tpm: Use the right clean up after cdev_add completes

Message ID	20170223211914.GA12752@obsidianresearch.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> Date: Thu, 23 Feb 2017 14:19:14 -0700 From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org Subject: [PATCH] tpm: Use the right clean up after cdev_add completes Message-ID: <20170223211914.GA12752@obsidianresearch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk

Message ID

20170223211914.GA12752@obsidianresearch.com (mailing list archive)

State

New, archived

Headers

Date: Thu, 23 Feb 2017 14:19:14 -0700
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org
Subject: [PATCH] tpm: Use the right clean up after cdev_add completes
Message-ID: <20170223211914.GA12752@obsidianresearch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk

Commit Message

Jason Gunthorpe Feb. 23, 2017, 9:19 p.m. UTC

Once cdev_add is done the device node is visible to user space and
could have been opened. Thus we have to go through the locking
process in tpm_del_char_device if device_add fails.

Fixes: 2c91ce8523a ("tpm: fix the rollback in tpm_chip_register()")
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
---
 drivers/char/tpm/tpm-chip.c | 43 ++++++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

static function moved to avoid a prototype

This was noticed while reviewing the cdev patchset from Logan

Comments

Jarkko Sakkinen Feb. 24, 2017, 4:09 p.m. UTC | #1

On Thu, Feb 23, 2017 at 02:19:14PM -0700, Jason Gunthorpe wrote:
> Once cdev_add is done the device node is visible to user space and
> could have been opened. Thus we have to go through the locking
> process in tpm_del_char_device if device_add fails.
> 
> Fixes: 2c91ce8523a ("tpm: fix the rollback in tpm_chip_register()")
> Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>

Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

> ---
>  drivers/char/tpm/tpm-chip.c | 43 ++++++++++++++++++++++---------------------
>  1 file changed, 22 insertions(+), 21 deletions(-)
> 
> static function moved to avoid a prototype
> 
> This was noticed while reviewing the cdev patchset from Logan
> 
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index a77262d31911a1..c82acf0a6e7353 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -226,6 +226,26 @@ struct tpm_chip *tpmm_chip_alloc(struct device *pdev,
>  }
>  EXPORT_SYMBOL_GPL(tpmm_chip_alloc);
>  
> +static void tpm_del_char_device(struct tpm_chip *chip, bool with_device)
> +{
> +	cdev_del(&chip->cdev);
> +	if (with_device) {
> +		device_del(&chip->dev);
> +
> +		/* Make the chip unavailable. */
> +		mutex_lock(&idr_lock);
> +		idr_replace(&dev_nums_idr, NULL, chip->dev_num);
> +		mutex_unlock(&idr_lock);
> +	}
> +
> +	/* Make the driver uncallable. */
> +	down_write(&chip->ops_sem);
> +	if (chip->flags & TPM_CHIP_FLAG_TPM2)
> +		tpm2_shutdown(chip, TPM2_SU_CLEAR);
> +	chip->ops = NULL;
> +	up_write(&chip->ops_sem);
> +}
> +
>  static int tpm_add_char_device(struct tpm_chip *chip)
>  {
>  	int rc;
> @@ -246,8 +266,7 @@ static int tpm_add_char_device(struct tpm_chip *chip)
>  			"unable to device_register() %s, major %d, minor %d, err=%d\n",
>  			dev_name(&chip->dev), MAJOR(chip->dev.devt),
>  			MINOR(chip->dev.devt), rc);
> -
> -		cdev_del(&chip->cdev);
> +		tpm_del_char_device(chip, false);
>  		return rc;
>  	}
>  
> @@ -259,24 +278,6 @@ static int tpm_add_char_device(struct tpm_chip *chip)
>  	return rc;
>  }
>  
> -static void tpm_del_char_device(struct tpm_chip *chip)
> -{
> -	cdev_del(&chip->cdev);
> -	device_del(&chip->dev);
> -
> -	/* Make the chip unavailable. */
> -	mutex_lock(&idr_lock);
> -	idr_replace(&dev_nums_idr, NULL, chip->dev_num);
> -	mutex_unlock(&idr_lock);
> -
> -	/* Make the driver uncallable. */
> -	down_write(&chip->ops_sem);
> -	if (chip->flags & TPM_CHIP_FLAG_TPM2)
> -		tpm2_shutdown(chip, TPM2_SU_CLEAR);
> -	chip->ops = NULL;
> -	up_write(&chip->ops_sem);
> -}
> -
>  static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
>  {
>  	struct attribute **i;
> @@ -384,6 +385,6 @@ void tpm_chip_unregister(struct tpm_chip *chip)
>  {
>  	tpm_del_legacy_sysfs(chip);
>  	tpm_bios_log_teardown(chip);
> -	tpm_del_char_device(chip);
> +	tpm_del_char_device(chip, true);
>  }
>  EXPORT_SYMBOL_GPL(tpm_chip_unregister);
> -- 
> 2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Jarkko Sakkinen Feb. 24, 2017, 5:43 p.m. UTC | #2

On Thu, Feb 23, 2017 at 02:19:14PM -0700, Jason Gunthorpe wrote:
> Once cdev_add is done the device node is visible to user space and
> could have been opened. Thus we have to go through the locking
> process in tpm_del_char_device if device_add fails.
> 
> Fixes: 2c91ce8523a ("tpm: fix the rollback in tpm_chip_register()")
> Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>

Pushed.

