tpm: do handle area size validation only when TPM space used
diff mbox

Message ID 20170326210815.21252-1-jarkko.sakkinen@iki.fi
State New
Headers show

Commit Message

Jarkko Sakkinen March 26, 2017, 9:08 p.m. UTC
In order to not cause backwards compatibility issues with
/dev/tpm0 disable handle area size validation if tpm_transmit
is not called with a TPM space.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
---
 drivers/char/tpm/tpm-interface.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

Jarkko Sakkinen March 28, 2017, 10:24 a.m. UTC | #1
So do you need this or not?

/Jarkko

On Mon, Mar 27, 2017 at 12:08:15AM +0300, Jarkko Sakkinen wrote:
> In order to not cause backwards compatibility issues with
> /dev/tpm0 disable handle area size validation if tpm_transmit
> is not called with a TPM space.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
> ---
>  drivers/char/tpm/tpm-interface.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index bf0c3fa..158c1db 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -328,7 +328,9 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
>  }
>  EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
>  
> -static bool tpm_validate_command(struct tpm_chip *chip, const u8 *cmd,
> +static bool tpm_validate_command(struct tpm_chip *chip,
> +				 struct tpm_space *space,
> +				 const u8 *cmd,
>  				 size_t len)
>  {
>  	const struct tpm_input_header *header = (const void *)cmd;
> @@ -340,6 +342,9 @@ static bool tpm_validate_command(struct tpm_chip *chip, const u8 *cmd,
>  	if (len < TPM_HEADER_SIZE)
>  		return false;
>  
> +	if (!space)
> +		return true;
> +
>  	if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
>  		cc = be32_to_cpu(header->ordinal);
>  
> @@ -386,7 +391,7 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
>  	unsigned long stop;
>  	bool need_locality;
>  
> -	if (!tpm_validate_command(chip, buf, bufsiz))
> +	if (!tpm_validate_command(chip, space, buf, bufsiz))
>  		return -EINVAL;
>  
>  	if (bufsiz > TPM_BUFSIZE)
> -- 
> 2.9.3
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Alexander Steffen March 28, 2017, 11:27 a.m. UTC | #2
WWVzLCB0aGlzIGZpeGVzIHRoZSBpc3N1ZSBmb3IgbWUuIFRoYW5rcy4NCg0KQWxleGFuZGVyDQoN
Cj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogSmFya2tvIFNha2tpbmVuIFtt
YWlsdG86amFya2tvLnNha2tpbmVuQGxpbnV4LmludGVsLmNvbV0NCj4gU2VudDogVHVlc2RheSwg
TWFyY2ggMjgsIDIwMTcgMTI6MjUgUE0NCj4gVG86IFN0ZWZmZW4gQWxleGFuZGVyIChJRkFHIEND
UyBFU1MgRCBTVyBBKQ0KPiBDYzogdHBtZGQtZGV2ZWxAbGlzdHMuc291cmNlZm9yZ2UubmV0OyBs
aW51eC1zZWN1cml0eS0NCj4gbW9kdWxlQHZnZXIua2VybmVsLm9yZzsgUGV0ZXIgSHVld2U7IE1h
cmNlbCBTZWxob3JzdDsgSmFzb24gR3VudGhvcnBlOw0KPiBvcGVuIGxpc3QNCj4gU3ViamVjdDog
UmU6IFtQQVRDSF0gdHBtOiBkbyBoYW5kbGUgYXJlYSBzaXplIHZhbGlkYXRpb24gb25seSB3aGVu
