* [PATCH] tpm: fix RC value check in tpm2_seal_trusted
@ 2017-01-25 21:03 Jarkko Sakkinen
2017-01-25 22:12 ` Jason Gunthorpe
0 siblings, 1 reply; 7+ messages in thread
From: Jarkko Sakkinen @ 2017-01-25 21:03 UTC (permalink / raw)
To: tpmdd-devel
Cc: linux-security-module, Jarkko Sakkinen, Peter Huewe,
Marcel Selhorst, Jason Gunthorpe, open list
Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
drivers/char/tpm/tpm.h | 5 +++++
drivers/char/tpm/tpm2-cmd.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 4e5fb22..abc621e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -523,6 +523,11 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
}
#endif
+static inline inline u32 tpm2_rc_value(u32 rc)
+{
+ return (rc & BIT(7)) ? rc & 0xff : rc;
+}
+
int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
struct tpm2_digest *digests);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6c8174a..40b09ca 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -551,7 +551,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
tpm_buf_destroy(&buf);
if (rc > 0) {
- if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH)
+ if (tpm2_rc_value(rc) == TPM2_RC_HASH)
rc = -EINVAL;
else
rc = -EPERM;
--
2.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
2017-01-25 21:03 [PATCH] tpm: fix RC value check in tpm2_seal_trusted Jarkko Sakkinen
@ 2017-01-25 22:12 ` Jason Gunthorpe
2017-01-26 11:27 ` Jarkko Sakkinen
0 siblings, 1 reply; 7+ messages in thread
From: Jason Gunthorpe @ 2017-01-25 22:12 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
open list
On Wed, Jan 25, 2017 at 11:03:48PM +0200, Jarkko Sakkinen wrote:
> Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
I think you need a commit message for this.. Is this following the
spec?
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
2017-01-25 22:12 ` Jason Gunthorpe
@ 2017-01-26 11:27 ` Jarkko Sakkinen
2017-01-26 18:32 ` Jason Gunthorpe
0 siblings, 1 reply; 7+ messages in thread
From: Jarkko Sakkinen @ 2017-01-26 11:27 UTC (permalink / raw)
To: Jason Gunthorpe
Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
open list
On Wed, Jan 25, 2017 at 03:12:45PM -0700, Jason Gunthorpe wrote:
> On Wed, Jan 25, 2017 at 11:03:48PM +0200, Jarkko Sakkinen wrote:
> > Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
>
> I think you need a commit message for this.. Is this following the
> spec?
Yes.
Format one commands the upper bits contain either handle, session or
parameter index. Bit 7 tells whether it the error code is format zero or
one. Format zero errors do not require masking. They do not have any
data in addition to value.
The reason why this bug was repeated in TPM space code was that I
originally melded that code form my trusted keys code (copy pasted and
edited message construction).
"The error code handling is bogus as any error code that has the bits
set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
parse the error value from FMT0 and FMT1 error codes to use to check the
error so that these types of mistakes is prevented in the future."
Is that suitable or do you want me to add something?
Jarkko
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
2017-01-26 11:27 ` Jarkko Sakkinen
@ 2017-01-26 18:32 ` Jason Gunthorpe
2017-01-27 6:43 ` Jarkko Sakkinen
0 siblings, 1 reply; 7+ messages in thread
From: Jason Gunthorpe @ 2017-01-26 18:32 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
open list
On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> "The error code handling is bogus as any error code that has the bits
> set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> parse the error value from FMT0 and FMT1 error codes to use to check the
> error so that these types of mistakes is prevented in the future."
Great thanks
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
2017-01-26 18:32 ` Jason Gunthorpe
@ 2017-01-27 6:43 ` Jarkko Sakkinen
2017-01-27 16:24 ` Jason Gunthorpe
0 siblings, 1 reply; 7+ messages in thread
From: Jarkko Sakkinen @ 2017-01-27 6:43 UTC (permalink / raw)
To: Jason Gunthorpe
Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
open list
On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
>
> > "The error code handling is bogus as any error code that has the bits
> > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > parse the error value from FMT0 and FMT1 error codes to use to check the
> > error so that these types of mistakes is prevented in the future."
>
> Great thanks
>
> Jason
Can I put your Reviewed-by? I would like to get this into 4.11.
/Jarkko
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
2017-01-27 6:43 ` Jarkko Sakkinen
@ 2017-01-27 16:24 ` Jason Gunthorpe
2017-01-29 15:11 ` Jarkko Sakkinen
0 siblings, 1 reply; 7+ messages in thread
From: Jason Gunthorpe @ 2017-01-27 16:24 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
open list
On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> >
> > > "The error code handling is bogus as any error code that has the bits
> > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > error so that these types of mistakes is prevented in the future."
> >
> > Great thanks
> >
> > Jason
>
> Can I put your Reviewed-by? I would like to get this into 4.11.
I'm not up to speed on the TPM2 parsing, but it looks OK based on your
description.
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
2017-01-27 16:24 ` Jason Gunthorpe
@ 2017-01-29 15:11 ` Jarkko Sakkinen
0 siblings, 0 replies; 7+ messages in thread
From: Jarkko Sakkinen @ 2017-01-29 15:11 UTC (permalink / raw)
To: Jason Gunthorpe
Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
open list
On Fri, Jan 27, 2017 at 09:24:16AM -0700, Jason Gunthorpe wrote:
> On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> > On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > >
> > > > "The error code handling is bogus as any error code that has the bits
> > > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > > error so that these types of mistakes is prevented in the future."
> > >
> > > Great thanks
> > >
> > > Jason
> >
> > Can I put your Reviewed-by? I would like to get this into 4.11.
>
> I'm not up to speed on the TPM2 parsing, but it looks OK based on your
> description.
>
> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
>
> Jason
Thanks I applied this patch to master.
/Jarkko
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-01-29 15:14 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-25 21:03 [PATCH] tpm: fix RC value check in tpm2_seal_trusted Jarkko Sakkinen
2017-01-25 22:12 ` Jason Gunthorpe
2017-01-26 11:27 ` Jarkko Sakkinen
2017-01-26 18:32 ` Jason Gunthorpe
2017-01-27 6:43 ` Jarkko Sakkinen
2017-01-27 16:24 ` Jason Gunthorpe
2017-01-29 15:11 ` Jarkko Sakkinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).