread.h" static void get_pointer(Object *obj, Visitor *v, Property *prop, @@ -236,6 +237,69 @@ const PropertyInfo qdev_prop_chr = { .release = release_chr, }; +/* --- character device --- */ + +static void get_tpm(Object *obj, Visitor *v, const char *name, void *opaque, + Error **errp) +{ + DeviceState *dev = DEVICE(obj); + TPMBackend **be = qdev_get_prop_ptr(dev, opaque); + char *p; + + p = g_strdup(*be ? (*be)->id : ""); + visit_type_str(v, name, &p, errp); + g_free(p); +} + +static void set_tpm(Object *obj, Visitor *v, const char *name, void *opaque, + Error **errp) +{ + DeviceState *dev = DEVICE(obj); + Error *local_err = NULL; + Property *prop = opaque; + TPMBackend *s, **be = qdev_get_prop_ptr(dev, prop); + char *str; + + if (dev->realized) { + qdev_prop_set_after_realize(dev, name, errp); + return; + } + + visit_type_str(v, name, &str, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + s = qemu_find_tpm_be(str); + if (s == NULL) { + error_setg(errp, "Property '%s.%s' can't find value '%s'", + object_get_typename(obj), prop->name, str); + } else if (tpm_backend_init(s, TPM_IF(obj), errp) == 0) { + *be = s; /* weak reference, avoid cyclic ref */ + } + g_free(str); +} + +static void release_tpm(Object *obj, const char *name, void *opaque) +{ + DeviceState *dev = DEVICE(obj); + Property *prop = opaque; + TPMBackend **be = qdev_get_prop_ptr(dev, prop); + + if (*be) { + tpm_backend_reset(*be); + } +} + +const PropertyInfo qdev_prop_tpm = { + .name = "str", + .description = "ID of a tpm to use as a backend", + .get = get_tpm, + .set = set_tpm, + .release = release_tpm, +}; + /* --- netdev device --- */ static void get_netdev(Object *obj, Visitor *v, const char *name, void *opaque, Error **errp) -- cgit v1.2.3 From c03785440d1d949cad6fa515e456479c2ec9b212 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:24 +0100 Subject: tpm-tis: use DEFINE_PROP_TPMBE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index db101b61d4..97cd7f5026 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -86,7 +86,6 @@ typedef struct TPMState { TPMBackendCmd cmd; - char *backend; TPMBackend *be_driver; TPMVersion be_tpm_version; } TPMState; @@ -1053,7 +1052,7 @@ static const VMStateDescription vmstate_tpm_tis = { static Property tpm_tis_properties[] = { DEFINE_PROP_UINT32("irq", TPMState, irq_num, TPM_TIS_IRQ), - DEFINE_PROP_STRING("tpmdev", TPMState, backend), + DEFINE_PROP_TPMBE("tpmdev", TPMState, be_driver), DEFINE_PROP_END_OF_LIST(), }; @@ -1066,17 +1065,10 @@ static void tpm_tis_realizefn(DeviceState *dev, Error **errp) return; } - s->be_driver = qemu_find_tpm_be(s->backend); if (!s->be_driver) { - error_setg(errp, "backend driver with id %s could not be found", - s->backend); + error_setg(errp, "'tpmdev' property is required"); return; } - - if (tpm_backend_init(s->be_driver, TPM_IF(s), errp)) { - return; - } - if (s->irq_num > 15) { error_setg(errp, "IRQ %d is outside valid range of 0 to 15", s->irq_num); -- cgit v1.2.3 From d3fd953f06700ebe2d15825d4399f7cd3e31af34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 6 Nov 2017 19:39:25 +0100 Subject: tpm: remove tpm_register_model() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Query object classes that implements TPMIf instead. Signed-off-by: Marc-André Lureau Reviewed-by: Stefan Berger Signed-off-by: Stefan Berger --- hw/tpm/tpm_tis.c | 1 - 1 file changed, 1 deletion(-) (limited to 'hw') diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 