From patchwork Fri Sep 6 20:27:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 826317 Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A75421D9346 for ; Fri, 6 Sep 2024 20:28:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654503; cv=none; b=Mn7aM53vnWfKhxp0CJvLZ5bGVLHJ94OPW1v5Zfa99fiz3kbluOxeuvChg+iBpUJGY1ddBH7ps+SBGGWaT8z21S9D4NELQCUl6XNFTYEV1FAQtNQNuyiN83OeoNFra7Z9XBffB/pKwLmJWduNgI329TdHCpdkYF+NUA9wxNw93sA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654503; c=relaxed/simple; bh=uC7TJ50a7SgbOtivAxR2KdbHsbIyQdSdr5oMF9F4ufo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GAsiG7Ft/8GmpqK4+RagonzUcM4LqipjiWnUlDJGVMBBd1ylUAtlwq1HlDo+Ldq4RDHJEeGH76+RKl5nBreVJGvuAlBliUbPIDVDQ76aP73ALMZWYyi/zSk66q25q48fi2Gwd1rqjufY4DfH9fc3346J5kuu6PGYqANukRw7ctM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net; spf=pass smtp.mailfrom=gourry.net; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b=I3gKFhm5; arc=none smtp.client-ip=209.85.210.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gourry.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b="I3gKFhm5" Received: by mail-ot1-f41.google.com with SMTP id 46e09a7af769-7091558067eso1204041a34.3 for ; Fri, 06 Sep 2024 13:28:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gourry.net; s=google; t=1725654500; x=1726259300; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R1Rs9Vcw1DZn6LrVte9jSPxFRjikUDDX06xvoSnqYrw=; b=I3gKFhm5poPQY0pwuhl7vAyW67hzQUyzMkUvGay9jbQSmWV9BQ2qZN8yORh0XmZDzQ L6yW4ngmZoI6YgWZuoJtuDC1FhkBnql2CHhf1Z8kiz2KC2/GdywdKO/ogxDDRzN0lF2S I/eelgLan7ZqXwVQUhk7Aucd4Tcj+u/qC+TsKsE8qmtlrdmqDs3gfrl7db/60mwcMzmf LiHCZ8lP98U58CNBDdHfAO8GHUUTW+bOm638DbS1Sp/jfm1YTB3hsZRzYbCp2EcHS5qi IxMJ6s6onnHNTpTje9PfNyC4SztHTFmo8XYv2wh/Jjn3Uk43DcGE1YpIC9c/YO8cgBYs PFKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725654500; x=1726259300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R1Rs9Vcw1DZn6LrVte9jSPxFRjikUDDX06xvoSnqYrw=; b=hyApJfO49O2ubLyPR23toRiBiOSHUkSv+bzJORXqjZJ+ctE5qgQd9U6RomPwAw5TSj s6YEwYf00b2KgouspGmj9FogZD3xtTi0x8EhyOdtL4UqDcYjotxjR13A8ju69Zyjkb2Z UDCi6574heqNDr0raJLwLIF53NuqHBuMa2dM2ErvTpxRaK1u+TZgiTcDJDCS5dUBIQLB 5W9fRYMU0GHVmCwogMLVtCRQ0Ai+2+w099GTeAXlSG1rcJf3rwOs4zepk+bOh5Ns8VXx d58xxxXcYSok6jvMUGinPsghzAtAh6NWjgpyErTSyNwYCTORKd/PyVrBt2xk1tkxjYfZ YINg== X-Gm-Message-State: AOJu0YwtIVVd7W7Dn7+vrS/w/hV6rm8YGyCaAoSXuZ/hweSI8G++cd06 WS0Bda85TVzj3E+SZQIIkjxWsn+d3wokEIuWkHkJURBkfKKlWgfT06/i9DIRDvU87RUnEX5ftKE f X-Google-Smtp-Source: AGHT+IFO7jNN/yEMP1rct1brqJ1OGNYSIYnkQ9smer8q7MIF6gg13nZKOcCXv8KpSEcVOt58+tzpXg== X-Received: by 2002:a05:6870:35d5:b0:277:fd73:8f82 with SMTP id 586e51a60fabf-27b9dcc3a29mr557037fac.45.1725654500499; Fri, 06 Sep 2024 13:28:20 -0700 (PDT) Received: from PC2K9PVX.TheFacebook.com (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef1e653sm200519485a.5.2024.09.06.13.28.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 13:28:20 -0700 (PDT) From: Gregory Price To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, ardb@kernel.org, leitao@debian.org, usamaarif642@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, ilias.apalodimas@linaro.org Subject: [PATCH 1/6] tpm: fix signed/unsigned bug when checking event logs Date: Fri, 6 Sep 2024 16:27:40 -0400 Message-ID: <20240906202745.11159-2-gourry@gourry.