From: Tomas Winkler <tomas.winkler@intel.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Jason Gunthorpe <jgg@ziepe.ca>
Cc: Alexander Usyskin <alexander.usyskin@intel.com>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Tomas Winkler <tomas.winkler@intel.com>
Subject: [PATCH v2 8/8] tpm: move tpm2 code validation to tpm2-space.c
Date: Sat, 10 Mar 2018 10:24:28 +0200 [thread overview]
Message-ID: <20180310082428.31519-9-tomas.winkler@intel.com> (raw)
In-Reply-To: <20180310082428.31519-1-tomas.winkler@intel.com>
Add new function tpm2_validate_command to tpm2-space.c
that wraps up open coded functionality from tpm_validate_command.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
drivers/char/tpm/tpm-interface.c | 31 ++-----------------------------
drivers/char/tpm/tpm.h | 1 +
drivers/char/tpm/tpm2-cmd.c | 1 +
drivers/char/tpm/tpm2-space.c | 32 ++++++++++++++++++++++++++++++++
4 files changed, 36 insertions(+), 29 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index d347ad8325c6..93f7c12d4c4d 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -52,40 +52,13 @@ static int tpm_validate_command(struct tpm_chip *chip,
const u8 *cmd,
size_t len)
{
- const struct tpm_input_header *header = (const void *)cmd;
- int i;
- u32 cc;
- u32 attrs;
- unsigned int nr_handles;
-
if (len < TPM_HEADER_SIZE)
return -EINVAL;
- if (!space)
- return 0;
-
- if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
- cc = be32_to_cpu(header->ordinal);
-
- i = tpm2_find_cc(chip, cc);
- if (i < 0) {
- dev_dbg(&chip->dev, "0x%04X is an invalid command\n",
- cc);
- return -EOPNOTSUPP;
- }
-
- attrs = chip->cc_attrs_tbl[i];
- nr_handles =
- 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0));
- if (len < TPM_HEADER_SIZE + 4 * nr_handles)
- goto err_len;
- }
+ if (chip->flags & TPM_CHIP_FLAG_TPM2 && space)
+ return tpm2_validate_command(chip, cmd, len);
return 0;
-err_len:
- dev_dbg(&chip->dev,
- "%s: insufficient command length %zu", __func__, len);
- return -EINVAL;
}
static int tpm_request_locality(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 2b88aadc4743..15453a78a0d0 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -602,6 +602,7 @@ int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
u8 *cmd);
int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
u32 cc, u8 *buf, size_t *bufsiz);
+int tpm2_validate_command(struct tpm_chip *chip, const u8 *cmd, size_t len);
extern const struct seq_operations tpm2_binary_b_measurements_seqops;
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 80eb4bb5feef..6db13cf801b4 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -1112,3 +1112,4 @@ int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
return -1;
}
+
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 4e4014eabdb9..ed9eff948c05 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -263,6 +263,38 @@ static int tpm2_map_command(struct tpm_chip *chip, u32 cc, u8 *cmd)
return 0;
}
+int tpm2_validate_command(struct tpm_chip *chip, const u8 *cmd, size_t len)
+{
+ int i;
+ u32 cc;
+ u32 attrs;
+ unsigned int nr_handles;
+
+ if (len < TPM_HEADER_SIZE)
+ return -EINVAL;
+
+ if (!chip->nr_commands)
+ return 0;
+
+ cc = be32_to_cpup((__be32 *)(cmd + 6));
+
+ i = tpm2_find_cc(chip, cc);
+ if (i < 0) {
+ dev_dbg(&chip->dev, "0x%04X is an invalid command\n", cc);
+ return -EOPNOTSUPP;
+ }
+
+ attrs = chip->cc_attrs_tbl[i];
+ nr_handles = 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0));
+ if (len < TPM_HEADER_SIZE + 4 * nr_handles) {
+ dev_dbg(&chip->dev,
+ "%s: insufficient command length %zu", __func__, len);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
u8 *cmd)
{
--
2.14.3
WARNING: multiple messages have this Message-ID (diff)
From: tomas.winkler@intel.com (Tomas Winkler)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v2 8/8] tpm: move tpm2 code validation to tpm2-space.c
Date: Sat, 10 Mar 2018 10:24:28 +0200 [thread overview]
Message-ID: <20180310082428.31519-9-tomas.winkler@intel.com> (raw)
In-Reply-To: <20180310082428.31519-1-tomas.winkler@intel.com>
Add new function tpm2_validate_command to tpm2-space.c
that wraps up open coded functionality from tpm_validate_command.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
drivers/char/tpm/tpm-interface.c | 31 ++-----------------------------
drivers/char/tpm/tpm.h | 1 +
drivers/char/tpm/tpm2-cmd.c | 1 +
drivers/char/tpm/tpm2-space.c | 32 ++++++++++++++++++++++++++++++++
4 files changed, 36 insertions(+), 29 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index d347ad8325c6..93f7c12d4c4d 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -52,40 +52,13 @@ static int tpm_validate_command(struct tpm_chip *chip,
const u8 *cmd,
size_t len)
{
- const struct tpm_input_header *header = (const void *)cmd;
- int i;
- u32 cc;
- u32 attrs;
- unsigned int nr_handles;
-
