On Fri, Nov 28, 2025 at 10:21:57AM +0100, Roberto Sassu wrote: > On Thu, 2025-11-27 at 20:52 +0200, Jarkko Sakkinen wrote: > > On Thu, Nov 27, 2025 at 06:17:42PM +0100, Roberto Sassu wrote: > > > On Thu, 2025-11-27 at 19:14 +0200, Jarkko Sakkinen wrote: > > > > On Thu, Nov 27, 2025 at 05:09:38PM +0100, Roberto Sassu wrote: > > > > > On Thu, 2025-11-27 at 15:54 +0200, Jarkko Sakkinen wrote: > > > > > > From: Jarkko Sakkinen <[email protected]> > > > > > > > > > > > > tpm2_get_pcr_allocation() does not cap any upper limit for the > > > > > > number of > > > > > > banks. Cap the limit to eight banks so that out of bounds values > > > > > > coming > > > > > > from external I/O cause on only limited harm. > > > > > > > > > > > > Cc: Roberto Sassu <[email protected]> > > > > > > > > > > Sorry, I realized that you are expecting me to review. > > > > > > > > > > I have a couple of questions: > > > > > - Could you explain better how out of bounds would occur, since one > > > > > could check the number of PCR banks? > > > > > - Is dynamic allocation that bad? And if yes, why? > > > > > - Couldn't you just check that the number of available PCR banks isĀ > > > > > below the threshold you like and keep dynamic allocation? > > > > > - Is removing tpm1_get_pcr_allocation() improving code readability? > > > > > > > > nr_possible_banks is read from external source i.e., neither kernel nor > > > > CPU fully control its value. This causes *uncontrolled* dynamic > > > > allocation. Thus, it must be capped to some value. > > > > > > Sure, I'm fine with capping. Isn't that enough? > > > > It makes sense to make the whole memory allocation then infallible, > > especially since it does not have much effect on diff. And it has > > not significant effect on memory usage either. > > Ok. In that case (even if it does not get in): > > Reviewed-by: Roberto Sassu <[email protected]>
Thank you :-) It's not a serious but categorilly it is still a bug, and these types guards of them help to detect more serious bugs that cause weird values to passed on to otherwise legit code (and that makes it also utilitarily useful). BR, Jarkko