97cd7f5026..98c11a4da1 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -1119,7 +1119,6 @@ static const TypeInfo tpm_tis_info = { static void tpm_tis_register(void) { type_register_static(&tpm_tis_info); - tpm_register_model(TPM_MODEL_TPM_TIS); } type_init(tpm_tis_register) -- cgit v1.2.3 From b21e6aaf4a1e25c22a603e22ef96b3a31d3013aa Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 3 Nov 2017 18:10:01 -0400 Subject: tpm: Move getting TPM buffer size to backends MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rather than setting the size of the TPM buffer in the front-end, query the backend for the size of the buffer. In this patch we just move the hard-coded buffer size of 4096 to the backends. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- hw/tpm/tpm_emulator.c | 6 ++++++ hw/tpm/tpm_passthrough.c | 6 ++++++ hw/tpm/tpm_tis.c | 12 +++++++----- 3 files changed, 19 insertions(+), 5 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c index 24cb61162f..44a769d86b 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -356,6 +356,11 @@ static TPMVersion tpm_emulator_get_tpm_version(TPMBackend *tb) return tpm_emu->tpm_version; } +static size_t tpm_emulator_get_buffer_size(TPMBackend *tb) +{ + return 4096; +} + static int tpm_emulator_block_migration(TPMEmulator *tpm_emu) { Error *err = NULL; @@ -556,6 +561,7 @@ static void tpm_emulator_class_init(ObjectClass *klass, void *data) tbc->get_tpm_established_flag = tpm_emulator_get_tpm_established_flag; tbc->reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag; tbc->get_tpm_version = tpm_emulator_get_tpm_version; + tbc->get_buffer_size = tpm_emulator_get_buffer_size; tbc->get_tpm_options = tpm_emulator_get_tpm_options; tbc->handle_request = tpm_emulator_handle_request; diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 73554aa792..daac67d44a 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -199,6 +199,11 @@ static TPMVersion tpm_passthrough_get_tpm_version(TPMBackend *tb) return tpm_pt->tpm_version; } +static size_t tpm_passthrough_get_buffer_size(TPMBackend *tb) +{ + return 4096; +} + /* * Unless path or file descriptor set has been provided by user, * determine the sysfs cancel file following kernel documentation @@ -354,6 +359,7 @@ static void tpm_passthrough_class_init(ObjectClass *klass, void *data) tbc->reset_tpm_established_flag = tpm_passthrough_reset_tpm_established_flag; tbc->get_tpm_version = tpm_passthrough_get_tpm_version; + tbc->get_buffer_size = tpm_passthrough_get_buffer_size; tbc->get_tpm_options = tpm_passthrough_get_tpm_options; tbc->handle_request = tpm_passthrough_handle_request; } diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index 98c11a4da1..bd22e699bb 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -88,6 +88,8 @@ typedef struct TPMState { TPMBackend *be_driver; TPMVersion be_tpm_version; + + size_t be_buffer_size; } TPMState; #define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS) @@ -977,10 +979,9 @@ static int tpm_tis_do_startup_tpm(TPMState *s) return tpm_backend_startup_tpm(s->be_driver); } -static void tpm_tis_realloc_buffer(TPMSizedBuffer *sb) +static void tpm_tis_realloc_buffer(TPMSizedBuffer *sb, + size_t wanted_size) { - size_t wanted_size = 4096; /* Linux tpm.c buffer size */ - if (sb->size != wanted_size) { sb->buffer = g_realloc(sb->buffer, wanted_size); sb->size = wanted_size; @@ -1011,6 +1012,7 @@ static void tpm_tis_reset(DeviceState *dev) int c; s->be_tpm_version = tpm_backend_get_tpm_version(s->be_driver); + s->be_buffer_size = tpm_backend_get_buffer_size(s->be_driver); tpm_backend_reset(s->be_driver); @@ -1037,9 +1039,9 @@ static void tpm_tis_reset(DeviceState *dev) s->loc[c].state = TPM_TIS_STATE_IDLE; s->loc[c].w_offset = 0; - tpm_tis_realloc_buffer(&s->loc[c].w_buffer); + tpm_tis_realloc_buffer(&s->loc[c].w_buffer, s->be_buffer_size); s->loc[c].r_offset = 0; - tpm_tis_realloc_buffer(&s->loc[c].r_buffer); + tpm_tis_realloc_buffer(&s->loc[c].r_buffer, s->be_buffer_size); } tpm_tis_do_startup_tpm(s); -- cgit v1.2.3 From 56388eee01144d59d5c94a34431a29c75073ba53 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 3 Nov 2017 23:00:36 -0400 Subject: tpm: pull tpm_util_request() out of tpm_util_test() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- hw/tpm/tpm_util.c | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c index daf1faa63d..b852f53b8d 100644 --- a/hw/tpm/tpm_util.c +++ b/hw/tpm/tpm_util.c @@ -50,13 +50,13 @@ bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len) } /* - * A basic test of a TPM device. We expect a well formatted response header - * (error response is fine) within one second. + * Send request to a TPM device. We expect a response within one second. */ -static int tpm_util_test(int fd, - unsigned char *request, - size_t requestlen, - uint16_t *return_tag) +static int tpm_util_request(int fd, + unsigned char *request, + size_t requestlen, + unsigned char *response, + size_t responselen) { struct tpm_resp_hdr *resp; fd_set readfds; @@ -65,7 +65,6 @@ static int tpm_util_test(int fd, .tv_sec = 1, .tv_usec = 0, }; - unsigned char buf[1024]; n = write(fd, request, requestlen); if (n < 0) { @@ -84,17 +83,40 @@ static int tpm_util_test(int fd, return -errno; } - n = read(fd, &buf, sizeof(buf)); + n = read(fd, response, responselen); if (n < sizeof(struct tpm_resp_hdr)) { return -EFAULT; } - resp = (struct tpm_resp_hdr *)buf; + resp = (struct tpm_resp_hdr *)response; /* check the header */ if (be32_to_cpu(resp->len) != n) { return -EMSGSIZE; } + return 0; +} + +/* + * A basic test of a TPM device. We expect a well formatted response header + * (error response is fine). + */ +static int tpm_util_test(int fd, + unsigned char *request, + size_t requestlen, + uint16_t *return_tag) +{ + struct tpm_resp_hdr *resp; + unsigned char buf[1024]; + ssize_t ret; + + ret = tpm_util_request(fd, request, requestlen, + buf, sizeof(buf)); + if (ret < 0) { + return ret; + } + + resp = (struct tpm_resp_hdr *)buf; *return_tag = be16_to_cpu(resp->tag); return 0; -- cgit v1.2.3 From abc5cda097f46bdb86833a38ee0961a0e6a47ae1 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 3 Nov 2017 22:49:23 -0400 Subject: tpm: tpm_passthrough: Read the buffer size from the host device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rather than hard coding the buffer size in the tpm_passthrough backend read the TPM I/O buffer size from the host device. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- hw/tpm/tpm_int.h | 9 ++++ hw/tpm/tpm_passthrough.c | 11 ++++- hw/tpm/tpm_util.