From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Subject: Re: [PATCH] tpm: don't destroy chip device prematurely Date: Tue, 4 Oct 2016 08:19:46 +0300 Message-ID: <20161004051946.GA10572@intel.com> References: <1475393971-12715-1-git-send-email-tomas.winkler@intel.com> <20161002101755.GA25844@intel.com> <20161002102455.GA27464@intel.com> <20161002212126.GA25872@obsidianresearch.com> <5B8DA87D05A7694D9FA63FD143655C1B542F466B@hasmsx108.ger.corp.intel.com> <20161003124836.GE9990@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20161003124836.GE9990-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: "Winkler, Tomas" Cc: "tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org" , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" List-Id: tpmdd-devel@lists.sourceforge.net On Mon, Oct 03, 2016 at 03:48:36PM +0300, Jarkko Sakkinen wrote: > On Mon, Oct 03, 2016 at 07:05:48AM +0000, Winkler, Tomas wrote: > > > > > On Sun, Oct 02, 2016 at 01:24:55PM +0300, Jarkko Sakkinen wrote: > > > > On Sun, Oct 02, 2016 at 01:17:55PM +0300, Jarkko Sakkinen wrote: > > > > > On Sun, Oct 02, 2016 at 10:39:31AM +0300, Tomas Winkler wrote: > > > > > > In tpm_del_char_device device_del is called prior to tpm2_shutdown > > > > > > where it is still used. > > > > > > > > > > > > Fortunately, so far chip->dev was used only for printouts int > > > > > > tpm2_shutdown flow, hence system didn't crash. But with the > > > > > > introduction of runtime power management it will result in > > > > > > shutting down the parent device while it still in use. > > > > > > > > > > > > Fixes: 20e0152393b41 ("tpm: fix crash in tpm_tis > > > > > > deinitialization") > > > > > > Signed-off-by: Tomas Winkler > > > > > > > > > > Tested-by: Jarkko Sakkinen > > > > > Reviewed-by: Jarkko Sakkinen > > > > > > > > Applied. > > > > > > This patch is wrong, I though the comments were clear. All entry points to find > > > the device must be deleted before we commit to shutting down the device. > > > > > > You need to figure out some other way to solve your problem. > > > > Please be more specific regarding flows you think will be wrong with > > this patch, you must agree that the current code is broken even w/o > > runtime pm. > > Make the driver uncallable first. The worst race that can happen is that > open("/dev/tpm0", ...) returns -EPIPE. I do not consider this fatal at > all. No responses for this reasonable proposal so I'll show what I mean: /* Make the driver uncallable. */ down_write(&chip->ops_sem); if (chip->flags & TPM_CHIP_FLAG_TPM2) tpm2_shutdown(chip, TPM2_SU_CLEAR); chip->ops = NULL; up_write(&chip->ops_sem); cdev_del(&chip->cdev); device_del(&chip->dev); /* Make the chip unavailable. */ mutex_lock(&idr_lock); idr_replace(&dev_nums_idr, NULL, chip->dev_num); mutex_unlock(&idr_lock); The worst thing that can happen is -EPIPE. /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot