From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Stefan Berger" <stefanb@linux.ibm.com>,
<linux-integrity@vger.kernel.org>
Cc: "Thorsten Leemhuis" <regressions@leemhuis.info>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
<stable@vger.kernel.org>, "Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"David Howells" <dhowells@redhat.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Mario Limonciello" <mario.limonciello@amd.com>,
<linux-kernel@vger.kernel.org>, <keyrings@vger.kernel.org>,
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2 3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()
Date: Thu, 04 Jul 2024 09:41:08 +0300 [thread overview]
Message-ID: <D2GJSLLC0LSF.2RP57L3ALBW38@kernel.org> (raw)
In-Reply-To: <c90ce151-c6e5-40c6-8d3d-ccec5a97d10f@linux.ibm.com>
On Thu Jul 4, 2024 at 4:56 AM EEST, Stefan Berger wrote:
>
>
> On 7/3/24 14:24, Jarkko Sakkinen wrote:
> > Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can
>
> Doesn't tpm_chip_register() need to be called by all drivers? This
> function then calls tpm_chip_bootstrap().
>
> > cause a null derefence in tpm_buf_hmac_session*(). Thus, address
> > !chip->auth in tpm_buf_hmac_session*() and remove the fallback
> > implementation for !TCG_TPM2_HMAC.
> >
> > Cc: stable@vger.kernel.org # v6.9+
> > Reported-by: Stefan Berger <stefanb@linux.ibm.com>
> > Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@linux.ibm.com/
> > Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API")
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>
> I applied this series now but it doesn't solve the reported problem. The
It fixes the issues of which symptoms was shown by your transcript:
[ 2.987131] tpm tpm0: tpm2_load_context: failed with a TPM error 0x01C4
[ 2.987140] ima: Error Communicating to TPM chip, result: -14
Your original thread identified zero problems, so thus your claim here
is plain untrue.
Before the null derefence is fixed all other patches related are
blocked, including ibm_tpmvtpm patches, because it would be insane
to accept them when there is known memory corruption bug, which
this patch set fixes.
What is so difficult to understand in this?
> error message is gone but the feature can still be enabled
> (CONFIG_TCG_TPM2_HMAC=y) but is unlikely actually doing what it is
> promising to do with this config option. So you either still have to
> apply my patch, James's patch, or your intended "depends on
> !TCG_IBMVTPM" patch.
Well this somewhat misleading imho...
None of the previous patches, including your, do nothing to fix the null
derefence bug and that is the *only* bug we care about ATM. With these
fixes drivers that do not call tpm_chip_bootstrap() will be fully
working still but without encryption.
There's five drivers which would require update for that:
drivers/char/tpm/tpm_ftpm_tee.c: pvt_data->chip->flags |= TPM_CHIP_FLAG_TPM2;
drivers/char/tpm/tpm_i2c_nuvoton.c: chip->flags |= TPM_CHIP_FLAG_TPM2;
drivers/char/tpm/tpm_ibmvtpm.c: chip->flags |= TPM_CHIP_FLAG_TPM2;
drivers/char/tpm/tpm_tis_i2c_cr50.c: chip->flags |= TPM_CHIP_FLAG_TPM2;
drivers/char/tpm/tpm_vtpm_proxy.c: proxy_dev->chip->flags |= TPM_CHIP_FLAG_TPM2;
BR, Jarkko
next prev parent reply other threads:[~2024-07-04 6:41 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-03 18:24 [PATCH v2 0/3] Address !chip->auth Jarkko Sakkinen
2024-07-03 18:24 ` [PATCH v2 1/3] tpm: Address !chip->auth in tpm2_*_auth_session() Jarkko Sakkinen
2024-07-03 18:24 ` [PATCH v2 2/3] tpm: Address !chip->auth in tpm_buf_append_name() Jarkko Sakkinen
2024-07-03 20:11 ` James Bottomley
2024-07-04 6:53 ` Jarkko Sakkinen
2024-07-04 17:07 ` Linus Torvalds
2024-07-04 17:21 ` James Bottomley
2024-07-04 18:05 ` Jarkko Sakkinen
2024-07-03 18:24 ` [PATCH v2 3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*() Jarkko Sakkinen
2024-07-04 1:56 ` Stefan Berger
2024-07-04 6:41 ` Jarkko Sakkinen [this message]
2024-07-05 14:05 ` Stefan Berger
2024-07-05 14:35 ` Jarkko Sakkinen
2024-07-05 15:04 ` Jarkko Sakkinen
2024-07-04 6:52 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D2GJSLLC0LSF.2RP57L3ALBW38@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=paul@paul-moore.com \
--cc=peterhuewe@gmx.de \
--cc=regressions@leemhuis.info \
--cc=serge@hallyn.com \
--cc=stable@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.