On Tue, May 22, 2018 at 10:32:46AM -0700, Tadeusz Struk wrote: > There is a race condition in tpm_common_write function allowing two > threads on the same /dev/tpm<N>, or two different applications on > the same /dev/tpmrm<N> to overwrite eachother requests/responses. > > Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx> > --- > drivers/char/tpm/tpm-dev-common.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) I didn't see any reasn for data_pending to be an atomic, ever use case is near the buffer_mutex, can you respin this patch to just drop that completely and only manipulate it within the lock? Jason