/Jarkko

> ---
>  drivers/char/tpm/tpm-chip.c | 43 ++++++++++++++++++++++---------------------
>  1 file changed, 22 insertions(+), 21 deletions(-)
> 
> static function moved to avoid a prototype
> 
> This was noticed while reviewing the cdev patchset from Logan
> 
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index a77262d31911a1..c82acf0a6e7353 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -226,6 +226,26 @@ struct tpm_chip *tpmm_chip_alloc(struct device *pdev,
>  }
>  EXPORT_SYMBOL_GPL(tpmm_chip_alloc);
>  
> +static void tpm_del_char_device(struct tpm_chip *chip, bool with_device)
> +{
> +	cdev_del(&chip->cdev);
> +	if (with_device) {
> +		device_del(&chip->dev);
> +
> +		/* Make the chip unavailable. */
> +		mutex_lock(&idr_lock);
> +		idr_replace(&dev_nums_idr, NULL, chip->dev_num);
> +		mutex_unlock(&idr_lock);
> +	}
> +
> +	/* Make the driver uncallable. */
> +	down_write(&chip->ops_sem);
> +	if (chip->flags & TPM_CHIP_FLAG_TPM2)
> +		tpm2_shutdown(chip, TPM2_SU_CLEAR);
> +	chip->ops = NULL;
> +	up_write(&chip->ops_sem);
> +}
> +
>  static int tpm_add_char_device(struct tpm_chip *chip)
>  {
>  	int rc;
> @@ -246,8 +266,7 @@ static int tpm_add_char_device(struct tpm_chip *chip)
>  			"unable to device_register() %s, major %d, minor %d, err=%d\n",
>  			dev_name(&chip->dev), MAJOR(chip->dev.devt),
>  			MINOR(chip->dev.devt), rc);
> -
> -		cdev_del(&chip->cdev);
> +		tpm_del_char_device(chip, false);
>  		return rc;
>  	}
>  
> @@ -259,24 +278,6 @@ static int tpm_add_char_device(struct tpm_chip *chip)
>  	return rc;
>  }
>  
> -static void tpm_del_char_device(struct tpm_chip *chip)
> -{
> -	cdev_del(&chip->cdev);
> -	device_del(&chip->dev);
> -
> -	/* Make the chip unavailable. */
> -	mutex_lock(&idr_lock);
> -	idr_replace(&dev_nums_idr, NULL, chip->dev_num);
> -	mutex_unlock(&idr_lock);
> -
> -	/* Make the driver uncallable. */
> -	down_write(&chip->ops_sem);
> -	if (chip->flags & TPM_CHIP_FLAG_TPM2)
> -		tpm2_shutdown(chip, TPM2_SU_CLEAR);
> -	chip->ops = NULL;
> -	up_write(&chip->ops_sem);
> -}
> -
>  static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
>  {
>  	struct attribute **i;
> @@ -384,6 +385,6 @@ void tpm_chip_unregister(struct tpm_chip *chip)
>  {
>  	tpm_del_legacy_sysfs(chip);
>  	tpm_bios_log_teardown(chip);
> -	tpm_del_char_device(chip);
> +	tpm_del_char_device(chip, true);
>  }
>  EXPORT_SYMBOL_GPL(tpm_chip_unregister);
> -- 
> 2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Jarkko Sakkinen Feb. 24, 2017, 8:59 p.m. UTC | #3

On Fri, Feb 24, 2017 at 07:43:54PM +0200, Jarkko Sakkinen wrote:
> On Thu, Feb 23, 2017 at 02:19:14PM -0700, Jason Gunthorpe wrote:
> > Once cdev_add is done the device node is visible to user space and
> > could have been opened. Thus we have to go through the locking
> > process in tpm_del_char_device if device_add fails.
> > 
> > Fixes: 2c91ce8523a ("tpm: fix the rollback in tpm_chip_register()")
> > Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
> 
> Pushed.