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240906202745.11159-1-gourry@gourry.net> References: <20240906202745.11159-1-gourry@gourry.net> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 A prior bugfix that fixes a signed/unsigned error causes another signed unsigned error. A situation where log_tbl->size is invalid can cause the size passed to memblock_reserve to become negative. log_size from the main event log is an unsigned int, and the code reduces to the following u64 value = (int)unsigned_value; This results in sign extension, and the value sent to memblock_reserve becomes effectively negative. Fixes: be59d57f9806 ("efi/tpm: Fix sanity check of unsigned tbl_size being less than zero") Signed-off-by: Gregory Price --- drivers/firmware/efi/tpm.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index e8d69bd548f3..9c3613e6af15 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -40,7 +40,8 @@ int __init efi_tpm_eventlog_init(void) { struct linux_efi_tpm_eventlog *log_tbl; struct efi_tcg2_final_events_table *final_tbl; - int tbl_size; + unsigned int tbl_size; + int final_tbl_size; int ret = 0; if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) { @@ -80,26 +81,26 @@ int __init efi_tpm_eventlog_init(void) goto out; } - tbl_size = 0; + final_tbl_size = 0; if (final_tbl->nr_events != 0) { void *events = (void *)efi.tpm_final_log + sizeof(final_tbl->version) + sizeof(final_tbl->nr_events); - tbl_size = tpm2_calc_event_log_size(events, - final_tbl->nr_events, - log_tbl->log); + final_tbl_size = tpm2_calc_event_log_size(events, + final_tbl->nr_events, + log_tbl->log); } - if (tbl_size < 0) { + if (final_tbl_size < 0) { pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n"); ret = -EINVAL; goto out_calc; } memblock_reserve(efi.tpm_final_log, - tbl_size + sizeof(*final_tbl)); - efi_tpm_final_log_size = tbl_size; + final_tbl_size + sizeof(*final_tbl)); + efi_tpm_final_log_size = final_tbl_size; out_calc: early_memunmap(final_tbl, sizeof(*final_tbl)); From patchwork Fri Sep 6 20:27:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 826063 Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 374A31DA0F5 for ; Fri, 6 Sep 2024 20:28:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654504; cv=none; b=uKPlrt/2B/BNgit9L4MkLuCtQSc2BPMaedTxihwAmsjgO0PZqcuVpcCLr2xaD/Tr6u7Mtsn5qpLMowTiLPdkD7DC9cxibM/c8ZqovF1xvmp84Dj0lZyqrZxvYQUx2ZJWXsXfOF8TyGfPb6gaisdNIO2s/cMsPNHRDoAL5HnEcKs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654504; c=relaxed/simple; bh=XE1DPqvy7FxpeqLadro2KUo9m1LL/0BkzBaHwilluhg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gv1jfCag0+9mChQ0mTNNOpf6lUT9SvGmdANIhmfBh3zd8ILzc7ceZJxL8Koo9EIfo0MOIGZCi9qi19CTBmJOj+lFms30USWD8e4SEtJNxRdS30i0ZdYW/YE+dG2KC/ecKYsTy0oO40BnlR4Glh3ni8DL6ex7doL3RdbDn+UKf7c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net; spf=pass smtp.mailfrom=gourry.net; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b=BrTOkalO; arc=none smtp.client-ip=209.85.210.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gourry.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b="BrTOkalO" Received: by mail-ot1-f50.google.com with SMTP id 46e09a7af769-709346604a7so1641238a34.1 for ; Fri, 06 Sep 2024 13:28:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gourry.net; s=google; t=1725654502; x=1726259302; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=A02dTNZID78REVwXn2oyGTRvfad558GuxUE/iRRivQs=; b=BrTOkalOYwCzXgg/P9ZUP2Y3J5R27P5nH4Dg1UtHYqvwv5cyLcfaTTEIPM693NIMMk CyLhptdSVIkd+ObCZwtCYSCDZ2yX+WluVazqY/RQlES6IbYL/kC5z5+cX1mG4Mey4BCr BPB3xgnXI9ZqlFVdbxsCwavcGDjCA3LJeq8ze0bW6C9I5W4fzsz6JRRc2E+ky2JkaCJz kE4uDLEvgUBIxp7e81sk7vM1ZRnqIeNoHOfWX5aE0EuoElsnYwf/tDPUQTueSs7nZ2JT 9tf139+UoxtsCkikLTLjAlWVOyTeTBY3mAukNIQ+YfWqTeba/J/E4c5/nSHnQf+Wbx99 elpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725654502; x=1726259302; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=A02dTNZID78REVwXn2oyGTRvfad558GuxUE/iRRivQs=; b=de8rzod4DWJIRMdCf6LtpS46mL112nuUbxXFQ9qcKxgN5FT6l1G3ysmxgYeTc0S3kG MYZnAqqsOyu1yDmCX+Nlim+gOzrHCmbsNLiLQkYZH+C2NsZHaDS1NOAFnlZ6OkeCShNk sfYzO1/hzcqzi1LoCPAzWqHT7LjrCIkAwa0WRw/hCpfP2ph+dHVAbLnxwIMNVxWA5wyo JDQK6aLJIAKKrxeb5iJAeEYRzG3bw8BW8GLTBXtsrhcolvePSCBXLEDW3Kr5K+f0/GNR vwExtJW0Sb+p12bPqbItwXJ8LcG4PWMFoa2RtHGofdnQ+VvHFJGNPexk/VCXzUkRX34p lRoQ== X-Gm-Message-State: AOJu0YxqyGINDKbF1X23HQkZbgmLDvXUj6KXKQl7CjUYAnP1wrxCPrr1 CXKdf4Fa6bkJS+RUkTuI6Bm8a3C/mKZ4guoNUbGTUAdGGlHSBAjfDpgmURseqGEwNi/GAuXuKJd D X-Google-Smtp-Source: AGHT+IHMKBTOuPM+P+e6Ggmk8kf5Wxmw6zLzgTDlsCLWT0LO88jBX8ugAR5TeZND93bpHJwoa1Ix3w== X-Received: by 2002:a05:6359:4127:b0:1b8:34a3:11b7 with SMTP id e5c5f4694b2df-1b8386e6514mr427253555d.22.1725654501791; Fri, 06 Sep 2024 13:28:21 -0700 (PDT) Received: from PC2K9PVX.TheFacebook.com (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef1e653sm200519485a.5.2024.09.06.13.28.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 13:28:21 -0700 (PDT) From: Gregory Price To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, ardb@kernel.org, leitao@debian.org, usamaarif642@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, ilias.apalodimas@linaro.org Subject: [PATCH 2/6] tpm: do not ignore memblock_reserve return value Date: Fri, 6 Sep 2024 16:27:41 -0400 Message-ID: <20240906202745.11159-3-gourry@gourry.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240906202745.11159-1-gourry@gourry.net> References: <20240906202745.11159-1-gourry@gourry.net> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 tpm code currently ignores a relevant failure case silently. Add an error to make this failure non-silent. Signed-off-by: Gregory Price --- drivers/firmware/efi/tpm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index 9c3613e6af15..6e03eed0dc6f 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -61,7 +61,11 @@ int __init efi_tpm_eventlog_init(void) } tbl_size = sizeof(*log_tbl) + log_tbl->size; - memblock_reserve(efi.tpm_log, tbl_size); + if (memblock_reserve(efi.tpm_log, tbl_size)) { + pr_err("TPM Event Log memblock reserve fails (0x%lx, 0x%x)\n", + efi.tpm_log, tbl_size); + goto out; + } if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) { pr_info("TPM Final Events table not present\n"); From patchwork Fri Sep 6 20:27:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 826316 Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 818641DB952 for ; Fri, 6 Sep 2024 20:28:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654506; cv=none; b=UQDZs9i/W9JgQEj/wbVIXpMFE5lXNm6/rACTvgMZ8TKB72zA6+9JrbGGG+270ZJVvoSSTB/j0jQKirVwN/cs7GrYUaTSgelmZLHiQBoTTFA6RCZD46Ldxvf3oapDFmZ1yRrft/WQG2UAx7d8JoAcvlVaBsDYXAl9HRF5bOg0j2A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654506; c=relaxed/simple; bh=E3uOxF1ZH/iR4ucEQmsFO/keFaNTqRqQ7i07DVck9j4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pwRmWeo8+RttJMU+CVORtL5GvJpUt8SaAMaao4wHXV8wvIq6GTHjww2tTTO6L8uchTNpVz9+4tWY+jj2MWC54/XdzK8fvDW7yKUFXzS0Qf/JTI92r8bHS2NJVDi3JyIjfDKCO7mdiBDC7Ve7s8b5pOwK40+d8fp+DC96wfDzfh8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net; spf=pass smtp.mailfrom=gourry.net; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b=CUgMNPLR; arc=none smtp.client-ip=209.85.222.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gourry.