Stefan Reinauer (stefan.reinauer@coreboot.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/9481
-gerrit
commit 46e9c15d760da0aeb26857b5da26fa7967b7aac6 Author: Julius Werner jwerner@chromium.org Date: Fri Dec 19 14:38:51 2014 -0800
TPM: Reduce buffer size to fix stack overflow
The TPM driver by default allocates a 4K transfer buffer on the stack, which leads to lots of fun on boards with 2K or 3K stack sizes. On RK3288 this ends up writing over random memory sections which dependent on the memlayout of the day might contain timestamp data (no big deal) or page tables (-> bad time).
This patch fixes the problem by reducing the buffer size to slightly above 1K, which still seems to work as far as I can tell. There was already some really odd code that #undef'ed this value and redefined it with the lower number in one .c file (unfortunately not the one with the buffer declaration), with no explanation whatsoever... I'm removing that and just assume the smaller value will be fine for everything.
BRANCH=veyron BUG=None TEST=Booted Pinky and Falco.
Change-Id: I440a5662b41cbd8b7becab3113262e1140b7f763 Signed-off-by: Stefan Reinauer reinauer@chromium.org Original-Commit-Id: 3d3288041b6629b7623b9d58816e782e72836b81 Original-Change-Id: Idf80f44cbfb9617c56b64a5c88ebedf7fcb4ec71 Original-Signed-off-by: Julius Werner jwerner@chromium.org Original-Reviewed-on: https://chromium-review.googlesource.com/236976 Original-Reviewed-by: David Hendricks dhendrix@chromium.org --- src/drivers/i2c/tpm/tpm.c | 6 ------ src/drivers/i2c/tpm/tpm.h | 4 ++-- 2 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c index bc36e35..3af82db 100644 --- a/src/drivers/i2c/tpm/tpm.c +++ b/src/drivers/i2c/tpm/tpm.c @@ -45,12 +45,6 @@ #include <device/i2c.h> #include "tpm.h"
-/* max. buffer size supported by our TPM */ -#ifdef TPM_BUFSIZE -#undef TPM_BUFSIZE -#endif -#define TPM_BUFSIZE 1260 - /* Address of the TPM on the I2C bus */ #define TPM_I2C_ADDR 0x20
diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h index 6d195a1..de88a66 100644 --- a/src/drivers/i2c/tpm/tpm.h +++ b/src/drivers/i2c/tpm/tpm.h @@ -42,8 +42,8 @@ enum tpm_timeout { TPM_TIMEOUT = 1, /* msecs */ };
-/* Size of external transmit buffer (used in tpm_transmit)*/ -#define TPM_BUFSIZE 4096 +/* Size of external transmit buffer (used for stack buffer in tpm_sendrecv) */ +#define TPM_BUFSIZE 1260
/* Index of fields in TPM command buffer */ #define TPM_CMD_SIZE_BYTE 2