[mirror_qemu.git] / hw / tpm / tpm_passthrough.c

/*
 *  passthrough TPM driver
 *
 *  Copyright (c) 2010 - 2013 IBM Corporation
 *  Authors:
 *    Stefan Berger <stefanb@us.ibm.com>
 *
 *  Copyright (C) 2011 IAIK, Graz University of Technology
 *    Author: Andreas Niederl
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>
 */

#include <dirent.h>

#include "qemu-common.h"
#include "qapi/error.h"
#include "qemu/sockets.h"
#include "sysemu/tpm_backend.h"
#include "tpm_int.h"
#include "hw/hw.h"
#include "hw/i386/pc.h"
#include "sysemu/tpm_backend_int.h"
#include "tpm_tis.h"

/* #define DEBUG_TPM */

#ifdef DEBUG_TPM
#define DPRINTF(fmt, ...) \
    do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
#else
#define DPRINTF(fmt, ...) \
    do { } while (0)
#endif

#define TYPE_TPM_PASSTHROUGH "tpm-passthrough"
#define TPM_PASSTHROUGH(obj) \
    OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH)

static const TPMDriverOps tpm_passthrough_driver;

/* data structures */
typedef struct TPMPassthruThreadParams {
    TPMState *tpm_state;

    TPMRecvDataCB *recv_data_callback;
    TPMBackend *tb;
} TPMPassthruThreadParams;

struct TPMPassthruState {
    TPMBackend parent;

    TPMBackendThread tbt;

    TPMPassthruThreadParams tpm_thread_params;

    char *tpm_dev;
    int tpm_fd;
    bool tpm_executing;
    bool tpm_op_canceled;
    int cancel_fd;
    bool had_startup_error;
};

typedef struct TPMPassthruState TPMPassthruState;

#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0"

/* functions */

static void tpm_passthrough_cancel_cmd(TPMBackend *tb);

static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len)
{
    return send_all(fd, buf, len);
}

static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len)
{
    return recv_all(fd, buf, len, true);
}

static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf)
{
    struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)buf;

    return be32_to_cpu(resp->len);
}

/*
 * Write an error message in the given output buffer.
 */
static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len)
{
    if (out_len >= sizeof(struct tpm_resp_hdr)) {
        struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out;

        resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND);
        resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr));
        resp->errcode = cpu_to_be32(TPM_FAIL);
    }
}

static bool tpm_passthrough_is_selftest(const uint8_t *in, uint32_t in_len)
{
    struct tpm_req_hdr *hdr = (struct tpm_req_hdr *)in;

    if (in_len >= sizeof(*hdr)) {
        return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest);
    }

    return false;
}

static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
                                        const uint8_t *in, uint32_t in_len,
                                        uint8_t *out, uint32_t out_len,
                                        bool *selftest_done)
{
    int ret;
    bool is_selftest;
    const struct tpm_resp_hdr *hdr;

    tpm_pt->tpm_op_canceled = false;
    tpm_pt->tpm_executing = true;
    *selftest_done = false;

    is_selftest = tpm_passthrough_is_selftest(in, in_len);

    ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len);
    if (ret != in_len) {
        if (!tpm_pt->tpm_op_canceled ||
            (tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
            error_report("tpm_passthrough: error while transmitting data "
                         "to TPM: %s (%i)\n",
                         strerror(errno), errno);
        }
        goto err_exit;
    }

    tpm_pt->tpm_executing = false;

    ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len);
    if (ret < 0) {
        if (!tpm_pt->tpm_op_canceled ||
            (tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
            error_report("tpm_passthrough: error while reading data from "
                         "TPM: %s (%i)\n",
                         strerror(errno), errno);
        }
    } else if (ret < sizeof(struct tpm_resp_hdr) ||
               tpm_passthrough_get_size_from_buffer(out) != ret) {
        ret = -1;
        error_report("tpm_passthrough: received invalid response "
                     "packet from TPM\n");
    }

    if (is_selftest && (ret >= sizeof(struct tpm_resp_hdr))) {
        hdr = (struct tpm_resp_hdr *)out;
        *selftest_done = (be32_to_cpu(hdr->errcode) == 0);
    }

err_exit:
    if (ret < 0) {
        tpm_write_fatal_error_response(out, out_len);
    }

    tpm_pt->tpm_executing = false;

    return ret;
}

static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
                                         const TPMLocality *locty_data,
                                         bool *selftest_done)
{
    return tpm_passthrough_unix_tx_bufs(tpm_pt,
                                        locty_data->w_buffer.buffer,
                                        locty_data->w_offset,
                                        locty_data->r_buffer.buffer,
                                        locty_data->r_buffer.size,
                                        selftest_done);
}

static void tpm_passthrough_worker_thread(gpointer data,
                                          gpointer user_data)
{
    TPMPassthruThreadParams *thr_parms = user_data;
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb);
    TPMBackendCmd cmd = (TPMBackendCmd)data;
    bool selftest_done = false;

