Re: [PATCH v6 7/8] tpm: Add tpm_buf_read_{u8,u16,u32}

public inbox for linux-integrity@vger.kernel.org
 help / color / mirror / Atom feed

From: Stefan Berger <stefanb@linux.ibm.com>
To: Jarkko Sakkinen <jarkko@kernel.org>, linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	James Bottomley <James.Bottomley@HansenPartnership.com>,
	William Roberts <bill.c.roberts@gmail.com>,
	David Howells <dhowells@redhat.com>,
	Jason Gunthorpe <jgg@ziepe.ca>, Mimi Zohar <zohar@linux.ibm.com>,
	Mario Limonciello <mario.limonciello@amd.com>,
	Jerry Snitselaar <jsnitsel@redhat.com>
Subject: Re: [PATCH v6 7/8] tpm: Add tpm_buf_read_{u8,u16,u32}
Date: Mon, 27 Nov 2023 16:10:09 -0500	[thread overview]
Message-ID: <22032156-bd61-4c72-ad47-fe5932cd832a@linux.ibm.com> (raw)
In-Reply-To: <20231124020237.27116-8-jarkko@kernel.org>



On 11/23/23 21:02, Jarkko Sakkinen wrote:
> Declare reader functions for the instances of struct tpm_buf. If the read
> goes out of boundary, TPM_BUF_BOUNDARY_ERROR is set, and subsequent read
> will do nothing.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>

> ---
> v5 [2023-11-24]: Fixed off-by-one error in the boundary check.
> v4 [2023-11-21]: Address James Bottomley's feedback for v2 of this
> patch, i.e. offset pointer was not correctly dereferenced.
> v3 [2023-11-21]: Add possibility to check for boundary error to the
> as response to the feedback from Mario Limenciello:
> https://lore.kernel.org/linux-integrity/3f9086f6-935f-48a7-889b-c71398422fa1@amd.com/
> ---
>   drivers/char/tpm/tpm-buf.c | 79 +++++++++++++++++++++++++++++++++++++-
>   include/linux/tpm.h        |  5 +++
>   2 files changed, 83 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c
> index 099b4a56c5d5..32619e9ab4fa 100644
> --- a/drivers/char/tpm/tpm-buf.c
> +++ b/drivers/char/tpm/tpm-buf.c
> @@ -107,7 +107,7 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length)
>   		return;
>   
>   	if ((buf->length + new_length) > PAGE_SIZE) {
> -		WARN(1, "tpm_buf: overflow\n");
> +		WARN(1, "tpm_buf: write overflow\n");
>   		buf->flags |= TPM_BUF_OVERFLOW;
>   		return;
>   	}
> @@ -143,3 +143,80 @@ void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value)
>   	tpm_buf_append(buf, (u8 *)&value2, 4);
>   }
>   EXPORT_SYMBOL_GPL(tpm_buf_append_u32);
> +
> +/**
> + * tpm_buf_read() - Read from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + * @count:	the number of bytes to read
> + * @output:	the output buffer
> + */
> +static void tpm_buf_read(struct tpm_buf *buf, off_t *offset, size_t count, void *output)
> +{
> +	off_t next_offset;
> +
> +	/* Return silently if overflow has already happened. */
> +	if (buf->flags & TPM_BUF_BOUNDARY_ERROR)
> +		return;
> +
> +	next_offset = *offset + count;
> +	if (next_offset > buf->length) {
> +		WARN(1, "tpm_buf: read out of boundary\n");
> +		buf->flags |= TPM_BUF_BOUNDARY_ERROR;
> +		return;
> +	}
> +
> +	memcpy(output, &buf->data[*offset], count);
> +	*offset = next_offset;
> +}
> +
> +/**
> + * tpm_buf_read_u8() - Read 8-bit word from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + *
> + * Return: next 8-bit word
> + */
> +u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset)
> +{
> +	u8 value;
> +
> +	tpm_buf_read(buf, offset, sizeof(value), &value);
> +
> +	return value;
> +}
> +EXPORT_SYMBOL_GPL(tpm_buf_read_u8);
> +
> +/**
> + * tpm_buf_read_u16() - Read 16-bit word from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + *
> + * Return: next 16-bit word
> + */
> +u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset)
> +{
> +	u16 value;
> +
> +	tpm_buf_read(buf, offset, sizeof(value), &value);
> +
> +	return be16_to_cpu(value);
> +}
> +EXPORT_SYMBOL_GPL(tpm_buf_read_u16);
> +
> +/**
> + * tpm_buf_read_u32() - Read 32-bit word from a TPM buffer
> + * @buf:	&tpm_buf instance
> + * @offset:	offset within the buffer
> + *
> + * Return: next 32-bit word
> + */
> +u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset)
> +{
> +	u32 value;
> +
> +	tpm_buf_read(buf, offset, sizeof(value), &value);
> +
> +	return be32_to_cpu(value);
> +}
> +EXPORT_SYMBOL_GPL(tpm_buf_read_u32);
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 715db4a91c1f..e8172f81c562 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -302,6 +302,8 @@ enum tpm_buf_flags {
>   	TPM_BUF_OVERFLOW	= BIT(0),
>   	/* TPM2B format: */
>   	TPM_BUF_TPM2B		= BIT(1),
> +	/* read out of boundary: */
> +	TPM_BUF_BOUNDARY_ERROR	= BIT(2),
>   };
>   
>   /*
> @@ -338,6 +340,9 @@ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_length);
>   void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value);
>   void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value);
>   void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value);
> +u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset);
> +u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset);
> +u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset);
>   
>   /*
>    * Check if TPM device is in the firmware upgrade mode.