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b="CUgMNPLR" Received: by mail-qk1-f172.google.com with SMTP id af79cd13be357-7a8134aefe8so166865885a.2 for ; Fri, 06 Sep 2024 13:28:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gourry.net; s=google; t=1725654503; x=1726259303; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nnAfWEx/aiVhm89Fpzc3fk7i/4x7q8oY7L/gONXGmMI=; b=CUgMNPLRvex5vKPhRtEPkNwsuf+vBVuMMpH51OIEwSU3fZ4XEXKXytK5ROwGKs5/R/ NgJ1eibl2+lbAdw3ysyPLSFhlTWpwLhP6cXIjYG4gjRD5hSYHzgwzk0Tb691w85957tH fQVD1NJkvJD+RH6p401AOCIFdrgbHKnBrXqm/zy8ySff3sxz6j38y6iMx25wwasIfpeG DXCU6sK6iqTIFO6zCjla8iG3bcw3img+k/NyY9WYyRvxi/oQMAGmDxDhabiiiIbEAeLv Vnbt1tYWFYFJkznlTPmauYKZjazdFAFDd6tysJ6Imzh/YU4rGkikJYDGq1Nr8Gak4xVY vJdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725654503; x=1726259303; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nnAfWEx/aiVhm89Fpzc3fk7i/4x7q8oY7L/gONXGmMI=; b=gwxw+nqaZycGg5MRiJveWx1UwXNRO9EP15AdCTYgse+KLtcTTn5hM8jW4PDSmFroOc hjUsx92mRZCkkYz+xsJilhW9xfEjaDEQmYC61rh5AF82GrBuJQCOFoS53zLJGVMEekXO eK1eRSu/qgmE3ScAuveIzNXNp3qcSFpGviwp/R81vt9kS1m9DoEpcb/wiRenY8H0WhDA Y0RK7OJ9q8MyHa9xWDJJn0YOU1+Gx142Jt6DvZKv9N5zX09hRtm966Lf1JHJqq+Xxp2E UEknT2XEY/YfB3PNHS1ezlI7o+y1hlkhwEwN0yvgmyZ+qyiCYnktGOc1p/obyfimxzwR qYVw== X-Gm-Message-State: AOJu0YxpF8E7rvDQTz/EVcKb/lqef+AnKskCD/4c3Auyp3dNbJGQHKrC P83AmxnkDuxumqmKzTqk56182HJdCSmeSXYzB2gKq2ua87cS5Fqp+euWj01Kg1yfLToa8DH4uOA K X-Google-Smtp-Source: AGHT+IGNKUXGcQEHZ7PXWPlir8YbvSOsbPfUe2vpAa/Zk++V48k/OP1Q/5znMUllsHdgKaBBuRjP6A== X-Received: by 2002:a05:620a:4490:b0:7a3:6dd9:efbb with SMTP id af79cd13be357-7a997339e8bmr471752785a.33.1725654503233; Fri, 06 Sep 2024 13:28:23 -0700 (PDT) Received: from PC2K9PVX.TheFacebook.com (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef1e653sm200519485a.5.2024.09.06.13.28.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 13:28:22 -0700 (PDT) From: Gregory Price To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, ardb@kernel.org, leitao@debian.org, usamaarif642@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, ilias.apalodimas@linaro.org Subject: [PATCH 3/6] libstub,tpm: provide indication of failure when getting event log Date: Fri, 6 Sep 2024 16:27:42 -0400 Message-ID: <20240906202745.11159-4-gourry@gourry.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240906202745.11159-1-gourry@gourry.net> References: <20240906202745.11159-1-gourry@gourry.net> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If get_event_log fails, at least provide an indicator of this failure to assist debugging later failures that attempt to interact with it. Signed-off-by: Gregory Price --- drivers/firmware/efi/libstub/tpm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index df3182f2e63a..192914e04e0f 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -185,8 +185,10 @@ void efi_retrieve_eventlog(void) get_efi_config_table(EFI_CC_FINAL_EVENTS_TABLE_GUID); } - if (status != EFI_SUCCESS || !log_location) + if (status != EFI_SUCCESS || !log_location) { + efi_err("TPM unable to provide Event Log\n"); return; + } efi_retrieve_tcg2_eventlog(version, log_location, log_last_entry, truncated, final_events_table); From patchwork Fri Sep 6 20:27:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 826062 Received: from mail-qk1-f181.google.com (mail-qk1-f181.google.com [209.85.222.