lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 22 Oct 2014 11:26:46 -0600
From:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
To:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:	Peter Huewe <peterhuewe@....de>, Ashley Lai <ashley@...leylai.com>,
	Marcel Selhorst <tpmdd@...horst.net>,
	tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	linux-api@...r.kernel.org, josh.triplett@...el.com,
	christophe.ricard@...il.com, jason.gunthorpe@...idianresearch.com
Subject: Re: [PATCH v1 3/3] tpm: fix multiple race conditions in tpm_ppi.c

On Wed, Oct 22, 2014 at 07:23:56PM +0300, Jarkko Sakkinen wrote:
> Traversal of the ACPI device tree was not done right. It should lookup
> PPI only under the ACPI device that it is associated. Otherwise, it could
> match to a wrong PPI interface if there are two TPM devices in the device
> tree.
> 
> Removed global ACPI handle and version string from tpm_ppi.c as this
> is racy. Instead they should be associated with the chip.
> 
> Moved code just a tiny bit towards two-phase allocation to implement
> fix for the PPI race conditions.

Not this version..

> Added missing copyright platter to tpm_ppi.c.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>

Reviewed-by: Jason Gunthorpe <jgunthorpe@...idianresearch.com>

I like this one the most of the three I've seen :)

Did you also look in tpm_acpi.c to see if it needs to use
acpi_dev_handle somehow too?

> +	union acpi_object *obj;
> +	struct kobject *parent = &chip->dev->kobj;

Nit, this variable is only used once, it would be clearer to inline

> +	/* Cache PPI version string. */
> +	obj = acpi_evaluate_dsm_typed(chip->acpi_dev_handle, tpm_ppi_uuid,
> +				      TPM_PPI_REVISION_ID, TPM_PPI_FN_VERSION,
> +				      NULL, ACPI_TYPE_STRING);
> +       if (obj) {
> +               strlcpy(chip->ppi_version, obj->string.pointer,
> +                       PPI_VERSION_LEN + 1);
> +               ACPI_FREE(obj);
> +       } else
> +               return -ENOMEM;
> +
> +       return chip->acpi_dev_handle ?
> +               sysfs_create_group(parent, &ppi_attr_grp) : 0;

The above sequence can just be:

if (!obj)
   return -ENOMEM;

strlcpy(chip->ppi_version, obj->string.pointer, sizeof(chip->ppi_version));
ACPI_FREE(obj);

return sysfs_create_group(&chip->dev->kobj, &ppi_attr_grp);

Which is more idiomatic. Also remove TPM_PPI_VERSION_LEN, sizeof is better.

I know nothing about acpi, but is ENOMEM the right code? I would think
acpi_evalute_dsm_typed would also fail if tpm_ppi_uuid is not found??

> +	return chip->acpi_dev_handle ?
> +		sysfs_create_group(parent, &ppi_attr_grp) : 0;

dev_handle is already checked to be non 0

> +void tpm_remove_ppi(struct tpm_chip *chip)
> +	struct kobject *parent = &chip->dev->kobj;

Also used only once

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists