lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160728225250.GA28623@dtor-ws>
Date:	Thu, 28 Jul 2016 15:52:50 -0700
From:	Dmitry Torokhov <dtor@...omium.org>
To:	Andrey Pronin <apronin@...omium.org>
Cc:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
	Peter Huewe <peterhuewe@....de>,
	Marcel Selhorst <tpmdd@...horst.net>,
	Jason Gunthorpe <jgunthorpe@...idianresearch.com>,
	tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	Christophe Ricard <christophe.ricard@...il.com>,
	smbarber@...omium.org, dianders@...omium.org
Subject: Re: [PATCH v3 1/2] tpm_tis_core: add optional max xfer size check

On Wed, Jul 27, 2016 at 08:49:56PM -0700, Andrey Pronin wrote:
> If tpm reports a bigger burstcnt than allowed by the physical protocol,
> set burstcnt to the max allowed value.
> 
> In practice, seen in case of xfer issues (e.g. in spi interface case,
> lost header causing flow control issues and wrong values returned on read
> from TPM_STS). Without catching, causes the physical layer to reject xfer.
> 
> Signed-off-by: Andrey Pronin <apronin@...omium.org>
> ---
>  drivers/char/tpm/tpm_tis_core.c | 9 ++++++++-
>  drivers/char/tpm/tpm_tis_core.h | 1 +
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
> index f22caf8..7c4fa0c 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -168,8 +168,15 @@ static int get_burstcount(struct tpm_chip *chip)
>  			return rc;
>  
>  		burstcnt = (value >> 8) & 0xFFFF;
> -		if (burstcnt)
> +		if (burstcnt) {
> +			if (priv->phy_ops->max_xfer_size &&
> +			    (burstcnt > priv->phy_ops->max_xfer_size)) {

This does not actually need parentheses, otehrwise:

Reviewed-by: Dmitry Torokhov <dtor@...omium.org>

> +				dev_warn(&chip->dev,
> +					 "Bad burstcnt read: %d\n", burstcnt);
> +				burstcnt = priv->phy_ops->max_xfer_size;
> +			}
>  			return burstcnt;
> +		}
>  		msleep(TPM_TIMEOUT);
>  	} while (time_before(jiffies, stop));
>  	return -EBUSY;
> diff --git a/drivers/char/tpm/tpm_tis_core.h b/drivers/char/tpm/tpm_tis_core.h
> index 9191aab..58e8b14 100644
> --- a/drivers/char/tpm/tpm_tis_core.h
> +++ b/drivers/char/tpm/tpm_tis_core.h
> @@ -102,6 +102,7 @@ struct tpm_tis_phy_ops {
>  	int (*read16)(struct tpm_tis_data *data, u32 addr, u16 *result);
>  	int (*read32)(struct tpm_tis_data *data, u32 addr, u32 *result);
>  	int (*write32)(struct tpm_tis_data *data, u32 addr, u32 src);
> +	u16 max_xfer_size;
>  };
>  
>  static inline int tpm_tis_read_bytes(struct tpm_tis_data *data, u32 addr,
> -- 
> 2.6.6
> 

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