From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Chris Coulson <chris.coulson@canonical.com>
Cc: linux-integrity@vger.kernel.org, linux-efi@vger.kernel.org,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Matthew Garrett <mjg59@google.com>,
Bartosz Szczepanek <bsz@semihalf.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] tpm: Don't dereference event after it's unmapped in __calc_tpm2_event_size
Date: Wed, 5 Jun 2019 17:33:44 +0300 [thread overview]
Message-ID: <20190605143344.GF11331@linux.intel.com> (raw)
In-Reply-To: <20190604230433.20936-2-chris.coulson@canonical.com>
On Wed, Jun 05, 2019 at 12:04:33AM +0100, Chris Coulson wrote:
> The pointer to the event header is dereferenced on each loop iteration in
> order to obtain the digest count, but when called from
> tpm2_calc_event_log_size, the event header is unmapped on the first
> iteration of the loop. This results in an invalid access for on subsequent
> loop iterations for log entries that have more than one digest.
>
> Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
next prev parent reply other threads:[~2019-06-05 14:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-04 23:04 [PATCH 0/1] Fix crash in __calc_tpm2_event_size Chris Coulson
2019-06-04 23:04 ` [PATCH 1/1] tpm: Don't dereference event after it's unmapped " Chris Coulson
2019-06-05 14:33 ` Jarkko Sakkinen [this message]
2019-06-05 14:32 ` [PATCH 0/1] Fix crash " Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190605143344.GF11331@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=ard.biesheuvel@linaro.org \
--cc=bsz@semihalf.com \
--cc=chris.coulson@canonical.com \
--cc=jgg@ziepe.ca \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg59@google.com \
--cc=peterhuewe@gmx.de \
--cc=roberto.sassu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.