On Fri, Aug 10, 2018 at 04:10:58PM +0200, Greg KH wrote:
> On Wed, Aug 08, 2018 at 03:35:50PM +0300, Jarkko Sakkinen wrote:
> > From: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
> >
> > commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream
> >
> > There is a race condition in tpm_common_write function allowing
> > two threads on the same /dev/tpm<N>, or two different applications
> > on the same /dev/tpmrm<N> to overwrite each other commands/responses.
> > Fixed this by taking the priv->buffer_mutex early in the function.
> >
> > Also converted the priv->data_pending from atomic to a regular size_t
> > type. There is no need for it to be atomic since it is only touched
> > under the protection of the priv->buffer_mutex.
> >
> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> > ---
> > Manually backported for v4.4 and v4.9.
>
> Now queued up, thanks.
Great, thank you.
> greg k-h
/Jarkko
