Tests get stuck, when tss is configured with --enable-tcti-partial-reads

[dilyanpalauzov]

When I compile and install tpm2-tss/configure --enable-tcti-partial-reads and then call tpm2-abrmd/configure --enable-integration && make -C tpm2-abrmd check the tests just gets stuck and do not make progress.

[flihp]

I believe that this feature requires cooperation from an upstream kernel change. Are you using this patch / release? More data in the commit message here: https://github.com/tpm2-software/tpm2-tss/commit/3f2489b1c4572f203fb5c57b26364f9469ad716c. Comment from @tstruk in https://github.com/tpm2-software/tpm2-tss/issues/1315#issuecomment-474587368 makes me think that the async support went into the kernel around 4.20. There was also a regression in the 5.0 release that had to get fixed upstream.

[dilyanpalauzov]

I used kernel 4.16.13. I do not use tcti-partial-reads, just because the tests do not run with them. tpm2-tools tests also get stuck.

As a matter of fact, tpm2-tools tests run good without tcti-partial-reads, the tests talk to tss2-abrmd, tss2-abrmd talks to the ibm-tss simulator. I do not see how the kernel is involved in this combination.

[flihp]

Oh yeah that makes sense. I'll see about a repro. Probably getting stuck in the TCTI. That would be libtss2-tcti-mssim since this is in the test harness so yeah, nothing to do with the kernel.

[tstruk]

The only code in TSS that is affected by "--enable-tcti-partial-reads=yes" is in tcti-device->Tss2_Tcti_Receive() and Tss2_Sys_Execute(), none of which is exercised by abrmd integration tests running against the simulator as far as I can see. Also FWIW TSS integ tests running against the simulator, with partial reads enabled are passing: https://travis-ci.org/tpm2-software/tpm2-tss/jobs/535730335

[dilyanpalauzov]

When I compiled tss using --enable-tcti-partial-reads and run the tests locally, the latter completed. When I installed then that tss and run the tests for abrmd or tools, the tests got stuck. See also https://github.com/tpm2-software/tpm2-tools/issues/1417 .

[flihp]

I've reproduced this successfully using the HEAD of master on both tpm2-tss and tpm2-abrmd. Steps go are below:

configure & test tpm2-tss under 'default' conditions:

./bootstrap && ./configure --enable-unit --enable-integration --disable-doxygen-doc && make check && sudo make install

configure & test tpm2-abrmd under 'default' conditions:

./bootstrap && ./configure --enable-unit --enable-integration && make check

This all goes as expected (positive test). Next we rebuild and reinstall tpm2-tss libraries with partial reads enabled:

./configure --enable-unit --enable-integration --disable-doxygen-doc --enable-tcti-partial-reads=yes && make check && sudo make install

This all goes as expected. Then we re-run the tpm2-abrmd test harness to get the failure. Here it fails after successfully executing 3 tests. Working on the root-cause next.

Thanks again for the report @dilyanpalauzov !

[dilyanpalauzov]

To be precise, when I tried it, I didn’t get a failure, the tests just never completed. But in the meantime the codebase has also changed.

[flihp]

apologies: 'failure' here means the tests hang as you originally reported

[flihp]

update: Root cause for this is a bug in the tabrmd tcti. As part of working on this it's become obvious the TCTI unit tests need some love. They're some of the older unit tests here and the coverage is rather poor. Makes sense this code wouldn't be able to cope with the partial read calling convention from the tss2 libraries since it predates that feature.

[flihp]

Candidate fix is here: https://github.com/flihp/tpm2-abrmd/tree/partial-reads. Needs lots of cleanup since it includes some significant refactoring in the TCTI unit test.