tis: fix tpm_tis_remove()
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sun, 28 Nov 2021 23:03:44 +0000 (00:03 +0100)
committerIlias Apalodimas <ilias.apalodimas@linaro.org>
Tue, 30 Nov 2021 12:11:05 +0000 (14:11 +0200)
tpm_tis_remove() leads to calling tpm_tis_ready() with the IO region
unmapped and chip->locality == -1 (locality released). This leads to a
crash in mmio_write_bytes().

The patch implements these changes:

tpm_tis_remove(): Unmap the IO region after calling tpm_tis_cleanup().

tpm_tis_cleanup(): Request locality before IO output and releasing
locality.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
drivers/tpm/tpm2_tis_core.c
drivers/tpm/tpm2_tis_mmio.c

index ec8c730fe9068d1cd2454fe6d67b96195d7b8054..51392c4584986c83bdb5ebd39f8afed0a0e75506 100644 (file)
@@ -378,8 +378,14 @@ out:
 int tpm_tis_cleanup(struct udevice *dev)
 {
        struct tpm_chip *chip = dev_get_priv(dev);
+       int ret;
+
+       ret = tpm_tis_request_locality(dev, 0);
+       if (ret)
+               return ret;
 
        tpm_tis_ready(dev);
+
        tpm_tis_release_locality(dev, chip->locality);
 
        return 0;
index 9cedff222503b6fffd533128d610cf4ff34194f6..a646ce41ff4e05e8023eb10f7322de8ed5015c53 100644 (file)
@@ -118,10 +118,13 @@ iounmap:
 static int tpm_tis_remove(struct udevice *dev)
 {
        struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(dev);
+       int ret;
+
+       ret = tpm_tis_cleanup(dev);
 
        iounmap(drv_data->iobase);
 
-       return tpm_tis_cleanup(dev);
+       return ret;
 }
 
 static const struct tpm_ops tpm_tis_ops = {