lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 Sep 2021 03:31:39 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Lino Sanfilippo <LinoSanfilippo@....de>
Cc:     peterhuewe@....de, jgg@...pe.ca, p.rosenberger@...bus.com,
        linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: Aw: Re: [PATCH] tpm: fix potential NULL pointer access in
 tpm_del_char_device()

On Mon, 2021-09-13 at 22:53 +0200, Lino Sanfilippo wrote:
> Hi,
> 
> > Gesendet: Montag, 13. September 2021 um 22:25 Uhr
> > Von: "Jarkko Sakkinen" <jarkko@...nel.org>
> > An: "Lino Sanfilippo" <LinoSanfilippo@....de>, peterhuewe@....de, jgg@...pe.ca
> > Cc: p.rosenberger@...bus.com, linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org
> > Betreff: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device()
> > 
> > On Fri, 2021-09-10 at 20:04 +0200, Lino Sanfilippo wrote:
> > > In tpm_del_char_device() make sure that chip->ops is still valid.
> > > This check is needed since in case of a system shutdown
> > > tpm_class_shutdown() has already been called and set chip->ops to NULL.
> > > This leads to a NULL pointer access as soon as tpm_del_char_device()
> > > tries to access chip->ops in case of TPM 2.
> > > 
> > > Fixes: dcbeab1946454 ("tpm: fix crash in tpm_tis deinitialization")
> > > Cc: stable@...r.kernel.org
> > > Signed-off-by: Lino Sanfilippo <LinoSanfilippo@....de>
> > > ---
> > 
> > Have you been able to reproduce this in some environment?
> > 
> > /Jarkko
> > 
> > 
> 
> Yes, this bug is reproducable on my system that is running a 5.10 raspberry kernel.
> I use a SLB 9670 which is connected via SPI.

Can you confirm that the lates mainline kernel has also this
issue here? That is lacking in this fix. 

It's obvious that the issue does not scale to every system,
so it would nice to know the difference that triggers the
issue, before applying this, and it also needs to be
documented to the commit message.


/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