| Message ID | 1487177783-15687-1-git-send-email-stefanb@linux.vnet.ibm.com |
|---|---|
| State | New |
| Headers | show |
On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger wrote: > The TPM1.2 PCR Extend operation only returns 20 bytes in the body, > which is the size of the PCR state. > > This fixes a problem where IMA gets errors with every PCR Extend. > > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > Acked-by: Mimi Zohar <zohar@us.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> /Jarkko > --- > drivers/char/tpm/tpm-interface.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > index 6e368ee..bd2128e 100644 > --- a/drivers/char/tpm/tpm-interface.c > +++ b/drivers/char/tpm/tpm-interface.c > @@ -767,7 +767,7 @@ EXPORT_SYMBOL_GPL(tpm_pcr_read); > > #define TPM_ORD_PCR_EXTEND cpu_to_be32(20) > #define EXTEND_PCR_RESULT_SIZE 34 > -#define EXTEND_PCR_RESULT_BODY_SIZE 24 > +#define EXTEND_PCR_RESULT_BODY_SIZE 20 > static const struct tpm_input_header pcrextend_header = { > .tag = TPM_TAG_RQU_COMMAND, > .length = cpu_to_be32(34), > -- > 2.4.3 > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
On 02/15/2017 01:09 PM, Jarkko Sakkinen wrote: > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger wrote: >> The TPM1.2 PCR Extend operation only returns 20 bytes in the body, >> which is the size of the PCR state. >> >> This fixes a problem where IMA gets errors with every PCR Extend. >> >> Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") >> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> >> Acked-by: Mimi Zohar <zohar@us.ibm.com> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > /Jarkko > >> --- >> drivers/char/tpm/tpm-interface.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c >> index 6e368ee..bd2128e 100644 >> --- a/drivers/char/tpm/tpm-interface.c >> +++ b/drivers/char/tpm/tpm-interface.c >> @@ -767,7 +767,7 @@ EXPORT_SYMBOL_GPL(tpm_pcr_read); >> >> #define TPM_ORD_PCR_EXTEND cpu_to_be32(20) >> #define EXTEND_PCR_RESULT_SIZE 34 We should probably rename the above to EXTEND_PCR_BUFFER_SIZE. It's the input buffer that's size 34, the output is 30 bytes. Stefan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Hi James, On Wed, 2017-02-15 at 20:09 +0200, Jarkko Sakkinen wrote: > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger wrote: > > The TPM1.2 PCR Extend operation only returns 20 bytes in the body, > > which is the size of the PCR state. > > > > This fixes a problem where IMA gets errors with every PCR Extend. > > > > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > > Acked-by: Mimi Zohar <zohar@us.ibm.com> > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> This patch needs to be included with the rest of the patches being upstreamed in the next open window. Should Jarkko or I send you a pull request for it? thanks, Mimi ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
On Fri, Feb 17, 2017 at 07:46:38AM -0500, Mimi Zohar wrote: > Hi James, > > On Wed, 2017-02-15 at 20:09 +0200, Jarkko Sakkinen wrote: > > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger wrote: > > > The TPM1.2 PCR Extend operation only returns 20 bytes in the body, > > > which is the size of the PCR state. > > > > > > This fixes a problem where IMA gets errors with every PCR Extend. > > > > > > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") > > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > > > Acked-by: Mimi Zohar <zohar@us.ibm.com> > > > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > This patch needs to be included with the rest of the patches being > upstreamed in the next open window. Should Jarkko or I send you a pull > request for it? > > thanks, > > Mimi I'm sending a pull request after the weekend. It will contain only a few small scoped fixes so wouldn't it be easiest if I just include this to the pack? /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
On Fri, 2017-02-17 at 20:45 +0200, Jarkko Sakkinen wrote: > On Fri, Feb 17, 2017 at 07:46:38AM -0500, Mimi Zohar wrote: > > Hi James, > > > > On Wed, 2017-02-15 at 20:09 +0200, Jarkko Sakkinen wrote: > > > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger wrote: > > > > The TPM1.2 PCR Extend operation only returns 20 bytes in the body, > > > > which is the size of the PCR state. > > > > > > > > This fixes a problem where IMA gets errors with every PCR Extend. > > > > > > > > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") > > > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > > > > Acked-by: Mimi Zohar <zohar@us.ibm.com> > > > > > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > > > This patch needs to be included with the rest of the patches being > > upstreamed in the next open window. Should Jarkko or I send you a pull > > request for it? > I'm sending a pull request after the weekend. It will contain > only a few small scoped fixes so wouldn't it be easiest if I > just include this to the pack? As long as it makes it into the James' pull request to Linus, that's fine. Mimi ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 6e368ee..bd2128e 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -767,7 +767,7 @@ EXPORT_SYMBOL_GPL(tpm_pcr_read); #define TPM_ORD_PCR_EXTEND cpu_to_be32(20) #define EXTEND_PCR_RESULT_SIZE 34 -#define EXTEND_PCR_RESULT_BODY_SIZE 24 +#define EXTEND_PCR_RESULT_BODY_SIZE 20 static const struct tpm_input_header pcrextend_header = { .tag = TPM_TAG_RQU_COMMAND, .length = cpu_to_be32(34),
The TPM1.2 PCR Extend operation only returns 20 bytes in the body, which is the size of the PCR state. This fixes a problem where IMA gets errors with every PCR Extend. Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> --- drivers/char/tpm/tpm-interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)