From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "kernel test robot" <lkp@intel.com>,
"James Bottomley" <James.Bottomley@hansenpartnership.com>
Cc: <llvm@lists.linux.dev>, <oe-kbuild-all@lists.linux.dev>
Subject: Re: [jarkko-tpmdd:next 22/38] drivers/char/tpm/tpm2-sessions.c:23: warning: Excess function parameter 'returns' description in 'tpm2_parse_create_primary'
Date: Tue, 07 May 2024 23:04:52 +0300 [thread overview]
Message-ID: <D13OKDXSO6XC.14X4HTKK67VLW@kernel.org> (raw)
In-Reply-To: <202405060916.dUftOVIp-lkp@intel.com>
On Mon May 6, 2024 at 4:10 AM EEST, kernel test robot wrote:
> tree: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git next
> head: 152585665f0f6b89e67ed6d04c17b18d1f0f4077
> commit: 1c8cb605890dc0ffc8e82e7d1f8594a4d7b7189a [22/38] tpm: Add NULL primary creation
> config: s390-defconfig (https://download.01.org/0day-ci/archive/20240506/202405060916.dUftOVIp-lkp@intel.com/config)
> compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project 37ae4ad0eef338776c7e2cffb3896153d43dcd90)
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240506/202405060916.dUftOVIp-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202405060916.dUftOVIp-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
> >> drivers/char/tpm/tpm2-sessions.c:23: warning: Excess function parameter 'returns' description in 'tpm2_parse_create_primary'
> >> drivers/char/tpm/tpm2-sessions.c:186: warning: Excess function parameter 'returns' description in 'tpm2_create_primary'
>
>
> vim +23 drivers/char/tpm/tpm2-sessions.c
>
> 10
> 11 /**
> 12 * tpm2_parse_create_primary() - parse the data returned from TPM_CC_CREATE_PRIMARY
> 13 *
> 14 * @chip: The TPM the primary was created under
> 15 * @buf: The response buffer from the chip
> 16 * @handle: pointer to be filled in with the return handle of the primary
> 17 * @hierarchy: The hierarchy the primary was created for
> 18 *
> 19 * @returns: 0 on success or a positive TPM or negative standard error
> 20 */
> 21 static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf,
> 22 u32 *handle, u32 hierarchy)
> > 23 {
> 24 struct tpm_header *head = (struct tpm_header *)buf->data;
> 25 off_t offset_r = TPM_HEADER_SIZE, offset_t;
> 26 u16 len = TPM_HEADER_SIZE;
> 27 u32 total_len = be32_to_cpu(head->length);
> 28 u32 val, param_len;
> 29
> 30 *handle = tpm_buf_read_u32(buf, &offset_r);
> 31 param_len = tpm_buf_read_u32(buf, &offset_r);
> 32 /*
> 33 * param_len doesn't include the header, but all the other
> 34 * lengths and offsets do, so add it to parm len to make
> 35 * the comparisons easier
> 36 */
> 37 param_len += TPM_HEADER_SIZE;
> 38
> 39 if (param_len + 8 > total_len)
> 40 return -EINVAL;
> 41 len = tpm_buf_read_u16(buf, &offset_r);
> 42 offset_t = offset_r;
> 43 /* now we have the public area, compute the name of the object */
> 44 put_unaligned_be16(TPM_ALG_SHA256, chip->null_key_name);
> 45 sha256(&buf->data[offset_r], len, chip->null_key_name + 2);
> 46
> 47 /* validate the public key */
> 48 val = tpm_buf_read_u16(buf, &offset_t);
> 49
> 50 /* key type (must be what we asked for) */
> 51 if (val != TPM_ALG_ECC)
> 52 return -EINVAL;
> 53 val = tpm_buf_read_u16(buf, &offset_t);
> 54
> 55 /* name algorithm */
> 56 if (val != TPM_ALG_SHA256)
> 57 return -EINVAL;
> 58 val = tpm_buf_read_u32(buf, &offset_t);
> 59
> 60 /* object properties */
> 61 if (val != TPM2_OA_TMPL)
> 62 return -EINVAL;
> 63
> 64 /* auth policy (empty) */
> 65 val = tpm_buf_read_u16(buf, &offset_t);
> 66 if (val != 0)
> 67 return -EINVAL;
> 68
> 69 /* symmetric key parameters */
> 70 val = tpm_buf_read_u16(buf, &offset_t);
