This patch series fixes some flaws in the TPM code. Most importantly a reference count issue (patch 2) and a possible NULL pointer access (patch 3). Patch 1 fixes the error path in tpmm_chip_alloc() and is in preparation to patch 2 which extends this function. Patch 4 introduces a new function tpm_chip_free() which is used as a counterpart to tpm_chip_alloc(). The main reason for this function is to hide the internals of tpm_chip cleanup by means of multiple reference count handling. Lino Sanfilippo (4): tpm: in case of error properly cleanup in tpmm_chip_alloc tpm: fix reference counting for struct tpm_chip tpm: in tpm2_del_space check if ops pointer is still valid tpm: Provide a function tpm_chip_free() to free tpm chips drivers/char/tpm/tpm-chip.c | 33 ++++++++++++++++++++++++++++++--- drivers/char/tpm/tpm.h | 1 + drivers/char/tpm/tpm2-space.c | 2 +- drivers/char/tpm/tpm_ftpm_tee.c | 4 ++-- drivers/char/tpm/tpm_vtpm_proxy.c | 2 +- 5 files changed, 35 insertions(+), 7 deletions(-) -- 2.7.4
