lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 21 Feb 2022 00:05:57 +0100
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Tong Zhang <ztong0001@...il.com>
Cc:     James Bottomley <jejb@...ux.ibm.com>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        David Howells <dhowells@...hat.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Sumit Garg <sumit.garg@...aro.org>,
        linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KEYS: trusted: fix crash when TPM/TEE are built as module

On Fri, Feb 04, 2022 at 12:03:42PM -0800, Tong Zhang wrote:
> when TCG_TPM and TEE are built as module, trusted_key_sources will be an
> empty array, loading it won't do what it is supposed to do and unloading
> it will cause kernel crash.
> 
> To reproduce:
> $ modprobe trusted
> $ modprobe -r trusted
> 
> [  173.749423] Unable to handle kernel NULL pointer dereference at virtual address 00000000
> [  173.755268] Backtrace:
> [  173.755378]  cleanup_trusted [trusted] from sys_delete_module+0x15c/0x22c
> [  173.755589]  sys_delete_module from ret_fast_syscall+0x0/0x1c
> 
> To fix this issue, we also need to check CONFIG_TCG_TPM_MODULE and
> CONFIG_TEE_MODULE.
> 
> Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework")
> Signed-off-by: Tong Zhang <ztong0001@...il.com>
> ---
>  security/keys/trusted-keys/trusted_core.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
> index d5c891d8d353..b3a3b2f2d4a4 100644
> --- a/security/keys/trusted-keys/trusted_core.c
> +++ b/security/keys/trusted-keys/trusted_core.c
> @@ -27,10 +27,10 @@ module_param_named(source, trusted_key_source, charp, 0);
>  MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
>  
>  static const struct trusted_key_source trusted_key_sources[] = {
> -#if defined(CONFIG_TCG_TPM)
> +#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
>  	{ "tpm", &trusted_key_tpm_ops },
>  #endif
> -#if defined(CONFIG_TEE)
> +#if defined(CONFIG_TEE) || defined(CONFIG_TEE_MODULE)
>  	{ "tee", &trusted_key_tee_ops },
>  #endif
>  };
> -- 
> 2.25.1
> 


Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>

BR, Jarkko

Powered by blists - more mailing lists