Received: by 2002:a05:6358:520b:b0:123:56d3:7acd with SMTP id b11csp44128rwa; Sat, 13 May 2023 10:59:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7OcShgoCvuwHAfwhU9nxIx4nUb+JTtV7DnFBzWzlPgkuNQ2j1BhoxsxTKGLLn+45fFcILX X-Received: by 2002:a05:6a20:12d0:b0:102:f744:a708 with SMTP id v16-20020a056a2012d000b00102f744a708mr17028301pzg.35.1684000765130; Sat, 13 May 2023 10:59:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684000765; cv=none; d=google.com; s=arc-20160816; b=mZnBWIZRgK0uEr66HQwkWVhc9mLvvJIC5WHlTUuipMQyu63zmJvO27UXxvbw7LZ28f guPIDwcN57phqXHct2ZdKRKLNvOIYSeR1ABqy5OlyaCv0vJlD0OF2MoJ6289nZeNHlH6 BeUKVfwKlliG2WZPv3OcafJqlA0tX0jLgoDk6Shjny8FDO1XSHmt6fRssHP6iuiwgUER 4tVdtP6cY6GKEv8XGJ1fPK64uTv12Koms6L0dYYepddPq29qNjDR+dX0S6H8rInOV3qD eV2fbLQz1XT0/qOFK1fHeqJsJRE+zkXMdQ2KDIsRrn1v0sHvBegBIO69rqAfnqm5MtyY fchg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=FVgQE2m9MsOfnuT59AcUHnsrX5/b6v16nFByV574T6k=; b=ZAt0yAQrzelr0MrPfoHkK9WJsU3KStABp/s2EU9PsaJnbETCtFI4xT93iaRu/C+Hod DBJYwfXVfedb61hKL8+CQ4t/IS2dXC85VcVRYxmNs211gEpfBBU9Ih7x9H/ZxsxoKqFM 0iv7Fpkcb0lVIfS6/DDvA9m10plbtJEvI/g+i6jpUy7E5rUxWV/M+B0pg+wX89zrwjLH qRConLcwFmLxUIdOjohMVQxE3euYR5yg046AqNtyzN2PWi0WSyCd1ebS8sgvHfvTZtyx cz2eQh4YFYqxg3mpvx59YgIV4X/2q4Tig4oZ6+GIPaUYEMH6sGD4NetlJ05Cv69qv+rb Zv3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=tuni.fi Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k68-20020a633d47000000b005304ceae2e9si10840372pga.78.2023.05.13.10.59.09; Sat, 13 May 2023 10:59:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=tuni.fi Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231501AbjEMR21 (ORCPT + 99 others); Sat, 13 May 2023 13:28:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229482AbjEMR20 (ORCPT ); Sat, 13 May 2023 13:28:26 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F27D2D7F; Sat, 13 May 2023 10:28:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BFECD60F7F; Sat, 13 May 2023 17:28:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C5556C433D2; Sat, 13 May 2023 17:28:22 +0000 (UTC) From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org, Peter Huewe , Jarkko Sakkinen , Jason Gunthorpe , Stefan Berger Cc: Jarkko Sakkinen , stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] tpm_vtpm_proxy: fix race condition in /dev/vtpmx creation Date: Sat, 13 May 2023 20:28:18 +0300 Message-Id: <20230513172818.752712-1-jarkko.sakkinen@tuni.fi> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org /dev/vtpmx is made visible before the workqueue exist, which can lead memory corruption in the worst case, if workqueue is used before it has been fully initialized. Address this by changing the call order. Cc: Stefan Berger Cc: stable@vger.kernel.org Fixes: 6f99612e2500 ("tpm: Proxy driver for supporting multiple emulated TPMs") Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_vtpm_proxy.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/drivers/char/tpm/tpm_vtpm_proxy.c b/drivers/char/tpm/tpm_vtpm_proxy.c index 5c865987ba5c..ef1367cf2f10 100644 --- a/drivers/char/tpm/tpm_vtpm_proxy.c +++ b/drivers/char/tpm/tpm_vtpm_proxy.c @@ -50,7 +50,7 @@ struct proxy_dev { /* all supported flags */ #define VTPM_PROXY_FLAGS_ALL (VTPM_PROXY_FLAG_TPM2) -static struct workqueue_struct *workqueue; +static struct workqueue_struct *vtpm_workqueue; static void vtpm_proxy_delete_device(struct proxy_dev *proxy_dev); @@ -478,7 +478,7 @@ static void vtpm_proxy_work_stop(struct proxy_dev *proxy_dev) */ static inline void vtpm_proxy_work_start(struct proxy_dev *proxy_dev) { - queue_work(workqueue, &proxy_dev->work); + queue_work(vtpm_workqueue, &proxy_dev->work); } /* @@ -697,30 +697,24 @@ static int __init vtpm_module_init(void) { int rc; - rc = vtpmx_init(); - if (rc) { - pr_err("couldn't create vtpmx device\n"); + vtpm_workqueue = create_workqueue("tpm-vtpm"); + if (!vtpm_workqueue) { + rc = -ENOMEM; return rc; } - workqueue = create_workqueue("tpm-vtpm"); - if (!workqueue) { - pr_err("couldn't create workqueue\n"); - rc = -ENOMEM; - goto err_vtpmx_cleanup; + rc = vtpmx_init(); + if (rc) { + vtpmx_cleanup(); + return rc; } return 0; - -err_vtpmx_cleanup: - vtpmx_cleanup(); - - return rc; } static void __exit vtpm_module_exit(void) { - destroy_workqueue(workqueue); + destroy_workqueue(vtpm_workqueue); vtpmx_cleanup(); } -- 2.39.2