On Mon, 2021-09-13 at 22:53 +0200, Lino Sanfilippo wrote:
Hi,
Gesendet: Montag, 13. September 2021 um 22:25 Uhr Von: "Jarkko Sakkinen" jarkko@kernel.org An: "Lino Sanfilippo" LinoSanfilippo@gmx.de, peterhuewe@gmx.de, jgg@ziepe.ca Cc: p.rosenberger@kunbus.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Betreff: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device()
On Fri, 2021-09-10 at 20:04 +0200, Lino Sanfilippo wrote:
In tpm_del_char_device() make sure that chip->ops is still valid. This check is needed since in case of a system shutdown tpm_class_shutdown() has already been called and set chip->ops to NULL. This leads to a NULL pointer access as soon as tpm_del_char_device() tries to access chip->ops in case of TPM 2.
Fixes: dcbeab1946454 ("tpm: fix crash in tpm_tis deinitialization") Cc: stable@vger.kernel.org Signed-off-by: Lino Sanfilippo LinoSanfilippo@gmx.de
Have you been able to reproduce this in some environment?
/Jarkko
Yes, this bug is reproducable on my system that is running a 5.10 raspberry kernel. I use a SLB 9670 which is connected via SPI.
Can you confirm that the lates mainline kernel has also this issue here? That is lacking in this fix.
It's obvious that the issue does not scale to every system, so it would nice to know the difference that triggers the issue, before applying this, and it also needs to be documented to the commit message.
/Jarkko