Received-SPF: pass (google.com: domain of linux-kernel+bounces-49135-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Message-ID: <2ba9a96e-f93b-48e2-9ca0-48318af7f9b1@kunbus.com>
Date: Fri, 2 Feb 2024 04:08:07 +0100
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 1/3] tpm: protect against locality counter underflow
Content-Language: en-US
To: Jarkko Sakkinen <jarkko@kernel.org>,
 "Daniel P. Smith" <dpsmith@apertussolutions.com>,
 Jason Gunthorpe <jgg@ziepe.ca>, Sasha Levin <sashal@kernel.org>,
 linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ross Philipson <ross.philipson@oracle.com>,
 Kanth Ghatraju <kanth.ghatraju@oracle.com>, Peter Huewe <peterhuewe@gmx.de>
References: <20240131170824.6183-1-dpsmith@apertussolutions.com>
 <20240131170824.6183-2-dpsmith@apertussolutions.com>
 <CYU3CFW08DAA.29DJY7SJYPJJZ@suppilovahvero>
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
In-Reply-To: <CYU3CFW08DAA.29DJY7SJYPJJZ@suppilovahvero>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?utf-8?B?L0NLaklUZHMzejdXMklnY2tud3RRelQwWkFXcDR1UC9GRU8yV3dYdlplQ0Rn?=
 =?utf-8?B?ekN6NWhndVJhTUp1c2dPWm5IYW1EbXdKdS9wU2NLYVlKV2trZlBzTXV2Q21P?=
 =?utf-8?B?SGQzSVNPRlUxT0p4TE5HYVZZOWVjc3RTV2RWQk1LYlNWbzd0dXRPcUt1cmxO?=
 =?utf-8?B?azQ3RWNISjk3ZXlPcDE3OTFyNDBpRWlHYzkxM2g0bzVPTXBtWTNjTTRYUzdl?=
 =?utf-8?B?Nk8zY1NkaVVBZ2dESnVCdmR4eVBzTGhHdFF0RDVJQ0JKTlFYc3ZBcVU5aExz?=
 =?utf-8?B?SHhjL2hicWxQc1dEbFhVNDh1Qk9YdXRMNXdXNkRwUFZsQkJPVXprN0k5L1Zr?=
 =?utf-8?B?ekZHdHhXYlRrNkhzVUczNGk3UVBBZWtTOXhlSUVJK3grMXBNRnRzQnlDYkhk?=
 =?utf-8?B?YkV1RHoxdEdRbG5WdDJzT3JoU3BlNXpDK01NZjYvT0RndkZCeStUNXl6WUJn?=
 =?utf-8?B?aStwZVVrendwUjB1Zmt0YTVwYmE3RkJDckdTeE9peStIdzIweGdQQXd6cGdZ?=
 =?utf-8?B?ZTJQTlg2bnhUUVdHNGllWVpaUFZkU1c3MGthMGRzR21hMXFEUjk4U1dkdE83?=
 =?utf-8?B?K1ZXclZsZk1pYzJHUm5mbWF0cWdvK1RkSlFuZnJWcmJlTGl6WnNRRmI0K2xr?=
 =?utf-8?B?MEFLdVdqaTQ1OU9wMzVzbWdYSTRNdVNSdWg5NDE2dTRFUUZ1N1M1RmF1SS9F?=
 =?utf-8?B?NHlhU1h2YnB3OWZvYTljN2pMbTV0Z3VtZFdkb2V4dXRDaXRSblNyUWJQM0RB?=
 =?utf-8?B?dGJaQ2NEenR5VnQxVWJYeUpmQU8rYldhOWJZSFFjQk9pbXZkN2p0VFpDcGMx?=
 =?utf-8?B?MHZUaWNJMGFEU2ZZWUJ5bkgwcGFCNVlXeTB1N3FpQTRmOGliTXJNLzZQcXV3?=
 =?utf-8?B?MlFSTmJIRmMrNEpQZ25YSUNnNUV0VERsbjBURFVTYmhuUGJkQ1hXK0FCSkNE?=
 =?utf-8?B?ajJHMEcyZWZFaUQ3MlExb1BLU3NDUmZsTHdnalNKazdmODZ2eFN2QU53MUdS?=
 =?utf-8?B?czRyMmpUdUc5eWp2eldWYlJpOTFuUlg5Q1EvcXE2OHhQN2ovdDV5dzJmOW5F?=
 =?utf-8?B?VTVTWjBUQnlaN0ZkT3Nab1NMOHNkNUI2QTNHWmUzc2VOZHNBN3djVVE3RGJ4?=
 =?utf-8?B?aWJpcC9xbDJEYzhCNzQ1R2FlVzlQamJKZU9XL2dBWDk5SkV3TitXTzY3QmtF?=
 =?utf-8?B?QXhjMmVDdzlOTmQ1b09MNXdiTVYvK21vSVhmWlBueUpZQThhbjhCcHRUQjNh?=
 =?utf-8?B?cnJkTHV4TG4yNUVqcXlTSDdDWGkxbzVnUkZuMGN1WUU5bGhaYm00NHFiL0lS?=
 =?utf-8?B?TldrN20vQ0w5eUg5YmNzaUtoK3IxL0l4V3FEYm9pTnRCS3lERDdFRHBCMG9t?=
 =?utf-8?B?bnJSNUdDZ1d0b1gxVEhkRnA3ZXVqN2k2OTNjMVRJemoyeDlHRWNoWW1EZEJt?=
 =?utf-8?B?UllGTGdGRmVPS0UwUUhMb0ZJQVgwVCtJSlZXcnZvSEt0Q3ZrRkt5NEo4NTZE?=
 =?utf-8?B?ZWlHRThlVEd3Z1JLVVhJbFAvMjFLOHB2dVUyYSt6KzMvSm5hVUhJdmFDWWMy?=
 =?utf-8?B?d0JRT293cVBnaEJIZVdjNVlDQS9SS3hHVnB2Z3V5T29hNVBSRG9GT3hlc2pm?=
 =?utf-8?B?RzVhWkN6RkxmUnYwTWFLeEhWTFRYSE1uWnhSTmJqdVJqYmZ5ZWdMZDVyMkoz?=
 =?utf-8?B?Nm1aWUNUeHczQjg1T0V2d0x5UkZpTHJkbGVvN2VUTTMzeDNrakNjZkk4cFVs?=
 =?utf-8?B?OXFNRWduMk5pa2o5YTMwUDhOQVFnWVRqN0w3aVkwczQxQ21HWlRmc2tzZlVh?=
 =?utf-8?B?OXZ6c2FpbEl1eWFtNTdpN2VYR1loUHdpdjhPNm0rN1Z5aDMvRFRRTWRDTFg0?=
 =?utf-8?B?RUk1RzZaMVpNcGlyTWlRNFJDTVBZQzljQ05nNktrS0xuWFlZSWplUVVLYXgv?=
 =?utf-8?B?NzJLdTNuUGZidlNBcTlrTGlBWUhSdTNCODZJbzRYcktXOXBEckM1OHg4WFpQ?=
 =?utf-8?B?QXNCT2Z6MG5Bc0tkNHdndGFma1hsbkFsd2ltQ3E4aml3dHE4dWUxWi90UWtQ?=
 =?utf-8?B?MHBrZnNWZ3NuV3Z2alZma1g4R0dCMVVqNTkwQTlZTmVvTlMxYXVETTI2a3lt?=
 =?utf-8?B?OExYZnMveHVWUW00VEJkTkRMMkcvR1ZRa2JOV1RKUmhKRTM5UlBkQ1JNejRX?=
 =?utf-8?Q?dQmFWg53UXTWrHxdMY5OXRV2hV4Nn1oEYELbmEau/SFH?=
X-OriginatorOrg: kunbus.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4a5fac62-7840-4ec6-bc3a-08dc239c2f49
X-MS-Exchange-CrossTenant-AuthSource: AM6P193MB0408.EURP193.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Feb 2024 03:08:09.5754
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: aaa4d814-e659-4b0a-9698-1c671f11520b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: lboE4qIsVkeZp2BpCZvEYMujjXodRlkMIDQK8kFdbGSwekfhU5bd0dRrMWwP4hNtyNdlwsCVYGXEKCwt+OfRLw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P193MB0502


On 01.02.24 23:21, Jarkko Sakkinen wrote:

> 
> On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote:
>> Commit 933bfc5ad213 introduced the use of a locality counter to control when a
>> locality request is allowed to be sent to the TPM. In the commit, the counter
>> is indiscriminately decremented. Thus creating a situation for an integer
>> underflow of the counter.
> 
> What is the sequence of events that leads to this triggering the
> underflow? This information should be represent in the commit message.
> 

AFAIU this is:

1. We start with a locality_counter of 0 and then we call tpm_tis_request_locality()
for the first time, but since a locality is (unexpectedly) already active check_locality() and consequently
__tpm_tis_request_locality() return "true". This prevents the locality_counter from being increased
to 1, see 

	ret = __tpm_tis_request_locality(chip, l);
	if (!ret) /* Counter not increased since ret == 1 */
		priv->locality_count++;

in tpm_tis_request_locality().

If now the locality is released the counter is decreased to below zero (resulting
in an underflow since "locality_counter" is an unsigned int.