mbox

TPM CVE and race patches

Message ID 4EDD241C.8050403@canonical.com
State New
Headers show

Pull-request

git://kernel.ubuntu.com/rtg/ubuntu-precise.git master-next

Message

Tim Gardner Dec. 5, 2011, 8:05 p.m. UTC
Seth - would you give this a quick review before I send it upstream:

The following changes since commit b6acbb61eb4296c2a25e47e851208bab843ac112:
   Leann Ogasawara (1):
         UBUNTU: [Config] updateconfigs after dropping i386 generic

are available in the git repository at:

   git://kernel.ubuntu.com/rtg/ubuntu-precise.git master-next

Tim Gardner (2):
       TPM: Zero whole buffer after copying to userspace
       TPM: Close data_pending and data_buffer races

  drivers/char/tpm/tpm.c |   20 +++++++++++---------
  1 files changed, 11 insertions(+), 9 deletions(-)

Comments

Seth Forshee Dec. 5, 2011, 9:22 p.m. UTC | #1
On Mon, Dec 05, 2011 at 01:05:48PM -0700, Tim Gardner wrote:
> Seth - would you give this a quick review before I send it upstream:
> 
> The following changes since commit b6acbb61eb4296c2a25e47e851208bab843ac112:
>   Leann Ogasawara (1):
>         UBUNTU: [Config] updateconfigs after dropping i386 generic
> 
> are available in the git repository at:
> 
>   git://kernel.ubuntu.com/rtg/ubuntu-precise.git master-next
> 
> Tim Gardner (2):
>       TPM: Zero whole buffer after copying to userspace

That looks like it ought to do the job.

>       TPM: Close data_pending and data_buffer races

That looks like it should work too, but if you're going to go the route
of protecting data_pending with the mutex then you've effectively
eliminated the need for it to be atomic. Seems like you might as well
take it to the logical conclusion and change data_pending to a plain
integer type (looks like size_t would be the appropriate choice).

> 
>  drivers/char/tpm/tpm.c |   20 +++++++++++---------
>  1 files changed, 11 insertions(+), 9 deletions(-)
> -- 
> Tim Gardner tim.gardner@canonical.com