TPM CVE and race patches

Seth Forshee seth.forshee at
Mon Dec 5 21:22:00 UTC 2011

On Mon, Dec 05, 2011 at 01:05:48PM -0700, Tim Gardner wrote:
> Seth - would you give this a quick review before I send it upstream:
> The following changes since commit b6acbb61eb4296c2a25e47e851208bab843ac112:
>   Leann Ogasawara (1):
>         UBUNTU: [Config] updateconfigs after dropping i386 generic
> are available in the git repository at:
>   git:// master-next
> Tim Gardner (2):
>       TPM: Zero whole buffer after copying to userspace

That looks like it ought to do the job.

>       TPM: Close data_pending and data_buffer races

That looks like it should work too, but if you're going to go the route
of protecting data_pending with the mutex then you've effectively
eliminated the need for it to be atomic. Seems like you might as well
take it to the logical conclusion and change data_pending to a plain
integer type (looks like size_t would be the appropriate choice).

>  drivers/char/tpm/tpm.c |   20 +++++++++++---------
>  1 files changed, 11 insertions(+), 9 deletions(-)
> -- 
> Tim Gardner tim.gardner at

More information about the kernel-team mailing list