This patch removed the tasklet and moved the wait queue into the
private structure.  It also cleaned up the response CRQ path.
Signed-off-by: NAshley Lai <adlai@us.ibm.com>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

acpi_os_map_memory expects its return value to be in the __iomem address
space. Tag the variable we're using as such and use memcpy_fromio to
avoid further sparse warnings.
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>
Signed-off-by: NJames Morris <james.l.morris@oracle.com>

This patch declares the internal struct and functions as static to provide
more security.
Signed-off-by: NXiaoyan Zhang <xiaoyan.zhang@intel.com>
Signed-off-by: NFengguang Wu <fengguang.wu@intel.com>
Reviewed-by: NKent Yoder <key@linux.vnet.ibm.com>
Signed-off-by: NJames Morris <james.l.morris@oracle.com>

The Physical Presence Interface enables the OS and the BIOS to cooperate and
provides a simple and straightforward platform user experience for
administering the TPM without sacrificing security.

V2: separate the patch out in a separate source file,
    add #ifdef CONFIG_ACPI so it compiles out on ppc,
    use standard error instead of ACPI error as return code of show/store fns.
V3: move #ifdef CONFIG_ACPI from .c file to .h file.
V4: move tpm_ppi code from tpm module to tpm_bios module.
V5: modify sys_add_ppi() so that ppi_attr_grp doesn't need to be exported
Signed-off-by: NXiaoyan Zhang <xiaoyan.zhang@intel.com>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

In drivers/char/tpm/tpm_acpi.c::read_log() we call
acpi_os_map_memory(). That call may fail for a number of reasons
(invalid address, out of memory etc). If the call fails it returns
NULL and we just pass that to memcpy() unconditionally, which will go
bad when it tries to dereference the pointer.

Unfortunately we just get NULL back, so we can't really tell the user
exactely what went wrong, but we can at least avoid crashing and
return an error (-EIO seemed more generic and more suitable here than
-ENOMEM or something else, so I picked that).
Signed-off-by: NJesper Juhl <jj@chaosbits.net>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

This patch retrieves the event log data from the device tree
during file open. The event log data will then displayed through
securityfs.
Signed-off-by: NAshley Lai <adlai@us.ibm.com>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

This patch adds a new device driver to support IBM virtual TPM
(vTPM) for PPC64.  IBM vTPM is supported through the adjunct
partition with firmware release 740 or higher.  With vTPM
support, each lpar is able to have its own vTPM without the
physical TPM hardware.

This driver provides TPM functionalities by communicating with
the vTPM adjunct partition through Hypervisor calls (Hcalls)
and Command/Response Queue (CRQ) commands.
Signed-off-by: NAshley Lai <adlai@us.ibm.com>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

The tpm_tis driver doesn't use tpm_tis_resume except when PM is
configured and doesn't make use of tpm_tis_reenable_interrupts except
when PM or PNP is configured.
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

Moved the atomic_set of the data_pending variable until after the
tpm_read has completed processing. The existing code had a window of
time where a second write to the driver could clobber the tpm command
buffer.

Also fixed an issue where if close was called on the tpm device before a
read completed, the tpm command buffer would be returned to the OS,
which could contain sensitive information.
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

This driver will make use of any available TPM chip on the system as a
hwrng source.
Acked-by: NDavid Safford <safford@linux.vnet.ibm.com>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

Move the tpm_get_random api from the trusted keys code into the TPM
device driver itself so that other callers can make use of it. Also,
change the api slightly so that the number of bytes read is returned in
the call, since the TPM command can potentially return fewer bytes than
requested.
Acked-by: NDavid Safford <safford@linux.vnet.ibm.com>
Reviewed-by: NH. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

Break ACPI-specific pieces of the event log handling into their own file
and create tpm_eventlog.[ch] to store common event log handling code.
This will be required to integrate future event log sources on platforms
without ACPI tables.
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

This patch adds a driver to support Infineon's SLB 9635 TT 1.2 Soft I2C TPMs
which follow the TGC TIS 1.2 TPM specification[1] and Infineon's I2C Protocol
Stack Specification 0.20.
The I2C Protocol Stack Specification is a simple adaption of the LPC TIS
Protocol to the I2C Bus.
The I2C TPMs can be used when LPC Bus is not available (i.e. non x86
architectures like ARM).

The driver is based on the tpm_tis.c driver by Leendert van Dorn and Kyleen
Hall and has quite similar functionality.

