On Wed, Aug 08, 2018 at 03:35:50PM +0300, Jarkko Sakkinen wrote:
From: Tadeusz Struk tadeusz.struk@intel.com
commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream
There is a race condition in tpm_common_write function allowing two threads on the same /dev/tpm<N>, or two different applications on the same /dev/tpmrm<N> to overwrite each other commands/responses. Fixed this by taking the priv->buffer_mutex early in the function.
Also converted the priv->data_pending from atomic to a regular size_t type. There is no need for it to be atomic since it is only touched under the protection of the priv->buffer_mutex.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Tadeusz Struk tadeusz.struk@intel.com Reviewed-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com Signed-off-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com
Manually backported for v4.4 and v4.9.
Now queued up, thanks.
greg k-h