Re: [PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c

From: Jason Gunthorpe
Date: Wed Oct 22 2014 - 13:27:01 EST

Next message: Peter Hurley: "Re: [PATCH -next 11/27] tty: Don't release tty locks for wait queue sanity check"
Previous message: Jiri Kosina: "Re: lockdep splat in CPU hotplug"
In reply to: Jarkko Sakkinen: "[PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 22, 2014 at 07:23:56PM +0300, Jarkko Sakkinen wrote:
> Traversal of the ACPI device tree was not done right. It should lookup
> PPI only under the ACPI device that it is associated. Otherwise, it could
> match to a wrong PPI interface if there are two TPM devices in the device
> tree.
>
> Removed global ACPI handle and version string from tpm_ppi.c as this
> is racy. Instead they should be associated with the chip.
>
> Moved code just a tiny bit towards two-phase allocation to implement
> fix for the PPI race conditions.

Not this version..

> Added missing copyright platter to tpm_ppi.c.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>

Reviewed-by: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>

I like this one the most of the three I've seen :)

Did you also look in tpm_acpi.c to see if it needs to use
acpi_dev_handle somehow too?

> + union acpi_object *obj;
> + struct kobject *parent = &chip->dev->kobj;

Nit, this variable is only used once, it would be clearer to inline

> + /* Cache PPI version string. */
> + obj = acpi_evaluate_dsm_typed(chip->acpi_dev_handle, tpm_ppi_uuid,
> + TPM_PPI_REVISION_ID, TPM_PPI_FN_VERSION,
> + NULL, ACPI_TYPE_STRING);
> + if (obj) {
> + strlcpy(chip->ppi_version, obj->string.pointer,
> + PPI_VERSION_LEN + 1);
> + ACPI_FREE(obj);
> + } else
> + return -ENOMEM;
> +
> + return chip->acpi_dev_handle ?
> + sysfs_create_group(parent, &ppi_attr_grp) : 0;

The above sequence can just be:

if (!obj)
return -ENOMEM;

strlcpy(chip->ppi_version, obj->string.pointer, sizeof(chip->ppi_version));
ACPI_FREE(obj);

return sysfs_create_group(&chip->dev->kobj, &ppi_attr_grp);

Which is more idiomatic. Also remove TPM_PPI_VERSION_LEN, sizeof is better.

I know nothing about acpi, but is ENOMEM the right code? I would think
acpi_evalute_dsm_typed would also fail if tpm_ppi_uuid is not found??

> + return chip->acpi_dev_handle ?
> + sysfs_create_group(parent, &ppi_attr_grp) : 0;

dev_handle is already checked to be non 0

> +void tpm_remove_ppi(struct tpm_chip *chip)
> + struct kobject *parent = &chip->dev->kobj;

Also used only once

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Hurley: "Re: [PATCH -next 11/27] tty: Don't release tty locks for wait queue sanity check"
Previous message: Jiri Kosina: "Re: lockdep splat in CPU hotplug"
In reply to: Jarkko Sakkinen: "[PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]