From patchwork Wed Dec 20 18:08:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Gunthorpe X-Patchwork-Id: 10126223 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6EB2760245 for ; Wed, 20 Dec 2017 18:09:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 660842984E for ; Wed, 20 Dec 2017 18:09:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 59C662985A; Wed, 20 Dec 2017 18:09:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 055A82984E for ; Wed, 20 Dec 2017 18:09:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756124AbdLTSJA (ORCPT ); Wed, 20 Dec 2017 13:09:00 -0500 Received: from mail-it0-f65.google.com ([209.85.214.65]:38797 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756029AbdLTSI5 (ORCPT ); Wed, 20 Dec 2017 13:08:57 -0500 Received: by mail-it0-f65.google.com with SMTP id r6so7841216itr.3 for ; Wed, 20 Dec 2017 10:08:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=tb341LbFO7JeWTbeWCYWEO85AG6tjmwaACH/s/XWosE=; b=VpQ5qk2hA+07HKOImpzQgCEcAsNVbQ+Jc4lI/ur3R374cSUjvMJUjCv/D543vJLLaV eB/5mWZJVyo2O66MUMpovM1DN69bJq/YEHC4y1nTPN6OI+Ak5LF9q7rvkiie/+JcgbHt udn4qZmIrfT6DqVFIC/89Y+pHCcqDgxQljrY3r3UElYPXnZY25RwuwuyKVpyZIOar8FO +s2146lw/UYRDmrEh2Aae4iKeyxaJK3AW4H6JQn8vOV/U4hY/qHXRpznmI59WT06pfJ3 O8RSBTuctkHoLwu3b84fZ0gCfiyP6MkTOGdg/HMW4z71bnYTmwLbbi7jvjJwUoENVXmw JwfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=tb341LbFO7JeWTbeWCYWEO85AG6tjmwaACH/s/XWosE=; b=UHvjlb4VKDeeU/iQ81mYamuGG7isiJJNbD7uDdxkgRM90P/zh9PAiQssJY/wJhgHSU BZwrjex07YpMasrdopksBgepvHoNPZa74+fJfYnTF5rb29j/uB1Yd1Y0kL/r/RC13dmT fOg8uf8SgzU6uvYYBXBZ/3oabYLiHjYy+lWrQ88/wqrgHyL6Zz3cnAg7nmlit7hUAHLm ldgxHgtmg2EhL22xwQEh0wn11LP+VpAABUJm5SwcsbUWzJK6I5x8hTfUos9T5dl+aSY8 j3q7ZkoO18RDTMQ7HRSWgqql5AE2CoaaHS0N0po2bBL/iMx0eGOFLO4pw3297uNnC771 TSdQ== X-Gm-Message-State: AKGB3mJ95fQ6YihEEVQuwtuUs7dkHW1waa2JP1+Bl5gYlo3BtTrLvjMa nVWtJNPZ/En+TfxBPX7b91Qf1w== X-Google-Smtp-Source: ACJfBotQMIagPQFTewRDgre+aOeirn0R1P44WFc6R0QMBmOFv4B17jvMTDJaRAPzB5wpdPZoMN4gpw== X-Received: by 10.36.85.142 with SMTP id e136mr8629703itb.52.1513793336826; Wed, 20 Dec 2017 10:08:56 -0800 (PST) Received: from ziepe.ca (S010614cc2056d97f.ed.shawcable.net. [70.74.179.152]) by smtp.gmail.com with ESMTPSA id h19sm9917814iod.85.2017.12.20.10.08.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Dec 2017 10:08:56 -0800 (PST) Received: from jgg by mlx.ziepe.ca with local (Exim 4.86_2) (envelope-from ) id 1eRinX-0007TR-AB; Wed, 20 Dec 2017 11:08:55 -0700 Date: Wed, 20 Dec 2017 11:08:55 -0700 From: Jason Gunthorpe To: Javier Martinez Canillas Cc: linux-kernel@vger.kernel.org, James Ettle , Hans de Goede , Azhar Shaikh , Arnd Bergmann , Jarkko Sakkinen , Peter Huewe , Greg Kroah-Hartman , linux-integrity@vger.kernel.org Subject: Re: [PATCH 1/4] tpm: fix access attempt to an already unmapped I/O memory region Message-ID: <20171220180855.GB22908@ziepe.ca> References: <20171220113538.16099-1-javierm@redhat.com> <20171220113538.16099-2-javierm@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20171220113538.16099-2-javierm@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Wed, Dec 20, 2017 at 12:35:35PM +0100, Javier Martinez Canillas