| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170104184422.GA12283@obsidianresearch.com>
Date: Wed, 4 Jan 2017 11:44:22 -0700
From: Jason Gunthorpe <jgunthorpe@...idianresearch.com>
To: Stefan Berger <stefanb@...ibm.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
linux-security-module@...r.kernel.org,
tpmdd-devel@...ts.sourceforge.net,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands
On Wed, Jan 04, 2017 at 01:04:59PM -0500, Stefan Berger wrote:
> > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> > */
> > int tpm2_auto_startup(struct tpm_chip *chip)
> > {
> > + u32 nr_commands;
> > int rc;
> > + int i;
> >
> > rc = tpm_get_timeouts(chip);
> > if (rc)
> > @@ -967,8 +969,49 @@ int tpm2_auto_startup(struct tpm_chip *chip)
> > }
> > }
> >
> > + rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands,
> NULL);
> > + if (rc)
> > + return rc;
> > +
> > + chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands,
> > + GFP_KERNEL);
> For some reason this devm_kzalloc bombs for the vtpm proxy driver. The
> only reason I could come up with is that it's being called before
> tpm_add_char_device() has been called.
It would also fail if nr_commands is wrong, and this should be one of
the array safe allocation functions since nr_command is data from the
TPM...
Jason
Powered by blists - more mailing lists