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD2CE1DCB2E for ; Fri, 6 Sep 2024 20:28:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654507; cv=none; b=gj59P/wta2fYXyuv81weq7Jissu6PPejvXKjxm7SuDav9C1GWBc3r1z01Vn+wOyj1B7N0Fm6+OXJY7F3vWozZHvlorBt6vqZNhAzCcp3yn7LF27kX2Vc4HpOINrxnoIUeBZYOip4X9qE0hoAs4J2f60VBawQAZVgMpe22rYBq9M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654507; c=relaxed/simple; bh=hMwki+dcsbLSJG/zbiuWzszPS/hNwanGor9EwaxpvVU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZiIHaojcu+L5wo7bFmeiWh0NuiKkdnG5f8Dgeeew5PKhXVxEecfDEB8Llojd2dxDeZOVV/9rUug1IDd95vJIUr2lLwWwkXb84UVf3S7j3b/8+N03o2x/Suff1riRF7B67dL1IAdVJD/UZjtuD2aEYcpgEF6o+yzGsb+0hP+WJuI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net; spf=pass smtp.mailfrom=gourry.net; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b=alTob8Lr; arc=none smtp.client-ip=209.85.222.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gourry.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b="alTob8Lr" Received: by mail-qk1-f181.google.com with SMTP id af79cd13be357-7a81309072dso167421085a.0 for ; Fri, 06 Sep 2024 13:28:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gourry.net; s=google; t=1725654504; x=1726259304; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eknZRfIStyWrln5IWKBJNYWwEsPBbo1CU0FqbBLiCHg=; b=alTob8LrRLGNsjFWOtknaYxPevfLDoKpYubg2FnaILkfKWoLYLD4A2MT3fWXwmFJkg KeaRTGZrh9ETOwhzAArn1+sDI197UIjoCCsZ5IHQEP/R51PIWT3T8TId5Zzgcmq2XI8c pWfFLDBCoOVuZsj9HlrkRK2rHom8ENqmn1LIZ6SlQDof+4k7MFp0ynW9BSjk9qUjOQ+E xxHGMaza39GK6JBKUh2Ye2drrehyMBdSQhfaZ3EWvfXM86oiZbxbdvqDvkL0ptGWHINV qPujfIbVYVLmAi2jIrkaTvuY4YtEwYbbRbHzn2K93W499g1scnz+Tu9ZVt0z3daPs+CP 9FZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725654504; x=1726259304; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eknZRfIStyWrln5IWKBJNYWwEsPBbo1CU0FqbBLiCHg=; b=QmhbUIl0VJOqqyYWCvuxSu7wQ6ZpWOlM9VAUrENTKFfP2HCuiEy1/ynk4vTuVqKEks ZrUpn9YF2TeENYewWkvbGRINnIqL8YRoS2MSTbpss78asfaYLbH135bXkvXmJ/d4gcH/ wpKO0NKBhpU/s1xRlj6Fg70pDo/soZI6abeo/v2Sz6xKxGdZsoLLQac7IYKzueGhQbNm e4vqYX/B1gbCPd6H26hWO090aLX/L6AjGq2Ra1WGs6cf7rteVK6YslSTn3E+slRn8PPA YfRa8Wr34WPIleSAj8K/UEjVSMO7XDrdI3w/m+w0mdbTpcTUC6q4UxbwYwSCboYO2j4P IvhA== X-Gm-Message-State: AOJu0YwiUe3tJvt+VIva6uNz7SA+2wO2gpQ1xsh0TvoMWBqBm5O0jjlc GzNhPc04aPdXQfLU0xWgg1H4givVyuCYN0xV+UPu0K47TVKTllnLxRo3jDfCJL2OSBrhVSC4LWR 9 X-Google-Smtp-Source: AGHT+IHqdgv3zHpFAbavJQlusxa0A7QBFhgVKAX0yRe62fA02oH9vdiDW+r2y09yybfljROV4ERQzg== X-Received: by 2002:a05:620a:2495:b0:79f:90:7d50 with SMTP id af79cd13be357-7a997340551mr595628685a.32.1725654504388; Fri, 06 Sep 2024 13:28:24 -0700 (PDT) Received: from PC2K9PVX.TheFacebook.com (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef1e653sm200519485a.5.2024.09.06.13.28.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 13:28:24 -0700 (PDT) From: Gregory Price To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, ardb@kernel.org, leitao@debian.org, usamaarif642@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, ilias.apalodimas@linaro.org Subject: [PATCH 4/6] tpm: sanity check the log version before using it Date: Fri, 6 Sep 2024 16:27:43 -0400 Message-ID: <20240906202745.11159-5-gourry@gourry.