[PATCH v4] tpm: Managed allocations for tpm_buf instances
James Bottomley
James.Bottomley at HansenPartnership.com
Wed Jul 2 02:51:55 UTC 2025
On Tue, 2025-07-01 at 17:51 +0300, Jarkko Sakkinen wrote:
> Repeal and replace tpm_buf_init() and tpm_buf_init_sized() with
> tpm_buf_alloc(), which returns a buffer of memory with the struct
> tpm_buf header at the beginning of the returned buffer. This leaves
> 4090 bytes of free space for the payload.
Shouldn't this be accounted for in tpm_buf_append()? right now it will
let us run off the end of the allocation by six bytes before it signals
overflow because it's checking final length against PAGE_SIZE not
PAGE_SIZE - sizeof(struct tpm_buf). I realise this should be an
impossible condition in production, but it's useful for debugging so we
should be accurate about it to avoid hard to detect bugs.
Regards,
James
More information about the Linux-security-module-archive
mailing list