From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: "Winkler, Tomas" <tomas.winkler@intel.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>
Subject: Re: [PATCH] tpm: fix incorrect success returns from tpm_try_transmit()
Date: Thu, 3 Jan 2019 17:03:47 +0200 [thread overview]
Message-ID: <20190103150347.GB17015@linux.intel.com> (raw)
In-Reply-To: <5B8DA87D05A7694D9FA63FD143655C1B9DA62640@hasmsx108.ger.corp.intel.com>
On Thu, Jan 03, 2019 at 01:37:09PM +0000, Winkler, Tomas wrote:
> >
> > On Mon, Dec 31, 2018 at 10:27:31AM -0800, James Bottomley wrote:
> > > Ever since 627448e85c766 "tpm: separate cmd_ready/go_idle from
> > > runtime_pm" we have been returning success from tpm_try_transmit()
> > > even if an error occurred. The reason is that the introduction of rc
> > > = tpm_go_idle() at the end of processing overwrites the value of rc if
> > > it contains an error code (mostly with success). Fix this by writing
> > > the return to a new variable rc1 instead.
> > >
> > > Fixes: 627448e85c766 "tpm: separate cmd_ready/go_idle from runtime_pm"
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> > >
> > > ---
> > >
> > > Note: the goto out looks fishy as well. The only go_idle implementor
> > > is tpm_crb and that can return a timeout as -ETIME, so it looks like
> > > it would then loop forever
> > >
> > > diff --git a/drivers/char/tpm/tpm-interface.c
> > > b/drivers/char/tpm/tpm-interface.c
> > > index 129f640424b7..ac7ebab6140c 100644
> > > --- a/drivers/char/tpm/tpm-interface.c
> > > +++ b/drivers/char/tpm/tpm-interface.c
> > > @@ -432,7 +432,7 @@ static ssize_t tpm_try_transmit(struct tpm_chip
> > *chip,
> > > unsigned int flags)
> > > {
> > > struct tpm_output_header *header = (void *)buf;
> > > - int rc;
> > > + int rc, rc1;
> > > ssize_t len = 0;
> > > u32 count, ordinal;
> > > unsigned long stop;
> > > @@ -547,8 +547,8 @@ static ssize_t tpm_try_transmit(struct tpm_chip
> > *chip,
> > > dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc);
> > >
> > > out:
> > > - rc = tpm_go_idle(chip, flags);
> > > - if (rc)
> > > + rc1 = tpm_go_idle(chip, flags);
> > > + if (rc1)
> > > goto out;
> > >
> > > if (need_locality)
> >
> > Thanks James and sorry for latency (holiday season). Just a small suggestion. I
> > would just:
> >
> > if (tpm_go_idle(chip, flags))
> > goto out;
> >
> > What do you think?
>
>
> This is wrong as well because of the jump to 'out'.
> I've introduced this bug in version 4 of the patch, when the wrappers were added, before the jump to 'out' was correct.
> If it's okay with you I will post my version of the fix.
> Thanks
> Tomas
Works for me.
/Jarkko
next prev parent reply other threads:[~2019-01-03 15:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-31 18:27 [PATCH] tpm: fix incorrect success returns from tpm_try_transmit() James Bottomley
2019-01-03 12:59 ` Jarkko Sakkinen
2019-01-03 13:37 ` Winkler, Tomas
2019-01-03 15:03 ` Jarkko Sakkinen [this message]
2019-01-03 15:23 ` James Bottomley
2019-01-03 15:34 ` Winkler, Tomas
2019-01-03 16:17 ` James Bottomley
2019-01-10 17:16 ` Jarkko Sakkinen
2019-01-10 17:16 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190103150347.GB17015@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=linux-integrity@vger.kernel.org \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.