From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Stefan Berger" Subject: Re: [PATCH RFC 2/4] tpm: validate TPM 2.0 commands Date: Wed, 4 Jan 2017 14:22:45 -0500 Message-ID: References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <20170102132213.22880-3-jarkko.sakkinen@linux.intel.com> <1483553976.2561.38.camel@linux.vnet.ibm.com> <1483556735.2561.53.camel@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7570210585177102823==" Return-path: In-Reply-To: <1483556735.2561.53.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: James Bottomley Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net --===============7570210585177102823== Content-Type: multipart/alternative; boundary="=_alternative 006A75688525809E_=" --=_alternative 006A75688525809E_= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="US-ASCII" James Bottomley wrote on 01/04/2017 02:05:35 PM: > From: James Bottomley > To: Stefan Berger/Watson/IBM@IBMUS > Cc: Jarkko Sakkinen , tpmdd- > devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, Jason Gunthorpe=20 > Date: 01/04/2017 02:05 PM > Subject: Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0=20 commands >=20 > On Wed, 2017-01-04 at 13:59 -0500, Stefan Berger wrote: > > [ 67.699811] WARNING: CPU: 12 PID: 870 at mm/page=5Falloc.c:3511=20 >=20 > What's the code context around this line in your source? Or what > kernel version? If it's this >=20 > if (order >=3D MAX=5FORDER) { > WARN=5FON=5FONCE(!(gfp=5Fmask & =5F=5FGFP=5FNOWARN)); > return NULL; > } >=20 I am running Jarkko's tree, the tabrm branch. 4.9.0-rc5 I think. I have=20 exactly what you are showing above. > Then I think you may have returned bogus data to TPM=5FPT=5FTOTAL=5FCOMMA= NDS; > perhaps print nr=5Fcommands. Ha, what is likely the cause here is that the test suite, which implements = only a few commands to respond to the kernel with from the vtpm proxy=20 side, isn't feeding good data to the driver and the nr=5Fcommands ends up=20 being 0... or actually bogus data / not initialized. I guess the function=20 should check for valid input. Stefan >=20 > James >=20 > > =5F=5Falloc=5Fpages=5Fslowpath+0x771/0xaf0 > > [ 67.701198] Modules linked in: > > [ 67.701400] tpm=5Fvtpm=5Fproxy > > [ 67.701642] nf=5Fconntrack=5Fnetbios=5Fns nf=5Fconntrack=5Fbroadcast > > [ 67.702450] ip6t=5Frpfilter > > [ 67.702662] ip6t=5FREJECT nf=5Freject=5Fipv6 xt=5Fconntrack ebtable= =5Fnat > > [ 67.703618] ebtable=5Fbroute > > [ 67.703784] bridge stp llc ebtable=5Ffilter > > [ 67.704213] ebtables > > [ 67.704367] ip6table=5Fnat nf=5Fconntrack=5Fipv6 nf=5Fdefrag=5Fipv6 > > [ 67.705310] nf=5Fnat=5Fipv6 > > [ 67.705523] ip6table=5Fmangle ip6table=5Fsecurity ip6table=5Fraw=20 > > ip6table=5Ffilter ip6=5Ftables iptable=5Fnat nf=5Fconntrack=5Fipv4 > > nf=5Fdefrag=5Fipv4=20 > > nf=5Fnat=5Fipv4 nf=5Fnat nf=5Fconntrack iptable=5Fmangle iptable=5Fsecu= rity=20 > > iptable=5Fraw nfsd auth=5Frpcgss nfs=5Facl lockd crc32c=5Fintel tpm=5Ft= is=20 > > virtio=5Fballoon i2c=5Fpiix4 tpm=5Ftis=5Fcore > > [ 67.711414] i2c=5Fcore > > [ 67.711610] joydev tpm pcspkr grace sunrpc > > [ 67.712170] 8139too > > [ 67.712360] virtio=5Fpci 8139cp virtio=5Fring serio=5Fraw > > [ 67.713504] ata=5Fgeneric > > [ 67.713706] mii floppy pata=5Facpi virtio > > [ 67.714891] CPU: 12 PID: 870 Comm: kworker/12:2 Not tainted 4.9.0 > > -rc5+=20 > > #652 > > [ 67.715054] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), > > BIOS=20 > > rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014 > > [ 67.715054] Workqueue: tpm-vtpm vtpm=5Fproxy=5Fwork [tpm=5Fvtpm=5Fpr= oxy] > > [ 67.715054] ffffc90002b6fa80 ffffffff8140cad1 > > [ 67.715054] 0000000000000000 > > [ 67.715054] 0000000000000000 > > [ 67.715054] ffffc90002b6fac0 ffffffff810a8b6b 00000db7aba7d298=20 > > 00000000026000c0 > > [ 67.715054] 0000000000000000 0000000000000014 000000000260c0c0=20 > > ffff8802aba7ca00 > > [ 67.715054] Call Trace: > > [ 67.715054] [] dump=5Fstack+0x63/0x82 > > [ 67.715054] [] =5F=5Fwarn+0xcb/0xf0 > > [ 67.715054] [] warn=5Fslowpath=5Fnull+0x1d/0x20 > > [ 67.715054] [] > > =5F=5Falloc=5Fpages=5Fslowpath+0x771/0xaf0 > > [ 67.715054] [] ? > > get=5Fpage=5Ffrom=5Ffreelist+0x526/0xaf0 > > [ 67.715054] [] ? > > =5F=5Fmutex=5Funlock=5Fslowpath+0xe3/0x1a0 > > [ 67.715054] [] > > =5F=5Falloc=5Fpages=5Fnodemask+0x32f/0x390 > > [ 67.715054] [] kmalloc=5Flarge=5Fnode+0x7e/0xe0 > > [ 67.715054] []=20 > > =5F=5Fkmalloc=5Fnode=5Ftrack=5Fcaller+0x225/0x2c0 > > [ 67.715054] [] ? tpm2=5Fauto=5Fstartup+0xa2/0x2e0 > > [tpm] > > [ 67.715054] [] devm=5Fkmalloc+0x27/0x70 > > [ 67.715054] [] tpm2=5Fauto=5Fstartup+0xa2/0x2e0 > > [tpm] > > [ 67.715054] [] tpm=5Fchip=5Fregister+0x5c/0x200 > > [tpm] > > [ 67.715054] [] vtpm=5Fproxy=5Fwork+0x19/0x40=20 > > [tpm=5Fvtpm=5Fproxy] > > [ 67.715054] [] process=5Fone=5Fwork+0x1f3/0x560 > > [ 67.715054] [] ? process=5Fone=5Fwork+0x171/0x560 > > [ 67.715054] [] worker=5Fthread+0x4e/0x480 > > [ 67.715054] [] ? process=5Fone=5Fwork+0x560/0x560 > > [ 67.715054] [] ? process=5Fone=5Fwork+0x560/0x560 > > [ 67.715054] [] kthread+0xf4/0x110 > > [ 67.715054] [] ? kthread=5Fpark+0x60/0x60 > > [ 67.715054] [] ret=5Ffrom=5Ffork+0x25/0x30 > > [ 67.746343] ---[ end trace 4d9abf66365987bd ]--- > >=20 > >=20 > >=20 >=20 --=_alternative 006A75688525809E_= Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="US-ASCII" James Bottomley <jejb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> wrote on 01/04/2017 02:05:35 PM:

