Re: [PATCH RFC 1/3] tpm_crb: expand struct crb_control_area to struct crb_regs

From: Jason Gunthorpe
Date: Sun Oct 09 2016 - 19:09:00 EST


On Sun, Oct 09, 2016 at 09:33:58PM +0300, Jarkko Sakkinen wrote:

> > Sorry I missed this part.
> >
> > Here are the constraints for existing hardware:
> >
> > 1. All the existing CRB start only hardware has the iomem covering the
> > control area and registers for multiple localities.
> > 2. All the existing ACPI start hardware has only the control area.
> >
> > If you assume that SSDT does not have malicous behavior caused by either
> > a BIOS bug or maybe a rootkit, then the current patch works for all the
> > existing hardware.
> >
> > To counter-measure for unexpected behavior in non-existing hardware and
> > buggy or malicious firmware it probably make sense to use crb_map_res to
> > validate the part of the CRB registers that is not part of the control
> > area.

I don't know how much I'd assume BIOS authors do what you think - the
spec I saw for this seems very vauge.

Certainly checking that locality region falls within the acpi mapping
seems essential.

> > Doing it in the way you proposed does not work for ACPI start devices.
> >
> > For them it should be done in the same way as I'm doing in the existing
> > patch as for ACPI start devices the address below the control area are
> > never accessed. Having a separate crb_map_res for CRB start only devices
> > is sane thing to do for validation.
>
> Alternative is to do two structures crb_regs_head and crb_regs_tail,
> which might be cleaner. I'm fine with going either route.

Since the iomem doesn't actually exist for a configuration having two
pointers is the better choice. Make sure one is null for the
configuration that does not support it.

The negative offset thing is way too subtle.

Jason