From nobody Sat May 30 17:43:33 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1778509439; cv=none; d=zohomail.com; s=zohoarc; b=eLE5MTmoxcWo43ILEwOAs1kM+q3MdR3mMPrUtrBlcCtxM3jiL9yUbGAgUQHvIwEj4HGgDF4brIGQAop47IWEVLtfSmBrmsMRs4Y1bQXQPfSRcoEHstJqvGVSf95oMvQNgsQTW/GjblWSi1mbHTyKDe9m5sdQv8bHGwyyT/KDagQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778509439; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=X5CPvpw2Y+EAzZUiXF3HEPlQWWyJKyhuC91fQcrjL/U=; b=VXX75NKX15h5jn0dAOPAe4DI0PiS2AVWz92ctDW5Tn6vJ/NHhV/t/ts9DRLRzXBh7GP8NP9GUimUHOAJN8vOV/IHe3niMSCejuOTjHnWbHN9ZTDa/0MxZgR7t67gx+k2EDo0yvsgxZ41+Odz0Ps0qd0AwY63y7B3aHdwqcgTVqc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778509439742166.67005409352703; Mon, 11 May 2026 07:23:59 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRY1-0004RQ-J6; Mon, 11 May 2026 10:23:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRXq-0004Po-Vi for qemu-devel@nongnu.org; Mon, 11 May 2026 10:23:43 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRXp-0003AV-5t for qemu-devel@nongnu.org; Mon, 11 May 2026 10:23:42 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64B8DRgQ3092282; Mon, 11 May 2026 14:22:36 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e1tbhrb9j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 May 2026 14:22:36 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64BE9N1Y019306; Mon, 11 May 2026 14:22:35 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e2grh5j2c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 May 2026 14:22:35 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64BEMYLo30147080 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 11 May 2026 14:22:35 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AB1E45804B; Mon, 11 May 2026 14:22:34 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 25BC258066; Mon, 11 May 2026 14:22:34 +0000 (GMT) Received: from mycroft-2.pok.ibm.com (unknown [9.47.158.226]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 11 May 2026 14:22:34 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=X5CPvpw2Y+EAzZUiX F3HEPlQWWyJKyhuC91fQcrjL/U=; b=Jm+1jVa1ONgwRwW9YkR5qh98XdLJfNdBS YgpowfOqRI/KN4H0FZpriiDmk11q8yLbiEqSC+OXjjloiee6sLQdt2r/vj/KR/qf 2bA9b1OSTZTmvrQvE6heX7YzDlCR4gFuVwZh2OKDDi/TbWvxMDt2Ob9oqZCp4hAo wzjaVxrwyHZpziLx8wc1cargguJ5YgHgbieZHCCaFuOyuxk+CmusG4Ws1ugEf1HB W64bvdBJS/DPQrrKJt4NJapoDR1aRsup7whukj0ZEJWo1KIIsdFDRgb1Uxlq57rk OGJjI6mlMsAYKKTfKFbu8sZDaIBd6+ic4ibrzg68ogcllju8YA5dw== From: Stefan Berger To: qemu-devel@nongnu.org Cc: marcandre.lureau@redhat.com, armenon@redhat.com, philmd@linaro.org, Stefan Berger Subject: [PATCH v4 1/2] tpm_emulator: Reject a buffer size different than what was requested Date: Mon, 11 May 2026 14:22:17 +0000 Message-ID: <20260511142219.797048-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260511142219.797048-1-stefanb@linux.ibm.com> References: <20260511142219.797048-1-stefanb@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=ZdQt8MVA c=1 sm=1 tr=0 ts=6a01e62c cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=lp88FLx_Zl_lkmcsHRgA:9 X-Proofpoint-ORIG-GUID: Yic_Vyjo4fyq2qVc1i1y_26JBdQvnitt X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTExMDE1NiBTYWx0ZWRfX4pIGwnWfX+kP GJQhiVgO6FmyF3gLFMn8CGcIMzYrcbefo9519NfdWvu8o/xlVv365L1goWEbknVO9T7GkOy9Zfh HZlTodA3FmuLGCX7Vno/vyBj440dkiNZ1G2J5xxcYxYatCEmimDWJhdfItVC1THdUKs7p6nMFr+ UTU8rczrOJgw6z7Hme5zIv5hmCc+xdHnCIz50xjlKSfyKXfuJcNBZQZTLHrZ4L16VzSRxRYA9Ql rEDGl42DAv+CpLjB21IyZam7Ad7vS7YqQu0tCGn4abymeZ5kViDoLTkaRHdF5WLoS9mpINPDFKs E5AEzmrwgkvnrb46VkF3tf/02zcOjLfeMFTIBgQ9586c7h1P6hol54l/o++sTsbJNMZA2H1CP3a ffzkfStIn5w+PFVAuo4IyohD+hwQEM/efFCJD5l+ZttWMwtU9ayF5Scvn5GLNI+dHxZD6pRlkk2 GqgiuRlbjhMbODEvLZw== X-Proofpoint-GUID: Yic_Vyjo4fyq2qVc1i1y_26JBdQvnitt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-11_04,2026-05-08_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 clxscore=1015 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2605110156 