Received: by 2002:a05:7412:798b:b0:fc:a2b0:25d7 with SMTP id fb11csp663008rdb; Thu, 22 Feb 2024 16:01:43 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVYtuW463hMsd5yhe9de/ccgCUXgMY9/3xQjBKgYBwpSLJSJEQLKa2V95pQPuXwKV4+1gNae6h4jp7PccjCvlEGv+ggN2EJD2cqMaNpYw== X-Google-Smtp-Source: AGHT+IGY9AsWat+TiP0CBBRK75I5NP8iytuK0AcbcyeI12UKjWOSYSisi+iAwwXtaMQTIs3ekWep X-Received: by 2002:ac8:5a53:0:b0:42e:3fad:fd9e with SMTP id o19-20020ac85a53000000b0042e3fadfd9emr805632qta.31.1708646503362; Thu, 22 Feb 2024 16:01:43 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708646503; cv=pass; d=google.com; s=arc-20160816; b=Ztdvx8xPunkp41e8pQU4qV6L81xk0Yl5C26ESavesYuo8wxcnwnQlwRh92557JU6vc Jlqm49Ub94zj391S5wmsqnrzLVl1VAJAU7qg3YqDvN8BUSaJKco50OxhYT3j+F6V0zUG T09yUcJ1QWmrITcGACvrpi9wunRloo2TLUY+G7x6g2k4kUm7sZ6tbZTgqCotM0P8P/FC oHe7vns2A4r46nQAihSmMlFL7exnXDjM4oVDidmbGgrXXoHqfyE5J99aaqV8Fh4xC9wv MYGakYbkjd2n1pn7fTaDv4xXqhZ22zXExqEjv55Z1qzOqXFPr4lZqs0qswDfW3R9GoHP c6Ng== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:subject:cc:to:from:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=muwiStSj7tFYumX9dB0mleP4retXezB6KfxVdBaFQs4=; fh=Sqb7THQM8BzJnC1FxqtewZH1rgGoccIVtW45niw+6qk=; b=mDxPe2RZsWnrzz4aDj8jeb4YE1/ejaaEV9FIbpGWWVsOuLmU5aWMZT5DmZ0JZXKoZh hAljB0cr5Nl92oNajef/UIft6q4Q3lwrT+hATGUAfrN5nhz3fjJAzYtzrrCJdSCRMaok KTqSUM9FEIv+uGvQdHlzu2UAvNgKSX60B7uxdplQUVYNjbgjeyel+qFeJetmwcOKwhbf dRhahnqXlcCQ8Kd2CXLupkYRw+SBT/pYvgNeMhM8Rkr16wCRGDZXxZotCwmUT5wvk/8Y 942ySdJ1OMxL+sUe6ZOglhP8upLme5t/NvMKe4C8DgOux3lcraHcTXIwNQAeMmuRX4dF 6NBQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Gs0KJuYr; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-77550-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-77550-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id g19-20020ac84813000000b0042dd5c5d8f9si13745042qtq.288.2024.02.22.16.01.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 16:01:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-77550-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Gs0KJuYr; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-77550-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-77550-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 081021C224C6 for ; Fri, 23 Feb 2024 00:01:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BE5378BFA; Fri, 23 Feb 2024 00:01:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Gs0KJuYr" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC9823209; Fri, 23 Feb 2024 00:01:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708646498; cv=none; b=juXJUz1Tk3V1/VQ9hKhgTEfLYG4VvMUzo5toq/aLoWfV6Af9Q7DPvzhvEr4vw/MnBp9/veyrvMAi5ldJ82WFXtmdYYJVdpkdv9zlTdVXeK2M8ff7txkAbgwuejahdpuwgDmyv/qjyc5bHpPZZdzH5043wCiQbp/ZLeOo04rQ22Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708646498; c=relaxed/simple; bh=j+ESD4Q/QZWpzJ5PpQQRTIfQxg53nG40zpN2uQgqods=; h=Mime-Version:Content-Type:Date:Message-Id:From:To:Cc:Subject: