lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 11 Oct 2018 13:27:58 +0000
From:   "Winkler, Tomas" <tomas.winkler@...el.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Jason Gunthorpe <jgg@...pe.ca>
CC:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Peter Huewe <peterhuewe@....de>, Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] tpm: fix unused-value issues in tpm_try_transmit

> 
> On Wed, Oct 10, 2018 at 08:06:38AM -0600, Jason Gunthorpe wrote:
> > On Wed, Oct 10, 2018 at 03:38:17PM +0200, Gustavo A. R. Silva wrote:
> > > Currently, there are some values assigned to variable *rc*, which
> > > are never actually used in any computation, because such variable is
> > > updated at line 550, before they can be used:
> > >
> > > 549out:
> > > 550        rc = tpm_go_idle(chip, flags);
> > > 551        if (rc)
> > > 552                goto out;
> > >
> > > Fix this by removing such assignments.
> >
> > Should this be done by not quashing rc during the error unwind rather
> > than dropping the errors?
> 
> Yeah.`
> 
> Wondering if tpm_go_idle() should simply be a void-function i.e. issue just a
> warning inside (disclaimer: did not revisit its code when writing this).

We did have rather a long discussion about it when it was merged.
There are two flows that may crash 
rc = tpm2_commit_space()

but you still can need to 

rc  = go_idle()  

which also may crash which may override the previous value. 

Frankly the second one is fatal, the stack will go out of sync.
We may do void here as the stack will crash in a subsequent command. 

The 'goto out' is quite a  bug, probably caused by code movement.


Thanks
Tomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