From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nayna Subject: Re: [PATCH v4 3/8] tpm: validate event log access before tpm_bios_log_setup Date: Wed, 12 Oct 2016 10:46:22 +0530 Message-ID: <57FDC726.8010008@linux.vnet.ibm.com> References: <1475051682-23060-1-git-send-email-nayna@linux.vnet.ibm.com> <1475051682-23060-4-git-send-email-nayna@linux.vnet.ibm.com> <20161003171419.GE6801@obsidianresearch.com> <57F9C4C4.2070508@linux.vnet.ibm.com> <20161009232544.GC24139@obsidianresearch.com> <57FAF49D.7040009@linux.vnet.ibm.com> <20161010032113.GA26363@obsidianresearch.com> <57FB1551.9000806@linux.vnet.ibm.com> <20161011165143.GA6881@obsidianresearch.com> <57FD3949.9050302@linux.vnet.ibm.com> <20161011201558.GB21656@obsidianresearch.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20161011201558.GB21656-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Jason Gunthorpe Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On 10/12/2016 01:45 AM, Jason Gunthorpe wrote: > On Wed, Oct 12, 2016 at 12:41:05AM +0530, Nayna wrote: > >> Yeah, I actually tried this today. >> And on call of securityfs_remove(), release() gets called for the >> opened > > Are you saying securityfs_remove somehow causes a synchronous call to > release? How does that come about? > >> There are actually two private data: >> inode->private >> seq->private >> >> I understand inode->private is where we pass sfs_data has both chip and >> seqops. This is the one being used in open(), release() and defined as NULL >> in teardown(). > >> But seq->private is used by seq_ops. And I am still not sure how passing >> seq->private as chip can help. > >> I might be missing something basic, so can you please help me to understand >> that. > > open does: > > struct tpm_chip *chip = inode->i_private > get_device(&chip->dev); > seq = file->private_data; > seq->private = chip; Yeah, I realized later that I overlooked file->private_data. In total, there are three private actually. > > release does: > > struct seq_file *seq = file->private_data; > struct tpm_chip *chip = seq->private; > put_device(&chip->dev); > > seqops like tpm_bios_measurements_start do: > > struct tpm_chip *chip = m->private; > struct tpm_bios_log *log = &chip->log; > > [locking, error handling, and other stuff elided] > > open is the only thing that ever looks a inode->i_private. > > open krefs's chip and stores it in seq->private > > seqop accessors use seq->private->log to access the log, the memory of > which is guared by the kref. > > release drops the kref on chip and does not use inode->i_private Thanks for the detailed explanation. Thanks & Regards, - Nayna > > Jason > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot