asedeno.scripts.mit.edu Git - linux.git/commit

tpm: fix race condition in tpm_common_write()

There is a race condition in tpm_common_write function allowing
two threads on the same /dev/tpm<N>, or two different applications
on the same /dev/tpmrm<N> to overwrite each other commands/responses.
Fixed this by taking the priv->buffer_mutex early in the function.

Also converted the priv->data_pending from atomic to a regular size_t
type. There is no need for it to be atomic since it is only touched
under the protection of the priv->buffer_mutex.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

author	Tadeusz Struk <tadeusz.struk@intel.com>
	Tue, 22 May 2018 21:37:18 +0000 (14:37 -0700)
committer	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
	Wed, 30 May 2018 17:11:31 +0000 (20:11 +0300)
commit	3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df
tree	83807afb8ea61e77a8d2a2ed698e0c7615390938	tree \| snapshot
parent	424eaf910c329ab06ad03a527ef45dcf6a328f00	commit \| diff

drivers/char/tpm/tpm-dev-common.c		diff \| blob \| history
drivers/char/tpm/tpm-dev.h		diff \| blob \| history