From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 8 Jul 2017 08:59:27 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.37~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43feeb9b66acb92715fdec7e89bd50b6d077a72f;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
---

diff --git a/queue-4.9/series b/queue-4.9/series
index a7dc4a7d678..551dfdb9f08 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -31,3 +31,4 @@ usb-serial-option-add-two-longcheer-device-ids.patch
 usb-serial-qcserial-new-sierra-wireless-em7305-device-id.patch
 xhci-limit-usb2-port-wake-support-for-amd-promontory-hosts.patch
 gfs2-fix-glock-rhashtable-rcu-bug.patch
+tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
diff --git a/queue-4.9/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch b/queue-4.9/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
new file mode 100644
index 00000000000..d6e1e331f4a
--- /dev/null
+++ b/queue-4.9/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
@@ -0,0 +1,41 @@
+From 13b47cfcfc60495cde216eef4c01040d76174cbe Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Date: Tue, 20 Jun 2017 11:38:02 +0200
+Subject: tpm: fix a kernel memory leak in tpm-sysfs.c
+
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+
+commit 13b47cfcfc60495cde216eef4c01040d76174cbe upstream.
+
+While cleaning up sysfs callback that prints EK we discovered a kernel
+memory leak. This commit fixes the issue by zeroing the buffer used for
+TPM command/response.
+
+The leak happen when we use either tpm_vtpm_proxy, tpm_ibmvtpm or
+xen-tpmfront.
+
+Fixes: 0883743825e3 ("TPM: sysfs functions consolidation")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm-sysfs.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/char/tpm/tpm-sysfs.c
++++ b/drivers/char/tpm/tpm-sysfs.c
+@@ -35,9 +35,10 @@ static ssize_t pubek_show(struct device
+ 	ssize_t err;
+ 	int i, rc;
+ 	char *str = buf;
+-
+ 	struct tpm_chip *chip = to_tpm_chip(dev);
+ 
++	memset(&tpm_cmd, 0, sizeof(tpm_cmd));
++
+ 	tpm_cmd.header.in = tpm_readpubek_header;
+ 	err = tpm_transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, 0,
+ 			       "attempting to read the PUBEK");