[mirror_qemu.git] / hw / tpm / tpm_passthrough.c

/*
 *  passthrough TPM driver
 *
 *  Copyright (c) 2010 - 2013 IBM Corporation
 *  Authors:
 *    Stefan Berger <stefanb@us.ibm.com>
 *
 *  Copyright (C) 2011 IAIK, Graz University of Technology
 *    Author: Andreas Niederl
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>
 */

#include <dirent.h>

#include "qemu-common.h"
#include "qapi/error.h"
#include "qemu/sockets.h"
#include "sysemu/tpm_backend.h"
#include "tpm_int.h"
#include "hw/hw.h"
#include "hw/i386/pc.h"
#include "sysemu/tpm_backend_int.h"
#include "tpm_tis.h"

#define DEBUG_TPM 0

#define DPRINTF(fmt, ...) do { \
    if (DEBUG_TPM) { \
        fprintf(stderr, fmt, ## __VA_ARGS__); \
    } \
} while (0);

#define TYPE_TPM_PASSTHROUGH "tpm-passthrough"
#define TPM_PASSTHROUGH(obj) \
    OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH)

static const TPMDriverOps tpm_passthrough_driver;

/* data structures */
typedef struct TPMPassthruThreadParams {
    TPMState *tpm_state;

    TPMRecvDataCB *recv_data_callback;
    TPMBackend *tb;
} TPMPassthruThreadParams;

struct TPMPassthruState {
    TPMBackend parent;

    TPMBackendThread tbt;

    TPMPassthruThreadParams tpm_thread_params;

    char *tpm_dev;
    int tpm_fd;
    bool tpm_executing;
    bool tpm_op_canceled;
    int cancel_fd;
    bool had_startup_error;
};

typedef struct TPMPassthruState TPMPassthruState;

#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0"

/* functions */

static void tpm_passthrough_cancel_cmd(TPMBackend *tb);

static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len)
{
    return send_all(fd, buf, len);
}

static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len)
{
    return recv_all(fd, buf, len, true);
}

static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf)
{
    struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)buf;

    return be32_to_cpu(resp->len);
}

/*
 * Write an error message in the given output buffer.
 */
static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len)
{
    if (out_len >= sizeof(struct tpm_resp_hdr)) {
        struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out;

        resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND);
        resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr));
        resp->errcode = cpu_to_be32(TPM_FAIL);
    }
}

static bool tpm_passthrough_is_selftest(const uint8_t *in, uint32_t in_len)
{
    struct tpm_req_hdr *hdr = (struct tpm_req_hdr *)in;

    if (in_len >= sizeof(*hdr)) {
        return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest);
    }

    return false;
}

static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
                                        const uint8_t *in, uint32_t in_len,
                                        uint8_t *out, uint32_t out_len,
                                        bool *selftest_done)
{
    int ret;
    bool is_selftest;
    const struct tpm_resp_hdr *hdr;

    tpm_pt->tpm_op_canceled = false;
    tpm_pt->tpm_executing = true;
    *selftest_done = false;

    is_selftest = tpm_passthrough_is_selftest(in, in_len);

    ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len);
    if (ret != in_len) {
        if (!tpm_pt->tpm_op_canceled ||
            (tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
            error_report("tpm_passthrough: error while transmitting data "
                         "to TPM: %s (%i)",
                         strerror(errno), errno);
        }
        goto err_exit;
    }

    tpm_pt->tpm_executing = false;

    ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len);
    if (ret < 0) {
        if (!tpm_pt->tpm_op_canceled ||
            (tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
            error_report("tpm_passthrough: error while reading data from "
                         "TPM: %s (%i)",
                         strerror(errno), errno);
        }
    } else if (ret < sizeof(struct tpm_resp_hdr) ||
               tpm_passthrough_get_size_from_buffer(out) != ret) {
        ret = -1;
        error_report("tpm_passthrough: received invalid response "
                     "packet from TPM");
    }

    if (is_selftest && (ret >= sizeof(struct tpm_resp_hdr))) {
        hdr = (struct tpm_resp_hdr *)out;
        *selftest_done = (be32_to_cpu(hdr->errcode) == 0);
    }

err_exit:
    if (ret < 0) {
        tpm_write_fatal_error_response(out, out_len);
    }

    tpm_pt->tpm_executing = false;

    return ret;
}

static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
                                         const TPMLocality *locty_data,
                                         bool *selftest_done)
{
    return tpm_passthrough_unix_tx_bufs(tpm_pt,
                                        locty_data->w_buffer.buffer,
                                        locty_data->w_offset,
                                        locty_data->r_buffer.buffer,
                                        locty_data->r_buffer.size,
                                        selftest_done);
}

static void tpm_passthrough_worker_thread(gpointer data,
                                          gpointer user_data)
{
    TPMPassthruThreadParams *thr_parms = user_data;
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb);
    TPMBackendCmd cmd = (TPMBackendCmd)data;
    bool selftest_done = false;

