tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
[sfrench/cifs-2.6.git] / drivers / char / tpm / tpm_tis_core.c
1 /*
2  * Copyright (C) 2005, 2006 IBM Corporation
3  * Copyright (C) 2014, 2015 Intel Corporation
4  *
5  * Authors:
6  * Leendert van Doorn <leendert@watson.ibm.com>
7  * Kylene Hall <kjhall@us.ibm.com>
8  *
9  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
10  *
11  * Device driver for TCG/TCPA TPM (trusted platform module).
12  * Specifications at www.trustedcomputinggroup.org
13  *
14  * This device driver implements the TPM interface as defined in
15  * the TCG TPM Interface Spec version 1.2, revision 1.0.
16  *
17  * This program is free software; you can redistribute it and/or
18  * modify it under the terms of the GNU General Public License as
19  * published by the Free Software Foundation, version 2 of the
20  * License.
21  */
22 #include <linux/init.h>
23 #include <linux/module.h>
24 #include <linux/moduleparam.h>
25 #include <linux/pnp.h>
26 #include <linux/slab.h>
27 #include <linux/interrupt.h>
28 #include <linux/wait.h>
29 #include <linux/acpi.h>
30 #include <linux/freezer.h>
31 #include "tpm.h"
32 #include "tpm_tis_core.h"
33
34 /* This is a polling delay to check for status and burstcount.
35  * As per ddwg input, expectation is that status check and burstcount
36  * check should return within few usecs.
37  */
38 #define TPM_POLL_SLEEP  1  /* msec */
39
40 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
41
42 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
43                                         bool check_cancel, bool *canceled)
44 {
45         u8 status = chip->ops->status(chip);
46
47         *canceled = false;
48         if ((status & mask) == mask)
49                 return true;
50         if (check_cancel && chip->ops->req_canceled(chip, status)) {
51                 *canceled = true;
52                 return true;
53         }
54         return false;
55 }
56
57 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
58                 unsigned long timeout, wait_queue_head_t *queue,
59                 bool check_cancel)
60 {
61         unsigned long stop;
62         long rc;
63         u8 status;
64         bool canceled = false;
65
66         /* check current status */
67         status = chip->ops->status(chip);
68         if ((status & mask) == mask)
69                 return 0;
70
71         stop = jiffies + timeout;
72
73         if (chip->flags & TPM_CHIP_FLAG_IRQ) {
74 again:
75                 timeout = stop - jiffies;
76                 if ((long)timeout <= 0)
77                         return -ETIME;
78                 rc = wait_event_interruptible_timeout(*queue,
79                         wait_for_tpm_stat_cond(chip, mask, check_cancel,
80                                                &canceled),
81                         timeout);
82                 if (rc > 0) {
83                         if (canceled)
84                                 return -ECANCELED;
85                         return 0;
86                 }
87                 if (rc == -ERESTARTSYS && freezing(current)) {
88                         clear_thread_flag(TIF_SIGPENDING);
89                         goto again;
90                 }
91         } else {
92                 do {
93                         tpm_msleep(TPM_POLL_SLEEP);
94                         status = chip->ops->status(chip);
95                         if ((status & mask) == mask)
96                                 return 0;
97                 } while (time_before(jiffies, stop));
98         }
99         return -ETIME;
100 }
101
102 /* Before we attempt to access the TPM we must see that the valid bit is set.
103  * The specification says that this bit is 0 at reset and remains 0 until the
104  * 'TPM has gone through its self test and initialization and has established
105  * correct values in the other bits.'
