On Wed, Mar 15, 2017 at 01:28:07AM -0400, Hon Ching(Vicky) Lo wrote: > The current code passes the address of tpm_chip as the argument to > dev_get_drvdata() without prior NULL check in > tpm_ibmvtpm_get_desired_dma. This resulted an oops during kernel > boot when vTPM is enabled in Power partition configured in active > memory sharing mode. > > The vio_driver's get_desired_dma() is called before the probe(), which > for vtpm is tpm_ibmvtpm_probe, and it's this latter function that > initializes the driver and set data. Attempting to get data before > the probe() caused the problem. > > This patch adds a NULL check to the tpm_ibmvtpm_get_desired_dma. > > fixes: 9e0d39d8a6a0 ("tpm: Remove useless priv field in struct tpm_vendor_specific") > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Hon Ching(Vicky) Lo <honclo@xxxxxxxxxxxxxxxxxx> Reviewed-by: Jarkko Sakkine <jarkko.sakkinen@xxxxxxxxxxxxxxx> /Jarkko > --- > drivers/char/tpm/tpm_ibmvtpm.c | 8 ++++++-- > 1 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c > index 1b9d61f..f01d083 100644 > --- a/drivers/char/tpm/tpm_ibmvtpm.c > +++ b/drivers/char/tpm/tpm_ibmvtpm.c > @@ -299,6 +299,8 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev) > } > > kfree(ibmvtpm); > + /* For tpm_ibmvtpm_get_desired_dma */ > + dev_set_drvdata(&vdev->dev, NULL); > > return 0; > } > @@ -313,14 +315,16 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev) > static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev) > { > struct tpm_chip *chip = dev_get_drvdata(&vdev->dev); > - struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev); > + struct ibmvtpm_dev *ibmvtpm; > > /* > * ibmvtpm initializes at probe time, so the data we are > * asking for may not be set yet. Estimate that 4K required > * for TCE-mapped buffer in addition to CRQ. > */ > - if (!ibmvtpm) > + if (chip) > + ibmvtpm = dev_get_drvdata(&chip->dev); > + else > return CRQ_RES_BUF_SIZE + PAGE_SIZE; > > return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size; > -- > 1.7.1 >