> 71 if (val != TPM_ALG_AES)
> 72 return -EINVAL;
> 73
> 74 /* symmetric key length */
> 75 val = tpm_buf_read_u16(buf, &offset_t);
> 76 if (val != AES_KEY_BITS)
> 77 return -EINVAL;
> 78
> 79 /* symmetric encryption scheme */
> 80 val = tpm_buf_read_u16(buf, &offset_t);
> 81 if (val != TPM_ALG_CFB)
> 82 return -EINVAL;
> 83
> 84 /* signing scheme */
> 85 val = tpm_buf_read_u16(buf, &offset_t);
> 86 if (val != TPM_ALG_NULL)
> 87 return -EINVAL;
> 88
> 89 /* ECC Curve */
> 90 val = tpm_buf_read_u16(buf, &offset_t);
> 91 if (val != TPM2_ECC_NIST_P256)
> 92 return -EINVAL;
> 93
> 94 /* KDF Scheme */
> 95 val = tpm_buf_read_u16(buf, &offset_t);
> 96 if (val != TPM_ALG_NULL)
> 97 return -EINVAL;
> 98
> 99 /* extract public key (x and y points) */
> 100 val = tpm_buf_read_u16(buf, &offset_t);
> 101 if (val != EC_PT_SZ)
> 102 return -EINVAL;
> 103 memcpy(chip->null_ec_key_x, &buf->data[offset_t], val);
> 104 offset_t += val;
> 105 val = tpm_buf_read_u16(buf, &offset_t);
> 106 if (val != EC_PT_SZ)
> 107 return -EINVAL;
> 108 memcpy(chip->null_ec_key_y, &buf->data[offset_t], val);
> 109 offset_t += val;
> 110
> 111 /* original length of the whole TPM2B */
> 112 offset_r += len;
> 113
> 114 /* should have exactly consumed the TPM2B public structure */
> 115 if (offset_t != offset_r)
> 116 return -EINVAL;
> 117 if (offset_r > param_len)
> 118 return -EINVAL;
> 119
> 120 /* creation data (skip) */
> 121 len = tpm_buf_read_u16(buf, &offset_r);
> 122 offset_r += len;
> 123 if (offset_r > param_len)
> 124 return -EINVAL;
> 125
> 126 /* creation digest (must be sha256) */
> 127 len = tpm_buf_read_u16(buf, &offset_r);
> 128 offset_r += len;
> 129 if (len != SHA256_DIGEST_SIZE || offset_r > param_len)
> 130 return -EINVAL;
> 131
> 132 /* TPMT_TK_CREATION follows */
> 133 /* tag, must be TPM_ST_CREATION (0x8021) */
> 134 val = tpm_buf_read_u16(buf, &offset_r);
> 135 if (val != TPM2_ST_CREATION || offset_r > param_len)
> 136 return -EINVAL;
> 137
> 138 /* hierarchy */
> 139 val = tpm_buf_read_u32(buf, &offset_r);
> 140 if (val != hierarchy || offset_r > param_len)
> 141 return -EINVAL;
> 142
> 143 /* the ticket digest HMAC (might not be sha256) */
> 144 len = tpm_buf_read_u16(buf, &offset_r);
> 145 offset_r += len;
> 146 if (offset_r > param_len)
> 147 return -EINVAL;
> 148
> 149 /*
> 150 * finally we have the name, which is a sha256 digest plus a 2
> 151 * byte algorithm type
> 152 */
> 153 len = tpm_buf_read_u16(buf, &offset_r);
> 154 if (offset_r + len != param_len + 8)
> 155 return -EINVAL;
> 156 if (len != SHA256_DIGEST_SIZE + 2)
> 157 return -EINVAL;
> 158
> 159 if (memcmp(chip->null_key_name, &buf->data[offset_r],
> 160 SHA256_DIGEST_SIZE + 2) != 0) {
> 161 dev_err(&chip->dev, "NULL Seed name comparison failed\n");
> 162 return -EINVAL;
> 163 }
> 164
> 165 return 0;
> 166 }
> 167
> 168 /**
> 169 * tpm2_create_primary() - create a primary key using a fixed P-256 template
> 170 *
> 171 * @chip: the TPM chip to create under
> 172 * @hierarchy: The hierarchy handle to create under
> 173 * @handle: The returned volatile handle on success
> 174 *
> 175 * For platforms that might not have a persistent primary, this can be
> 176 * used to create one quickly on the fly (it uses Elliptic Curve not
> 177 * RSA, so even slow TPMs can create one fast). The template uses the
> 178 * TCG mandated H one for non-endorsement ECC primaries, i.e. P-256
> 179 * elliptic curve (the only current one all TPM2s are required to
> 180 * have) a sha256 name hash and no policy.
> 181 *
> 182 * @returns: 0 on success or positive TPM or negative error.