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=stefanb@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1778509440450158500 Content-Type: text/plain; charset="utf-8" When the TIS, SPAPR, or CRB frontends negotiate a buffer size with the TPM backend, then the tpm_emulator (swtpm) could still adjust this size of the buffer to within bounds supported by swtpm+libtpms if the chosen size was outside the acceptable range. This could theoretically lead to the TPM 2 using a bigger buffer than what was requested and memory allocated for. In practice this would not happend since the requested size of 4096 bytes for TIS and SPAPR and 3968 bytes for CRB happen in the (currently) supported range of ~2.5kb to 4096 bytes. With PQC support the range will have an upper bound of 8kb and a lower bound that will support the (pre-PQC) CRB with 3968 bytes. Fixes: 9375c44fdfc0 ("tpm: tpm_emulator: get and set buffer size of device") Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- backends/tpm/tpm_emulator.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c index 75c33d290e..ac5427b84e 100644 --- a/backends/tpm/tpm_emulator.c +++ b/backends/tpm/tpm_emulator.c @@ -364,6 +364,7 @@ static int tpm_emulator_set_buffer_size(TPMBackend *tb, { TPMEmulator *tpm_emu =3D TPM_EMULATOR(tb); ptm_setbuffersize psbs; + size_t tpm_buffersize; =20 if (tpm_emulator_stop_tpm(tb, errp) < 0) { return -1; @@ -387,8 +388,18 @@ static int tpm_emulator_set_buffer_size(TPMBackend *tb, return -1; } =20 + tpm_buffersize =3D be32_to_cpu(psbs.u.resp.buffersize); + /* Reject different buffer size used by the TPM than what was requeste= d. */ + if (wanted_size !=3D 0 && wanted_size !=3D tpm_buffersize) { + error_setg(errp, + "tpm-emulator: TPM did not accept the requested buffer = size " + "of %zu bytes but adjusted it to %zu bytes", + wanted_size, tpm_buffersize); + return -1; + } + if (actual_size) { - *actual_size =3D be32_to_cpu(psbs.u.resp.buffersize); + *actual_size =3D tpm_buffersize; } =20 trace_tpm_emulator_set_buffer_size( --=20 2.53.0 From nobody Sat May 30 17:43:33 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1778509384; cv=none; d=zohomail.com; s=zohoarc; b=UsnZ2Prwd4E+QrcUIixiLoiyx6biZOOsgO8OZHfGonfwGG+X2rw6xUvK6MZG+nn2Tb5/L7TmzRi3b+qrinQXk+G09+hfWf/EEf4XGfF3wymsyC9IbTwJHg/pbjMSIawnQXGjrTPyi/yQHrrQR/rEuWfc6Zv2A3KndQbXYhd9J3k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778509384; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=HuYx1Eu24m+KXk2UlGjvNZWDdPLVTN5BBsfgIQvnzK8=; b=RBucPWVKF0neEnnbC5op5xfW06vfS6EhnzXbU/6rcogwPF5GA7GXxGx4k+OWg8DABnD21fj3+x3gWWK7C7THQEnczOcDLAdDvY8LeiAh1PHh7DXe+m0VicWUv2IsdUXS9esXbkpvpd48OP3BZUGPgVVQyyPziC3ewR6//EGLvNQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778509384909878.1344423930332; Mon, 11 May 2026 07:23:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRXA-0002HX-Ix; Mon, 11 May 2026 10:23:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRWr-0001hw-Bh for qemu-devel@nongnu.org; Mon, 11 May 2026 10:22:52 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRWo-0002rp-I4 for qemu-devel@nongnu.org; Mon, 11 May 2026 10:22:39 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64BBeIrP151140; Mon, 11 May 2026 14:22:37 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e1ubdr6w8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 May 2026 14:22:36 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64BE9MEb022002; Mon, 11 May 2026 14:22:36 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e2hfg5erj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 May 2026 14:22:36 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64BEMZVK31064608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 11 May 2026 14:22:35 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 692AF5804B; Mon, 11 May 2026 14:22:35 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D011C58055; Mon, 11 May 2026 14:22:34 +0000 (GMT) Received: from