106  */
107 static int wait_startup(struct tpm_chip *chip, int l)
108 {
109         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
110         unsigned long stop = jiffies + chip->timeout_a;
111
112         do {
113                 int rc;
114                 u8 access;
115
116                 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
117                 if (rc < 0)
118                         return rc;
119
120                 if (access & TPM_ACCESS_VALID)
121                         return 0;
122                 tpm_msleep(TPM_TIMEOUT);
123         } while (time_before(jiffies, stop));
124         return -1;
125 }
126
127 static bool check_locality(struct tpm_chip *chip, int l)
128 {
129         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
130         int rc;
131         u8 access;
132
133         rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
134         if (rc < 0)
135                 return false;
136
137         if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) ==
138             (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
139                 priv->locality = l;
140                 return true;
141         }
142
143         return false;
144 }
145
146 static void release_locality(struct tpm_chip *chip, int l)
147 {
148         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
149
150         tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
151 }
152
153 static int request_locality(struct tpm_chip *chip, int l)
154 {
155         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
156         unsigned long stop, timeout;
157         long rc;
158
159         if (check_locality(chip, l))
160                 return l;
161
162         rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE);
163         if (rc < 0)
164                 return rc;
165
166         stop = jiffies + chip->timeout_a;
167
168         if (chip->flags & TPM_CHIP_FLAG_IRQ) {
169 again:
170                 timeout = stop - jiffies;
171                 if ((long)timeout <= 0)
172                         return -1;
173                 rc = wait_event_interruptible_timeout(priv->int_queue,
174                                                       (check_locality
175                                                        (chip, l)),
176                                                       timeout);
177                 if (rc > 0)
178                         return l;
179                 if (rc == -ERESTARTSYS && freezing(current)) {
180                         clear_thread_flag(TIF_SIGPENDING);
181                         goto again;
182                 }
183         } else {
184                 /* wait for burstcount */
185                 do {
186                         if (check_locality(chip, l))
187                                 return l;
188                         tpm_msleep(TPM_TIMEOUT);
189                 } while (time_before(jiffies, stop));
190         }
191         return -1;
192 }
193
194 static u8 tpm_tis_status(struct tpm_chip *chip)
195 {
196         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
197         int rc;
198         u8 status;
199
200         rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status);
201         if (rc < 0)
202                 return 0;
203
204         return status;
205 }
206
207 static void tpm_tis_ready(struct tpm_chip *chip)
208 {
209         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
210
211         /* this causes the current command to be aborted */
212         tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY);
213 }
214
215 static int get_burstcount(struct tpm_chip *chip)
216 {
217         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
218         unsigned long stop;
219         int burstcnt, rc;
220         u32 value;
221
222         /* wait for burstcount */
223         if (chip->flags & TPM_CHIP_FLAG_TPM2)
224                 stop = jiffies + chip->timeout_a;
225         else
226                 stop = jiffies + chip->timeout_d;
227         do {
228                 rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value);
229                 if (rc < 0)
230                         return rc;
231
232                 burstcnt = (value >> 8) & 0xFFFF;
233                 if (burstcnt)
234                         return burstcnt;
235                 tpm_msleep(TPM_POLL_SLEEP);
236         } while (time_before(jiffies, stop));
237         return -EBUSY;
238 }
239
240 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
241 {
242         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
243         int size = 0, burstcnt, rc;
244
245         while (size < count) {
246                 rc = wait_for_tpm_stat(chip,
247                                  TPM_STS_DATA_AVAIL | TPM_STS_VALID,
248                                  chip->timeout_c,
249                                  &priv->read_queue, true);
250                 if (rc < 0)
251                         return rc;
252                 burstcnt = get_burstcount(chip);
253                 if (burstcnt < 0) {
254                         dev_err(&chip->dev, "Unable to read burstcount\n");
255                         return burstcnt;
256                 }
257                 burstcnt = min_t(int, burstcnt, count - size);
258
259                 rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
260                                         burstcnt, buf + size);
261                 if (rc < 0)
262                         return rc;
263
264                 size += burstcnt;
265         }
266         return size;
267 }
268
269 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
270 {
271         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
272         int size = 0;
273         int status;
274         u32 expected;
275
276         if (count < TPM_HEADER_SIZE) {
277                 size = -EIO;
278                 goto out;
279         }
280
281         size = recv_data(chip, buf, TPM_HEADER_SIZE);
282         /* read first 10 bytes, including tag, paramsize, and result */
283         if (size < TPM_HEADER_SIZE) {
284                 dev_err(&chip->dev, "Unable to read header\n");
