From patchwork Tue Nov 21 21:17:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167939 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920418vqb; Tue, 21 Nov 2023 13:17:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IGcC4cTNNqkROXBGYGbgOY7/5YMjnsQqLKDp9/E44B7x9urA6WaApu49wlptDdA+Y8mrL7a X-Received: by 2002:a05:6a00:2314:b0:6c3:6ce2:46b0 with SMTP id h20-20020a056a00231400b006c36ce246b0mr505534pfh.16.1700601462001; Tue, 21 Nov 2023 13:17:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601461; cv=none; d=google.com; s=arc-20160816; b=VgWMB0p93/ckjVdFMoqr8wXYMe9ZyB424NEJSuQ6JroRACZ+8cSIJ352wX8hEfLR0T Ikp7Pr0gg2Kssa5t4K2WrmarwE/0DjqHbL/9XW1Mj1AqqCpbfCQg6W9AMJAsiQydOT8l rwD2M4Nuy8MlBch5PFNK+sFzwLb1WfRCQWjC6KSTFNfcGdJ4aPRqt3ySyzO2ZDH3N9vJ npF857FVrznP+rGdTec9uJHDvAVXT9EXk6b5PD1FjeD/w6TOdqWsjw4qSWmxh2HsL49D itDKb+UOsjEmVCpQwCAFxn2NsQmug9fKqP2rvtQeyJUFNqtWR4PdBi5dncy9DPWVS9yz 7MwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3DPHNe+6QgStex6hMVi2Yf3aSf/SAH8SNxvVAYY74VA=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=kd8dFJ4o/o4pzMNi4eHswn7747RGh1XQqzP/JyGKS9wdrbcv1DbMETtLPGxS01zTUK +djLub8Hes54a8Gd7jSHG+ZB4ehzTYRF/rFFOWvkIiPKbU8lya9yab+iRVXoO478+jA8 iZFF+dEfPVV752RYTUrD12jOcyOjKkrivP/Tthd4fD2+WM7Px5NhrUUBmLMtR+T8sN3C vdHln90Rr/zVLrJZ1V53ml7hXfUvWrf+6fJe/OpLX2ymQ8WRMhpGYM0y4vbK6Z72JgOJ T3UwG4wawbSjMC2tuoA/likvqDeFX5RTh1w6PucKe4kotLJYW/+WhIkCAEfvJgD/8PnV oOyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BQ4e5epJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id u17-20020a056a00125100b006c4d06bc29csi11230377pfi.302.2023.11.21.13.17.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:17:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BQ4e5epJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id B3344816EBEB; Tue, 21 Nov 2023 13:17:34 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229669AbjKUVRb (ORCPT + 99 others); Tue, 21 Nov 2023 16:17:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229464AbjKUVRa (ORCPT ); Tue, 21 Nov 2023 16:17:30 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E5FADD for ; Tue, 21 Nov 2023 13:17:27 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62E2AC433C7; Tue, 21 Nov 2023 21:17:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601447; bh=Y56AO+jdgKKv2wjrPycIECDNz6SB1qKX+7if35pK/Gw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BQ4e5epJyW3aR5whtW4leKfPnGJnYCPiNISJ0YfMzDZYILtpkdWM/bUxRq3v0smjr En0oDQo97bauZH0FKctmxBrd5mccn+S6CzWteM6PJL45PMJmBwJz65T9VfttVRyKaA qqEwIwysk3C1eSJbDEpt8Q+x+K7DwT8Z5Y1Tm62CspgOe9CJ0CiCdEdrEdpEpdqbrV V/DoDaX6zxqxxeta1p4d13NtHWoqEx5QnivPxsjmD1TvEVx+kGVXn+ZpPafm4quoJN w9lDAeWofVjEtpAPo6x7gIrSuXIoBHA//a/MULYRxX4uPOWjIP2nbLHW3GW01YSUpS QAue6S8eB3OHA== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 1/8] tpm: Remove unused tpm_buf_tag() Date: Tue, 21 Nov 2023 23:17:10 +0200 Message-ID: <20231121211717.31681-2-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:17:34 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209878528843837 X-GMAIL-MSGID: 1783209878528843837 The helper function has no call sites. Thus, remove it. Signed-off-by: Jarkko Sakkinen --- v1 [2023-11-21]: A new patch. --- include/linux/tpm.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 4ee9d13749ad..6588ca87cf93 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -358,13 +358,6 @@ static inline u32 tpm_buf_length(struct tpm_buf *buf) return be32_to_cpu(head->length); } -static inline u16 tpm_buf_tag(struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - - return be16_to_cpu(head->tag); -} - static inline void tpm_buf_append(struct tpm_buf *buf, const unsigned char *new_data, unsigned int new_len) From patchwork Tue Nov 21 21:17:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167940 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920623vqb; Tue, 21 Nov 2023 13:18:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IHBdjpjiUK79HbrnxXsDbQbPN6J65GF9lIEGwDIOz3Jrrzo25BR/hrFYxN19EWif4hpqvU2 X-Received: by 2002:a17:90b:33cf:b0:285:24bf:eef3 with SMTP id lk15-20020a17090b33cf00b0028524bfeef3mr404431pjb.40.1700601490184; Tue, 21 Nov 2023 13:18:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601490; cv=none; d=google.com; s=arc-20160816; b=xeHTfZCZeftxMfviVrAq0OMurp6SdQ31rQUo6bJGC4DDRxTPJjyp9fNiduI/nE5NZh 3/2kpcFw9uaBlVOm2lVf+kGp0fOIj79DoaWYLPuyyxTL++XqCT7GK8VKgjr48BW1okxl IJoSiSTjPop2wULfAl4iexiUJlXpdFzSlojMyCbrBMO2ukvOF5I1EJdKp9Jb2HoRHtVQ TymueOry2zst763x7dgeq9L4xanQA1LzyjUz1vrg5ycVvYJC8CYLZOoXg6x6p3MZv3VP OSTBP/UHzzDnxI1c4mrYCv7trKDGDTmBdINwCuXrYU/CKpiR5Ne/ZByCEadL5y+zLpHs PUGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Wx4rrgisbsSzYs/cTVxIC4Ar1WJfv2yGvl8xnZxthQY=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=G0i50x/tj80G0C3Cx+0nIvKkhsPgNmFTJD2Ayhzeu4jBvNH3/HaOfjKVH8p/SeLu4D bFmzSl6HlpAMFhq4a/ureK+xhebzmIv8r20aDmJK8uLek13SJ2mWCRViqXOIzMb9OSQZ Ei3p67g1LXun2aHfEf3wCIcYgJJIBIPoTzqWSXMKW4qjjzcFs8jY9gL8jbYF9c7RBk0F lxpNrzJfBAX/DfEbm30yj+AHHq5g6OF4WaSBpcP8kacNDiNDJD0bT59X/aYWIUHtMtsQ j2Q+TxnsRPv3x0gIZIe7vLU3nUfQTxbppaZoNBtGQt6UPUKauEmt8eqe2+9lwV7IcAc4 2p/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KvhgJxUF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id f10-20020a17090aa78a00b002791b62066csi13186351pjq.38.2023.11.21.13.18.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KvhgJxUF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 253C68127F49; Tue, 21 Nov 2023 13:17:46 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234299AbjKUVRf (ORCPT + 99 others); Tue, 21 Nov 2023 16:17:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231362AbjKUVRd (ORCPT ); Tue, 21 Nov 2023 16:17:33 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 744751A3 for ; Tue, 21 Nov 2023 13:17:30 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B58E1C433C7; Tue, 21 Nov 2023 21:17:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601450; bh=JhIxIpxRqOX9d+TKHEN9Y5MeVUPXrIM8NDLV56PQmNI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KvhgJxUF/j8r4lIGvHz3JkwvPzaA1rQ4UurCNmN32gFTB78zRqsI5z9Bra8nTuHzf pp4js2QeICOUkbnuFlfqAkY4cnrk0WppEgFp0RYKQ6Jo6FhQ6a73JKWvACweJFVCeW LjTrJxp1F0PTMKzmL6dBfjtOBYl+2pKXQwAN5zhRW7MxeerPhgIRYd7kJn/AN6H6Y2 EqRGcj9wBPiPMb4zeZ1bx8nT/vNNF4gqLp5yjw9qX6J+AV6gk7WpcKj0MsCQW/fvM4 rhnDNij/E1udLwdoVNg4FrcCgbRF5XfnBIrlA35G2iYOOvTPvJlp143vubqvZdoMNg QHv144LCrWBKg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 2/8] tpm: Remove tpm_send() Date: Tue, 21 Nov 2023 23:17:11 +0200 Message-ID: <20231121211717.31681-3-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:17:46 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209908369354187 X-GMAIL-MSGID: 1783209908369354187 Open code the last remaining call site for tpm_send(). Signed-off-by: Jarkko Sakkinen --- v1 [2023-11-21]: A new patch. --- drivers/char/tpm/tpm-interface.c | 25 ----------------------- include/linux/tpm.h | 5 ----- security/keys/trusted-keys/trusted_tpm1.c | 14 +++++++++++-- 3 files changed, 12 insertions(+), 32 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 66b16d26eecc..163ae247bff2 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -342,31 +342,6 @@ int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, } EXPORT_SYMBOL_GPL(tpm_pcr_extend); -/** - * tpm_send - send a TPM command - * @chip: a &struct tpm_chip instance, %NULL for the default chip - * @cmd: a TPM command buffer - * @buflen: the length of the TPM command buffer - * - * Return: same as with tpm_transmit_cmd() - */ -int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) -{ - struct tpm_buf buf; - int rc; - - chip = tpm_find_get_ops(chip); - if (!chip) - return -ENODEV; - - buf.data = cmd; - rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to a send a command"); - - tpm_put_ops(chip); - return rc; -} -EXPORT_SYMBOL_GPL(tpm_send); - int tpm_auto_startup(struct tpm_chip *chip) { int rc; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 6588ca87cf93..d9d645e9c52c 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -422,7 +422,6 @@ extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digest); extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digests); -extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); extern struct tpm_chip *tpm_default_chip(void); void tpm2_flush_context(struct tpm_chip *chip, u32 handle); @@ -443,10 +442,6 @@ static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, return -ENODEV; } -static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) -{ - return -ENODEV; -} static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max) { return -ENODEV; diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index aa108bea6739..37bce84eef99 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -356,17 +356,27 @@ static int TSS_checkhmac2(unsigned char *buffer, */ int trusted_tpm_send(unsigned char *cmd, size_t buflen) { + struct tpm_buf buf; int rc; if (!chip) return -ENODEV; + rc = tpm_try_get_ops(chip); + if (rc) + return rc; + + buf.flags = 0; + buf.data = cmd; dump_tpm_buf(cmd); - rc = tpm_send(chip, cmd, buflen); + rc = tpm_transmit_cmd(chip, &buf, 4, "sending data"); dump_tpm_buf(cmd); + if (rc > 0) - /* Can't return positive return codes values to keyctl */ + /* TPM error */ rc = -EPERM; + + tpm_put_ops(chip); return rc; } EXPORT_SYMBOL_GPL(trusted_tpm_send); From patchwork Tue Nov 21 21:17:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167942 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920703vqb; Tue, 21 Nov 2023 13:18:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IEXFBNVO6W0zAI6kgEptNCS0VgGVmPWdncf3jIumVpKQ8QBieNwTXsqTNY65Q298DUgyP/s X-Received: by 2002:a05:6a00:244c:b0:6bd:4ab7:5f69 with SMTP id d12-20020a056a00244c00b006bd4ab75f69mr411360pfj.12.1700601497825; Tue, 21 Nov 2023 13:18:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601497; cv=none; d=google.com; s=arc-20160816; b=WOpns+QEdC4Ce9SyvaNSPUqTggbKcthvK1lEu2q2Ok8NrbuOaa6IzDLWIHGnn99+gA PB7utXkwVKedFSiKVa0Gx5PMjrSB7gecef5Jub15fMQ4buIFDPPUG7BgVs4w5abPjwp9 sttZNUjMhmkeaZrYTNyEqUFY06ZPGIZ8xXg9x2crqz01G+3vdFYW0zCIUW9t2omm4DiL 94aHsYUP8dXpgemIhoDUIWmhrp33SY+ckwart2i/7wJ9njLQ/i4KP/JoppyvUbrmza3l qeIxAofbU88XesMbwu1WJhjrl5g6SHv4UsGzFCxLSJywYqodqPPG0tdohbNfVaQbXxnE UmDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=12RuWU51G4PDzHVsRaZ2Fmbj6zH5N+YHQTQstg9q4RM=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=n2qLCmoQqiDRUNxwav1yi15F7Pt7dy6gPMouJn0FQXfxG5n5V0npyl4l4NZBlP0AIV uSFoiZneOiNVjQDXfx7nKZwU7fdZk0gDzyPGe9xgnvsqdrgJxae/RAv4Nu1qIAZYc34h Nc2/LocmUUKdjlPVOgIWXnlXzkm5Ca5XaTtU6G3J30j88fBWW3V94/qKO8FilqIez6Do 5OrcFU5urPMW1qS/E0sN71e24giD0gwTuoLYBN54n6rbUsuz7uyCDb79lcF7c4g2L7fu xuvVFpQlsEeufAhRy3qvOs8m1I4FapA5L8id2EHd2OSkDL/hE05+GAo25svt6d/VgqTk nWSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=A81T9jMZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id g17-20020aa796b1000000b006c4d2c8a3fcsi10796140pfk.329.2023.11.21.13.18.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=A81T9jMZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 08E988127F65; Tue, 21 Nov 2023 13:17:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234501AbjKUVRk (ORCPT + 99 others); Tue, 21 Nov 2023 16:17:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234415AbjKUVRh (ORCPT ); Tue, 21 Nov 2023 16:17:37 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E9BB1AC for ; Tue, 21 Nov 2023 13:17:33 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7FACC433C8; Tue, 21 Nov 2023 21:17:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601453; bh=IdDBjSdzRGRbJ3rRetvxu7kHVwNlJ58+I2rJPacf4rU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=A81T9jMZa51giWwYScInrcsB9V03VHBKsWXcfaX3+zKyaj9+2Wx5IpSh8CTqDetxP AVA2LjffICfaCP0Md0YwOYnR2bk61D8Svg7wtBAnEf2SDdDXI7SOQJoPajo2YDZojP 31Oj95DwyFF8/wP9nomVamBy5qzGgoEc14NFM/ml1FMZwaNmPP8u5eF00kZ0S8+eiP uddpnIuVqCqmTARz4hMatOnssnawLr22K2/80w9FvmMt/lK9dBFbEvU3gECdIeClwd 8Ot41SXAxIF6T+tb3TtitMXoOvOOx5Cy4qElBnj+OS82dTULpsgoH4Mv+je68t0kux hWulTLE63Ey9Q== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 3/8] tpm: Move buffer handling from static inlines to real functions Date: Tue, 21 Nov 2023 23:17:12 +0200 Message-ID: <20231121211717.31681-4-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:17:55 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209916458614841 X-GMAIL-MSGID: 1783209916458614841 From: James Bottomley separate out the tpm_buf_... handling functions from static inlines in tpm.h and move them to their own tpm-buf.c file. This is a precursor to adding new functions for other TPM type handling because the amount of code will grow from the current 70 lines in tpm.h to about 200 lines when the additions are done. 200 lines of inline functions is a bit too much to keep in a header file. Signed-off-by: James Bottomley Signed-off-by: Jarkko Sakkinen --- v3: make tpm_buf_tag static v4: remove space after spdx tag v5: fix checkpatch.pl --strict issues --- drivers/char/tpm/Makefile | 1 + drivers/char/tpm/tpm-buf.c | 87 ++++++++++++++++++++++++++++++++++++++ include/linux/tpm.h | 80 ++++------------------------------- 3 files changed, 97 insertions(+), 71 deletions(-) create mode 100644 drivers/char/tpm/tpm-buf.c diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 0222b1ddb310..ad3594e383e1 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -15,6 +15,7 @@ tpm-y += tpm-sysfs.o tpm-y += eventlog/common.o tpm-y += eventlog/tpm1.o tpm-y += eventlog/tpm2.o +tpm-y += tpm-buf.o tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o tpm-$(CONFIG_EFI) += eventlog/efi.o diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c new file mode 100644 index 000000000000..96cee41d5b9c --- /dev/null +++ b/drivers/char/tpm/tpm-buf.c @@ -0,0 +1,87 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Handling of TPM command and other buffers. + */ + +#include +#include + +int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) +{ + buf->data = (u8 *)__get_free_page(GFP_KERNEL); + if (!buf->data) + return -ENOMEM; + + buf->flags = 0; + tpm_buf_reset(buf, tag, ordinal); + return 0; +} +EXPORT_SYMBOL_GPL(tpm_buf_init); + +void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + + head->tag = cpu_to_be16(tag); + head->length = cpu_to_be32(sizeof(*head)); + head->ordinal = cpu_to_be32(ordinal); +} +EXPORT_SYMBOL_GPL(tpm_buf_reset); + +void tpm_buf_destroy(struct tpm_buf *buf) +{ + free_page((unsigned long)buf->data); +} +EXPORT_SYMBOL_GPL(tpm_buf_destroy); + +u32 tpm_buf_length(struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + + return be32_to_cpu(head->length); +} +EXPORT_SYMBOL_GPL(tpm_buf_length); + +void tpm_buf_append(struct tpm_buf *buf, + const unsigned char *new_data, + unsigned int new_len) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + u32 len = tpm_buf_length(buf); + + /* Return silently if overflow has already happened. */ + if (buf->flags & TPM_BUF_OVERFLOW) + return; + + if ((len + new_len) > PAGE_SIZE) { + WARN(1, "tpm_buf: overflow\n"); + buf->flags |= TPM_BUF_OVERFLOW; + return; + } + + memcpy(&buf->data[len], new_data, new_len); + head->length = cpu_to_be32(len + new_len); +} +EXPORT_SYMBOL_GPL(tpm_buf_append); + +void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) +{ + tpm_buf_append(buf, &value, 1); +} +EXPORT_SYMBOL_GPL(tpm_buf_append_u8); + +void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) +{ + __be16 value2 = cpu_to_be16(value); + + tpm_buf_append(buf, (u8 *)&value2, 2); +} +EXPORT_SYMBOL_GPL(tpm_buf_append_u16); + +void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) +{ + __be32 value2 = cpu_to_be32(value); + + tpm_buf_append(buf, (u8 *)&value2, 4); +} +EXPORT_SYMBOL_GPL(tpm_buf_append_u32); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index d9d645e9c52c..bb0e8718a432 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -326,77 +326,15 @@ struct tpm2_hash { unsigned int tpm_id; }; -static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - - head->tag = cpu_to_be16(tag); - head->length = cpu_to_be32(sizeof(*head)); - head->ordinal = cpu_to_be32(ordinal); -} - -static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) -{ - buf->data = (u8 *)__get_free_page(GFP_KERNEL); - if (!buf->data) - return -ENOMEM; - - buf->flags = 0; - tpm_buf_reset(buf, tag, ordinal); - return 0; -} - -static inline void tpm_buf_destroy(struct tpm_buf *buf) -{ - free_page((unsigned long)buf->data); -} - -static inline u32 tpm_buf_length(struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - - return be32_to_cpu(head->length); -} - -static inline void tpm_buf_append(struct tpm_buf *buf, - const unsigned char *new_data, - unsigned int new_len) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - u32 len = tpm_buf_length(buf); - - /* Return silently if overflow has already happened. */ - if (buf->flags & TPM_BUF_OVERFLOW) - return; - - if ((len + new_len) > PAGE_SIZE) { - WARN(1, "tpm_buf: overflow\n"); - buf->flags |= TPM_BUF_OVERFLOW; - return; - } - - memcpy(&buf->data[len], new_data, new_len); - head->length = cpu_to_be32(len + new_len); -} - -static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) -{ - tpm_buf_append(buf, &value, 1); -} - -static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) -{ - __be16 value2 = cpu_to_be16(value); - - tpm_buf_append(buf, (u8 *) &value2, 2); -} - -static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) -{ - __be32 value2 = cpu_to_be32(value); - - tpm_buf_append(buf, (u8 *) &value2, 4); -} +int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal); +void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal); +void tpm_buf_destroy(struct tpm_buf *buf); +u32 tpm_buf_length(struct tpm_buf *buf); +void tpm_buf_append(struct tpm_buf *buf, const unsigned char *new_data, + unsigned int new_len); +void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value); +void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value); +void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value); /* * Check if TPM device is in the firmware upgrade mode. From patchwork Tue Nov 21 21:17:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167941 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920654vqb; Tue, 21 Nov 2023 13:18:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IHhD29bT6HM0q2afAVR8YOkdjLGjTPF8XWldf6GfK2eq+SIlFIVIb7IEOAes0/rtFVR6hhl X-Received: by 2002:a05:6808:1309:b0:3b6:c551:9c8d with SMTP id y9-20020a056808130900b003b6c5519c8dmr645219oiv.27.1700601493767; Tue, 21 Nov 2023 13:18:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601493; cv=none; d=google.com; s=arc-20160816; b=ptmC6wjMtqWP+zmg3sExLw/AA8ksz1g/MJJ03EBcfsmOwsqhe0EXLYnG6issLJuvo7 F1G+M/goNrQRLi1bpqVcxRCs2hg++nRYM4QOzDVfvqSa1UAX8+LIR2IUEJZBvLAnubuW 9ysL5/MESRazU+O90H4sULvK7wTIUqNAGtncOOOk/6b6ciqADe0YCnyavJVTyPjzcWMo WJHCNjhmxFWBFpd0LiVX1EodOU92abmXeEgpmmWxKnOS6t/OX2eWqYZQpLl3XChIlBQ9 AgOTtzeVuuXFeJciHC98gg8U+kYp3YmfXSIg4CCGwU91aDbY5ddP0plMJTuOv/CSq/Pz qZOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Gt8fgGgjlCev4guWPGlFa3Uz8iLkYYUzDHU8Mt4ig7k=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=kkuolcS9469T/PtNhBp0wduci/aTtfZV4fw7GaYe/VVCLXdX1X+Dv4gxkkuZsyB11t 8U/8UetEcdDHEucbTYnlUK1lQhfP7RvoQKrUZBl2bUnsNc3JUdEoIhLeXVgb3gRN+qhB NULAdrnGu2Pw+qSqcxZHOWYWPiE26vX14DZhHfUuSLcZph43LHpMD37c8BQgjAwbFKSn vjel85f0aZ7Q84enDuObX002rhShn8/D5ByfTQ+8OQHxuOLNfDh9FVIJd4OxARMICXjd nfRdnEgPIqgfZApOfnjA/g5abJ0/hb9P/UXdGoGA05jS37Gz3FxFLlBNxUV3N4MCQkBt EdqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GgdOdZt+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id bj13-20020a056a02018d00b0057795cb4f16si12003699pgb.684.2023.11.21.13.18.