The priv->responce_length can hold the size of an response or an negative error code, and the tpm_common_read() needs to handle both cases correctly. Changed the type of responce_length to signed and accounted for negative value in tpm_common_read()
Cc: stable@vger.kernel.org Fixes: d23d12484307 ("tpm: fix invalid locking in NONBLOCKING mode") Reported-by: Laura Abbott labbott@redhat.com Signed-off-by: Tadeusz Struk tadeusz.struk@intel.com --- drivers/char/tpm/tpm-dev-common.c | 2 +- drivers/char/tpm/tpm-dev.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c index b23b0b999232..87f449340202 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -130,7 +130,7 @@ ssize_t tpm_common_read(struct file *file, char __user *buf, priv->response_read = true;
ret_size = min_t(ssize_t, size, priv->response_length); - if (!ret_size) { + if (ret_size <= 0) { priv->response_length = 0; goto out; } diff --git a/drivers/char/tpm/tpm-dev.h b/drivers/char/tpm/tpm-dev.h index 1089fc0bb290..f3742bcc73e3 100644 --- a/drivers/char/tpm/tpm-dev.h +++ b/drivers/char/tpm/tpm-dev.h @@ -14,7 +14,7 @@ struct file_priv { struct work_struct timeout_work; struct work_struct async_work; wait_queue_head_t async_wait; - size_t response_length; + ssize_t response_length; bool response_read; bool command_enqueued;
On Tue, 2020-01-07 at 14:04 -0800, Tadeusz Struk wrote:
The priv->responce_length can hold the size of an response or an negative error code, and the tpm_common_read() needs to handle both cases correctly. Changed the type of responce_length to signed and accounted for negative value in tpm_common_read()
Cc: stable@vger.kernel.org Fixes: d23d12484307 ("tpm: fix invalid locking in NONBLOCKING mode") Reported-by: Laura Abbott labbott@redhat.com Signed-off-by: Tadeusz Struk tadeusz.struk@intel.com
Reviewed-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com
Adding to the next PR.
/Jarkko
On Wed, 2020-01-08 at 17:58 +0200, Jarkko Sakkinen wrote:
On Tue, 2020-01-07 at 14:04 -0800, Tadeusz Struk wrote:
The priv->responce_length can hold the size of an response or an negative error code, and the tpm_common_read() needs to handle both cases correctly. Changed the type of responce_length to signed and accounted for negative value in tpm_common_read()
Cc: stable@vger.kernel.org Fixes: d23d12484307 ("tpm: fix invalid locking in NONBLOCKING mode") Reported-by: Laura Abbott labbott@redhat.com Signed-off-by: Tadeusz Struk tadeusz.struk@intel.com
Reviewed-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com
Adding to the next PR.
Applied but had to fix bunch of typos, missing punctaction and missing parentheses in the commit message. Even checkpatch.pl was complaining :-/
Thanks.
/Jarkko
On Wed, Jan 08, 2020 at 09:47:31AM -0800, Tadeusz Struk wrote:
On 1/8/20 8:04 AM, Jarkko Sakkinen wrote:
Applied but had to fix bunch of typos, missing punctaction and missing parentheses in the commit message. Even checkpatch.pl was complaining :-/
Forgot about the checkpatch.pl thing. Sorry.
NP, just mentioning this for the future patches.
/Jarkko
linux-stable-mirror@lists.linaro.org
-
Jarkko Sakkinen -
Tadeusz Struk