    DPRINTF("tpm_passthrough: processing command type %d\n", cmd);

    switch (cmd) {
    case TPM_BACKEND_CMD_PROCESS_CMD:
        tpm_passthrough_unix_transfer(tpm_pt,
                                      thr_parms->tpm_state->locty_data,
                                      &selftest_done);

        thr_parms->recv_data_callback(thr_parms->tpm_state,
                                      thr_parms->tpm_state->locty_number,
                                      selftest_done);
        break;
    case TPM_BACKEND_CMD_INIT:
    case TPM_BACKEND_CMD_END:
    case TPM_BACKEND_CMD_TPM_RESET:
        /* nothing to do */
        break;
    }
}

/*
 * Start the TPM (thread). If it had been started before, then terminate
 * and start it again.
 */
static int tpm_passthrough_startup_tpm(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    /* terminate a running TPM */
    tpm_backend_thread_end(&tpm_pt->tbt);

    tpm_backend_thread_create(&tpm_pt->tbt,
                              tpm_passthrough_worker_thread,
                              &tpm_pt->tpm_thread_params);

    return 0;
}

static void tpm_passthrough_reset(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n");

    tpm_passthrough_cancel_cmd(tb);

    tpm_backend_thread_end(&tpm_pt->tbt);

    tpm_pt->had_startup_error = false;
}

static int tpm_passthrough_init(TPMBackend *tb, TPMState *s,
                                TPMRecvDataCB *recv_data_cb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tpm_pt->tpm_thread_params.tpm_state = s;
    tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb;
    tpm_pt->tpm_thread_params.tb = tb;

    return 0;
}

static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb)
{
    return false;
}

static bool tpm_passthrough_get_startup_error(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    return tpm_pt->had_startup_error;
}

static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb)
{
    size_t wanted_size = 4096; /* Linux tpm.c buffer size */

    if (sb->size != wanted_size) {
        sb->buffer = g_realloc(sb->buffer, wanted_size);
        sb->size = wanted_size;
    }
    return sb->size;
}

static void tpm_passthrough_deliver_request(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tpm_backend_thread_deliver_request(&tpm_pt->tbt);
}

static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
    int n;

    /*
     * As of Linux 3.7 the tpm_tis driver does not properly cancel
     * commands on all TPM manufacturers' TPMs.
     * Only cancel if we're busy so we don't cancel someone else's
     * command, e.g., a command executed on the host.
     */
    if (tpm_pt->tpm_executing) {
        if (tpm_pt->cancel_fd >= 0) {
            n = write(tpm_pt->cancel_fd, "-", 1);
            if (n != 1) {
                error_report("Canceling TPM command failed: %s\n",
                             strerror(errno));
            } else {
                tpm_pt->tpm_op_canceled = true;
            }
        } else {
            error_report("Cannot cancel TPM command due to missing "
                         "TPM sysfs cancel entry");
        }
    }
}

static const char *tpm_passthrough_create_desc(void)
{
    return "Passthrough TPM backend driver";
}

/*
 * A basic test of a TPM device. We expect a well formatted response header
 * (error response is fine) within one second.
 */
static int tpm_passthrough_test_tpmdev(int fd)
{
    struct tpm_req_hdr req = {
        .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
        .len = cpu_to_be32(sizeof(req)),
        .ordinal = cpu_to_be32(TPM_ORD_GetTicks),
    };
    struct tpm_resp_hdr *resp;
    fd_set readfds;
    int n;
    struct timeval tv = {
        .tv_sec = 1,
        .tv_usec = 0,
    };
    unsigned char buf[1024];

    n = write(fd, &req, sizeof(req));
    if (n < 0) {
        return errno;
    }
    if (n != sizeof(req)) {
        return EFAULT;
    }

    FD_ZERO(&readfds);
    FD_SET(fd, &readfds);

