From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Jia Zhang <zhang.jia@linux.alibaba.com>
Cc: peterhuewe@gmx.de, jgg@ziepe.ca, tweek@google.com,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] tpm/eventlog/tpm1: Simplify walking over *pos measurements
Date: Fri, 18 Jan 2019 17:18:27 +0200 [thread overview]
Message-ID: <20190118151827.GK4080@linux.intel.com> (raw)
In-Reply-To: <8709dd61-2422-1c20-9937-d6003fa0354e@linux.alibaba.com>
On Thu, Jan 17, 2019 at 09:32:55AM +0800, Jia Zhang wrote:
>
>
> On 2019/1/17 上午6:09, Jarkko Sakkinen wrote:
> > Please use "tpm:" tag for commits, not "tpm/eventlog/tpm1".
> >
> > On Fri, Jan 11, 2019 at 04:59:32PM +0800, Jia Zhang wrote:
> >> The responsibility of tpm1_bios_measurements_start() is to walk
> >> over the first *pos measurements, ensuring the skipped and
> >> to-be-read measurements are not out-of-boundary.
> >>
> >> Current logic is complicated a bit. Just employ a do-while loop
> >> with necessary sanity check, and then get the goal.
> >>
> >> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
> >
> > What does this fix? Even if the current logic is "complicated", it is
> > still a pretty simple functiion.
>
>
> OK. Let me point out the fix part. Here is the original implementation:
>
> 87 /* read over *pos measurements */
> 88 for (i = 0; i < *pos; i++) {
> 89 event = addr;
> 90
> 91 converted_event_size =
> 92 do_endian_conversion(event->event_size);
> 93 converted_event_type =
> 94 do_endian_conversion(event->event_type);
> 95
> 96 if ((addr + sizeof(struct tcpa_event)) < limit) {
> 97 if ((converted_event_type == 0) &&
> 98 (converted_event_size == 0))
> 99 return NULL;
> 100 addr += (sizeof(struct tcpa_event) +
> 101 converted_event_size);
> 102 }
> 103 }
>
> The problem (just ignore all off-by-1 issues) is that accessing to
> event_size and event_type is not pre-checked carefully. In the latter
> part of tpm1_bios_measurements_start() and
> tpm1_bios_measurements_next(), there is a fixed patter to do the sanity
> check like this:
>
> 136 /* now check if current entry is valid */
> 137 if ((v + sizeof(struct tcpa_event)) >= limit)
> 138 return NULL;
>
> So if we simply change this read-over chunk with sanity check like this:
>
> /* read over *pos measurements */
> for (i = 0; i < *pos; i++) {
> event = addr;
>
> if ((addr + sizeof(struct tcpa_event)) >= limit)
> return NULL;
>
> converted_event_size =
> do_endian_conversion(event->event_size);
> converted_event_type =
> do_endian_conversion(event->event_type);
>
> if ((converted_event_type == 0) &&
> (converted_event_size == 0))
> return NULL;
> addr += (sizeof(struct tcpa_event) +
> converted_event_size);
> }
>
> We will get two highly similar code chunks in
> tpm1_bios_measurements_start(). Here is the latter part:
>
> 106 /* now check if current entry is valid */
> 107 if ((addr + sizeof(struct tcpa_event)) >= limit)
> 108 return NULL;
> 109
> 110 event = addr;
> 111
> 112 converted_event_size = do_endian_conversion(event->event_size);
> 113 converted_event_type = do_endian_conversion(event->event_type);
> 114
> 115 if (((converted_event_type == 0) && (converted_event_size == 0))
> 116 || ((addr + sizeof(struct tcpa_event) +
> converted_event_size)
> 117 >= limit))
> 118 return NULL;
> 119
> 120 return addr;
>
> So using a do while logic can simply merge them together and thus simply
> and optimize the logic of walking over *pos measurements.
>
> Sorry I admit my initial motivation is to fix up the sanity check
> problem. If you would like to accept the optimization part, I will split
> this patch.
OK, got it now. I think I will apply this! Will take a while because
of https://lkml.org/lkml/2019/1/18/485. Will not apply new patches
before that is rooted.
/Jarkko
next prev parent reply other threads:[~2019-01-18 15:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-11 8:59 [PATCH v2 0/2] tpm/eventlog/tpm1: Small fixes Jia Zhang
2019-01-11 8:59 ` [PATCH 1/2] tpm/eventlog/tpm1: Simplify walking over *pos measurements Jia Zhang
2019-01-16 22:09 ` Jarkko Sakkinen
2019-01-17 1:32 ` Jia Zhang
2019-01-18 15:18 ` Jarkko Sakkinen [this message]
2019-01-19 7:48 ` Jia Zhang
2019-01-11 8:59 ` [PATCH 2/2] tpm/eventlog/tpm1: Fix off-by-1 when reading binary_bios_measurements Jia Zhang
2019-01-16 22:17 ` Jarkko Sakkinen
-- strict thread matches above, loose matches on Subject: below --
2019-01-06 7:23 [PATCH 1/2] tpm/eventlog/tpm1: Simplify walking over *pos measurements Jia Zhang
2019-01-10 17:32 ` Jarkko Sakkinen
2019-01-11 8:29 ` Jia Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190118151827.GK4080@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=tweek@google.com \
--cc=zhang.jia@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.