[SCSI] fix BUG when sum(scatterlist) > bufflen
[linux-2.6] / drivers / char / tpm / tpm_nsc.c
1 /*
2  * Copyright (C) 2004 IBM Corporation
3  *
4  * Authors:
5  * Leendert van Doorn <leendert@watson.ibm.com>
6  * Dave Safford <safford@watson.ibm.com>
7  * Reiner Sailer <sailer@watson.ibm.com>
8  * Kylene Hall <kjhall@us.ibm.com>
9  *
10  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11  *
12  * Device driver for TCG/TCPA TPM (trusted platform module).
13  * Specifications at www.trustedcomputinggroup.org       
14  *
15  * This program is free software; you can redistribute it and/or
16  * modify it under the terms of the GNU General Public License as
17  * published by the Free Software Foundation, version 2 of the
18  * License.
19  * 
20  */
21
22 #include <linux/platform_device.h>
23 #include "tpm.h"
24
25 /* National definitions */
26 enum tpm_nsc_addr{
27         TPM_NSC_IRQ = 0x07,
28         TPM_NSC_BASE0_HI = 0x60,
29         TPM_NSC_BASE0_LO = 0x61,
30         TPM_NSC_BASE1_HI = 0x62,
31         TPM_NSC_BASE1_LO = 0x63
32 };
33
34 enum tpm_nsc_index {
35         NSC_LDN_INDEX = 0x07,
36         NSC_SID_INDEX = 0x20,
37         NSC_LDC_INDEX = 0x30,
38         NSC_DIO_INDEX = 0x60,
39         NSC_CIO_INDEX = 0x62,
40         NSC_IRQ_INDEX = 0x70,
41         NSC_ITS_INDEX = 0x71
42 };
43
44 enum tpm_nsc_status_loc {
45         NSC_STATUS = 0x01,
46         NSC_COMMAND = 0x01,
47         NSC_DATA = 0x00
48 };
49
50 /* status bits */
51 enum tpm_nsc_status {
52         NSC_STATUS_OBF = 0x01,  /* output buffer full */
53         NSC_STATUS_IBF = 0x02,  /* input buffer full */
54         NSC_STATUS_F0 = 0x04,   /* F0 */
55         NSC_STATUS_A2 = 0x08,   /* A2 */
56         NSC_STATUS_RDY = 0x10,  /* ready to receive command */
57         NSC_STATUS_IBR = 0x20   /* ready to receive data */
58 };
59
60 /* command bits */
61 enum tpm_nsc_cmd_mode {
62         NSC_COMMAND_NORMAL = 0x01,      /* normal mode */
63         NSC_COMMAND_EOC = 0x03,
64         NSC_COMMAND_CANCEL = 0x22
65 };
66 /*
67  * Wait for a certain status to appear
68  */
69 static int wait_for_stat(struct tpm_chip *chip, u8 mask, u8 val, u8 * data)
70 {
71         unsigned long stop;
72
73         /* status immediately available check */
74         *data = inb(chip->vendor.base + NSC_STATUS);
75         if ((*data & mask) == val)
76                 return 0;
77
78         /* wait for status */
79         stop = jiffies + 10 * HZ;
80         do {
81                 msleep(TPM_TIMEOUT);
82                 *data = inb(chip->vendor.base + 1);
83                 if ((*data & mask) == val)
84                         return 0;
85         }
86         while (time_before(jiffies, stop));
87
88         return -EBUSY;
89 }
90
91 static int nsc_wait_for_ready(struct tpm_chip *chip)
92 {
93         int status;
94         unsigned long stop;
95
96         /* status immediately available check */
97         status = inb(chip->vendor.base + NSC_STATUS);
98         if (status & NSC_STATUS_OBF)
99                 status = inb(chip->vendor.base + NSC_DATA);
100         if (status & NSC_STATUS_RDY)
101                 return 0;
102
103         /* wait for status */
104         stop = jiffies + 100;
105         do {
106                 msleep(TPM_TIMEOUT);
107                 status = inb(chip->vendor.base + NSC_STATUS);
108                 if (status & NSC_STATUS_OBF)
109                         status = inb(chip->vendor.base + NSC_DATA);
110                 if (status & NSC_STATUS_RDY)
111                         return 0;