wrote: > The driver maps the I/O memory address to control the LPC bus CLKRUN_EN, > but on the error path the memory is accessed by the .clk_enable handler > after this was already unmapped. So only unmap the I/O memory region if > it will not be used anymore. > > Also, the correct thing to do is to cleanup the resources in the inverse > order that were acquired to prevent issues like these. > > Signed-off-by: Javier Martinez Canillas > > drivers/char/tpm/tpm_tis_core.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c > index c2227983ed88..3455abbb2035 100644 > +++ b/drivers/char/tpm/tpm_tis_core.c Yoiks. This patch is helping but the more I look at this the wronger everything looks.. 1) tpm_chip_unregister makes chip->ops == NULL, so this sequence: static int tpm_tis_plat_remove(struct platform_device *pdev) tpm_chip_unregister(chip); tpm_tis_remove(chip); void tpm_tis_remove(struct tpm_chip *chip) if (chip->ops->clk_enable != NULL) Will oops 2) tpm_chip_register can also NULL ops in error cases, so this sequence can oops: rc = tpm_chip_register(chip); if (rc && is_bsw()) iounmap(priv->ilb_base_addr); if (chip->ops->clk_enable != NULL) chip->ops->clk_enable(chip, false); 3) iounmap should not be split between tpm_tis and tpm_tis_core Put it at the end of tpm_tis_remove. 4) This sequence: + return tpm_chip_register(chip); +out_err: + tpm_tis_remove(chip); + return rc; Doesn't look right. If tpm_chip_register fails then tpm_tis_remove will never be called. This was sort of OK when tpm_tis_remove didn't manage any resources, but now that it does the above needs fixing too. The below draft fixes everything except #1. That needs a more thoughtful idea.. Jason diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index d29add49b03388..09f18e2e644774 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -275,9 +275,6 @@ static void tpm_tis_pnp_remove(struct pnp_dev *dev) tpm_chip_unregister(chip); tpm_tis_remove(chip); - if (is_bsw()) - iounmap(priv->ilb_base_addr); - } static struct pnp_driver tis_pnp_driver = { @@ -328,10 +325,6 @@ static int tpm_tis_plat_remove(struct platform_device *pdev) tpm_chip_unregister(chip); tpm_tis_remove(chip); - - if (is_bsw()) - iounmap(priv->ilb_base_addr); - return 0; } diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index c2227983ed88d4..ffda1694a6aba3 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -727,6 +727,9 @@ void tpm_tis_remove(struct tpm_chip *chip) if (chip->ops->clk_enable != NULL) chip->ops->clk_enable(chip, false); + + if (priv->ilb_base_addr) + iounmap(priv->ilb_base_addr); } EXPORT_SYMBOL_GPL(tpm_tis_remove); @@ -921,22 +924,15 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, } } - rc = tpm_chip_register(chip); - if (rc && is_bsw()) - iounmap(priv->ilb_base_addr); - if (chip->ops->clk_enable != NULL) chip->ops->clk_enable(chip, false); - return rc; + rc = tpm_chip_register(chip); + if (rc): + goto out_err; + return 0; out_err: tpm_tis_remove(chip); - if (is_bsw()) - iounmap(priv->ilb_base_addr); - - if (chip->ops->clk_enable != NULL) - chip->ops->clk_enable(chip, false); - return rc; } EXPORT_SYMBOL_GPL(tpm_tis_core_init);