Re: [PATCH v2] vTPM: Fix missing NULL check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 15, 2017 at 01:28:07AM -0400, Hon Ching(Vicky) Lo wrote:
> The current code passes the address of tpm_chip as the argument to
> dev_get_drvdata() without prior NULL check in
> tpm_ibmvtpm_get_desired_dma.  This resulted an oops during kernel
> boot when vTPM is enabled in Power partition configured in active
> memory sharing mode.
> 
> The vio_driver's get_desired_dma() is called before the probe(), which
> for vtpm is tpm_ibmvtpm_probe, and it's this latter function that
> initializes the driver and set data.  Attempting to get data before
> the probe() caused the problem.
> 
> This patch adds a NULL check to the tpm_ibmvtpm_get_desired_dma.
> 
> fixes: 9e0d39d8a6a0 ("tpm: Remove useless priv field in struct tpm_vendor_specific")
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Hon Ching(Vicky) Lo <honclo@xxxxxxxxxxxxxxxxxx>

Reviewed-by: Jarkko Sakkine <jarkko.sakkinen@xxxxxxxxxxxxxxx>

/Jarkko

> ---
>  drivers/char/tpm/tpm_ibmvtpm.c |    8 ++++++--
>  1 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
> index 1b9d61f..f01d083 100644
> --- a/drivers/char/tpm/tpm_ibmvtpm.c
> +++ b/drivers/char/tpm/tpm_ibmvtpm.c
> @@ -299,6 +299,8 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev)
>  	}
>  
>  	kfree(ibmvtpm);
> +	/* For tpm_ibmvtpm_get_desired_dma */
> +	dev_set_drvdata(&vdev->dev, NULL);
>  
>  	return 0;
>  }
> @@ -313,14 +315,16 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev)
>  static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev)
>  {
>  	struct tpm_chip *chip = dev_get_drvdata(&vdev->dev);
> -	struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev);
> +	struct ibmvtpm_dev *ibmvtpm;
>  
>  	/*
>  	 * ibmvtpm initializes at probe time, so the data we are
>  	 * asking for may not be set yet. Estimate that 4K required
>  	 * for TCE-mapped buffer in addition to CRQ.
>  	 */
> -	if (!ibmvtpm)
> +	if (chip)
> +		ibmvtpm = dev_get_drvdata(&chip->dev);
> +	else
>  		return CRQ_RES_BUF_SIZE + PAGE_SIZE;
>  
>  	return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;
> -- 
> 1.7.1
>
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]