Tested on Nvidia ARM Tegra2 Development Platform and Beagleboard (ARM OMAP)
Tested with the Trousers[2] TSS API Testsuite v 0.3 [3]
Compile-tested on x86 (32/64-bit)

Updates since version 2.1.4:
- included "Lock the I2C adapter for a sequence of requests", by Bryan Freed
- use __i2c_transfer instead of own implementation of unlocked i2c_transfer
- use struct dev_pm_ops for power management via SIMPLE_DEV_PM_OPS

Updates since version 2.1.3:
- use proper probing mechanism
* either add the tpm using I2C_BOARD_INFO to your board file or probe it
* during runtime e.g on BeagleBoard using :
* "echo tpm_i2c_infineon 0x20 > /sys/bus/i2c/devices/i2c-2/new_device"
- fix possible endless loop if hardware misbehaves
- improved return codes
- consistent spelling i2c/tpm -> I2C/TPM
- remove hardcoded sleep values and msleep usage
- removed debug statements
- added check for I2C functionality
- renaming to tpm_i2c_infineon

Updates since version 2.1.2:
- added sysfs entries for duration and timeouts
- updated to new tpm_do_selftest

Updates since version 2.1.0:
- improved error handling
- implemented workarounds needed by the tpm
- fixed typos

References:
[1]
http://www.trustedcomputinggroup.org/resources/pc_client_work_group_pc_client_
specific_tpm_interface_specification_tis_version_12/
[2] http://trousers.sourceforge.net/
[3]
http://sourceforge.net/projects/trousers/files/TSS%20API%20test%20suite/0.3/Reviewed-by: NAndi Shyti <andi.shyti@gmail.com>
Acked-by: NMarcel Selhorst <tpmdd@selhorst.net>
Signed-off-by: NPeter Huewe <peter.huewe@infineon.com>
Signed-off-by: NBryan Freed <bfreed@chromium.org>
Signed-off-by: NKent Yoder <key@linux.vnet.ibm.com>

They've changed it ... for no apparent reason. Meh.

V2: remove unused 'is_hsw' field.
Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: NPaulo Zanoni <paulo.r.zanoni@intel.com>
Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>

According to a compiler warning, the tpm_tis_resume() function is not
used for CONFIG_PM_SLEEP unset, so add a #ifdef to prevent it from
being built in that case.
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>

omap_rng_suspend and omap_rng_resume are unused if CONFIG_PM is enabled
but CONFIG_PM_SLEEP is disabled. I found this while building all defconfig
files on ARM. It's not clear to me if this is the right solution, but
at least it makes the code consistent again.

Without this patch, building omap1_defconfig results in:

drivers/char/hw_random/omap-rng.c:165:12: warning: 'omap_rng_suspend' defined but not used [-Wunused-function]
drivers/char/hw_random/omap-rng.c:171:12: warning: 'omap_rng_resume' defined but not used [-Wunused-function]
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Acked-by: NKevin Hilman <khilman@ti.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Herbert Xu <herbert@gondor.apana.org.au>

Also properly indent the HB IDs.
Reviewed-by: NRodrigo Vivi <rodrigo.vivi@gmail.com>
Signed-off-by: NPaulo Zanoni <paulo.r.zanoni@intel.com>
Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>

Unregister from the hwrng interface and remove the vq before entering
the S3 or S4 states.  Add the vq and re-register with hwrng on restore.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

The freeze/restore s3/s4 operations will use code that's common to the
probe and remove routines.  Put the common code in separate funcitons.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

No use waiting for input from host when the module is being removed.
We're going to remove the vq in the next step anyway, so just perform
any other steps for cleanup (currently none).
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

Use wait_for_completion_killable() instead of wait_for_completion() when
waiting for the host to send us entropy.  Without this,

  # cat /dev/hwrng
  ^C

just hangs.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

Mix in any architectural randomness in extract_buf() instead of
xfer_secondary_buf().  This allows us to mix in more architectural
randomness, and it also makes xfer_secondary_buf() faster, moving a
tiny bit of additional CPU overhead to process which is extracting the
randomness.

