This is a note to let you know that I've just added the patch titled tpm_crb: fix crb_req_canceled behavior to the 4.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: tpm_crb-fix-crb_req_canceled-behavior.patch and it can be found in the queue-4.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 72fd50e14e46dc0edf360631bdece87c2f066a97 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> Date: Fri, 2 Sep 2016 22:34:17 +0300 Subject: tpm_crb: fix crb_req_canceled behavior From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> commit 72fd50e14e46dc0edf360631bdece87c2f066a97 upstream. The req_canceled() callback is used by tpm_transmit() periodically to check whether the request has been canceled while it is receiving a response from the TPM. The TPM_CRB_CTRL_CANCEL register was cleared already in the crb_cancel callback, which has two consequences: * Cancel might not happen. * req_canceled() always returns zero. A better place to clear the register is when starting to send a new command. The behavior of TPM_CRB_CTRL_CANCEL is described in the section 5.5.3.6 of the PTP specification. Fixes: 30fc8d138e91 ("tpm: TPM 2.0 CRB Interface") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/char/tpm/tpm_crb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -142,6 +142,11 @@ static int crb_send(struct tpm_chip *chi struct crb_priv *priv = dev_get_drvdata(&chip->dev); int rc = 0; + /* Zero the cancel register so that the next command will not get + * canceled. + */ + iowrite32(0, &priv->cca->cancel); + if (len > ioread32(&priv->cca->cmd_size)) { dev_err(&chip->dev, "invalid command count value %x %zx\n", @@ -175,8 +180,6 @@ static void crb_cancel(struct tpm_chip * if ((priv->flags & CRB_FL_ACPI_START) && crb_do_acpi_start(chip)) dev_err(&chip->dev, "ACPI Start failed\n"); - - iowrite32(0, &priv->cca->cancel); } static bool crb_req_canceled(struct tpm_chip *chip, u8 status) Patches currently in stable-queue which might be from jarkko.sakkinen@xxxxxxxxxxxxxxx are queue-4.8/tpm_crb-fix-crb_req_canceled-behavior.patch queue-4.8/tpm-fix-a-race-condition-in-tpm2_unseal_trusted.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html