Do not torn down the system when getting invalid status from a TPM chip. This can happen when panic-on-warn is used.
In addition, print out the value of TPM_STS.x instead of "invalid status". In order to get the earlier benefits for forensics, also call dump_stack().
Link: https://lore.kernel.org/keyrings/YKzlTR1AzUigShtZ@kroah.com/ Fixes: 55707d531af6 ("tpm_tis: Add a check for invalid status") Cc: stable@vger.kernel.org Cc: Hans de Goede hdegoede@redhat.com Cc: Greg KH greg@kroah.com Signed-off-by: Jarkko Sakkinen jarkko@kernel.org --- drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 55b9d3965ae1..514a481829c9 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -202,7 +202,16 @@ static u8 tpm_tis_status(struct tpm_chip *chip) * acquired. Usually because tpm_try_get_ops() hasn't * been called before doing a TPM operation. */ - WARN_ONCE(1, "TPM returned invalid status\n"); + dev_err_once(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n", + status); + + /* + * Dump stack for forensics, as invalid TPM_STS.x could be + * potentially triggered by impaired tpm_try_get_ops() or + * tpm_find_get_ops(). + */ + dump_stack(); + return 0; }
On Mon, May 31, 2021 at 07:51:31AM +0300, Jarkko Sakkinen wrote:
Do not torn down the system when getting invalid status from a TPM chip. This can happen when panic-on-warn is used.
In addition, print out the value of TPM_STS.x instead of "invalid status". In order to get the earlier benefits for forensics, also call dump_stack().
Link: https://lore.kernel.org/keyrings/YKzlTR1AzUigShtZ@kroah.com/ Fixes: 55707d531af6 ("tpm_tis: Add a check for invalid status") Cc: stable@vger.kernel.org Cc: Hans de Goede hdegoede@redhat.com Cc: Greg KH greg@kroah.com Signed-off-by: Jarkko Sakkinen jarkko@kernel.org
drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 55b9d3965ae1..514a481829c9 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -202,7 +202,16 @@ static u8 tpm_tis_status(struct tpm_chip *chip) * acquired. Usually because tpm_try_get_ops() hasn't * been called before doing a TPM operation. */
WARN_ONCE(1, "TPM returned invalid status\n");
dev_err_once(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
status);
/*
* Dump stack for forensics, as invalid TPM_STS.x could be
* potentially triggered by impaired tpm_try_get_ops() or
* tpm_find_get_ops().
*/
dump_stack();
- return 0; }
Reviewed-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Dear Jarkko,
Am 31.05.21 um 06:51 schrieb Jarkko Sakkinen:
Do not torn down the system when getting invalid status from a TPM chip.
Nit: Do not *tear* down …?
This can happen when panic-on-warn is used.
Hmm, I’d say it works as expected then? Shouldn’t an invalid status of an important device like TPM considered a warning?
In addition, print out the value of TPM_STS.x instead of "invalid status". In order to get the earlier benefits for forensics, also call dump_stack().
Link: https://lore.kernel.org/keyrings/YKzlTR1AzUigShtZ@kroah.com/ Fixes: 55707d531af6 ("tpm_tis: Add a check for invalid status") Cc: stable@vger.kernel.org Cc: Hans de Goede hdegoede@redhat.com Cc: Greg KH greg@kroah.com Signed-off-by: Jarkko Sakkinen jarkko@kernel.org
drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 55b9d3965ae1..514a481829c9 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -202,7 +202,16 @@ static u8 tpm_tis_status(struct tpm_chip *chip) * acquired. Usually because tpm_try_get_ops() hasn't * been called before doing a TPM operation. */
WARN_ONCE(1, "TPM returned invalid status\n");
dev_err_once(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
status);
/*
* Dump stack for forensics, as invalid TPM_STS.x could be
* potentially triggered by impaired tpm_try_get_ops() or
* tpm_find_get_ops().
*/
dump_stack();
- return 0; }
Kind regards,
Paul
On Mon, May 31, 2021 at 07:33:44AM +0200, Paul Menzel wrote:
Dear Jarkko,
Am 31.05.21 um 06:51 schrieb Jarkko Sakkinen:
Do not torn down the system when getting invalid status from a TPM chip.
Nit: Do not *tear* down …?
Oops, a typo, thank you.
This can happen when panic-on-warn is used.
Hmm, I’d say it works as expected then? Shouldn’t an invalid status of an important device like TPM considered a warning?
By warning do you mean WARN() or pr_warn()?
/Jarkko
linux-stable-mirror@lists.linaro.org