[ Commit description modified by tytso to remove an extended
  advertisement for the RDRAND instruction. ]
Signed-off-by: NH. Peter Anvin <hpa@linux.intel.com>
Acked-by: NIngo Molnar <mingo@kernel.org>
Cc: DJ Johnston <dj.johnston@intel.com>
Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org

The following build error occured during a ia64 build with
swap-over-NFS patches applied.

net/core/sock.c:274:36: error: initializer element is not constant
net/core/sock.c:274:36: error: (near initialization for 'memalloc_socks')
net/core/sock.c:274:36: error: initializer element is not constant

This is identical to a parisc build error. Fengguang Wu, Mel Gorman
and James Bottomley did all the legwork to track the root cause of
the problem. This fix and entire commit log is shamelessly copied
from them with one extra detail to change a dubious runtime use of
ATOMIC_INIT() to atomic_set() in drivers/char/mspec.c

Dave Anglin says:
> Here is the line in sock.i:
>
> struct static_key memalloc_socks = ((struct static_key) { .enabled =
> ((atomic_t) { (0) }) });

The above line contains two compound literals.  It also uses a designated
initializer to initialize the field enabled.  A compound literal is not a
constant expression.

The location of the above statement isn't fully clear, but if a compound
literal occurs outside the body of a function, the initializer list must
consist of constant expressions.

Cc: <stable@vger.kernel.org>
Signed-off-by: NTony Luck <tony.luck@intel.com>

Many platforms have per-machine instance data (serial numbers,
asset tags, etc.) squirreled away in areas that are accessed
during early system bringup. Mixing this data into the random
pools has a very high value in providing better random data,
so we should allow (and even encourage) architecture code to
call add_device_randomness() from the setup_arch() paths.

However, this limits our options for internal structure of
the random driver since random_initialize() is not called
until long after setup_arch().

Add a big fat comment to rand_initialize() spelling out
this requirement.
Suggested-by: NTheodore Ts'o <tytso@mit.edu>
Signed-off-by: NTony Luck <tony.luck@intel.com>
Signed-off-by: NTheodore Ts'o <tytso@mit.edu>

Signed-off-by: NFlorian Fainelli <florian@openwrt.org>
Cc: linux-mips@linux-mips.org
Cc: mpm@selenic.com
Cc: herbert@gondor.apana.org.au
Patchwork: https://patchwork.linux-mips.org/patch/3327/
Patchwork: https://patchwork.linux-mips.org/patch/4072/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

This watchdog driver had ioctl defines introduced locally
for pre timeout handling, marked to be removed as soon as
a generic replacement would become available.

The latter has actually occurred in 2006, at e05b59fe.

Remove the local duplicates for pre timeout handling.
Signed-off-by: NOskar Schirmer <oskar@scara.com>
Acked-by: NCorey Minyard <cminyard@mvista.com>
Signed-off-by: NWim Van Sebroeck <wim@iguana.be>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>

With the new interrupt sampling system, we are no longer using the
timer_rand_state structure in the irq descriptor, so we can stop
initializing it now.

[ Merged in fixes from Sedat to find some last missing references to
  rand_initialize_irq() ]
Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: NSedat Dilek <sedat.dilek@gmail.com>

class_create if succeeded returns a pointer to the struct class,
and if it fails, it returns a value enclosed by the pointer, which
can be read by using PTR_ERR.

Handle the error and return it.

result is for error checking of the alloc_chrdev_region, instead
ret can be used, and also if the alloc_chrdev_region fail,
we are still returning -ENODEV, use ret and the error path will
take care of returning of the ret.
Signed-off-by: NDevendra Naga <develkernel412222@gmail.com>
Acked-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>

Create a new function, get_random_bytes_arch() which will use the
architecture-specific hardware random number generator if it is
present.  Change get_random_bytes() to not use the HW RNG, even if it
is avaiable.

The reason for this is that the hw random number generator is fast (if
it is present), but it requires that we trust the hardware
manufacturer to have not put in a back door.  (For example, an
increasing counter encrypted by an AES key known to the NSA.)

It's unlikely that Intel (for example) was paid off by the US
Government to do this, but it's impossible for them to prove otherwise
--- especially since Bull Mountain is documented to use AES as a
whitener.  Hence, the output of an evil, trojan-horse version of
RDRAND is statistically indistinguishable from an RDRAND implemented
to the specifications claimed by Intel.  Short of using a tunnelling
electronic microscope to reverse engineer an Ivy Bridge chip and
disassembling and analyzing the CPU microcode, there's no way for us
to tell for sure.