mycroft-2.pok.ibm.com (unknown [9.47.158.226]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 11 May 2026 14:22:34 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=HuYx1Eu24m+KXk2Ul GjvNZWDdPLVTN5BBsfgIQvnzK8=; b=TQABCQoHxNcP96T1UP+I+geO/XssvWKsa FQ2R4xPTCgU/I6Hod5/LoEw7TF9f5CaTrlXWoatQH6aeHYO/ywZ7Aa2DK9ICETF/ rkFqjIwNvaALsa49ghovRuFAzWMV0QcjmWJfQIZdP+UpF1CaMzYR+bLakE5soY9C vgT51MgnbGETue+kO5zZ6bpicBJ44r9Z0mpvl74Uo92ZZCSh5+uPT7rAFPSSHFGg knDe8cCCoWH0T1znVHSUupdVuLcNiv2jyFNa9RXQVtl2BY1DSw4JVQZR8MuZEiPd icRegNzLj5ocO8d5XG588PEeO87c+ZhbLsueKXnFjQxqs9hXqkzog== From: Stefan Berger To: qemu-devel@nongnu.org Cc: marcandre.lureau@redhat.com, armenon@redhat.com, philmd@linaro.org, Stefan Berger Subject: [PATCH v4 2/2] tpm_emulator: Disconnect if response exceeds negotiated buffer size Date: Mon, 11 May 2026 14:22:18 +0000 Message-ID: <20260511142219.797048-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260511142219.797048-1-stefanb@linux.ibm.com> References: <20260511142219.797048-1-stefanb@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=BezoFLt2 c=1 sm=1 tr=0 ts=6a01e62c cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=ZkoTrUv0hqWFqrPu6skA:9 X-Proofpoint-GUID: oPbaRD7336gSaSIv0GAPcPA3K0s7Pvhb X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTExMDE1NiBTYWx0ZWRfX7DdPxyz14fAv RgHNHfLXBkwLbQFrf13pImKMlcrfS3o222mSxgJvPC//2BA9vRH9sjuNtd0KF8FvIweZqzFzCzn +d3FCkQeb6B4L/gtkj5f9S9cwWy0ZaHi24YcmlW7Mc9cc5osSFoeY0vdX9iH63Ing4+Z8Z43q3I 7SXcWR/jOdFilmRS2TmtmQwiditrLv34MyZ93ju8RtFgG33jXi/WwHwYrDFpT4gNKwBrJxWBgdv LNaz7zwllcI5PS4Xq1uLQQ7V0TbAumYPZVSLsnbnjD21ODZoo0aw+/unZx3nW+v2iCPLwgIB7cu gw1DYKPJNI+us13n6dd+PuOjCw6XfXwdkpZpEGzNcupspWYbPd64S03B9PLisJEGp7IVXfcp3pF r7RSThrx4Zi8QkGVbDjLGdRTctWsWUmZ2Qog2hXFmWwgjNxHCOZPCjMNSEE2j/tyrlD9OTUU3Wy nSleGdgEfFqXMz4XafQ== X-Proofpoint-ORIG-GUID: oPbaRD7336gSaSIv0GAPcPA3K0s7Pvhb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-11_04,2026-05-08_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 bulkscore=0 phishscore=0 malwarescore=0 adultscore=0 lowpriorityscore=0 suspectscore=0 impostorscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2605110156 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=stefanb@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1778509385971158500 Content-Type: text/plain; charset="utf-8" Disconnect from the emulator if a response was to exceed the negotiated buffer size. The TPM TIS and SPAPR use 4096 bytes and the CRB 3968 bytes. There are currently no TPM 2 responses using this size of a buffer and therefore no response will be sent that is exceeding this size. Fixes: f4ede81eed29 ("tpm: Added support for TPM emulator") Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- backends/tpm/tpm_emulator.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c index ac5427b84e..95d2de2f48 100644 --- a/backends/tpm/tpm_emulator.c +++ b/backends/tpm/tpm_emulator.c @@ -176,8 +176,10 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_= emu, bool *selftest_done, Error **errp) { - ssize_t ret; bool is_selftest =3D false; + Error *local_err =3D NULL; + uint32_t to_read; + ssize_t ret; =20 if (selftest_done) { *selftest_done =3D false; @@ -195,9 +197,25 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_= emu, return -1; } =20 + /* + * Size of response from emulator must be <=3D out_len (=3D negotiated= buffer + * size) + */ + to_read =3D tpm_cmd_get_size(out); + if (to_read > out_len) { + if (qio_channel_shutdown(tpm_emu->data_ioc, QIO_CHANNEL_SHUTDOWN_B= OTH, + &local_err) < 0) { + error_report_err(local_err); + } + error_setg(errp, "tpm-emulator: Disconnected after receiving " + "unacceptable large response (%u > %u)", + to_read, out_len); + return -1; + } + ret =3D qio_channel_read_all(tpm_emu->data_ioc, (char *)out + sizeof(struct tpm_resp_hdr), - tpm_cmd_get_size(out) - sizeof(struct tpm_resp_hdr), errp); + to_read - sizeof(struct tpm_resp_hdr), errp); if (ret !=3D 0) { return -1; } --=20 2.53.0