[PATCH] tpm: fix RC value check in tpm2_seal

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] tpm: fix RC value check in tpm2_seal_trusted
@ 2017-01-25 21:03 ` Jarkko Sakkinen
  0 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-25 21:03 UTC (permalink / raw)
  To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
  Cc: open list, linux-security-module-u79uwXL29TY76Z2rM5mHXA

Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
---
 drivers/char/tpm/tpm.h      | 5 +++++
 drivers/char/tpm/tpm2-cmd.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 4e5fb22..abc621e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -523,6 +523,11 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
 }
 #endif
 
+static inline inline u32 tpm2_rc_value(u32 rc)
+{
+	return (rc & BIT(7)) ? rc & 0xff : rc;
+}
+
 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
 		    struct tpm2_digest *digests);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6c8174a..40b09ca 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -551,7 +551,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 	tpm_buf_destroy(&buf);
 
 	if (rc > 0) {
-		if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH)
+		if (tpm2_rc_value(rc) == TPM2_RC_HASH)
 			rc = -EINVAL;
 		else
 			rc = -EPERM;
-- 
2.9.3


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

^ permalink raw reply related	[flat|nested] 11+ messages in thread

* [PATCH] tpm: fix RC value check in tpm2_seal_trusted
@ 2017-01-25 21:03 ` Jarkko Sakkinen
  0 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-25 21:03 UTC (permalink / raw)
  To: tpmdd-devel
  Cc: linux-security-module, Jarkko Sakkinen, Peter Huewe,
	Marcel Selhorst, Jason Gunthorpe, open list

Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/char/tpm/tpm.h      | 5 +++++
 drivers/char/tpm/tpm2-cmd.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 4e5fb22..abc621e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -523,6 +523,11 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
 }
 #endif
 
+static inline inline u32 tpm2_rc_value(u32 rc)
+{
+	return (rc & BIT(7)) ? rc & 0xff : rc;
+}
+
 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
 		    struct tpm2_digest *digests);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6c8174a..40b09ca 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -551,7 +551,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 	tpm_buf_destroy(&buf);
 
 	if (rc > 0) {
-		if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH)
+		if (tpm2_rc_value(rc) == TPM2_RC_HASH)
 			rc = -EINVAL;
 		else
 			rc = -EPERM;
-- 
2.9.3

^ permalink raw reply related	[flat|nested] 11+ messages in thread

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
  2017-01-25 21:03 ` Jarkko Sakkinen
  (?)
@ 2017-01-25 22:12 ` Jason Gunthorpe
  2017-01-26 11:27   ` Jarkko Sakkinen
  -1 siblings, 1 reply; 11+ messages in thread
From: Jason Gunthorpe @ 2017-01-25 22:12 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
	open list

On Wed, Jan 25, 2017 at 11:03:48PM +0200, Jarkko Sakkinen wrote:
> Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

I think you need a commit message for this.. Is this following the
spec?

Jason

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
  2017-01-25 22:12 ` Jason Gunthorpe
@ 2017-01-26 11:27   ` Jarkko Sakkinen
  2017-01-26 18:32     ` Jason Gunthorpe
  0 siblings, 1 reply; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-26 11:27 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
	open list

On Wed, Jan 25, 2017 at 03:12:45PM -0700, Jason Gunthorpe wrote:
> On Wed, Jan 25, 2017 at 11:03:48PM +0200, Jarkko Sakkinen wrote:
> > Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips")
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> 
> I think you need a commit message for this.. Is this following the
> spec?

Yes.

Format one commands the upper bits contain either handle, session or
parameter index. Bit 7 tells whether it the error code is format zero or
one. Format zero errors do not require masking. They do not have any
data in addition to value.

The reason why this bug was repeated in TPM space code was that I
originally melded that code form my trusted keys code (copy pasted and
edited message construction).

"The error code handling is bogus as any error code that has the bits
set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
parse the error value from FMT0 and FMT1 error codes to use to check the
error so that these types of mistakes is prevented in the future."

Is that suitable or do you want me to add something?

Jarkko

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
  2017-01-26 11:27   ` Jarkko Sakkinen
@ 2017-01-26 18:32     ` Jason Gunthorpe
       [not found]       ` <20170126183252.GA16502-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
  0 siblings, 1 reply; 11+ messages in thread
From: Jason Gunthorpe @ 2017-01-26 18:32 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
	open list

On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:

> "The error code handling is bogus as any error code that has the bits
> set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> parse the error value from FMT0 and FMT1 error codes to use to check the
> error so that these types of mistakes is prevented in the future."

Great thanks

Jason

^ permalink raw reply	[flat|nested] 11+ messages in thread

[parent not found: <20170126183252.GA16502-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>]

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
  2017-01-26 18:32     ` Jason Gunthorpe
@ 2017-01-27  6:43           ` Jarkko Sakkinen
  0 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-27  6:43 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f, open list

On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> 
> > "The error code handling is bogus as any error code that has the bits
> > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > parse the error value from FMT0 and FMT1 error codes to use to check the
> > error so that these types of mistakes is prevented in the future."
> 
> Great thanks
> 
> Jason

Can I put your Reviewed-by? I would like to get this into 4.11.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
@ 2017-01-27  6:43           ` Jarkko Sakkinen
  0 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-27  6:43 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
	open list

On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> 
> > "The error code handling is bogus as any error code that has the bits
> > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > parse the error value from FMT0 and FMT1 error codes to use to check the
> > error so that these types of mistakes is prevented in the future."
> 
> Great thanks
> 
> Jason

Can I put your Reviewed-by? I would like to get this into 4.11.

