From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 4 Aug 2017 20:03:58 +0000 (-0700)
Subject: 3.18-stable patches
X-Git-Tag: v4.12.5~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=933d18e69096d227edf7796d50f1501ea3b1a4ce;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
---

diff --git a/queue-3.18/series b/queue-3.18/series
index 41235c8c36e..2ec0478d6ec 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -35,4 +35,5 @@ pstore-allow-prz-to-control-need-for-locking.patch
 pstore-correctly-initialize-spinlock-and-flags.patch
 pstore-use-dynamic-spinlock-initializer.patch
 net-skb_needs_check-accepts-checksum_none-for-tx.patch
+tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
 vlan-propagate-mac-address-to-vlans.patch
diff --git a/queue-3.18/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch b/queue-3.18/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
new file mode 100644
index 00000000000..96c241f5ba0
--- /dev/null
+++ b/queue-3.18/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
@@ -0,0 +1,40 @@
+From 13b47cfcfc60495cde216eef4c01040d76174cbe Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Date: Tue, 20 Jun 2017 11:38:02 +0200
+Subject: tpm: fix a kernel memory leak in tpm-sysfs.c
+
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+
+commit 13b47cfcfc60495cde216eef4c01040d76174cbe upstream.
+
+While cleaning up sysfs callback that prints EK we discovered a kernel
+memory leak. This commit fixes the issue by zeroing the buffer used for
+TPM command/response.
+
+The leak happen when we use either tpm_vtpm_proxy, tpm_ibmvtpm or
+xen-tpmfront.
+
+Cc: stable@vger.kernel.org
+Fixes: 0883743825e3 ("TPM: sysfs functions consolidation")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/char/tpm/tpm-sysfs.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/char/tpm/tpm-sysfs.c
++++ b/drivers/char/tpm/tpm-sysfs.c
+@@ -57,6 +57,8 @@ static ssize_t pubek_show(struct device
+ 
+ 	struct tpm_chip *chip = dev_get_drvdata(dev);
+ 
++	memset(&tpm_cmd, 0, sizeof(tpm_cmd));
++
+ 	tpm_cmd.header.in = tpm_readpubek_header;
+ 	err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
+ 			   "attempting to read the PUBEK");