From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFD20C432C2 for ; Wed, 25 Sep 2019 10:25:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7AAFB21D7E for ; Wed, 25 Sep 2019 10:25:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="UYwl+Pky" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389667AbfIYKZT (ORCPT ); Wed, 25 Sep 2019 06:25:19 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:50450 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387531AbfIYKZT (ORCPT ); Wed, 25 Sep 2019 06:25:19 -0400 Received: by mail-wm1-f66.google.com with SMTP id 5so4699430wmg.0 for ; Wed, 25 Sep 2019 03:25:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YsAAEdAnYhuD24RBj5UQt7anrWgvey/6pgyZTzvHDNQ=; b=UYwl+PkyE4LyhX9Bwrtb55DJgg0t6nDhFP4+vHYPs9lVb6ey6p7/I5j20teQl4ZfpR Nk2jXO+EBFUtoef2hQdcvhCtLvcSZorF8q/9g5rWe9wlwTXl3Q8HkLxvmoumVf0eRrJu b2E6WjNKME9ZLlZiD68k3jAe/290lCuRcyNDTDSxFv2j4Sm/YKV0bZPpv6BNUQFVrTlk ar60ZfEexPr6n+3URWiNaDFmUFACj81yMsBRbamdwi0AwjhWif1dJEMu1tMGuntCU1ZW p/gpStXXnCVfS4sN93ObS7XF8txCNS32KWSMhkX6+8Cux29ANksMX5NcbsJpj+6hhz75 uXVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YsAAEdAnYhuD24RBj5UQt7anrWgvey/6pgyZTzvHDNQ=; b=Tby6EWuu4Bc9NbIqWlOMzKwU8+jgxqApNvuuvRNUucSvnuCG8OJCyEuXXIU8hdLol5 mW7QUw+9nTm/uve1JwLa8VapN1z3HCwl+W65Or/jxOCvdC0U2gt6Wj0roMiz0PYAaVr3 xA88LebtO0lgEEGiZHQ9ZO+otct6jVPkqCkHaPIsYrz+sCQzNI65jcT1NJsa1U5Qw2Cx ytZiq4sybLpCuiuwB6gDZ3+eGk5VS1VpBBJ6RbNA5jMo2CC8JjldS8O9KMl/dkMYA0XD 5j+hs7W2FMQdpmQFTBePLMXPxOo/viK03wbf9JSTe2IsQva1BvvOapOP3M6WWn1CkCsN zTXQ== X-Gm-Message-State: APjAAAV7gdbh06FvhPWNtqohnmv5LScWIRhb0s1GQZVbsUzzT/6r4KO7 +p+he6EEdzkc/05ipoza4AAZrmLeM7y0WlL7UvRMHw== X-Google-Smtp-Source: APXvYqyMgrnfISClQMEiMxR6OyDaNMbH+h4WHpY7n7XWx+b/qrWGNgEE7v4W9or4yhiQx8R3PWEvEbMpiqSBoVaZx9w= X-Received: by 2002:a1c:e906:: with SMTP id q6mr6505018wmc.136.1569407117052; Wed, 25 Sep 2019 03:25:17 -0700 (PDT) MIME-Version: 1.0 References: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com> From: Ard Biesheuvel Date: Wed, 25 Sep 2019 12:25:05 +0200 Message-ID: Subject: Re: [PATCH v2 1/2] efi+tpm: Don't access event->count when it isn't mapped. To: Jarkko Sakkinen Cc: linux-integrity , Peter Jones , linux-efi , stable , Lyude Paul , Matthew Garrett , Roberto Sassu , Bartosz Szczepanek , open list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 25 Sep 2019 at 12:16, Jarkko Sakkinen wrote: > > From: Peter Jones > > Some machines generate a lot of event log entries. When we're > iterating over them, the code removes the old mapping and adds a > new one, so once we cross the page boundary we're unmapping the page > with the count on it. Hilarity ensues. > > This patch keeps the info from the header in local variables so we don't > need to access that page again or keep track of if it's mapped. > > Fixes: 44038bc514a2 ("tpm: Abstract crypto agile event size calculations") > Cc: linux-efi@vger.kernel.org > Cc: linux-integrity@vger.kernel.org > Cc: stable@vger.kernel.org > Signed-off-by: Peter Jones > Tested-by: Lyude Paul > Reviewed-by: Jarkko Sakkinen > Acked-by: Matthew Garrett > Acked-by: Ard Biesheuvel > Signed-off-by: Jarkko Sakkinen Thanks Jarkko. Shall I take these through the EFI tree? > --- > include/linux/tpm_eventlog.h | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h > index 63238c84dc0b..12584b69a3f3 100644 > --- a/include/linux/tpm_eventlog.h > +++ b/include/linux/tpm_eventlog.h > @@ -170,6 +170,7 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, > u16 halg; > int i; > int j; > + u32 count, event_type; > > marker = event; > marker_start = marker; > @@ -190,16 +191,22 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, > } > > event = (struct tcg_pcr_event2_head *)mapping; > + /* > + * the loop below will unmap these fields if the log is larger than > + * one page, so save them here for reference. > + */ > + count = READ_ONCE(event->count); > + event_type = READ_ONCE(event->event_type); > > efispecid = (struct tcg_efi_specid_event_head *)event_header->event; > > /* Check if event is malformed. */ > - if (event->count > efispecid->num_algs) { > + if (count > efispecid->num_algs) { > size = 0; > goto out; > } > > - for (i = 0; i < event->count; i++) { > + for (i = 0; i < count; i++) { > halg_size = sizeof(event->digests[i].alg_id); > > /* Map the digest's algorithm identifier */ > @@ -256,8 +263,9 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, > + event_field->event_size; > size = marker - marker_start; > > - if ((event->event_type == 0) && (event_field->event_size == 0)) > + if (event_type == 0 && event_field->event_size == 0) > size = 0; > + > out: > if (do_mapping) > TPM_MEMUNMAP(mapping, mapping_size); > -- > 2.20.1 >