[PATCH v4] tpm: Managed allocations for tpm_buf instances
Jarkko Sakkinen
jarkko at kernel.org
Wed Jul 2 22:39:34 UTC 2025
On Tue, Jul 01, 2025 at 10:51:55PM -0400, James Bottomley wrote:
> On Tue, 2025-07-01 at 17:51 +0300, Jarkko Sakkinen wrote:
> > Repeal and replace tpm_buf_init() and tpm_buf_init_sized() with
> > tpm_buf_alloc(), which returns a buffer of memory with the struct
> > tpm_buf header at the beginning of the returned buffer. This leaves
> > 4090 bytes of free space for the payload.
>
> Shouldn't this be accounted for in tpm_buf_append()? right now it will
> let us run off the end of the allocation by six bytes before it signals
> overflow because it's checking final length against PAGE_SIZE not
> PAGE_SIZE - sizeof(struct tpm_buf). I realise this should be an
> impossible condition in production, but it's useful for debugging so we
> should be accurate about it to avoid hard to detect bugs.
Fully agree. Thanks for pointing this out!
>
> Regards,
>
> James
>
BR, Jarkko
More information about the Linux-security-module-archive
mailing list