112         }
113         while (time_before(jiffies, stop));
114
115         dev_info(chip->dev, "wait for ready failed\n");
116         return -EBUSY;
117 }
118
119
120 static int tpm_nsc_recv(struct tpm_chip *chip, u8 * buf, size_t count)
121 {
122         u8 *buffer = buf;
123         u8 data, *p;
124         u32 size;
125         __be32 *native_size;
126
127         if (count < 6)
128                 return -EIO;
129
130         if (wait_for_stat(chip, NSC_STATUS_F0, NSC_STATUS_F0, &data) < 0) {
131                 dev_err(chip->dev, "F0 timeout\n");
132                 return -EIO;
133         }
134         if ((data =
135              inb(chip->vendor.base + NSC_DATA)) != NSC_COMMAND_NORMAL) {
136                 dev_err(chip->dev, "not in normal mode (0x%x)\n",
137                         data);
138                 return -EIO;
139         }
140
141         /* read the whole packet */
142         for (p = buffer; p < &buffer[count]; p++) {
143                 if (wait_for_stat
144                     (chip, NSC_STATUS_OBF, NSC_STATUS_OBF, &data) < 0) {
145                         dev_err(chip->dev,
146                                 "OBF timeout (while reading data)\n");
147                         return -EIO;
148                 }
149                 if (data & NSC_STATUS_F0)
150                         break;
151                 *p = inb(chip->vendor.base + NSC_DATA);
152         }
153
154         if ((data & NSC_STATUS_F0) == 0 &&
155         (wait_for_stat(chip, NSC_STATUS_F0, NSC_STATUS_F0, &data) < 0)) {
156                 dev_err(chip->dev, "F0 not set\n");
157                 return -EIO;
158         }
159         if ((data = inb(chip->vendor.base + NSC_DATA)) != NSC_COMMAND_EOC) {
160                 dev_err(chip->dev,
161                         "expected end of command(0x%x)\n", data);
162                 return -EIO;
163         }
164
165         native_size = (__force __be32 *) (buf + 2);
166         size = be32_to_cpu(*native_size);
167
168         if (count < size)
169                 return -EIO;
170
171         return size;
172 }
173
174 static int tpm_nsc_send(struct tpm_chip *chip, u8 * buf, size_t count)
175 {
176         u8 data;
177         int i;
178
179         /*
180          * If we hit the chip with back to back commands it locks up
181          * and never set IBF. Hitting it with this "hammer" seems to
182          * fix it. Not sure why this is needed, we followed the flow
183          * chart in the manual to the letter.
184          */
185         outb(NSC_COMMAND_CANCEL, chip->vendor.base + NSC_COMMAND);
186
187         if (nsc_wait_for_ready(chip) != 0)
188                 return -EIO;
189
190         if (wait_for_stat(chip, NSC_STATUS_IBF, 0, &data) < 0) {
191                 dev_err(chip->dev, "IBF timeout\n");
192                 return -EIO;
193         }
194
195         outb(NSC_COMMAND_NORMAL, chip->vendor.base + NSC_COMMAND);
196         if (wait_for_stat(chip, NSC_STATUS_IBR, NSC_STATUS_IBR, &data) < 0) {
197                 dev_err(chip->dev, "IBR timeout\n");
198                 return -EIO;
199         }
200
201         for (i = 0; i < count; i++) {
202                 if (wait_for_stat(chip, NSC_STATUS_IBF, 0, &data) < 0) {
203                         dev_err(chip->dev,
204                                 "IBF timeout (while writing data)\n");
205                         return -EIO;
206                 }
207                 outb(buf[i], chip->vendor.base + NSC_DATA);
208         }
209
