review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Tadeusz Struk <tadeusz.struk@intel.com>
	Tue, 22 May 2018 21:37:18 +0000 (14:37 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 3 Jul 2018 09:24:53 +0000 (11:24 +0200)
commit	c41cb9cb5611747d64c3d569c1e9937f3d90e965
tree	0a8f5ec192fc63b66fe04b6cbd3d2be5edae8354	tree \| snapshot
parent	1bf1a5e21798518fd6a025c6e0c0168955f5e8e6	commit \| diff

tpm: fix race condition in tpm_common_write()

commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream.

There is a race condition in tpm_common_write function allowing
two threads on the same /dev/tpm<N>, or two different applications
on the same /dev/tpmrm<N> to overwrite each other commands/responses.
Fixed this by taking the priv->buffer_mutex early in the function.

Also converted the priv->data_pending from atomic to a regular size_t
type. There is no need for it to be atomic since it is only touched
under the protection of the priv->buffer_mutex.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/char/tpm/tpm-dev-common.c		diff \| blob \| history
drivers/char/tpm/tpm-dev.h		diff \| blob \| history