From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Hon Ching(Vicky) Lo" <honclo@linux.vnet.ibm.com>,
Jarkko Sakkine <jarkko.sakkinen@linux.intel.com>
Subject: [PATCH 4.9 57/60] vTPM: Fix missing NULL check
Date: Mon, 19 Jun 2017 23:17:51 +0800 [thread overview]
Message-ID: <20170619151646.914771352@linuxfoundation.org> (raw)
In-Reply-To: <20170619151644.680979056@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hon Ching \(Vicky\) Lo <honclo@linux.vnet.ibm.com>
commit 31574d321c70f6d3b40fe98f9b2eafd9a903fef9 upstream.
The current code passes the address of tpm_chip as the argument to
dev_get_drvdata() without prior NULL check in
tpm_ibmvtpm_get_desired_dma. This resulted an oops during kernel
boot when vTPM is enabled in Power partition configured in active
memory sharing mode.
The vio_driver's get_desired_dma() is called before the probe(), which
for vtpm is tpm_ibmvtpm_probe, and it's this latter function that
initializes the driver and set data. Attempting to get data before
the probe() caused the problem.
This patch adds a NULL check to the tpm_ibmvtpm_get_desired_dma.
fixes: 9e0d39d8a6a0 ("tpm: Remove useless priv field in struct tpm_vendor_specific")
Signed-off-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkine <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_ibmvtpm.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/drivers/char/tpm/tpm_ibmvtpm.c
@@ -295,6 +295,8 @@ static int tpm_ibmvtpm_remove(struct vio
}
kfree(ibmvtpm);
+ /* For tpm_ibmvtpm_get_desired_dma */
+ dev_set_drvdata(&vdev->dev, NULL);
return 0;
}
@@ -309,13 +311,16 @@ static int tpm_ibmvtpm_remove(struct vio
static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev)
{
struct tpm_chip *chip = dev_get_drvdata(&vdev->dev);
- struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev);
+ struct ibmvtpm_dev *ibmvtpm;
- /* ibmvtpm initializes at probe time, so the data we are
- * asking for may not be set yet. Estimate that 4K required
- * for TCE-mapped buffer in addition to CRQ.
- */
- if (!ibmvtpm)
+ /*
+ * ibmvtpm initializes at probe time, so the data we are
+ * asking for may not be set yet. Estimate that 4K required
+ * for TCE-mapped buffer in addition to CRQ.
+ */
+ if (chip)
+ ibmvtpm = dev_get_drvdata(&chip->dev);
+ else
return CRQ_RES_BUF_SIZE + PAGE_SIZE;
return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;
next prev parent reply other threads:[~2017-06-19 15:30 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-19 15:16 [PATCH 4.9 00/60] 4.9.34-stable review Greg Kroah-Hartman
2017-06-19 15:16 ` [PATCH 4.9 01/60] fs: pass on flags in compat_writev Greg Kroah-Hartman
2017-06-19 15:16 ` [PATCH 4.9 02/60] configfs: Fix race between create_link and configfs_rmdir Greg Kroah-Hartman
2017-06-19 15:16 ` [PATCH 4.9 03/60] can: gs_usb: fix memory leak in gs_cmd_reset() Greg Kroah-Hartman
2017-06-19 15:16 ` [PATCH 4.9 04/60] ila_xlat: add missing hash secret initialization Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 06/60] [media] vb2: Fix an off by one error in vb2_plane_vaddr Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 07/60] mac80211: dont look at the PM bit of BAR frames Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 08/60] mac80211/wpa: use constant time memory comparison for MACs Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 09/60] drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 10/60] drm/i915: Fix GVT-g PVINFO version compatibility check Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 11/60] usb: musb: dsps: keep VBUS on for host-only mode Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 13/60] mac80211: fix packet statistics for fast-RX Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 14/60] mac80211: fix IBSS presp allocation size Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 15/60] mac80211: strictly check mesh address extension mode Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 16/60] mac80211: fix dropped counter in multiqueue RX Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 17/60] mac80211: dont send SMPS action frame in AP mode when not needed Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 18/60] drm/mediatek: fix mtk_hdmi_setup_vendor_specific_infoframe mistake Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 19/60] drm/vc4: Fix OOPSes from trying to cache a partially constructed BO Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 21/60] serial: sh-sci: Fix late enablement of AUTORTS Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 22/60] x86/mm/32: Set the __vmalloc_start_set flag in initmem_init() Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 23/60] mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 24/60] staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data() Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 25/60] staging: iio: tsl2x7x_core: Fix standard deviation calculation Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 26/60] iio: st_pressure: Fix data sign Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 27/60] iio: proximity: as3935: recalibrate RCO after resume Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 28/60] iio: adc: ti_am335x_adc: allocating too much in probe Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 29/60] IB/mlx5: Fix kernel to user leak prevention logic Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 30/60] usb: gadget: udc: renesas_usb3: fix pm_runtime functions calling Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 31/60] usb: gadget: udc: renesas_usb3: fix deadlock by spinlock Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 32/60] usb: gadget: udc: renesas_usb3: lock for PN_ registers access Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 33/60] USB: hub: fix SS max number of ports Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 34/60] usb: core: fix potential memory leak in error path during hcd creation Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 35/60] USB: usbip: fix nonconforming hub descriptor Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 36/60] [media] pvrusb2: reduce stack usage pvr2_eeprom_analyze() Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 37/60] USB: gadget: dummy_hcd: fix hub-descriptor removable fields Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 38/60] usb: r8a66597-hcd: select a different endpoint on timeout Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 39/60] usb: r8a66597-hcd: decrease timeout Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 40/60] ath10k: fix napi crash during rmmod when probe firmware fails Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 41/60] misc: mic: double free on ioctl error path Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 42/60] drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR() Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 43/60] usb: xhci: Fix USB 3.1 supported protocol parsing Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 44/60] usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 45/60] USB: gadget: fix GPF in gadgetfs Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 46/60] USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 47/60] mm/memory-failure.c: use compound_head() flags for huge pages Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 48/60] swap: cond_resched in swap_cgroup_prepare() Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 49/60] iio: imu: inv_mpu6050: add accel lpf setting for chip >= MPU6500 Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 50/60] sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 51/60] genirq: Release resources in __setup_irq() error path Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 52/60] alarmtimer: Prevent overflow of relative timers Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 53/60] usb: gadget: composite: Fix function used to free memory Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 54/60] usb: dwc3: exynos fix axius clock error path to do cleanup Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 55/60] MIPS: Fix bnezc/jialc return address calculation Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 56/60] MIPS: .its targets depend on vmlinux Greg Kroah-Hartman
2017-06-19 15:17 ` Greg Kroah-Hartman [this message]
2017-06-19 15:17 ` [PATCH 4.9 58/60] crypto: Work around deallocated stack frame reference gcc bug on sparc Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 59/60] alarmtimer: Rate limit periodic intervals Greg Kroah-Hartman
2017-06-19 15:17 ` [PATCH 4.9 60/60] mm: larger stack guard gap, between vmas Greg Kroah-Hartman
2017-06-20 0:10 ` [PATCH 4.9 00/60] 4.9.34-stable review Guenter Roeck
2017-06-20 10:57 ` Sumit Semwal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170619151646.914771352@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=honclo@linux.vnet.ibm.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).