Re: [PATCH v3 1/2] tpm: fix reference counting for struct tpm_chip
From: Stefan Berger
Date: Fri Feb 05 2021 - 19:09:00 EST
On 2/4/21 9:01 PM, James Bottomley wrote:
On Thu, 2021-02-04 at 20:44 -0500, Stefan Berger wrote:
To clarify: When I tested this I had *both* patches applied. Without
the patches I got the null pointer exception in tpm2_del_space(). The
2nd patch alone solves that issue when using the steps above.
Yes, I can't confirm the bug either. I only have lpc tis devices, so
it could be something to do with spi, but when I do
I can confirm this bug:
insmod /usr/lib/modules/5.10.0+/extra/tpm.ko ; insmod
/usr/lib/modules/5.10.0+/extra/tpm_vtpm_proxy.ko
swtpm chardev --vtpm-proxy --tpm2 --tpmstate dir=./ &
exec 100<>/dev/tpmrm0
kill -9 <swtpm pid>
rmmod tpm_vtpm_proxy
echo -en '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00' >&100
[ 167.289390] [c000000015d6fb60] [c0000000007d3ac0]
refcount_warn_saturate+0x210/0x230 (unreliable)
[ 167.290392] [c000000015d6fbc0] [c000000000831328] kobject_put+0x1b8/0x2e0
[ 167.291398] [c000000015d6fc50] [c000000000955548] put_device+0x28/0x40
[ 167.292409] [c000000015d6fc70] [c0080000008609a8]
tpm_try_get_ops+0xb0/0x100 [tpm]
[ 167.293417] [c000000015d6fcb0] [c008000000861864]
tpm_common_write+0x15c/0x250 [tpm]
[ 167.294429] [c000000015d6fd20] [c0000000004be190] vfs_write+0xf0/0x380
[ 167.295437] [c000000015d6fd70] [c0000000004be6c8] ksys_write+0x78/0x130
[ 167.296450] [c000000015d6fdc0] [c00000000003377c]
system_call_exception+0x15c/0x270
[ 167.297461] [c000000015d6fe20] [c00000000000d960]
system_call_common+0xf0/0x27c
With this patch applied this error here is gone. Just have make sure to
replace tpm.ko and tpm_vtpm_proxy.ko, not just the latter.
So my Tested-By is good for both patches.
Stefan