Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip

[PATCH v3 0/2] TPM fixes · Lino Sanfilippo <LinoSanfilippo@gmx.de> · 2021-02-04
[PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Lino Sanfilippo <LinoSanfilippo@gmx.de> · 2021-02-04
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Stefan Berger <stefanb@linux.ibm.com> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Stefan Berger <stefanb@linux.ibm.com> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · James Bottomley <James.Bottomley@HansenPartnership.com> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Lino Sanfilippo <hidden> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Stefan Berger <stefanb@linux.ibm.com> · 2021-02-06
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Lino Sanfilippo <hidden> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Greg KH <gregkh@linuxfoundation.org> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-06
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Lino Sanfilippo <hidden> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Lino Sanfilippo <hidden> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Lino Sanfilippo <LinoSanfilippo@gmx.de> · 2021-02-05
Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-06
[PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Lino Sanfilippo <LinoSanfilippo@gmx.de> · 2021-02-04
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · James Bottomley <James.Bottomley@HansenPartnership.com> · 2021-02-05
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-05
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · James Bottomley <James.Bottomley@HansenPartnership.com> · 2021-02-05
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-05
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · James Bottomley <James.Bottomley@HansenPartnership.com> · 2021-02-05
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-06
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · James Bottomley <James.Bottomley@HansenPartnership.com> · 2021-02-06
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-06
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Lino Sanfilippo <hidden> · 2021-02-09
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jason Gunthorpe <jgg@ziepe.ca> · 2021-02-09
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Lino Sanfilippo <hidden> · 2021-02-09
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-12
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-12
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Lino Sanfilippo <LinoSanfilippo@gmx.de> · 2021-02-14
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Lino Sanfilippo <hidden> · 2021-02-05
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Lino Sanfilippo <LinoSanfilippo@gmx.de> · 2021-03-06
Re: [PATCH v3 2/2] tpm: in tpm2_del_space check if ops pointer is still valid · Greg KH <gregkh@linuxfoundation.org> · 2021-02-05

From: Lino Sanfilippo <hidden>
Date: 2021-02-05 11:02:10
Also in: linux-integrity, lkml

Hi,

On 05.02.21 03:01, James Bottomley wrote:

On Thu, 2021-02-04 at 20:44 -0500, Stefan Berger wrote:

quoted

To clarify: When I tested this I had *both* patches applied. Without
the patches I got the null pointer exception in tpm2_del_space(). The
2nd patch alone solves that issue when using the steps above.


Yes, I can't confirm the bug either.  I only have lpc tis devices, so
it could be something to do with spi, but when I do

python3 in one shell

quoted

fd = open("/dev/tpmrm0", "wb")

do rmmod tpm_tis in another shell

quoted

buf = bytearray(20)
fd.write(buf)


The issue is in the TPM chip driver code, so AFAIU it should not matter whether its
SPI or something else. Maybe check again, that the file is still open when 
tpm_tis is removed and the write actually comes after the rmmod?
Also note that there are some sanity checks in tpm_common_write() that the written
data has to pass to get to the point where tpm_try_get_ops() is called, which 
is the call that eventually triggers the bug.

so I don't see the oops you see on write.  However

quoted

quoted
quoted
fd.close()

And it oopses here in tpm2_del_space

James

Regards,
Lino

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help