On Fri, 2017-06-16 at 21:48 +0200, Manuel Lauss wrote:
> priv->cmd_size is never initialised if the cmd and rsp buffers reside
> at different addresses. Move initialisation to right after the buffer
> was mapped.
>
> This bug was introduced by commit aa77ea0e43dc5bb0c1dcc9bad76afa
> ("tpm/tpm_crb: cache cmd_size register value.").
Please, use a Fixes tag.
> Signed-off-by: Manuel Lauss <[email protected]>
> ---
> drivers/char/tpm/tpm_crb.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
> index b917b9d5f710..17d846d00417 100644
> --- a/drivers/char/tpm/tpm_crb.c
> +++ b/drivers/char/tpm/tpm_crb.c
> @@ -495,6 +495,8 @@ static int crb_map_io(struct acpi_device *device, struct
> crb_priv *priv,
> goto out;
> }
>
> + priv->cmd_size = cmd_size;
> +
Should be done only if rsp is succesfully mapped.
> memcpy_fromio(&rsp_pa, &priv->regs_t->ctrl_rsp_pa, 8);
> rsp_pa = le64_to_cpu(rsp_pa);
> rsp_size = crb_fixup_cmd_size(dev, &io_res, rsp_pa,
> @@ -515,8 +517,6 @@ static int crb_map_io(struct acpi_device *device, struct
> crb_priv *priv,
> goto out;
> }
>
> - priv->cmd_size = cmd_size;
> -
> priv->rsp = priv->cmd;
>
> out:
/Jarkko
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