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++ hw/tpm/tpm_util.h | 3 ++ 4 files changed, 137 insertions(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h index 1df5883f3c..abbca5191a 100644 --- a/hw/tpm/tpm_int.h +++ b/hw/tpm/tpm_int.h @@ -45,11 +45,20 @@ struct tpm_resp_hdr { #define TPM_ORD_ContinueSelfTest 0x53 #define TPM_ORD_GetTicks 0xf1 +#define TPM_ORD_GetCapability 0x65 +#define TPM_CAP_PROPERTY 0x05 + +#define TPM_CAP_PROP_INPUT_BUFFER 0x124 /* TPM2 defines */ #define TPM2_ST_NO_SESSIONS 0x8001 #define TPM2_CC_ReadClock 0x00000181 +#define TPM2_CC_GetCapability 0x0000017a + +#define TPM2_CAP_TPM_PROPERTIES 0x6 + +#define TPM2_PT_MAX_COMMAND_SIZE 0x11e #endif /* TPM_TPM_INT_H */ diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index daac67d44a..886af9e702 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -57,6 +57,7 @@ struct TPMPassthruState { int cancel_fd; TPMVersion tpm_version; + size_t tpm_buffersize; }; typedef struct TPMPassthruState TPMPassthruState; @@ -201,7 +202,15 @@ static TPMVersion tpm_passthrough_get_tpm_version(TPMBackend *tb) static size_t tpm_passthrough_get_buffer_size(TPMBackend *tb) { - return 4096; + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + int ret; + + ret = tpm_util_get_buffer_size(tpm_pt->tpm_fd, tpm_pt->tpm_version, + &tpm_pt->tpm_buffersize); + if (ret < 0) { + tpm_pt->tpm_buffersize = 4096; + } + return tpm_pt->tpm_buffersize; } /* diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c index b852f53b8d..a317243a7e 100644 --- a/hw/tpm/tpm_util.c +++ b/hw/tpm/tpm_util.c @@ -20,10 +20,19 @@ */ #include "qemu/osdep.h" +#include "qemu/error-report.h" #include "tpm_util.h" #include "tpm_int.h" #include "exec/memory.h" +#define DEBUG_TPM 0 + +#define DPRINTF(fmt, ...) do { \ + if (DEBUG_TPM) { \ + fprintf(stderr, "tpm-util:"fmt"\n", ## __VA_ARGS__); \ + } \ +} while (0) + /* * Write an error message in the given output buffer. */ @@ -173,3 +182,109 @@ int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version) return 1; } + +int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version, + size_t *buffersize) +{ + unsigned char buf[1024]; + int ret; + + switch (tpm_version) { + case TPM_VERSION_1_2: { + const struct tpm_req_get_buffer_size { + struct tpm_req_hdr hdr; + uint32_t capability; + uint32_t len; + uint32_t subcap; + } QEMU_PACKED tpm_get_buffer_size = { + .hdr = { + .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), + .len = cpu_to_be32(sizeof(tpm_get_buffer_size)), + .ordinal = cpu_to_be32(TPM_ORD_GetCapability), + }, + .capability = cpu_to_be32(TPM_CAP_PROPERTY), + .len = cpu_to_be32(sizeof(uint32_t)), + .subcap = cpu_to_be32(TPM_CAP_PROP_INPUT_BUFFER), + }; + struct tpm_resp_get_buffer_size { + struct tpm_resp_hdr hdr; + uint32_t len; + uint32_t buffersize; + } QEMU_PACKED *tpm_resp = (struct tpm_resp_get_buffer_size *)buf; + + ret = tpm_util_request(tpm_fd, (unsigned char *)&tpm_get_buffer_size, + sizeof(tpm_get_buffer_size), buf, sizeof(buf)); + if (ret < 0) { + return ret; + } + + if (be32_to_cpu(tpm_resp->hdr.len) != sizeof(*tpm_resp) || + be32_to_cpu(tpm_resp->len) != sizeof(uint32_t)) { + DPRINTF("tpm_resp->hdr.len = %u, expected = %zu\n", + be32_to_cpu(tpm_resp->hdr.len), sizeof(*tpm_resp)); + DPRINTF("tpm_resp->len = %u, expected = %zu\n", + be32_to_cpu(tpm_resp->len), sizeof(uint32_t)); + error_report("tpm_util: Got unexpected response to " + "TPM_GetCapability; errcode: 0x%x", + be32_to_cpu(tpm_resp->hdr.errcode)); + return -EFAULT; + } + *buffersize = be32_to_cpu(tpm_resp->buffersize); + break; + } + case TPM_VERSION_2_0: { + const struct tpm2_req_get_buffer_size { + struct tpm_req_hdr hdr; + uint32_t capability; + uint32_t property; + uint32_t count; + } QEMU_PACKED tpm2_get_buffer_size = { + .hdr = { + .