lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <22032156-bd61-4c72-ad47-fe5932cd832a@linux.ibm.com>
Date:   Mon, 27 Nov 2023 16:10:09 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     Jarkko Sakkinen <jarkko@...nel.org>,
        linux-integrity@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org,
        James Bottomley <James.Bottomley@...senPartnership.com>,
        William Roberts <bill.c.roberts@...il.com>,
        David Howells <dhowells@...hat.com>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Mario Limonciello <mario.limonciello@....com>,
        Jerry Snitselaar <jsnitsel@...hat.com>
Subject: Re: [PATCH v6 7/8] tpm: Add tpm_buf_read_{u8,u16,u32}



On 11/23/23 21:02, Jarkko Sakkinen wrote:
> Declare reader functions for the instances of struct tpm_buf. If the read
> goes out of boundary, TPM_BUF_BOUNDARY_ERROR is set, and subsequent read
> will do nothing.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>

> ---
> v5 [2023-11-24]: Fixed off-by-one error in the boundary check.
> v4 [2023-11-21]: Address James Bottomley's feedback for v2 of this
> patch, i.e. offset pointer was not correctly dereferenced.
> v3 [2023-11-21]: Add possibility to check for boundary error to the
> as response to the feedback from Mario Limenciello:
> https://lore.kernel.org/linux-integrity/3f9086f6-935f-48a7-889b-c71398422fa1@amd.com/
> ---
>   drivers/char/tpm/tpm-buf.c | 79 +++++++++++++++++++++++++++++++++++++-
>   include/linux/tpm.h        |  5 +++
>   2 files changed, 83 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c
> index 099b4a56c5d5..32619e9ab4fa 100644
> --- a/drivers/char/tpm/tpm-buf.c
> +++ b/drivers/char/tpm/tpm-buf.c
> @@ -107,7 +107,7 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length)
>   		return;
>   
>   	if ((buf->length + new_length) > PAGE_SIZE) {
> -		WARN(1, "tpm_buf: overflow\n");
> +		WARN(1, "tpm_buf: write overflow\n");
>   		buf->flags |= TPM_BUF_OVERFLOW;
>   		return;
>   	}
> @@ -143,3 +143,80 @@ void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value)
>   	tpm_buf_append(buf, (u8 *)&value2, 4);
>   }
>   EXPORT_SYMBOL_GPL(tpm_buf_append_u32);
> +
> +/**
> + * tpm_buf_read() - Read from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + * @count:	the number of bytes to read
> + * @output:	the output buffer
> + */
> +static void tpm_buf_read(struct tpm_buf *buf, off_t *offset, size_t count, void *output)
> +{
> +	off_t next_offset;
> +
> +	/* Return silently if overflow has already happened. */
> +	if (buf->flags & TPM_BUF_BOUNDARY_ERROR)
> +		return;
> +
> +	next_offset = *offset + count;
> +	if (next_offset > buf->length) {
> +		WARN(1, "tpm_buf: read out of boundary\n");
> +		buf->flags |= TPM_BUF_BOUNDARY_ERROR;
> +		return;
> +	}
> +
> +	memcpy(output, &buf->data[*offset], count);
> +	*offset = next_offset;
> +}
> +
> +/**
> + * tpm_buf_read_u8() - Read 8-bit word from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + *
> + * Return: next 8-bit word
> + */
> +u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset)
> +{
> +	u8 value;
> +
> +	tpm_buf_read(buf, offset, sizeof(value), &value);
> +
> +	return value;
> +}
> +EXPORT_SYMBOL_GPL(tpm_buf_read_u8);
> +
> +/**
> + * tpm_buf_read_u16() - Read 16-bit word from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + *
> + * Return: next 16-bit word
> + */
> +u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset)
> +{
> +	u16 value;
> +
> +	tpm_buf_read(buf, offset, sizeof(value), &value);
> +
> +	return be16_to_cpu(value);
> +}
> +EXPORT_SYMBOL_GPL(tpm_buf_read_u16);
> +
> +/**
> + * tpm_buf_read_u32() - Read 32-bit word from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + *
> + * Return: next 32-bit word
> + */
> +u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset)
> +{
> +	u32 value;
> +
> +	tpm_buf_read(buf, offset, sizeof(value), &value);
> +
> +	return be32_to_cpu(value);
> +}
> +EXPORT_SYMBOL_GPL(tpm_buf_read_u32);
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 715db4a91c1f..e8172f81c562 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -302,6 +302,8 @@ enum tpm_buf_flags {
>   	TPM_BUF_OVERFLOW	= BIT(0),
>   	/* TPM2B format: */
>   	TPM_BUF_TPM2B		= BIT(1),
> +	/* read out of boundary: */
> +	TPM_BUF_BOUNDARY_ERROR	= BIT(2),
>   };
>   
>   /*
> @@ -338,6 +340,9 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length);
>   void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value);
>   void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value);
>   void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value);
> +u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset);
> +u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset);
> +u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset);
>   
>   /*
>    * Check if TPM device is in the firmware upgrade mode.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