> From: James Bottomley <jejb@linux= .vnet.ibm.com>
> To: Stefan Berger/= Watson/IBM@IBMUS
> Cc: Jarkko Sakkinen= <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>, tpmdd-
> devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, Jason Gunthorpe <jgunthorpe@= obsidianresearch.com>
> Date: 01/04= /2017 02:05 PM
> Subject: Re: [tpmdd-d= evel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands
>
> O= n Wed, 2017-01-04 at 13:59 -0500, Stefan Berger wrote:
> > [  = ; 67.699811] WARNING: CPU: 12 PID: 870 at mm/page=5Falloc.c:3511
>
> What's the code context around this line in your source? =  Or what
> kernel version?  If it's this
>
>   &nb= sp;if (order >=3D MAX=5FORDER) {
>       WARN=5FON= =5FONCE(!(gfp=5Fmask & =5F=5FGFP=5FNOWARN));
>     &nbs= p; return NULL;
>    }
>

I am running Jarkko's tree, the tabrm branch. 4.9.0-rc5 I think. I have exactly what you are showing above.

> Then I think you may have returned bogus data to TPM=5F= PT=5FTOTAL=5FCOMMANDS;
> perhaps print nr=5Fcommands.
=
Ha, what is likely the cause here is that the test suite, which implements only a few commands to respond to the kernel with from the vtpm proxy side, isn't feeding good data to the driver and the nr=5Fcommands ends up being 0... or actually bogus data / not initialized. I guess the function should check for valid input.

