lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241210222608.598424-1-stefanb@linux.ibm.com>
Date: Tue, 10 Dec 2024 17:26:08 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: linux-integrity@...r.kernel.org, jarkko@...nel.org
Cc: linux-kernel@...r.kernel.org, Stefan Berger <stefanb@...ux.ibm.com>,
        Andy Liang <andy.liang@....com>, Takashi Iwai <tiwai@...e.de>
Subject: [PATCH] tpm/eventlog: Limit memory allocations for event logs with excessive size

The TPM2 ACPI BIOS eventlog of a particular machine indicates that the
length of the log is 4MB, even though the actual length of its useful data,
when dumped, are only 69kb. To avoid allocating excessive amounts of memory
for the event log, limit the size of any eventlog to 128kb. This should be
sufficient memory and also not unnecessarily truncate event logs on any
other machine.

Reported-by: Andy Liang <andy.liang@....com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219495
Cc: Takashi Iwai <tiwai@...e.de>
Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
---
 drivers/char/tpm/eventlog/acpi.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c
index 69533d0bfb51..701fd7d4cc28 100644
--- a/drivers/char/tpm/eventlog/acpi.c
+++ b/drivers/char/tpm/eventlog/acpi.c
@@ -26,6 +26,8 @@
 #include "../tpm.h"
 #include "common.h"
 
+#define MAX_TPM_LOG_LEN		(128 * 1024)
+
 struct acpi_tcpa {
 	struct acpi_table_header hdr;
 	u16 platform_class;
@@ -135,6 +137,12 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
 		return -EIO;
 	}
 
+	if (len > MAX_TPM_LOG_LEN) {
+		dev_warn(&chip->dev, "Excessive TCPA log len %llu truncated to %u bytes\n",
+			 len, MAX_TPM_LOG_LEN);
+		len = MAX_TPM_LOG_LEN;
+	}
+
 	/* malloc EventLog space */
 	log->bios_event_log = devm_kmalloc(&chip->dev, len, GFP_KERNEL);
 	if (!log->bios_event_log)
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