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), + .len = cpu_to_be32(sizeof(tpm2_get_buffer_size)), + .ordinal = cpu_to_be32(TPM2_CC_GetCapability), + }, + .capability = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES), + .property = cpu_to_be32(TPM2_PT_MAX_COMMAND_SIZE), + .count = cpu_to_be32(2), /* also get TPM2_PT_MAX_RESPONSE_SIZE */ + }; + struct tpm2_resp_get_buffer_size { + struct tpm_resp_hdr hdr; + uint8_t more; + uint32_t capability; + uint32_t count; + uint32_t property1; + uint32_t value1; + uint32_t property2; + uint32_t value2; + } QEMU_PACKED *tpm2_resp = (struct tpm2_resp_get_buffer_size *)buf; + + ret = tpm_util_request(tpm_fd, (unsigned char *)&tpm2_get_buffer_size, + sizeof(tpm2_get_buffer_size), buf, sizeof(buf)); + if (ret < 0) { + return ret; + } + + if (be32_to_cpu(tpm2_resp->hdr.len) != sizeof(*tpm2_resp) || + be32_to_cpu(tpm2_resp->count) != 2) { + DPRINTF("tpm2_resp->hdr.len = %u, expected = %zu\n", + be32_to_cpu(tpm2_resp->hdr.len), sizeof(*tpm2_resp)); + DPRINTF("tpm2_resp->len = %u, expected = %u\n", + be32_to_cpu(tpm2_resp->count), 2); + error_report("tpm_util: Got unexpected response to " + "TPM2_GetCapability; errcode: 0x%x", + be32_to_cpu(tpm2_resp->hdr.errcode)); + return -EFAULT; + } + *buffersize = MAX(be32_to_cpu(tpm2_resp->value1), + be32_to_cpu(tpm2_resp->value2)); + break; + } + case TPM_VERSION_UNSPEC: + return -EFAULT; + } + + DPRINTF("buffersize of device: %zu\n", *buffersize); + + return 0; +} diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h index aca10c97bf..1c17e3913b 100644 --- a/hw/tpm/tpm_util.h +++ b/hw/tpm/tpm_util.h @@ -36,4 +36,7 @@ static inline uint32_t tpm_cmd_get_size(const void *b) return be32_to_cpu(*(const uint32_t *)(b + 2)); } +int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version, + size_t *buffersize); + #endif /* TPM_TPM_UTIL_H */ -- cgit v1.2.3 From 9375c44fdfc07c0fef3052a3f25a13197a528902 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Sat, 4 Nov 2017 19:57:15 -0400 Subject: tpm: tpm_emulator: get and set buffer size of device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Convert the tpm_emulator backend to get the current buffer size of the external device and set it to the buffer size that the frontend (TIS) requests. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- hw/tpm/tpm_emulator.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++--- hw/tpm/tpm_ioctl.h | 28 +++++++++++++++++- hw/tpm/tpm_tis.c | 6 ++-- 3 files changed, 105 insertions(+), 8 deletions(-) (limited to 'hw') diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c index 44a769d86b..3ae8bf6c5a 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -232,13 +232,14 @@ static int tpm_emulator_check_caps(TPMEmulator *tpm_emu) switch (tpm_emu->tpm_version) { case TPM_VERSION_1_2: caps = PTM_CAP_INIT | PTM_CAP_SHUTDOWN | PTM_CAP_GET_TPMESTABLISHED | - PTM_CAP_SET_LOCALITY | PTM_CAP_SET_DATAFD; + PTM_CAP_SET_LOCALITY | PTM_CAP_SET_DATAFD | PTM_CAP_STOP | + PTM_CAP_SET_BUFFERSIZE; tpm = "1.2"; break; case TPM_VERSION_2_0: caps = PTM_CAP_INIT | PTM_CAP_SHUTDOWN | PTM_CAP_GET_TPMESTABLISHED | PTM_CAP_SET_LOCALITY | PTM_CAP_RESET_TPMESTABLISHED | - PTM_CAP_SET_DATAFD; + PTM_CAP_SET_DATAFD | PTM_CAP_STOP | PTM_CAP_SET_BUFFERSIZE; tpm = "2"; break; case TPM_VERSION_UNSPEC: @@ -255,12 +256,76 @@ static int tpm_emulator_check_caps(TPMEmulator *tpm_emu) return 0; } -static int tpm_emulator_startup_tpm(TPMBackend *tb) +static int