Re: [tpmdd-devel] [PATCH] tpm: vtpm_proxy: Do not access host's event log

2016-11-18 Thread Stefan Berger 
On 11/18/2016 09:11 AM, Stefan Berger wrote:
> On 11/17/2016 03:37 PM, Jarkko Sakkinen wrote:
>> On Thu, Nov 17, 2016 at 07:35:05AM -0500, Stefan Berger wrote:
>>> On 11/16/2016 03:07 PM, Jason Gunthorpe wrote:
 On Wed, Nov 16, 2016 at 12:07:23PM -0500, Stefan Berger wrote:
> The culprit seems to be 'tpm: fix the missing .owner in
> tpm_bios_measurements_ops'
 That is unlikely, it is probably the patch before which calls read_log
 unconditionally now. That suggests the crashing is a little random..
>>> I ran the vtpm driver test suite (with -j32) a few times at that 
>>> patch and
>>> it didn't crash. It crashes severely with later patches applied. 
>>> Here's the
>>> current experimental patch that fixes these problems:
>>>
>>> iff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
>>> index 0cb43ef..a73295a 100644
>>> --- a/drivers/char/tpm/tpm_acpi.c
>>> +++ b/drivers/char/tpm/tpm_acpi.c
>>> @@ -56,6 +56,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
>>>
>>>   log = >log;
>>>
>>> +if (!chip->acpi_dev_handle)
>>> +return 0;
>>> +
>> If there is a problem in the TPM driver, this does not fix the
>> problem. It will mask the problem. Maybe there's an ACPI regression
>> in the rc tree?
>
> Following the path from here :
>
> http://lxr.free-electrons.com/source/drivers/acpi/acpica/tbxface.c#L282
>
> acpi_get_table_with_size -> acpi_tb_validate_table -> 
> acpi_tb_acquire_table
>
> I see acpi_os_map_memory being called in acpi_tb_acquire_table but not 
> the corresponding acpi_os_unmap_memory...
>

And to add to this: the call to acpi_get_table() in tpm_acpi.c alone is 
causing the crash. I am fairly sure that it has something to do with the 
memory mapping call above not being matched by an unmapping call.


> Stefan
>
>
>>
>> This is a funky situation because those lines need to be there but
>> I do not want them before it is root caused that it is not a TPM
>> bug.
>>
>> /Jarkko
>>
>


--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH RFC 2/2] tpm: refactor tpm2_get_tpm_pt to tpm2_getcap_cmd

2016-11-18 Thread Nayna 


On 11/17/2016 11:12 PM, Jarkko Sakkinen wrote:
> On Thu, Nov 17, 2016 at 05:20:36PM +0530, Nayna wrote:
>
>> I tested this for capability TPM2_CAP_PCRS. It seems TPM2_CAP_PCRS
>> capability always returns full PCR allocation, and more_data as 0, So, I
>> think the idea of looping over based on more_data may not work for this
>> capability.
>
> You can always request one value at a time until there's no more.
>
> If you request N values, depending on the hardware, the hardware returns
> to you anything from 1 to N values. If you implement a function that
> requests N values in the command, you *must* handle the case where
> moreData is 1 even if the hardware you are testing that never happens.
>
> That's the reason why I would start with a function that you request one
> property of one capability and optimize it in future if it doesn't scale
> for some workload.
>
> Do you have a workload where it doesn't scale?

Thanks Jarkko for explaining in detail.

If I understood correctly, the idea is to request for one property at a 
time, and if we need multiple properties, then to request for each of 
them in a loop. In case of TPM2_CAP_PCRS, property is always zero. This 
is how I am calling getcap_cmd for TPM2_CAP_PCRS.

tpm2_getcap_cmd(chip, TPM2_CAP_PCRS, 0, _data, "get active pcr 
banks");

Output :

[   17.081665] tpm: cap id to receive value is 2
[   17.081666] tpm: TPM2_CAP_COMMANDS: more data 1
[   17.081667] tpm: 2
[   17.081668] tpm: tpm2_get_active_banks  ---> cap is TPM2_CAP_PCRS
[   17.171665] tpm: cap id to receive value is 5
[   17.171666] tpm: TPM2_CAP_PCRS: more data 0 ---> more data is zero.
[   17.171666] tpm: TPM2_CAP_PCRS: more data 0
[   17.171667] tpm: count pcr banks is 2 --> count of active pcr 
banks information returned

more_data is always zero here, so am not sure how to handle more_data in 
this case ?
Since property_id is always zero, I am not able to request for one 
property at a time.
and response_buffer returns the details for both active banks.

This is the expected behavior defined in TCG 2.0 Part 3 Commands 
Specification (Section 30.2.1):

"TPM_CAP_PCRS – Returns the current allocation of PCR in a 
TPML_PCR_SELECTION. The property parameter shall be zero. The TPM will 
always respond to this command with the full PCR allocation and moreData 
will be NO."

Please let me know, if I am missing something.

Thanks & Regards,
- Nayna


>
> /Jarkko
>


--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel