lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Feb 2016 11:03:31 -0700 From: Jason Gunthorpe <jgunthorpe@...idianresearch.com> To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> Cc: Peter Huewe <peterhuewe@....de>, tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org Subject: Re: [tpmdd-devel] [PATCH] tpm_crb: fix: associate to the correct device On Wed, Feb 17, 2016 at 01:23:31PM +0200, Jarkko Sakkinen wrote: > At the moment for tpm_crb /proc/iomem shows the HW interface and not the > device using the memory range. This patch fixes the issue by associating > memory mappings to the TPM character device. > > The end result is this: > > $ cat /proc/iomem|grep MSFT -A2 > dbfff000-dbffffff : MSFT0101:00 > dbfff000-dbffffff : tpm0 Hmmm... This large patch basically changes devm_ioremap so it uses the tpm chip dev not the acpi_dev - which seems reasonable - however I notice lots of drivers do use the parent device.. However, it will change the unwind ordering on remove.. And when we check if tpm_crb is OK on that point I see this bug: static int crb_acpi_remove(struct acpi_device *device) { [..] tpm_chip_unregister(chip); if (chip->flags & TPM_CHIP_FLAG_TPM2) tpm2_shutdown(chip, TPM2_SU_CLEAR); It is illegal to reference chip after tpm_chip_unregister, and it is very illegal to try to send a command to an unregistered tpm. This will conflict with my other patches to fix ops locking. Further, it probably conflicts with this patch, since the iomapping is associated with chip, it risks being torn down by tpm_chip_unregister when it triggers the devm unwind. Something like tpm2_shutdown belongs in the core code, add it to tpm_chip_unregister, and do that before this patch.. Ideally this would have been fewer lines, not sure why the acpi stuff had to move out of crb_map_io, for instance.. Does tpm_tis need the same fix? > + INIT_LIST_HEAD(&resources); > + rc = acpi_dev_get_resources(device, &resources, crb_check_resource, > + priv); > + if (rc < 0) > + return rc; > + acpi_dev_free_resource_list(&resources); I wonder if the acpi_dev_free_resource_list is what kill's the resource name? Maybe that needs to be delayed until after the ioremap, which is best done with this back in crb_map_io ?? Thanks for looking at this stuff, Jason
Powered by blists - more mailing lists