    /* wait for a second */
    n = select(fd + 1, &readfds, NULL, NULL, &tv);
    if (n != 1) {
        return errno;
    }

    n = read(fd, &buf, sizeof(buf));
    if (n < sizeof(struct tpm_resp_hdr)) {
        return EFAULT;
    }

    resp = (struct tpm_resp_hdr *)buf;
    /* check the header */
    if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND ||
        be32_to_cpu(resp->len) != n) {
        return EBADMSG;
    }

    return 0;
}

/*
 * Unless path or file descriptor set has been provided by user,
 * determine the sysfs cancel file following kernel documentation
 * in Documentation/ABI/stable/sysfs-class-tpm.
 * From /dev/tpm0 create /sys/class/misc/tpm0/device/cancel
 */
static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
    int fd = -1;
    char *dev;
    char path[PATH_MAX];

    if (tb->cancel_path) {
        fd = qemu_open(tb->cancel_path, O_WRONLY);
        if (fd < 0) {
            error_report("Could not open TPM cancel path : %s",
                         strerror(errno));
        }
        return fd;
    }

    dev = strrchr(tpm_pt->tpm_dev, '/');
    if (dev) {
        dev++;
        if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
                     dev) < sizeof(path)) {
            fd = qemu_open(path, O_WRONLY);
            if (fd >= 0) {
                tb->cancel_path = g_strdup(path);
            } else {
                error_report("tpm_passthrough: Could not open TPM cancel "
                             "path %s : %s", path, strerror(errno));
            }
        }
    } else {
       error_report("tpm_passthrough: Bad TPM device path %s",
                    tpm_pt->tpm_dev);
    }

    return fd;
}

static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
    const char *value;

    value = qemu_opt_get(opts, "cancel-path");
    tb->cancel_path = g_strdup(value);

    value = qemu_opt_get(opts, "path");
    if (!value) {
        value = TPM_PASSTHROUGH_DEFAULT_DEVICE;
    }

    tpm_pt->tpm_dev = g_strdup(value);

    tb->path = g_strdup(tpm_pt->tpm_dev);

    tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR);
    if (tpm_pt->tpm_fd < 0) {
        error_report("Cannot access TPM device using '%s': %s\n",
                     tpm_pt->tpm_dev, strerror(errno));
        goto err_free_parameters;
    }

    if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) {
        error_report("'%s' is not a TPM device.\n",
                     tpm_pt->tpm_dev);
        goto err_close_tpmdev;
    }

    return 0;

 err_close_tpmdev:
    qemu_close(tpm_pt->tpm_fd);
    tpm_pt->tpm_fd = -1;

 err_free_parameters:
    g_free(tb->path);
    tb->path = NULL;

    g_free(tpm_pt->tpm_dev);
    tpm_pt->tpm_dev = NULL;

    return 1;
}

static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id)
{
    Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
    TPMBackend *tb = TPM_BACKEND(obj);
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tb->id = g_strdup(id);
    /* let frontend set the fe_model to proper value */
    tb->fe_model = -1;

    tb->ops = &tpm_passthrough_driver;

    if (tpm_passthrough_handle_device_opts(opts, tb)) {
        goto err_exit;
    }

    tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb);
    if (tpm_pt->cancel_fd < 0) {
        goto err_exit;
    }

    return tb;

err_exit:
    g_free(tb->id);

    return NULL;
}

static void tpm_passthrough_destroy(TPMBackend *tb)
{
    TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

    tpm_passthrough_cancel_cmd(tb);

    tpm_backend_thread_end(&tpm_pt->tbt);

    qemu_close(tpm_pt->tpm_fd);
    qemu_close(tpm_pt->cancel_fd);

    g_free(tb->id);
    g_free(tb->path);
    g_free(tb->cancel_path);
    g_free(tpm_pt->tpm_dev);
}

static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
    TPM_STANDARD_CMDLINE_OPTS,
    {
        .name = "cancel-path",
        .type = QEMU_OPT_STRING,
        .help = "Sysfs file entry for canceling TPM commands",
    },
    {
        .name = "path",
        .type = QEMU_OPT_STRING,
        .help = "Path to TPM device on the host",
    },
    { /* end of list */ },
};

static const TPMDriverOps tpm_passthrough_driver = {
    .type                     = TPM_TYPE_PASSTHROUGH,
    .opts                     = tpm_passthrough_cmdline_opts,
    .desc                     = tpm_passthrough_create_desc,
    .create                   = tpm_passthrough_create,
    .destroy                  = tpm_passthrough_destroy,
    .init                     = tpm_passthrough_init,
    .startup_tpm              = tpm_passthrough_startup_tpm,
    .realloc_buffer           = tpm_passthrough_realloc_buffer,
    .reset                    = tpm_passthrough_reset,
    .had_startup_error        = tpm_passthrough_get_startup_error,
    .deliver_request          = tpm_passthrough_deliver_request,
    .cancel_cmd               = tpm_passthrough_cancel_cmd,
    .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
};

