On Sun, Aug 12, 2018 at 02:48:34PM +0100, Sudip Mukherjee wrote:
Hi Greg,
On Sun, Jul 01, 2018 at 11:34:24AM +0200, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
The attached backported patch should apply to 4.4-stable tree. It will also apply to 4.9-stable.
It did not apply originally as patch was looking for the splitted files. The split was done by: ecb38e2f521b ("tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c")
-- Regards Sudip
From a8298614c8686b8c9e8706d79a63634cde4684e4 Mon Sep 17 00:00:00 2001
From: Tadeusz Struk tadeusz.struk@intel.com Date: Tue, 22 May 2018 14:37:18 -0700 Subject: [PATCH] tpm: fix race condition in tpm_common_write()
commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream
There is a race condition in tpm_common_write function allowing two threads on the same /dev/tpm<N>, or two different applications on the same /dev/tpmrm<N> to overwrite each other commands/responses. Fixed this by taking the priv->buffer_mutex early in the function.
Also converted the priv->data_pending from atomic to a regular size_t type. There is no need for it to be atomic since it is only touched under the protection of the priv->buffer_mutex.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Tadeusz Struk tadeusz.struk@intel.com Reviewed-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com Signed-off-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com Signed-off-by: Sudip Mukherjee sudipm.mukherjee@gmail.com
drivers/char/tpm/tpm-dev.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-)
Sorry, but someone already backported this before you did.
thanks,
greg k-h