On Sun, Aug 12, 2018 at 02:48:34PM +0100, Sudip Mukherjee wrote:
> Hi Greg,
>
> On Sun, Jul 01, 2018 at 11:34:24AM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> >
> > The patch below does not apply to the 4.4-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@xxxxxxxxxxxxxxx>.
>
> The attached backported patch should apply to 4.4-stable tree. It will
> also apply to 4.9-stable.
>
> It did not apply originally as patch was looking for the splitted files.
> The split was done by:
> ecb38e2f521b ("tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c")
>
> --
> Regards
> Sudip
> >From a8298614c8686b8c9e8706d79a63634cde4684e4 Mon Sep 17 00:00:00 2001
> From: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
> Date: Tue, 22 May 2018 14:37:18 -0700
> Subject: [PATCH] tpm: fix race condition in tpm_common_write()
>
> commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream
>
> There is a race condition in tpm_common_write function allowing
> two threads on the same /dev/tpm<N>, or two different applications
> on the same /dev/tpmrm<N> to overwrite each other commands/responses.
> Fixed this by taking the priv->buffer_mutex early in the function.
>
> Also converted the priv->data_pending from atomic to a regular size_t
> type. There is no need for it to be atomic since it is only touched
> under the protection of the priv->buffer_mutex.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@xxxxxxxxx>
> ---
> drivers/char/tpm/tpm-dev.c | 41 +++++++++++++++++++----------------------
> 1 file changed, 19 insertions(+), 22 deletions(-)
Sorry, but someone already backported this before you did.
thanks,
greg k-h
