Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2476056pxj; Mon, 10 May 2021 04:02:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyMYIjDg/+WwWSq91HfGuBdrtnua3rwwupHiDd3An8fdUsywI5JQWad1KrvYjsvWuVExU0v X-Received: by 2002:a5d:58e1:: with SMTP id f1mr28967868wrd.375.1620644549542; Mon, 10 May 2021 04:02:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620644549; cv=none; d=google.com; s=arc-20160816; b=Lu22sPCT5y3WLGlW9pWfHAcrciqgPm+/GXbJQauwzQL9w/47F8CO4wecGhM1EEsWy+ Ew+vkrjPPKE+I/gV3j/7OwsuZiBi8fJo+vj9VdTKebXi0WKzjCW/x5kgHJk33mqt3/QD +S2fphTGsYB94FQcU7HVN1SKIg1vhIJ3cVHjzyJRZhXCqd9wYFaEQK+iF4AjN6UB1mok C0nY2+52Gv+/QE5oPED9iMLRMaASqBhvolau/SH/aUo6r4AuXgil8Pp5YhbtYT+uNYrU gxamluuceH0p1mYqoZsqVclA02GwOIIMsvWH/Rn+3ZIx72ypeWsH1fnd2Y/ztqT/KpnK K6fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+bjfhYdMP8Df7ZbkDmX7yy7N2+g4sJBruO7oHwFN264=; b=zFBaHdn+H9V6Jsn1eO2nRxuZnB+6VbrVZVboFMbG9g24t3ZFgpROYsee1Qie7xnxMV azNw768UqoNagLdJ4+bWY3pwf2bkL/sApLayICvgRLidfoSJISyoMSDQKX6MLgiyyy+L SvVIAupJ8g/ifzpOFupXYU6pDjCQeAIV2IE9T2aMmiS5f5+ajtDamcASNGQ6Z+PKvsON N6zTHW8nHpJFjPrRsEzIW8nJgKqJjBsR6g54JVU/jjHY1zOReHv7y48bqT5VDFkxcjaH taBU3emb96e8/v5+7aBPfibQLiNn5XasPPtMbExi81B9MeDuH9QDIGAJBfIa/7A38Tye BXZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QVbdfHiZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r14si11309706edb.259.2021.05.10.04.02.04; Mon, 10 May 2021 04:02:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QVbdfHiZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233787AbhEJKzM (ORCPT + 99 others); Mon, 10 May 2021 06:55:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:50608 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232292AbhEJKmy (ORCPT ); Mon, 10 May 2021 06:42:54 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 923116197F; Mon, 10 May 2021 10:32:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620642771; bh=RWpexhPvp66+Tff5MbWUMpq+NMkNjRW/PLGWLjp8PVI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QVbdfHiZE5a2oeOiPThmfjfqixnbRanPrJVSWgnyZ+rl1JJcG+gdq61GiQMZuRS1t NuoXfp7mBR9MqdRCJrg5qGkiXg5yJgIr+HRpIqRDzatxuMD2MvDBJfkZd0s9NdhEN7 QtaFACd47qsF28t+gSeG0ZKqMG2mjOceBdg3el8Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Berger , Jarkko Sakkinen Subject: [PATCH 5.10 009/299] tpm: acpi: Check eventlog signature before using it Date: Mon, 10 May 2021 12:16:46 +0200 Message-Id: <20210510102005.137924019@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102004.821838356@linuxfoundation.org> References: <20210510102004.821838356@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Berger commit 3dcd15665aca80197333500a4be3900948afccc1 upstream. Check the eventlog signature before using it. This avoids using an empty log, as may be the case when QEMU created the ACPI tables, rather than probing the EFI log next. This resolves an issue where the EFI log was empty since an empty ACPI log was used. Cc: stable@vger.kernel.org Fixes: 85467f63a05c ("tpm: Add support for event log pointer found in TPM2 ACPI table") Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Greg Kroah-Hartman --- drivers/char/tpm/eventlog/acpi.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) --- a/drivers/char/tpm/eventlog/acpi.c +++ b/drivers/char/tpm/eventlog/acpi.c @@ -41,6 +41,27 @@ struct acpi_tcpa { }; }; +/* Check that the given log is indeed a TPM2 log. */ +static bool tpm_is_tpm2_log(void *bios_event_log, u64 len) +{ + struct tcg_efi_specid_event_head *efispecid; + struct tcg_pcr_event *event_header; + int n; + + if (len < sizeof(*event_header)) + return false; + len -= sizeof(*event_header); + event_header = bios_event_log; + + if (len < sizeof(*efispecid)) + return false; + efispecid = (struct tcg_efi_specid_event_head *)event_header->event; + + n = memcmp(efispecid->signature, TCG_SPECID_SIG, + sizeof(TCG_SPECID_SIG)); + return n == 0; +} + /* read binary bios log */ int tpm_read_log_acpi(struct tpm_chip *chip) { @@ -52,6 +73,7 @@ int tpm_read_log_acpi(struct tpm_chip *c struct acpi_table_tpm2 *tbl; struct acpi_tpm2_phy *tpm2_phy; int format; + int ret; log = &chip->log; @@ -112,6 +134,7 @@ int tpm_read_log_acpi(struct tpm_chip *c log->bios_event_log_end = log->bios_event_log + len; + ret = -EIO; virt = acpi_os_map_iomem(start, len); if (!virt) goto err; @@ -119,11 +142,19 @@ int tpm_read_log_acpi(struct tpm_chip *c memcpy_fromio(log->bios_event_log, virt, len); acpi_os_unmap_iomem(virt, len); + + if (chip->flags & TPM_CHIP_FLAG_TPM2 && + !tpm_is_tpm2_log(log->bios_event_log, len)) { + /* try EFI log next */ + ret = -ENODEV; + goto err; + } + return format; err: kfree(log->bios_event_log); log->bios_event_log = NULL; - return -EIO; + return ret; }