Re: Fwd: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support,for TPM 2.0 firmware event log

From: Nayna
Date: Wed Feb 01 2017 - 14:26:30 EST

Next message: Ard Biesheuvel: "Re: [PATCH] efi: fdt: avoid FDT manipulation after ExitBootServices()"
Previous message: Fabian Frederick: "Re: [PATCH 01/14] locking/atomic: import atomic_dec_not_zero()"
In reply to: Jarkko Sakkinen: "Re: Fwd: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support,for TPM 2.0 firmware event log"
Next in thread: Jarkko Sakkinen: "Re: Fwd: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support,for TPM 2.0 firmware event log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/01/2017 08:24 PM, Jarkko Sakkinen wrote:

On Wed, Feb 01, 2017 at 04:48:37PM +0200, Jarkko Sakkinen wrote:

On Tue, Jan 31, 2017 at 10:50:06PM +0200, Jarkko Sakkinen wrote:

On Wed, Feb 01, 2017 at 12:14:12AM +0530, Nayna wrote:

I already sent my pull request to 4.11 and even today I found something
fishy. You declared a function local array by using a variable in "tpm:
enhance TPM 2.0 PCR extend to support multiple banks" (max_active_banks
or something). And the event log patches have just passed the review.

Yes. I have checked using clang and it has passed the clang.. and I also
verified there were no complains during build.

What we can deduce from that is that they didn't expose the issue in
question.

I found this by running sparse with make C=2 M=drives/char/tpm

What type of problem do you see ?

It is disallowed to do stack allocation in the kernel code even if C
standard would allow it. Stack is scarce resource so you need to know
its usage at compile time.

In this case you actually know the allocation because the value is not
changed during the course of the function but it is still bad. Probably
compiler will optimize it out. Still it is not a good practice.

Also, to understand, this is related to multi-bank patchset. I mean how does
it affect for event log patchset ?

Well in both cases these have landed fairly late but I asked from James
whether I'll have to postpone these to 4.12.

Usually when I've sent my release pull request I do not want to make any
radical changes to the codebase because they always require extra QA and
thus take extra time.

rc = tpm_transmit_cmd(chip, buf.data, tpm_buf_length(&buf), 0, 0,
"attempting extend a PCR value");

This should be

rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, 0,
"attempting extend a PCR value");

The second parameter is the size of the buffer, not length of the input
data.

/Jarkko

As a sanity check can you test these commits and see if they still
work for you as I've done now some updates to them? Thanks.

Thanks Jarkko, yes I tested for both multi-bank patches and event log.
Its working fine.

Thanks & Regards,
- Nayna

/Jarkko

Next message: Ard Biesheuvel: "Re: [PATCH] efi: fdt: avoid FDT manipulation after ExitBootServices()"
Previous message: Fabian Frederick: "Re: [PATCH 01/14] locking/atomic: import atomic_dec_not_zero()"
In reply to: Jarkko Sakkinen: "Re: Fwd: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support,for TPM 2.0 firmware event log"
Next in thread: Jarkko Sakkinen: "Re: Fwd: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support,for TPM 2.0 firmware event log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]