From: Jarkko Sakkinen Date: Wed, 25 Jan 2017 21:00:22 +0000 (+0200) Subject: tpm: fix RC value check in tpm2_seal_trusted X-Git-Tag: Ubuntu-4.10.0-25.29~272 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=15a9c85b2e7f23fe8c7f289754278a570c0f083c;p=mirror_ubuntu-zesty-kernel.git tpm: fix RC value check in tpm2_seal_trusted BugLink: http://bugs.launchpad.net/bugs/1691369 commit 7d761119a914ec0ac05ec2a5378d1f86e680967d upstream. The error code handling is broken as any error code that has the same bits set as TPM_RC_HASH passes. Implemented tpm2_rc_value() helper to parse the error value from FMT0 and FMT1 error codes so that these types of mistakes are prevented in the future. Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips") Signed-off-by: Jarkko Sakkinen Reviewed-by: Jason Gunthorpe Signed-off-by: Greg Kroah-Hartman Signed-off-by: Stefan Bader Signed-off-by: Thadeu Lima de Souza Cascardo --- diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 1ae976894257..f9613f55e7bc 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -529,6 +529,11 @@ static inline void tpm_add_ppi(struct tpm_chip *chip) } #endif +static inline inline u32 tpm2_rc_value(u32 rc) +{ + return (rc & BIT(7)) ? rc & 0xff : rc; +} + int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash); int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index da5b782a9731..6a397c8bf033 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -529,7 +529,7 @@ out: tpm_buf_destroy(&buf); if (rc > 0) { - if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH) + if (tpm2_rc_value(rc) == TPM2_RC_HASH) rc = -EINVAL; else rc = -EPERM;