285                 goto out;
286         }
287
288         expected = be32_to_cpu(*(__be32 *) (buf + 2));
289         if (expected > count || expected < TPM_HEADER_SIZE) {
290                 size = -EIO;
291                 goto out;
292         }
293
294         size += recv_data(chip, &buf[TPM_HEADER_SIZE],
295                           expected - TPM_HEADER_SIZE);
296         if (size < expected) {
297                 dev_err(&chip->dev, "Unable to read remainder of result\n");
298                 size = -ETIME;
299                 goto out;
300         }
301
302         if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
303                                 &priv->int_queue, false) < 0) {
304                 size = -ETIME;
305                 goto out;
306         }
307         status = tpm_tis_status(chip);
308         if (status & TPM_STS_DATA_AVAIL) {      /* retry? */
309                 dev_err(&chip->dev, "Error left over data\n");
310                 size = -EIO;
311                 goto out;
312         }
313
314 out:
315         tpm_tis_ready(chip);
316         return size;
317 }
318
319 /*
320  * If interrupts are used (signaled by an irq set in the vendor structure)
321  * tpm.c can skip polling for the data to be available as the interrupt is
322  * waited for here
323  */
324 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
325 {
326         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
327         int rc, status, burstcnt;
328         size_t count = 0;
329         bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
330
331         status = tpm_tis_status(chip);
332         if ((status & TPM_STS_COMMAND_READY) == 0) {
333                 tpm_tis_ready(chip);
334                 if (wait_for_tpm_stat
335                     (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
336                      &priv->int_queue, false) < 0) {
337                         rc = -ETIME;
338                         goto out_err;
339                 }
340         }
341
342         while (count < len - 1) {
343                 burstcnt = get_burstcount(chip);
344                 if (burstcnt < 0) {
345                         dev_err(&chip->dev, "Unable to read burstcount\n");
346                         rc = burstcnt;
347                         goto out_err;
348                 }
349                 burstcnt = min_t(int, burstcnt, len - count - 1);
350                 rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
351                                          burstcnt, buf + count);
352                 if (rc < 0)
353                         goto out_err;
354
355                 count += burstcnt;
356
357                 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
358                                         &priv->int_queue, false) < 0) {
359                         rc = -ETIME;
360                         goto out_err;
361                 }
362                 status = tpm_tis_status(chip);
363                 if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
364                         rc = -EIO;
365                         goto out_err;
366                 }
367         }
368
369         /* write last byte */
370         rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
371         if (rc < 0)
372                 goto out_err;
373
374         if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
375                                 &priv->int_queue, false) < 0) {
376                 rc = -ETIME;
377                 goto out_err;
378         }
379         status = tpm_tis_status(chip);
380         if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
381                 rc = -EIO;
382                 goto out_err;
383         }
384
385         return 0;
386
387 out_err:
388         tpm_tis_ready(chip);
389         return rc;
390 }
391
392 static void disable_interrupts(struct tpm_chip *chip)
393 {
394         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
395         u32 intmask;
396         int rc;
397
398         rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
399         if (rc < 0)
400                 intmask = 0;
401
402         intmask &= ~TPM_GLOBAL_INT_ENABLE;
403         rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
404
405         devm_free_irq(chip->dev.parent, priv->irq, chip);
406         priv->irq = 0;
407         chip->flags &= ~TPM_CHIP_FLAG_IRQ;
408 }
409
410 /*
411  * If interrupts are used (signaled by an irq set in the vendor structure)
412  * tpm.c can skip polling for the data to be available as the interrupt is
413  * waited for here
414  */
415 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
416 {
417         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
418         int rc;
419         u32 ordinal;
420         unsigned long dur;
421
422         rc = tpm_tis_send_data(chip, buf, len);
423         if (rc < 0)
424                 return rc;
425
426         /* go and do it */
427         rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
428         if (rc < 0)
429                 goto out_err;
430
431         if (chip->flags & TPM_CHIP_FLAG_IRQ) {
432                 ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
433
434                 if (chip->flags & TPM_CHIP_FLAG_TPM2)
435                         dur = tpm2_calc_ordinal_duration(chip, ordinal);
436                 else
437                         dur = tpm_calc_ordinal_duration(chip, ordinal);
438
439                 if (wait_for_tpm_stat
440                     (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur,
441                      &priv->read_queue, false) < 0) {
442                         rc = -ETIME;
443                         goto out_err;
444                 }
445         }
446         return len;
447 out_err:
448         tpm_tis_ready(chip);
449         return rc;
450 }
451
452 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
453 {
454         int rc, irq;
455         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
456
457         if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || priv->irq_tested)
458                 return tpm_tis_send_main(chip, buf, len);
