From f128480f39166c0a4475b6937e7e3e148b1caecc Mon Sep 17 00:00:00 2001
From: Manuel Lauss <manuel.lauss@gmail.com>
Date: Mon, 19 Jun 2017 08:27:17 +0200
Subject: [PATCH] tpm/tpm_crb: fix priv->cmd_size initialisation

References: bsc#1082555
Patch-mainline: v4.13-rc1
Git-commit: f128480f39166c0a4475b6937e7e3e148b1caecc

priv->cmd_size is never initialised if the cmd and rsp buffers reside
at different addresses.  Initialise it in the exit path of the function
when rsp buffer has also been successfully allocated.

Fixes: aa77ea0e43dc ("tpm/tpm_crb: cache cmd_size register value.").
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Acked-by: Michal Suchanek <msuchanek@suse.de>
---
 drivers/char/tpm/tpm_crb.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
index fe42c4a0d8d1..a4ac63a21d8a 100644
--- a/drivers/char/tpm/tpm_crb.c
+++ b/drivers/char/tpm/tpm_crb.c
@@ -514,11 +514,12 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv,
 		goto out;
 	}
 
-	priv->cmd_size = cmd_size;
-
 	priv->rsp = priv->cmd;
 
 out:
+	if (!ret)
+		priv->cmd_size = cmd_size;
+
 	crb_go_idle(dev, priv);
 
 	return ret;
-- 
2.13.6