lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aSm7bwsqhqzWHETW@kernel.org>
Date: Fri, 28 Nov 2025 17:10:39 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: linux-integrity@...r.kernel.org, ross.philipson@...cle.com,
	Jonathan McDowell <noodles@...th.li>,
	Stefano Garzarella <sgarzare@...hat.com>,
	Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
	Roberto Sassu <roberto.sassu@...wei.com>,
	Jonathan McDowell <noodles@...a.com>,
	Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 01/11] tpm: Cap the number of PCR banks

On Fri, Nov 28, 2025 at 10:21:57AM +0100, Roberto Sassu wrote:
> On Thu, 2025-11-27 at 20:52 +0200, Jarkko Sakkinen wrote:
> > On Thu, Nov 27, 2025 at 06:17:42PM +0100, Roberto Sassu wrote:
> > > On Thu, 2025-11-27 at 19:14 +0200, Jarkko Sakkinen wrote:
> > > > On Thu, Nov 27, 2025 at 05:09:38PM +0100, Roberto Sassu wrote:
> > > > > On Thu, 2025-11-27 at 15:54 +0200, Jarkko Sakkinen wrote:
> > > > > > From: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
> > > > > > 
> > > > > > tpm2_get_pcr_allocation() does not cap any upper limit for the number of
> > > > > > banks. Cap the limit to eight banks so that out of bounds values coming
> > > > > > from external I/O cause on only limited harm.
> > > > > > 
> > > > > > Cc: Roberto Sassu <roberto.sassu@...wei.com>
> > > > > 
> > > > > Sorry, I realized that you are expecting me to review.
> > > > > 
> > > > > I have a couple of questions:
> > > > > - Could you explain better how out of bounds would occur, since one
> > > > >   could check the number of PCR banks?
> > > > > - Is dynamic allocation that bad? And if yes, why?
> > > > > - Couldn't you just check that the number of available PCR banks isĀ 
> > > > >   below the threshold you like and keep dynamic allocation?
> > > > > - Is removing tpm1_get_pcr_allocation() improving code readability?
> > > > 
> > > > nr_possible_banks is read from external source i.e., neither kernel nor
> > > > CPU fully control its value. This causes *uncontrolled* dynamic
> > > > allocation. Thus, it must be capped to some value.
> > > 
> > > Sure, I'm fine with capping. Isn't that enough?
> > 
> > It makes sense to make the whole memory allocation then infallible,
> > especially since it does not have much effect on diff. And it has
> > not significant effect on memory usage either.
> 
> Ok. In that case (even if it does not get in):
> 
> Reviewed-by: Roberto Sassu <roberto.sassu@...wei.com>

Thank you :-) It's not a serious but categorilly it is still a bug, and
these types guards of them help to detect more serious bugs that cause
weird values to passed on to otherwise legit code (and that makes it
also utilitarily useful).

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