Re: [PATCH 1/2] tpm: Fix tpmrm reference counting

[PATCH 1/2] tpm: Fix tpmrm reference counting · Vincent Whitchurch <hidden> · 2021-06-15
[PATCH 2/2] tpm: Fix crash on tmprm release · Vincent Whitchurch <hidden> · 2021-06-15
Re: [PATCH 2/2] tpm: Fix crash on tmprm release · Jarkko Sakkinen <jarkko@kernel.org> · 2021-06-15
Re: [PATCH 2/2] tpm: Fix crash on tmprm release · Vincent Whitchurch <hidden> · 2021-06-17
Re: [PATCH 2/2] tpm: Fix crash on tmprm release · Stefan Berger <stefanb@linux.ibm.com> · 2022-03-03
Re: [PATCH 1/2] tpm: Fix tpmrm reference counting · Jason Gunthorpe <jgg@ziepe.ca> · 2021-06-16
Re: [PATCH 1/2] tpm: Fix tpmrm reference counting · Vincent Whitchurch <hidden> · 2021-06-17

From: Jason Gunthorpe <jgg@ziepe.ca>
Date: 2021-06-16 18:53:07
Also in: lkml

On Tue, Jun 15, 2021 at 11:14:08AM +0200, Vincent Whitchurch wrote:

The code added by commit 8979b02aaf1d6de8 ("tpm: Fix reference count to
main device") tries to take an extra reference to the main device only
for TPM2 by looking at the flags, but the flags are actually not set
at the time when tpm_chip_alloc() is called, so no extra reference is
ever taken, leading to a use-after-free if the TPM modules are removed
when the tpmrm device is in use.

Please read this

https://lore.kernel.org/linux-integrity/20210205172528.GP4718@ziepe.ca/ (local)

Jason

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help