Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2537662pxj; Mon, 10 May 2021 05:27:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzPqoP9u88hu7+tAG4iWz/0tuD+PdIXkRDvIVoBHxcPuDP5P+5cFsXyQAznc74WQHD+HqDz X-Received: by 2002:aa7:d7c7:: with SMTP id e7mr28238033eds.132.1620649629901; Mon, 10 May 2021 05:27:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620649629; cv=none; d=google.com; s=arc-20160816; b=IgFH9aqwt4bn9kpGBbJuE12eK8fzJu0/ZKPefQXBO864/1X1INfx/S4MBg2fuEMGPG SEbQkUnUFFbADUk/w0yZVpdfA8D0IsK373zOi8Wke5m5KEsdQVxVQTpSGbfPyg0Zfaso q8O6pl5K+sJSqEKuGqqvJBto+w5ezA8R608hNXIYuSxcHrUZ7y5xT4cTcmVLNjYMRKZ6 CEVKlBfQqOTGeI/uH0pG47bMI8y2IOxasVwRZRBC8PIYKBYgW5TlZFEJn3d4H6npr/Ce VDOtwJHXhrgmOX3t5xthvUga3Ct1QUEXVaW5lhVrAD4Bb01syLZVgyRuYXuI0KsJ8Av6 O8Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+bjfhYdMP8Df7ZbkDmX7yy7N2+g4sJBruO7oHwFN264=; b=Hz1XREXBjh2kPrBYzyY5zTNxVAelYuACbC1vKn4EJj4RsSMSTn1V4B96HGhrsI+jvF GylK7F+uBhc7zLlBC2MR8PhiPcY1Hsym/nAfsE/Iwi47Z6YoiSRp0YKrj7uyTO1uPIys 0Pi7PmMQNJDqh6mMZVyY/pe29W1Dbk57gv6aAgkMkIzwExn4cAapniydTyJDpZzBVjgQ 0JCTS6GLrV+6xXj8KoG87H1tyZLMjC10SBCEkiPUrLrLb6QDIpwD4I39/RyMhK9OOe0B RSX7my1vfIdzWZAEWbkTF7MUcxDJykTOG4VjfB4TLPyf5KZl99NpiD3Ad3gAIwu4fifO eZzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Vtyfu+J1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s10si13307502edy.350.2021.05.10.05.26.46; Mon, 10 May 2021 05:27:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Vtyfu+J1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344301AbhEJMPc (ORCPT + 99 others); Mon, 10 May 2021 08:15:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:46088 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236053AbhEJLHZ (ORCPT ); Mon, 10 May 2021 07:07:25 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9C87E616E9; Mon, 10 May 2021 10:57:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620644272; bh=RWpexhPvp66+Tff5MbWUMpq+NMkNjRW/PLGWLjp8PVI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Vtyfu+J1qzggQXlLNq9qbUy9xHWjZQ/lQWiPiULD/L+ZCPdOQmDRX+Yvn3xqMkXyu d4+Mc2Kr+LMmp4qjoEeT8u1+yvwwyFF0NsrY0pFgVnQb52AvxHXnVCBjDiJS2EHUJA NQ0Iny679AJTnPv6HsB1c0FgIAy0ylqDYroYoZEE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Berger , Jarkko Sakkinen Subject: [PATCH 5.12 015/384] tpm: acpi: Check eventlog signature before using it Date: Mon, 10 May 2021 12:16:44 +0200 Message-Id: <20210510102015.376463098@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102014.849075526@linuxfoundation.org> References: <20210510102014.849075526@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Berger commit 3dcd15665aca80197333500a4be3900948afccc1 upstream. Check the eventlog signature before using it. This avoids using an empty log, as may be the case when QEMU created the ACPI tables, rather than probing the EFI log next. This resolves an issue where the EFI log was empty since an empty ACPI log was used. Cc: stable@vger.kernel.org Fixes: 85467f63a05c ("tpm: Add support for event log pointer found in TPM2 ACPI table") Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Greg Kroah-Hartman --- drivers/char/tpm/eventlog/acpi.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) --- a/drivers/char/tpm/eventlog/acpi.c +++ b/drivers/char/tpm/eventlog/acpi.c @@ -41,6 +41,27 @@ struct acpi_tcpa { }; }; +/* Check that the given log is indeed a TPM2 log. */ +static bool tpm_is_tpm2_log(void *bios_event_log, u64 len) +{ + struct tcg_efi_specid_event_head *efispecid; + struct tcg_pcr_event *event_header; + int n; + + if (len < sizeof(*event_header)) + return false; + len -= sizeof(*event_header); + event_header = bios_event_log; + + if (len < sizeof(*efispecid)) + return false; + efispecid = (struct tcg_efi_specid_event_head *)event_header->event; + + n = memcmp(efispecid->signature, TCG_SPECID_SIG, + sizeof(TCG_SPECID_SIG)); + return n == 0; +} + /* read binary bios log */ int tpm_read_log_acpi(struct tpm_chip *chip) { @@ -52,6 +73,7 @@ int tpm_read_log_acpi(struct tpm_chip *c struct acpi_table_tpm2 *tbl; struct acpi_tpm2_phy *tpm2_phy; int format; + int ret; log = &chip->log; @@ -112,6 +134,7 @@ int tpm_read_log_acpi(struct tpm_chip *c log->bios_event_log_end = log->bios_event_log + len; + ret = -EIO; virt = acpi_os_map_iomem(start, len); if (!virt) goto err; @@ -119,11 +142,19 @@ int tpm_read_log_acpi(struct tpm_chip *c memcpy_fromio(log->bios_event_log, virt, len); acpi_os_unmap_iomem(virt, len); + + if (chip->flags & TPM_CHIP_FLAG_TPM2 && + !tpm_is_tpm2_log(log->bios_event_log, len)) { + /* try EFI log next */ + ret = -ENODEV; + goto err; + } + return format; err: kfree(log->bios_event_log); log->bios_event_log = NULL; - return -EIO; + return ret; }