Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands

From: Jason Gunthorpe
Date: Wed Jan 04 2017 - 13:44:44 EST

Next message: David Miller: "Re: [PATCH net-next] net: phy: add extension of phy-mode for XLGMII"
Previous message: Srinivas Pandruvada: "Re: [PATCH 7/7] misc: intel-ish-client: add intel ishtp clients driver"
In reply to: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands"
Next in thread: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 04, 2017 at 01:04:59PM -0500, Stefan Berger wrote:

> > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> > */
> > int tpm2_auto_startup(struct tpm_chip *chip)
> > {
> > + u32 nr_commands;
> > int rc;
> > + int i;
> >
> > rc = tpm_get_timeouts(chip);
> > if (rc)
> > @@ -967,8 +969,49 @@ int tpm2_auto_startup(struct tpm_chip *chip)
> > }
> > }
> >
> > + rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands,
> NULL);
> > + if (rc)
> > + return rc;
> > +
> > + chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands,
> > + GFP_KERNEL);
> For some reason this devm_kzalloc bombs for the vtpm proxy driver. The
> only reason I could come up with is that it's being called before
> tpm_add_char_device() has been called.

It would also fail if nr_commands is wrong, and this should be one of
the array safe allocation functions since nr_command is data from the
TPM...

Jason

Next message: David Miller: "Re: [PATCH net-next] net: phy: add extension of phy-mode for XLGMII"
Previous message: Srinivas Pandruvada: "Re: [PATCH 7/7] misc: intel-ish-client: add intel ishtp clients driver"
In reply to: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands"
Next in thread: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]