References:In-Reply-To; b=UZv5F3a5zLrgngRdxPlcHr62Gn0Jg7wOsBsGQQGhka0kHCE0T0LhYERu2JH3wk1K0/TH8Uc5njQUXRbZzCFQ/y6oUPysa0rcobcbq/Pe6rrPJ41qFFN8jIJt7Hjn7lOVZgOtRuspXvhLa9vxL3ALw0moHqDpOU4XO736SeM0Znw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Gs0KJuYr; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC3E8C433C7; Fri, 23 Feb 2024 00:01:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708646497; bh=j+ESD4Q/QZWpzJ5PpQQRTIfQxg53nG40zpN2uQgqods=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Gs0KJuYrsbWv0csq9XYhI1MSXveC6+TJux7Yu8n+3P/GUY4HF6Q4eJot5v0D0cowJ D6PZUi8jVGWIj0JFmpOlo7yqoFib31jJtAo9JVnBcJSE3Ab0bg4eVkXCtoMdmhM7yJ nGKdnAAPk/TKgmJvyqzxj2Vn/IotNsRDVQ2dkvEDsRfw6dmowZVm/MGPUbi4T6HXYW YV8uzTrV+/BJs7T/gYsg3NzKDdZvtC6nAexp1Ukg/pcHfLuBkTaPJbZ1pN59Znq+h3 68aoBcbx0azO7lh/sIC5DJX9GhScZfHXgxdsZVewRxJbi/oO3x9wQHhd96L4+0Hjbd w8sMNd9iQqplA== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 23 Feb 2024 02:01:32 +0200 Message-Id: From: "Jarkko Sakkinen" To: "Daniel P. Smith" , "Jason Gunthorpe" , "Sasha Levin" , "Lino Sanfilippo" , , Cc: "Ross Philipson" , "Kanth Ghatraju" , "Peter Huewe" Subject: Re: [PATCH 1/3] tpm: protect against locality counter underflow X-Mailer: aerc 0.17.0 References: <20240131170824.6183-1-dpsmith@apertussolutions.com> <20240131170824.6183-2-dpsmith@apertussolutions.com> In-Reply-To: <20240131170824.6183-2-dpsmith@apertussolutions.com> On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote: > Commit 933bfc5ad213 introduced the use of a locality counter to control w= hen a > locality request is allowed to be sent to the TPM. In the commit, the cou= nter > is indiscriminately decremented. Thus creating a situation for an integer > underflow of the counter. > > Signed-off-by: Daniel P. Smith > Signed-off-by: Ross Philipson > Reported-by: Kanth Ghatraju > Fixes: 933bfc5ad213 ("tpm, tpm: Implement usage counter for locality") > --- > drivers/char/tpm/tpm_tis_core.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_c= ore.c > index 1b350412d8a6..4176d3bd1f04 100644 > --- a/drivers/char/tpm/tpm_tis_core.c > +++ b/drivers/char/tpm/tpm_tis_core.c > @@ -180,7 +180,8 @@ static int tpm_tis_relinquish_locality(struct tpm_chi= p *chip, int l) > struct tpm_tis_data *priv =3D dev_get_drvdata(&chip->dev); > =20 > mutex_lock(&priv->locality_count_mutex); > - priv->locality_count--; > + if (priv->locality_count > 0) > + priv->locality_count--; > if (priv->locality_count =3D=3D 0) > __tpm_tis_relinquish_locality(priv, l); > mutex_unlock(&priv->locality_count_mutex); To make this patch set better the whole story should be scenario based. Starting from cover letter the explanation is way too rounded to guide to the conclusion that these are actually best possible code changes to fix the issue.=20 I agree fully on that the problem should be fixed but given that the scenarios are fuzzy deciding whether this the right things done right is the open question. I.e. we need the steps for destruction and how these patches change those steps to make this right. Since the whole topic is complicated I'd use PC Client spec as reference. BR, Jarkko