lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 16 Jul 2010 17:00:53 -0700
From:	Sarah Sharp <>
	Rajiv Andrade <>,
	James Morris <>
Subject: TPM bug fix causes hang on suspend (2.6.35-rc4)

I recently upgraded to 2.6.35-rc4, and I discovered that suspend no
longer works on my Thinkpad x200s.  When I suspend with some programs
open (specifically while buffy is reading my maildirs), the suspend
light blinks forever and the system never suspends.

I bisected the issue down to commit b5edfef, which is a merge of James
Morris' security-testing-2.6 tree, that only included this commit:

commit 02a077c52ef7631275a79862ffd9f3dbe9d38bc2
Author: Rajiv Andrade <>
Date:   Mon Jun 14 13:58:22 2010 -0300

    TPM: ReadPubEK output struct fix
    This patch adds a missing element of the ReadPubEK command output,
    that prevents future overflow of this buffer when copying the
    TPM output result into it.
    Prevents a kernel panic in case the user tries to read the
    pubek from sysfs.
    Signed-off-by: Rajiv Andrade <>
    Signed-off-by: James Morris <>

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 8e00b4d..792868d 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -224,6 +224,7 @@ struct      tpm_readpubek_params_out {
        u8      algorithm[4];
        u8      encscheme[2];
        u8      sigscheme[2];
+       __be32  paramsize;
        u8      parameters[12]; /*assuming RSA*/
        __be32  keysize;
        u8      modulus[256];

The dmesg captured over netconsole when suspend fails is attached, but
it doesn't look very interesting.  lspci output is also attached.  I
don't have any userspace programs installed that can use TPM, like
trousers or libtspi1.

If I try just removing the tpm_tis, tpm_bios, and tpm modules before
suspending, the suspend still fails.  If I recompile without TPM
hardware support (CONFIG_TCG_TPM=n), suspend still fails.  However, if I
also turn off the securityFS config option (CONFIG_SECURITYFS),
suspend succeeds.

It looks like an odd commit to cause a suspend failure, but when I reset
the git HEAD to the commit before the merge of this patch, and suspend
works fine.  Can you fix this?

Sarah Sharp

View attachment "dmesg-tpm-failed-suspend.txt" of type "text/plain" (708 bytes)

View attachment "lspci-thinkpad-x200s.txt" of type "text/plain" (13973 bytes)

Powered by blists - more mailing lists