[PATCH 4.8 37/37] tpm_crb: fix crb_req_canceled behavior

From: Greg Kroah-Hartman
Date: Fri Oct 14 2016 - 08:32:59 EST

4.8-stable review patch. If anyone has any objections, please let me know.


From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>

commit 72fd50e14e46dc0edf360631bdece87c2f066a97 upstream.

The req_canceled() callback is used by tpm_transmit() periodically to
check whether the request has been canceled while it is receiving a
response from the TPM.

The TPM_CRB_CTRL_CANCEL register was cleared already in the crb_cancel
callback, which has two consequences:

* Cancel might not happen.
* req_canceled() always returns zero.

A better place to clear the register is when starting to send a new
command. The behavior of TPM_CRB_CTRL_CANCEL is described in the
section of the PTP specification.

Fixes: 30fc8d138e91 ("tpm: TPM 2.0 CRB Interface")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/char/tpm/tpm_crb.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -142,6 +142,11 @@ static int crb_send(struct tpm_chip *chi
struct crb_priv *priv = dev_get_drvdata(&chip->dev);
int rc = 0;

+ /* Zero the cancel register so that the next command will not get
+ * canceled.
+ */
+ iowrite32(0, &priv->cca->cancel);
if (len > ioread32(&priv->cca->cmd_size)) {
"invalid command count value %x %zx\n",
@@ -175,8 +180,6 @@ static void crb_cancel(struct tpm_chip *

if ((priv->flags & CRB_FL_ACPI_START) && crb_do_acpi_start(chip))
dev_err(&chip->dev, "ACPI Start failed\n");
- iowrite32(0, &priv->cca->cancel);

static bool crb_req_canceled(struct tpm_chip *chip, u8 status)