jcs.org / qemu
qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio
fork atom

tpm: CRB: Enforce locality is requested before processing buffer

Section 5.5.3.2.2 of the CRB specs states that use of the TPM
through the localty control method must first be requested,
otherwise the command will be dropped.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Stefan Berger 384cf1fc 025bc936

+13 -1
+13 -1
hw/tpm/tpm_crb.c
··· 76 76 CRB_CANCEL_INVOKE = BIT(0), 77 77 }; 78 78 79 + #define TPM_CRB_NO_LOCALITY 0xff 80 + 79 81 static uint64_t tpm_crb_mmio_read(void *opaque, hwaddr addr, 80 82 unsigned size) 81 83 { ··· 95 97 return val; 96 98 } 97 99 100 + static uint8_t tpm_crb_get_active_locty(CRBState *s) 101 + { 102 + if (!ARRAY_FIELD_EX32(s->regs, CRB_LOC_STATE, locAssigned)) { 103 + return TPM_CRB_NO_LOCALITY; 104 + } 105 + return ARRAY_FIELD_EX32(s->regs, CRB_LOC_STATE, activeLocality); 106 + } 107 + 98 108 static void tpm_crb_mmio_write(void *opaque, hwaddr addr, 99 109 uint64_t val, unsigned size) 100 110 { 101 111 CRBState *s = CRB(opaque); 112 + uint8_t locty = addr >> 12; 102 113 103 114 trace_tpm_crb_mmio_write(addr, size, val); 104 115 ··· 123 134 break; 124 135 case A_CRB_CTRL_START: 125 136 if (val == CRB_START_INVOKE && 126 - !(s->regs[R_CRB_CTRL_START] & CRB_START_INVOKE)) { 137 + !(s->regs[R_CRB_CTRL_START] & CRB_START_INVOKE) && 138 + tpm_crb_get_active_locty(s) == locty) { 127 139 void *mem = memory_region_get_ram_ptr(&s->cmdmem); 128 140 129 141 s->regs[R_CRB_CTRL_START] |= CRB_START_INVOKE;