[coreboot-gerrit] Patch set updated for coreboot: 7737244 TPM: Reduce buffer size to fix stack overflow

Stefan Reinauer (stefan.reinauer@coreboot.org) gerrit at coreboot.org
Fri Apr 10 08:29:22 CEST 2015 

Stefan Reinauer (stefan.reinauer at coreboot.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/9481

-gerrit

commit 773724444eb4a036a368310b939ce27502b254e4
Author: Julius Werner <jwerner at chromium.org>
Date:   Fri Dec 19 14:38:51 2014 -0800

    TPM: Reduce buffer size to fix stack overflow
    
    The TPM driver by default allocates a 4K transfer buffer on the stack,
    which leads to lots of fun on boards with 2K or 3K stack sizes. On
    RK3288 this ends up writing over random memory sections which dependent
    on the memlayout of the day might contain timestamp data (no big deal)
    or page tables (-> bad time).
    
    This patch fixes the problem by reducing the buffer size to slightly
    above 1K, which still seems to work as far as I can tell. There was
    already some really odd code that #undef'ed this value and redefined it
    with the lower number in one .c file (unfortunately not the one with the
    buffer declaration), with no explanation whatsoever... I'm removing that
    and just assume the smaller value will be fine for everything.
    
    BRANCH=veyron
    BUG=None
    TEST=Booted Pinky and Falco.
    
    Change-Id: I440a5662b41cbd8b7becab3113262e1140b7f763
    Signed-off-by: Stefan Reinauer <reinauer at chromium.org>
    Original-Commit-Id: 3d3288041b6629b7623b9d58816e782e72836b81
    Original-Change-Id: Idf80f44cbfb9617c56b64a5c88ebedf7fcb4ec71
    Original-Signed-off-by: Julius Werner <jwerner at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/236976
    Original-Reviewed-by: David Hendricks <dhendrix at chromium.org>
---
 src/drivers/i2c/tpm/tpm.c | 6 ------
 src/drivers/i2c/tpm/tpm.h | 4 ++--
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c
index bc36e35..3af82db 100644
--- a/src/drivers/i2c/tpm/tpm.c
+++ b/src/drivers/i2c/tpm/tpm.c
@@ -45,12 +45,6 @@
 #include <device/i2c.h>
 #include "tpm.h"
 
-/* max. buffer size supported by our TPM */
-#ifdef TPM_BUFSIZE
-#undef TPM_BUFSIZE
-#endif
-#define TPM_BUFSIZE 1260
-
 /* Address of the TPM on the I2C bus */
 #define TPM_I2C_ADDR 0x20
 
diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h
index 6d195a1..de88a66 100644
--- a/src/drivers/i2c/tpm/tpm.h
+++ b/src/drivers/i2c/tpm/tpm.h
@@ -42,8 +42,8 @@ enum tpm_timeout {
 	TPM_TIMEOUT = 1,	/* msecs */
 };
 
-/* Size of external transmit buffer (used in tpm_transmit)*/
-#define TPM_BUFSIZE 4096
+/* Size of external transmit buffer (used for stack buffer in tpm_sendrecv) */
+#define TPM_BUFSIZE 1260
 
 /* Index of fields in TPM command buffer */
 #define TPM_CMD_SIZE_BYTE 2

More information about the coreboot-gerrit mailing list