static void tpm_passthrough_inst_init(Object *obj)
{
}

static void tpm_passthrough_inst_finalize(Object *obj)
{
}

static void tpm_passthrough_class_init(ObjectClass *klass, void *data)
{
    TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);

    tbc->ops = &tpm_passthrough_driver;
}

static const TypeInfo tpm_passthrough_info = {
    .name = TYPE_TPM_PASSTHROUGH,
    .parent = TYPE_TPM_BACKEND,
    .instance_size = sizeof(TPMPassthruState),
    .class_init = tpm_passthrough_class_init,
    .instance_init = tpm_passthrough_inst_init,
    .instance_finalize = tpm_passthrough_inst_finalize,
};

static void tpm_passthrough_register(void)
{
    type_register_static(&tpm_passthrough_info);
    tpm_register_driver(&tpm_passthrough_driver);
}

type_init(tpm_passthrough_register)
Commit	Line	Data
4549a8b7 SB	1	/*
	2	* passthrough TPM driver
	3	*
	4	* Copyright (c) 2010 - 2013 IBM Corporation
	5	* Authors:
	6	* Stefan Berger <stefanb@us.ibm.com>
	7	*
	8	* Copyright (C) 2011 IAIK, Graz University of Technology
	9	* Author: Andreas Niederl
	10	*
	11	* This library is free software; you can redistribute it and/or
	12	* modify it under the terms of the GNU Lesser General Public
	13	* License as published by the Free Software Foundation; either
	14	* version 2 of the License, or (at your option) any later version.
	15	*
	16	* This library is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	19	* Lesser General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU Lesser General Public
	22	* License along with this library; if not, see <http://www.gnu.org/licenses/>
	23	*/
	24
92dcc234 SB	25	#include <dirent.h>
92dcc234 SB	26
4549a8b7 SB	27	#include "qemu-common.h"
	28	#include "qapi/error.h"
	29	#include "qemu/sockets.h"
dccfcd0e	30	#include "sysemu/tpm_backend.h"
4549a8b7 SB	31	#include "tpm_int.h"
4549a8b7 SB	32	#include "hw/hw.h"
0d09e41a	33	#include "hw/i386/pc.h"
bdee56f5	34	#include "sysemu/tpm_backend_int.h"
4549a8b7	35	#include "tpm_tis.h"
4549a8b7 SB	36
	37	/* #define DEBUG_TPM */
	38
	39	#ifdef DEBUG_TPM
	40	#define DPRINTF(fmt, ...) \
	41	do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
	42	#else
	43	#define DPRINTF(fmt, ...) \
	44	do { } while (0)
	45	#endif
	46
8f0605cc SB	47	#define TYPE_TPM_PASSTHROUGH "tpm-passthrough"
	48	#define TPM_PASSTHROUGH(obj) \
	49	OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH)
4549a8b7	50
bdee56f5 PB	51	static const TPMDriverOps tpm_passthrough_driver;
bdee56f5 PB	52
8f0605cc	53	/* data structures */
4549a8b7 SB	54	typedef struct TPMPassthruThreadParams {
	55	TPMState *tpm_state;
	56
	57	TPMRecvDataCB *recv_data_callback;
	58	TPMBackend *tb;
	59	} TPMPassthruThreadParams;
	60
	61	struct TPMPassthruState {
8f0605cc SB	62	TPMBackend parent;
8f0605cc SB	63
4549a8b7 SB	64	TPMBackendThread tbt;
	65
	66	TPMPassthruThreadParams tpm_thread_params;
	67
	68	char *tpm_dev;
	69	int tpm_fd;
92dcc234 SB	70	bool tpm_executing;
	71	bool tpm_op_canceled;
	72	int cancel_fd;
4549a8b7 SB	73	bool had_startup_error;
	74	};
	75
8f0605cc SB	76	typedef struct TPMPassthruState TPMPassthruState;
8f0605cc SB	77
4549a8b7 SB	78	#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0"
4549a8b7 SB	79
92dcc234 SB	80	/* functions */
	81
	82	static void tpm_passthrough_cancel_cmd(TPMBackend *tb);
	83
4549a8b7 SB	84	static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len)
	85	{
	86	return send_all(fd, buf, len);
	87	}
	88
	89	static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len)
	90	{
	91	return recv_all(fd, buf, len, true);
	92	}
	93
	94	static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf)
	95	{
	96	struct tpm_resp_hdr resp = (struct tpm_resp_hdr )buf;