if (len < TPM_HEADER_SIZE)
return -EINVAL;
- if (!space)
- return 0;
-
- if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
- cc = be32_to_cpu(header->ordinal);
-
- i = tpm2_find_cc(chip, cc);
- if (i < 0) {
- dev_dbg(&chip->dev, "0x%04X is an invalid command\n",
- cc);
- return -EOPNOTSUPP;
- }
-
- attrs = chip->cc_attrs_tbl[i];
- nr_handles =
- 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0));
- if (len < TPM_HEADER_SIZE + 4 * nr_handles)
- goto err_len;
- }
+ if (chip->flags & TPM_CHIP_FLAG_TPM2 && space)
+ return tpm2_validate_command(chip, cmd, len);
return 0;
-err_len:
- dev_dbg(&chip->dev,
- "%s: insufficient command length %zu", __func__, len);
- return -EINVAL;
}
static int tpm_request_locality(struct tpm_chip *chip)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 2b88aadc4743..15453a78a0d0 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -602,6 +602,7 @@ int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
u8 *cmd);
int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
u32 cc, u8 *buf, size_t *bufsiz);
+int tpm2_validate_command(struct tpm_chip *chip, const u8 *cmd, size_t len);
extern const struct seq_operations tpm2_binary_b_measurements_seqops;
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 80eb4bb5feef..6db13cf801b4 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -1112,3 +1112,4 @@ int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
return -1;
}
+
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 4e4014eabdb9..ed9eff948c05 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -263,6 +263,38 @@ static int tpm2_map_command(struct tpm_chip *chip, u32 cc, u8 *cmd)
return 0;
}
+int tpm2_validate_command(struct tpm_chip *chip, const u8 *cmd, size_t len)
+{
+ int i;
+ u32 cc;
+ u32 attrs;
+ unsigned int nr_handles;
+
+ if (len < TPM_HEADER_SIZE)
+ return -EINVAL;
+
+ if (!chip->nr_commands)
+ return 0;
+
+ cc = be32_to_cpup((__be32 *)(cmd + 6));
+
+ i = tpm2_find_cc(chip, cc);
+ if (i < 0) {
+ dev_dbg(&chip->dev, "0x%04X is an invalid command\n", cc);
+ return -EOPNOTSUPP;
+ }
+
+ attrs = chip->cc_attrs_tbl[i];
+ nr_handles = 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0));
+ if (len < TPM_HEADER_SIZE + 4 * nr_handles) {
+ dev_dbg(&chip->dev,
+ "%s: insufficient command length %zu", __func__, len);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
u8 *cmd)
{
--
2.14.3
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-10 8:28 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-10 8:24 [PATCH v2 0/8] tpm: factor out tpm1 code into tpm1-cmd.c Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-10 8:24 ` [PATCH v2 1/8] tpm: move tpm1_pcr_extend to tpm1-cmd.c Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:27 ` Jarkko Sakkinen
2018-03-15 16:27 ` Jarkko Sakkinen
2018-03-10 8:24 ` [PATCH v2 2/8] tpm: move tpm_getcap " Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:29 ` Jarkko Sakkinen
2018-03-15 16:29 ` Jarkko Sakkinen
2018-03-10 8:24 ` [PATCH v2 3/8] tpm: factor out tpm1_get_random into tpm1-cmd.c Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:32 ` Jarkko Sakkinen
2018-03-15 16:32 ` Jarkko Sakkinen
2018-03-15 23:24 ` Winkler, Tomas
2018-03-15 23:24 ` Winkler, Tomas
2018-03-16 14:02 ` Jarkko Sakkinen
2018-03-16 14:02 ` Jarkko Sakkinen
2018-03-10 8:24 ` [PATCH v2 4/8] tpm: move tpm1 selftest code from tpm-interface tpm1-cmd.c Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:37 ` Jarkko Sakkinen
2018-03-15 16:37 ` Jarkko Sakkinen
2018-03-10 8:24 ` [PATCH v2 5/8] tpm: factor out tpm1 pm suspend flow into tpm1-cmd.c Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:40 ` Jarkko Sakkinen
2018-03-15 16:40 ` Jarkko Sakkinen
2018-03-10 8:24 ` [PATCH v2 6/8] tpm: factor out tpm_startup function Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:41 ` Jarkko Sakkinen
2018-03-15 16:41 ` Jarkko Sakkinen
2018-03-10 8:24 ` [PATCH v2 7/8] tpm: Move pcr extend to tpm2-cmd.c Tomas Winkler
2018-03-10 8:24 ` Tomas Winkler
2018-03-15 16:47 ` Jarkko Sakkinen
2018-03-15 16:47 ` Jarkko Sakkinen
2018-03-15 23:28 ` Winkler, Tomas
2018-03-15 23:28 ` Winkler, Tomas
2018-03-16 14:08 ` Jarkko Sakkinen
2018-03-16 14:08 ` Jarkko Sakkinen
2018-03-10 8:24 ` Tomas Winkler [this message]
2018-03-10 8:24 ` [PATCH v2 8/8] tpm: move tpm2 code validation to tpm2-space.c Tomas Winkler
2018-03-15 16:49 ` Jarkko Sakkinen
2018-03-15 16:49 ` Jarkko Sakkinen
2018-03-15 16:35 ` [PATCH v2 0/8] tpm: factor out tpm1 code into tpm1-cmd.c Jarkko Sakkinen
2018-03-15 16:35 ` Jarkko Sakkinen
2018-03-15 23:25 ` Winkler, Tomas
2018-03-15 23:25 ` Winkler, Tomas
2018-03-16 14:03 ` Jarkko Sakkinen
2018-03-16 14:03 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180310082428.31519-9-tomas.winkler@intel.com \
--to=tomas.winkler@intel.com \
--cc=alexander.usyskin@intel.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.