    DPRINTF("tpm_passthrough: processing command type %d\n", cmd);

    switch (cmd) {
    case TPM_BACKEND_CMD_PROCESS_CMD:
        tpm_passthrough_unix_transfer(tpm_pt,
                                      thr_parms->tpm_state->locty_data,
                                      &selftest_done);

        thr_parms->recv_data_callback(thr_parms->tpm_state,
                                      thr_parms->tpm_state->locty_number,
                                      selftest_done);
        break;
    case TPM_BACKEND_CMD_INIT:
    case TPM_BACKEND_CMD_END:
    case TPM_BACKEND_CMD_TPM_RESET:
        /* nothing to do */
        break;
    }
}

/*
 * Start the TPM (thread). If it had been started before, then terminate
 * and start it again.
 */
static int tpm_passthrough_startup_tpm(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    /* terminate a running TPM */
    tpm_backend_thread_end(&tpm_pt->tbt);

    tpm_backend_thread_create(&tpm_pt->tbt,
                              tpm_passthrough_worker_thread,
                              &tpm_pt->tpm_thread_params);

    return 0;
}

static void tpm_passthrough_reset(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n");

    tpm_passthrough_cancel_cmd(tb);

    tpm_backend_thread_end(&tpm_pt->tbt);

    tpm_pt->had_startup_error = false;
}

static int tpm_passthrough_init(TPMBackend *tb, TPMState *s,
                                TPMRecvDataCB *recv_data_cb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tpm_pt->tpm_thread_params.tpm_state = s;
    tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb;
    tpm_pt->tpm_thread_params.tb = tb;

    return 0;
}

static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb)
{
    return false;
}

static int tpm_passthrough_reset_tpm_established_flag(TPMBackend *tb,
                                                      uint8_t locty)
{
    /* only a TPM 2.0 will support this */
    return 0;
}

static bool tpm_passthrough_get_startup_error(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    return tpm_pt->had_startup_error;
}

static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb)
{
    size_t wanted_size = 4096; /* Linux tpm.c buffer size */

    if (sb->size != wanted_size) {
        sb->buffer = g_realloc(sb->buffer, wanted_size);
        sb->size = wanted_size;
    }
    return sb->size;
}

static void tpm_passthrough_deliver_request(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tpm_backend_thread_deliver_request(&tpm_pt->tbt);
}

static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
    int n;

    /*
     * As of Linux 3.7 the tpm_tis driver does not properly cancel
     * commands on all TPM manufacturers' TPMs.
     * Only cancel if we're busy so we don't cancel someone else's
     * command, e.g., a command executed on the host.
     */
    if (tpm_pt->tpm_executing) {
        if (tpm_pt->cancel_fd >= 0) {
            n = write(tpm_pt->cancel_fd, "-", 1);
            if (n != 1) {
                error_report("Canceling TPM command failed: %s",
                             strerror(errno));
            } else {
                tpm_pt->tpm_op_canceled = true;
            }
        } else {
            error_report("Cannot cancel TPM command due to missing "
                         "TPM sysfs cancel entry");
        }
    }
}

static const char *tpm_passthrough_create_desc(void)
{
    return "Passthrough TPM backend driver";
}

static TPMVersion tpm_passthrough_get_tpm_version(TPMBackend *tb)
{
    return TPM_VERSION_1_2;
}

/*
 * A basic test of a TPM device. We expect a well formatted response header
 * (error response is fine) within one second.
 */
static int tpm_passthrough_test_tpmdev(int fd)
{
    struct tpm_req_hdr req = {
        .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
        .len = cpu_to_be32(sizeof(req)),
        .ordinal = cpu_to_be32(TPM_ORD_GetTicks),
    };
    struct tpm_resp_hdr *resp;
    fd_set readfds;
    int n;
    struct timeval tv = {
        .tv_sec = 1,
        .tv_usec = 0,
    };
    unsigned char buf[1024];

    n = write(fd, &req, sizeof(req));
    if (n < 0) {
        return errno;
    }
    if (n != sizeof(req)) {
        return EFAULT;
    }

    FD_ZERO(&readfds);
    FD_SET(fd, &readfds);

