Re: Aw: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device()
From: Jarkko Sakkinen
Date: Mon Sep 13 2021 - 20:31:44 EST
On Mon, 2021-09-13 at 22:53 +0200, Lino Sanfilippo wrote:
> Hi,
>
> > Gesendet: Montag, 13. September 2021 um 22:25 Uhr
> > Von: "Jarkko Sakkinen" <jarkko@xxxxxxxxxx>
> > An: "Lino Sanfilippo" <LinoSanfilippo@xxxxxx>, peterhuewe@xxxxxx, jgg@xxxxxxxx
> > Cc: p.rosenberger@xxxxxxxxxx, linux-integrity@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx
> > Betreff: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device()
> >
> > On Fri, 2021-09-10 at 20:04 +0200, Lino Sanfilippo wrote:
> > > In tpm_del_char_device() make sure that chip->ops is still valid.
> > > This check is needed since in case of a system shutdown
> > > tpm_class_shutdown() has already been called and set chip->ops to NULL.
> > > This leads to a NULL pointer access as soon as tpm_del_char_device()
> > > tries to access chip->ops in case of TPM 2.
> > >
> > > Fixes: dcbeab1946454 ("tpm: fix crash in tpm_tis deinitialization")
> > > Cc: stable@xxxxxxxxxxxxxxx
> > > Signed-off-by: Lino Sanfilippo <LinoSanfilippo@xxxxxx>
> > > ---
> >
> > Have you been able to reproduce this in some environment?
> >
> > /Jarkko
> >
> >
>
> Yes, this bug is reproducable on my system that is running a 5.10 raspberry kernel.
> I use a SLB 9670 which is connected via SPI.
Can you confirm that the lates mainline kernel has also this
issue here? That is lacking in this fix.
It's obvious that the issue does not scale to every system,
so it would nice to know the difference that triggers the
issue, before applying this, and it also needs to be
documented to the commit message.
/Jarkko