All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v5] tpm_tis: Check return values from get_burstcount.
@ 2016-10-27 21:50 Josh Zimmerman
       [not found] ` <20161027215009.GA12733-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Josh Zimmerman @ 2016-10-27 21:50 UTC (permalink / raw)
  To: Peter Huewe, Marcel Selhorst, Jarkko Sakkinen, Jason Gunthorpe,
	tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f

If the TPM we're connecting to uses a static burst count, it will report
a burst count of zero throughout the response read. However, get_burstcount
assumes that a response of zero indicates that the TPM is not ready to
receive more data. In this case, it returns a negative error code, which
is passed on to tpm_tis_{write,read}_bytes as a u16, causing
them to read/write far too many bytes.

This patch checks for negative return codes and bails out from recv_data
and tpm_tis_send_data.

Fixes: 1107d065fdf1 (tpm_tis: Introduce intermediate layer for TPM access)
Signed-off-by: Josh Zimmerman <joshz-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>

---
Changelog v5:
 - Move burstcnt < 0 check to before the min_t() call for enhanced readability.
Changelog v4:
 - Add short description to Fixes tag line.
 - Remove some unnecessary information in dev_err statements.
Changelog v3:
 - Add signed-off-by.
Changelog v2:
 - Fix typo (rc->burstcnt)

---
 drivers/char/tpm/tpm_tis_core.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index e3bf31b..a1ce060 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -185,7 +185,12 @@ static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
 				 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
 				 chip->timeout_c,
 				 &priv->read_queue, true) == 0) {
-		burstcnt = min_t(int, get_burstcount(chip), count - size);
+		burstcnt = get_burstcount(chip);
+		if (burstcnt < 0) {
+			dev_err(&chip->dev, "Unable to read burstcount\n");
+			return burstcnt;
+		}
+		burstcnt = min_t(int, burstcnt, count - size);
 
 		rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
 					burstcnt, buf + size);
@@ -271,7 +276,13 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
 	}
 
 	while (count < len - 1) {
-		burstcnt = min_t(int, get_burstcount(chip), len - count - 1);
+		burstcnt = get_burstcount(chip);
+		if (burstcnt < 0) {
+			dev_err(&chip->dev, "Unable to read burstcount\n");
+			rc = burstcnt;
+			goto out_err;
+		}
+		burstcnt = min_t(int, burstcnt, len - count - 1);
 		rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
 					 burstcnt, buf + count);
 		if (rc < 0)
-- 
2.8.0.rc3.226.g39d4020


------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-11-04  7:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-27 21:50 [PATCH v5] tpm_tis: Check return values from get_burstcount Josh Zimmerman
     [not found] ` <20161027215009.GA12733-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2016-10-28 16:28   ` Jarkko Sakkinen
     [not found]     ` <20161028162815.e2ssrzwq62i5rorn-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-11-02 10:40       ` Jarkko Sakkinen
2016-11-04  7:15         ` [tpmdd-devel] " Jarkko Sakkinen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.