Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp858738img; Mon, 18 Mar 2019 16:21:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqzqrppJtIHHz9A12aNOkBrGEEb4gJ708PSxa6TgXt5TUXuzIE0Bu2JQJf03+0SIQuvqwQHf X-Received: by 2002:a17:902:a413:: with SMTP id p19mr22822816plq.337.1552951296715; Mon, 18 Mar 2019 16:21:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552951296; cv=none; d=google.com; s=arc-20160816; b=ZbHIwYfUmIgkY6ZK0mVomHDoRp0+8y+eG/wzePHTXv6cz2VftybozCbX8YrgaDbXi2 oL/aZk1p5pqWIv1/48JlX3ZEl92kAFCJU3D4PDQOVaQfw9ln0WIeLLY9oYjtXyLYWYkc Ap6L6BvXCfhflYKoc61lSu8SPrzHPEIpWgayjgANNTaVHTRkrIFqQynyjd+k76y1y4S8 F6edY/Bwra/et4JSxWPWQa0NkmnHYkUS5SvA5J8EwqBwxwc6WYXITxiNtTMIG+0njd/x 1jet67ehWF7ww537BAalo66fjpkESVxrwX+clkYnt/1RRg1QBg5csEtjJghgXOOdjzKY lasA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=6QhOVHTlI8oTI2BNuu8rK4znonuwGpc7fP3TGpOF8hk=; b=Bs3D6eDhcOQI4UoJiegTwJ1pTKFvZMdZvKbcxlWsa0TTXTRRo9H4hDAPD03PGO3Kff 4qhtzILOAnZEex5lESEBynrQbQX6D3J/U6PNnYBV3GxzwDOiGr/5fTu/mjOd2Mt1XmPM mCecvB4MFxSqXGtOMcH10RjSVDkF+av0sSs11E4UQRwpPYs+W8/J6FDV2Fsbwq6Q6thV kIZZd7LJjNMFjujlNadxh2qQfD8HKQKIeAjL7xnJOozaq1j7shjG+5uT3kQ3bDB4OF1e 8p0eg12JtcJoWI5knVcEYlEenEAgLai32MpstkExt/wCEIohF4fq7hyxSK4coqOsjFAH 0Rlw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=Hzpnh2Zj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w2si9643530pgs.6.2019.03.18.16.21.20; Mon, 18 Mar 2019 16:21:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=Hzpnh2Zj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727330AbfCRXT3 (ORCPT + 99 others); Mon, 18 Mar 2019 19:19:29 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:60172 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726438AbfCRXT3 (ORCPT ); Mon, 18 Mar 2019 19:19:29 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 1207B8EE119; Mon, 18 Mar 2019 16:19:29 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQsEcoY1EFiB; Mon, 18 Mar 2019 16:19:28 -0700 (PDT) Received: from [153.66.254.194] (unknown [50.35.68.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 94F338EE10A; Mon, 18 Mar 2019 16:19:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1552951168; bh=X51JQ1Cy+t84MAFc2SuFWUzvGQgnT/zXKW5/9miYgBM=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=Hzpnh2Zj6gyjxlBuPOKMrdaXmWs05f/FgUORA/wg79HLad3LGkWNmQDLX4SlJf4qn AtZ0sMpe+wGPNyshLYXbL9ka9epmAYIuEdaGKKeFK8LBn9oxlTmN4T+tMFK493fbki Sz6jY6EYhOXh48zOyuXDCpwBkqD2IKMP1D58cfgg= Message-ID: <1552951167.2785.22.camel@HansenPartnership.com> Subject: Re: [PATCH] tpm: fix a race between poll and write in tpm-dev-common From: James Bottomley To: Tadeusz Struk , jarkko.sakkinen@linux.intel.com Cc: grawity@gmail.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 18 Mar 2019 16:19:27 -0700 In-Reply-To: <155294749695.20367.14472779462229450620.stgit@tstruk-mobl1.jf.intel.com> References: <155294749695.20367.14472779462229450620.stgit@tstruk-mobl1.jf.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2019-03-18 at 15:18 -0700, Tadeusz Struk wrote: > Since the poll returns EPOLLIN base on the state of two > variables, the response_read being false and the > response_length > 0 the poll needs to take the buffer_mutex > after it is woken up. > > Fixes: 9488585b21bef0df12 ("tpm: add support for partial reads") > Reported-by: Mantas Mikulėnas > Signed-off-by: Tadeusz Struk > --- > drivers/char/tpm/tpm-dev-common.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/char/tpm/tpm-dev-common.c > b/drivers/char/tpm/tpm-dev-common.c > index 5eecad233ea1..61e458d6f652 100644 > --- a/drivers/char/tpm/tpm-dev-common.c > +++ b/drivers/char/tpm/tpm-dev-common.c > @@ -203,12 +203,14 @@ __poll_t tpm_common_poll(struct file *file, > poll_table *wait) > __poll_t mask = 0; > > poll_wait(file, &priv->async_wait, wait); > + mutex_lock(&priv->buffer_mutex); > > if (!priv->response_read || priv->response_length) > mask = EPOLLIN | EPOLLRDNORM; > else > mask = EPOLLOUT | EPOLLWRNORM; > > + mutex_unlock(&priv->buffer_mutex); This doesn't do anything to address the theory that the queued work hasn't run before the poll wakes up, does it? If you have an alternative theory, could you explain it? Thanks, James