lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2019 20:51:30 +0200 From: Mantas Mikulėnas <grawity@...il.com> To: Tadeusz Struk <tadeusz.struk@...el.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>, James.Bottomley@...senpartnership.com, linux-integrity@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2] tpm: fix an invalid condition in tpm_common_poll On Tue, Mar 19, 2019 at 10:31 PM Tadeusz Struk <tadeusz.struk@...el.com> wrote: > > The poll condition should only check response_length, > because reads should only be issued if there is data to read. > The response_read flag only prevents double writes. > The problem was that the write set the response_read to false, > enqued a tpm job, and returned. Then application called poll > which checked the response_read flag and returned EPOLLIN. > Then the application called read, but got nothing. > After all that the async_work kicked in. > Added also mutex_lock around the poll check to prevent > other possible race conditions. > > Fixes: 9488585b21bef0df12 ("tpm: add support for partial reads") > Reported-by: Mantas Mikulėnas <grawity@...il.com> > Signed-off-by: Tadeusz Struk <tadeusz.struk@...el.com> > --- > drivers/char/tpm/tpm-dev-common.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c > index 5eecad233ea1..7312d3214381 100644 > --- a/drivers/char/tpm/tpm-dev-common.c > +++ b/drivers/char/tpm/tpm-dev-common.c > @@ -203,12 +203,14 @@ __poll_t tpm_common_poll(struct file *file, poll_table *wait) > __poll_t mask = 0; > > poll_wait(file, &priv->async_wait, wait); > + mutex_lock(&priv->buffer_mutex); > > - if (!priv->response_read || priv->response_length) > + if (priv->response_length) > mask = EPOLLIN | EPOLLRDNORM; > else > mask = EPOLLOUT | EPOLLWRNORM; > > + mutex_unlock(&priv->buffer_mutex); > return mask; > } Thanks, this patch seems to work, and I apologize for not responding to test the patches earlier. Any chance it'll be submitted for stable 5.0.x as well? -- Mantas Mikulėnas
Powered by blists - more mailing lists