210         if (wait_for_stat(chip, NSC_STATUS_IBF, 0, &data) < 0) {
211                 dev_err(chip->dev, "IBF timeout\n");
212                 return -EIO;
213         }
214         outb(NSC_COMMAND_EOC, chip->vendor.base + NSC_COMMAND);
215
216         return count;
217 }
218
219 static void tpm_nsc_cancel(struct tpm_chip *chip)
220 {
221         outb(NSC_COMMAND_CANCEL, chip->vendor.base + NSC_COMMAND);
222 }
223
224 static u8 tpm_nsc_status(struct tpm_chip *chip)
225 {
226         return inb(chip->vendor.base + NSC_STATUS);
227 }
228
229 static const struct file_operations nsc_ops = {
230         .owner = THIS_MODULE,
231         .llseek = no_llseek,
232         .open = tpm_open,
233         .read = tpm_read,
234         .write = tpm_write,
235         .release = tpm_release,
236 };
237
238 static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
239 static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
240 static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
241 static DEVICE_ATTR(cancel, S_IWUSR|S_IWGRP, NULL, tpm_store_cancel);
242
243 static struct attribute * nsc_attrs[] = {
244         &dev_attr_pubek.attr,
245         &dev_attr_pcrs.attr,
246         &dev_attr_caps.attr,
247         &dev_attr_cancel.attr,
248         NULL,
249 };
250
251 static struct attribute_group nsc_attr_grp = { .attrs = nsc_attrs };
252
253 static const struct tpm_vendor_specific tpm_nsc = {
254         .recv = tpm_nsc_recv,
255         .send = tpm_nsc_send,
256         .cancel = tpm_nsc_cancel,
257         .status = tpm_nsc_status,
258         .req_complete_mask = NSC_STATUS_OBF,
259         .req_complete_val = NSC_STATUS_OBF,
260         .req_canceled = NSC_STATUS_RDY,
261         .attr_group = &nsc_attr_grp,
262         .miscdev = { .fops = &nsc_ops, },
263 };
264
265 static struct platform_device *pdev = NULL;
266
267 static void __devexit tpm_nsc_remove(struct device *dev)
268 {
269         struct tpm_chip *chip = dev_get_drvdata(dev);
270         if ( chip ) {
271                 release_region(chip->vendor.base, 2);
272                 tpm_remove_hardware(chip->dev);
273         }
274 }
275
276 static struct device_driver nsc_drv = {
277         .name = "tpm_nsc",
278         .bus = &platform_bus_type,
279         .owner = THIS_MODULE,
280         .suspend = tpm_pm_suspend,
281         .resume = tpm_pm_resume,
282 };
283
284 static int __init init_nsc(void)
285 {
286         int rc = 0;
287         int lo, hi, err;
288         int nscAddrBase = TPM_ADDR;
289         struct tpm_chip *chip;
290         unsigned long base;
291
292         /* verify that it is a National part (SID) */
293         if (tpm_read_index(TPM_ADDR, NSC_SID_INDEX) != 0xEF) {
294                 nscAddrBase = (tpm_read_index(TPM_SUPERIO_ADDR, 0x2C)<<8)|
295                         (tpm_read_index(TPM_SUPERIO_ADDR, 0x2B)&0xFE);
296                 if (tpm_read_index(nscAddrBase, NSC_SID_INDEX) != 0xF6)
297                         return -ENODEV;
298         }
299
300         err = driver_register(&nsc_drv);
301         if (err)
302                 return err;
303
304         hi = tpm_read_index(nscAddrBase, TPM_NSC_BASE0_HI);
305         lo = tpm_read_index(nscAddrBase, TPM_NSC_BASE0_LO);
306         base = (hi<<8) | lo;
307
308         /* enable the DPM module */
309         tpm_write_index(nscAddrBase, NSC_LDC_INDEX, 0x01);
310
311         pdev = kzalloc(sizeof(struct platform_device), GFP_KERNEL);
312         if (!pdev) {
313                 rc = -ENOMEM;
314                 goto err_unreg_drv;
