On Sat, Jan 16, 2021 at 02:22:40AM +0100, Lino Sanfilippo wrote:
> From: Lino Sanfilippo <l.sanfilippo@xxxxxxxxxx>
>
> In tpm2_del_space() the sessions are flushed by means of the tpm_chip
> operations. However the concerning operations pointer my already be NULL at
> this time in case that the chip has been unregistered (see
> tpm_chip_unregister() which calls tpm_del_char_device() which sets
> chip->ops to NULL).
> Avoid the NULL pointer access by first calling tpm_try_get_ops() to check
> if the operations pointer is still valid and skipping the session flushing
> in case of an unregistered chip.
>
> Signed-off-by: Lino Sanfilippo <l.sanfilippo@xxxxxxxxxx>
> ---
> drivers/char/tpm/tpm2-space.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 784b8b3..ea6eee9 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -59,7 +59,7 @@ int tpm2_init_space(struct tpm_space *space, unsigned int buf_size)
> void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space)
> {
> mutex_lock(&chip->tpm_mutex);
> - if (!tpm_chip_start(chip)) {
> + if (!tpm_try_get_ops(chip) && !tpm_chip_start(chip)) {
> tpm2_flush_sessions(chip, space);
> tpm_chip_stop(chip);
> }
> --
> 2.7.4
>
I have hard time to believe that any of these patches are based on
actual regressions.
/Jarko