459
460         /* Verify receipt of the expected IRQ */
461         irq = priv->irq;
462         priv->irq = 0;
463         chip->flags &= ~TPM_CHIP_FLAG_IRQ;
464         rc = tpm_tis_send_main(chip, buf, len);
465         priv->irq = irq;
466         chip->flags |= TPM_CHIP_FLAG_IRQ;
467         if (!priv->irq_tested)
468                 tpm_msleep(1);
469         if (!priv->irq_tested)
470                 disable_interrupts(chip);
471         priv->irq_tested = true;
472         return rc;
473 }
474
475 struct tis_vendor_timeout_override {
476         u32 did_vid;
477         unsigned long timeout_us[4];
478 };
479
480 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = {
481         /* Atmel 3204 */
482         { 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000),
483                         (TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } },
484 };
485
486 static bool tpm_tis_update_timeouts(struct tpm_chip *chip,
487                                     unsigned long *timeout_cap)
488 {
489         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
490         int i, rc;
491         u32 did_vid;
492
493         if (chip->ops->clk_enable != NULL)
494                 chip->ops->clk_enable(chip, true);
495
496         rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
497         if (rc < 0)
498                 goto out;
499
500         for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
501                 if (vendor_timeout_overrides[i].did_vid != did_vid)
502                         continue;
503                 memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
504                        sizeof(vendor_timeout_overrides[i].timeout_us));
505                 rc = true;
506         }
507
508         rc = false;
509
510 out:
511         if (chip->ops->clk_enable != NULL)
512                 chip->ops->clk_enable(chip, false);
513
514         return rc;
515 }
516
517 /*
518  * Early probing for iTPM with STS_DATA_EXPECT flaw.
519  * Try sending command without itpm flag set and if that
520  * fails, repeat with itpm flag set.
521  */
522 static int probe_itpm(struct tpm_chip *chip)
523 {
524         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
525         int rc = 0;
526         static const u8 cmd_getticks[] = {
527                 0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
528                 0x00, 0x00, 0x00, 0xf1
529         };
530         size_t len = sizeof(cmd_getticks);
531         u16 vendor;
532
533         if (priv->flags & TPM_TIS_ITPM_WORKAROUND)
534                 return 0;
535
536         rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
537         if (rc < 0)
538                 return rc;
539
540         /* probe only iTPMS */
541         if (vendor != TPM_VID_INTEL)
542                 return 0;
543
544         if (request_locality(chip, 0) != 0)
545                 return -EBUSY;
546
547         rc = tpm_tis_send_data(chip, cmd_getticks, len);
548         if (rc == 0)
549                 goto out;
550
551         tpm_tis_ready(chip);
552
553         priv->flags |= TPM_TIS_ITPM_WORKAROUND;
554
555         rc = tpm_tis_send_data(chip, cmd_getticks, len);
556         if (rc == 0)
557                 dev_info(&chip->dev, "Detected an iTPM.\n");
558         else {
559                 priv->flags &= ~TPM_TIS_ITPM_WORKAROUND;
560                 rc = -EFAULT;
561         }
562
563 out:
564         tpm_tis_ready(chip);
565         release_locality(chip, priv->locality);
566
567         return rc;
568 }
569
570 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status)
571 {
572         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
573
574         switch (priv->manufacturer_id) {
575         case TPM_VID_WINBOND:
576                 return ((status == TPM_STS_VALID) ||
577                         (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)));
578         case TPM_VID_STM:
579                 return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY));
580         default:
581                 return (status == TPM_STS_COMMAND_READY);
582         }
583 }
584
585 static irqreturn_t tis_int_handler(int dummy, void *dev_id)
586 {
587         struct tpm_chip *chip = dev_id;
588         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
589         u32 interrupt;
590         int i, rc;
591
592         rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
593         if (rc < 0)
594                 return IRQ_NONE;
595
596         if (interrupt == 0)
597                 return IRQ_NONE;
598
599         priv->irq_tested = true;
600         if (interrupt & TPM_INTF_DATA_AVAIL_INT)
601                 wake_up_interruptible(&priv->read_queue);
602         if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
603                 for (i = 0; i < 5; i++)
604                         if (check_locality(chip, i))
605                                 break;
606         if (interrupt &
607             (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT |
608              TPM_INTF_CMD_READY_INT))
609                 wake_up_interruptible(&priv->int_queue);
610
611         /* Clear interrupts handled with TPM_EOI */
612         rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt);
613         if (rc < 0)
614                 return IRQ_NONE;
615
616         tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
617         return IRQ_HANDLED;
618 }
619
620 static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
621 {
622         const char *desc = "attempting to generate an interrupt";
623         u32 cap2;
624         cap_t cap;
625
626         if (chip->flags & TPM_CHIP_FLAG_TPM2)
627                 return tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
628         else
629                 return tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc,
630                                   0);
631 }
632
633 /* Register the IRQ and issue a command that will cause an interrupt. If an
634  * irq is seen then leave the chip setup for IRQ operation, otherwise reverse
635  * everything and leave in polling mode. Returns 0 on success.
