[BUG] tpm2_tis_mmio driver crashes on device_remove()
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Sun Nov 28 11:27:16 CET 2021
Hello Ilias,
I have compiled qemu_arm64_defconfig with CONFIG_CMD_EFIDEBUG=y and
CONFIG_CMD_UNBIND.
When I execute the commands
efidebug dh
unbind tpm 0
a crash occurs in tpm_tis_ready().
tpm_tis_remove() calls iounmmap() before calling tpm_tis_cleanup() which
invokes tpm_tis_ready(). tpm_tis_ready() writes to the unmapped IO.
You should not unmap the IO region before accessing it in
tpm_tis_ready(). But swapping these calls is not enough to fix the problem.
Best regards
Heinrich
More information about the U-Boot
mailing list