Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp255531pxb; Mon, 13 Sep 2021 18:31:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4NE6a8eKAbg9Zjk9bvbB7OTjbg2FnKLe+KHX6lfwhg3/bQ5Q2QWa5s81oxUFnc+BGCL2U X-Received: by 2002:a92:ad0a:: with SMTP id w10mr9998709ilh.93.1631583064414; Mon, 13 Sep 2021 18:31:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631583064; cv=none; d=google.com; s=arc-20160816; b=Kbt6UISAB9tRz8MPkjg5A+dGh6d8jX0uYF3nzyLWb9FHTOUs8sGj+fxRarWIqoMOSO LMbguDEAsHTvu0uERNzDcLnydpgXJE8qOPjdhNY8ApfiJEgDqmtidwjlJpFUiIgWe8hW XmEaNMDLzilsEh/gcwdwEdpNlfVlLmeifIR4WfA5m/iYHQCTyAGIKRh+gMDC4cC1+78m dCFSsOdi3pGvyZnq3cDKK1aABw5nGIBJ+cixTBdbcZWXeuYC+YT3sVvSJmtN8OiIPo7P k0X7qjjkMNJfvra06+tw4SZv109FjuFIG92SCcGRzk/nZAneqJzqALMF9SujXpaJcu8T Q/Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=ROKfi1j6O6/b6NJU/GxZO7zzPnDnAEe2zixZ9LMELis=; b=s/P1kRd5GdNKlnoBx1534VrzKkVpIb5hYAuddknbEi4MO1BWkqR2xDpsQiZf5rXlMM mF1b4jh4IoG57wYucSCnVsh2jf6graz6BOj6JTtR///yLRo7AFra50zD11GPYrQIOj4P FiojOkdwrAlGFnwDKwO+HzQVsdgUYw80imfGQygK0GIrbzyHeiHzT3NndffOxK3dYoS1 X1H5I8ei88IYx9OtYllYnbpKgKb0ArKqjKdai2SiWhoarTbkJq9bjqRNgH/zEH5cQP5a I5pjgChuDu7P/tRqoy5ofki+4Cq9AfbO+4vdXwQmKllJlOLkn8mRn5oxaHA85WeF/gZg y5kA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=i1861PIi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k35si8275062jac.46.2021.09.13.18.30.53; Mon, 13 Sep 2021 18:31:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=i1861PIi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238424AbhINAc6 (ORCPT + 99 others); Mon, 13 Sep 2021 20:32:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:54160 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235668AbhINAc6 (ORCPT ); Mon, 13 Sep 2021 20:32:58 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 206FE60232; Tue, 14 Sep 2021 00:31:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1631579501; bh=ROKfi1j6O6/b6NJU/GxZO7zzPnDnAEe2zixZ9LMELis=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=i1861PIiMSnWhP5nnLDhXk+XB7414kaY17sDc6oHtnuLyuIQNQub8gKXQBR7TwGBP tvT/zVmawApBLxV6pCclJ2qiLKtPL4gQCrIVRRHDXBR7QvI3C2fb76v0mXFqP+EKq1 MVLWzihVlKx8j/Es3yJjjWvqFPPtsFCRvmUyxpuOn/N95hNz/Ib3m/5BOfjbJClvFQ ENdGYJpzIyt36ZzDJbUMH7Rs4d2aF5QVav5ag4XVbHwM047+DKbyXPh+XW6m7dRbTj S+bTvL5SB7Z0G9HAxOAEM67R29rMXtYjlzIvgPLtFd5ORlLMMoJ6tW/ePE1aySAMmQ 158WFcs52eFxA== Message-ID: Subject: Re: Aw: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device() From: Jarkko Sakkinen To: Lino Sanfilippo Cc: peterhuewe@gmx.de, jgg@ziepe.ca, p.rosenberger@kunbus.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Date: Tue, 14 Sep 2021 03:31:39 +0300 In-Reply-To: References: <20210910180451.19314-1-LinoSanfilippo@gmx.de> <204a438b6db54060d03689389d6663b0d4ca815d.camel@kernel.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.36.5-0ubuntu1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2021-09-13 at 22:53 +0200, Lino Sanfilippo wrote: > Hi, >=20 > > Gesendet: Montag, 13. September 2021 um 22:25 Uhr > > Von: "Jarkko Sakkinen" > > An: "Lino Sanfilippo" , peterhuewe@gmx.de, jgg@z= iepe.ca > > Cc: p.rosenberger@kunbus.com, linux-integrity@vger.kernel.org, linux-ke= rnel@vger.kernel.org, stable@vger.kernel.org > > Betreff: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_= char_device() > >=20 > > On Fri, 2021-09-10 at 20:04 +0200, Lino Sanfilippo wrote: > > > In tpm_del_char_device() make sure that chip->ops is still valid. > > > This check is needed since in case of a system shutdown > > > tpm_class_shutdown() has already been called and set chip->ops to NUL= L. > > > This leads to a NULL pointer access as soon as tpm_del_char_device() > > > tries to access chip->ops in case of TPM 2. > > >=20 > > > Fixes: dcbeab1946454 ("tpm: fix crash in tpm_tis deinitialization") > > > Cc: stable@vger.kernel.org > > > Signed-off-by: Lino Sanfilippo > > > --- > >=20 > > Have you been able to reproduce this in some environment? > >=20 > > /Jarkko > >=20 > >=20 >=20 > Yes, this bug is reproducable on my system that is running a 5.10 raspber= ry kernel. > I use a SLB 9670 which is connected via SPI. Can you confirm that the lates mainline kernel has also this issue here? That is lacking in this fix.=20 It's obvious that the issue does not scale to every system, so it would nice to know the difference that triggers the issue, before applying this, and it also needs to be documented to the commit message. /Jarkko