lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160619120157.GA29626@intel.com>
Date:	Sun, 19 Jun 2016 14:12:14 +0200
From:	Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:	Ed Swierk <eswierk@...portsystems.com>
Cc:	tpmdd-devel@...ts.sourceforge.net, stefanb@...ibm.com,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	jgunthorpe@...idianresearch.com
Subject: Re: [PATCH v6 3/5] tpm: Factor out reading of timeout and duration
 capabilities

On Fri, Jun 10, 2016 at 06:55:05PM -0700, Ed Swierk wrote:
> Factor sending the TPM_GetCapability command and validating the result
> from tpm_get_timeouts() into a new function. Return all errors to the
> caller rather than swallowing them (e.g. when tpm_transmit_cmd()
> returns nonzero).
> 
> Signed-off-by: Ed Swierk <eswierk@...portsystems.com>
> ---
>  drivers/char/tpm/tpm-interface.c | 96 ++++++++++++++++++++++------------------
>  1 file changed, 52 insertions(+), 44 deletions(-)

I'm sorry but just now that I started applying these patches this patch
started to bother me.

> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index cc1e5bc..4d1f62c 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -502,6 +502,52 @@ static int tpm_startup(struct tpm_chip *chip, __be16 startup_type)
>  				"attempting to start the TPM");
>  }
>  
> +static int tpm_get_cap_prop(struct tpm_chip *chip, __be32 type, int size,
> +			    cap_t *cap, char *desc)
> +{
> +	struct tpm_cmd_t tpm_cmd;
> +	ssize_t rc;
> +
> +	tpm_cmd.header.in = tpm_getcap_header;
> +	tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
> +	tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
> +	tpm_cmd.params.getcap_in.subcap = type;
> +	rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL);
> +
> +	if (rc == TPM_ERR_INVALID_POSTINIT) {
> +		/* The TPM is not started, we are the first to talk to it.
> +		   Execute a startup command. */
> +		dev_info(chip->pdev, "Issuing TPM_STARTUP\n");
> +		if (tpm_startup(chip, TPM_ST_CLEAR))
> +			return rc;
> +
> +		tpm_cmd.header.in = tpm_getcap_header;
> +		tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
> +		tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
> +		tpm_cmd.params.getcap_in.subcap = type;
> +		rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
> +				  NULL);
> +	}

I think inside tpm_get_timeouts() I'd rather something along the lines
(with error handling and such details taken away):

rc = tpm_getcap(...);

if (rc == TPM_ERR_INVALID_POSTINIT) {
	tpm_startup(...);
	tpm_getca(...);
}


> +	if (rc) {
> +		dev_err(chip->pdev,
> +			"Error %zd reading %s\n", rc, desc);
> +		return rc;
> +	}
> +
> +	if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
> +	    be32_to_cpu(tpm_cmd.header.out.length)
> +	    != sizeof(tpm_cmd.header.out) + sizeof(u32) + size * sizeof(u32)) {
> +		dev_err(chip->pdev,
> +			"Bad return code or length reading %s\n", desc);
> +		return -EINVAL;
> +	}

This is bogus code. All this kind of checks should be contained in
tpm_transmit_cmd(). This is easily "fixed" by moving tpm_getcap() :)

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