In drivers/char/tpm/tpm_bios.c::read_log() we call
acpi_os_map_memory(). That call may fail for a number of reasons
(invallid address, out of memory etc). If the call fails it returns
NULL and we just pass that to memcpy() unconditionally, which will go
bad when it tries to dereference the pointer.
Unfortunately we just get NULL back, so we can't really tell the user
exactely what went wrong, but we can at least avoid crashing and
return an error (-EIO seemed more generic and more suitable here than
-ENOMEM or something else, so I picked that).
Signed-off-by: Jesper Juhl <[email protected]>
---
drivers/char/tpm/tpm_bios.c | 5 +++++
1 file changed, 5 insertions(+)
Compile tested only.
diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c
index 0636520..0c5c274 100644
--- a/drivers/char/tpm/tpm_bios.c
+++ b/drivers/char/tpm/tpm_bios.c
@@ -410,6 +410,11 @@ static int read_log(struct tpm_bios_log *log)
log->bios_event_log_end = log->bios_event_log + len;
virt = acpi_os_map_memory(start, len);
+ if (!virt) {
+ printk("%s: ERROR - Unable to map memory\n",
+ __func__);
+ return -EIO;
+ }
memcpy(log->bios_event_log, virt, len);
--
1.7.11.4
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
On Tue, Aug 07, 2012 at 10:50:56PM +0200, Jesper Juhl wrote:
> In drivers/char/tpm/tpm_bios.c::read_log() we call
> acpi_os_map_memory(). That call may fail for a number of reasons
> (invallid address, out of memory etc). If the call fails it returns
> NULL and we just pass that to memcpy() unconditionally, which will go
> bad when it tries to dereference the pointer.
>
> Unfortunately we just get NULL back, so we can't really tell the user
> exactely what went wrong, but we can at least avoid crashing and
> return an error (-EIO seemed more generic and more suitable here than
> -ENOMEM or something else, so I picked that).
Thanks Jesper. I'd made some updates to tpm_bios.c recently but this
should still apply. I'll let you know if not.
Kent
>
> Signed-off-by: Jesper Juhl <[email protected]>
> ---
> drivers/char/tpm/tpm_bios.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> Compile tested only.
>
> diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c
> index 0636520..0c5c274 100644
> --- a/drivers/char/tpm/tpm_bios.c
> +++ b/drivers/char/tpm/tpm_bios.c
> @@ -410,6 +410,11 @@ static int read_log(struct tpm_bios_log *log)
> log->bios_event_log_end = log->bios_event_log + len;
>
> virt = acpi_os_map_memory(start, len);
> + if (!virt) {
> + printk("%s: ERROR - Unable to map memory\n",
> + __func__);
> + return -EIO;
> + }
>
> memcpy(log->bios_event_log, virt, len);
>
> --
> 1.7.11.4
>
>
> --
> Jesper Juhl <[email protected]> http://www.chaosbits.net/
> Don't top-post http://www.catb.org/jargon/html/T/top-post.html
> Plain text mails only, please.
>
Hi Jesper,
> > Unfortunately we just get NULL back, so we can't really tell the user
> > exactely what went wrong, but we can at least avoid crashing and
> > return an error (-EIO seemed more generic and more suitable here than
> > -ENOMEM or something else, so I picked that).
>
> Thanks Jesper. I'd made some updates to tpm_bios.c recently but this
> should still apply. I'll let you know if not.
Of course I'm wrong here, this code moved over into tpm_acpi.c. If you
can resubmit on top of my staging tree, I will apply it there.
git://github.com/shpedoikal/linux.git v3.6-rc1-tpmdd-staging
> > Signed-off-by: Jesper Juhl <[email protected]>
> > ---
> > drivers/char/tpm/tpm_bios.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > Compile tested only.
> >
> > diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c
> > index 0636520..0c5c274 100644
> > --- a/drivers/char/tpm/tpm_bios.c
> > +++ b/drivers/char/tpm/tpm_bios.c
> > @@ -410,6 +410,11 @@ static int read_log(struct tpm_bios_log *log)
> > log->bios_event_log_end = log->bios_event_log + len;
> >
> > virt = acpi_os_map_memory(start, len);
> > + if (!virt) {
Also please add kfree(log->bios_event_log); in this error path.
Thanks,
Kent
> > + printk("%s: ERROR - Unable to map memory\n",
> > + __func__);
> > + return -EIO;
> > + }
> >
> > memcpy(log->bios_event_log, virt, len);
> >
> > --
> > 1.7.11.4
> >
> >
> > --
> > Jesper Juhl <[email protected]> http://www.chaosbits.net/
> > Don't top-post http://www.catb.org/jargon/html/T/top-post.html
> > Plain text mails only, please.
