Re: [Qemu-devel] [PATCH v1] tpm: check localities index

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v1] tpm: check localities index

From:	Marc-André Lureau
Subject:	Re: [Qemu-devel] [PATCH v1] tpm: check localities index
Date:	Tue, 20 Nov 2018 12:02:15 +0400

Hi

On Tue, Nov 20, 2018 at 11:24 AM P J P <address@hidden> wrote:
>
> From: Prasad J Pandit <address@hidden>
>
> While performing mmio device r/w operations, guest could set 'addr'
> parameter such that 'locty' index exceeds TPM_TIS_NUM_LOCALITIES=5
> after setting new 'locty' via 'tpm_tis_new_active_locality'.
> Add check to avoid OOB access.
>
> Reported-by: Cheng Feng <address@hidden>
> Signed-off-by: Prasad J Pandit <address@hidden>
> ---
>  hw/tpm/tpm_tis.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> Update: add assert() calls
>   -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00912.html
>
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index 12f5c9a759..d6bf3ceb26 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -293,6 +293,7 @@ static void tpm_tis_request_completed(TPMIf *ti, int ret)
>      uint8_t locty = s->cmd.locty;
>      uint8_t l;
>
> +    assert(TPM_TIS_IS_VALID_LOCTY(locty));
>      if (s->cmd.selftest_done) {
>          for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
>              s->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
> @@ -401,6 +402,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr 
> addr,
>      uint32_t avail;
>      uint8_t v;
>
> +    assert(TPM_TIS_IS_VALID_LOCTY(locty));

This is probably not really helping,
Right after tpm_tis_locality_from_addr() you can expect IS_VALID_LOCTY


>      if (tpm_backend_had_startup_error(s->be_driver)) {
>          return 0;
>      }
> @@ -523,6 +525,7 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>      uint16_t len;
>      uint32_t mask = (size == 1) ? 0xff : ((size == 2) ? 0xffff : ~0);
>
> +    assert(TPM_TIS_IS_VALID_LOCTY(locty));
>      trace_tpm_tis_mmio_write(size, addr, val);
>
>      if (locty == 4) {
> @@ -642,7 +645,7 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>              }
>          }
>
> -        if (set_new_locty) {
> +        if (set_new_locty && TPM_TIS_IS_VALID_LOCTY(active_locty)) {
>              tpm_tis_new_active_locality(s, active_locty);
>          }
>

tpm_tis_new_active_locality() has explicit code handling for !IS_VALID_LOCTY.

> --
> 2.17.2
>


-- 
Marc-André Lureau

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v1] tpm: check localities index, P J P, 2018/11/20
- Re: [Qemu-devel] [PATCH v1] tpm: check localities index, Marc-André Lureau <=
  - Re: [Qemu-devel] [PATCH v1] tpm: check localities index, Marc-André Lureau, 2018/11/20
- Re: [Qemu-devel] [PATCH v1] tpm: check localities index, Stefan Berger, 2018/11/20
  - Re: [Qemu-devel] [PATCH v1] tpm: check localities index, P J P, 2018/11/20
    - Re: [Qemu-devel] [PATCH v1] tpm: check localities index, P J P, 2018/11/21
    - Re: [Qemu-devel] [PATCH v1] tpm: check localities index, Stefan Berger, 2018/11/21
    - Re: [Qemu-devel] [PATCH v1] tpm: check localities index, P J P, 2018/11/22
- Re: [Qemu-devel] [PATCH v1] tpm: check localities index, Stefan Berger, 2018/11/21
- Re: [Qemu-devel] [PATCH v1] tpm: check localities index, no-reply, 2018/11/21
  - Re: [Qemu-devel] [PATCH v1] tpm: check localities index, Stefan Berger, 2018/11/21

Prev by Date: [Qemu-devel] [PATCH V5_resend 7/7] hostmem-file: add 'sync' option
Next by Date: Re: [Qemu-devel] [PATCH v4] hw/arm: Add arm SBSA reference machine
Previous by thread: [Qemu-devel] [PATCH v1] tpm: check localities index
Next by thread: Re: [Qemu-devel] [PATCH v1] tpm: check localities index
Index(es):
- Date
- Thread