<= font size=3D2>   Stefan

>
> James
>
> > =5F=5Falloc=5Fpages=5Fslowpath+0= x771/0xaf0
> > [   67.701198] Modules linked in:
> >= [   67.701400]  tpm=5Fvtpm=5Fproxy
> > [   67.7016= 42]  nf=5Fconntrack=5Fnetbios=5Fns nf=5Fconntrack=5Fbroadcast
> = > [   67.702450]  ip6t=5Frpfilter
> > [   67.702= 662]  ip6t=5FREJECT nf=5Freject=5Fipv6 xt=5Fconntrack ebtable=5Fnat
> > [   67.703618]  ebtable=5Fbroute
&g= t; > [   67.703784]  bridge stp llc ebtable=5Ffilter
> &= gt; [   67.704213]  ebtables
> > [   67.704367] &nb= sp;ip6table=5Fnat nf=5Fconntrack=5Fipv6 nf=5Fdefrag=5Fipv6
> > [ &= nbsp; 67.705310]  nf=5Fnat=5Fipv6
> > [   67.705523] &nb= sp;ip6table=5Fmangle ip6table=5Fsecurity ip6table=5Fraw
> > ip6table=5Ffilter ip6=5Ftables iptable=5Fnat nf=5Fconntrack= =5Fipv4
> > nf=5Fdefrag=5Fipv4
> > nf=5Fnat=5Fipv4 nf=5F= nat nf=5Fconntrack iptable=5Fmangle iptable=5Fsecurity
> > iptable=5Fraw nfsd auth=5Frpcgss nfs=5Facl lockd crc32c=5Fint= el tpm=5Ftis
> > virtio=5Fballoon i2c=5Fpiix4 tpm=5Ftis=5Fcore
> > [ =   67.711414]  i2c=5Fcore
> > [   67.711610]  j= oydev tpm pcspkr grace sunrpc
> > [   67.712170]  8139to= o
> > [   67.712360]  virtio=5Fpci 8139cp virtio=5Fring = serio=5Fraw
> > [   67.713504]  ata=5Fgeneric
> &g= t; [   67.713706]  mii floppy pata=5Facpi virtio
> > [ &= nbsp; 67.714891] CPU: 12 PID: 870 Comm: kworker/12:2 Not tainted 4.9.0
> > -rc5+
> > #652
> > [   67.715054= ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS
> > rel-1.10.1-0-g8891697-prebuilt= .qemu-project.org 04/01/2014
> > [   67.715054] Workqueue: tp= m-vtpm vtpm=5Fproxy=5Fwork [tpm=5Fvtpm=5Fproxy]
> > [   67.71= 5054]  ffffc90002b6fa80 ffffffff8140cad1
> > [   67.7150= 54]  0000000000000000
> > [   67.715054]  000000000= 0000000
> > [   67.715054]  ffffc90002b6fac0 ffffffff810= a8b6b 00000db7aba7d298
> > 00000000026000c0
> > [   67.715054]  00000= 00000000000 0000000000000014 000000000260c0c0
> > ffff8802aba7ca00
> > [   67.715054] Call Trace:=
> > [   67.715054]  [<ffffffff8140cad1>] dump=5Fs= tack+0x63/0x82
> > [   67.715054]  [<ffffffff810a8b6b= >] =5F=5Fwarn+0xcb/0xf0
> > [   67.715054]  [<ffff= ffff810a8c9d>] warn=5Fslowpath=5Fnull+0x1d/0x20
> > [   67= .715054]  [<ffffffff811da6f1>]
> > =5F=5Falloc=5Fpages= =5Fslowpath+0x771/0xaf0
> > [   67.715054]  [<fffffff= f811d95e6>] ?
> > get=5Fpage=5Ffrom=5Ffreelist+0x526/0xaf0
&= gt; > [   67.715054]  [<ffffffff8179e583>] ?
> >= ; =5F=5Fmutex=5Funlock=5Fslowpath+0xe3/0x1a0
> > [   67.71505= 4]  [<ffffffff811dad9f>]
> > =5F=5Falloc=5Fpages=5Fnode= mask+0x32f/0x390
> > [   67.715054]  [<ffffffff8123a4= fe>] kmalloc=5Flarge=5Fnode+0x7e/0xe0
> > [   67.715054] &= nbsp;[<ffffffff81241885>]
> > =5F=5Fkmalloc=5Fnode=5Ftrack= =5Fcaller+0x225/0x2c0
> > [   67.715054]  [<ffffffffa= 00c0f42>] ? tpm2=5Fauto=5Fstartup+0xa2/0x2e0
> > [tpm]
> = > [   67.715054]  [<ffffffff815572b7>] devm=5Fkmalloc+0x= 27/0x70
> > [   67.715054]  [<ffffffffa00c0f42>] t= pm2=5Fauto=5Fstartup+0xa2/0x2e0
> > [tpm]
> > [   67= .715054]  [<ffffffffa00bf3bc>] tpm=5Fchip=5Fregister+0x5c/0x200<= br>> > [tpm]
> > [   67.715054]  [<ffffffffa029= c309>] vtpm=5Fproxy=5Fwork+0x19/0x40
> > [tpm=5Fvtpm=5Fproxy]
> > [   67.715054]  [= <ffffffff810c4593>] process=5Fone=5Fwork+0x1f3/0x560
> > [ &= nbsp; 67.715054]  [<ffffffff810c4511>] ? process=5Fone=5Fwork+0x= 171/0x560
> > [   67.715054]  [<ffffffff810c494e>]= worker=5Fthread+0x4e/0x480
> > [   67.715054]  [<fff= fffff810c4900>] ? process=5Fone=5Fwork+0x560/0x560
> > [  = 67.715054]  [<ffffffff810c4900>] ? process=5Fone=5Fwork+0x560/0= x560
> > [   67.715054]  [<ffffffff810ca994>] kthr= ead+0xf4/0x110
> > [   67.715054]  [<ffffffff810ca8a0= >] ? kthread=5Fpark+0x60/0x60
> > [   67.715054]  [&l= t;ffffffff817a1c15>] ret=5Ffrom=5Ffork+0x25/0x30
> > [   6= 7.746343] ---[ end trace 4d9abf66365987bd ]---
> >
> > <= br>> >
>

--=_alternative 006A75688525809E_=-- --===============7570210585177102823== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot --===============7570210585177102823== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ tpmdd-devel mailing list tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/tpmdd-devel --===============7570210585177102823==--