tpm_emulator_stop_tpm(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_res res; + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_STOP, &res, 0, sizeof(res)) < 0) { + error_report("tpm-emulator: Could not stop TPM: %s", + strerror(errno)); + return -1; + } + + res = be32_to_cpu(res); + if (res) { + error_report("tpm-emulator: TPM result for CMD_STOP: 0x%x", res); + return -1; + } + + return 0; +} + +static int tpm_emulator_set_buffer_size(TPMBackend *tb, + size_t wanted_size, + size_t *actual_size) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_setbuffersize psbs; + + if (tpm_emulator_stop_tpm(tb) < 0) { + return -1; + } + + psbs.u.req.buffersize = cpu_to_be32(wanted_size); + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_BUFFERSIZE, &psbs, + sizeof(psbs.u.req), sizeof(psbs.u.resp)) < 0) { + error_report("tpm-emulator: Could not set buffer size: %s", + strerror(errno)); + return -1; + } + + psbs.u.resp.tpm_result = be32_to_cpu(psbs.u.resp.tpm_result); + if (psbs.u.resp.tpm_result != 0) { + error_report("tpm-emulator: TPM result for set buffer size : 0x%x", + psbs.u.resp.tpm_result); + return -1; + } + + if (actual_size) { + *actual_size = be32_to_cpu(psbs.u.resp.buffersize); + } + + DPRINTF("buffer size: %u, min: %u, max: %u\n", + be32_to_cpu(psbs.u.resp.buffersize), + be32_to_cpu(psbs.u.resp.minsize), + be32_to_cpu(psbs.u.resp.maxsize)); + + return 0; +} + +static int tpm_emulator_startup_tpm(TPMBackend *tb, size_t buffersize) { TPMEmulator *tpm_emu = TPM_EMULATOR(tb); ptm_init init; ptm_res res; + if (buffersize != 0 && + tpm_emulator_set_buffer_size(tb, buffersize, NULL) < 0) { + goto err_exit; + } + DPRINTF("%s", __func__); if (tpm_emulator_ctrlcmd(tpm_emu, CMD_INIT, &init, sizeof(init), sizeof(init)) < 0) { @@ -358,7 +423,13 @@ static TPMVersion tpm_emulator_get_tpm_version(TPMBackend *tb) static size_t tpm_emulator_get_buffer_size(TPMBackend *tb) { - return 4096; + size_t actual_size; + + if (tpm_emulator_set_buffer_size(tb, 0, &actual_size) < 0) { + return 4096; + } + + return actual_size; } static int tpm_emulator_block_migration(TPMEmulator *tpm_emu) diff --git a/hw/tpm/tpm_ioctl.h b/hw/tpm/tpm_ioctl.h index 33564b11de..54c8d345ad 100644 --- a/hw/tpm/tpm_ioctl.h +++ b/hw/tpm/tpm_ioctl.h @@ -169,6 +169,28 @@ struct ptm_getconfig { #define PTM_CONFIG_FLAG_FILE_KEY 0x1 #define PTM_CONFIG_FLAG_MIGRATION_KEY 0x2 +/* + * PTM_SET_BUFFERSIZE: Set the buffer size to be used by the TPM. + * A 0 on input queries for the current buffer size. Any other + * number will try to set the buffer size. The returned number is + * the buffer size that will be used, which can be larger than the + * requested one, if it was below the minimum, or smaller than the + * requested one, if it was above the maximum. + */ +struct ptm_setbuffersize { + union { + struct { + uint32_t buffersize; /* 0 to query for current buffer size */ + } req; /* request */ + struct { + ptm_res tpm_result; + uint32_t buffersize; /* buffer size in use */ + uint32_t minsize; /* min. supported buffer size */ + uint32_t maxsize; /* max. supported buffer size */ + } resp; /* response */ + } u; +}; + typedef uint64_t ptm_cap; typedef struct ptm_est ptm_est; @@ -179,6 +201,7 @@ typedef struct ptm_init ptm_init; typedef struct ptm_getstate ptm_getstate; typedef struct ptm_setstate ptm_setstate; typedef struct ptm_getconfig ptm_getconfig; +typedef struct ptm_setbuffersize ptm_setbuffersize; /* capability flags returned by PTM_GET_CAPABILITY */ #define PTM_CAP_INIT (1) @@ -194,6 +217,7 @@ typedef struct ptm_getconfig ptm_getconfig; #define PTM_CAP_STOP (1 << 10) #define PTM_CAP_GET_CONFIG (1 << 11) #define PTM_CAP_SET_DATAFD (1 << 12) +#define PTM_CAP_SET_BUFFERSIZE (1 << 13) enum { PTM_GET_CAPABILITY = _IOR('P', 0, ptm_cap), @@ -212,6 +236,7 @@ enum { PTM_STOP = _IOR('P', 13, ptm_res), PTM_GET_CONFIG = _IOR('P', 14, ptm_getconfig), PTM_SET_DATAFD = _IOR('P', 15, ptm_res), + PTM_SET_BUFFERSIZE = _IOWR('P', 16, ptm_setbuffersize), }; /* @@ -240,7 +265,8 @@ enum { CMD_SET_STATEBLOB, CMD_STOP, CMD_GET_CONFIG, - CMD_SET_DATAFD + CMD_SET_DATAFD, + CMD_SET_BUFFERSIZE, }; #endif /* _TPM_IOCTL_H */ diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c index bd22e699bb..b8e811b086 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -974,9 +974,9 @@ static const MemoryRegionOps tpm_tis_memory_ops = { }, }; -static int tpm_tis_do_startup_tpm(TPMState *s) +static int tpm_tis_do_startup_tpm(TPMState *s, uint32_t buffersize) { - return tpm_backend_startup_tpm(s->be_driver); + return tpm_backend_startup_tpm(s->be_driver, buffersize); } static void tpm_tis_realloc_buffer(TPMSizedBuffer *sb, @@ -1044,7 +1044,7 @@ static void tpm_tis_reset(DeviceState *dev) tpm_tis_realloc_buffer(&s->loc[c].r_buffer, s->be_buffer_size); } - tpm_tis_do_startup_tpm(s); + tpm_tis_do_startup_tpm(s, 0); } static const VMStateDescription vmstate_tpm_tis = { -- cgit v1.2.3 From 683c4b775355cc7acd301e8efe7d4c1c9acdafd8 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Sun, 5 Nov 2017 19:31:43 -0500 Subject: tpm: tpm_passthrough: Fail startup if FE buffer size < BE buffer size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the requested buffer size of the frontend is smaller than the fixed buffer size of the host's TPM, fail the startup_tpm() interface function, which will make the device unusable. We fail it because the backend TPM could produce larger packets than what the frontend could pass to the OS. The current combination of TIS frontend and either passthrough or emulator backend will not lead to this case since the TIS can support any size of buffer. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- hw/tpm/tpm_passthrough.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'hw') diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c index 886af9e702..487aae2043 100644 --- a/hw/tpm/tpm_passthrough.c +++ b/hw/tpm/tpm_passthrough.c @@ -304,6 +304,20 @@ static TPMBackend *tpm_passthrough_create(QemuOpts *opts) return TPM_BACKEND(obj); } +static int tpm_passthrough_startup_tpm(TPMBackend *tb, size_t buffersize) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + if (buffersize && buffersize < tpm_pt->tpm_buffersize) { + error_report("Requested buffer size of %zu is smaller than host TPM's " + "fixed buffer size of %zu", + buffersize, tpm_pt->tpm_buffersize); + return -1; + } + + return 0; +} + static TpmTypeOptions *tpm_passthrough_get_tpm_options(TPMBackend *tb) { TpmTypeOptions *options = g_new0(TpmTypeOptions, 1); @@ -362,6 +376,7 @@ static void tpm_passthrough_class_init(ObjectClass *klass, void *data) tbc->opts = tpm_passthrough_cmdline_opts; tbc->desc = "Passthrough TPM backend driver"; tbc->create = tpm_passthrough_create; + tbc->startup_tpm = tpm_passthrough_startup_tpm; tbc->reset = tpm_passthrough_reset; tbc->cancel_cmd = tpm_passthrough_cancel_cmd; tbc->get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag; -- cgit v1.2.3