On Wed, Jan 04, 2017 at 01:04:59PM -0500, Stefan Berger wrote:
> > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> > */
> > int tpm2_auto_startup(struct tpm_chip *chip)
> > {
> > + u32 nr_commands;
> > int rc;
> > + int i;
> >
> > rc = tpm_get_timeouts(chip);
> > if (rc)
> > @@ -967,8 +969,49 @@ int tpm2_auto_startup(struct tpm_chip *chip)
> > }
> > }
> >
> > + rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands,
> NULL);
> > + if (rc)
> > + return rc;
> > +
> > + chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands,
> > + GFP_KERNEL);
> For some reason this devm_kzalloc bombs for the vtpm proxy driver. The
> only reason I could come up with is that it's being called before
> tpm_add_char_device() has been called.
It would also fail if nr_commands is wrong, and this should be one of
the array safe allocation functions since nr_command is data from the
TPM...
Jason
