Hi Anton,
is this patchset still needed after Vicky's patch
"[tpmdd-devel] Fix NULL return in tpm_ibmvtpm_get_desired_dma"
https://patchwork.ozlabs.org/patch/402315/
Ashley raised some concerns.
Since merge window is coming up, a fast reply is appreciated.
Thanks,
Peter
Am Freitag, 19. September 2014, 23:29:42 schrieb Anton Blanchard:
> I'm looking at an oops in tpm_ibmvtpm_get_desired_dma:
>
> 28: 00 00 20 39 li r9,0
> 2c: 10 00 01 e8 ld r0,16(r1)
> 30: 28 00 69 80 lwz r3,40(r9)
>
> We set r9 to 0 then load r9+40. The problem is actually in
> ibmvtpm_get_data, it can return NULL but the rest of the driver
> never expects it.
>
> Add a BUG_ON in ibmvtpm_get_data. We still need to identify the root
> cause but at least this makes it obvious what went wrong.
>
> Cc: [email protected]
> Signed-off-by: Anton Blanchard <[email protected]>
> ---
>
> diff --git a/drivers/char/tpm/tpm_ibmvtpm.c
> b/drivers/char/tpm/tpm_ibmvtpm.c index af74c57..0d1eeba 100644
> --- a/drivers/char/tpm/tpm_ibmvtpm.c
> +++ b/drivers/char/tpm/tpm_ibmvtpm.c
> @@ -63,9 +63,9 @@ static int ibmvtpm_send_crq(struct vio_dev *vdev, u64 w1,
> u64 w2) static struct ibmvtpm_dev *ibmvtpm_get_data(const struct device
> *dev) {
> struct tpm_chip *chip = dev_get_drvdata(dev);
> - if (chip)
> - return (struct ibmvtpm_dev *)TPM_VPRIV(chip);
> - return NULL;
> +
> + BUG_ON(!chip);
> + return (struct ibmvtpm_dev *)TPM_VPRIV(chip);
> }
>
> /**
Hi,
> is this patchset still needed after Vicky's patch
> "[tpmdd-devel] Fix NULL return in tpm_ibmvtpm_get_desired_dma"
> https://patchwork.ozlabs.org/patch/402315/
>
> Ashley raised some concerns.
>
> Since merge window is coming up, a fast reply is appreciated.
We definitely need a way to catch an invalid driver data pointer, but it
looks like that needs to be reworked after Vicky's patch.
Vicky could you look at all uses of ibmvtpm_get_data and make
sure we don't blindly dereference it? eg:
static int tpm_ibmvtpm_resume(struct device *dev)
{
struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(dev);
...
rc = plpar_hcall_norets(H_ENABLE_CRQ,
ibmvtpm->vdev->unit_address);
Anton
Hi Anton,
vio_bus_probe now calls vio_cmo_bus_probe before calling probe.
This results in calling get_desired_dma to get rtce buf size
before we have called probe which initializes vtpm driver and
sets up the tpm data, i.e. rtce buf size.
ibmvtpm_get_data returns NULL in get_desired_dma is a special
case where the device is not initialized.
Regards,
Vicky
On Wed, 2014-12-03 at 08:20 +1100, Anton Blanchard wrote:
> Hi,
>
> > is this patchset still needed after Vicky's patch
> > "[tpmdd-devel] Fix NULL return in tpm_ibmvtpm_get_desired_dma"
> > https://patchwork.ozlabs.org/patch/402315/
> >
> > Ashley raised some concerns.
> >
> > Since merge window is coming up, a fast reply is appreciated.
>
> We definitely need a way to catch an invalid driver data pointer, but it
> looks like that needs to be reworked after Vicky's patch.
>
> Vicky could you look at all uses of ibmvtpm_get_data and make
> sure we don't blindly dereference it? eg:
>
> static int tpm_ibmvtpm_resume(struct device *dev)
> {
> struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(dev);
> ...
>
> rc = plpar_hcall_norets(H_ENABLE_CRQ,
> ibmvtpm->vdev->unit_address);
>
> Anton
>