From patchwork Wed Jul 20 00:16:32 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 9238559 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0B481600CB for ; Wed, 20 Jul 2016 00:16:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F34861FFC7 for ; Wed, 20 Jul 2016 00:16:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E7277277D9; Wed, 20 Jul 2016 00:16:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 49F8A1FFC7 for ; Wed, 20 Jul 2016 00:16:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752606AbcGTAQy (ORCPT ); Tue, 19 Jul 2016 20:16:54 -0400 Received: from mga03.intel.com ([134.134.136.65]:59275 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752082AbcGTAQx (ORCPT ); Tue, 19 Jul 2016 20:16:53 -0400 Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga103.jf.intel.com with ESMTP; 19 Jul 2016 17:16:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,391,1464678000"; d="scan'208";a="1025162806" Received: from pjgubbin-mobl2.ger.corp.intel.com (HELO localhost) ([10.252.3.191]) by fmsmga002.fm.intel.com with ESMTP; 19 Jul 2016 17:16:48 -0700 From: Jarkko Sakkinen To: Peter Huewe Cc: linux-security-module@vger.kernel.org, Jarkko Sakkinen , Marcel Selhorst , Jason Gunthorpe , tpmdd-devel@lists.sourceforge.net (moderated list:TPM DEVICE DRIVER), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] tpm: fix a race condition tpm2_unseal_trusted() Date: Wed, 20 Jul 2016 03:16:32 +0300 Message-Id: <1468973792-17598-1-git-send-email-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.7.4 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Unseal and load operations should be done as an atomic unit. This commit fixes the issue by moving TPM mutex handling to tpm_try_get_ops() and tpm_put_ops(), which is probably more logical place for it anyway. Fixes: 954650efb79f ("tpm: seal/unseal for TPM 2.0") Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-chip.c | 2 ++ drivers/char/tpm/tpm-interface.c | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index e595013..9749f59 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -56,6 +56,7 @@ int tpm_try_get_ops(struct tpm_chip *chip) if (!chip->ops) goto out_lock; + mutex_lock(&chip->tpm_mutex); return 0; out_lock: up_read(&chip->ops_sem); @@ -73,6 +74,7 @@ EXPORT_SYMBOL_GPL(tpm_try_get_ops); */ void tpm_put_ops(struct tpm_chip *chip) { + mutex_unlock(&chip->tpm_mutex); up_read(&chip->ops_sem); put_device(&chip->dev); } diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 1abe2d7..a2a9c36 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -350,8 +350,6 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, return -E2BIG; } - mutex_lock(&chip->tpm_mutex); - rc = chip->ops->send(chip, (u8 *) buf, count); if (rc < 0) { dev_err(&chip->dev, @@ -393,7 +391,6 @@ out_recv: dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %zd\n", rc); out: - mutex_unlock(&chip->tpm_mutex); return rc; }