[PATCH v2 1/2] tpm_tis_core: add optional max xfer size check

From: Andrey Pronin
Date: Tue Jul 19 2016 - 22:34:53 EST


If tpm reports a bigger burstcnt than allowed by the physical protocol,
re-query the burstcnt and correct, if needed, if still too large.

In practice, seen in case of xfer issues (e.g. in spi interface case,
lost header causing flow control issues and wrong values returned on read
from TPM_STS). Without catching, causes the physical layer to reject xfer,
while is easily preventable by re-querying TPM_STS.

Signed-off-by: Andrey Pronin <apronin@xxxxxxxxxxxx>
---
drivers/char/tpm/tpm_tis_core.c | 18 ++++++++++++++++--
drivers/char/tpm/tpm_tis_core.h | 1 +
2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index d66f51b..ffc1acb 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -158,6 +158,7 @@ static int get_burstcount(struct tpm_chip *chip)
unsigned long stop;
int burstcnt, rc;
u32 value;
+ bool retry_burstcnt = false;

/* wait for burstcount */
/* which timeout value, spec has 2 answers (c & d) */
@@ -168,8 +169,21 @@ static int get_burstcount(struct tpm_chip *chip)
return rc;

burstcnt = (value >> 8) & 0xFFFF;
- if (burstcnt)
- return burstcnt;
+ if (burstcnt) {
+ /* If burstcnt is larger than max allowed xfer
+ * size, retry once - may be a glitch. Return
+ * max_xfer_size on the 2nd try to avoid being
+ * stuck forever.
+ */
+ if ((priv->phy_ops->max_xfer_size == 0) ||
+ (burstcnt <= priv->phy_ops->max_xfer_size))
+ return burstcnt;
+ if (retry_burstcnt)
+ return priv->phy_ops->max_xfer_size;
+ dev_warn(&chip->dev,
+ "Bad burstcnt read: %d\n", burstcnt);
+ retry_burstcnt = true;
+ }
msleep(TPM_TIMEOUT);
} while (time_before(jiffies, stop));
return -EBUSY;
diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
index 9191aab..58e8b14 100644
--- a/drivers/char/tpm/tpm_tis_core.h
+++ b/drivers/char/tpm/tpm_tis_core.h
@@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
+ u16 max_xfer_size;
};

static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
--
2.6.6