	97
	98	return be32_to_cpu(resp->len);
	99	}
	100
bdee56f5 PB	101	/*
	102	* Write an error message in the given output buffer.
	103	*/
	104	static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len)
	105	{
	106	if (out_len >= sizeof(struct tpm_resp_hdr)) {
	107	struct tpm_resp_hdr resp = (struct tpm_resp_hdr )out;
	108
	109	resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND);
	110	resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr));
	111	resp->errcode = cpu_to_be32(TPM_FAIL);
	112	}
	113	}
	114
fd859081 SB	115	static bool tpm_passthrough_is_selftest(const uint8_t *in, uint32_t in_len)
	116	{
	117	struct tpm_req_hdr hdr = (struct tpm_req_hdr )in;
	118
	119	if (in_len >= sizeof(*hdr)) {
	120	return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest);
	121	}
	122
	123	return false;
	124	}
	125
92dcc234	126	static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
4549a8b7	127	const uint8_t *in, uint32_t in_len,
fd859081 SB	128	uint8_t *out, uint32_t out_len,
fd859081 SB	129	bool *selftest_done)
4549a8b7 SB	130	{
4549a8b7 SB	131	int ret;
fd859081 SB	132	bool is_selftest;
fd859081 SB	133	const struct tpm_resp_hdr *hdr;
4549a8b7	134
92dcc234 SB	135	tpm_pt->tpm_op_canceled = false;
92dcc234 SB	136	tpm_pt->tpm_executing = true;
fd859081 SB	137	*selftest_done = false;
	138
	139	is_selftest = tpm_passthrough_is_selftest(in, in_len);
92dcc234 SB	140
92dcc234 SB	141	ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len);
4549a8b7	142	if (ret != in_len) {
92dcc234 SB	143	if (!tpm_pt->tpm_op_canceled \|\|
	144	(tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
	145	error_report("tpm_passthrough: error while transmitting data "
	146	"to TPM: %s (%i)\n",
	147	strerror(errno), errno);
	148	}
4549a8b7 SB	149	goto err_exit;
	150	}
	151
92dcc234 SB	152	tpm_pt->tpm_executing = false;
	153
	154	ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len);
4549a8b7	155	if (ret < 0) {
92dcc234 SB	156	if (!tpm_pt->tpm_op_canceled \|\|
	157	(tpm_pt->tpm_op_canceled && errno != ECANCELED)) {
	158	error_report("tpm_passthrough: error while reading data from "
	159	"TPM: %s (%i)\n",
	160	strerror(errno), errno);
	161	}
4549a8b7 SB	162	} else if (ret < sizeof(struct tpm_resp_hdr) \|\|
	163	tpm_passthrough_get_size_from_buffer(out) != ret) {
	164	ret = -1;
	165	error_report("tpm_passthrough: received invalid response "
	166	"packet from TPM\n");
	167	}
	168
fd859081 SB	169	if (is_selftest && (ret >= sizeof(struct tpm_resp_hdr))) {
	170	hdr = (struct tpm_resp_hdr *)out;
	171	*selftest_done = (be32_to_cpu(hdr->errcode) == 0);
	172	}
	173
4549a8b7 SB	174	err_exit:
	175	if (ret < 0) {
	176	tpm_write_fatal_error_response(out, out_len);
	177	}
	178
92dcc234 SB	179	tpm_pt->tpm_executing = false;
92dcc234 SB	180
4549a8b7 SB	181	return ret;
	182	}
	183
92dcc234	184	static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
fd859081 SB	185	const TPMLocality *locty_data,
fd859081 SB	186	bool *selftest_done)
4549a8b7	187	{
92dcc234	188	return tpm_passthrough_unix_tx_bufs(tpm_pt,
4549a8b7 SB	189	locty_data->w_buffer.buffer,
	190	locty_data->w_offset,
	191	locty_data->r_buffer.buffer,
fd859081 SB	192	locty_data->r_buffer.size,
fd859081 SB	193	selftest_done);
4549a8b7 SB	194	}
	195
	196	static void tpm_passthrough_worker_thread(gpointer data,
	197	gpointer user_data)
	198	{
	199	TPMPassthruThreadParams *thr_parms = user_data;
8f0605cc	200	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb);
4549a8b7	201	TPMBackendCmd cmd = (TPMBackendCmd)data;
fd859081	202	bool selftest_done = false;
4549a8b7 SB	203
	204	DPRINTF("tpm_passthrough: processing command type %d\n", cmd);
