[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 4/6] tpm: apci: cleanup TCPA table initialization

From: Igor Mammedov
Subject: [Qemu-devel] [PATCH 4/6] tpm: apci: cleanup TCPA table initialization
Date: Mon, 7 Mar 2016 16:19:06 +0100

At the time build_tpm_tcpa() is called the tcpalog size is
always 0, so log_area_start_address which is actually offset
from the start of ACPI_BUILD_TPMLOG_FILE is always 0.
More over if tcpalog would be not 0 sized at build_tpm_tcpa()
calling time it would make tcpa->log_area_start_address
point to ACPI_BUILD_TPMLOG_FILE+log_area_start_address causing
guest to write beyound ACPI_BUILD_TPMLOG_FILE which
would resulted to memory corruption.

As 'TCPA' is allocated 0 filled, there is not point
to calculate constant 0 log_area_start_address and set
tcpa->log_area_start_address to it since the field should
always point to start of ACPI_BUILD_TPMLOG_FILE.
Make code easier to read dropping misleading at best offset
calculations and making it impossible to silently backfire
if tcpalog size becomes non 0 at the time build_tpm_tcpa()
is called in future.

While at that move tcpalog allocation closer to the code
that defines its size.

Signed-off-by: Igor Mammedov <address@hidden>
 hw/i386/acpi-build.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index e13f96d..3540815 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2310,11 +2310,10 @@ static void
 build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, GArray *tcpalog)
     Acpi20Tcpa *tcpa = acpi_data_push(table_data, sizeof *tcpa);
-    uint64_t log_area_start_address = acpi_data_len(tcpalog);
     tcpa->platform_class = cpu_to_le16(TPM_TCPA_ACPI_CLASS_CLIENT);
     tcpa->log_area_minimum_length = cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
-    tcpa->log_area_start_address = cpu_to_le64(log_area_start_address);
+    acpi_data_push(tcpalog, tcpa->log_area_minimum_length);
     bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
                              false /* high memory */);
@@ -2327,8 +2326,6 @@ build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, 
GArray *tcpalog)
     build_header(linker, table_data,
                  (void *)tcpa, "TCPA", sizeof(*tcpa), 2, NULL, NULL);
-    acpi_data_push(tcpalog, TPM_LOG_AREA_MINIMUM_SIZE);
 static void

reply via email to

[Prev in Thread] Current Thread [Next in Thread]