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GgdOdZt+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id B83ED811F932; Tue, 21 Nov 2023 13:17:49 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234482AbjKUVRr (ORCPT + 99 others); Tue, 21 Nov 2023 16:17:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234474AbjKUVRl (ORCPT ); Tue, 21 Nov 2023 16:17:41 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 703DAD6E for ; Tue, 21 Nov 2023 13:17:37 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3980BC433C8; Tue, 21 Nov 2023 21:17:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601456; bh=uRT/e1IV/Y1HzSN6eQYcs9k1Bz81L9apwgEI2XgWaq4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GgdOdZt+Y9rMfJnlEv9QFxcC0DKqIUvHQWdzlNLVbvSmkSp3EkooBPT6i/A06uCZ2 joc8x38odsjBA8JbBWrjpz8lUPetXbG2/yOJUn4D586vSWLkNKYi3dG1upp8dVJwBs E9Je8uhn5Vhe3Y7ZhZhRwBUHhdE0SrTtUs3JelW+KV/pqyJJij3Lul2CvXEKqScoJO 8i3OMfxtjMQVAOVfFhrpttvxgOwvvyviEQwQTRxidETv763qv8zJjCwIT4EXQUGh2U ZRUpw6MEW+NdqAdiCBC869WgdByzsFm6H0Ca/I4Ku9aY087vylYd2qACnZR8obuB1Y CWnCvfozAmf7w== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 4/8] tpm: Update &tpm_buf documentation Date: Tue, 21 Nov 2023 23:17:13 +0200 Message-ID: <20231121211717.31681-5-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:17:50 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209911985248960 X-GMAIL-MSGID: 1783209911985248960 Remove deprecated portions and document the enum value. Signed-off-by: Jarkko Sakkinen --- v1 [2023-11-21]: A new patch. --- include/linux/tpm.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index bb0e8718a432..0a8c1351adc2 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -297,15 +297,14 @@ struct tpm_header { }; } __packed; -/* A string buffer type for constructing TPM commands. This is based on the - * ideas of string buffer code in security/keys/trusted.h but is heap based - * in order to keep the stack usage minimal. - */ - enum tpm_buf_flags { + /* the capacity exceeded: */ TPM_BUF_OVERFLOW = BIT(0), }; +/* + * A string buffer type for constructing TPM commands. + */ struct tpm_buf { unsigned int flags; u8 *data; From patchwork Tue Nov 21 21:17:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167943 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920734vqb; Tue, 21 Nov 2023 13:18:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IFGSGu787ziJFgi2FEgyk1YpSZrGsNaRrVwpZDjoHes2cK3NjzLDzDPyKGFOIFAda3yoUDw X-Received: by 2002:a17:90b:3803:b0:280:6296:3d96 with SMTP id mq3-20020a17090b380300b0028062963d96mr485648pjb.41.1700601502947; Tue, 21 Nov 2023 13:18:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601502; cv=none; d=google.com; s=arc-20160816; b=dczQNnbbNxyLQfTWpDJWqNkK7A72lRY0483KRzOZJf7JHrlVg8iaP6xHY/sxtELjfO HJM/feXs6QyIoPdyuI487luORugTVzrnsGit58IQXflE50OoTp8htRjvNYo9/sbWucap c9iIdjF/NoERIhIpyncc/P8TUfM35BOXEJIg7j6TYaENapW8q6n8vJlP7JlOXynF1kMm 3hISzn5VI1WHJdfCfaSHtHCZ5vGQ5f1gEugMrV+tGbwl0WK5OAc1DwW57pqC0WpDNAbY RR+sOAdyU8G3AkCQvJDSiDlohqByyDCbafEfoaJh2ZVJw4XsICh4MfaxXH686Syubjf9 OLWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1CThBTyqMjAP+1OkxYC5gQSpqU86n67fnC99Pv8T5Zk=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=Xd4yuJ26MCnr8XHzMnic/88ZoRoM6uGzfF9X+maxpa/CscM/egN0ZMKCsYu0IykBEy YMIgll5dF1kfy6OD+iiBk413AqEV5Ah0gmDOABH14bG8C5qVkHRtklDsD9n4DMVD5XWJ BpJj5SuImji1IVXvfgOIT5NSsh7WoF/KvAVRNrxeyiu6hV1OwLMpjDfpbltUWhMqG3HF gq2CJZ4eneoZaJ3PYoPi5n/Pb+JtgeZgmx34WsPwNVZ32abw/+e22grYgLK/oczKoXqG K/FT9Jze28GVm2aZjUrr8wMUaFDKAsp7Mod1Wrgsn+zfWACJ2rsMd9VH+VoGTW7qNNst UQWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=r9EHYBPa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id sr8-20020a17090b4e8800b002809a033855si11382527pjb.157.2023.11.21.13.18.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=r9EHYBPa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 5CE708127F57; Tue, 21 Nov 2023 13:18:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234474AbjKUVRz (ORCPT + 99 others); Tue, 21 Nov 2023 16:17:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234498AbjKUVRr (ORCPT ); Tue, 21 Nov 2023 16:17:47 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6469F10C7 for ; Tue, 21 Nov 2023 13:17:40 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8EBEEC433C7; Tue, 21 Nov 2023 21:17:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601460; bh=ODPwUlYKSAeHlpAB5encwTG6et/HxfECcndbzrtG5jo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r9EHYBParZKl0IjHD1mr0x0swHj5nhxPdlQxr34hQnaTCFJdaMaHrdt4k6o57j1w7 ALcKk84Y29RfFkZSS/SvIuPQlkqgkTIPJk3PfwzsOjcRNGjsjfWZJ9uvCE9qkI7ai3 +jcO0Lj8h1FmfqhtG1v8lgR29/Daqs6CeJ5drV04jGM8RNuA6MPnVF2vFo/nnztH6V w6kbM19Pa1fnfA+R6+RfxEcie2/0jANpXAjtOm7D/e9kQjqkOYAbMqazncxUfe8CAd R3FSkGuHnbm5e8IOm2Fc3myUJkAhlGHmLWuIzI22/LkoWUjkgWiOzHOOU5xeqFiRb/ IGt+9iRv4lnhA== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 5/8] tpm: Store the length of the tpm_buf data separately. Date: Tue, 21 Nov 2023 23:17:14 +0200 Message-ID: <20231121211717.31681-6-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:18:02 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209921839336203 X-GMAIL-MSGID: 1783209921839336203 TPM2B buffers, or sized buffers, have a two byte header, which contains the length of the payload as a 16-bit big-endian number, without counting in the space taken by the header. This differs from encoding in the TPM header where the length includes also the bytes taken by the header. Unbound the length of a tpm_buf from the value stored to the TPM command header. A separate encoding and decoding step so that different buffer types can be supported, with variant header format and length encoding. Signed-off-by: Jarkko Sakkinen --- v2 [2023-11-21]: Squashed together with the following patch, as the API of tpm_buf_init() is no longer changed. --- drivers/char/tpm/tpm-buf.c | 49 ++++++++++++++++++----- drivers/char/tpm/tpm-interface.c | 1 + include/keys/trusted_tpm.h | 2 - include/linux/tpm.h | 6 +-- security/keys/trusted-keys/trusted_tpm1.c | 9 +++-- 5 files changed, 47 insertions(+), 20 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index 96cee41d5b9c..545d9c74abf1 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -3,25 +3,45 @@ * Handling of TPM command and other buffers. */ +#include #include #include +/** + * tpm_buf_init() - Allocate and initialize a TPM command + * @buf: A &tpm_buf + * @tag: TPM_TAG_RQU_COMMAND, TPM2_ST_NO_SESSIONS or TPM2_ST_SESSIONS + * @ordinal: A command ordinal + * + * Return: 0 or -ENOMEM + */ int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) { buf->data = (u8 *)__get_free_page(GFP_KERNEL); if (!buf->data) return -ENOMEM; - buf->flags = 0; tpm_buf_reset(buf, tag, ordinal); return 0; } EXPORT_SYMBOL_GPL(tpm_buf_init); +/** + * tpm_buf_reset() - Initialize a TPM command + * @buf: A &tpm_buf + * @tag: TPM_TAG_RQU_COMMAND, TPM2_ST_NO_SESSIONS or TPM2_ST_SESSIONS + * @ordinal: A command ordinal + */ void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) { struct tpm_header *head = (struct tpm_header *)buf->data; + WARN_ON(tag != TPM_TAG_RQU_COMMAND && tag != TPM2_ST_NO_SESSIONS && + tag != TPM2_ST_SESSIONS); + + memset(buf->data, 0, TPM_HEADER_SIZE); + buf->flags = 0; + buf->length = sizeof(*head); head->tag = cpu_to_be16(tag); head->length = cpu_to_be32(sizeof(*head)); head->ordinal = cpu_to_be32(ordinal); @@ -34,33 +54,40 @@ void tpm_buf_destroy(struct tpm_buf *buf) } EXPORT_SYMBOL_GPL(tpm_buf_destroy); +/** + * tpm_buf_length() - Return the number of bytes consumed by the data + * + * Return: The number of bytes consumed by the buffer + */ u32 tpm_buf_length(struct tpm_buf *buf) { - struct tpm_header *head = (struct tpm_header *)buf->data; - - return be32_to_cpu(head->length); + return buf->length; } EXPORT_SYMBOL_GPL(tpm_buf_length); -void tpm_buf_append(struct tpm_buf *buf, - const unsigned char *new_data, - unsigned int new_len) +/** + * tpm_buf_append() - Append data to an initialized buffer + * @buf: A &tpm_buf + * @new_data: A data blob + * @new_length: Size of the appended data + */ +void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length) { struct tpm_header *head = (struct tpm_header *)buf->data; - u32 len = tpm_buf_length(buf); /* Return silently if overflow has already happened. */ if (buf->flags & TPM_BUF_OVERFLOW) return; - if ((len + new_len) > PAGE_SIZE) { + if ((buf->length + new_length) > PAGE_SIZE) { WARN(1, "tpm_buf: overflow\n"); buf->flags |= TPM_BUF_OVERFLOW; return; } - memcpy(&buf->data[len], new_data, new_len); - head->length = cpu_to_be32(len + new_len); + memcpy(&buf->data[buf->length], new_data, new_length); + buf->length += new_length; + head->length = cpu_to_be32(buf->length); } EXPORT_SYMBOL_GPL(tpm_buf_append); diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 163ae247bff2..ea75f2776c2f 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -232,6 +232,7 @@ ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf, if (len < min_rsp_body_length + TPM_HEADER_SIZE) return -EFAULT; + buf->length = len; return 0; } EXPORT_SYMBOL_GPL(tpm_transmit_cmd); diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h index 7769b726863a..a088b33fd0e3 100644 --- a/include/keys/trusted_tpm.h +++ b/include/keys/trusted_tpm.h @@ -6,8 +6,6 @@ #include /* implementation specific TPM constants */ -#define MAX_BUF_SIZE 1024 -#define TPM_GETRANDOM_SIZE 14 #define TPM_SIZE_OFFSET 2 #define TPM_RETURN_OFFSET 6 #define TPM_DATA_OFFSET 10 diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 0a8c1351adc2..1d7b39b5c383 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -306,7 +306,8 @@ enum tpm_buf_flags { * A string buffer type for constructing TPM commands. */ struct tpm_buf { - unsigned int flags; + u32 flags; + u32 length; u8 *data; }; @@ -329,8 +330,7 @@ int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal); void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal); void tpm_buf_destroy(struct tpm_buf *buf); u32 tpm_buf_length(struct tpm_buf *buf); -void tpm_buf_append(struct tpm_buf *buf, const unsigned char *new_data, - unsigned int new_len); +void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length); void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value); void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value); void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value); diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index 37bce84eef99..89c9798d1800 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -367,6 +367,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen) return rc; buf.flags = 0; + buf.length = buflen; buf.data = cmd; dump_tpm_buf(cmd); rc = tpm_transmit_cmd(chip, &buf, 4, "sending data"); @@ -417,7 +418,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, tpm_buf_append_u32(tb, handle); tpm_buf_append(tb, ononce, TPM_NONCE_SIZE); - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); + ret = trusted_tpm_send(tb->data, tb->length); if (ret < 0) return ret; @@ -441,7 +442,7 @@ int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) return -ENODEV; tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OIAP); - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); + ret = trusted_tpm_send(tb->data, tb->length); if (ret < 0) return ret; @@ -553,7 +554,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, tpm_buf_append_u8(tb, cont); tpm_buf_append(tb, td->pubauth, SHA1_DIGEST_SIZE); - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); + ret = trusted_tpm_send(tb->data, tb->length); if (ret < 0) goto out; @@ -644,7 +645,7 @@ static int tpm_unseal(struct tpm_buf *tb, tpm_buf_append_u8(tb, cont); tpm_buf_append(tb, authdata2, SHA1_DIGEST_SIZE); - ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE); + ret = trusted_tpm_send(tb->data, tb->length); if (ret < 0) { pr_info("authhmac failed (%d)\n", ret); return ret; From patchwork Tue Nov 21 21:17:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167944 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920735vqb; Tue, 21 Nov 2023 13:18:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IG1JL65C/DZkwB+EvSqjIWhim7u2OxTYvinhY3hswwqb1fiLgNzGmhqmq1lhCFmhIeXnRFp X-Received: by 2002:a17:90b:3e83:b0:281:61c:1399 with SMTP id rj3-20020a17090b3e8300b00281061c1399mr480368pjb.3.1700601503090; Tue, 21 Nov 2023 