On Wed, Aug 08, 2018 at 03:35:50PM +0300, Jarkko Sakkinen wrote:
> From: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
>
> commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream
>
> There is a race condition in tpm_common_write function allowing
> two threads on the same /dev/tpm<N>, or two different applications
> on the same /dev/tpmrm<N> to overwrite each other commands/responses.
> Fixed this by taking the priv->buffer_mutex early in the function.
>
> Also converted the priv->data_pending from atomic to a regular size_t
> type. There is no need for it to be atomic since it is only touched
> under the protection of the priv->buffer_mutex.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> ---
> Manually backported for v4.4 and v4.9.
Now queued up, thanks.
greg k-h
