evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/char/tpm
History
Tadeusz Struk 215f36e128 tpm: fix race condition in tpm_common_write() 
commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream.

There is a race condition in tpm_common_write function allowing
two threads on the same /dev/tpm<N>, or two different applications
on the same /dev/tpmrm<N> to overwrite each other commands/responses.
Fixed this by taking the priv->buffer_mutex early in the function.

Also converted the priv->data_pending from atomic to a regular size_t
type. There is no need for it to be atomic since it is only touched
under the protection of the priv->buffer_mutex.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-08-15 17:42:04 +02:00
..
st33zp24 tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus 2018-03-11 16:19:44 +01:00
Kconfig tpm: Update KConfig text to include TPM2.0 FIFO chips 2015-03-18 22:43:07 +01:00
Makefile tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy) 2015-03-18 22:43:06 +01:00
tpm-chip.c tpm: do not suspend/resume if power stays on 2018-06-13 16:15:27 +02:00
tpm-dev.c tpm: fix race condition in tpm_common_write() 2018-08-15 17:42:04 +02:00
tpm-interface.c tpm: self test failure should not cause suspend to fail 2018-06-13 16:15:27 +02:00
tpm-sysfs.c tpm: fix a kernel memory leak in tpm-sysfs.c 2017-08-06 19:19:43 -07:00
tpm.h tpm: do not suspend/resume if power stays on 2018-06-13 16:15:27 +02:00
tpm2-cmd.c tpm: fix potential buffer overruns caused by bit glitches on the bus 2018-03-24 10:58:39 +01:00
tpm_acpi.c ACPI: Clean up acpi_os_map/unmap_memory() to eliminate __iomem. 2014-05-27 18:13:08 +02:00
tpm_atmel.c tpm: Get rid of chip->pdev 2017-07-21 07:44:58 +02:00
tpm_atmel.h tpmdd maintainers 2007-08-22 19:52:44 -07:00
tpm_crb.c tpm_crb: check for bad response size 2017-05-25 14:30:07 +02:00
tpm_eventlog.c tpm_eventlog.c: fix binary_bios_measurements 2016-04-12 09:08:47 -07:00
tpm_eventlog.h vTPM: support little endian guests 2015-10-19 01:09:30 +02:00
tpm_i2c_atmel.c tpm: Get rid of chip->pdev 2017-07-21 07:44:58 +02:00
tpm_i2c_infineon.c tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus 2018-03-11 16:19:44 +01:00
tpm_i2c_nuvoton.c tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus 2018-03-11 16:19:44 +01:00
tpm_ibmvtpm.c vTPM: fix memory allocation flag for rtce buffer at kernel boot 2015-10-19 01:00:49 +02:00
tpm_ibmvtpm.h tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send 2015-03-06 22:35:48 +01:00
tpm_infineon.c tpm: Get rid of chip->pdev 2017-07-21 07:44:58 +02:00
tpm_nsc.c tpm: Get rid of chip->pdev 2017-07-21 07:44:58 +02:00
tpm_of.c TPM: Avoid reference to potentially freed memory 2015-11-09 17:52:55 +02:00
tpm_ppi.c tpm: move the PPI attributes to character device directory. 2015-10-19 01:01:20 +02:00
tpm_tis.c tpm_tis: fix potential buffer overruns caused by bit glitches on the bus 2018-03-24 10:58:39 +01:00
xen-tpmfront.c tpm xen: Remove bogus tpm_chip_unregister 2017-01-06 11:16:16 +01:00