636  */
637 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
638                                     int flags, int irq)
639 {
640         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
641         u8 original_int_vec;
642         int rc;
643         u32 int_status;
644
645         if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
646                              dev_name(&chip->dev), chip) != 0) {
647                 dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
648                          irq);
649                 return -1;
650         }
651         priv->irq = irq;
652
653         rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
654                            &original_int_vec);
655         if (rc < 0)
656                 return rc;
657
658         rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
659         if (rc < 0)
660                 return rc;
661
662         rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
663         if (rc < 0)
664                 return rc;
665
666         /* Clear all existing */
667         rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
668         if (rc < 0)
669                 return rc;
670
671         /* Turn on */
672         rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
673                              intmask | TPM_GLOBAL_INT_ENABLE);
674         if (rc < 0)
675                 return rc;
676
677         priv->irq_tested = false;
678
679         /* Generate an interrupt by having the core call through to
680          * tpm_tis_send
681          */
682         rc = tpm_tis_gen_interrupt(chip);
683         if (rc < 0)
684                 return rc;
685
686         /* tpm_tis_send will either confirm the interrupt is working or it
687          * will call disable_irq which undoes all of the above.
688          */
689         if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
690                 rc = tpm_tis_write8(priv, original_int_vec,
691                                 TPM_INT_VECTOR(priv->locality));
692                 if (rc < 0)
693                         return rc;
694
695                 return 1;
696         }
697
698         return 0;
699 }
700
701 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
702  * do not have ACPI/etc. We typically expect the interrupt to be declared if
703  * present.
704  */
705 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask)
706 {
707         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
708         u8 original_int_vec;
709         int i, rc;
710
711         rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
712                            &original_int_vec);
713         if (rc < 0)
714                 return;
715
716         if (!original_int_vec) {
717                 if (IS_ENABLED(CONFIG_X86))
718                         for (i = 3; i <= 15; i++)
719                                 if (!tpm_tis_probe_irq_single(chip, intmask, 0,
720                                                               i))
721                                         return;
722         } else if (!tpm_tis_probe_irq_single(chip, intmask, 0,
723                                              original_int_vec))
724                 return;
725 }
726
727 void tpm_tis_remove(struct tpm_chip *chip)
728 {
729         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
730         u32 reg = TPM_INT_ENABLE(priv->locality);
731         u32 interrupt;
732         int rc;
733
734         tpm_tis_clkrun_enable(chip, true);
735
736         rc = tpm_tis_read32(priv, reg, &interrupt);
737         if (rc < 0)
738                 interrupt = 0;
739
740         tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
741
742         tpm_tis_clkrun_enable(chip, false);
743
744         if (priv->ilb_base_addr)
745                 iounmap(priv->ilb_base_addr);
746 }
747 EXPORT_SYMBOL_GPL(tpm_tis_remove);
748
749 /**
750  * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
751  *                           of a single TPM command
752  * @chip:       TPM chip to use
753  * @value:      1 - Disable CLKRUN protocol, so that clocks are free running
754  *              0 - Enable CLKRUN protocol
755  * Call this function directly in tpm_tis_remove() in error or driver removal
756  * path, since the chip->ops is set to NULL in tpm_chip_unregister().
