| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7316e17a4d8dba36a4a773f87dc4f516697dd402.camel@HansenPartnership.com> Date: Tue, 01 Jul 2025 22:51:55 -0400 From: James Bottomley <James.Bottomley@...senPartnership.com> To: Jarkko Sakkinen <jarkko@...nel.org>, linux-kernel@...r.kernel.org Cc: keyrings@...r.kernel.org, Stefan Berger <stefanb@...ux.ibm.com>, Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>, Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>, Mimi Zohar <zohar@...ux.ibm.com>, David Howells <dhowells@...hat.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, "open list:TPM DEVICE DRIVER" <linux-integrity@...r.kernel.org>, "open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org> Subject: Re: [PATCH v4] tpm: Managed allocations for tpm_buf instances On Tue, 2025-07-01 at 17:51 +0300, Jarkko Sakkinen wrote: > Repeal and replace tpm_buf_init() and tpm_buf_init_sized() with > tpm_buf_alloc(), which returns a buffer of memory with the struct > tpm_buf header at the beginning of the returned buffer. This leaves > 4090 bytes of free space for the payload. Shouldn't this be accounted for in tpm_buf_append()? right now it will let us run off the end of the allocation by six bytes before it signals overflow because it's checking final length against PAGE_SIZE not PAGE_SIZE - sizeof(struct tpm_buf). I realise this should be an impossible condition in production, but it's useful for debugging so we should be accurate about it to avoid hard to detect bugs. Regards, James
Powered by blists - more mailing lists