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240906202745.11159-1-gourry@gourry.net> References: <20240906202745.11159-1-gourry@gourry.net> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If the log version is not sane (0 or >2), don't attempt to use the rest of the log values for anything to avoid potential corruption. Signed-off-by: Gregory Price --- drivers/firmware/efi/tpm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index 6e03eed0dc6f..9a080887a3e0 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -60,6 +60,15 @@ int __init efi_tpm_eventlog_init(void) return -ENOMEM; } + if (!log_tbl->version || + log_tbl->version > EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { + pr_err(FW_BUG "TPM Events table version invalid (%x)\n", + log_tbl->version); + early_memunmap(log_tbl, sizeof(*log_tbl)); + efi.tpm_log = EFI_INVALID_TABLE_ADDR; + return -EINVAL; + } + tbl_size = sizeof(*log_tbl) + log_tbl->size; if (memblock_reserve(efi.tpm_log, tbl_size)) { pr_err("TPM Event Log memblock reserve fails (0x%lx, 0x%x)\n", From patchwork Fri Sep 6 20:27:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 826315 Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com [209.85.217.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09B6D1DC751 for ; Fri, 6 Sep 2024 20:28:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.217.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654508; cv=none; b=h8qCsginsValUpILl9+IR+NxRRXfMQKp8oFq1aHn+tWd+N/0GYHXCvfhwik7KQkz60qp18DiRdTpPi67IoxO5/BvU9VRVAJVR8cU1gkZ6bma+LC9PKyCRHo//5th5oBs0qbqU8WmqzLFYb0vLGfk1yXOnzVgfFZOOQjSXmgy5yA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654508; c=relaxed/simple; bh=5DrUFp6j6wXIZ4N7IoF/p+lmyHVDI6Endn0V+tYMssw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y2DN8CwTWO4XCpY7syxAnVm0Pkf1rjBwr36JU7lvxfsi/qHnzlLPkQNUCCpRJj96BJHaC9K4UI0wwWPGsZ5WwTtolLA1xdeMuP5YWxpwZCORQ3bAeHq8K1mGVjV5T+G5VceWrYVcPczt2a0pr/wiPL7NHU/wuTCffnCYGxBopSs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net; spf=pass smtp.mailfrom=gourry.net; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b=hoe5lUD0; arc=none smtp.client-ip=209.85.217.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gourry.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b="hoe5lUD0" Received: by mail-vs1-f53.google.com with SMTP id ada2fe7eead31-49bc7387371so767494137.2 for ; Fri, 06 Sep 2024 13:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gourry.net; s=google; t=1725654506; x=1726259306; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cldmkf1vC0Pr0XJbmfuzeqw9dySvEdpYki9ytzXFT1c=; b=hoe5lUD06sTs9lhXKb8zXNrCVWpueOhUQSQM/zmDvbfE5KPoGnTsu65pnYQD88Eyu6 +MMBKB//Fv3dEU6IazKRdMw8FGUe0S0YKa0wuT3xZG4bl/FxMMVnA3FSGKFh1tvdA+rc XZr8ZUP3f7fWYTgArm+WWlkX3s7F7JrTBpKl8TaYtUuyNTVMyxcB+nn229KjH8Q9FpYO xErpBpmXvh+xwxnUZE8mP2TcSJH8Khb8bXCkXhvLeQBcizDwtFJBmc8vPzXDF3S+JHV6 XgE8PiwWo/M810iIfNhqyW3EBRLz2o/h2MuHYGC3wdPVFfoxVi4lRmGxbUKddUXkB6Wx KFwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725654506; x=1726259306; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cldmkf1vC0Pr0XJbmfuzeqw9dySvEdpYki9ytzXFT1c=; b=HAxRqVYCSzWUpxEPPSWNOpSs5O2sDN5Y0MRGXJh/DMZJ6yjAGmHRb9TSOFhIdvm2iI 0Y9+XVwGF3iyIL9z2WN2SxTYP8ilFwn5zTI1B4IW3Jhetj7PUkPKM/NRjShlHzAGim2P /T8OO3nhAQAtM9zSmmulffJBcDGsHzVDtLMOmtUfq4lxLnhnY8oIOvvh93qbUpRIEBWI m2hOtV93C3pKkLMIUSAAmkwhRgGZ1s1G5Hr6GeZa+Raq/e2eAebUPvnUwXNWsfn7iMbJ P/HuRz/dRFKulbJmcz5jU+opRXb0JCE0YsuByYrKEduHC9CMefamlMr0U57tDHAWkHqu sVDg== X-Gm-Message-State: AOJu0Yw2g7T0W9ZxbildA+LRFXFbOBVLSGyFE8uCMlJQZ/PuQIcUvoCd 19XmOzCleL1xhx9Fiaazt8+iH/+NvJ77WVaugg4HIZ943m1p++LSqMXVylaRBy5kFQuVP9sOJX2 f X-Google-Smtp-Source: AGHT+IGTLRBA/MYnsSvHU5PnGiuRmzazXBamsUEm4o4g0ut4x8zSLeqiqZGlvBZ9w4nkz5c9KxFqEw== X-Received: by 2002:a05:6102:1609:b0:492:a11f:a87a with SMTP id ada2fe7eead31-49bedd008admr158299137.25.1725654505650; Fri, 06 Sep 2024 13:28:25 -0700 (PDT) Received: from PC2K9PVX.TheFacebook.com (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef1e653sm200519485a.5.2024.09.06.13.28.