[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <db1bb1ab-b2d6-cd4b-9908-b471b8cc7df5@linux.ibm.com>
Date: Fri, 5 Feb 2021 08:29:03 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
Lino Sanfilippo <LinoSanfilippo@....de>, peterhuewe@....de,
jarkko@...nel.org
Cc: jgg@...pe.ca, stefanb@...ux.vnet.ibm.com, stable@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
Lino Sanfilippo <l.sanfilippo@...bus.com>
Subject: Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip
On 2/4/21 9:01 PM, James Bottomley wrote:
> On Thu, 2021-02-04 at 20:44 -0500, Stefan Berger wrote:
>> To clarify: When I tested this I had *both* patches applied. Without
>> the patches I got the null pointer exception in tpm2_del_space(). The
>> 2nd patch alone solves that issue when using the steps above.
>
> Yes, I can't confirm the bug either. I only have lpc tis devices, so
> it could be something to do with spi, but when I do
I can confirm this bug:
insmod /usr/lib/modules/5.10.0+/extra/tpm.ko ; insmod
/usr/lib/modules/5.10.0+/extra/tpm_vtpm_proxy.ko
swtpm chardev --vtpm-proxy --tpm2 --tpmstate dir=./ &
exec 100<>/dev/tpmrm0
kill -9 <swtpm pid>
rmmod tpm_vtpm_proxy
echo -en '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00' >&100
[ 167.289390] [c000000015d6fb60] [c0000000007d3ac0]
refcount_warn_saturate+0x210/0x230 (unreliable)
[ 167.290392] [c000000015d6fbc0] [c000000000831328] kobject_put+0x1b8/0x2e0
[ 167.291398] [c000000015d6fc50] [c000000000955548] put_device+0x28/0x40
[ 167.292409] [c000000015d6fc70] [c0080000008609a8]
tpm_try_get_ops+0xb0/0x100 [tpm]
[ 167.293417] [c000000015d6fcb0] [c008000000861864]
tpm_common_write+0x15c/0x250 [tpm]
[ 167.294429] [c000000015d6fd20] [c0000000004be190] vfs_write+0xf0/0x380
[ 167.295437] [c000000015d6fd70] [c0000000004be6c8] ksys_write+0x78/0x130
[ 167.296450] [c000000015d6fdc0] [c00000000003377c]
system_call_exception+0x15c/0x270
[ 167.297461] [c000000015d6fe20] [c00000000000d960]
system_call_common+0xf0/0x27c
With this patch applied this error here is gone. Just have make sure to
replace tpm.ko and tpm_vtpm_proxy.ko, not just the latter.
So my Tested-By is good for both patches.
Stefan
Powered by blists - more mailing lists