Since users of get_random_bytes() in the Linux kernel need to be able
to support hardware systems where the HW RNG is not present, most
time-sensitive users of this interface have already created their own
cryptographic RNG interface which uses get_random_bytes() as a seed.
So it's much better to use the HW RNG to improve the existing random
number generator, by mixing in any entropy returned by the HW RNG into
/dev/random's entropy pool, but to always _use_ /dev/random's entropy
pool.

This way we get almost of the benefits of the HW RNG without any
potential liabilities.  The only benefits we forgo is the
speed/performance enhancements --- and generic kernel code can't
depend on depend on get_random_bytes() having the speed of a HW RNG
anyway.

For those places that really want access to the arch-specific HW RNG,
if it is available, we provide get_random_bytes_arch().
Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org

If the CPU supports a hardware random number generator, use it in
xfer_secondary_pool(), where it will significantly improve things and
where we can afford it.

Also, remove the use of the arch-specific rng in
add_timer_randomness(), since the call is significantly slower than
get_cycles(), and we're much better off using it in
xfer_secondary_pool() anyway.
Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org

Add a new interface, add_device_randomness() for adding data to the
random pool that is likely to differ between two devices (or possibly
even per boot).  This would be things like MAC addresses or serial
numbers, or the read-out of the RTC. This does *not* add any actual
entropy to the pool, but it initializes the pool to different values
for devices that might otherwise be identical and have very little
entropy available to them (particularly common in the embedded world).

[ Modified by tytso to mix in a timestamp, since there may be some
  variability caused by the time needed to detect/configure the hardware
  in question. ]
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org

The real-time Linux folks don't like add_interrupt_randomness() taking
a spinlock since it is called in the low-level interrupt routine.
This also allows us to reduce the overhead in the fast path, for the
random driver, which is the interrupt collection path.
Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org

We've been moving away from add_interrupt_randomness() for various
reasons: it's too expensive to do on every interrupt, and flooding the
CPU with interrupts could theoretically cause bogus floods of entropy
from a somewhat externally controllable source.

This solves both problems by limiting the actual randomness addition
to just once a second or after 64 interrupts, whicever comes first.
During that time, the interrupt cycle data is buffered up in a per-cpu
pool.  Also, we make sure the the nonblocking pool used by urandom is
initialized before we start feeding the normal input pool.  This
assures that /dev/urandom is returning unpredictable data as soon as
possible.

(Based on an original patch by Linus, but significantly modified by
tytso.)
Tested-by: NEric Wustrow <ewust@umich.edu>
Reported-by: NEric Wustrow <ewust@umich.edu>
Reported-by: NNadia Heninger <nadiah@cs.ucsd.edu>
Reported-by: NZakir Durumeric <zakir@umich.edu>
Reported-by: J. Alex Halderman <jhalderm@umich.edu>.
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org

Some power systems do not have legacy ISA devices. So, /dev/port is not
a valid interface on these systems. User level tools such as kbdrate is
trying to access the device using this interface which is causing the
system crash.

This patch will fix this issue by not creating this interface on these
powerpc systems.
Signed-off-by: NHaren Myneni <haren@us.ibm.com>
Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>

This patch supports Exynos SOC's PRNG driver. Exynos's PRNG has 5 seeds and
5 random number outputs. Module is excuted under runtime power management control,
so it activates only while it's in use. Otherwise it will be suspended generally.
It was tested on PQ board by rngtest program.
Signed-off-by: NJonghwa Lee <jonghwa3.lee@samsung.com>
Signed-off-by: NKyungmin Park <kyungmin.park@samsung.com>
Reviewed-by: NStephen Boyd <sboyd@codeaurora.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The legacy PM callbacks provided by the IPMI PCI driver are
empty routines returning 0, so they can be safely dropped.
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Acked-by: NCorey Minyard <cminyard@mvista.com>

Make the tpm_nsc driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.

This allows the driver to use tpm_pm_suspend() and tpm_pm_resume()
as its PM callbacks directly, without defining its own PM callback
routines.
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>

Make the tpm_tis driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.

This allows the driver to use tpm_pm_suspend() as its suspend
callback directly, without defining its own suspend callback
routine.
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>

Make the tpm_atmel driver define its PM callbacks through
a struct dev_pm_ops object rather than by using legacy PM hooks
in struct platform_driver.

This allows the driver to use tpm_pm_suspend() and tpm_pm_resume()
as its PM callbacks directly, without defining its own PM callback
routines.
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>