lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aSiG7l_1E12r_56c@kernel.org>
Date: Thu, 27 Nov 2025 19:14:22 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: linux-integrity@...r.kernel.org, ross.philipson@...cle.com,
	Jonathan McDowell <noodles@...th.li>,
	Stefano Garzarella <sgarzare@...hat.com>,
	Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
	Roberto Sassu <roberto.sassu@...wei.com>,
	Jonathan McDowell <noodles@...a.com>,
	Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 01/11] tpm: Cap the number of PCR banks

On Thu, Nov 27, 2025 at 05:09:38PM +0100, Roberto Sassu wrote:
> On Thu, 2025-11-27 at 15:54 +0200, Jarkko Sakkinen wrote:
> > From: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
> > 
> > tpm2_get_pcr_allocation() does not cap any upper limit for the number of
> > banks. Cap the limit to eight banks so that out of bounds values coming
> > from external I/O cause on only limited harm.
> > 
> > Cc: Roberto Sassu <roberto.sassu@...wei.com>
> 
> Sorry, I realized that you are expecting me to review.
> 
> I have a couple of questions:
> - Could you explain better how out of bounds would occur, since one
>   could check the number of PCR banks?
> - Is dynamic allocation that bad? And if yes, why?
> - Couldn't you just check that the number of available PCR banks isĀ 
>   below the threshold you like and keep dynamic allocation?
> - Is removing tpm1_get_pcr_allocation() improving code readability?

nr_possible_banks is read from external source i.e., neither kernel nor
CPU fully control its value. This causes *uncontrolled* dynamic
allocation. Thus, it must be capped to some value.

> 
> Thanks
> 
> Roberto

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