IFRQTQ0KPiBzcGFjZSB1c2VkDQo+IA0KPiBTbyBkbyB5b3UgbmVlZCB0aGlzIG9yIG5vdD8NCj4g
DQo+IC9KYXJra28NCj4gDQo+IE9uIE1vbiwgTWFyIDI3LCAyMDE3IGF0IDEyOjA4OjE1QU0gKzAz
MDAsIEphcmtrbyBTYWtraW5lbiB3cm90ZToNCj4gPiBJbiBvcmRlciB0byBub3QgY2F1c2UgYmFj
a3dhcmRzIGNvbXBhdGliaWxpdHkgaXNzdWVzIHdpdGgNCj4gPiAvZGV2L3RwbTAgZGlzYWJsZSBo
YW5kbGUgYXJlYSBzaXplIHZhbGlkYXRpb24gaWYgdHBtX3RyYW5zbWl0IGlzIG5vdA0KPiA+IGNh
bGxlZCB3aXRoIGEgVFBNIHNwYWNlLg0KPiA+DQo+ID4gU2lnbmVkLW9mZi1ieTogSmFya2tvIFNh
a2tpbmVuIDxqYXJra28uc2Fra2luZW5AaWtpLmZpPg0KPiA+IC0tLQ0KPiA+ICBkcml2ZXJzL2No
YXIvdHBtL3RwbS1pbnRlcmZhY2UuYyB8IDkgKysrKysrKy0tDQo+ID4gIDEgZmlsZSBjaGFuZ2Vk
LCA3IGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQo+ID4NCj4gPiBkaWZmIC0tZ2l0IGEv
ZHJpdmVycy9jaGFyL3RwbS90cG0taW50ZXJmYWNlLmMNCj4gPiBiL2RyaXZlcnMvY2hhci90cG0v
dHBtLWludGVyZmFjZS5jDQo+ID4gaW5kZXggYmYwYzNmYS4uMTU4YzFkYiAxMDA2NDQNCj4gPiAt
LS0gYS9kcml2ZXJzL2NoYXIvdHBtL3RwbS1pbnRlcmZhY2UuYw0KPiA+ICsrKyBiL2RyaXZlcnMv
Y2hhci90cG0vdHBtLWludGVyZmFjZS5jDQo+ID4gQEAgLTMyOCw3ICszMjgsOSBAQCB1bnNpZ25l
ZCBsb25nIHRwbV9jYWxjX29yZGluYWxfZHVyYXRpb24oc3RydWN0DQo+ID4gdHBtX2NoaXAgKmNo
aXAsICB9ICBFWFBPUlRfU1lNQk9MX0dQTCh0cG1fY2FsY19vcmRpbmFsX2R1cmF0aW9uKTsNCj4g
Pg0KPiA+IC1zdGF0aWMgYm9vbCB0cG1fdmFsaWRhdGVfY29tbWFuZChzdHJ1Y3QgdHBtX2NoaXAg
KmNoaXAsIGNvbnN0IHU4DQo+ID4gKmNtZCwNCj4gPiArc3RhdGljIGJvb2wgdHBtX3ZhbGlkYXRl
X2NvbW1hbmQoc3RydWN0IHRwbV9jaGlwICpjaGlwLA0KPiA+ICsJCQkJIHN0cnVjdCB0cG1fc3Bh
Y2UgKnNwYWNlLA0KPiA+ICsJCQkJIGNvbnN0IHU4ICpjbWQsDQo+ID4gIAkJCQkgc2l6ZV90IGxl
bikNCj4gPiAgew0KPiA+ICAJY29uc3Qgc3RydWN0IHRwbV9pbnB1dF9oZWFkZXIgKmhlYWRlciA9
IChjb25zdCB2b2lkICopY21kOyBAQCAtDQo+IDM0MCw2DQo+ID4gKzM0Miw5IEBAIHN0YXRpYyBi
b29sIHRwbV92YWxpZGF0ZV9jb21tYW5kKHN0cnVjdCB0cG1fY2hpcCAqY2hpcCwNCj4gY29uc3Qg
dTggKmNtZCwNCj4gPiAgCWlmIChsZW4gPCBUUE1fSEVBREVSX1NJWkUpDQo+ID4gIAkJcmV0dXJu
IGZhbHNlOw0KPiA+DQo+ID4gKwlpZiAoIXNwYWNlKQ0KPiA+ICsJCXJldHVybiB0cnVlOw0KPiA+
ICsNCj4gPiAgCWlmIChjaGlwLT5mbGFncyAmIFRQTV9DSElQX0ZMQUdfVFBNMiAmJiBjaGlwLT5u
cl9jb21tYW5kcykgew0KPiA+ICAJCWNjID0gYmUzMl90b19jcHUoaGVhZGVyLT5vcmRpbmFsKTsN
Cj4gPg0KPiA+IEBAIC0zODYsNyArMzkxLDcgQEAgc3NpemVfdCB0cG1fdHJhbnNtaXQoc3RydWN0
IHRwbV9jaGlwICpjaGlwLCBzdHJ1Y3QNCj4gdHBtX3NwYWNlICpzcGFjZSwNCj4gPiAgCXVuc2ln
bmVkIGxvbmcgc3RvcDsNCj4gPiAgCWJvb2wgbmVlZF9sb2NhbGl0eTsNCj4gPg0KPiA+IC0JaWYg
KCF0cG1fdmFsaWRhdGVfY29tbWFuZChjaGlwLCBidWYsIGJ1ZnNpeikpDQo+ID4gKwlpZiAoIXRw
bV92YWxpZGF0ZV9jb21tYW5kKGNoaXAsIHNwYWNlLCBidWYsIGJ1ZnNpeikpDQo+ID4gIAkJcmV0
dXJuIC1FSU5WQUw7DQo+ID4NCj4gPiAgCWlmIChidWZzaXogPiBUUE1fQlVGU0laRSkNCj4gPiAt
LQ0KPiA+IDIuOS4zDQo+ID4NCg0K
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarkko Sakkinen March 28, 2017, 12:47 p.m. UTC | #3
On Tue, Mar 28, 2017 at 11:27:53AM +0000, Alexander.Steffen@infineon.com wrote:
> Yes, this fixes the issue for me. Thanks.
> 
> Alexander