13:18:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601503; cv=none; d=google.com; s=arc-20160816; b=NEI4P3qdL9u4ZGYHR17yCeaO3qCuPq61Pou0NhCsFjKvXa//P1Qi0gPR563Zmu+pXp MkMjJjl9kDbzxULxyxXlrMt9RcA+wjJ/JDPTCchVOy9BvJ52SOQVY/7uKr7Rd0NTwCP9 9bP8j+1WW+QxnCfg1jjGGjKkKl84oAXXCcn3Z43f9TrWWm4NyTbco/Vs9Orwqt2kSmlG WVcMWhvDOJwAONm97eMOHipt7LVAZXkYDd3MRTRdOiRHL73Ef6qywl5w7eoFGbLS2wCw 29NT+Uh0FRxGMoaXiPANxE7kl4jdc76fLUf7rWa1eb5sevRv7ptD03y9B9L2KnbsNss0 iJiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0ErxfnF694jSGFYuLhZGoGhavy0ByV5DhTAg2rSd+0g=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=fdOogqoxQhs9DVL3+cKm0t78f7ZCO8zx5WgLRBz5bUktJju3JSm5wR2vcU0flieKpZ R50R/5mXXrFMF1TJPa1ff+J4e8z/oqqOHaHKItxWU/JkWBCgajvhW9u211M9CEv2Do5z YNEAmLIChpNM25FLirUPV42hz0/Fyk8lhzEHu09RRkwSJQ+nMMLNJnnF4DFzL0Tgwi/N MITz+XOPClJIL5DdlDt8dNx0Nm+IOEUBtO+2t920QxCTXgSA64jE6vaWSIgxcd1tObVF BixL0UzhBq8zU4z43MLDcJ0dmZkZB5AyFrphLP5dUGNs1po4KvRncLsa+NmFCWEysLZI x0sQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=i3N63W7O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id ei15-20020a17090ae54f00b002800b0fa4f2si12928091pjb.104.2023.11.21.13.18.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=i3N63W7O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 81C768127F6A; Tue, 21 Nov 2023 13:18:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234572AbjKUVR7 (ORCPT + 99 others); Tue, 21 Nov 2023 16:17:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234578AbjKUVRw (ORCPT ); Tue, 21 Nov 2023 16:17:52 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 950B510E2 for ; Tue, 21 Nov 2023 13:17:43 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A9C15C433C8; Tue, 21 Nov 2023 21:17:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601463; bh=Gw6t4yKIoJH0jVM58wLhTCrKliCl3oXQG36AlAIlWHE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i3N63W7O+mAyzycndV7HyNu7prGb6dNGDn1fHnPWrHEGNyi10ffUvgBuoZP5OIbil tIr0Bd+r+0S89lcmCNo0LL9PyY5EyjJDPg+iKQHNCvfU6NWtEn0cVO+UMnOsEF441o wkSb43Xk7pWNJUoi6+PE40PH1EHIpmMiZC4kqiYilnISC1xopZ23dA39CBanFkczY9 TIGq0p4yK4UVAydvppuqaS4RvGBNj/4t5v4Ah/OD/23Imtts/iJjrBRmDGYhvWdObV gxWuUH8+JmpLmvA/hfPGEXt1bWBFrVDxkMUiqM5eTZ6lcE+yPcLycDYtp7W5DG9OFG EVoNTpZjI+kfg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 6/8] tpm: TPM2B formatted buffers Date: Tue, 21 Nov 2023 23:17:15 +0200 Message-ID: <20231121211717.31681-7-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:18:02 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209921373276483 X-GMAIL-MSGID: 1783209921373276483 Declare tpm_buf_init_sized() and tpm_buf_reset_sized() for creating TPM2B formatted buffers. These buffers are also known as sized buffers in the specifications and literature. Signed-off-by: Jarkko Sakkinen --- v2: [2021-11-21] Refine the API according to the comments for https://lore.kernel.org/linux-integrity/20231024011531.442587-5-jarkko@kernel.org/ --- drivers/char/tpm/tpm-buf.c | 38 +++++++++++++++++++++++++++++++++++--- include/linux/tpm.h | 4 ++++ 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index 545d9c74abf1..12bfade11372 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -48,6 +48,36 @@ void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) } EXPORT_SYMBOL_GPL(tpm_buf_reset); +/** + * tpm_buf_init_sized() - Allocate and initialize a sized (TPM2B) buffer + * @buf: A @tpm_buf + * + * Return: 0 or -ENOMEM + */ +int tpm_buf_init_sized(struct tpm_buf *buf) +{ + buf->data = (u8 *)__get_free_page(GFP_KERNEL); + if (!buf->data) + return -ENOMEM; + + tpm_buf_reset_sized(buf); + return 0; +} +EXPORT_SYMBOL_GPL(tpm_buf_init_sized); + +/** + * tpm_buf_reset_sized() - Initialize a sized buffer + * @buf: A &tpm_buf + */ +void tpm_buf_reset_sized(struct tpm_buf *buf) +{ + buf->flags = TPM_BUF_TPM2B; + buf->length = 2; + buf->data[0] = 0; + buf->data[1] = 0; +} +EXPORT_SYMBOL_GPL(tpm_buf_reset_sized); + void tpm_buf_destroy(struct tpm_buf *buf) { free_page((unsigned long)buf->data); @@ -73,8 +103,6 @@ EXPORT_SYMBOL_GPL(tpm_buf_length); */ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length) { - struct tpm_header *head = (struct tpm_header *)buf->data; - /* Return silently if overflow has already happened. */ if (buf->flags & TPM_BUF_OVERFLOW) return; @@ -87,7 +115,11 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length) memcpy(&buf->data[buf->length], new_data, new_length); buf->length += new_length; - head->length = cpu_to_be32(buf->length); + + if (buf->flags & TPM_BUF_TPM2B) + ((__be16 *)buf->data)[0] = cpu_to_be16(buf->length - 2); + else + ((struct tpm_header *)buf->data)->length = cpu_to_be32(buf->length); } EXPORT_SYMBOL_GPL(tpm_buf_append); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 1d7b39b5c383..715db4a91c1f 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -300,6 +300,8 @@ struct tpm_header { enum tpm_buf_flags { /* the capacity exceeded: */ TPM_BUF_OVERFLOW = BIT(0), + /* TPM2B format: */ + TPM_BUF_TPM2B = BIT(1), }; /* @@ -328,6 +330,8 @@ struct tpm2_hash { int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal); void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal); +int tpm_buf_init_sized(struct tpm_buf *buf); +void tpm_buf_reset_sized(struct tpm_buf *buf); void tpm_buf_destroy(struct tpm_buf *buf); u32 tpm_buf_length(struct tpm_buf *buf); void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length); From patchwork Tue Nov 21 21:17:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167946 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920805vqb; Tue, 21 Nov 2023 13:18:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IGn34WJNe81IiH2dHscddjwr5+N1E4o7w+hsNcoo7XfGbHOmZPfgqIQAVtZLoeePIwJ/BPI X-Received: by 2002:a05:6a20:551b:b0:18b:ac9:d7c6 with SMTP id ko27-20020a056a20551b00b0018b0ac9d7c6mr224767pzb.58.1700601513465; Tue, 21 Nov 2023 13:18:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601513; cv=none; d=google.com; s=arc-20160816; b=dGY99IxhsAQphHpMReIKjSUN/9tckbLhU3Tgtrt3grbKUBpQv32zTIPZgsVgCsTLvt BWea63bdXhNsZ20vOwlbHSOcWzkTDXX4c4uUa3JNPheUw7dyntfvsXaEVSNCDVNMb5si QRavMgSmC0O63pYHP9vI37Clq5Ey4YkCyPHaEk+mAKanwfgtCMwFg33BWLWB5AC+C83+ HSSiABJcpGEGKhR9IWzpnmADyUi7GvUDmjdL+Sp7JfqsFt5E/fb9+kEPcMTd7xFlHVWR TvWUzQHh0j584EWW9nV9iJyxgdCiPMQImDdMmgPnHrZky1yqbNgN5XmRgCECZT7uXEFh uoFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=41ZL9uJFSuI7P9MJ5LxvPTEjw0v89NREiy2uLDRW4sY=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=haFKiEOmyvYSVIz0xBRWVkgMgGc11WXRXP9ryeQ8MokXP2RWELeIg33BIblBtypVzw rtMs3ZE6aRxVbob8t/6BcfJ/lkNfTiRpjI+Dtp7tg9N1TKCEbIMAs6ffBe6wz9porJ63 g7VqYhyROph0jfyP0Pk5Q+22DJ2aU6sRc3Csr6BU2mhmAXkypDMfQ1ls1La5gdv5IszL OGR59QJssgv2/Weli0Pl2Zetoc5bUqW9JlFKuJ3kQbrrf67TcMy07zwfOqv4auD4CK8h jeLpazBmr5ok5D4GSikfxLSBJG8TBItLKnXJUUeshkOS+Mez0aolHk2nJdabRD8DhpAz Pk5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lKkdUPzG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id b19-20020a056a000cd300b006cb64f23d2csi7709616pfv.297.2023.11.21.13.18.