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 13:28:25 -0700 (PDT) From: Gregory Price To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, ardb@kernel.org, leitao@debian.org, usamaarif642@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, ilias.apalodimas@linaro.org Subject: [PATCH 5/6] tpm: fix unsigned/signed mismatch errors related to __calc_tpm2_event_size Date: Fri, 6 Sep 2024 16:27:44 -0400 Message-ID: <20240906202745.11159-6-gourry@gourry.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240906202745.11159-1-gourry@gourry.net> References: <20240906202745.11159-1-gourry@gourry.net> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 __calc_tpm2_event_size returns 0 or a positive length, but return values are often interpreted as ints. Convert everything over to u32 to avoid signed/unsigned logic errors. Signed-off-by: Gregory Price --- drivers/firmware/efi/libstub/tpm.c | 6 +++--- drivers/firmware/efi/tpm.c | 2 +- include/linux/tpm_eventlog.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index 192914e04e0f..4f9f0e049a7a 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -57,7 +57,7 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca struct linux_efi_tpm_eventlog *log_tbl = NULL; unsigned long first_entry_addr, last_entry_addr; size_t log_size, last_entry_size; - int final_events_size = 0; + u32 final_events_size = 0; first_entry_addr = (unsigned long) log_location; @@ -110,9 +110,9 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca */ if (final_events_table && final_events_table->nr_events) { struct tcg_pcr_event2_head *header; - int offset; + u32 offset; void *data; - int event_size; + u32 event_size; int i = final_events_table->nr_events; data = (void *)final_events_table; diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index 9a080887a3e0..7673cf8e53d6 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -19,7 +19,7 @@ EXPORT_SYMBOL(efi_tpm_final_log_size); static int __init tpm2_calc_event_log_size(void *data, int count, void *size_info) { struct tcg_pcr_event2_head *header; - int event_size, size = 0; + u32 event_size, size = 0; while (count > 0) { header = data + size; diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 7d68a5cc5881..891368e82558 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -157,7 +157,7 @@ struct tcg_algorithm_info { * Return: size of the event on success, 0 on failure */ -static __always_inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, +static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header, bool do_mapping) { From patchwork Fri Sep 6 20:27:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Price X-Patchwork-Id: 826061 Received: from mail-qk1-f177.google.com (mail-qk1-f177.google.com [209.85.222.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46CD91E1A0B for ; Fri, 6 Sep 2024 20:28:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654509; cv=none; b=OoG8BCEfVtGIyYVYukQHwrO5jrgX/vAi6hk3c5mFyRiOr4SpH2+4Ai7tEJPgfweicry7+JAsSwfN2qP6vHD79UAKCBLT97vGVLbGlypHV8KPZeBOezZe1Es06RKHUQPRMTwIfRqcss0ouI1azIsRd7noheVBEzAFw2IFCLz+sNs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725654509; c=relaxed/simple; bh=JZ41Hb7/UZd2+fA36sYxks+5a7KG3YyM6CyHkbkpwr0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XV4XCTtIXHEU4XduFq2yr9viSRF/Plna50xDYdzRoDVb8OXdBSpOmGYQAtb1Hl9EmNO76iKk8gfdItIi+FZB06/QjYn+VoNq1fnbjpEFjMqro7NBEzhJXbJRMJvhgBOR3zCJ2S7UaEuueDOc/2Q38gAm7okYYvgyqhZpn1pYmQU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net; spf=pass smtp.mailfrom=gourry.net; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b=m1eWSad5; arc=none smtp.client-ip=209.85.222.