Great. I will squash this to the infrastructure patch. Thank you.

/Jarkko

> > -----Original Message-----
> > From: Jarkko Sakkinen [mailto:jarkko.sakkinen@linux.intel.com]
> > Sent: Tuesday, March 28, 2017 12:25 PM
> > To: Steffen Alexander (IFAG CCS ESS D SW A)
> > Cc: tpmdd-devel@lists.sourceforge.net; linux-security-
> > module@vger.kernel.org; Peter Huewe; Marcel Selhorst; Jason Gunthorpe;
> > open list
> > Subject: Re: [PATCH] tpm: do handle area size validation only when TPM
> > space used
> > 
> > So do you need this or not?
> > 
> > /Jarkko
> > 
> > On Mon, Mar 27, 2017 at 12:08:15AM +0300, Jarkko Sakkinen wrote:
> > > In order to not cause backwards compatibility issues with
> > > /dev/tpm0 disable handle area size validation if tpm_transmit is not
> > > called with a TPM space.
> > >
> > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
> > > ---
> > >  drivers/char/tpm/tpm-interface.c | 9 +++++++--
> > >  1 file changed, 7 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/char/tpm/tpm-interface.c
> > > b/drivers/char/tpm/tpm-interface.c
> > > index bf0c3fa..158c1db 100644
> > > --- a/drivers/char/tpm/tpm-interface.c
> > > +++ b/drivers/char/tpm/tpm-interface.c
> > > @@ -328,7 +328,9 @@ unsigned long tpm_calc_ordinal_duration(struct
> > > tpm_chip *chip,  }  EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
> > >
> > > -static bool tpm_validate_command(struct tpm_chip *chip, const u8
> > > *cmd,
> > > +static bool tpm_validate_command(struct tpm_chip *chip,
> > > +				 struct tpm_space *space,
> > > +				 const u8 *cmd,
> > >  				 size_t len)
> > >  {
> > >  	const struct tpm_input_header *header = (const void *)cmd; @@ -
> > 340,6
> > > +342,9 @@ static bool tpm_validate_command(struct tpm_chip *chip,
> > const u8 *cmd,
> > >  	if (len < TPM_HEADER_SIZE)
> > >  		return false;
> > >
> > > +	if (!space)
> > > +		return true;
> > > +
> > >  	if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
> > >  		cc = be32_to_cpu(header->ordinal);
> > >
> > > @@ -386,7 +391,7 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct
> > tpm_space *space,
> > >  	unsigned long stop;
> > >  	bool need_locality;
> > >
> > > -	if (!tpm_validate_command(chip, buf, bufsiz))
> > > +	if (!tpm_validate_command(chip, space, buf, bufsiz))
> > >  		return -EINVAL;
> > >
> > >  	if (bufsiz > TPM_BUFSIZE)
> > > --
> > > 2.9.3
> > >
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index bf0c3fa..158c1db 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -328,7 +328,9 @@  unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
 }
 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
 
-static bool tpm_validate_command(struct tpm_chip *chip, const u8 *cmd,
+static bool tpm_validate_command(struct tpm_chip *chip,
+				 struct tpm_space *space,
+				 const u8 *cmd,
 				 size_t len)
 {
 	const struct tpm_input_header *header = (const void *)cmd;
@@ -340,6 +342,9 @@  static bool tpm_validate_command(struct tpm_chip *chip, const u8 *cmd,
 	if (len < TPM_HEADER_SIZE)
 		return false;
 
+	if (!space)
+		return true;
+
 	if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
 		cc = be32_to_cpu(header->ordinal);
 
@@ -386,7 +391,7 @@  ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
 	unsigned long stop;
 	bool need_locality;
 
-	if (!tpm_validate_command(chip, buf, bufsiz))
+	if (!tpm_validate_command(chip, space, buf, bufsiz))
 		return -EINVAL;
 
 	if (bufsiz > TPM_BUFSIZE)