diff options
Diffstat (limited to 'v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch')
| -rw-r--r-- | v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch b/v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch new file mode 100644 index 000000000..d0ec73a2a --- /dev/null +++ b/v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch @@ -0,0 +1,233 @@ +From patchwork Wed Sep 25 10:16:18 2019 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +X-Patchwork-Id: 11160381 +Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org> +Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org + [172.30.200.123]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 43E0E112B + for <patchwork-linux-integrity@patchwork.kernel.org>; + Wed, 25 Sep 2019 10:16:35 +0000 (UTC) +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.kernel.org (Postfix) with ESMTP id 2BB5521D7A + for <patchwork-linux-integrity@patchwork.kernel.org>; + Wed, 25 Sep 2019 10:16:35 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S2389040AbfIYKQe (ORCPT + <rfc822;patchwork-linux-integrity@patchwork.kernel.org>); + Wed, 25 Sep 2019 06:16:34 -0400 +Received: from mga06.intel.com ([134.134.136.31]:40402 "EHLO mga06.intel.com" + rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP + id S1727141AbfIYKQe (ORCPT <rfc822;linux-integrity@vger.kernel.org>); + Wed, 25 Sep 2019 06:16:34 -0400 +X-Amp-Result: SKIPPED(no attachment in message) +X-Amp-File-Uploaded: False +Received: from orsmga006.jf.intel.com ([10.7.209.51]) + by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; + 25 Sep 2019 03:16:33 -0700 +X-ExtLoop1: 1 +X-IronPort-AV: E=Sophos;i="5.64,547,1559545200"; + d="scan'208";a="193723106" +Received: from dariusvo-mobl.ger.corp.intel.com (HELO localhost) + ([10.249.39.150]) + by orsmga006.jf.intel.com with ESMTP; 25 Sep 2019 03:16:27 -0700 +From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +To: linux-integrity@vger.kernel.org +Cc: Peter Jones <pjones@redhat.com>, linux-efi@vger.kernel.org, + stable@vger.kernel.org, Lyude Paul <lyude@redhat.com>, + Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, + Matthew Garrett <mjg59@google.com>, + Ard Biesheuvel <ard.biesheuvel@linaro.org>, + Roberto Sassu <roberto.sassu@huawei.com>, + Bartosz Szczepanek <bsz@semihalf.com>, + linux-kernel@vger.kernel.org (open list) +Subject: [PATCH v2 1/2] efi+tpm: Don't access event->count when it isn't + mapped. +Date: Wed, 25 Sep 2019 13:16:18 +0300 +Message-Id: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com> +X-Mailer: git-send-email 2.20.1 +MIME-Version: 1.0 +Sender: linux-integrity-owner@vger.kernel.org +Precedence: bulk +List-ID: <linux-integrity.vger.kernel.org> +X-Mailing-List: linux-integrity@vger.kernel.org + +From: Peter Jones <pjones@redhat.com> + +Some machines generate a lot of event log entries. When we're +iterating over them, the code removes the old mapping and adds a +new one, so once we cross the page boundary we're unmapping the page +with the count on it. Hilarity ensues. + +This patch keeps the info from the header in local variables so we don't +need to access that page again or keep track of if it's mapped. + +Fixes: 44038bc514a2 ("tpm: Abstract crypto agile event size calculations") +Cc: linux-efi@vger.kernel.org +Cc: linux-integrity@vger.kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Peter Jones <pjones@redhat.com> +Tested-by: Lyude Paul <lyude@redhat.com> +Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +Acked-by: Matthew Garrett <mjg59@google.com> +Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +--- + include/linux/tpm_eventlog.h | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h +index 63238c84dc0b..12584b69a3f3 100644 +--- a/include/linux/tpm_eventlog.h ++++ b/include/linux/tpm_eventlog.h +@@ -170,6 +170,7 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, + u16 halg; + int i; + int j; ++ u32 count, event_type; + + marker = event; + marker_start = marker; +@@ -190,16 +191,22 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, + } + + event = (struct tcg_pcr_event2_head *)mapping; ++ /* ++ * the loop below will unmap these fields if the log is larger than ++ * one page, so save them here for reference. ++ */ ++ count = READ_ONCE(event->count); ++ event_type = READ_ONCE(event->event_type); + + efispecid = (struct tcg_efi_specid_event_head *)event_header->event; + + /* Check if event is malformed. */ +- if (event->count > efispecid->num_algs) { ++ if (count > efispecid->num_algs) { + size = 0; + goto out; + } + +- for (i = 0; i < event->count; i++) { ++ for (i = 0; i < count; i++) { + halg_size = sizeof(event->digests[i].alg_id); + + /* Map the digest's algorithm identifier */ +@@ -256,8 +263,9 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, + + event_field->event_size; + size = marker - marker_start; + +- if ((event->event_type == 0) && (event_field->event_size == 0)) ++ if (event_type == 0 && event_field->event_size == 0) + size = 0; ++ + out: + if (do_mapping) + TPM_MEMUNMAP(mapping, mapping_size); + +From patchwork Wed Sep 25 10:16:19 2019 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +X-Patchwork-Id: 11160383 +Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org> +Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org + [172.30.200.123]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 363B114DB + for <patchwork-linux-integrity@patchwork.kernel.org>; + Wed, 25 Sep 2019 10:16:40 +0000 (UTC) +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.kernel.org (Postfix) with ESMTP id 1DCE921D7C + for <patchwork-linux-integrity@patchwork.kernel.org>; + Wed, 25 Sep 2019 10:16:40 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S2389138AbfIYKQj (ORCPT + <rfc822;patchwork-linux-integrity@patchwork.kernel.org>); + Wed, 25 Sep 2019 06:16:39 -0400 +Received: from mga18.intel.com ([134.134.136.126]:21948 "EHLO mga18.intel.com" + rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP + id S1727141AbfIYKQj (ORCPT <rfc822;linux-integrity@vger.kernel.org>); + Wed, 25 Sep 2019 06:16:39 -0400 +X-Amp-Result: SKIPPED(no attachment in message) +X-Amp-File-Uploaded: False +Received: from orsmga004.jf.intel.com ([10.7.209.38]) + by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; + 25 Sep 2019 03:16:38 -0700 +X-ExtLoop1: 1 +X-IronPort-AV: E=Sophos;i="5.64,547,1559545200"; + d="scan'208";a="340366339" +Received: from dariusvo-mobl.ger.corp.intel.com (HELO localhost) + ([10.249.39.150]) + by orsmga004.jf.intel.com with ESMTP; 25 Sep 2019 03:16:35 -0700 +From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +To: linux-integrity@vger.kernel.org +Cc: Peter Jones <pjones@redhat.com>, linux-efi@vger.kernel.org, + stable@vger.kernel.org, Lyude Paul <lyude@redhat.com>, + Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, + Matthew Garrett <mjg59@google.com>, + Ard Biesheuvel <ard.biesheuvel@linaro.org>, + linux-kernel@vger.kernel.org (open list) +Subject: [PATCH v2 2/2] efi+tpm: don't traverse an event log with no events +Date: Wed, 25 Sep 2019 13:16:19 +0300 +Message-Id: <20190925101622.31457-2-jarkko.sakkinen@linux.intel.com> +X-Mailer: git-send-email 2.20.1 +In-Reply-To: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com> +References: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com> +MIME-Version: 1.0 +Sender: linux-integrity-owner@vger.kernel.org +Precedence: bulk +List-ID: <linux-integrity.vger.kernel.org> +X-Mailing-List: linux-integrity@vger.kernel.org + +From: Peter Jones <pjones@redhat.com> + +When there are no entries to put into the final event log, some machines +will return the template they would have populated anyway. In this case +the nr_events field is 0, but the rest of the log is just garbage. + +This patch stops us from trying to iterate the table with +__calc_tpm2_event_size() when the number of events in the table is 0. + +Fixes: c46f3405692d ("tpm: Reserve the TPM final events table") +Cc: linux-efi@vger.kernel.org +Cc: linux-integrity@vger.kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Peter Jones <pjones@redhat.com> +Tested-by: Lyude Paul <lyude@redhat.com> +Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +Acked-by: Matthew Garrett <mjg59@google.com> +Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> +--- + drivers/firmware/efi/tpm.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c +index 1d3f5ca3eaaf..b9ae5c6f9b9c 100644 +--- a/drivers/firmware/efi/tpm.c ++++ b/drivers/firmware/efi/tpm.c +@@ -75,11 +75,16 @@ int __init efi_tpm_eventlog_init(void) + goto out; + } + +- tbl_size = tpm2_calc_event_log_size((void *)efi.tpm_final_log +- + sizeof(final_tbl->version) +- + sizeof(final_tbl->nr_events), +- final_tbl->nr_events, +- log_tbl->log); ++ tbl_size = 0; ++ if (final_tbl->nr_events != 0) { ++ void *events = (void *)efi.tpm_final_log ++ + sizeof(final_tbl->version) ++ + sizeof(final_tbl->nr_events); ++ ++ tbl_size = tpm2_calc_event_log_size(events, ++ final_tbl->nr_events, ++ log_tbl->log); ++ } + memblock_reserve((unsigned long)final_tbl, + tbl_size + sizeof(*final_tbl)); + early_memunmap(final_tbl, sizeof(*final_tbl)); |