{"id":2231297,"url":"http://patchwork.ozlabs.org/api/patches/2231297/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260430142337.2104726-3-stefanb@linux.ibm.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430142337.2104726-3-stefanb@linux.ibm.com>","list_archive_url":null,"date":"2026-04-30T14:23:37","name":"[v2,2/2] tpm_emulator: Limit number of bytes read to negotiated buffer size","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"186cb2b3ae58b24f6596d71a9969942fa0174c76","submitter":{"id":75097,"url":"http://patchwork.ozlabs.org/api/people/75097/?format=json","name":"Stefan Berger","email":"stefanb@linux.ibm.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260430142337.2104726-3-stefanb@linux.ibm.com/mbox/","series":[{"id":502315,"url":"http://patchwork.ozlabs.org/api/series/502315/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=502315","date":"2026-04-30T14:23:37","name":"Improve handling of response buffer size in tpm_emulator","version":2,"mbox":"http://patchwork.ozlabs.org/series/502315/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231297/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231297/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=F/dAYpBU;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5xHl6WSwz1xqf\n\tfor ; Fri, 01 May 2026 00:24:03 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wISJ3-0000m4-9D; Thu, 30 Apr 2026 10:23:58 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wISIu-0000Uh-5b\n for qemu-devel@nongnu.org; Thu, 30 Apr 2026 10:23:48 -0400","from mx0a-001b2d01.pphosted.com ([148.163.156.1])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wISIs-0007F0-Gu\n for qemu-devel@nongnu.org; Thu, 30 Apr 2026 10:23:47 -0400","from pps.filterd (m0353729.ppops.net [127.0.0.1])\n by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 63UDgA9D2886656; Thu, 30 Apr 2026 14:23:44 GMT","from ppma22.wdc07v.mail.ibm.com\n (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92])\n by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4drn9rg6cx-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Thu, 30 Apr 2026 14:23:44 +0000 (GMT)","from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1])\n by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id\n 63UE8u6d013406;\n Thu, 30 Apr 2026 14:23:43 GMT","from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71])\n by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ds8aw3dpx-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Thu, 30 Apr 2026 14:23:43 +0000 (GMT)","from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com\n [10.241.53.103])\n by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n 63UENg7T64618990\n (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);\n Thu, 30 Apr 2026 14:23:43 GMT","from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id 9551D58056;\n Thu, 30 Apr 2026 14:23:42 +0000 (GMT)","from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id 504C05805E;\n Thu, 30 Apr 2026 14:23:42 +0000 (GMT)","from mycroft-2.pok.ibm.com (unknown [9.47.158.222])\n by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP;\n Thu, 30 Apr 2026 14:23:42 +0000 (GMT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc\n :content-transfer-encoding:date:from:in-reply-to:message-id\n :mime-version:references:subject:to; s=pp1; bh=NlF9Xl3XWS2Q+YNdj\n ZpzULvMACGRnxL54n6fkPjveCE=; b=F/dAYpBUes8KTAyhTDTKsqBvhzewySBKj\n aau+44c1xUrPYRSEuqX8KiZNx/D2oiFz63mbR1sGZDK2kgFrkReDti3NMrD28bLW\n uhBqRydVGJAhTZMZwWq5toOgjPQNwiB1YTNo4AyqBQwlOp4UaIvafZwrLW5IM+sZ\n RBKmsalrqOSbFs07mXZ/HcB8/ZBSjWBuPP0yQ2WFgn7A/gjIfTCQ91djT522cUn0\n 858scOiJhE0U5HvBPMU+mZ5XZaLT9FnKmV+M1yE5hMjkI8bGo56/ijTJqP+Uqs+9\n 6mml2vwK9ghK8859El5xCAMCH2pbeTuUpagGfdtXhfi+eMTWFtiDQ==","From":"Stefan Berger ","To":"qemu-devel@nongnu.org","Cc":"marcandre.lureau@redhat.com, armenon@redhat.com,\n Stefan Berger ","Subject":"[PATCH v2 2/2] tpm_emulator: Limit number of bytes read to negotiated\n buffer size","Date":"Thu, 30 Apr 2026 14:23:37 +0000","Message-ID":"<20260430142337.2104726-3-stefanb@linux.ibm.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260430142337.2104726-1-stefanb@linux.ibm.com>","References":"<20260430142337.2104726-1-stefanb@linux.ibm.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-TM-AS-GCONF":"00","X-Proofpoint-GUID":"GiebQoxjPv2-VKsYJk_jtFthG5S3v4FF","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDMwMDE0NyBTYWx0ZWRfX+ruDYzdRF0Ig\n just12hHRm02BwAG8cKGB+HF8Ompl1Hpt+1Lxk2hW+ORRuk17U5XZJXi0Qz0Y1gmKerIC4rc19I\n Zcixq0f2YjKyNve/BFGcDENysQkMBTjBptUp6jNZ+75wEFpFS8eO2hNlclSsaKhdExIqnSn25LL\n 5+QgiWe2KL/Zxx31rq9YEu2lnTxo6rcT1b3vKr7j6GNg5QdFCPvbo0JWHrKl99hnKCYwzUBPtSI\n +BwodOJz+zbX2YMj3lldr2E5UmcAY1rHn8iZpE0Mmr5pckwt8hOWISRnpWsShyB0Tb/PqbLCJNV\n K+fYpDvqtAoGInIXYYa55RjO2HHf4EIEsYPjbXqJaVCwPxTHsuxYOdih/E+jEF9JyOUFwrCwvZe\n VSsTtvJb4UMeXbsCgHfXArOCZftsCNK2BZRv8NSn5Eg+h9Q/aapy9tLfiPxQX4LnBmvXm7mR4aM\n YzK2f0DshEjB8BGSq3g==","X-Authority-Analysis":"v=2.4 cv=Kc7idwYD c=1 sm=1 tr=0 ts=69f365f0 cx=c_pps\n a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17\n a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22\n a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=R_BpO4H6iBiOJCEtfBAA:9","X-Proofpoint-ORIG-GUID":"GiebQoxjPv2-VKsYJk_jtFthG5S3v4FF","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-30_04,2026-04-30_02,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=outbound_notspam policy=outbound score=0\n clxscore=1015 phishscore=0 bulkscore=0 adultscore=0 spamscore=0\n malwarescore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0\n suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc=\n route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000\n definitions=main-2604300147","Received-SPF":"pass client-ip=148.163.156.1;\n envelope-from=stefanb@linux.ibm.com;\n helo=mx0a-001b2d01.pphosted.com","X-Spam_score_int":"-26","X-Spam_score":"-2.7","X-Spam_bar":"--","X-Spam_report":"(-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,\n RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"Limit the number of bytes read from the TPM response to the size of the\nreceiving buffer, which is the same as the size of the buffer negotiated\nwith swtpm.\n\nThe TPM TIS and SPAPR use 4096 bytes and the CRB 3968 bytes. There are\ncurrently no TPM 2 responses using this size of a buffer and therefore\nno response will be sent that is exceeding this size.\n\nSigned-off-by: Stefan Berger \n---\n backends/tpm/tpm_emulator.c | 11 ++++++++---\n 1 file changed, 8 insertions(+), 3 deletions(-)","diff":"diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c\nindex 10ab909474..b8ae113774 100644\n--- a/backends/tpm/tpm_emulator.c\n+++ b/backends/tpm/tpm_emulator.c\n@@ -176,8 +176,9 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,\n bool *selftest_done,\n Error **errp)\n {\n- ssize_t ret;\n bool is_selftest = false;\n+ size_t to_read;\n+ ssize_t ret;\n \n if (selftest_done) {\n *selftest_done = false;\n@@ -195,9 +196,13 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,\n return -1;\n }\n \n+ /*\n+ * Size of response from swtpm must be <= out_len (= negotiated buffer size)\n+ */\n+ to_read = MIN(tpm_cmd_get_size(out) - sizeof(struct tpm_resp_hdr), out_len);\n+\n ret = qio_channel_read_all(tpm_emu->data_ioc,\n- (char *)out + sizeof(struct tpm_resp_hdr),\n- tpm_cmd_get_size(out) - sizeof(struct tpm_resp_hdr), errp);\n+ (char *)out + sizeof(struct tpm_resp_hdr), to_read, errp);\n if (ret != 0) {\n return -1;\n }\n","prefixes":["v2","2/2"]}