Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a556810d authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'fixes-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull TPM fixes from James Morris:
 "From Jarkko: These are critical fixes for v5.1. Contains also couple
  of new selftests for v5.1 features (partial reads in /dev/tpm0)"

* 'fixes-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  selftests/tpm2: Open tpm dev in unbuffered mode
  selftests/tpm2: Extend tests to cover partial reads
  KEYS: trusted: fix -Wvarags warning
  tpm: Fix the type of the return value in calc_tpm2_event_size()
  KEYS: trusted: allow trusted.ko to initialize w/o a TPM
  tpm: fix an invalid condition in tpm_common_poll
  tpm: turn on TPM on suspend for TPM 1.x
parents 10d43397 6da70580

drivers/char/tpm/eventlog/tpm2.c

+2 −2
Original line number Diff line number Diff line
@@ -37,7 +37,7 @@ 
 *

 * Returns size of the event. If it is an invalid event, returns 0.

 */

static int calc_tpm2_event_size(struct tcg_pcr_event2_head *event,

static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event,

				   struct tcg_pcr_event *event_header)

{

	struct tcg_efi_specid_event_head *efispecid;

drivers/char/tpm/tpm-dev-common.c

+8 −1
Original line number Diff line number Diff line
@@ -233,12 +233,19 @@ __poll_t tpm_common_poll(struct file *file, poll_table *wait) 
	__poll_t mask = 0;



	poll_wait(file, &priv->async_wait, wait);

	mutex_lock(&priv->buffer_mutex);



	if (!priv->response_read || priv->response_length)

	/*

	 * The response_length indicates if there is still response

	 * (or part of it) to be consumed. Partial reads decrease it

	 * by the number of bytes read, and write resets it the zero.

	 */

	if (priv->response_length)

		mask = EPOLLIN | EPOLLRDNORM;

	else

		mask = EPOLLOUT | EPOLLWRNORM;



	mutex_unlock(&priv->buffer_mutex);

	return mask;

}

drivers/char/tpm/tpm-interface.c

+6 −8
Original line number Diff line number Diff line
@@ -402,15 +402,13 @@ int tpm_pm_suspend(struct device *dev) 
	if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED)

		return 0;



	if (chip->flags & TPM_CHIP_FLAG_TPM2) {

		mutex_lock(&chip->tpm_mutex);

	if (!tpm_chip_start(chip)) {

		if (chip->flags & TPM_CHIP_FLAG_TPM2)

			tpm2_shutdown(chip, TPM2_SU_STATE);

			tpm_chip_stop(chip);

		}

		mutex_unlock(&chip->tpm_mutex);

	} else {

		else

			rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);



		tpm_chip_stop(chip);

	}



	return rc;

include/keys/trusted.h

+1 −1
Original line number Diff line number Diff line
@@ -38,7 +38,7 @@ enum { 


int TSS_authhmac(unsigned char *digest, const unsigned char *key,

			unsigned int keylen, unsigned char *h1,

			unsigned char *h2, unsigned char h3, ...);

			unsigned char *h2, unsigned int h3, ...);

int TSS_checkhmac1(unsigned char *buffer,

			  const uint32_t command,

			  const unsigned char *ononce,

security/keys/trusted.c

+25 −7
Original line number Diff line number Diff line
@@ -125,7 +125,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 
 */

int TSS_authhmac(unsigned char *digest, const unsigned char *key,

			unsigned int keylen, unsigned char *h1,

			unsigned char *h2, unsigned char h3, ...)

			unsigned char *h2, unsigned int h3, ...)

{

	unsigned char paramdigest[SHA1_DIGEST_SIZE];

	struct sdesc *sdesc;
@@ -135,13 +135,16 @@ int TSS_authhmac(unsigned char *digest, const unsigned char *key, 
	int ret;

	va_list argp;



	if (!chip)

		return -ENODEV;



	sdesc = init_sdesc(hashalg);

	if (IS_ERR(sdesc)) {

		pr_info("trusted_key: can't alloc %s\n", hash_alg);

		return PTR_ERR(sdesc);

	}



	c = h3;

	c = !!h3;

	ret = crypto_shash_init(&sdesc->shash);

	if (ret < 0)

		goto out;
@@ -196,6 +199,9 @@ int TSS_checkhmac1(unsigned char *buffer, 
	va_list argp;

	int ret;



	if (!chip)

		return -ENODEV;



	bufsize = LOAD32(buffer, TPM_SIZE_OFFSET);

	tag = LOAD16(buffer, 0);

	ordinal = command;
@@ -363,6 +369,9 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen) 
{

	int rc;



	if (!chip)

		return -ENODEV;



	dump_tpm_buf(cmd);

	rc = tpm_send(chip, cmd, buflen);

	dump_tpm_buf(cmd);
@@ -429,6 +438,9 @@ int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) 
{

	int ret;



	if (!chip)

		return -ENODEV;



	INIT_BUF(tb);

	store16(tb, TPM_TAG_RQU_COMMAND);

	store32(tb, TPM_OIAP_SIZE);
@@ -1245,9 +1257,13 @@ static int __init init_trusted(void) 
{

	int ret;



	/* encrypted_keys.ko depends on successful load of this module even if

	 * TPM is not used.

	 */

	chip = tpm_default_chip();

	if (!chip)

		return -ENOENT;

		return 0;



	ret = init_digests();

	if (ret < 0)

		goto err_put;
@@ -1269,11 +1285,13 @@ static int __init init_trusted(void) 


static void __exit cleanup_trusted(void)

{

	if (chip) {

		put_device(&chip->dev);

		kfree(digests);

		trusted_shash_release();

		unregister_key_type(&key_type_trusted);

	}

}



late_initcall(init_trusted);

module_exit(cleanup_trusted);