Re: [PATCH 1/2] tpm: Fix tpmrm reference counting

From: Jason Gunthorpe
Date: Wed Jun 16 2021 - 14:53:08 EST

Next message: kernel test robot: "Re: [PATCH v2 2/2] dt-bindings: clock: ad9545: Add documentation"
Previous message: Andy Lutomirski: "Re: [PATCH 8/8] membarrier: Rewrite sync_core_before_usermode() and improve documentation"
Next in thread: Vincent Whitchurch: "Re: [PATCH 1/2] tpm: Fix tpmrm reference counting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 15, 2021 at 11:14:08AM +0200, Vincent Whitchurch wrote:
> The code added by commit 8979b02aaf1d6de8 ("tpm: Fix reference count to
> main device") tries to take an extra reference to the main device only
> for TPM2 by looking at the flags, but the flags are actually not set
> at the time when tpm_chip_alloc() is called, so no extra reference is
> ever taken, leading to a use-after-free if the TPM modules are removed
> when the tpmrm device is in use.

Please read this

https://lore.kernel.org/linux-integrity/20210205172528.GP4718@xxxxxxxx/

Jason

Next message: kernel test robot: "Re: [PATCH v2 2/2] dt-bindings: clock: ad9545: Add documentation"
Previous message: Andy Lutomirski: "Re: [PATCH 8/8] membarrier: Rewrite sync_core_before_usermode() and improve documentation"
Next in thread: Vincent Whitchurch: "Re: [PATCH 1/2] tpm: Fix tpmrm reference counting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]