Received: by 10.213.65.16 with SMTP id m16csp293156imf; Mon, 12 Mar 2018 04:09:28 -0700 (PDT) X-Google-Smtp-Source: AG47ELvm7wgEcO6IlWIL06vZAnLXki6k/Fb+ciXsXY/kQTKRBbQmbH7SiJUXXinYqb0IA4dALqak X-Received: by 10.99.149.15 with SMTP id p15mr6395808pgd.154.1520852968547; Mon, 12 Mar 2018 04:09:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520852968; cv=none; d=google.com; s=arc-20160816; b=w3g+0C3obGdi5W78GNWe0MMjYjir8vLgm4kGA0D/ApXam8CIylVMXLbAUg0qpodGdu 6HkoD+EuOBQefUyhkTQDGXmDUquK+PE9MG9hD4bMYvmcdUrPw1rwZOQ1YgF37GDVFO6s h6nhzPETLf/OK768xTrChBnicTycd3Y0D3gsEjYWmtMZ6aAOL28EuZbAil0JDoukZwE3 xWTS8oWjoiun7wdGxPG2+Sr3PYg3JQjhVR24EmIGAn2UX/d18Uhwmrjxvj+tZoDjlPFz xJChKrrvf8w4eyu87csqtK0SopXQwc0qJtdp6SmS34dMfHiCaDMrBPLkbfwCmzlnECjR bhEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=ktncYGfqwL3iC+fClcRTlTIvJU2yoQypeVtTFbdl0rE=; b=lP2QoN8f543hJH2V/8A+xPDrxd/bJG96Nv3kLWZetkrbQvZvgQRAuKDgcRv8BBjKAB YcamaQP3ip0Oa3LJDGbIF5bH10WgRjlYxLWmmuSAuyY7I5pagH6IArsh3sL0HZ8VsWxT Gm1yU/v0VpnrcSomohUgtIyupv05YM8MWucQhpXC9qQHxt3Fz9x1Cw5L03SyfqBH0Ydl SstY93SYMCr0MgKFPbV4xcOieWImGptLPaC4gVIVIXC2KN5N+oCt1CN6t1Af6NqlpT5c JP9Ln1Xl2XNXvY0Kww3t0UsDu9j3sb8dvcVFVUGs1k9qKMHTlihBHfuMrpO63VNuhS/u Z8Vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YnE4rBst; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e7-v6si4433497plo.533.2018.03.12.04.09.13; Mon, 12 Mar 2018 04:09:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YnE4rBst; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751339AbeCLLIO (ORCPT + 99 others); Mon, 12 Mar 2018 07:08:14 -0400 Received: from mail-io0-f179.google.com ([209.85.223.179]:45168 "EHLO mail-io0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751237AbeCLLIM (ORCPT ); Mon, 12 Mar 2018 07:08:12 -0400 Received: by mail-io0-f179.google.com with SMTP id m22so10909818iob.12 for ; Mon, 12 Mar 2018 04:08:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ktncYGfqwL3iC+fClcRTlTIvJU2yoQypeVtTFbdl0rE=; b=YnE4rBsttb13Ln7mUzSZAiJNR3Fye8o1Y6RL6xr/x6Oxydxbqy9yxo77x5avNoFcO6 Fj0bOU0GqhUlAPjb7xYpi1qz+IMT+nUGLddXijmvFI4T1Vg4cKFgBcWZVXXUihmw/PlU HScjBKK0dfjYm2a+csIwC6E+othSJibMd5j+g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ktncYGfqwL3iC+fClcRTlTIvJU2yoQypeVtTFbdl0rE=; b=gsqWV2YcnDoYKllXk6p7uRDpUIgO2S4eEHdKn4wk6WJBdeu1/eqqjNM5K+TP+ThDHd 2jK19LLbZwRZntmq2tI0Z+3YoAjJnntSdTshdslnovfzIADwbXC846yHi6REui0E3P18 +NyyfGBAk8rJpEup+YEio75vV+E48ClKnn2RcLEkBabMbFwVnAAfLRibHWS8cYePYxCX zPE0P1gziyMYEwz4LXxeC2WSbSD6MyYIFCW0yiNL1bkbNXA8Uc4NsgHtW6lQLnerFVOD 1cjo/Up1GstyEVLNHMoY/9b0rZLidQalil7nSSce8MgVLLufQn92pMiuXTEpybkYyVqu POyQ== X-Gm-Message-State: AElRT7EM1aFBDdOLhoqkJgr0Ix6N70LAXrJeucQQAUweO2RYNMHJpbBc KuhnMeqm3sSMrOI+SnOz3KGlTV1XJXGoKLoktztabg== X-Received: by 10.107.151.74 with SMTP id z71mr7782824iod.277.1520852891916; Mon, 12 Mar 2018 04:08:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.138.209 with HTTP; Mon, 12 Mar 2018 04:08:11 -0700 (PDT) In-Reply-To: References: <01000161fc0b4755-df0621f4-ab5d-479a-b425-adf98427a308-000000@email.amazonses.com> <0100016206a68850-bd5c96b3-f275-46ea-98b1-1317e02a5d6e-000000@email.amazonses.com> <29c1640a-cf19-ca19-7de9-96f202edfb5a@redhat.com> <010001620bafa06b-41525407-603e-40a9-ba11-6033b2f5dcc7-000000@email.amazonses.com> From: Ard Biesheuvel Date: Mon, 12 Mar 2018 11:08:11 +0000 Message-ID: Subject: Re: Regression from efi: call get_event_log before ExitBootServices To: Thiebaud Weksteen Cc: Jeremy Cline , Hans de Goede , Javier Martinez Canillas , Jarkko Sakkinen , linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10 March 2018 at 10:45, Thiebaud Weksteen wrote: > On Fri, Mar 9, 2018 at 5:54 PM Jeremy Cline wrote: > >> On Fri, Mar 09, 2018 at 10:43:50AM +0000, Thiebaud Weksteen wrote: >> > Thanks a lot for trying out the patch! >> > >> > Please don't modify your install at this stage, I think we are hitting a >> > firmware bug and that would be awesome if we can fix how we are > handling it. >> > So, if we reach that stage in the function it could either be that: >> > * The allocation did not succeed, somehow, but the firmware still > returned >> > EFI_SUCCEED. >> > * The size requested is incorrect (I'm thinking something like a 1G of >> > log). This would be due to either a miscalculation of log_size > (possible) >> > or; the returned values of GetEventLog are not correct. >> > I'm sending a patch to add checks for these. Could you please apply and >> > retest? >> > Again, thanks for helping debugging this. > >> No problem, thanks for the help :) > >> With the new patch: > >> Locating the TCG2Protocol >> Calling GetEventLog on TCG2Protocol >> Log returned >> log_location is not empty >> log_size != 0 >> log_size < 1M >> Allocating memory for storing the logs >> Returned from memory allocation >> Copying log to new location > >> And then it hangs. I added a couple more print statements: > >> diff --git a/drivers/firmware/efi/libstub/tpm.c > b/drivers/firmware/efi/libstub/tpm.c >> index ee3fac109078..1ab5638bc50e 100644 >> --- a/drivers/firmware/efi/libstub/tpm.c >> +++ b/drivers/firmware/efi/libstub/tpm.c >> @@ -148,8 +148,11 @@ void > efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) >> efi_printk(sys_table_arg, "Copying log to new location\n"); > >> memset(log_tbl, 0, sizeof(*log_tbl) + log_size); >> + efi_printk(sys_table_arg, "Successfully memset log_tbl to 0\n"); >> log_tbl->size = log_size; >> + efi_printk(sys_table_arg, "Set log_tbl->size\n"); >> log_tbl->version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; >> + efi_printk(sys_table_arg, "Set log_tbl-version\n"); >> memcpy(log_tbl->log, (void *) first_entry_addr, log_size); > >> efi_printk(sys_table_arg, "Installing the log into the > configuration table\n"); > >> and it's hanging at "memset(log_tbl, 0, sizeof(*log_tbl) + log_size);" > > Thanks. Well, it looks like the memory that is supposedly allocated is not > usable. I'm thinking this is a firmware bug. > Ard, would you agree on this assumption? Thoughts on how to proceed? > I am rather puzzled why the allocate_pool() should succeed and the subsequent memset() should fail. This does not look like an issue that is intimately related to TPM2 support, rather an issue in the firmware that happens to get tickled after the change. Would you mind trying replacing EFI_LOADER_DATA with EFI_BOOT_SERVICES_DATA in the allocate_pool() call?