Dear Praochotan,
Am 14.06.25 um 01:31 schrieb Prachotan Bathi:
For CRB over FF-A interface, if the firmwre TPM or TPM service [1] shares
firmw*a*re
its Secure Partition (SP) with another service, message requests may
fail with a -EBUSY error. Platforms supporting direct message request v2[1]
can support secure partitions that support multiple services.
Please remove the two leading spaces. Also I’d swap the sentences.
To handle this, replace the single check and call with a retry loop
that attempts the TPM message send operation until it succeeds or a
configurable timeout is reached. The retry mechanism introduces a
module parameter (`busy_timeout`, default: 2000ms) to control how long
Please append the unit to the name.
to keep retrying on -EBUSY responses. Between retries, the code waits
briefly (50-100 microseconds) to avoid busy-waiting and handling
TPM BUSY conditions more gracefully.
It’d be great if you documented your test setup and how to test this.
Out of curiosity: Can the parameter be changed during runtime?
[1] TPM Service Command Response Buffer Interface Over FF-A
https://developer.arm.com/documentation/den0138/latest/
Signed-off-by: Prachotan Bathi <prachotan.ba...@arm.com>
---
drivers/char/tpm/tpm_crb_ffa.c | 74 +++++++++++++++++++++++-----------
1 file changed, 50 insertions(+), 24 deletions(-)
diff --git a/drivers/char/tpm/tpm_crb_ffa.c b/drivers/char/tpm/tpm_crb_ffa.c
index 4ead61f01299..e47e110bac9e 100644
--- a/drivers/char/tpm/tpm_crb_ffa.c
+++ b/drivers/char/tpm/tpm_crb_ffa.c
@@ -10,6 +10,8 @@
#define pr_fmt(fmt) "CRB_FFA: " fmt
#include <linux/arm_ffa.h>
+#include <linux/delay.h>
+#include <linux/moduleparam.h>
#include "tpm_crb_ffa.h"
/* TPM service function status codes */
@@ -178,6 +180,17 @@ int tpm_crb_ffa_init(void)
}
EXPORT_SYMBOL_GPL(tpm_crb_ffa_init);
+static unsigned int busy_timeout = 2000;
Please append _ms to the variable name.
+/**
+ * busy_timeout - Maximum time to retry before giving up on busy
+ *
+ * This parameter defines the maximum time in milliseconds to retry
+ * sending a message to the TPM service before giving up.
+ */
+module_param(busy_timeout, uint, 0644);
+MODULE_PARM_DESC(busy_timeout,
+ "Maximum time to retry before giving up on busy");
Please name the unit.
+
static int __tpm_crb_ffa_send_recieve(unsigned long func_id,
unsigned long a0,
unsigned long a1,
@@ -191,34 +204,47 @@ static int __tpm_crb_ffa_send_recieve(unsigned long
func_id,
msg_ops = tpm_crb_ffa->ffa_dev->ops->msg_ops;
- if (ffa_partition_supports_direct_req2_recv(tpm_crb_ffa->ffa_dev)) {
- memset(&tpm_crb_ffa->direct_msg_data2, 0x00,
- sizeof(struct ffa_send_direct_data2));
+ ktime_t start;
+ ktime_t stop;
+
+ start = ktime_get();
+ stop = ktime_add(start, ms_to_ktime(busy_timeout));
+
+ do {
+ if
(ffa_partition_supports_direct_req2_recv(tpm_crb_ffa->ffa_dev)) {
+ memset(&tpm_crb_ffa->direct_msg_data2, 0x00,
+ sizeof(struct ffa_send_direct_data2));
- tpm_crb_ffa->direct_msg_data2.data[0] = func_id;
- tpm_crb_ffa->direct_msg_data2.data[1] = a0;
- tpm_crb_ffa->direct_msg_data2.data[2] = a1;
- tpm_crb_ffa->direct_msg_data2.data[3] = a2;
+ tpm_crb_ffa->direct_msg_data2.data[0] = func_id;
+ tpm_crb_ffa->direct_msg_data2.data[1] = a0;
+ tpm_crb_ffa->direct_msg_data2.data[2] = a1;
+ tpm_crb_ffa->direct_msg_data2.data[3] = a2;
- ret = msg_ops->sync_send_receive2(tpm_crb_ffa->ffa_dev,
+ ret = msg_ops->sync_send_receive2(tpm_crb_ffa->ffa_dev,
&tpm_crb_ffa->direct_msg_data2);
- if (!ret)
- ret =
tpm_crb_ffa_to_linux_errno(tpm_crb_ffa->direct_msg_data2.data[0]);
- } else {
- memset(&tpm_crb_ffa->direct_msg_data, 0x00,
- sizeof(struct ffa_send_direct_data));
-
- tpm_crb_ffa->direct_msg_data.data1 = func_id;
- tpm_crb_ffa->direct_msg_data.data2 = a0;
- tpm_crb_ffa->direct_msg_data.data3 = a1;
- tpm_crb_ffa->direct_msg_data.data4 = a2;
-
- ret = msg_ops->sync_send_receive(tpm_crb_ffa->ffa_dev,
- &tpm_crb_ffa->direct_msg_data);
- if (!ret)
- ret =
tpm_crb_ffa_to_linux_errno(tpm_crb_ffa->direct_msg_data.data1);
- }
+ if (!ret)
+ ret =
tpm_crb_ffa_to_linux_errno(tpm_crb_ffa->direct_msg_data2.data[0]);
+ } else {
+ memset(&tpm_crb_ffa->direct_msg_data, 0x00,
+ sizeof(struct ffa_send_direct_data));
+ tpm_crb_ffa->direct_msg_data.data1 = func_id;
+ tpm_crb_ffa->direct_msg_data.data2 = a0;
+ tpm_crb_ffa->direct_msg_data.data3 = a1;
+ tpm_crb_ffa->direct_msg_data.data4 = a2;
+
+ ret = msg_ops->sync_send_receive(tpm_crb_ffa->ffa_dev,
+ &tpm_crb_ffa->direct_msg_data);
+ if (!ret)
+ ret =
tpm_crb_ffa_to_linux_errno(tpm_crb_ffa->direct_msg_data.data1);
+ }
+ if (ret == -EBUSY)
+ pr_err("TPM says busy, trying again, value, ret: %d\n",
+ ret);
+ else
+ break;
+ usleep_range(50, 100);
+ } while (ktime_before(ktime_get(), stop));
Log a message with the timeout in case the timeout is reached?
return ret;
}
Kind regards,
Paul