	205
	206	switch (cmd) {
	207	case TPM_BACKEND_CMD_PROCESS_CMD:
92dcc234	208	tpm_passthrough_unix_transfer(tpm_pt,
fd859081 SB	209	thr_parms->tpm_state->locty_data,
fd859081 SB	210	&selftest_done);
4549a8b7 SB	211
4549a8b7 SB	212	thr_parms->recv_data_callback(thr_parms->tpm_state,
fd859081 SB	213	thr_parms->tpm_state->locty_number,
fd859081 SB	214	selftest_done);
4549a8b7 SB	215	break;
	216	case TPM_BACKEND_CMD_INIT:
	217	case TPM_BACKEND_CMD_END:
	218	case TPM_BACKEND_CMD_TPM_RESET:
	219	/* nothing to do */
	220	break;
	221	}
	222	}
	223
	224	/*
	225	* Start the TPM (thread). If it had been started before, then terminate
	226	* and start it again.
	227	*/
	228	static int tpm_passthrough_startup_tpm(TPMBackend *tb)
	229	{
8f0605cc	230	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	231
	232	/* terminate a running TPM */
	233	tpm_backend_thread_end(&tpm_pt->tbt);
	234
	235	tpm_backend_thread_create(&tpm_pt->tbt,
	236	tpm_passthrough_worker_thread,
8f0605cc	237	&tpm_pt->tpm_thread_params);
4549a8b7 SB	238
	239	return 0;
	240	}
	241
	242	static void tpm_passthrough_reset(TPMBackend *tb)
	243	{
8f0605cc	244	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	245
	246	DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n");
	247
92dcc234 SB	248	tpm_passthrough_cancel_cmd(tb);
92dcc234 SB	249
4549a8b7 SB	250	tpm_backend_thread_end(&tpm_pt->tbt);
	251
	252	tpm_pt->had_startup_error = false;
	253	}
	254
	255	static int tpm_passthrough_init(TPMBackend tb, TPMState s,
	256	TPMRecvDataCB *recv_data_cb)
	257	{
8f0605cc	258	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	259
	260	tpm_pt->tpm_thread_params.tpm_state = s;
	261	tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb;
	262	tpm_pt->tpm_thread_params.tb = tb;
	263
	264	return 0;
	265	}
	266
	267	static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb)
	268	{
	269	return false;
	270	}
	271
	272	static bool tpm_passthrough_get_startup_error(TPMBackend *tb)
	273	{
8f0605cc	274	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	275
	276	return tpm_pt->had_startup_error;
	277	}
	278
	279	static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb)
	280	{
	281	size_t wanted_size = 4096; /* Linux tpm.c buffer size */
	282
	283	if (sb->size != wanted_size) {
	284	sb->buffer = g_realloc(sb->buffer, wanted_size);
	285	sb->size = wanted_size;
	286	}
	287	return sb->size;
	288	}
	289
	290	static void tpm_passthrough_deliver_request(TPMBackend *tb)
	291	{
8f0605cc	292	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	293
	294	tpm_backend_thread_deliver_request(&tpm_pt->tbt);
	295	}
	296
	297	static void tpm_passthrough_cancel_cmd(TPMBackend *tb)
	298	{
8f0605cc	299	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
92dcc234 SB	300	int n;
	301
	302	/*
	303	* As of Linux 3.7 the tpm_tis driver does not properly cancel
	304	* commands on all TPM manufacturers' TPMs.
	305	* Only cancel if we're busy so we don't cancel someone else's
	306	* command, e.g., a command executed on the host.
	307	*/
	308	if (tpm_pt->tpm_executing) {
	309	if (tpm_pt->cancel_fd >= 0) {
	310	n = write(tpm_pt->cancel_fd, "-", 1);
	311	if (n != 1) {
	312	error_report("Canceling TPM command failed: %s\n",
	313	strerror(errno));
	314	} else {
	315	tpm_pt->tpm_op_canceled = true;
	316	}
	317	} else {
	318	error_report("Cannot cancel TPM command due to missing "
	319	"TPM sysfs cancel entry");
	320	}
	321	}
4549a8b7 SB	322	}
	323
	324	static const char *tpm_passthrough_create_desc(void)
	325	{
	326	return "Passthrough TPM backend driver";
	327	}
	328
	329	/*
	330	* A basic test of a TPM device. We expect a well formatted response header