    /* wait for a second */
    n = select(fd + 1, &readfds, NULL, NULL, &tv);
    if (n != 1) {
        return errno;
    }

    n = read(fd, &buf, sizeof(buf));
    if (n < sizeof(struct tpm_resp_hdr)) {
        return EFAULT;
    }

    resp = (struct tpm_resp_hdr *)buf;
    /* check the header */
    if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND ||
        be32_to_cpu(resp->len) != n) {
        return EBADMSG;
    }

    return 0;
}

/*
 * Unless path or file descriptor set has been provided by user,
 * determine the sysfs cancel file following kernel documentation
 * in Documentation/ABI/stable/sysfs-class-tpm.
 * From /dev/tpm0 create /sys/class/misc/tpm0/device/cancel
 */
static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
    int fd = -1;
    char *dev;
    char path[PATH_MAX];

    if (tb->cancel_path) {
        fd = qemu_open(tb->cancel_path, O_WRONLY);
        if (fd < 0) {
            error_report("Could not open TPM cancel path : %s",
                         strerror(errno));
        }
        return fd;
    }

    dev = strrchr(tpm_pt->tpm_dev, '/');
    if (dev) {
        dev++;
        if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
                     dev) < sizeof(path)) {
            fd = qemu_open(path, O_WRONLY);
            if (fd >= 0) {
                tb->cancel_path = g_strdup(path);
            } else {
                error_report("tpm_passthrough: Could not open TPM cancel "
                             "path %s : %s", path, strerror(errno));
            }
        }
    } else {
       error_report("tpm_passthrough: Bad TPM device path %s",
                    tpm_pt->tpm_dev);
    }

    return fd;
}

static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
    const char *value;

    value = qemu_opt_get(opts, "cancel-path");
    tb->cancel_path = g_strdup(value);

    value = qemu_opt_get(opts, "path");
    if (!value) {
        value = TPM_PASSTHROUGH_DEFAULT_DEVICE;
    }

    tpm_pt->tpm_dev = g_strdup(value);

    tb->path = g_strdup(tpm_pt->tpm_dev);

    tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR);
    if (tpm_pt->tpm_fd < 0) {
        error_report("Cannot access TPM device using '%s': %s",
                     tpm_pt->tpm_dev, strerror(errno));
        goto err_free_parameters;
    }

    if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) {
        error_report("'%s' is not a TPM device.",
                     tpm_pt->tpm_dev);
        goto err_close_tpmdev;
    }

    return 0;

 err_close_tpmdev:
    qemu_close(tpm_pt->tpm_fd);
    tpm_pt->tpm_fd = -1;

 err_free_parameters:
    g_free(tb->path);
    tb->path = NULL;

    g_free(tpm_pt->tpm_dev);
    tpm_pt->tpm_dev = NULL;

    return 1;
}

static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
{
    Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
    TPMBackend *tb = TPM_BACKEND(obj);
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tb->id = g_strdup(id);
    /* let frontend set the fe_model to proper value */
    tb->fe_model = -1;

    tb->ops = &tpm_passthrough_driver;

    if (tpm_passthrough_handle_device_opts(opts, tb)) {
        goto err_exit;
    }

    tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb);
    if (tpm_pt->cancel_fd < 0) {
        goto err_exit;
    }

    return tb;

err_exit:
    g_free(tb->id);

    return NULL;
}

static void tpm_passthrough_destroy(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tpm_passthrough_cancel_cmd(tb);

    tpm_backend_thread_end(&tpm_pt->tbt);

    qemu_close(tpm_pt->tpm_fd);
    qemu_close(tpm_pt->cancel_fd);

    g_free(tb->id);
    g_free(tb->path);
    g_free(tb->cancel_path);
    g_free(tpm_pt->tpm_dev);
}

static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
    TPM_STANDARD_CMDLINE_OPTS,
    {
        .name = "cancel-path",
        .type = QEMU_OPT_STRING,
        .help = "Sysfs file entry for canceling TPM commands",
    },
    {
        .name = "path",
        .type = QEMU_OPT_STRING,
        .help = "Path to TPM device on the host",
    },
    { /* end of list */ },
};

static const TPMDriverOps tpm_passthrough_driver = {
    .type                     = TPM_TYPE_PASSTHROUGH,
    .opts                     = tpm_passthrough_cmdline_opts,
    .desc                     = tpm_passthrough_create_desc,
    .create                   = tpm_passthrough_create,
    .destroy                  = tpm_passthrough_destroy,
    .init                     = tpm_passthrough_init,
    .startup_tpm              = tpm_passthrough_startup_tpm,
    .realloc_buffer           = tpm_passthrough_realloc_buffer,
    .reset                    = tpm_passthrough_reset,
    .had_startup_error        = tpm_passthrough_get_startup_error,
    .deliver_request          = tpm_passthrough_deliver_request,
    .cancel_cmd               = tpm_passthrough_cancel_cmd,
    .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
    .reset_tpm_established_flag = tpm_passthrough_reset_tpm_established_flag,
    .get_tpm_version          = tpm_passthrough_get_tpm_version,
};