315         }
316
317         pdev->name = "tpm_nscl0";
318         pdev->id = -1;
319         pdev->num_resources = 0;
320         pdev->dev.release = tpm_nsc_remove;
321         pdev->dev.driver = &nsc_drv;
322
323         if ((rc = platform_device_register(pdev)) < 0)
324                 goto err_free_dev;
325
326         if (request_region(base, 2, "tpm_nsc0") == NULL ) {
327                 rc = -EBUSY;
328                 goto err_unreg_dev;
329         }
330
331         if (!(chip = tpm_register_hardware(&pdev->dev, &tpm_nsc))) {
332                 rc = -ENODEV;
333                 goto err_rel_reg;
334         }
335
336         dev_dbg(&pdev->dev, "NSC TPM detected\n");
337         dev_dbg(&pdev->dev,
338                 "NSC LDN 0x%x, SID 0x%x, SRID 0x%x\n",
339                 tpm_read_index(nscAddrBase,0x07), tpm_read_index(nscAddrBase,0x20),
340                 tpm_read_index(nscAddrBase,0x27));
341         dev_dbg(&pdev->dev,
342                 "NSC SIOCF1 0x%x SIOCF5 0x%x SIOCF6 0x%x SIOCF8 0x%x\n",
343                 tpm_read_index(nscAddrBase,0x21), tpm_read_index(nscAddrBase,0x25),
344                 tpm_read_index(nscAddrBase,0x26), tpm_read_index(nscAddrBase,0x28));
345         dev_dbg(&pdev->dev, "NSC IO Base0 0x%x\n",
346                 (tpm_read_index(nscAddrBase,0x60) << 8) | tpm_read_index(nscAddrBase,0x61));
347         dev_dbg(&pdev->dev, "NSC IO Base1 0x%x\n",
348                 (tpm_read_index(nscAddrBase,0x62) << 8) | tpm_read_index(nscAddrBase,0x63));
349         dev_dbg(&pdev->dev, "NSC Interrupt number and wakeup 0x%x\n",
350                 tpm_read_index(nscAddrBase,0x70));
351         dev_dbg(&pdev->dev, "NSC IRQ type select 0x%x\n",
352                 tpm_read_index(nscAddrBase,0x71));
353         dev_dbg(&pdev->dev,
354                 "NSC DMA channel select0 0x%x, select1 0x%x\n",
355                 tpm_read_index(nscAddrBase,0x74), tpm_read_index(nscAddrBase,0x75));
356         dev_dbg(&pdev->dev,
357                 "NSC Config "
358                 "0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
359                 tpm_read_index(nscAddrBase,0xF0), tpm_read_index(nscAddrBase,0xF1),
360                 tpm_read_index(nscAddrBase,0xF2), tpm_read_index(nscAddrBase,0xF3),
361                 tpm_read_index(nscAddrBase,0xF4), tpm_read_index(nscAddrBase,0xF5),
362                 tpm_read_index(nscAddrBase,0xF6), tpm_read_index(nscAddrBase,0xF7),
363                 tpm_read_index(nscAddrBase,0xF8), tpm_read_index(nscAddrBase,0xF9));
364
365         dev_info(&pdev->dev,
366                  "NSC TPM revision %d\n",
367                  tpm_read_index(nscAddrBase, 0x27) & 0x1F);
368
369         chip->vendor.base = base;
370
371         return 0;
372
373 err_rel_reg:
374         release_region(base, 2);
375 err_unreg_dev:
376         platform_device_unregister(pdev);
377 err_free_dev:
378         kfree(pdev);
379 err_unreg_drv:
380         driver_unregister(&nsc_drv);
381         return rc;
382 }
383
384 static void __exit cleanup_nsc(void)
385 {
386         if (pdev) {
387                 tpm_nsc_remove(&pdev->dev);
388                 platform_device_unregister(pdev);
389                 kfree(pdev);
390                 pdev = NULL;
391         }
392
393         driver_unregister(&nsc_drv);
394 }
395
396 module_init(init_nsc);
397 module_exit(cleanup_nsc);
398
399 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
400 MODULE_DESCRIPTION("TPM Driver");
401 MODULE_VERSION("2.0");
402 MODULE_LICENSE("GPL");