	331	* (error response is fine) within one second.
	332	*/
	333	static int tpm_passthrough_test_tpmdev(int fd)
	334	{
	335	struct tpm_req_hdr req = {
	336	.tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
	337	.len = cpu_to_be32(sizeof(req)),
	338	.ordinal = cpu_to_be32(TPM_ORD_GetTicks),
	339	};
	340	struct tpm_resp_hdr *resp;
	341	fd_set readfds;
	342	int n;
	343	struct timeval tv = {
	344	.tv_sec = 1,
	345	.tv_usec = 0,
	346	};
	347	unsigned char buf[1024];
	348
	349	n = write(fd, &req, sizeof(req));
	350	if (n < 0) {
	351	return errno;
	352	}
	353	if (n != sizeof(req)) {
	354	return EFAULT;
	355	}
	356
	357	FD_ZERO(&readfds);
	358	FD_SET(fd, &readfds);
	359
	360	/* wait for a second */
	361	n = select(fd + 1, &readfds, NULL, NULL, &tv);
	362	if (n != 1) {
	363	return errno;
	364	}
	365
	366	n = read(fd, &buf, sizeof(buf));
	367	if (n < sizeof(struct tpm_resp_hdr)) {
	368	return EFAULT;
	369	}
	370
	371	resp = (struct tpm_resp_hdr *)buf;
	372	/* check the header */
	373	if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND \|\|
	374	be32_to_cpu(resp->len) != n) {
	375	return EBADMSG;
	376	}
	377
	378	return 0;
	379	}
	380
92dcc234 SB	381	/*
	382	* Unless path or file descriptor set has been provided by user,
	383	* determine the sysfs cancel file following kernel documentation
	384	* in Documentation/ABI/stable/sysfs-class-tpm.
8e36d6ca	385	* From /dev/tpm0 create /sys/class/misc/tpm0/device/cancel
92dcc234 SB	386	*/
	387	static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb)
	388	{
8e36d6ca	389	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
92dcc234	390	int fd = -1;
8e36d6ca	391	char *dev;
92dcc234	392	char path[PATH_MAX];
92dcc234 SB	393
	394	if (tb->cancel_path) {
	395	fd = qemu_open(tb->cancel_path, O_WRONLY);
	396	if (fd < 0) {
	397	error_report("Could not open TPM cancel path : %s",
	398	strerror(errno));
	399	}
	400	return fd;
	401	}
	402
8e36d6ca SB	403	dev = strrchr(tpm_pt->tpm_dev, '/');
	404	if (dev) {
	405	dev++;
	406	if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel",
	407	dev) < sizeof(path)) {
92dcc234	408	fd = qemu_open(path, O_WRONLY);
8e36d6ca SB	409	if (fd >= 0) {
	410	tb->cancel_path = g_strdup(path);
	411	} else {
	412	error_report("tpm_passthrough: Could not open TPM cancel "
	413	"path %s : %s", path, strerror(errno));
	414	}
92dcc234	415	}
8e36d6ca SB	416	} else {
	417	error_report("tpm_passthrough: Bad TPM device path %s",
	418	tpm_pt->tpm_dev);
92dcc234 SB	419	}
	420
	421	return fd;
	422	}
	423
4549a8b7 SB	424	static int tpm_passthrough_handle_device_opts(QemuOpts opts, TPMBackend tb)
4549a8b7 SB	425	{
8f0605cc	426	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7 SB	427	const char *value;
4549a8b7 SB	428
92dcc234	429	value = qemu_opt_get(opts, "cancel-path");
24588100	430	tb->cancel_path = g_strdup(value);
92dcc234	431
4549a8b7 SB	432	value = qemu_opt_get(opts, "path");
	433	if (!value) {
	434	value = TPM_PASSTHROUGH_DEFAULT_DEVICE;
	435	}
	436
8f0605cc	437	tpm_pt->tpm_dev = g_strdup(value);
4549a8b7	438
8f0605cc	439	tb->path = g_strdup(tpm_pt->tpm_dev);
4549a8b7	440
8f0605cc SB	441	tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR);
8f0605cc SB	442	if (tpm_pt->tpm_fd < 0) {
4549a8b7	443	error_report("Cannot access TPM device using '%s': %s\n",
8f0605cc	444	tpm_pt->tpm_dev, strerror(errno));
4549a8b7 SB	445	goto err_free_parameters;
	446	}
	447
8f0605cc	448	if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) {
4549a8b7	449	error_report("'%s' is not a TPM device.\n",
8f0605cc	450	tpm_pt->tpm_dev);
4549a8b7 SB	451	goto err_close_tpmdev;
	452	}
	453
	454	return 0;
	455
	456	err_close_tpmdev:
