From f89c5edb86abfac4c914f4eb808b07684164eca0 Mon Sep 17 00:00:00 2001 From: Rajiv Andrade Date: Sat, 11 Oct 2008 09:03:39 +1100 Subject: Remove the BKL calls from the TPM driver, which were added in the overall misc-char-dev-BKL-pushdown.patch, as they are not needed. Signed-off-by: Mimi Zohar Signed-off-by: Rajiv Andrade Cc: "Serge E. Hallyn" Signed-off-by: Andrew Morton Signed-off-by: James Morris --- drivers/char/tpm/tpm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index ae766d868454..ceba6082bd96 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -954,13 +954,16 @@ EXPORT_SYMBOL_GPL(tpm_store_cancel); /* * Device file system interface to the TPM + * + * It's assured that the chip will be opened just once, + * by the check of is_open variable, which is protected + * by driver_lock. */ int tpm_open(struct inode *inode, struct file *file) { int rc = 0, minor = iminor(inode); struct tpm_chip *chip = NULL, *pos; - lock_kernel(); spin_lock(&driver_lock); list_for_each_entry(pos, &tpm_chip_list, list) { @@ -990,19 +993,16 @@ int tpm_open(struct inode *inode, struct file *file) if (chip->data_buffer == NULL) { chip->num_opens--; put_device(chip->dev); - unlock_kernel(); return -ENOMEM; } atomic_set(&chip->data_pending, 0); file->private_data = chip; - unlock_kernel(); return 0; err_out: spin_unlock(&driver_lock); - unlock_kernel(); return rc; } EXPORT_SYMBOL_GPL(tpm_open); -- cgit v1.2.1 From dc36d32cc5bea5e985294c79995e10a159c3019a Mon Sep 17 00:00:00 2001 From: Rajiv Andrade Date: Sat, 11 Oct 2008 09:04:02 +1100 Subject: Renames num_open to is_open, as only one process can open the file at a time. Signed-off-by: Mimi Zohar Signed-off-by: Rajiv Andrade Cc: "Serge E. Hallyn" Signed-off-by: Andrew Morton Signed-off-by: James Morris --- drivers/char/tpm/tpm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index ceba6082bd96..dfd4e7fc350b 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -978,20 +978,19 @@ int tpm_open(struct inode *inode, struct file *file) goto err_out; } - if (chip->num_opens) { + if (test_and_set_bit(0, &chip->is_open)) { dev_dbg(chip->dev, "Another process owns this TPM\n"); rc = -EBUSY; goto err_out; } - chip->num_opens++; get_device(chip->dev); spin_unlock(&driver_lock); chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL); if (chip->data_buffer == NULL) { - chip->num_opens--; + clear_bit(0, &chip->is_open); put_device(chip->dev); return -ENOMEM; } @@ -1016,7 +1015,7 @@ int tpm_release(struct inode *inode, struct file *file) file->private_data = NULL; del_singleshot_timer_sync(&chip->user_read_timer); atomic_set(&chip->data_pending, 0); - chip->num_opens--; + clear_bit(0, &chip->is_open); put_device(chip->dev); kfree(chip->data_buffer); spin_unlock(&driver_lock); -- cgit v1.2.1 From f02a93645e6200a9da0f26dac8ced28c612f5e86 Mon Sep 17 00:00:00 2001 From: Rajiv Andrade Date: Sat, 11 Oct 2008 09:04:23 +1100 Subject: Protect tpm_chip_list when transversing it. Signed-off-by: Mimi Zohar Signed-off-by: Rajiv Andrade Acked-by: Serge E. Hallyn Cc: "Paul E. McKenney" Signed-off-by: Andrew Morton Signed-off-by: James Morris --- drivers/char/tpm/tpm.c | 61 ++++++++++++++++++++------------------------------ 1 file changed, 24 insertions(+), 37 deletions(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index dfd4e7fc350b..4f18f84b498a 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -961,33 +961,28 @@ EXPORT_SYMBOL_GPL(tpm_store_cancel); */ int tpm_open(struct inode *inode, struct file *file) { - int rc = 0, minor = iminor(inode); + int minor = iminor(inode); struct tpm_chip *chip = NULL, *pos; - spin_lock(&driver_lock); - - list_for_each_entry(pos, &tpm_chip_list, list) { + rcu_read_lock(); + list_for_each_entry_rcu(pos, &tpm_chip_list, list) { if (pos->vendor.miscdev.minor == minor) { chip = pos; + get_device(chip->dev); break; } } + rcu_read_unlock(); - if (chip == NULL) { - rc = -ENODEV; - goto err_out; - } + if (!chip) + return -ENODEV; if (test_and_set_bit(0, &chip->is_open)) { dev_dbg(chip->dev, "Another process owns this TPM\n"); - rc = -EBUSY; - goto err_out; + put_device(chip->dev); + return -EBUSY; } - get_device(chip->dev); - - spin_unlock(&driver_lock); - chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL); if (chip->data_buffer == NULL) { clear_bit(0, &chip->is_open); @@ -999,26 +994,23 @@ int tpm_open(struct inode *inode, struct file *file) file->private_data = chip; return 0; - -err_out: - spin_unlock(&driver_lock); - return rc; } EXPORT_SYMBOL_GPL(tpm_open); +/* + * Called on file close + */ int tpm_release(struct inode *inode, struct file *file) { struct tpm_chip *chip = file->private_data; flush_scheduled_work(); - spin_lock(&driver_lock); file->private_data = NULL; del_singleshot_timer_sync(&chip->user_read_timer); atomic_set(&chip->data_pending, 0); + kfree(chip->data_buffer); clear_bit(0, &chip->is_open); put_device(chip->dev); - kfree(chip->data_buffer); - spin_unlock(&driver_lock); return 0; } EXPORT_SYMBOL_GPL(tpm_release); @@ -1092,13 +1084,11 @@ void tpm_remove_hardware(struct device *dev) } spin_lock(&driver_lock); - - list_del(&chip->list); - + list_del_rcu(&chip->list); spin_unlock(&driver_lock); + synchronize_rcu(); misc_deregister(&chip->vendor.miscdev); - sysfs_remove_group(&dev->kobj, chip->vendor.attr_group); tpm_bios_log_teardown(chip->bios_dir); @@ -1146,8 +1136,7 @@ EXPORT_SYMBOL_GPL(tpm_pm_resume); /* * Once all references to platform device are down to 0, * release all allocated structures. - * In case vendor provided release function, - * call it too. + * In case vendor provided release function, call it too. */ static void tpm_dev_release(struct device *dev) { @@ -1155,7 +1144,6 @@ static void tpm_dev_release(struct device *dev) if (chip->vendor.release) chip->vendor.release(dev); - chip->release(dev); clear_bit(chip->dev_num, dev_mask); @@ -1170,8 +1158,8 @@ static void tpm_dev_release(struct device *dev) * upon errant exit from this function specific probe function should call * pci_disable_device */ -struct tpm_chip *tpm_register_hardware(struct device *dev, const struct tpm_vendor_specific - *entry) +struct tpm_chip *tpm_register_hardware(struct device *dev, + const struct tpm_vendor_specific *entry) { #define DEVNAME_SIZE 7 @@ -1230,21 +1218,20 @@ struct tpm_chip *tpm_register_hardware(struct device *dev, const struct tpm_vend return NULL; } - spin_lock(&driver_lock); - - list_add(&chip->list, &tpm_chip_list); - - spin_unlock(&driver_lock); - if (sysfs_create_group(&dev->kobj, chip->vendor.attr_group)) { - list_del(&chip->list); misc_deregister(&chip->vendor.miscdev); put_device(chip->dev); + return NULL; } chip->bios_dir = tpm_bios_log_setup(devname); + /* Make chip available */ + spin_lock(&driver_lock); + list_add_rcu(&chip->list, &tpm_chip_list); + spin_unlock(&driver_lock); + return chip; } EXPORT_SYMBOL_GPL(tpm_register_hardware); -- cgit v1.2.1 From 253115b71fa06330bd58afbe01ccaf763a8a0cf1 Mon Sep 17 00:00:00 2001 From: Rajiv Andrade Date: Sat, 11 Oct 2008 09:04:39 +1100 Subject: The tpm_dev_release function is only called for platform devices, not pnp devices, so we implemented the .remove function for pnp ones. Since it's code is very similar to the one inside tpm_dev_release, we've created a helper function tpm_dev_vendor_release, which is called by both. Signed-off-by: Mimi Zohar Signed-off-by: Rajiv Andrade Cc: "Serge E. Hallyn" Cc: Bjorn Helgaas Signed-off-by: Andrew Morton Signed-off-by: James Morris --- drivers/char/tpm/tpm.