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lKkdUPzG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 67D0C8129ACA; Tue, 21 Nov 2023 13:18:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234562AbjKUVSI (ORCPT + 99 others); Tue, 21 Nov 2023 16:18:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234567AbjKUVR7 (ORCPT ); Tue, 21 Nov 2023 16:17:59 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 087B3D7C for ; Tue, 21 Nov 2023 13:17:46 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC746C433C9; Tue, 21 Nov 2023 21:17:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601466; bh=tjk9p4TlrYObLmQhm2Bz2gDnKhOQJKBounykc75pSc0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lKkdUPzGcA/FX4eFo4XJ2ND71Ux3fNopFK7OjOAiSVvDrNsMUkos0j/xde29hbHCw aeixhlrdHLlXricAz/WxMJ2ZXG3cLapgCvKj1xsjb71H2Ix82m7Je3mJkA09rkn0VZ BaFDcORFIm7Pd9UiNpwJX58/LRxuPh5+JTw7iZ3LJTGf5qmrecLYGbPceiMpMire9o RBSnV4Gfkxq6ia/+S2Lw9I5ic0tUWv3okfozOgURGmQZR5LZqj5XLHfpK7biYXw+SH EJhZ8MvtXnZ03tA2EiWU3sccvoVkp7OrMqzEolCXhNn9maRf4u07r9CV+85qk3excP Q47c2aCVZ4g7Q== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 7/8] tpm: Add tpm_buf_read_{u8,u16,u32} Date: Tue, 21 Nov 2023 23:17:16 +0200 Message-ID: <20231121211717.31681-8-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:18:28 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209932149755892 X-GMAIL-MSGID: 1783209932149755892 Declare reader functions for the instances of struct tpm_buf. If the read goes out of boundary, TPM_BUF_BOUNDARY_ERROR is set, and subsequent read will do nothing. Signed-off-by: Jarkko Sakkinen --- v3 [2023-11-21]: Add possibility to check for boundary error to the as response to the feedback from Mario Limenciello: https://lore.kernel.org/linux-integrity/3f9086f6-935f-48a7-889b-c71398422fa1@amd.com/ --- drivers/char/tpm/tpm-buf.c | 76 +++++++++++++++++++++++++++++++++++++- include/linux/tpm.h | 5 +++ 2 files changed, 80 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index 12bfade11372..f721e90757c4 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -108,7 +108,7 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length) return; if ((buf->length + new_length) > PAGE_SIZE) { - WARN(1, "tpm_buf: overflow\n"); + WARN(1, "tpm_buf: write overflow\n"); buf->flags |= TPM_BUF_OVERFLOW; return; } @@ -144,3 +144,77 @@ void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) tpm_buf_append(buf, (u8 *)&value2, 4); } EXPORT_SYMBOL_GPL(tpm_buf_append_u32); + +/** + * tpm_buf_read() - Read from a TPM buffer + * @buf: &tpm_buf instance + * @offset: offset within the buffer + * @count: the number of bytes to read + * @output: the output buffer + */ +static void tpm_buf_read(struct tpm_buf *buf, off_t *offset, size_t count, void *output) +{ + /* Return silently if overflow has already happened. */ + if (buf->flags & TPM_BUF_BOUNDARY_ERROR) + return; + + if (*(offset + count) >= buf->length) { + WARN(1, "tpm_buf: read out of boundary\n"); + buf->flags |= TPM_BUF_BOUNDARY_ERROR; + return; + } + + memcpy(output, &buf->data[*offset], count); + *offset += count; +} + +/** + * tpm_buf_read_u8() - Read 8-bit word from a TPM buffer + * @buf: &tpm_buf instance + * @offset: offset within the buffer + * + * Return: next 8-bit word + */ +u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset) +{ + u8 value; + + tpm_buf_read(buf, offset, sizeof(value), &value); + + return value; +} +EXPORT_SYMBOL_GPL(tpm_buf_read_u8); + +/** + * tpm_buf_read_u16() - Read 16-bit word from a TPM buffer + * @buf: &tpm_buf instance + * @offset: offset within the buffer + * + * Return: next 16-bit word + */ +u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset) +{ + u16 value; + + tpm_buf_read(buf, offset, sizeof(value), &value); + + return be16_to_cpu(value); +} +EXPORT_SYMBOL_GPL(tpm_buf_read_u16); + +/** + * tpm_buf_read_u32() - Read 32-bit word from a TPM buffer + * @buf: &tpm_buf instance + * @offset: offset within the buffer + * + * Return: next 32-bit word + */ +u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset) +{ + u32 value; + + tpm_buf_read(buf, offset, sizeof(value), &value); + + return be32_to_cpu(value); +} +EXPORT_SYMBOL_GPL(tpm_buf_read_u32); diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 715db4a91c1f..e8172f81c562 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -302,6 +302,8 @@ enum tpm_buf_flags { TPM_BUF_OVERFLOW = BIT(0), /* TPM2B format: */ TPM_BUF_TPM2B = BIT(1), + /* read out of boundary: */ + TPM_BUF_BOUNDARY_ERROR = BIT(2), }; /* @@ -338,6 +340,9 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length); void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value); void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value); void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value); +u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset); +u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset); +u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset); /* * Check if TPM device is in the firmware upgrade mode. From patchwork Tue Nov 21 21:17:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 167945 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp920800vqb; Tue, 21 Nov 2023 13:18:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IEZ2NV5pmPA7xHQsiC4ws08czja43xl9sXGkkTXLqwjL38Yj2GQEtvOGZBWi2MGnLNzv4BA X-Received: by 2002:a05:6a21:a5a4:b0:157:e4c6:766a with SMTP id gd36-20020a056a21a5a400b00157e4c6766amr360778pzc.41.1700601513005; Tue, 21 Nov 2023 13:18:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601512; cv=none; d=google.com; s=arc-20160816; b=e5LTZniqamAmXDP99D7wOQB6UyijFup1GoU8ZOBbANPUbP4p96tK9Aoq6wRRZHol44 mfx8RcqIfcq+UeavqcNFytPPd7gX9F5yHOrPh5u7pNdRVmfKIQ8PbDK6qxH1GsJGPO62 WXUNRhYjp19qc1GV8z8i2zwrNx/dLLLiJjr1r7hZ79xiQIk4+fWXnYp/03RIpKjENraB ylLnH1607IvOcTUlQ6s5SH9AbP85SZG3OpU3k+2qwdueiJYEENkPkpI3xwk3YD/bLHSx qfEHg11H63rRHlWjNhQr5NmYVukGIvGxHunq8rhA+yQh+ypIO4K3xngcVVwHJg5scB4H lIZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DO/PlSTXrBgNOuzwEO/xgufeWFic5838YdJnNm0trDg=; fh=jG+sFESJQJDE1Wcf9yLzJ2BgzLPnNsnyl0eym9Se5T0=; b=NEj/+BnNFfNm4JwtVxgyNwHytdCdMTtXTW+AcoS4AIKvhP3lAKHWST3CprQnf6MC0q ny63om6rzdgkwx/7NiLTYtCUwg2+51zwn+Jz2UjTr2a08ZcoFjzlD7waZaUTV6RtyLFR gTzzjXOFoSmqcgZYbX/kcEEeXgam1T7IMOhRLCVVJjGs0o1dhZpYNq9yZI9kcLoAVquG LLnzIT+cuVltT0wV/2mzjWNJjSgCOvR7vHN6uqnHlz1SnFmWrM/XGZQD6NFaSRMq2eGQ MSR1Vd7ySBHYt2oYNJBY3TzjIHWRD0yhbCeYb99rcqEcHCyKfa+jSCrE0YPBsTB67Krj hLOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Pee/r2sx"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id y13-20020a634b0d000000b005bdf5961d87si11007972pga.266.2023.11.21.13.18.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:18:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Pee/r2sx"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 668BD8127F7C; Tue, 21 Nov 2023 13:18:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229513AbjKUVSK (ORCPT + 99 others); Tue, 21 Nov 2023 16:18:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234614AbjKUVSD (ORCPT ); Tue, 21 Nov 2023 16:18:03 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99F971702 for ; Tue, 21 Nov 2023 13:17:49 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC98DC433CB; Tue, 21 Nov 2023 21:17:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700601469; bh=HqrOyp0nDcoraiIniTb/mB74p53iwObmhl1DoJZn8xs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Pee/r2sx6b03sBYSZL3r7fg708z+YSRe7vZq+c+WpQsYu1zpVj+OGeeoI1oTVc3wu E8HhYRqiSsF0xCfNOdlG9Mvp5dkhkOtKoVbWCaZVNiFPpsK1+BV7cSCMI2rQEQz4bx ASconYTyTGQtva+dH8k784pl/p5GU+I2lnMx6tn+/JtLJthBWTSeOlUio1zRi8ZGBN iJvZtwOhG/PCg2STcsu4gm+FyehfVqmIAanodF34EBHYqwIr3mjxpmUBNQPZwU0+7F /IOQu+v9tCvotcrzug8yCSmAWZHeKwhHkaW1tFfkYJkJp3TdjrkA++ShyrXmaThHGi mH4aAzy+nDPjQ== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jarkko Sakkinen , James Bottomley , William Roberts , Stefan Berger , David Howells , Jason Gunthorpe , Mimi Zohar , Mario Limonciello , Jerry Snitselaar , Peter Huewe , James Bottomley , Paul Moore , James Morris , "Serge E. Hallyn" , Julien Gomes Subject: [PATCH v4 8/8] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers Date: Tue, 21 Nov 2023 23:17:17 +0200 Message-ID: <20231121211717.31681-9-jarkko@kernel.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231121211717.31681-1-jarkko@kernel.org> References: <20231121211717.31681-1-jarkko@kernel.org> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:18:28 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783209932565541988 X-GMAIL-MSGID: 1783209932565541988 Take advantage of the new sized buffer (TPM2B) mode of struct tpm_buf in tpm2_seal_trusted(). This allows to add robustness to the command construction without requiring to calculate buffer sizes manually. Signed-off-by: Jarkko Sakkinen --- v3 [2023-11-21]: A boundary error check as response for the feeedback from Mario Limenciello: https://lore.kernel.org/linux-integrity/3f9086f6-935f-48a7-889b-c71398422fa1@amd.com/ v2: Use tpm_buf_read_* --- security/keys/trusted-keys/trusted_tpm2.c | 54 +++++++++++++---------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index bc700f85f80b..97b1dfca2dba 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -228,8 +228,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options) { + off_t offset = TPM_HEADER_SIZE; + struct tpm_buf buf, sized; int blob_len = 0; - struct tpm_buf buf; u32 hash; u32 flags; int i; @@ -258,6 +259,14 @@ int tpm2_seal_trusted(struct tpm_chip *chip, return rc; } + rc = tpm_buf_init_sized(&sized); + if (rc) { + tpm_buf_destroy(&buf); + tpm_put_ops(chip); + return rc; + } + + tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); tpm_buf_append_u32(&buf, options->keyhandle); tpm2_buf_append_auth(&buf, TPM2_RS_PW, NULL /* nonce */, 0, @@ -266,36 +275,36 @@ int tpm2_seal_trusted(struct tpm_chip *chip, TPM_DIGEST_SIZE); /* sensitive */ - tpm_buf_append_u16(&buf, 4 + options->blobauth_len + payload->key_len); + tpm_buf_append_u16(&sized, options->blobauth_len); - tpm_buf_append_u16(&buf, options->blobauth_len); if (options->blobauth_len) - tpm_buf_append(&buf, options->blobauth, options->blobauth_len); + tpm_buf_append(&sized, options->blobauth, options->blobauth_len); - tpm_buf_append_u16(&buf, payload->key_len); - tpm_buf_append(&buf, payload->key, payload->key_len); + tpm_buf_append_u16(&sized, payload->key_len); + tpm_buf_append(&sized, payload->key, payload->key_len); + tpm_buf_append(&buf, sized.data, sized.length); /* public */ - tpm_buf_append_u16(&buf, 14 + options->policydigest_len); - tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH); - tpm_buf_append_u16(&buf, hash); + tpm_buf_reset_sized(&sized); + tpm_buf_append_u16(&sized, TPM_ALG_KEYEDHASH); + tpm_buf_append_u16(&sized, hash); /* key properties */ flags = 0; flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH; - flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | - TPM2_OA_FIXED_PARENT); - tpm_buf_append_u32(&buf, flags); + flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT); + tpm_buf_append_u32(&sized, flags); /* policy */ - tpm_buf_append_u16(&buf, options->policydigest_len); + tpm_buf_append_u16(&sized, options->policydigest_len); if (options->policydigest_len) - tpm_buf_append(&buf, options->policydigest, - options->policydigest_len); + tpm_buf_append(&sized, options->policydigest, options->policydigest_len); /* public parameters */ - tpm_buf_append_u16(&buf, TPM_ALG_NULL); - tpm_buf_append_u16(&buf, 0); + tpm_buf_append_u16(&sized, TPM_ALG_NULL); + tpm_buf_append_u16(&sized, 0); + + tpm_buf_append(&buf, sized.data, sized.length); /* outside info */ tpm_buf_append_u16(&buf, 0); @@ -312,21 +321,20 @@ int tpm2_seal_trusted(struct tpm_chip *chip, if (rc) goto out; - blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); - if (blob_len > MAX_BLOB_SIZE) { + blob_len = tpm_buf_read_u32(&buf, &offset); + if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) { rc = -E2BIG; goto out; } - if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) { + if (buf.length - offset < blob_len) { rc = -EFAULT; goto out; } - blob_len = tpm2_key_encode(payload, options, - &buf.data[TPM_HEADER_SIZE + 4], - blob_len); + blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len); out: + tpm_buf_destroy(&sized); tpm_buf_destroy(&buf); if (rc > 0) {