lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 25 Sep 2020 13:29:20 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     linux-integrity <linux-integrity@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>
Subject: Re: [PATCH] tpm: of: avoid __va() translation for event log address

On Fri, Sep 25, 2020 at 09:00:56AM +0200, Ard Biesheuvel wrote:
> On Fri, 25 Sep 2020 at 07:56, Jarkko Sakkinen
> <jarkko.sakkinen@...ux.intel.com> wrote:
> >
> > On Tue, Sep 22, 2020 at 11:41:28AM +0200, Ard Biesheuvel wrote:
> > > The TPM event log is provided to the OS by the firmware, by loading
> > > it into an area in memory and passing the physical address via a node
> > > in the device tree.
> > >
> > > Currently, we use __va() to access the memory via the kernel's linear
> > > map: however, it is not guaranteed that the linear map covers this
> > > particular address, as we may be running under HIGHMEM on a 32-bit
> > > architecture, or running firmware that uses a memory type for the
> > > event log that is omitted from the linear map (such as EfiReserved).
> >
> > Makes perfect sense to the level that I wonder if this should have a
> > fixes tag and/or needs to be backported to the stable kernels?
> >
> 
> AIUI, the code was written specifically for ppc64, which is a
> non-highmem, non-EFI architecture. However, when we start reusing this
> driver for ARM, this issue could pop up.
> 
> The code itself has been refactored a couple of times, so I think it
> will require different versions of the patch for different generations
> of stable kernels.
> 
> So perhaps just add Cc: <stable@...r.kernel.org>, and wait and see how
> far back it applies cleanly?

Yeah, I think I'll cc it with some note before the diffstat.

I'm thinking to cap it to only 5.x kernels (at least first) unless it is
dead easy to backport below that.

> > This is a really great catch!
> >
> > I'm a bit late of my PR a bit because of SGX upstreaming madness
> > (sending v39 soon). If you can answer to my question above, I can do
> > that nitpick change to patch and get it to my v5.10 PR.
> >
> 
> Yes, please.

Great, will do, thanks again for fixing this issue!

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