From b899ce7c87d113aafb35b9aaf09d8c1e61a779de Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 21 Jul 2023 06:44:49 +0200 Subject: [PATCH] 4.14-stable patches added patches: tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx-creation.patch --- queue-4.14/series | 1 + ...race-condition-in-dev-vtpmx-creation.patch | 80 +++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 queue-4.14/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx-creation.patch diff --git a/queue-4.14/series b/queue-4.14/series index 27fdd51c774..ad3315bc0c3 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -99,3 +99,4 @@ ntb-ntb_transport-fix-possible-memory-leak-while-dev.patch ipv6-addrconf-fix-a-potential-refcount-underflow-for.patch wifi-airo-avoid-uninitialized-warning-in-airo_get_ra.patch net-sched-make-psched_mtu-rtnl-less-safe.patch +tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx-creation.patch diff --git a/queue-4.14/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx-creation.patch b/queue-4.14/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx-creation.patch new file mode 100644 index 00000000000..8174771d615 --- /dev/null +++ b/queue-4.14/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx-creation.patch @@ -0,0 +1,80 @@ +From f4032d615f90970d6c3ac1d9c0bce3351eb4445c Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen +Date: Tue, 16 May 2023 01:25:54 +0300 +Subject: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation + +From: Jarkko Sakkinen + +commit f4032d615f90970d6c3ac1d9c0bce3351eb4445c upstream. + +/dev/vtpmx is made visible before 'workqueue' is initialized, which can +lead to a memory corruption in the worst case scenario. + +Address this by initializing 'workqueue' as the very first step of the +driver initialization. + +Cc: stable@vger.kernel.org +Fixes: 6f99612e2500 ("tpm: Proxy driver for supporting multiple emulated TPMs") +Reviewed-by: Stefan Berger +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/char/tpm/tpm_vtpm_proxy.c | 30 +++++++----------------------- + 1 file changed, 7 insertions(+), 23 deletions(-) + +--- a/drivers/char/tpm/tpm_vtpm_proxy.c ++++ b/drivers/char/tpm/tpm_vtpm_proxy.c +@@ -700,37 +700,21 @@ static struct miscdevice vtpmx_miscdev = + .fops = &vtpmx_fops, + }; + +-static int vtpmx_init(void) +-{ +- return misc_register(&vtpmx_miscdev); +-} +- +-static void vtpmx_cleanup(void) +-{ +- misc_deregister(&vtpmx_miscdev); +-} +- + static int __init vtpm_module_init(void) + { + int rc; + +- rc = vtpmx_init(); +- if (rc) { +- pr_err("couldn't create vtpmx device\n"); +- return rc; +- } +- + workqueue = create_workqueue("tpm-vtpm"); + if (!workqueue) { + pr_err("couldn't create workqueue\n"); +- rc = -ENOMEM; +- goto err_vtpmx_cleanup; ++ return -ENOMEM; + } + +- return 0; +- +-err_vtpmx_cleanup: +- vtpmx_cleanup(); ++ rc = misc_register(&vtpmx_miscdev); ++ if (rc) { ++ pr_err("couldn't create vtpmx device\n"); ++ destroy_workqueue(workqueue); ++ } + + return rc; + } +@@ -738,7 +722,7 @@ err_vtpmx_cleanup: + static void __exit vtpm_module_exit(void) + { + destroy_workqueue(workqueue); +- vtpmx_cleanup(); ++ misc_deregister(&vtpmx_miscdev); + } + + module_init(vtpm_module_init); -- 2.47.3