Kylene Hall wrote:
what is the purpose of this pci_dev_get/put? attempting to prevent hotplug or
something?
Seems that since there is a refernce to the device in the chip structure
and I am making the file private data pointer point to that chip structure
this is another reference that must be accounted for. If you remove it
with it open and attempt read or write bad things will happen. This isn't
really hotpluggable either as the TPM is on the motherboard.
My point was that there will always be a reference -anyway-, AFAICS.
There is a pci_dev reference assigned to the pci_driver when the PCI
driver is loaded, and all uses by the TPM generic code of this pointer
are -inside- the pci_driver's pci_dev object lifetime.
+
+ /* cannot perform a write until the read has cleared
+ either via tpm_read or a user_read_timer timeout */
+ while (atomic_read(&chip->data_pending) != 0) {
+ set_current_state(TASK_UNINTERRUPTIBLE);
+ schedule_timeout(TPM_TIMEOUT);
use msleep()
addressed in another patch by Nish
+ /* atomic tpm command send and result receive */
+ out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);
major bug? in_size may be smaller than TPM_BUFSIZE
chip->data_buffer is allocated in open and is always this size. The
operation needs to be atomic so the big buffer is to cover the size of a
potentially larger result. Only reading in_size from the user with
copy_from_user
You output -more- data than you have input.
AFAICS that's a security bug (data leak), unless you memset the data
area beforehand.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]