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 4f18f84b498a..02a495c2e068 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -1133,23 +1133,33 @@ int tpm_pm_resume(struct device *dev) } EXPORT_SYMBOL_GPL(tpm_pm_resume); +/* In case vendor provided release function, call it too.*/ + +void tpm_dev_vendor_release(struct tpm_chip *chip) +{ + if (chip->vendor.release) + chip->vendor.release(chip->dev); + + clear_bit(chip->dev_num, dev_mask); + kfree(chip->vendor.miscdev.name); +} +EXPORT_SYMBOL_GPL(tpm_dev_vendor_release); + + /* * Once all references to platform device are down to 0, * release all allocated structures. - * In case vendor provided release function, call it too. */ static void tpm_dev_release(struct device *dev) { struct tpm_chip *chip = dev_get_drvdata(dev); - if (chip->vendor.release) - chip->vendor.release(dev); - chip->release(dev); + tpm_dev_vendor_release(chip); - clear_bit(chip->dev_num, dev_mask); - kfree(chip->vendor.miscdev.name); + chip->release(dev); kfree(chip); } +EXPORT_SYMBOL_GPL(tpm_dev_release); /* * Called from tpm_.c probe function only for devices -- cgit v1.2.1 From 4bdec11f560b8f405a011288a50e65b1a81b3654 Mon Sep 17 00:00:00 2001 From: Rajiv Andrade Date: Sat, 11 Oct 2008 09:05:20 +1100 Subject: As pointed out by Jonathan Corbet, the timer must be deleted before flushing the work queue in order to avoid a job being submitted after the chip had been released. Signed-off-by: Rajiv Andrade Signed-off-by: Mimi Zohar Cc: Jonathan Corbet Cc: "Serge E. Hallyn" Signed-off-by: Andrew Morton Signed-off-by: James Morris --- drivers/char/tpm/tpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 02a495c2e068..1fee7034a386 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -1004,9 +1004,9 @@ int tpm_release(struct inode *inode, struct file *file) { struct tpm_chip *chip = file->private_data; + del_singleshot_timer_sync(&chip->user_read_timer); flush_scheduled_work(); file->private_data = NULL; - del_singleshot_timer_sync(&chip->user_read_timer); atomic_set(&chip->data_pending, 0); kfree(chip->data_buffer); clear_bit(0, &chip->is_open); -- cgit v1.2.1 From 9e5b1b12226d5a501fbc6706ca090e00d18a01ad Mon Sep 17 00:00:00 2001 From: Marcin Obara Date: Wed, 15 Oct 2008 22:04:34 -0700 Subject: tpm: correct tpm timeouts to jiffies conversion This patch fixes timeouts conversion to jiffies, by replacing msecs_to_jiffies() calls with usecs_to_jiffies(). According to TCG TPM Specification Version 1.2 Revision 103 (pages 166, 167) TPM timeouts and durations are returned in microseconds (usec) not in miliseconds (msec). This fixes a long hang while loading TPM driver, if TPM chip starts in "Idle" state instead of "Ready" state. Without this patch - 'modprobe' may hang for 30 seconds or more. Signed-off-by: Marcin Obara Cc: Marcel Selhorst Cc: Kylene Jo Hall Cc: Jiri Slaby Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/tpm/tpm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 1fee7034a386..6b5a0e0127a7 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -525,19 +525,19 @@ void tpm_get_timeouts(struct tpm_chip *chip) timeout = be32_to_cpu(*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_1_IDX))); if (timeout) - chip->vendor.timeout_a = msecs_to_jiffies(timeout); + chip->vendor.timeout_a = usecs_to_jiffies(timeout); timeout = be32_to_cpu(*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_2_IDX))); if (timeout) - chip->vendor.timeout_b = msecs_to_jiffies(timeout); + chip->vendor.timeout_b = usecs_to_jiffies(timeout); timeout = be32_to_cpu(*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_3_IDX))); if (timeout) - chip->vendor.timeout_c = msecs_to_jiffies(timeout); + chip->vendor.timeout_c = usecs_to_jiffies(timeout); timeout = be32_to_cpu(*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_4_IDX))); if (timeout) - chip->vendor.timeout_d = msecs_to_jiffies(timeout); + chip->vendor.timeout_d = usecs_to_jiffies(timeout); duration: memcpy(data, tpm_cap, sizeof(tpm_cap)); @@ -554,15 +554,15 @@ duration: return; chip->vendor.duration[TPM_SHORT] = - msecs_to_jiffies(be32_to_cpu + usecs_to_jiffies(be32_to_cpu (*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_1_IDX)))); chip->vendor.duration[TPM_MEDIUM] = - msecs_to_jiffies(be32_to_cpu + usecs_to_jiffies(be32_to_cpu (*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_2_IDX)))); chip->vendor.duration[TPM_LONG] = - msecs_to_jiffies(be32_to_cpu + usecs_to_jiffies(be32_to_cpu (*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_3_IDX)))); } -- cgit v1.2.1 From 292cf4a8a989cb564a6a5f0ba7a66e08a095afa1 Mon Sep 17 00:00:00 2001 From: Valdis Kletnieks Date: Wed, 15 Oct 2008 22:04:35 -0700 Subject: tpm: work around bug in Broadcom BCM0102 chipset Patch tpm-correct-tpm-timeouts-to-jiffies-conversion reveals a bug in the Broadcom BCM0102 TPM chipset used in the Dell Latitude D820 - although most of the timeouts are returned in usecs as per the spec, one is apparently returned in msecs, which results in a too-small value leading to a timeout when the code treats it as usecs. To prevent a regression, we check for the known too-short value and adjust it to a value that makes things work. Signed-off-by: Valdis Kletnieks Cc: Marcin Obara Cc: Marcel Selhorst Cc: Kylene Jo Hall Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/tpm/tpm.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 6b5a0e0127a7..aa899cec6b3f 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -557,6 +557,13 @@ duration: usecs_to_jiffies(be32_to_cpu (*((__be32 *) (data + TPM_GET_CAP_RET_UINT32_1_IDX)))); + /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above + * value wrong and apparently reports msecs rather than usecs. So we + * fix up the resulting too-small TPM_SHORT value to make things work. + */ + if (chip->vendor.duration[TPM_SHORT] < (HZ/100)) + chip->vendor.duration[TPM_SHORT] = HZ; + chip->vendor.duration[TPM_MEDIUM] = usecs_to_jiffies(be32_to_cpu (*((__be32 *) (data + -- cgit v1.2.1 From dd78c9439fc1e031835bccb934d27b978c72c536 Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Wed, 15 Oct 2008 22:04:37 -0700 Subject: drivers/char/tpm/tpm.c: fix error-path memory leak tpm_register_hardware() leaks devname on an error path. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=11425 Reported-by: Daniel Marjamki Cc: Debora Velarde Cc: Rajiv Andrade Cc: Marcel Selhorst Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/tpm/tpm.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'drivers/char/tpm/tpm.c') diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index aa899cec6b3f..e70d13defde4 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -1187,11 +1187,8 @@ struct tpm_chip *tpm_register_hardware(struct device *dev, chip = kzalloc(sizeof(*chip), GFP_KERNEL); devname = kmalloc(DEVNAME_SIZE, GFP_KERNEL); - if (chip == NULL || devname == NULL) { - kfree(chip); - kfree(devname); - return NULL; - } + if (chip == NULL || devname == NULL) + goto out_free; mutex_init(&chip->buffer_mutex); mutex_init(&chip->tpm_mutex); @@ -1208,8 +1205,7 @@ struct tpm_chip *tpm_register_hardware(struct device *dev, if (chip->dev_num >= TPM_NUM_DEVICES) { dev_err(dev, "No available tpm device numbers\n"); - kfree(chip); - return NULL; + goto out_free; } else if (chip->dev_num == 0) chip->vendor.miscdev.minor = TPM_MINOR; else @@ -1250,6 +1246,11 @@ struct tpm_chip *tpm_register_hardware(struct device *dev, spin_unlock(&driver_lock); return chip; + +out_free: + kfree(chip); + kfree(devname); + return NULL; } EXPORT_SYMBOL_GPL(tpm_register_hardware); -- cgit v1.2.1