static void tpm_passthrough_inst_init(Object *obj)
{
}

static void tpm_passthrough_inst_finalize(Object *obj)
{
}

static void tpm_passthrough_class_init(ObjectClass *klass, void *data)
{
    TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);

    tbc->ops = &tpm_passthrough_driver;
}

static const TypeInfo tpm_passthrough_info = {
    .name = TYPE_TPM_PASSTHROUGH,
    .parent = TYPE_TPM_BACKEND,
    .instance_size = sizeof(TPMPassthruState),
    .class_init = tpm_passthrough_class_init,
    .instance_init = tpm_passthrough_inst_init,
    .instance_finalize = tpm_passthrough_inst_finalize,
};

static void tpm_passthrough_register(void)
{
    type_register_static(&tpm_passthrough_info);
    tpm_register_driver(&tpm_passthrough_driver);
}

type_init(tpm_passthrough_register)
Commit	Line	Data
4549a8b7 SB	1	/*
	2	* passthrough TPM driver
	3	*
	4	* Copyright (c) 2010 - 2013 IBM Corporation
	5	* Authors:
	6	* Stefan Berger <stefanb@us.ibm.com>
	7	*
	8	* Copyright (C) 2011 IAIK, Graz University of Technology
	9	* Author: Andreas Niederl
	10	*
	11	* This library is free software; you can redistribute it and/or
	12	* modify it under the terms of the GNU Lesser General Public
	13	* License as published by the Free Software Foundation; either
	14	* version 2 of the License, or (at your option) any later version.
	15	*
	16	* This library is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	19	* Lesser General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU Lesser General Public
	22	* License along with this library; if not, see <http://www.gnu.org/licenses/>
	23	*/
	24
92dcc234 SB	25	#include <dirent.h>
92dcc234 SB	26
4549a8b7 SB	27	#include "qemu-common.h"
	28	#include "qapi/error.h"
	29	#include "qemu/sockets.h"
dccfcd0e	30	#include "sysemu/tpm_backend.h"
4549a8b7 SB	31	#include "tpm_int.h"
4549a8b7 SB	32	#include "hw/hw.h"
0d09e41a	33	#include "hw/i386/pc.h"
bdee56f5	34	#include "sysemu/tpm_backend_int.h"
4549a8b7	35	#include "tpm_tis.h"
4549a8b7	36
4d1ba9c4 SB	37	#define DEBUG_TPM 0
	38
	39	#define DPRINTF(fmt, ...) do { \
	40	if (DEBUG_TPM) { \
	41	fprintf(stderr, fmt, ## __VA_ARGS__); \
	42	} \
	43	} while (0);
4549a8b7	44
8f0605cc SB	45	#define TYPE_TPM_PASSTHROUGH "tpm-passthrough"
	46	#define TPM_PASSTHROUGH(obj) \
	47	OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH)
4549a8b7	48
bdee56f5 PB	49	static const TPMDriverOps tpm_passthrough_driver;
bdee56f5 PB	50
8f0605cc	51	/* data structures */
4549a8b7 SB	52	typedef struct TPMPassthruThreadParams {
	53	TPMState *tpm_state;
	54
	55	TPMRecvDataCB *recv_data_callback;
	56	TPMBackend *tb;
	57	} TPMPassthruThreadParams;
	58
	59	struct TPMPassthruState {
8f0605cc SB	60	TPMBackend parent;
8f0605cc SB	61
4549a8b7 SB	62	TPMBackendThread tbt;
	63
	64	TPMPassthruThreadParams tpm_thread_params;
	65
	66	char *tpm_dev;
	67	int tpm_fd;
92dcc234 SB	68	bool tpm_executing;
	69	bool tpm_op_canceled;
	70	int cancel_fd;
4549a8b7 SB	71	bool had_startup_error;
	72	};
	73
8f0605cc SB	74	typedef struct TPMPassthruState TPMPassthruState;
8f0605cc SB	75
4549a8b7 SB	76	#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0"
4549a8b7 SB	77
92dcc234 SB	78	/* functions */
	79
	80	static void tpm_passthrough_cancel_cmd(TPMBackend *tb);
	81
4549a8b7 SB	82	static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len)
	83	{
	84	return send_all(fd, buf, len);
	85	}
	86
	87	static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len)
	88	{
	89	return recv_all(fd, buf, len, true);
	90	}
	91
	92	static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf)
	93	{
	94	struct tpm_resp_hdr resp = (struct tpm_resp_hdr )buf;
	95
	96	return be32_to_cpu(resp->len);
	97	}
	98
bdee56f5 PB	99	/*
	100	* Write an error message in the given output buffer.
	101	*/