757  */
758 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
759 {
760         struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
761         u32 clkrun_val;
762
763         if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
764             !data->ilb_base_addr)
765                 return;
766
767         if (value) {
768                 data->clkrun_enabled++;
769                 if (data->clkrun_enabled > 1)
770                         return;
771                 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
772
773                 /* Disable LPC CLKRUN# */
774                 clkrun_val &= ~LPC_CLKRUN_EN;
775                 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
776
777                 /*
778                  * Write any random value on port 0x80 which is on LPC, to make
779                  * sure LPC clock is running before sending any TPM command.
780                  */
781                 outb(0xCC, 0x80);
782         } else {
783                 data->clkrun_enabled--;
784                 if (data->clkrun_enabled)
785                         return;
786
787                 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
788
789                 /* Enable LPC CLKRUN# */
790                 clkrun_val |= LPC_CLKRUN_EN;
791                 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
792
793                 /*
794                  * Write any random value on port 0x80 which is on LPC, to make
795                  * sure LPC clock is running before sending any TPM command.
796                  */
797                 outb(0xCC, 0x80);
798         }
799 }
800
801 static const struct tpm_class_ops tpm_tis = {
802         .flags = TPM_OPS_AUTO_STARTUP,
803         .status = tpm_tis_status,
804         .recv = tpm_tis_recv,
805         .send = tpm_tis_send,
806         .cancel = tpm_tis_ready,
807         .update_timeouts = tpm_tis_update_timeouts,
808         .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
809         .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
810         .req_canceled = tpm_tis_req_canceled,
811         .request_locality = request_locality,
812         .relinquish_locality = release_locality,
813         .clk_enable = tpm_tis_clkrun_enable,
814 };
815
816 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
817                       const struct tpm_tis_phy_ops *phy_ops,
818                       acpi_handle acpi_dev_handle)
819 {
820         u32 vendor;
821         u32 intfcaps;
822         u32 intmask;
823         u32 clkrun_val;
824         u8 rid;
825         int rc, probe;
826         struct tpm_chip *chip;
827
828         chip = tpmm_chip_alloc(dev, &tpm_tis);
829         if (IS_ERR(chip))
830                 return PTR_ERR(chip);
831
832 #ifdef CONFIG_ACPI
833         chip->acpi_dev_handle = acpi_dev_handle;
834 #endif
835
836         /* Maximum timeouts */
837         chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX);
838         chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
839         chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
840         chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
841         priv->phy_ops = phy_ops;
842         dev_set_drvdata(&chip->dev, priv);
843
844         if (is_bsw()) {
845                 priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
846                                         ILB_REMAP_SIZE);
847                 if (!priv->ilb_base_addr)
848                         return -ENOMEM;
849
850                 clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
851                 /* Check if CLKRUN# is already not enabled in the LPC bus */
852                 if (!(clkrun_val & LPC_CLKRUN_EN)) {
853                         iounmap(priv->ilb_base_addr);
854                         priv->ilb_base_addr = NULL;
855                 }
856         }
857
858         if (chip->ops->clk_enable != NULL)
859                 chip->ops->clk_enable(chip, true);
860
861         if (wait_startup(chip, 0) != 0) {
862                 rc = -ENODEV;
863                 goto out_err;
864         }
865
866         /* Take control of the TPM's interrupt hardware and shut it off */
867         rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
868         if (rc < 0)
869                 goto out_err;
870
871         intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
872                    TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
873         intmask &= ~TPM_GLOBAL_INT_ENABLE;
874         tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
875
876         rc = tpm2_probe(chip);
877         if (rc)
878                 goto out_err;
879
880         rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
881         if (rc < 0)
882                 goto out_err;
883
884         priv->manufacturer_id = vendor;
885
886         rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
887         if (rc < 0)
888                 goto out_err;
889
890         dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
891                  (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
892                  vendor >> 16, rid);