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
On Wed, 15 Aug 2012, Kent Yoder wrote:
> Hi Jesper,
>
> > > Unfortunately we just get NULL back, so we can't really tell the user
> > > exactely what went wrong, but we can at least avoid crashing and
> > > return an error (-EIO seemed more generic and more suitable here than
> > > -ENOMEM or something else, so I picked that).
> >
> > Thanks Jesper. I'd made some updates to tpm_bios.c recently but this
> > should still apply. I'll let you know if not.
>
> Of course I'm wrong here, this code moved over into tpm_acpi.c. If you
> can resubmit on top of my staging tree, I will apply it there.
>
No problem. I'll have that patch for you in a moment when I'm done
fetching your tree.
> git://github.com/shpedoikal/linux.git v3.6-rc1-tpmdd-staging
>
> > > Signed-off-by: Jesper Juhl <[email protected]>
> > > ---
> > > drivers/char/tpm/tpm_bios.c | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > Compile tested only.
> > >
> > > diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c
> > > index 0636520..0c5c274 100644
> > > --- a/drivers/char/tpm/tpm_bios.c
> > > +++ b/drivers/char/tpm/tpm_bios.c
> > > @@ -410,6 +410,11 @@ static int read_log(struct tpm_bios_log *log)
> > > log->bios_event_log_end = log->bios_event_log + len;
> > >
> > > virt = acpi_os_map_memory(start, len);
> > > + if (!virt) {
>
> Also please add kfree(log->bios_event_log); in this error path.
>
Whoops, of course, will do.
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
In drivers/char/tpm/tpm_acpi.c::read_log() we call
acpi_os_map_memory(). That call may fail for a number of reasons
(invalid address, out of memory etc). If the call fails it returns
NULL and we just pass that to memcpy() unconditionally, which will go
bad when it tries to dereference the pointer.
Unfortunately we just get NULL back, so we can't really tell the user
exactely what went wrong, but we can at least avoid crashing and
return an error (-EIO seemed more generic and more suitable here than
-ENOMEM or something else, so I picked that).
Signed-off-by: Jesper Juhl <[email protected]>
---
drivers/char/tpm/tpm_acpi.c | 5 +++++
1 file changed, 5 insertions(+)
note: this patch is against git://github.com/shpedoikal/linux.git v3.6-rc1-tpmdd-staging
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index a1bb5a18..fe3fa94 100644
--- a/drivers/char/tpm/tpm_acpi.c
+++ b/drivers/char/tpm/tpm_acpi.c
@@ -96,6 +96,11 @@ int read_log(struct tpm_bios_log *log)
log->bios_event_log_end = log->bios_event_log + len;
virt = acpi_os_map_memory(start, len);
+ if (!virt) {
+ kfree(log->bios_event_log);
+ printk("%s: ERROR - Unable to map memory\n", __func__);
+ return -EIO;
+ }
memcpy(log->bios_event_log, virt, len);
--
1.7.11.4
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
On Thu, Aug 16, 2012 at 12:16:33AM +0200, Jesper Juhl wrote:
> In drivers/char/tpm/tpm_acpi.c::read_log() we call
> acpi_os_map_memory(). That call may fail for a number of reasons
> (invalid address, out of memory etc). If the call fails it returns
> NULL and we just pass that to memcpy() unconditionally, which will go
> bad when it tries to dereference the pointer.
>
> Unfortunately we just get NULL back, so we can't really tell the user
> exactely what went wrong, but we can at least avoid crashing and
> return an error (-EIO seemed more generic and more suitable here than
> -ENOMEM or something else, so I picked that).
Thanks Jesper, applied here:
git://github.com/shpedoikal/linux.git v3.6-rc1-tpmdd-staging
Kent
>
> Signed-off-by: Jesper Juhl <[email protected]>
> ---
> drivers/char/tpm/tpm_acpi.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> note: this patch is against git://github.com/shpedoikal/linux.git v3.6-rc1-tpmdd-staging
>
> diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
> index a1bb5a18..fe3fa94 100644
> --- a/drivers/char/tpm/tpm_acpi.c
> +++ b/drivers/char/tpm/tpm_acpi.c
> @@ -96,6 +96,11 @@ int read_log(struct tpm_bios_log *log)
> log->bios_event_log_end = log->bios_event_log + len;
>
> virt = acpi_os_map_memory(start, len);
> + if (!virt) {
> + kfree(log->bios_event_log);
> + printk("%s: ERROR - Unable to map memory\n", __func__);
> + return -EIO;
> + }
>
> memcpy(log->bios_event_log, virt, len);
>
> --
> 1.7.11.4
>
>
> --
> Jesper Juhl <[email protected]> http://www.chaosbits.net/
> Don't top-post http://www.catb.org/jargon/html/T/top-post.html
> Plain text mails only, please.
>