Re: [PATCH v11 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: Re: [PATCH v11 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
Date: Sun, 13 Sep 2020 17:35:27 +0800	[thread overview]
Message-ID: <202009131715.alvmDNan%lkp@intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 6886 bytes --]

CC: kbuild-all(a)lists.01.org
In-Reply-To: <20200912172643.9063-5-James.Bottomley@HansenPartnership.com>
References: <20200912172643.9063-5-James.Bottomley@HansenPartnership.com>
TO: James Bottomley <James.Bottomley@HansenPartnership.com>
TO: linux-integrity(a)vger.kernel.org
CC: Mimi Zohar <zohar@linux.ibm.com>
CC: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
CC: David Woodhouse <dwmw2@infradead.org>
CC: keyrings(a)vger.kernel.org
CC: David Howells <dhowells@redhat.com>

Hi James,

I love your patch! Perhaps something to improve:

[auto build test WARNING on integrity/next-integrity]
[also build test WARNING on linus/master v5.9-rc4 next-20200911]
[cannot apply to security/next-testing dhowells-fs/fscache-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200913-013201
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
:::::: branch date: 16 hours ago
:::::: commit date: 16 hours ago
compiler: microblaze-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


cppcheck warnings: (new ones prefixed by >>)

>> security/keys/trusted-keys/trusted_tpm2.c:38:25: warning: Either the condition '!scratch' is redundant or there is pointer arithmetic with NULL pointer. [nullPointerArithmeticRedundantCheck]
    u8 *end_work = scratch + SCRATCH_SIZE;
                           ^
   security/keys/trusted-keys/trusted_tpm2.c:50:6: note: Assuming that condition '!scratch' is not redundant
    if (!scratch)
        ^
   security/keys/trusted-keys/trusted_tpm2.c:38:25: note: Null pointer addition
    u8 *end_work = scratch + SCRATCH_SIZE;
                           ^

# https://github.com/0day-ci/linux/commit/ce13d03d29ab9ef7c6236ddfbd25ef4ea78dccff
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review James-Bottomley/TPM-2-0-trusted-key-rework/20200913-013201
git checkout ce13d03d29ab9ef7c6236ddfbd25ef4ea78dccff
vim +38 security/keys/trusted-keys/trusted_tpm2.c

