From: kernel test robot <lkp@intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org
Cc: kbuild-all@lists.01.org, Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH v14 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
Date: Mon, 30 Nov 2020 10:10:41 +0800 [thread overview]
Message-ID: <202011301002.yYRCOdq5-lkp@intel.com> (raw)
In-Reply-To: <20201129222004.4428-5-James.Bottomley@HansenPartnership.com>
[-- Attachment #1: Type: text/plain, Size: 4753 bytes --]
Hi James,
I love your patch! Perhaps something to improve:
[auto build test WARNING on integrity/next-integrity]
[also build test WARNING on linus/master v5.10-rc5 next-20201127]
[cannot apply to security/next-testing dhowells-fs/fscache-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20201130-063029
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: x86_64-randconfig-m001-20201130 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
smatch warnings:
security/keys/trusted-keys/trusted_tpm2.c:331 tpm2_seal_trusted() warn: unsigned 'payload->blob_len' is never less than zero.
vim +331 security/keys/trusted-keys/trusted_tpm2.c
217
218 /**
219 * tpm2_seal_trusted() - seal the payload of a trusted key
220 *
221 * @chip: TPM chip to use
222 * @payload: the key data in clear and encrypted form
223 * @options: authentication values and other options
224 *
225 * Return: < 0 on error and 0 on success.
226 */
227 int tpm2_seal_trusted(struct tpm_chip *chip,
228 struct trusted_key_payload *payload,
229 struct trusted_key_options *options)
230 {
231 unsigned int blob_len;
232 struct tpm_buf buf;
233 u32 hash;
234 int i;
235 int rc;
236
237 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
238 if (options->hash == tpm2_hash_map[i].crypto_id) {
239 hash = tpm2_hash_map[i].tpm_id;
240 break;
241 }
242 }
243
244 if (i == ARRAY_SIZE(tpm2_hash_map))
245 return -EINVAL;
246
247 if (!options->keyhandle)
248 return -EINVAL;
249
250 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
251 if (rc)
252 return rc;
253
254 tpm_buf_append_u32(&buf, options->keyhandle);
255 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
256 NULL /* nonce */, 0,
257 0 /* session_attributes */,
258 options->keyauth /* hmac */,
259 TPM_DIGEST_SIZE);
260
261 /* sensitive */
262 tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len + 1);
263
264 tpm_buf_append_u16(&buf, options->blobauth_len);
265 if (options->blobauth_len)
266 tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
267
268 tpm_buf_append_u16(&buf, payload->key_len + 1);
269 tpm_buf_append(&buf, payload->key, payload->key_len);
270 tpm_buf_append_u8(&buf, payload->migratable);
271
272 /* public */
273 tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
274 tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
275 tpm_buf_append_u16(&buf, hash);
276
277 /* policy */
278 if (options->policydigest_len) {
279 tpm_buf_append_u32(&buf, 0);
280 tpm_buf_append_u16(&buf, options->policydigest_len);
281 tpm_buf_append(&buf, options->policydigest,
282 options->policydigest_len);
283 } else {
284 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
285 tpm_buf_append_u16(&buf, 0);
286 }
287
288 /* public parameters */
289 tpm_buf_append_u16(&buf, TPM_ALG_NULL);
290 tpm_buf_append_u16(&buf, 0);
291
292 /* outside info */
293 tpm_buf_append_u16(&buf, 0);
294
295 /* creation PCR */
296 tpm_buf_append_u32(&buf, 0);
297
298 if (buf.flags & TPM_BUF_OVERFLOW) {
299 rc = -E2BIG;
300 goto out;
301 }
302
303 rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
304 if (rc)
305 goto out;
306
307 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
308 if (blob_len > MAX_BLOB_SIZE) {
309 rc = -E2BIG;
310 goto out;
311 }
312 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) {
313 rc = -EFAULT;
314 goto out;
315 }
316
317 payload->blob_len =
318 tpm2_key_encode(payload, options,
319 &buf.data[TPM_HEADER_SIZE + 4],
320 blob_len);
321
322 out:
323 tpm_buf_destroy(&buf);
324
325 if (rc > 0) {
326 if (tpm2_rc_value(rc) == TPM2_RC_HASH)
327 rc = -EINVAL;
328 else
329 rc = -EPERM;
330 }
> 331 if (payload->blob_len < 0)
332 return payload->blob_len;
333
334 return rc;
335 }
336
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31351 bytes --]
next prev parent reply other threads:[~2020-11-30 2:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-29 22:19 [PATCH v14 0/5] TPM 2.0 trusted key rework James Bottomley
2020-11-29 22:20 ` [PATCH v14 1/5] lib: add ASN.1 encoder James Bottomley
2020-12-04 4:43 ` Jarkko Sakkinen
2020-12-04 4:44 ` Jarkko Sakkinen
2020-11-29 22:20 ` [PATCH v14 2/5] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2020-11-29 22:20 ` [PATCH v14 3/5] security: keys: trusted: fix TPM2 authorizations James Bottomley
2020-12-22 23:01 ` Ken Goldman
2020-12-23 19:58 ` James Bottomley
2021-01-04 21:56 ` Jarkko Sakkinen
2020-11-29 22:20 ` [PATCH v14 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs James Bottomley
2020-11-30 2:10 ` kernel test robot [this message]
2020-11-30 19:58 ` James Bottomley
2020-12-04 4:49 ` Jarkko Sakkinen
2020-12-04 4:50 ` Jarkko Sakkinen
2020-12-07 16:23 ` James Bottomley
2020-12-08 11:02 ` Jarkko Sakkinen
2020-11-29 22:20 ` [PATCH v14 5/5] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2020-12-04 13:40 ` [PATCH v14 1/5] lib: add ASN.1 encoder David Howells
2020-12-04 13:44 ` [PATCH v14 2/5] oid_registry: Add TCG defined OIDS for TPM keys David Howells
2020-12-04 16:01 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202011301002.yYRCOdq5-lkp@intel.com \
--to=lkp@intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=kbuild-all@lists.01.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).