It would make easier to merge this with resource manager commits if
there was instead

void tpm_chip_shutdown(struct tpm_chip *chip)
{
	/* Make the driver uncallable. */
	down_write(&chip->ops_sem);
	if (chip->flags & TPM_CHIP_FLAG_TPM2)
		tpm2_shutdown(chip, TPM2_SU_CLEAR);
	chip->ops = NULL;
	up_write(&chip->ops_sem);
}

And you would call this instead of wiring into tpm_del_char_device.

I can update the commit.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Jarkko Sakkinen Feb. 24, 2017, 9:11 p.m. UTC | #4

On Fri, Feb 24, 2017 at 10:59:49PM +0200, Jarkko Sakkinen wrote:
> On Fri, Feb 24, 2017 at 07:43:54PM +0200, Jarkko Sakkinen wrote:
> > On Thu, Feb 23, 2017 at 02:19:14PM -0700, Jason Gunthorpe wrote:
> > > Once cdev_add is done the device node is visible to user space and
> > > could have been opened. Thus we have to go through the locking
> > > process in tpm_del_char_device if device_add fails.
> > > 
> > > Fixes: 2c91ce8523a ("tpm: fix the rollback in tpm_chip_register()")
> > > Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
> > 
> > Pushed.
> 
> It would make easier to merge this with resource manager commits if
> there was instead
> 
> void tpm_chip_shutdown(struct tpm_chip *chip)
> {
> 	/* Make the driver uncallable. */
> 	down_write(&chip->ops_sem);
> 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
> 		tpm2_shutdown(chip, TPM2_SU_CLEAR);
> 	chip->ops = NULL;
> 	up_write(&chip->ops_sem);
> }
> 
> And you would call this instead of wiring into tpm_del_char_device.
> 
> I can update the commit.
> 
> /Jarkko

Actually lets keep as it is. I'll extend tpm_del_char_device a bit
instead in the RM series.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index a77262d31911a1..c82acf0a6e7353 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -226,6 +226,26 @@  struct tpm_chip *tpmm_chip_alloc(struct device *pdev,
 }
 EXPORT_SYMBOL_GPL(tpmm_chip_alloc);
 
+static void tpm_del_char_device(struct tpm_chip *chip, bool with_device)
+{
+	cdev_del(&chip->cdev);
+	if (with_device) {
+		device_del(&chip->dev);
+
+		/* Make the chip unavailable. */
+		mutex_lock(&idr_lock);
+		idr_replace(&dev_nums_idr, NULL, chip->dev_num);
+		mutex_unlock(&idr_lock);
+	}
+
+	/* Make the driver uncallable. */
+	down_write(&chip->ops_sem);
+	if (chip->flags & TPM_CHIP_FLAG_TPM2)
+		tpm2_shutdown(chip, TPM2_SU_CLEAR);
+	chip->ops = NULL;
+	up_write(&chip->ops_sem);
+}
+
 static int tpm_add_char_device(struct tpm_chip *chip)
 {
 	int rc;
@@ -246,8 +266,7 @@  static int tpm_add_char_device(struct tpm_chip *chip)
 			"unable to device_register() %s, major %d, minor %d, err=%d\n",
 			dev_name(&chip->dev), MAJOR(chip->dev.devt),
 			MINOR(chip->dev.devt), rc);
-
-		cdev_del(&chip->cdev);
+		tpm_del_char_device(chip, false);
 		return rc;
 	}
 
@@ -259,24 +278,6 @@  static int tpm_add_char_device(struct tpm_chip *chip)
 	return rc;
 }
 
-static void tpm_del_char_device(struct tpm_chip *chip)
-{
-	cdev_del(&chip->cdev);
-	device_del(&chip->dev);
-
-	/* Make the chip unavailable. */
-	mutex_lock(&idr_lock);
-	idr_replace(&dev_nums_idr, NULL, chip->dev_num);
-	mutex_unlock(&idr_lock);
-
-	/* Make the driver uncallable. */
-	down_write(&chip->ops_sem);
-	if (chip->flags & TPM_CHIP_FLAG_TPM2)
-		tpm2_shutdown(chip, TPM2_SU_CLEAR);
-	chip->ops = NULL;
-	up_write(&chip->ops_sem);
-}
-
 static void tpm_del_legacy_sysfs(struct tpm_chip *chip)
 {
 	struct attribute **i;
@@ -384,6 +385,6 @@  void tpm_chip_unregister(struct tpm_chip *chip)
 {
 	tpm_del_legacy_sysfs(chip);
 	tpm_bios_log_teardown(chip);
-	tpm_del_char_device(chip);
+	tpm_del_char_device(chip, true);
 }
 EXPORT_SYMBOL_GPL(tpm_chip_unregister);

tpm: Use the right clean up after cdev_add completes

Commit Message

Comments

Patch