> 183 */
> 184 static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy,
> 185 u32 *handle)
> > 186 {
> 187 int rc;
> 188 struct tpm_buf buf;
> 189 struct tpm_buf template;
> 190
> 191 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE_PRIMARY);
> 192 if (rc)
> 193 return rc;
> 194
> 195 rc = tpm_buf_init_sized(&template);
> 196 if (rc) {
> 197 tpm_buf_destroy(&buf);
> 198 return rc;
> 199 }
> 200
> 201 /*
> 202 * create the template. Note: in order for userspace to
> 203 * verify the security of the system, it will have to create
> 204 * and certify this NULL primary, meaning all the template
> 205 * parameters will have to be identical, so conform exactly to
> 206 * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC
> 207 * key H template (H has zero size unique points)
> 208 */
> 209
> 210 /* key type */
> 211 tpm_buf_append_u16(&template, TPM_ALG_ECC);
> 212
> 213 /* name algorithm */
> 214 tpm_buf_append_u16(&template, TPM_ALG_SHA256);
> 215
> 216 /* object properties */
> 217 tpm_buf_append_u32(&template, TPM2_OA_TMPL);
> 218
> 219 /* sauth policy (empty) */
> 220 tpm_buf_append_u16(&template, 0);
> 221
> 222 /* BEGIN parameters: key specific; for ECC*/
> 223
> 224 /* symmetric algorithm */
> 225 tpm_buf_append_u16(&template, TPM_ALG_AES);
> 226
> 227 /* bits for symmetric algorithm */
> 228 tpm_buf_append_u16(&template, AES_KEY_BITS);
> 229
> 230 /* algorithm mode (must be CFB) */
> 231 tpm_buf_append_u16(&template, TPM_ALG_CFB);
> 232
> 233 /* scheme (NULL means any scheme) */
> 234 tpm_buf_append_u16(&template, TPM_ALG_NULL);
> 235
> 236 /* ECC Curve ID */
> 237 tpm_buf_append_u16(&template, TPM2_ECC_NIST_P256);
> 238
> 239 /* KDF Scheme */
> 240 tpm_buf_append_u16(&template, TPM_ALG_NULL);
> 241
> 242 /* unique: key specific; for ECC it is two zero size points */
> 243 tpm_buf_append_u16(&template, 0);
> 244 tpm_buf_append_u16(&template, 0);
> 245
> 246 /* END parameters */
> 247
> 248 /* primary handle */
> 249 tpm_buf_append_u32(&buf, hierarchy);
> 250 tpm_buf_append_empty_auth(&buf, TPM2_RS_PW);
> 251
> 252 /* sensitive create size is 4 for two empty buffers */
> 253 tpm_buf_append_u16(&buf, 4);
> 254
> 255 /* sensitive create auth data (empty) */
> 256 tpm_buf_append_u16(&buf, 0);
> 257
> 258 /* sensitive create sensitive data (empty) */
> 259 tpm_buf_append_u16(&buf, 0);
> 260
> 261 /* the public template */
> 262 tpm_buf_append(&buf, template.data, template.length);
> 263 tpm_buf_destroy(&template);
> 264
> 265 /* outside info (empty) */
> 266 tpm_buf_append_u16(&buf, 0);
> 267
> 268 /* creation PCR (none) */
> 269 tpm_buf_append_u32(&buf, 0);
> 270
> 271 rc = tpm_transmit_cmd(chip, &buf, 0,
> 272 "attempting to create NULL primary");
> 273
> 274 if (rc == TPM2_RC_SUCCESS)
> 275 rc = tpm2_parse_create_primary(chip, &buf, handle, hierarchy);
> 276
> 277 tpm_buf_destroy(&buf);
> 278
> 279 return rc;
> 280 }
> 281
diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
index fc3f032df467..78b94097114d 100644
--- a/drivers/char/tpm/tpm2-sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -16,7 +16,10 @@
* @handle: pointer to be filled in with the return handle of the primary
* @hierarchy: The hierarchy the primary was created for
*
- * @returns: 0 on success or a positive TPM or negative standard error
+ * Return:
+ * * 0 - OK
+ * * -errno - A system error
+ * * TPM_RC - A TPM error
*/
static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf,
u32 *handle, u32 hierarchy)
@@ -179,7 +182,10 @@ static int tpm2_parse_create_primary(struct tpm_chip *chip, struct tpm_buf *buf,
* elliptic curve (the only current one all TPM2s are required to
* have) a sha256 name hash and no policy.
*
- * @returns: 0 on success or positive TPM or negative error.
+ * Return:
+ * * 0 - OK
+ * * -errno - A system error
+ * * TPM_RC - A TPM error
*/
static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy,
u32 *handle)
I copy-pasted from tpm-interface.c
BR, Jarkko
prev parent reply other threads:[~2024-05-07 20:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 1:10 [jarkko-tpmdd:next 22/38] drivers/char/tpm/tpm2-sessions.c:23: warning: Excess function parameter 'returns' description in 'tpm2_parse_create_primary' kernel test robot
2024-05-07 20:04 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D13OKDXSO6XC.14X4HTKK67VLW@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox