| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Mar 2024 21:32:50 +1100 From: Michael Ellerman <mpe@...erman.id.au> To: Rob Herring <robh@...nel.org>, Stefan Berger <stefanb@...ux.ibm.com> Cc: linux-integrity@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org, jarkko@...nel.org, rnsastry@...ux.ibm.com, peterhuewe@....de, viparash@...ibm.com Subject: Re: [PATCH 1/2] powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sml-log Rob Herring <robh@...nel.org> writes: > On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote: >> On 3/7/24 16:52, Rob Herring wrote: >> > On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote: >> > > Stefan Berger <stefanb@...ux.ibm.com> writes: >> > > > linux,sml-base holds the address of a buffer with the TPM log. This >> > > > buffer may become invalid after a kexec and therefore embed the whole TPM >> > > > log in linux,sml-log. This helps to protect the log since it is properly >> > > > carried across a kexec with both of the kexec syscalls. >> > > > >> > > > Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com> >> > > > --- >> > > > arch/powerpc/kernel/prom_init.c | 8 ++------ >> > > > 1 file changed, 2 insertions(+), 6 deletions(-) >> > > > >> >> > >> > >> > > Also adding the new linux,sml-log property should be accompanied by a >> > > change to the device tree binding. >> > > >> > > The syntax is not very obvious to me, but possibly something like? >> > > >> > > diff --git a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml >> > > index 50a3fd31241c..cd75037948bc 100644 >> > > --- a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml >> > > +++ b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml >> > > @@ -74,8 +74,6 @@ required: >> > > - ibm,my-dma-window >> > > - ibm,my-drc-index >> > > - ibm,loc-code >> > > - - linux,sml-base >> > > - - linux,sml-size >> > >> > Dropping required properties is an ABI break. If you drop them, an older >> > OS version won't work. >> >> 1) On PowerVM and KVM on Power these two properties were added in the Linux >> code. I replaced the creation of these properties with creation of >> linux,sml-log (1/2 in this series). I also replaced the handling of >> these two (2/2 in this series) for these two platforms but leaving it for >> powernv systems where the firmware creates these. > > Okay, I guess your case is not a ABI break if the kernel is populating > it and the same kernel consumes it. > > You failed to answer my question on using /reserved-memory. Again, why > can't that be used? That is the standard way we prevent chunks of memory > from being clobbered. Yes I think that would mostly work. I don't see support for /reserved-memory in kexec-tools, so that would need fixing I think. My logic was that the memory is not special. It's just a buffer we allocated during early boot to store the log. There isn't anything else in the system that relies on that memory remaining untouched. So it seemed cleaner to just put the log in the device tree, rather than a pointer to it. Having the log external to the device tree creates several problems, like the crash kernel region colliding with it, it being clobbered by kexec, etc. cheers
Powered by blists - more mailing lists