From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Gunthorpe Subject: Re: [PATCH RFC v2 5/5] tpm2: expose resource manager via a device link /dev/tpms Date: Thu, 12 Jan 2017 11:39:19 -0700 Message-ID: <20170112183919.GA12836@obsidianresearch.com> References: <20170112174612.9314-1-jarkko.sakkinen@linux.intel.com> <20170112174612.9314-6-jarkko.sakkinen@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20170112174612.9314-6-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Jarkko Sakkinen Cc: open list , James Bottomley , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On Thu, Jan 12, 2017 at 07:46:08PM +0200, Jarkko Sakkinen wrote: > struct tpm_chip { > - struct device dev; > - struct cdev cdev; > + struct device dev, devrm; Hum.. devrm adds a new kref but doesn't do anything with the release function, so that is going to use after free, ie here: > put_device(&chip->dev); >+ put_device(&chip->devrm); > return ERR_PTR(rc); And other places. One solution is to get_device(chip->dev) after device_initialize(dev->rm) and add a devrm->dev.release function to do put_device(chip->dev) Jason ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751109AbdALSlh (ORCPT ); Thu, 12 Jan 2017 13:41:37 -0500 Received: from quartz.orcorp.ca ([184.70.90.242]:41961 "EHLO quartz.orcorp.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750990AbdALSlf (ORCPT ); Thu, 12 Jan 2017 13:41:35 -0500 Date: Thu, 12 Jan 2017 11:39:19 -0700 From: Jason Gunthorpe To: Jarkko Sakkinen Cc: tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, James Bottomley , Peter Huewe , Marcel Selhorst , open list Subject: Re: [PATCH RFC v2 5/5] tpm2: expose resource manager via a device link /dev/tpms Message-ID: <20170112183919.GA12836@obsidianresearch.com> References: <20170112174612.9314-1-jarkko.sakkinen@linux.intel.com> <20170112174612.9314-6-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170112174612.9314-6-jarkko.sakkinen@linux.intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.156 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 12, 2017 at 07:46:08PM +0200, Jarkko Sakkinen wrote: > struct tpm_chip { > - struct device dev; > - struct cdev cdev; > + struct device dev, devrm; Hum.. devrm adds a new kref but doesn't do anything with the release function, so that is going to use after free, ie here: > put_device(&chip->dev); >+ put_device(&chip->devrm); > return ERR_PTR(rc); And other places. One solution is to get_device(chip->dev) after device_initialize(dev->rm) and add a devrm->dev.release function to do put_device(chip->dev) Jason