893
894         probe = probe_itpm(chip);
895         if (probe < 0) {
896                 rc = -ENODEV;
897                 goto out_err;
898         }
899
900         /* Figure out the capabilities */
901         rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
902         if (rc < 0)
903                 goto out_err;
904
905         dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
906                 intfcaps);
907         if (intfcaps & TPM_INTF_BURST_COUNT_STATIC)
908                 dev_dbg(dev, "\tBurst Count Static\n");
909         if (intfcaps & TPM_INTF_CMD_READY_INT)
910                 dev_dbg(dev, "\tCommand Ready Int Support\n");
911         if (intfcaps & TPM_INTF_INT_EDGE_FALLING)
912                 dev_dbg(dev, "\tInterrupt Edge Falling\n");
913         if (intfcaps & TPM_INTF_INT_EDGE_RISING)
914                 dev_dbg(dev, "\tInterrupt Edge Rising\n");
915         if (intfcaps & TPM_INTF_INT_LEVEL_LOW)
916                 dev_dbg(dev, "\tInterrupt Level Low\n");
917         if (intfcaps & TPM_INTF_INT_LEVEL_HIGH)
918                 dev_dbg(dev, "\tInterrupt Level High\n");
919         if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT)
920                 dev_dbg(dev, "\tLocality Change Int Support\n");
921         if (intfcaps & TPM_INTF_STS_VALID_INT)
922                 dev_dbg(dev, "\tSts Valid Int Support\n");
923         if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
924                 dev_dbg(dev, "\tData Avail Int Support\n");
925
926         /* INTERRUPT Setup */
927         init_waitqueue_head(&priv->read_queue);
928         init_waitqueue_head(&priv->int_queue);
929         if (irq != -1) {
930                 /* Before doing irq testing issue a command to the TPM in polling mode
931                  * to make sure it works. May as well use that command to set the
932                  * proper timeouts for the driver.
933                  */
934                 if (tpm_get_timeouts(chip)) {
935                         dev_err(dev, "Could not get TPM timeouts and durations\n");
936                         rc = -ENODEV;
937                         goto out_err;
938                 }
939
940                 if (irq) {
941                         tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
942                                                  irq);
943                         if (!(chip->flags & TPM_CHIP_FLAG_IRQ))
944                                 dev_err(&chip->dev, FW_BUG
945                                         "TPM interrupt not working, polling instead\n");
946                 } else {
947                         tpm_tis_probe_irq(chip, intmask);
948                 }
949         }
950
951         rc = tpm_chip_register(chip);
952         if (rc)
953                 goto out_err;
954
955         if (chip->ops->clk_enable != NULL)
956                 chip->ops->clk_enable(chip, false);
957
958         return 0;
959 out_err:
960         if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL))
961                 chip->ops->clk_enable(chip, false);
962
963         tpm_tis_remove(chip);
964
965         return rc;
966 }
967 EXPORT_SYMBOL_GPL(tpm_tis_core_init);
968
969 #ifdef CONFIG_PM_SLEEP
970 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
971 {
972         struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
973         u32 intmask;
974         int rc;
975
976         if (chip->ops->clk_enable != NULL)
977                 chip->ops->clk_enable(chip, true);
978
979         /* reenable interrupts that device may have lost or
980          * BIOS/firmware may have disabled
981          */
982         rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
983         if (rc < 0)
984                 goto out;
985
986         rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
987         if (rc < 0)
988                 goto out;
989
990         intmask |= TPM_INTF_CMD_READY_INT
991             | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT
992             | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE;
993
994         tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
995
996 out:
997         if (chip->ops->clk_enable != NULL)
998                 chip->ops->clk_enable(chip, false);
999
1000         return;
1001 }
1002
1003 int tpm_tis_resume(struct device *dev)
1004 {
1005         struct tpm_chip *chip = dev_get_drvdata(dev);
1006         int ret;
1007
1008         if (chip->flags & TPM_CHIP_FLAG_IRQ)
1009                 tpm_tis_reenable_interrupts(chip);
1010
1011         ret = tpm_pm_resume(dev);
1012         if (ret)
1013                 return ret;
1014
1015         /* TPM 1.2 requires self-test on resume. This function actually returns
1016          * an error code but for unknown reason it isn't handled.
1017          */
1018         if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
1019                 tpm_do_selftest(chip);
1020
1021         return 0;
1022 }
1023 EXPORT_SYMBOL_GPL(tpm_tis_resume);
1024 #endif
1025
1026 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1027 MODULE_DESCRIPTION("TPM Driver");
1028 MODULE_VERSION("2.0");
1029 MODULE_LICENSE("GPL");