next prev parent reply	other threads:[~2023-11-27 21:10 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-24  2:02 [PATCH v6 0/8] Extend struct tpm_buf to support sized buffers (TPM2B) Jarkko Sakkinen
2023-11-24  2:02 ` [PATCH v6 1/8] tpm: Remove unused tpm_buf_tag() Jarkko Sakkinen
2023-11-27 20:33   ` Stefan Berger
2023-11-24  2:02 ` [PATCH v6 2/8] tpm: Remove tpm_send() Jarkko Sakkinen
2023-11-27 20:37   ` Stefan Berger
2023-11-24  2:02 ` [PATCH v6 3/8] tpm: Move buffer handling from static inlines to real functions Jarkko Sakkinen
2023-11-27 20:40   ` Stefan Berger
2023-11-24  2:02 ` [PATCH v6 4/8] tpm: Update struct tpm_buf documentation comments Jarkko Sakkinen
2023-11-27 20:41   ` Stefan Berger
2023-12-04  2:40     ` Jarkko Sakkinen
2023-11-24  2:02 ` [PATCH v6 5/8] tpm: Store the length of the tpm_buf data separately Jarkko Sakkinen
2023-11-27 21:03   ` Stefan Berger
2023-11-24  2:02 ` [PATCH v6 6/8] tpm: TPM2B formatted buffers Jarkko Sakkinen
2023-11-27 21:08   ` Stefan Berger
2023-11-24  2:02 ` [PATCH v6 7/8] tpm: Add tpm_buf_read_{u8,u16,u32} Jarkko Sakkinen
2023-11-27 21:10   ` Stefan Berger [this message]
2023-11-28 12:35   ` Stefan Berger
2023-11-24  2:02 ` [PATCH v6 8/8] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers Jarkko Sakkinen
2023-11-27 21:21   ` Stefan Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=22032156-bd61-4c72-ad47-fe5932cd832a@linux.ibm.com \
    --to=stefanb@linux.ibm.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=bill.c.roberts@gmail.com \
    --cc=dhowells@redhat.com \
    --cc=jarkko@kernel.org \
    --cc=jgg@ziepe.ca \
    --cc=jsnitsel@redhat.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mario.limonciello@amd.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox