{"id":2231326,"url":"http://patchwork.ozlabs.org/api/patches/2231326/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260430155150.2139517-3-stefanb@linux.ibm.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430155150.2139517-3-stefanb@linux.ibm.com>","list_archive_url":null,"date":"2026-04-30T15:51:50","name":"[v3,2/2] tpm_emulator: Limit number of bytes read to negotiated buffer size","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"dd2f998de072258242d42db04ad438bd25105856","submitter":{"id":75097,"url":"http://patchwork.ozlabs.org/api/people/75097/?format=json","name":"Stefan Berger","email":"stefanb@linux.ibm.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260430155150.2139517-3-stefanb@linux.ibm.com/mbox/","series":[{"id":502333,"url":"http://patchwork.ozlabs.org/api/series/502333/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=502333","date":"2026-04-30T15:51:50","name":"Improve handling of response buffer size in tpm_emulator","version":3,"mbox":"http://patchwork.ozlabs.org/series/502333/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231326/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231326/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=PvXZBs3Q;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5zFt0ZgGz1xqf\n\tfor ; Fri, 01 May 2026 01:52:34 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wITgZ-0001we-61; Thu, 30 Apr 2026 11:52:20 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wITgJ-0001sG-Ew\n for qemu-devel@nongnu.org; Thu, 30 Apr 2026 11:52:05 -0400","from mx0a-001b2d01.pphosted.com ([148.163.156.1])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wITgH-0004jB-SU\n for qemu-devel@nongnu.org; Thu, 30 Apr 2026 11:52:03 -0400","from pps.filterd (m0353729.ppops.net [127.0.0.1])\n by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 63UEd5UO2932084; Thu, 30 Apr 2026 15:51:58 GMT","from ppma22.wdc07v.mail.ibm.com\n (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92])\n by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4drn9rgksv-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Thu, 30 Apr 2026 15:51:57 +0000 (GMT)","from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1])\n by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id\n 63UFNw2E030859;\n Thu, 30 Apr 2026 15:51:56 GMT","from smtprelay01.wdc07v.mail.ibm.com ([172.16.1.68])\n by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ds8aw3r6e-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Thu, 30 Apr 2026 15:51:56 +0000 (GMT)","from smtpav03.wdc07v.mail.ibm.com (smtpav03.wdc07v.mail.ibm.com\n [10.39.53.230])\n by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n 63UFpu4D4457228\n (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);\n Thu, 30 Apr 2026 15:51:56 GMT","from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id 4A7E05805A;\n Thu, 30 Apr 2026 15:51:56 +0000 (GMT)","from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id AE0FF58054;\n Thu, 30 Apr 2026 15:51:55 +0000 (GMT)","from mycroft-2.pok.ibm.com (unknown [9.47.158.222])\n by smtpav03.wdc07v.mail.ibm.com (Postfix) with ESMTP;\n Thu, 30 Apr 2026 15:51:55 +0000 (GMT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc\n :content-transfer-encoding:date:from:in-reply-to:message-id\n :mime-version:references:subject:to; s=pp1; bh=4X/nQS0TSCCirG4ZP\n McTDv7LT8fe4TTA12WwKMp3BOQ=; b=PvXZBs3QxczVDoPJMR7y5dhAMDOculoCJ\n uUwVy2pd/amZL4WyGEebt37a49J7Avc3pvyCLYrgiNilW67dM+uVCy8dFkOCHiTL\n +nfzRokAawZL+yX0tCv9In9y5Z6FF87iwyiikrS9ToQWuybuF7CRegApYXV7sPT/\n WrDgBKvNU3+BgCDew8DBBYWX23Kkfqg5iSr5QcFiNiwskFTwuqGk5kXowPKsO28l\n tomWKYEaJ1Ugqp1FrO2oEIrFPO/5jo+kejREGaWLhGmtpaxgxAMnoimR8IsxBsRT\n oc7N05THIqiVwGF0T8254wElBzLjkIHSPT1A6b3AAYIoMnPz8/EiQ==","From":"Stefan Berger ","To":"qemu-devel@nongnu.org","Cc":"marcandre.lureau@redhat.com, armenon@redhat.com, philmd@linaro.org,\n Stefan Berger ","Subject":"[PATCH v3 2/2] tpm_emulator: Limit number of bytes read to negotiated\n buffer size","Date":"Thu, 30 Apr 2026 15:51:50 +0000","Message-ID":"<20260430155150.2139517-3-stefanb@linux.ibm.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260430155150.2139517-1-stefanb@linux.ibm.com>","References":"<20260430155150.2139517-1-stefanb@linux.ibm.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-TM-AS-GCONF":"00","X-Proofpoint-GUID":"_mmg4HUeEy0rDppEzshFqFMtXUBdktPR","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDMwMDE2MyBTYWx0ZWRfXxQxVwnX5+gFq\n Hx6xdbOUJTIai/RB2e+SrYG0161MHAHxTH+oGeRB/Thck35UjOHdLgBms3W2vnJNYhkSpHUrbDs\n QgT1Wg+FP+T9FxD3D6prbXJbKYfn9QNc5MHF+lqv3GJIIbuAgx9veucQcKArJHlRWGZOsGpLk0Q\n I1Y0LUv4cPPH8S/BufDG+aeN5EaxqnG7kuwALslC4W/V0ida+obi1LfB5q6NiojpfkdP/2bTw8M\n cAhPhNvuElAeBxcYCe6Gygc61egF/y38g3n/eSAtHisYZbUeF9c6M2upeGmzDQ43+epGUSrtcrP\n 39AwAKbReiScqqkEEayFLZPGYhFFD8iPodMz5U3a8hqOl/VSJDgdhVqAsCdvjwzuWQXr7obH0Qu\n X1CgYEeX1tKQ00GlCu1javM2jUQPLIFT/o+CJekPlmtjhHBa2XN3lpW0GzirreGF2SEYlrz3xm0\n iWWZ1Ln5WVYmLg+FOFQ==","X-Authority-Analysis":"v=2.4 cv=Kc7idwYD c=1 sm=1 tr=0 ts=69f37a9d cx=c_pps\n a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17\n a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22\n a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=R_BpO4H6iBiOJCEtfBAA:9","X-Proofpoint-ORIG-GUID":"_mmg4HUeEy0rDppEzshFqFMtXUBdktPR","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-30_04,2026-04-30_02,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=outbound_notspam policy=outbound score=0\n clxscore=1015 phishscore=0 bulkscore=0 adultscore=0 spamscore=0\n malwarescore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0\n suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc=\n route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000\n definitions=main-2604300163","Received-SPF":"pass client-ip=148.163.156.1;\n envelope-from=stefanb@linux.ibm.com;\n helo=mx0a-001b2d01.pphosted.com","X-Spam_score_int":"-26","X-Spam_score":"-2.7","X-Spam_bar":"--","X-Spam_report":"(-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,\n RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"Limit the number of bytes read from the TPM response to the size of the\nreceiving buffer, which is the same as the size of the buffer negotiated\nwith swtpm.\n\nThe TPM TIS and SPAPR use 4096 bytes and the CRB 3968 bytes. There are\ncurrently no TPM 2 responses using this size of a buffer and therefore\nno response will be sent that is exceeding this size.\n\nSigned-off-by: Stefan Berger \n---\n backends/tpm/tpm_emulator.c | 11 ++++++++---\n 1 file changed, 8 insertions(+), 3 deletions(-)","diff":"diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c\nindex 653989ac0e..050a1f4225 100644\n--- a/backends/tpm/tpm_emulator.c\n+++ b/backends/tpm/tpm_emulator.c\n@@ -176,8 +176,9 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,\n bool *selftest_done,\n Error **errp)\n {\n- ssize_t ret;\n bool is_selftest = false;\n+ size_t to_read;\n+ ssize_t ret;\n \n if (selftest_done) {\n *selftest_done = false;\n@@ -195,9 +196,13 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,\n return -1;\n }\n \n+ /*\n+ * Size of response from swtpm must be <= out_len (= negotiated buffer size)\n+ */\n+ to_read = MIN(tpm_cmd_get_size(out), out_len) - sizeof(struct tpm_resp_hdr);\n+\n ret = qio_channel_read_all(tpm_emu->data_ioc,\n- (char *)out + sizeof(struct tpm_resp_hdr),\n- tpm_cmd_get_size(out) - sizeof(struct tpm_resp_hdr), errp);\n+ (char *)out + sizeof(struct tpm_resp_hdr), to_read, errp);\n if (ret != 0) {\n return -1;\n }\n","prefixes":["v3","2/2"]}