8f0605cc SB	457	qemu_close(tpm_pt->tpm_fd);
8f0605cc SB	458	tpm_pt->tpm_fd = -1;
4549a8b7 SB	459
	460	err_free_parameters:
	461	g_free(tb->path);
	462	tb->path = NULL;
	463
8f0605cc SB	464	g_free(tpm_pt->tpm_dev);
8f0605cc SB	465	tpm_pt->tpm_dev = NULL;
4549a8b7 SB	466
	467	return 1;
	468	}
	469
	470	static TPMBackend tpm_passthrough_create(QemuOpts opts, const char *id)
	471	{
8f0605cc SB	472	Object *obj = object_new(TYPE_TPM_PASSTHROUGH);
	473	TPMBackend *tb = TPM_BACKEND(obj);
	474	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7	475
4549a8b7 SB	476	tb->id = g_strdup(id);
	477	/* let frontend set the fe_model to proper value */
	478	tb->fe_model = -1;
	479
	480	tb->ops = &tpm_passthrough_driver;
	481
	482	if (tpm_passthrough_handle_device_opts(opts, tb)) {
	483	goto err_exit;
	484	}
	485
8f0605cc SB	486	tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb);
8f0605cc SB	487	if (tpm_pt->cancel_fd < 0) {
92dcc234 SB	488	goto err_exit;
	489	}
	490
4549a8b7 SB	491	return tb;
	492
	493	err_exit:
	494	g_free(tb->id);
4549a8b7 SB	495
	496	return NULL;
	497	}
	498
	499	static void tpm_passthrough_destroy(TPMBackend *tb)
	500	{
8f0605cc	501	TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
4549a8b7	502
92dcc234 SB	503	tpm_passthrough_cancel_cmd(tb);
92dcc234 SB	504
4549a8b7 SB	505	tpm_backend_thread_end(&tpm_pt->tbt);
	506
	507	qemu_close(tpm_pt->tpm_fd);
8f0605cc	508	qemu_close(tpm_pt->cancel_fd);
4549a8b7 SB	509
	510	g_free(tb->id);
	511	g_free(tb->path);
92dcc234	512	g_free(tb->cancel_path);
8f0605cc	513	g_free(tpm_pt->tpm_dev);
4549a8b7 SB	514	}
4549a8b7 SB	515
bb716238 SB	516	static const QemuOptDesc tpm_passthrough_cmdline_opts[] = {
	517	TPM_STANDARD_CMDLINE_OPTS,
	518	{
	519	.name = "cancel-path",
	520	.type = QEMU_OPT_STRING,
	521	.help = "Sysfs file entry for canceling TPM commands",
	522	},
	523	{
	524	.name = "path",
	525	.type = QEMU_OPT_STRING,
	526	.help = "Path to TPM device on the host",
	527	},
	528	{ /* end of list */ },
	529	};
	530
bdee56f5	531	static const TPMDriverOps tpm_passthrough_driver = {
4549a8b7	532	.type = TPM_TYPE_PASSTHROUGH,
bb716238	533	.opts = tpm_passthrough_cmdline_opts,
4549a8b7 SB	534	.desc = tpm_passthrough_create_desc,
	535	.create = tpm_passthrough_create,
	536	.destroy = tpm_passthrough_destroy,
	537	.init = tpm_passthrough_init,
	538	.startup_tpm = tpm_passthrough_startup_tpm,
	539	.realloc_buffer = tpm_passthrough_realloc_buffer,
	540	.reset = tpm_passthrough_reset,
	541	.had_startup_error = tpm_passthrough_get_startup_error,
	542	.deliver_request = tpm_passthrough_deliver_request,
	543	.cancel_cmd = tpm_passthrough_cancel_cmd,
	544	.get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag,
	545	};
	546
8f0605cc SB	547	static void tpm_passthrough_inst_init(Object *obj)
	548	{
	549	}
	550
	551	static void tpm_passthrough_inst_finalize(Object *obj)
	552	{
	553	}
	554
	555	static void tpm_passthrough_class_init(ObjectClass klass, void data)
	556	{
	557	TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
	558
	559	tbc->ops = &tpm_passthrough_driver;
	560	}
	561
	562	static const TypeInfo tpm_passthrough_info = {
	563	.name = TYPE_TPM_PASSTHROUGH,
	564	.parent = TYPE_TPM_BACKEND,
	565	.instance_size = sizeof(TPMPassthruState),
	566	.class_init = tpm_passthrough_class_init,
	567	.instance_init = tpm_passthrough_inst_init,
	568	.instance_finalize = tpm_passthrough_inst_finalize,
	569	};
	570
4549a8b7 SB	571	static void tpm_passthrough_register(void)
4549a8b7 SB	572	{
8f0605cc	573	type_register_static(&tpm_passthrough_info);
4549a8b7 SB	574	tpm_register_driver(&tpm_passthrough_driver);
	575	}
	576
	577	type_init(tpm_passthrough_register)