On Tue, Sep 02, 2025 at 06:27:03PM +0100, Jonathan McDowell wrote:
> From: Jonathan McDowell <nood...@meta.com>
>
> tpm_find_get_ops() looks for the first valid TPM if the caller passes in
> NULL. All internal users have been converted to either associate
> themselves with a TPM directly, or call tpm_default_chip() as part of
> their setup. Remove the no longer necessary tpm_find_get_ops().
>
> Signed-off-by: Jonathan McDowell <nood...@meta.com>
This is a welcome change, thanks.
> ---
> drivers/char/tpm/tpm-chip.c | 36 --------------------------------
> drivers/char/tpm/tpm-interface.c | 20 ++++++++++++++----
> drivers/char/tpm/tpm.h | 1 -
> drivers/char/tpm/tpm_tis_core.c | 3 +--
> 4 files changed, 17 insertions(+), 43 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index 8c8e9054762a..ba906966721a 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -230,42 +230,6 @@ struct tpm_chip *tpm_default_chip(void)
> }
> EXPORT_SYMBOL_GPL(tpm_default_chip);
>
> -/**
> - * tpm_find_get_ops() - find and reserve a TPM chip
> - * @chip: a &struct tpm_chip instance, %NULL for the default chip
> - *
> - * Finds a TPM chip and reserves its class device and operations. The chip
> must
> - * be released with tpm_put_ops() after use.
> - * This function is for internal use only. It supports existing TPM callers
> - * by accepting NULL, but those callers should be converted to pass in a chip
> - * directly.
> - *
> - * Return:
> - * A reserved &struct tpm_chip instance.
> - * %NULL if a chip is not found.
> - * %NULL if the chip is not available.
> - */
> -struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip)
> -{
> - int rc;
> -
> - if (chip) {
> - if (!tpm_try_get_ops(chip))
> - return chip;
> - return NULL;
> - }
> -
> - chip = tpm_default_chip();
> - if (!chip)
> - return NULL;
> - rc = tpm_try_get_ops(chip);
> - /* release additional reference we got from tpm_default_chip() */
> - put_device(&chip->dev);
> - if (rc)
> - return NULL;
> - return chip;
> -}
> -
> /**
> * tpm_dev_release() - free chip memory and the device number
> * @dev: the character device for the TPM chip
> diff --git a/drivers/char/tpm/tpm-interface.c
> b/drivers/char/tpm/tpm-interface.c
> index b71725827743..8f65dc06a157 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -313,10 +313,13 @@ int tpm_is_tpm2(struct tpm_chip *chip)
> {
> int rc;
>
> - chip = tpm_find_get_ops(chip);
> if (!chip)
> return -ENODEV;
>
> + rc = tpm_try_get_ops(chip);
> + if (rc)
> + return rc;
> +
> rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
>
> tpm_put_ops(chip);
> @@ -338,10 +341,13 @@ int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
> {
> int rc;
>
> - chip = tpm_find_get_ops(chip);
> if (!chip)
> return -ENODEV;
>
> + rc = tpm_try_get_ops(chip);
> + if (rc)
> + return rc;
> +
> if (chip->flags & TPM_CHIP_FLAG_TPM2)
> rc = tpm2_pcr_read(chip, pcr_idx, digest, NULL);
> else
> @@ -369,10 +375,13 @@ int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> int rc;
> int i;
>
> - chip = tpm_find_get_ops(chip);
> if (!chip)
> return -ENODEV;
>
> + rc = tpm_try_get_ops(chip);
> + if (rc)
> + return rc;
> +
> for (i = 0; i < chip->nr_allocated_banks; i++) {
> if (digests[i].alg_id != chip->allocated_banks[i].alg_id) {
> rc = -EINVAL;
> @@ -492,10 +501,13 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out,
> size_t max)
> if (!out || max > TPM_MAX_RNG_DATA)
> return -EINVAL;
>
> - chip = tpm_find_get_ops(chip);
> if (!chip)
> return -ENODEV;
>
> + rc = tpm_try_get_ops(chip);
> + if (rc)
> + return rc;
> +
> if (chip->flags & TPM_CHIP_FLAG_TPM2)
> rc = tpm2_get_random(chip, out, max);
> else
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 7bb87fa5f7a1..9c158c55c05f 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -267,7 +267,6 @@ static inline void tpm_msleep(unsigned int delay_msec)
> int tpm_chip_bootstrap(struct tpm_chip *chip);
> int tpm_chip_start(struct tpm_chip *chip);
> void tpm_chip_stop(struct tpm_chip *chip);
> -struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip);
>
> struct tpm_chip *tpm_chip_alloc(struct device *dev,
> const struct tpm_class_ops *ops);
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
> index 4b12c4b9da8b..73b94f4daf4b 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -265,8 +265,7 @@ static u8 tpm_tis_status(struct tpm_chip *chip)
>
> /*
> * Dump stack for forensics, as invalid TPM_STS.x could
> be
> - * potentially triggered by impaired tpm_try_get_ops()
> or
> - * tpm_find_get_ops().
> + * potentially triggered by impaired tpm_try_get_ops().
> */
> dump_stack();
Sorry outside scope of the review but I'll remark something while I
still remember it :-)
Looking at "if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {"
Despite unfortunately git blame points out to me I don't agree with the
"pr_err + dump_stack" rollback sequence:
1. Stack here is useless noise.
2. This should be fallible situation really, as at it can be affected by
outside stimuli, not just long-strech malicious device alike case,
but also it could be like perhaps TPM emulator or something else
more flakky than a chip.
Improved rollback sequence would be:
1. Print dev_err, exactly as it does now. It's not a kernel bug per se
but something is definitely acting weirdly.
2. Make '->status' fallible so that rollback can be further propagated
to 'tpm_transmit'
3. Return some sensible POSIX error code, probably -EIO combined with
pre-existing dev_err would be fine.
Back to the topic. I agree with the patch. I'll come back on this
once I've tested it with a live kernel in my environment [1].
[1] https://codeberg.org/jarkko/linux-tpmdd-test
BR, Jarkko