ce13d03d29ab9e James Bottomley 2020-09-12  30  
ce13d03d29ab9e James Bottomley 2020-09-12  31  static int tpm2_key_encode(struct trusted_key_payload *payload,
ce13d03d29ab9e James Bottomley 2020-09-12  32  			   struct trusted_key_options *options,
ce13d03d29ab9e James Bottomley 2020-09-12  33  			   u8 *src, u32 len)
ce13d03d29ab9e James Bottomley 2020-09-12  34  {
ce13d03d29ab9e James Bottomley 2020-09-12  35  	const int SCRATCH_SIZE = PAGE_SIZE;
ce13d03d29ab9e James Bottomley 2020-09-12  36  	u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL);
ce13d03d29ab9e James Bottomley 2020-09-12  37  	u8 *work = scratch, *work1;
ce13d03d29ab9e James Bottomley 2020-09-12 @38  	u8 *end_work = scratch + SCRATCH_SIZE;
ce13d03d29ab9e James Bottomley 2020-09-12  39  	u8 *priv, *pub;
ce13d03d29ab9e James Bottomley 2020-09-12  40  	u16 priv_len, pub_len;
ce13d03d29ab9e James Bottomley 2020-09-12  41  
ce13d03d29ab9e James Bottomley 2020-09-12  42  	priv_len = get_unaligned_be16(src) + 2;
ce13d03d29ab9e James Bottomley 2020-09-12  43  	priv = src;
ce13d03d29ab9e James Bottomley 2020-09-12  44  
ce13d03d29ab9e James Bottomley 2020-09-12  45  	src += priv_len;
ce13d03d29ab9e James Bottomley 2020-09-12  46  
ce13d03d29ab9e James Bottomley 2020-09-12  47  	pub_len = get_unaligned_be16(src) + 2;
ce13d03d29ab9e James Bottomley 2020-09-12  48  	pub = src;
ce13d03d29ab9e James Bottomley 2020-09-12  49  
ce13d03d29ab9e James Bottomley 2020-09-12  50  	if (!scratch)
ce13d03d29ab9e James Bottomley 2020-09-12  51  		return -ENOMEM;
ce13d03d29ab9e James Bottomley 2020-09-12  52  
ce13d03d29ab9e James Bottomley 2020-09-12  53  	work = asn1_encode_oid(work, end_work, tpm2key_oid,
ce13d03d29ab9e James Bottomley 2020-09-12  54  			       asn1_oid_len(tpm2key_oid));
ce13d03d29ab9e James Bottomley 2020-09-12  55  
ce13d03d29ab9e James Bottomley 2020-09-12  56  	if (options->blobauth_len == 0) {
ce13d03d29ab9e James Bottomley 2020-09-12  57  		unsigned char bool[3], *w = bool;
ce13d03d29ab9e James Bottomley 2020-09-12  58  		/* tag 0 is emptyAuth */
ce13d03d29ab9e James Bottomley 2020-09-12  59  		w = asn1_encode_boolean(w, w + sizeof(bool), true);
ce13d03d29ab9e James Bottomley 2020-09-12  60  		if (WARN(IS_ERR(w), "BUG: Boolean failed to encode"))
ce13d03d29ab9e James Bottomley 2020-09-12  61  			return PTR_ERR(w);
ce13d03d29ab9e James Bottomley 2020-09-12  62  		work = asn1_encode_tag(work, end_work, 0, bool, w - bool);
ce13d03d29ab9e James Bottomley 2020-09-12  63  	}
ce13d03d29ab9e James Bottomley 2020-09-12  64  
ce13d03d29ab9e James Bottomley 2020-09-12  65  	/*
ce13d03d29ab9e James Bottomley 2020-09-12  66  	 * Assume both octet strings will encode to a 2 byte definite length
ce13d03d29ab9e James Bottomley 2020-09-12  67  	 *
ce13d03d29ab9e James Bottomley 2020-09-12  68  	 * Note: For a well behaved TPM, this warning should never
ce13d03d29ab9e James Bottomley 2020-09-12  69  	 * trigger, so if it does there's something nefarious going on
ce13d03d29ab9e James Bottomley 2020-09-12  70  	 */
ce13d03d29ab9e James Bottomley 2020-09-12  71  	if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE,
ce13d03d29ab9e James Bottomley 2020-09-12  72  		 "BUG: scratch buffer is too small"))
ce13d03d29ab9e James Bottomley 2020-09-12  73  		return -EINVAL;
ce13d03d29ab9e James Bottomley 2020-09-12  74  
ce13d03d29ab9e James Bottomley 2020-09-12  75  	work = asn1_encode_integer(work, end_work, options->keyhandle);
ce13d03d29ab9e James Bottomley 2020-09-12  76  	work = asn1_encode_octet_string(work, end_work, pub, pub_len);
ce13d03d29ab9e James Bottomley 2020-09-12  77  	work = asn1_encode_octet_string(work, end_work, priv, priv_len);
ce13d03d29ab9e James Bottomley 2020-09-12  78  
ce13d03d29ab9e James Bottomley 2020-09-12  79  	work1 = payload->blob;
ce13d03d29ab9e James Bottomley 2020-09-12  80  	work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob),
ce13d03d29ab9e James Bottomley 2020-09-12  81  				     scratch, work - scratch);
ce13d03d29ab9e James Bottomley 2020-09-12  82  	if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed"))
ce13d03d29ab9e James Bottomley 2020-09-12  83  		return PTR_ERR(work1);
ce13d03d29ab9e James Bottomley 2020-09-12  84  
ce13d03d29ab9e James Bottomley 2020-09-12  85  	return work1 - payload->blob;
ce13d03d29ab9e James Bottomley 2020-09-12  86  }
ce13d03d29ab9e James Bottomley 2020-09-12  87  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

next             reply	other threads:[~2020-09-13  9:35 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-13  9:35 kernel test robot [this message]
  -- strict thread matches above, loose matches on Subject: below --
2020-09-12 17:26 [PATCH v11 0/5] TPM 2.0 trusted key rework James Bottomley
2020-09-12 17:26 ` [PATCH v11 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs James Bottomley
2020-09-12 17:26   ` James Bottomley
2020-09-13  6:26   ` kernel test robot
2020-09-13  6:26     ` kernel test robot
2020-09-13  6:26     ` kernel test robot
2020-09-13 17:02     ` James Bottomley
2020-09-13 17:02       ` James Bottomley
2020-09-15  9:11       ` Jarkko Sakkinen
2020-09-15 20:20         ` Nick Desaulniers
2020-09-15 20:20           ` Nick Desaulniers
2020-09-15 20:20           ` Nick Desaulniers
2020-09-16 16:27           ` Jarkko Sakkinen
2020-09-16 16:27             ` Jarkko Sakkinen
2020-09-16 16:27             ` Jarkko Sakkinen
2020-09-16 18:04             ` Nick Desaulniers
2020-09-16 18:04               ` Nick Desaulniers
2020-09-16 18:04               ` Nick Desaulniers
2020-09-17 15:17               ` Jarkko Sakkinen
2020-09-17 15:17                 ` Jarkko Sakkinen
2020-09-17 15:17                 ` Jarkko Sakkinen
2020-09-13  7:07   ` kernel test robot
2020-09-13  7:29   ` kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202009131715.alvmDNan%lkp@intel.com \
    --to=lkp@intel.com \
    --cc=kbuild@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.