Received: by 2002:a05:6500:1b41:b0:1fb:d597:ff75 with SMTP id cz1csp345819lqb;
        Tue, 4 Jun 2024 13:12:20 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXCwq1AKL2bySZEvaKIEb88Crw5dcgpXb2E7LUMa2AfxPBBeYvMJFPUfcoc2wU9TRVZeKQ2dGpDWZqqCm7c37/Wteu/mcvOVqrsUwzvmA==
X-Google-Smtp-Source: AGHT+IEEb4hvOjoGW1DCjnwb1XRhui86MLklcNn0IMSGMbWIHg+lU4l9wzMsBcTtpgcneM7ezGuZ
X-Received: by 2002:a17:906:4acc:b0:a63:49d3:e1c5 with SMTP id a640c23a62f3a-a69a002a918mr34520366b.64.1717531940142;
        Tue, 04 Jun 2024 13:12:20 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717531940; cv=pass;
        d=google.com; s=arc-20160816;
        b=C8TMyBrAa/MEEEFHGh1XtdeYtB78u3NaqM1CW2+sKVY2BlQf0hSa5UHuh+QPbB42Va
         E5TKmGeRPsxeN9bmkKFfZB2vxul9MNHjuiXvU3k/WRyX3r2NRhs0pWHPWRSHV+h5GVGm
         JfdaRxRMd/7Qs0u46D/iyOaL81+Oml9/iJHdtIRNup6o9NK9hKXi/S1bcFRFF/0Ss3km
         XeHnAgigL0P/W/FebC77Zrbf17kmgtCYIDyLI08ju8CJrc/O0QP5k20+/bbfJ9JlG3E2
         eJAnop1Ubh+zMnUm9OIZADim5Sw7RWFskyCFqtXknozxfUUmE8kLiHOe/hAQIHgZQWwE
         VZig==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:references:to:from:subject:cc:message-id:date
         :content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:dkim-signature;
        bh=IFbJ2rkSVLzmlVSrNL//PjPQE/xAc/ecN+hR50wM5aw=;
        fh=x4JEXdITJ03f7fvdFTw1BV69Q5AynuprZNh65fG5IYU=;
        b=MHynXT434jJdHvIAzYpg625J5kr6188evdTl631/8NG+jQNGtRcwt4mHLsKLUSGbNM
         DuYiTyNy8SSkziCrk7ahiE87DVpv+fYozS3mXvDcceAO6Nm/EUBKs9h2xrYUR4Q4WbKc
         N62shp+lkr0CVsgXcTPgI1/5ED+vsVSTMs4rfAPhFP/N6RAPV8KUqi3gFXpEREqUs6vq
         aBquey5W3+QtArSYUg7QKMulUhNq+ekKcArLuKhQsJzG7BnWXj/JboV1ia4rhLDdZod2
         Tf12ZG5XCBRR4BET6RwrOgMS1+nI3rI3j5havuEv2GaxmqhfbgBa3eg1m5Jxi1mmbbjV
         jaYw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZWambTg6;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4717-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto+bounces-4717-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id a640c23a62f3a-a67eb722a5bsi528423766b.914.2024.06.04.13.12.20
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 04 Jun 2024 13:12:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-4717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZWambTg6;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4717-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id D13561F23B33
	for <linux.lists.archive@gmail.com>; Tue,  4 Jun 2024 20:12:19 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 774D314B941;
	Tue,  4 Jun 2024 20:12:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZWambTg6"
X-Original-To: linux-crypto@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 27AC11E892;
	Tue,  4 Jun 2024 20:12:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717531933; cv=none; b=C99Win9EpzDcG8us3x2M+Mbcio5W4PqLR8JLHaTferf4j2A217HZP3Uaha3LjsLa3LjpTwas3S2LcJwo/+ZyxO77IIQMX4WpAca5pt9YbGdgvoBwlZMCNkIatYSEP+JBCfdjBceFRRhH1DCnMkLGnJoaFPVFdotLHJJVaEGhS1o=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717531933; c=relaxed/simple;
	bh=Xh63A7TD6mb8qSMe+jtLlQgcmtNjDBvQNIrZ/CLVB5Y=;
	h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To:
	 References:In-Reply-To; b=muQB5HH/2w4QOujSHxNe0q1GUCYy1OTNLeio1rihskqXqeaM5IwwWfOy9/szHsrAOfoWh4G3Ev8Uk1DaM4kBr9fITEDLjHawEnTorkzB+BRZEy+LfuOpLBKXd6pA6X+EO9cC1YaCudun1VWTEyFC0m3p7xbLZViwqPyJhLWmNNg=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZWambTg6; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E57DDC2BBFC;
	Tue,  4 Jun 2024 20:12:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1717531932;
	bh=Xh63A7TD6mb8qSMe+jtLlQgcmtNjDBvQNIrZ/CLVB5Y=;
	h=Date:Cc:Subject:From:To:References:In-Reply-To:From;
	b=ZWambTg6yb/UrCbZ7miWvZqg7168mDRTkwDbXwt0fAnwLef8WNiEg+6HUOAsrce3N
	 z2CY+y3egawd+jRXtJ0LprLnxfLHqzEMwo9UEjhBMTGUUJ8y0fy1G+9NmRD4Ugcbqm
	 IUP3HokldOC+3gzkBHwQ+OwMsros/gDaro4uEpLzLkmf4tK8nI7SH+L8Q5H6BRDVVx
	 CODJdx50y1lKgshh8ti0RlMQdBKuXLMvs6DwPcpN51P+J7Quy1DvdBdOXgXks1lDGQ
	 stUXZPPjswSahTuhj0LHX3txOknL7UB/RrSdnDEDt7391TxhXoyirthwtwh6Oxug9h
	 bzJZA+Vpm2TBQ==
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Tue, 04 Jun 2024 23:12:04 +0300
Message-Id: <D1RI95NQL24F.2E53ZWDFAA8QM@kernel.org>
Cc: <dpsmith@apertussolutions.com>, <tglx@linutronix.de>,
 <mingo@redhat.com>, <bp@alien8.de>, <hpa@zytor.com>,
 <dave.hansen@linux.intel.com>, <ardb@kernel.org>, <mjg59@srcf.ucam.org>,
 <James.Bottomley@hansenpartnership.com>, <peterhuewe@gmx.de>,
 <jgg@ziepe.ca>, <luto@amacapital.net>, <nivedita@alum.mit.edu>,
 <herbert@gondor.apana.org.au>, <davem@davemloft.net>, <corbet@lwn.net>,
 <ebiederm@xmission.com>, <dwmw2@infradead.org>, <baolu.lu@linux.intel.com>,
 <kanth.ghatraju@oracle.com>, <andrew.cooper3@citrix.com>,
 <trenchboot-devel@googlegroups.com>
Subject: Re: [PATCH v9 13/19] tpm: Protect against locality counter
 underflow
From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Ross Philipson" <ross.philipson@oracle.com>,
 <linux-kernel@vger.kernel.org>, <x86@kernel.org>,
 <linux-integrity@vger.kernel.org>, <linux-doc@vger.kernel.org>,
 <linux-crypto@vger.kernel.org>, <kexec@lists.infradead.org>,
 <linux-efi@vger.kernel.org>, <iommu@lists.linux-foundation.org>
X-Mailer: aerc 0.17.0
References: <20240531010331.134441-1-ross.philipson@oracle.com>
 <20240531010331.134441-14-ross.philipson@oracle.com>
In-Reply-To: <20240531010331.134441-14-ross.philipson@oracle.com>

On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
> From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
>
> Commit 933bfc5ad213 introduced the use of a locality counter to control w=
hen a
> locality request is allowed to be sent to the TPM. In the commit, the cou=
nter
> is indiscriminately decremented. Thus creating a situation for an integer
> underflow of the counter.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> Reported-by: Kanth Ghatraju <kanth.ghatraju@oracle.com>
> Fixes: 933bfc5ad213 ("tpm, tpm: Implement usage counter for locality")

Not sure if we have practical use for fixes tag here but open for
argument ofc. I.e. I'm not sure what is the practical scenario to
worry about if Trenchboot did not exist.

> ---
>  drivers/char/tpm/tpm_tis_core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_c=
ore.c
> index 176cd8dbf1db..7c1761bd6000 100644
> --- a/drivers/char/tpm/tpm_tis_core.c
> +++ b/drivers/char/tpm/tpm_tis_core.c
> @@ -180,7 +180,8 @@ static int tpm_tis_relinquish_locality(struct tpm_chi=
p *chip, int l)
>  	struct tpm_tis_data *priv =3D dev_get_drvdata(&chip->dev);
> =20
>  	mutex_lock(&priv->locality_count_mutex);
> -	priv->locality_count--;
> +	if (priv->locality_count > 0)
> +		priv->locality_count--;

I'd signal the situation with pr_info() in else branch.

>  	if (priv->locality_count =3D=3D 0)
>  		__tpm_tis_relinquish_locality(priv, l);
>  	mutex_unlock(&priv->locality_count_mutex);

BR, Jarkko