On Tue Nov 28, 2023 at 5:48 AM EET, Serge E. Hallyn wrote: > On Wed, Nov 22, 2023 at 12:31:20AM +0200, Jarkko Sakkinen wrote: > > Take advantage of the new sized buffer (TPM2B) mode of struct tpm_buf in > > tpm2_seal_trusted(). This allows to add robustness to the command > > construction without requiring to calculate buffer sizes manually. > > > > Signed-off-by: Jarkko Sakkinen <[email protected]> > > --- > > v3 [2023-11-21]: A boundary error check as response for the feeedback > > from Mario Limenciello: > > https://lore.kernel.org/linux-integrity/[email protected]/ > > v2: Use tpm_buf_read_* > > --- > > security/keys/trusted-keys/trusted_tpm2.c | 54 +++++++++++++---------- > > 1 file changed, 31 insertions(+), 23 deletions(-) > > > > diff --git a/security/keys/trusted-keys/trusted_tpm2.c > > b/security/keys/trusted-keys/trusted_tpm2.c > > index bc700f85f80b..97b1dfca2dba 100644 > > --- a/security/keys/trusted-keys/trusted_tpm2.c > > +++ b/security/keys/trusted-keys/trusted_tpm2.c > > @@ -228,8 +228,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > > struct trusted_key_payload *payload, > > struct trusted_key_options *options) > > { > > + off_t offset = TPM_HEADER_SIZE; > > + struct tpm_buf buf, sized; > > int blob_len = 0; > > - struct tpm_buf buf; > > u32 hash; > > u32 flags; > > int i; > > @@ -258,6 +259,14 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > > return rc; > > } > > > > + rc = tpm_buf_init_sized(&sized); > > + if (rc) { > > + tpm_buf_destroy(&buf); > > It won't really hurt, but at the moment if tpm_buf_init_sized() returns > non-zero, then it must be returning -ENOMEM, and tpm_buf_destroy(&buf) > is not needed, right?
It should cause corrateral damage since the rollback emits only free_page(buf->data) and it will become NULL in the case when tpm_buf_init_sized(). Despite that this behaviour is illegit and the call should be removed. Thanks for the remark! BR, Jarkko