/Jarkko

^ permalink raw reply	[flat|nested] 11+ messages in thread

[parent not found: <20170127064327.esussb6itanaqibq-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>]

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
  2017-01-27  6:43           ` Jarkko Sakkinen
@ 2017-01-27 16:24               ` Jason Gunthorpe
  -1 siblings, 0 replies; 11+ messages in thread
From: Jason Gunthorpe @ 2017-01-27 16:24 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f, open list

On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > 
> > > "The error code handling is bogus as any error code that has the bits
> > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > error so that these types of mistakes is prevented in the future."
> > 
> > Great thanks
> > 
> > Jason
> 
> Can I put your Reviewed-by? I would like to get this into 4.11.

I'm not up to speed on the TPM2 parsing, but it looks OK based on your
description.

Reviewed-by: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>

Jason

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
@ 2017-01-27 16:24               ` Jason Gunthorpe
  0 siblings, 0 replies; 11+ messages in thread
From: Jason Gunthorpe @ 2017-01-27 16:24 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
	open list

On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > 
> > > "The error code handling is bogus as any error code that has the bits
> > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > error so that these types of mistakes is prevented in the future."
> > 
> > Great thanks
> > 
> > Jason
> 
> Can I put your Reviewed-by? I would like to get this into 4.11.

I'm not up to speed on the TPM2 parsing, but it looks OK based on your
description.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>

Jason

^ permalink raw reply	[flat|nested] 11+ messages in thread

[parent not found: <20170127162416.GA32330-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>]

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
  2017-01-27 16:24               ` Jason Gunthorpe
@ 2017-01-29 15:11                   ` Jarkko Sakkinen
  -1 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-29 15:11 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f, open list

On Fri, Jan 27, 2017 at 09:24:16AM -0700, Jason Gunthorpe wrote:
> On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> > On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > > 
> > > > "The error code handling is bogus as any error code that has the bits
> > > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > > error so that these types of mistakes is prevented in the future."
> > > 
> > > Great thanks
> > > 
> > > Jason
> > 
> > Can I put your Reviewed-by? I would like to get this into 4.11.
> 
> I'm not up to speed on the TPM2 parsing, but it looks OK based on your
> description.
> 
> Reviewed-by: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
> 
> Jason

Thanks I applied this patch to master.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] tpm: fix RC value check in tpm2_seal_trusted
@ 2017-01-29 15:11                   ` Jarkko Sakkinen
  0 siblings, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2017-01-29 15:11 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: tpmdd-devel, linux-security-module, Peter Huewe, Marcel Selhorst,
	open list

On Fri, Jan 27, 2017 at 09:24:16AM -0700, Jason Gunthorpe wrote:
> On Fri, Jan 27, 2017 at 08:43:27AM +0200, Jarkko Sakkinen wrote:
> > On Thu, Jan 26, 2017 at 11:32:52AM -0700, Jason Gunthorpe wrote:
> > > On Thu, Jan 26, 2017 at 01:27:14PM +0200, Jarkko Sakkinen wrote:
> > > 
> > > > "The error code handling is bogus as any error code that has the bits
> > > > set that TPM_RC_HASH could pass. Implemented tpm2_rc_value() helper to
> > > > parse the error value from FMT0 and FMT1 error codes to use to check the
> > > > error so that these types of mistakes is prevented in the future."
> > > 
> > > Great thanks
> > > 
> > > Jason
> > 
> > Can I put your Reviewed-by? I would like to get this into 4.11.
> 
> I'm not up to speed on the TPM2 parsing, but it looks OK based on your
> description.
> 
> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
> 
> Jason

Thanks I applied this patch to master.

/Jarkko

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2017-01-29 15:14 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-25 21:03 [PATCH] tpm: fix RC value check in tpm2_seal_trusted Jarkko Sakkinen
2017-01-25 21:03 ` Jarkko Sakkinen
2017-01-25 22:12 ` Jason Gunthorpe
2017-01-26 11:27   ` Jarkko Sakkinen
2017-01-26 18:32     ` Jason Gunthorpe
     [not found]       ` <20170126183252.GA16502-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-27  6:43         ` Jarkko Sakkinen
2017-01-27  6:43           ` Jarkko Sakkinen
     [not found]           ` <20170127064327.esussb6itanaqibq-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-27 16:24             ` Jason Gunthorpe
2017-01-27 16:24               ` Jason Gunthorpe
     [not found]               ` <20170127162416.GA32330-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-29 15:11                 ` Jarkko Sakkinen
2017-01-29 15:11                   ` Jarkko Sakkinen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.