James Bottomley <jejb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote on 01/04/2017 01:19:36 PM:

> From: James Bottomley <jejb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> To: Stefan Berger/Watson/IBM@IBMUS, Jarkko Sakkinen 
> <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
> Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-
> devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, open list <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
> Date: 01/04/2017 01:19 PM
> Subject: Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 
commands
> 
> On Wed, 2017-01-04 at 13:04 -0500, Stefan Berger wrote:
> > Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> wrote on 01/02/2017
> > 08:22:08 AM:
> > 
> > > --- a/drivers/char/tpm/tpm2-cmd.c
> > > +++ b/drivers/char/tpm/tpm2-cmd.c
> > > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> > >   */
> > >  int tpm2_auto_startup(struct tpm_chip *chip)
> > >  {
> > > +   u32 nr_commands;
> > >     int rc;
> > > +   int i;
> > > 
> > >     rc = tpm_get_timeouts(chip);
> > >     if (rc)
> > > @@ -967,8 +969,49 @@ int tpm2_auto_startup(struct tpm_chip *chip)
> > >        }
> > >     }
> > > 
> > > +   rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands,
> > NULL);
> > > +   if (rc)
> > > +      return rc;
> > > +
> > > +   chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands,
> > > +                 GFP_KERNEL);
> > 
> > For some reason this devm_kzalloc bombs for the vtpm proxy driver. 
> > The only reason I could come up with is that it's being called before
> > tpm_add_char_device() has been called.
> 
> No, it should be sufficient that chip->dev be initialized (which it is
> in tpm_chip_alloc()).  What's the error you're getting?
> 
> It does look like the intention was to have non-devm with
> tpm_chip_alloc() and devm with tpmm_chip_alloc(), but devm_kzalloc
> should just work regardless because it's tied to the device model.

I am running a vtpm proxy test suite. Here's the error:

[   67.596172] tpm tpm1: Operation Canceled
[   67.699052] ------------[ cut here ]------------
[   67.699811] WARNING: CPU: 12 PID: 870 at mm/page_alloc.c:3511 
__alloc_pages_slowpath+0x771/0xaf0
[   67.701198] Modules linked in:
[   67.701400]  tpm_vtpm_proxy
[   67.701642]  nf_conntrack_netbios_ns nf_conntrack_broadcast
[   67.702450]  ip6t_rpfilter
[   67.702662]  ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat
[   67.703618]  ebtable_broute
[   67.703784]  bridge stp llc ebtable_filter
[   67.704213]  ebtables
[   67.704367]  ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
[   67.705310]  nf_nat_ipv6
[   67.705523]  ip6table_mangle ip6table_security ip6table_raw 
ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 
nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security 
iptable_raw nfsd auth_rpcgss nfs_acl lockd crc32c_intel tpm_tis 
virtio_balloon i2c_piix4 tpm_tis_core
[   67.711414]  i2c_core
[   67.711610]  joydev tpm pcspkr grace sunrpc
[   67.712170]  8139too
[   67.712360]  virtio_pci 8139cp virtio_ring serio_raw
[   67.713504]  ata_generic
[   67.713706]  mii floppy pata_acpi virtio
[   67.714891] CPU: 12 PID: 870 Comm: kworker/12:2 Not tainted 4.9.0-rc5+ 
#652
[   67.715054] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014
[   67.715054] Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy]
[   67.715054]  ffffc90002b6fa80 ffffffff8140cad1
[   67.715054]  0000000000000000
[   67.715054]  0000000000000000
[   67.715054]  ffffc90002b6fac0 ffffffff810a8b6b 00000db7aba7d298 
00000000026000c0
[   67.715054]  0000000000000000 0000000000000014 000000000260c0c0 
ffff8802aba7ca00
[   67.715054] Call Trace:
[   67.715054]  [<ffffffff8140cad1>] dump_stack+0x63/0x82
[   67.715054]  [<ffffffff810a8b6b>] __warn+0xcb/0xf0
[   67.715054]  [<ffffffff810a8c9d>] warn_slowpath_null+0x1d/0x20
[   67.715054]  [<ffffffff811da6f1>] __alloc_pages_slowpath+0x771/0xaf0
[   67.715054]  [<ffffffff811d95e6>] ? get_page_from_freelist+0x526/0xaf0
[   67.715054]  [<ffffffff8179e583>] ? __mutex_unlock_slowpath+0xe3/0x1a0
[   67.715054]  [<ffffffff811dad9f>] __alloc_pages_nodemask+0x32f/0x390
[   67.715054]  [<ffffffff8123a4fe>] kmalloc_large_node+0x7e/0xe0
[   67.715054]  [<ffffffff81241885>] 
__kmalloc_node_track_caller+0x225/0x2c0
[   67.715054]  [<ffffffffa00c0f42>] ? tpm2_auto_startup+0xa2/0x2e0 [tpm]
[   67.715054]  [<ffffffff815572b7>] devm_kmalloc+0x27/0x70
[   67.715054]  [<ffffffffa00c0f42>] tpm2_auto_startup+0xa2/0x2e0 [tpm]
[   67.715054]  [<ffffffffa00bf3bc>] tpm_chip_register+0x5c/0x200 [tpm]
[   67.715054]  [<ffffffffa029c309>] vtpm_proxy_work+0x19/0x40 
[tpm_vtpm_proxy]
[   67.715054]  [<ffffffff810c4593>] process_one_work+0x1f3/0x560
[   67.715054]  [<ffffffff810c4511>] ? process_one_work+0x171/0x560
[   67.715054]  [<ffffffff810c494e>] worker_thread+0x4e/0x480
[   67.715054]  [<ffffffff810c4900>] ? process_one_work+0x560/0x560
[   67.715054]  [<ffffffff810c4900>] ? process_one_work+0x560/0x560
[   67.715054]  [<ffffffff810ca994>] kthread+0xf4/0x110
[   67.715054]  [<ffffffff810ca8a0>] ? kthread_park+0x60/0x60
[   67.715054]  [<ffffffff817a1c15>] ret_from_fork+0x25/0x30
[   67.746343] ---[ end trace 4d9abf66365987bd ]---