	102	static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len)
	103	{
	104	if (out_len >= sizeof(struct tpm_resp_hdr)) {
	105	struct tpm_resp_hdr resp = (struct tpm_resp_hdr )out;
	106
	107	resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND);
	108	resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr));
	109	resp->errcode = cpu_to_be32(TPM_FAIL);
	110	}
	111	}
	112
fd859081 SB	113	static bool tpm_passthrough_is_selftest(const uint8_t *in, uint32_t in_len)
	114	{
	115	struct tpm_req_hdr hdr = (struct tpm_req_hdr )in;
	116
	117	if (in_len >= sizeof(*hdr)) {
	118	return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest);
	119	}
	120
	121	return false;
	122	}
	123
92dcc234	124	static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
4549a8b7	125	const uint8_t *in, uint32_t in_len,
fd859081 SB	126	uint8_t *out, uint32_t out_len,
fd859081 SB	127	bool *selftest_done)
4549a8b7 SB	128	{
4549a8b7 SB	129	int ret;
fd859081 SB	130	bool is_selftest;
fd859081 SB	131	const struct tpm_resp_hdr *hdr;
4549a8b7	132
92dcc234 SB	133	tpm_pt->tpm_op_canceled = false;
92dcc234 SB	134	tpm_pt->tpm_executing = true;
fd859081 SB	135	*selftest_done = false;
	136
	137	is_selftest = tpm_passthrough_is_selftest(in, in_len);
92dcc234 SB	138
92dcc234 SB	139	ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len);
4549a8b7	140	if (ret != in_len) {
92dcc234 SB	141	if (!tpm_pt->tpm_op_canceled \|\|
	142	(tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
	143	error_report("tpm_passthrough: error while transmitting data "
27215a22	144	"to TPM: %s (%i)",
92dcc234 SB	145	strerror(errno), errno);
92dcc234 SB	146	}
4549a8b7 SB	147	goto err_exit;
	148	}
	149
92dcc234 SB	150	tpm_pt->tpm_executing = false;
	151
	152	ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len);
4549a8b7	153	if (ret < 0) {
92dcc234 SB	154	if (!tpm_pt->tpm_op_canceled \|\|
	155	(tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
	156	error_report("tpm_passthrough: error while reading data from "
27215a22	157	"TPM: %s (%i)",
92dcc234 SB	158	strerror(errno), errno);
92dcc234 SB	159	}
4549a8b7 SB	160	} else if (ret < sizeof(struct tpm_resp_hdr) \|\|
	161	tpm_passthrough_get_size_from_buffer(out) != ret) {
	162	ret = -1;
	163	error_report("tpm_passthrough: received invalid response "
27215a22	164	"packet from TPM");
4549a8b7 SB	165	}
4549a8b7 SB	166
fd859081 SB	167	if (is_selftest && (ret >= sizeof(struct tpm_resp_hdr))) {
	168	hdr = (struct tpm_resp_hdr *)out;
	169	*selftest_done = (be32_to_cpu(hdr->errcode) == 0);
	170	}
	171
4549a8b7 SB	172	err_exit:
	173	if (ret < 0) {
	174	tpm_write_fatal_error_response(out, out_len);
	175	}
	176
92dcc234 SB	177	tpm_pt->tpm_executing = false;
92dcc234 SB	178
4549a8b7 SB	179	return ret;
	180	}
	181
92dcc234	182	static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
fd859081 SB	183	const TPMLocality *locty_data,
fd859081 SB	184	bool *selftest_done)
4549a8b7	185	{
92dcc234	186	return tpm_passthrough_unix_tx_bufs(tpm_pt,
4549a8b7 SB	187	locty_data->w_buffer.buffer,
	188	locty_data->w_offset,
	189	locty_data->r_buffer.buffer,
fd859081 SB	190	locty_data->r_buffer.size,
fd859081 SB	191	selftest_done);
4549a8b7 SB	192	}
	193
	194	static void tpm_passthrough_worker_thread(gpointer data,
	195	gpointer user_data)
	196	{
	197	TPMPassthruThreadParams *thr_parms = user_data;
8f0605cc	198	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb);
4549a8b7	199	TPMBackendCmd cmd = (TPMBackendCmd)data;
fd859081	200	bool selftest_done = false;
4549a8b7 SB	201
	202	DPRINTF("tpm_passthrough: processing command type %d\n", cmd);
	203
	204	switch (cmd) {
	205	case TPM_BACKEND_CMD_PROCESS_CMD:
92dcc234	206	tpm_passthrough_unix_transfer(tpm_pt,
fd859081 SB	207	thr_parms->tpm_state->locty_data,
fd859081 SB	208	&selftest_done);
4549a8b7 SB	209
4549a8b7 SB	210	thr_parms->recv_data_callback(thr_parms->tpm_state,
fd859081 SB	211	thr_parms->tpm_state->locty_number,
fd859081 SB	212	selftest_done);
4549a8b7 SB	213	break;
	214	case TPM_BACKEND_CMD_INIT:
	215	case TPM_BACKEND_CMD_END:
	216	case TPM_BACKEND_CMD_TPM_RESET:
	217	/* nothing to do */
	218	break;
	219	}
	220	}
	221
	222	/*
	223	* Start the TPM (thread). If it had been started before, then terminate
	224	* and start it again.
	225	*/
	226	static int tpm_passthrough_startup_tpm(TPMBackend *tb)
	227	{
8f0605cc	228	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	229
	230	/* terminate a running TPM */
	231	tpm_backend_thread_end(&tpm_pt->tbt);
	232
	233	tpm_backend_thread_create(&tpm_pt->tbt,
	234	tpm_passthrough_worker_thread,
8f0605cc	235	&tpm_pt->tpm_thread_params);
4549a8b7 SB	236
	237	return 0;
	238	}
	239
	240	static void tpm_passthrough_reset(TPMBackend *tb)
	241	{
8f0605cc	242	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	243
	244	DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n");
	245
92dcc234 SB	246	tpm_passthrough_cancel_cmd(tb);
92dcc234 SB	247
4549a8b7 SB	248	tpm_backend_thread_end(&tpm_pt->tbt);
	249
	250	tpm_pt->had_startup_error = false;
	251	}
	252
	253	static int tpm_passthrough_init(TPMBackend tb, TPMState s,
	254	TPMRecvDataCB *recv_data_cb)
	255	{
8f0605cc	256	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	257
	258	tpm_pt->tpm_thread_params.tpm_state = s;
	259	tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb;
	260	tpm_pt->tpm_thread_params.tb = tb;
	261
	262	return 0;
	263	}
	264
	265	static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb)
	266	{
	267	return false;
	268	}
	269
116694c3 SB	270	static int tpm_passthrough_reset_tpm_established_flag(TPMBackend *tb,
	271	uint8_t locty)
	272	{
	273	/* only a TPM 2.0 will support this */
	274	return 0;
	275	}
	276
4549a8b7 SB	277	static bool tpm_passthrough_get_startup_error(TPMBackend *tb)
4549a8b7 SB	278	{
8f0605cc	279	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	280
	281	return tpm_pt->had_startup_error;
	282	}
	283
	284	static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb)
	285	{
	286	size_t wanted_size = 4096; /* Linux tpm.c buffer size */
	287
	288	if (sb->size != wanted_size) {
	289	sb->buffer = g_realloc(sb->buffer, wanted_size);
	290	sb->size = wanted_size;
	291	}
	292	return sb->size;
	293	}
	294
	295	static void tpm_passthrough_deliver_request(TPMBackend *tb)
	296	{
8f0605cc	297	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	298
	299	tpm_backend_thread_deliver_request(&tpm_pt->tbt);
	300	}
	301
	302	static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
	303	{
8f0605cc	304	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
92dcc234 SB	305	int n;
	306
	307	/*
	308	* As of Linux 3.7 the tpm_tis driver does not properly cancel
	309	* commands on all TPM manufacturers' TPMs.
	310	* Only cancel if we're busy so we don't cancel someone else's
	311	* command, e.g., a command executed on the host.
	312	*/
	313	if (tpm_pt->tpm_executing) {
	314	if (tpm_pt->cancel_fd >= 0) {
	315	n = write(tpm_pt->cancel_fd, "-", 1);
	316	if (n != 1) {
27215a22	317	error_report("Canceling TPM command failed: %s",
92dcc234 SB	318	strerror(errno));
	319	} else {
	320	tpm_pt->tpm_op_canceled = true;
	321	}
	322	} else {
	323	error_report("Cannot cancel TPM command due to missing "
	324	"TPM sysfs cancel entry");
	325	}
	326	}
4549a8b7 SB	327	}
	328
	329	static const char *tpm_passthrough_create_desc(void)
	330	{
	331	return "Passthrough TPM backend driver";
	332	}
	333
116694c3 SB	334	static TPMVersion tpm_passthrough_get_tpm_version(TPMBackend *tb)
	335	{
	336	return TPM_VERSION_1_2;
	337	}
	338
4549a8b7 SB	339	/*
	340	* A basic test of a TPM device. We expect a well formatted response header
	341	* (error response is fine) within one second.
	342	*/
	343	static int tpm_passthrough_test_tpmdev(int fd)
	344	{
	345	struct tpm_req_hdr req = {
	346	.tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
	347	.len = cpu_to_be32(sizeof(req)),
	348	.ordinal = cpu_to_be32(TPM_ORD_GetTicks),
	349	};
	350	struct tpm_resp_hdr *resp;
	351	fd_set readfds;
	352	int n;
	353	struct timeval tv = {
	354	.tv_sec = 1,
	355	.tv_usec = 0,
	356	};
	357	unsigned char buf[1024];
	358
	359	n = write(fd, &req, sizeof(req));
	360	if (n < 0) {
	361	return errno;
	362	}
	363	if (n != sizeof(req)) {
	364	return EFAULT;
	365	}
	366
	367	FD_ZERO(&readfds);
	368	FD_SET(fd, &readfds);
	369
	370	/* wait for a second */
	371	n = select(fd + 1, &readfds, NULL, NULL, &tv);
	372	if (n != 1) {
	373	return errno;
	374	}
	375
	376	n = read(fd, &buf, sizeof(buf));
	377	if (n < sizeof(struct tpm_resp_hdr)) {
	378	return EFAULT;
	379	}
	380
	381	resp = (struct tpm_resp_hdr *)buf;
	382	/* check the header */
	383	if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND \|\|
	384	be32_to_cpu(resp->len) != n) {
	385	return EBADMSG;
	386	}
	387
	388	return 0;
	389	}
	390
92dcc234 SB	391	/*
	392	* Unless path or file descriptor set has been provided by user,
	393	* determine the sysfs cancel file following kernel documentation
	394	* in Documentation/ABI/stable/sysfs-class-tpm.
8e36d6ca	395	* From /dev/tpm0 create /sys/class/misc/tpm0/device/cancel
92dcc234 SB	396	*/
	397	static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb)
	398	{
8e36d6ca	399	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
92dcc234	400	int fd = -1;
8e36d6ca	401	char *dev;
92dcc234	402	char path[PATH_MAX];
92dcc234 SB	403
	404	if (tb->cancel_path) {
	405	fd = qemu_open(tb->cancel_path, O_WRONLY);
	406	if (fd < 0) {
	407	error_report("Could not open TPM cancel path : %s",
	408	strerror(errno));
	409	}
	410	return fd;
	411	}
	412
8e36d6ca SB	413	dev = strrchr(tpm_pt->tpm_dev, '/');
	414	if (dev) {
	415	dev++;
	416	if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
	417	dev) < sizeof(path)) {
92dcc234	418	fd = qemu_open(path, O_WRONLY);
8e36d6ca SB	419	if (fd >= 0) {
	420	tb->cancel_path = g_strdup(path);
	421	} else {
	422	error_report("tpm_passthrough: Could not open TPM cancel "
	423	"path %s : %s", path, strerror(errno));
	424	}
92dcc234	425	}
8e36d6ca SB	426	} else {
	427	error_report("tpm_passthrough: Bad TPM device path %s",
	428	tpm_pt->tpm_dev);
92dcc234 SB	429	}
	430
	431	return fd;
	432	}
	433
4549a8b7 SB	434	static int tpm_passthrough_handle_device_opts(QemuOpts opts, TPMBackend tb)
4549a8b7 SB	435	{
8f0605cc	436	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	437	const char *value;
4549a8b7 SB	438
92dcc234	439	value = qemu_opt_get(opts, "cancel-path");
24588100	440	tb->cancel_path = g_strdup(value);
92dcc234	441
4549a8b7 SB	442	value = qemu_opt_get(opts, "path");
	443	if (!value) {
	444	value = TPM_PASSTHROUGH_DEFAULT_DEVICE;
	445	}
	446
8f0605cc	447	tpm_pt->tpm_dev = g_strdup(value);
4549a8b7	448
8f0605cc	449	tb->path = g_strdup(tpm_pt->tpm_dev);
4549a8b7	450
8f0605cc SB	451	tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR);
8f0605cc SB	452	if (tpm_pt->tpm_fd < 0) {
27215a22	453	error_report("Cannot access TPM device using '%s': %s",
8f0605cc	454	tpm_pt->tpm_dev, strerror(errno));
4549a8b7 SB	455	goto err_free_parameters;
	456	}
	457
8f0605cc	458	if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) {
27215a22	459	error_report("'%s' is not a TPM device.",
8f0605cc	460	tpm_pt->tpm_dev);
4549a8b7 SB	461	goto err_close_tpmdev;
	462	}
	463
	464	return 0;
	465
	466	err_close_tpmdev:
8f0605cc SB	467	qemu_close(tpm_pt->tpm_fd);
8f0605cc SB	468	tpm_pt->tpm_fd = -1;
4549a8b7 SB	469
	470	err_free_parameters:
	471	g_free(tb->path);
	472	tb->path = NULL;
	473
8f0605cc SB	474	g_free(tpm_pt->tpm_dev);
8f0605cc SB	475	tpm_pt->tpm_dev = NULL;
4549a8b7 SB	476
	477	return 1;
	478	}
	479
	480	static TPMBackend tpm_passthrough_create(QemuOpts opts, const char *id)
	481	{
8f0605cc SB	482	Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
	483	TPMBackend *tb = TPM_BACKEND(obj);
	484	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7	485
4549a8b7 SB	486	tb->id = g_strdup(id);
	487	/* let frontend set the fe_model to proper value */
	488	tb->fe_model = -1;
	489
	490	tb->ops = &tpm_passthrough_driver;
	491
	492	if (tpm_passthrough_handle_device_opts(opts, tb)) {
	493	goto err_exit;
	494	}
	495
8f0605cc SB	496	tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb);
8f0605cc SB	497	if (tpm_pt->cancel_fd < 0) {
92dcc234 SB	498	goto err_exit;
	499	}
	500
4549a8b7 SB	501	return tb;
	502
	503	err_exit:
	504	g_free(tb->id);
4549a8b7 SB	505
	506	return NULL;
	507	}
	508
	509	static void tpm_passthrough_destroy(TPMBackend *tb)
	510	{
8f0605cc	511	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7	512
92dcc234 SB	513	tpm_passthrough_cancel_cmd(tb);
92dcc234 SB	514
4549a8b7 SB	515	tpm_backend_thread_end(&tpm_pt->tbt);
	516
	517	qemu_close(tpm_pt->tpm_fd);
8f0605cc	518	qemu_close(tpm_pt->cancel_fd);
4549a8b7 SB	519
	520	g_free(tb->id);
	521	g_free(tb->path);
92dcc234	522	g_free(tb->cancel_path);
8f0605cc	523	g_free(tpm_pt->tpm_dev);
4549a8b7 SB	524	}
4549a8b7 SB	525
bb716238 SB	526	static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
	527	TPM_STANDARD_CMDLINE_OPTS,
	528	{
	529	.name = "cancel-path",
	530	.type = QEMU_OPT_STRING,
	531	.help = "Sysfs file entry for canceling TPM commands",
	532	},
	533	{
	534	.name = "path",
	535	.type = QEMU_OPT_STRING,
	536	.help = "Path to TPM device on the host",
	537	},
	538	{ /* end of list */ },
	539	};
	540
bdee56f5	541	static const TPMDriverOps tpm_passthrough_driver = {
4549a8b7	542	.type = TPM_TYPE_PASSTHROUGH,
bb716238	543	.opts = tpm_passthrough_cmdline_opts,
4549a8b7 SB	544	.desc = tpm_passthrough_create_desc,
	545	.create = tpm_passthrough_create,
	546	.destroy = tpm_passthrough_destroy,
	547	.init = tpm_passthrough_init,
	548	.startup_tpm = tpm_passthrough_startup_tpm,
	549	.realloc_buffer = tpm_passthrough_realloc_buffer,
	550	.reset = tpm_passthrough_reset,
	551	.had_startup_error = tpm_passthrough_get_startup_error,
	552	.deliver_request = tpm_passthrough_deliver_request,
	553	.cancel_cmd = tpm_passthrough_cancel_cmd,
	554	.get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
116694c3 SB	555	.reset_tpm_established_flag = tpm_passthrough_reset_tpm_established_flag,
116694c3 SB	556	.get_tpm_version = tpm_passthrough_get_tpm_version,
4549a8b7 SB	557	};
4549a8b7 SB	558
8f0605cc SB	559	static void tpm_passthrough_inst_init(Object *obj)
	560	{
	561	}
	562
	563	static void tpm_passthrough_inst_finalize(Object *obj)
	564	{
	565	}
	566
	567	static void tpm_passthrough_class_init(ObjectClass klass, void data)
	568	{
	569	TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
	570
	571	tbc->ops = &tpm_passthrough_driver;
	572	}
	573
	574	static const TypeInfo tpm_passthrough_info = {
	575	.name = TYPE_TPM_PASSTHROUGH,
	576	.parent = TYPE_TPM_BACKEND,
	577	.instance_size = sizeof(TPMPassthruState),
	578	.class_init = tpm_passthrough_class_init,
	579	.instance_init = tpm_passthrough_inst_init,
	580	.instance_finalize = tpm_passthrough_inst_finalize,
	581	};
	582
4549a8b7 SB	583	static void tpm_passthrough_register(void)
4549a8b7 SB	584	{
8f0605cc	585	type_register_static(&tpm_passthrough_info);
4549a8b7 SB	586	tpm_register_driver(&tpm_passthrough_driver);
	587	}
	588
	589	type_init(tpm_passthrough_register)