APPLIED: [Vivid][PATCH] tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma

Leann Ogasawara leann.ogasawara at canonical.com
Wed Feb 18 03:36:16 UTC 2015 

Applied to Vivid master-next and unstable branches.

Thanks,
Leann

On Fri, 2015-02-13 at 15:57 -0600, Chris J Arges wrote:
> From: "Hon Ching (Vicky) Lo" <honclo at linux.vnet.ibm.com>
> 
> There was an oops in tpm_ibmvtpm_get_desired_dma, which caused
> kernel panic during boot when vTPM is enabled in Power partition
> configured in AMS mode.
> 
> vio_bus_probe calls vio_cmo_bus_probe which calls
> tpm_ibmvtpm_get_desired_dma to get the size needed for DMA allocation.
> The problem is, vio_cmo_bus_probe is called before calling probe, which
> for vtpm is tpm_ibmvtpm_probe and it's this function that initializes
> and sets up vtpm's CRQ and gets required data values.  Therefore,
> since this has not yet been done, NULL is returned in attempt to get
> the size for DMA allocation.
> 
> We added a NULL check.  In addition, a default buffer size will
> be set when NULL is returned.
> 
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Hon Ching (Vicky) Lo <honclo at linux.vnet.ibm.com>
> Signed-off-by: Peter Huewe <peterhuewe at gmx.de>
> (cherry picked from commit 84eb186bc37c0900b53077ca21cf6dd15823a232)
> Signed-off-by: Chris J Arges <chris.j.arges at canonical.com>
> ---
>  drivers/char/tpm/tpm_ibmvtpm.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
> index af74c57..4109222 100644
> --- a/drivers/char/tpm/tpm_ibmvtpm.c
> +++ b/drivers/char/tpm/tpm_ibmvtpm.c
> @@ -307,6 +307,14 @@ static int tpm_ibmvtpm_remove(struct vio_dev *vdev)
>  static unsigned long tpm_ibmvtpm_get_desired_dma(struct vio_dev *vdev)
>  {
>  	struct ibmvtpm_dev *ibmvtpm = ibmvtpm_get_data(&vdev->dev);
> +
> +	/* ibmvtpm initializes at probe time, so the data we are
> +	* asking for may not be set yet. Estimate that 4K required
> +	* for TCE-mapped buffer in addition to CRQ.
> +	*/
> +	if (!ibmvtpm)
> +		return CRQ_RES_BUF_SIZE + PAGE_SIZE;
> +
>  	return CRQ_RES_BUF_SIZE + ibmvtpm->rtce_size;
>  }
>  
> -- 
> 1.9.1
> 
>

More information about the kernel-team mailing list