From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Jarkko Sakkinen" <jarkko.sakkinen@iki.fi>,
"Ard Biesheuvel" <ardb@kernel.org>
Cc: <linux-integrity@vger.kernel.org>,
"Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Colin Ian King" <colin.i.king@gmail.com>,
"Joe Hattori" <joe@pf.is.s.u-tokyo.ac.jp>,
"Stefan Berger" <stefanb@linux.ibm.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"Andy Liang" <andy.liang@hpe.com>,
"Matthew Garrett" <mjg59@srcf.ucam.org>,
"Mimi Zohar" <zohar@linux.ibm.com>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] tpm: Map the ACPI provided event log
Date: Mon, 23 Dec 2024 00:17:45 +0200 [thread overview]
Message-ID: <D6IKSVZR56HD.3MZHMZMHRU85D@kernel.org> (raw)
In-Reply-To: <56aa08af3da583366ca3053f51ec5a36ac61a386.camel@HansenPartnership.com>
On Sun Dec 22, 2024 at 7:41 PM EET, James Bottomley wrote:
> On Sun, 2024-12-22 at 17:33 +0200, Jarkko Sakkinen wrote:
> > On Sun Dec 22, 2024 at 5:23 PM EET, Jarkko Sakkinen wrote:
> > > On Sun Dec 22, 2024 at 5:00 PM EET, James Bottomley wrote:
> > > > If event logs grow to greater than KMALLOC_MAX_SIZE then
> > > > absolutely it makes sense to map them instead of copying them.
> > > > But we'd have to do that for all event log locators: ACPI, EFI
> > > > and OF, because event log size should be independent of the
> > > > mechanism used to locate it. So, even as a long term fix
> > > > (assuming we think there's a possibility of logs expanding by
> > > > 50x), this patch doesn't do the right thing because it only maps
> > > > ACPI logs.
> > >
> > > Because we have a test target only on ACPI where this happens fix
> > > should still fix only ACPI. It's not hard to reiterate this but
> > > precursory iteration is a bad idea.
> >
> > Also, "event log size should be independent of the mechanism used to
> > locate it" is a sentence that is sky high too abstract to say much.
> >
> > I don't know what it means to be frank.
>
> event log size means the number of bytes from the beginning to the end
> of the event log. Since the event log is created by the pre-boot
> environment, there is a convention for how to communicate this
> information from pre-boot to the kernel; this is the mechanism used to
> locate it. We decode three mechanisms: an ACPI table, an EFI table and
> an OF entry.
>
> The pre-boot environment generating the event log is supposed to
> conform to the TCG standards for what events it contains; none of the
> entries depends on the mechanism used to locate the log, which is why
> the size also can't depend on the mechanis. There are many optional
> events, but even if the pre-boot took a maximalist approach the most it
> could contain is a couple of hundred entries. The variable entries are
> mostly small but several types can contain device paths or
> certificates, but even if you allow a 10k size for each entry, that's
> still at most 2MB. So I think if a pre-boot declared log area goes
> over KMALLOC_MAX_SIZE (4MB on x86) it's safe to truncate the area
> because the log will never fill all of it.
>
> The corollary is that if we ever did find an actual log over 4MB, then
> the EFI and OF mechanisms used to locate it would also fail in the
> kmalloc, which is why KMALLOC_MAX_SIZE is the correct cap for the
> declared size.
Have you verified this with the failing system?
>
> Regards,
>
> James
BR, Jarkko
prev parent reply other threads:[~2024-12-22 22:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-21 11:33 [PATCH] tpm: Map the ACPI provided event log Jarkko Sakkinen
2024-12-21 16:04 ` Ard Biesheuvel
2024-12-21 17:16 ` James Bottomley
2024-12-21 20:11 ` Jarkko Sakkinen
2024-12-21 20:13 ` Jarkko Sakkinen
2024-12-22 15:00 ` James Bottomley
2024-12-22 15:23 ` Jarkko Sakkinen
2024-12-22 15:33 ` Jarkko Sakkinen
2024-12-22 17:41 ` James Bottomley
2024-12-22 22:17 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D6IKSVZR56HD.3MZHMZMHRU85D@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=andy.liang@hpe.com \
--cc=ardb@kernel.org \
--cc=colin.i.king@gmail.com \
--cc=jarkko.sakkinen@iki.fi \
--cc=jgg@ziepe.ca \
--cc=joe@pf.is.s.u-tokyo.ac.jp \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=peterhuewe@gmx.de \
--cc=roberto.sassu@huawei.com \
--cc=stefanb@linux.ibm.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.