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gourry.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gourry.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gourry.net header.i=@gourry.net header.b="m1eWSad5" Received: by mail-qk1-f177.google.com with SMTP id af79cd13be357-7a99fd5beb6so61515685a.0 for ; Fri, 06 Sep 2024 13:28:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gourry.net; s=google; t=1725654507; x=1726259307; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7qY1HTk2ePHnVObjiUrKBcGOuLQv3wyl16cvFBMoBIo=; b=m1eWSad5PBFvwie1QaX62vmL8UuQRjMFUROf/tNySEOG5ARrGOKO6JrEs84OnHNWLX ncGh0b8ssIFRNS6fBWBtqqQ+ZCNWOrlygYWTb1L5zZ+2iWWyxzpoWNyXH7AKhtpyNW3V +Iv4qux7FlABozayIJN3odj3YaHsyGSFEK+JgHd7WeZgqUruCpN+oLLsXxpKBMolLxjg ZmS8fPrFbmNhkYbU/7Yye+iLM0pO+JxjakSE6KNsIBRDON4xNN5s369U5rlLJxMDbcBK NbkLu/HXXCbJZ2chTf1Hrs6C8E3CVRZ9diLFmfoZT8dv0oi5q0l7cx2Df3gjejAFfXiI 7/Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725654507; x=1726259307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7qY1HTk2ePHnVObjiUrKBcGOuLQv3wyl16cvFBMoBIo=; b=eZoD0x3Q6IWRQMrfgS1BW+94IR/tjTLP5AaUg6R8YAmy3Rp+lUe9/at9ERHDuiNgmX BM0zsJ/pBrLNPejIwkdnx34Mk7j4NUm1C0H559gSr0Vb7be0mz+FQdMJs3URumzHPyns NRVkUXNeUilgT6CLSWWjkB43b1KBsdtE942tQsrXeGnim91TOi+shXqmU7cEZm1l0BCx FewzmABQ/DXLwfIZMAlOWI6Kuh32k3lHCpyWcCxrMzi0h3UY6lDzhOVegDn6xHklSkR4 pp2P5kfU2snh3Do5hh87m8XTQ+2htKXidLMRBvJf8gtZEj6GOh/u87SjuE9UEQUW8VaW ZYIw== X-Gm-Message-State: AOJu0YynU7iNioqdtcEgRWv2jxBt5mCpPFDiIdNNPSoyvIBupd5W/VL5 8EsY66p5lwS3QyuwuyquLWQmUNx8y5rLJ62UKghK63QFQ3Mt6ioGY08pLQfKfFPkA2O+a9Nt8fo V X-Google-Smtp-Source: AGHT+IHFAOsyAS1saP4F/TdfdR3JBN+Ae7crbCz/ei1WfpsqQgWENY6HB+FbK+cs01k0KPOEVsJfTg== X-Received: by 2002:a05:620a:3187:b0:7a8:512:b57f with SMTP id af79cd13be357-7a98870d102mr1939603085a.0.1725654506873; Fri, 06 Sep 2024 13:28:26 -0700 (PDT) Received: from PC2K9PVX.TheFacebook.com (pool-173-79-56-208.washdc.fios.verizon.net. [173.79.56.208]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef1e653sm200519485a.5.2024.09.06.13.28.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 13:28:26 -0700 (PDT) From: Gregory Price To: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, ardb@kernel.org, leitao@debian.org, usamaarif642@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, ilias.apalodimas@linaro.org Subject: [PATCH 6/6] libstub,tpm: do not ignore failure case when reading final event log Date: Fri, 6 Sep 2024 16:27:45 -0400 Message-ID: <20240906202745.11159-7-gourry@gourry.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240906202745.11159-1-gourry@gourry.net> References: <20240906202745.11159-1-gourry@gourry.net> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Current code fails to check for an error case when reading events from final event log to calculate offsets. Check the error case, report the error, and break early because all subsequent calls will also fail. Signed-off-by: Gregory Price --- drivers/firmware/efi/libstub/tpm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index 4f9f0e049a7a..c71b0d3e66d2 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -124,6 +124,10 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca event_size = __calc_tpm2_event_size(header, (void *)(long)log_location, false); + if (!event_size) { + efi_err("Invalid TPM Final Event Log Entry\n"); + break; + } final_events_size += event_size; i--; }