From patchwork Mon May 15 22:25:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 94392 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp32746vqo; Mon, 15 May 2023 16:02:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4CkuSG6FRYCD0LYT7QtFoKD8quB4WdPZHo01dbJb1IEsFcBrVn3QRG1Fv1Mod/Yh10ntNz X-Received: by 2002:a05:6a20:938f:b0:102:a593:a17c with SMTP id x15-20020a056a20938f00b00102a593a17cmr24508557pzh.0.1684191722535; Mon, 15 May 2023 16:02:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684191722; cv=none; d=google.com; s=arc-20160816; b=f2A7X9Zt0wFcL/qM0PX9lXHPdNMzSx6J90WS2uQY/DcMgXEYI+PLT7KRf+zZZZqCbS V434xwk6HH5H/680hI12znokpQ8KddIVwWt7/T9ZW0QJ8Ofe4+zERQbcs7+sVKP1kFA/ h5e2mWC93URhtf/4VHAXJ50hVAwBIwf8rxJ1OYV5UxMJ+Kw0f/VAASXzS/VZv5Px7n9e ybwuWcbWST515r6KkLTlEgmVHu1oGNwm70IB1p52SMbZHS0j15HA9bJeXAGXqqJ5c74L 3U5+5jATafocVTRR6ruYCLy/5mE3XXIZHBquz8lrXwtqcvtc9wc6m6BaIXkJ76vaH5NX vNIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=ZZE0ooY0dI6kskidc2OKPnvvEF4Kg3p/Wjpppwekh8k=; b=iS4XsoVrsWOna1kkPrkEpLojJdsD4dwqjgrDW+EA8sic7pIR2cABsq0BSEFhlAQS15 X037cUlXzyNxrbrV/v/0s8TPTp0dNEl02FfnK9ydZb+NqWX3Khky5TBLXIHho98YSsjZ 65Ko6KtaPj1x3gaYQOcpq6qWhUOObzDVywcEqyjvlBAzlZbxPhhAw4VxaTi+/jwepS2j dXF7cB4jPY6LMDNm9YuM2m1JvETns1fy16GCju0/Z6a/VKrlz3+X4IXoGHHk/oxm3mLw sli8Fi0paidBuQpFY+8/3NOCbMtMKsshZxDe/0gM/5NUGkWZ6W3slo+YQHwKFTE/L3vb GdQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tljRDJNR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i10-20020a636d0a000000b0053045471007si17594838pgc.330.2023.05.15.16.01.49; Mon, 15 May 2023 16:02:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tljRDJNR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245310AbjEOW0H (ORCPT + 99 others); Mon, 15 May 2023 18:26:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234623AbjEOW0E (ORCPT ); Mon, 15 May 2023 18:26:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA1D2A3; Mon, 15 May 2023 15:26:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 86E23623F6; Mon, 15 May 2023 22:26:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 644E7C433D2; Mon, 15 May 2023 22:26:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684189562; bh=mgXb0mwxaOmdxBcgoHsqCUvWmllYoas8WLQZmW80/0U=; h=From:To:Cc:Subject:Date:From; b=tljRDJNRgEs51+Df/dmJVTibiTt1wcAE1beiT9OvcO/Cm+pyikMJrPEY7Ow/IoO2d bUGy2qRQc6S0rEP10IdJk5MKv+FffbtjlIMNKpOWdMyMUGuS/s9z0zPSFiDWcAz6h2 JMl0WdK67n5pWI2IQgtE5jaUJyz61CK2XH2Y3QSQX0r/mveGntgl/kUYHds+phMic9 blq8A1GjpsF6reZQaCYe2I66VDmCXsGpQHOhsNOXQdfM/AeFcPn/hEl5QCodVAjM0F kIcB7I0KbNEvbnaLGiacadd+aMGNiIjO9xqbmqMkqRubhauD8tjKp+NKg3joFabTnJ S5ws7+8XA/xEQ== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org, Peter Huewe , Jarkko Sakkinen , Jason Gunthorpe , Stefan Berger Cc: Jarkko Sakkinen , stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Date: Tue, 16 May 2023 01:25:54 +0300 Message-Id: <20230515222554.2783592-1-jarkko@kernel.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766003020078900971?= X-GMAIL-MSGID: =?utf-8?q?1766003020078900971?= From: Jarkko Sakkinen /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueue' as the very first step of the driver initialization. Cc: stable@vger.kernel.org Fixes: 6f99612e2500 ("tpm: Proxy driver for supporting multiple emulated TPMs") Signed-off-by: Jarkko Sakkinen Reviewed-by: Stefan Berger --- v2: - Replace vtpmx_cleanup() with destroy_workqueue(): https://lore.kernel.org/linux-integrity/CSLCEYDKKWWE.36POIXVT65SLE@suppilovahvero/ - Fix typo: https://lore.kernel.org/linux-integrity/4651cf1c-423d-05c2-b4c3-9d829a2eadf4@linux.ibm.com/ --- drivers/char/tpm/tpm_vtpm_proxy.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/drivers/char/tpm/tpm_vtpm_proxy.c b/drivers/char/tpm/tpm_vtpm_proxy.c index 5c865987ba5c..30e953988cab 100644 --- a/drivers/char/tpm/tpm_vtpm_proxy.c +++ b/drivers/char/tpm/tpm_vtpm_proxy.c @@ -683,37 +683,21 @@ static struct miscdevice vtpmx_miscdev = { .fops = &vtpmx_fops, }; -static int vtpmx_init(void) -{ - return misc_register(&vtpmx_miscdev); -} - -static void vtpmx_cleanup(void) -{ - misc_deregister(&vtpmx_miscdev); -} - static int __init vtpm_module_init(void) { int rc; - rc = vtpmx_init(); - if (rc) { - pr_err("couldn't create vtpmx device\n"); - return rc; - } - workqueue = create_workqueue("tpm-vtpm"); if (!workqueue) { pr_err("couldn't create workqueue\n"); - rc = -ENOMEM; - goto err_vtpmx_cleanup; + return -ENOMEM; } - return 0; - -err_vtpmx_cleanup: - vtpmx_cleanup(); + rc = misc_register(&vtpmx_miscdev); + if (rc) { + pr_err("couldn't create vtpmx device\n"); + destroy_workqueue(workqueue); + } return rc; } @@ -721,7 +705,7 @@ static int __init vtpm_module_init(void) static void __exit vtpm_module_exit(void) { destroy_workqueue(workqueue); - vtpmx_cleanup(); + misc_deregister(&vtpmx_miscdev); } module_init(vtpm_module_init);