char/tpm: simplify duration calculation and eliminate smatch warning.

This patch changes the semantics of the duration calculation for an ordinal, by masking out the higher bits of a tpm command, which specify whether it's an TPM_PROTECTED_COMMAND, TPM_UNPROTECTED_COMMAND, TPM_CONNECTION_COMMAND, TPM_CONNECTION_COMMAND, TPM_VENDOR_COMMAND. (See TPM Main Spec Part 2 Section 17 for details). For all TPM_PROTECTED and TPM_CONNECTION commands the results are unchanged. The TPM_UNPROTECTED commands are TSS commands and thus irrelevant as they are not sent to the tpm. For vendor commands the semantics change for ordinals 10 and 11 but they were probably wrong anyway. For everything else which has the ordinal set to 10 or 11 the semantics change as it now uses TPM_UNDEFINED instead of TPM_SHORT which was probably wrong anyway (but irrelevant as not defined by the standard). This patch also gets rid of the (false positive) smatch warning: drivers/char/tpm/tpm.c:360 tpm_calc_ordinal_duration() error: buffer overflow 'tpm_protected_ordinal_duration' 12 <= 243 Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>

char/tpm: simplify duration calculation and eliminate smatch warning.
This patch changes the semantics of the duration calculation for an ordinal, by masking out the higher bits of a tpm command, which specify whether it's an TPM_PROTECTED_COMMAND, TPM_UNPROTECTED_COMMAND, TPM_CONNECTION_COMMAND, TPM_CONNECTION_COMMAND, TPM_VENDOR_COMMAND. (See TPM Main Spec Part 2 Section 17 for details). For all TPM_PROTECTED and TPM_CONNECTION commands the results are unchanged. The TPM_UNPROTECTED commands are TSS commands and thus irrelevant as they are not sent to the tpm. For vendor commands the semantics change for ordinals 10 and 11 but they were probably wrong anyway. For everything else which has the ordinal set to 10 or 11 the semantics change as it now uses TPM_UNDEFINED instead of TPM_SHORT which was probably wrong anyway (but irrelevant as not defined by the standard). This patch also gets rid of the (false positive) smatch warning: drivers/char/tpm/tpm.c:360 tpm_calc_ordinal_duration() error: buffer overflow 'tpm_protected_ordinal_duration' 12 <= 243 Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
Peter Huewe · Kent Yoder
1 parent 720ca4a9af
Showing 1 changed file with 6 additions and 7 deletions Side-by-side Diff
drivers/char/tpm/tpm.c
@@ -40,8 +40,9 @@
 };
  
 #define TPM_MAX_ORDINAL 243
-#define TPM_MAX_PROTECTED_ORDINAL 12
-#define TPM_PROTECTED_ORDINAL_MASK 0xFF
+#define TSC_MAX_ORDINAL 12
+#define TPM_PROTECTED_COMMAND 0x00
+#define TPM_CONNECTION_COMMAND 0x40
  
 /*
  * Bug workaround - some TPM's don't flush the most
  
  
@@ -336,13 +337,11 @@
 {
 	int duration_idx = TPM_UNDEFINED;
 	int duration = 0;
+	u8 category = (ordinal >> 24) & 0xFF;
  
-	if (ordinal < TPM_MAX_ORDINAL)
+	if ((category == TPM_PROTECTED_COMMAND && ordinal < TPM_MAX_ORDINAL) ||
+	    (category == TPM_CONNECTION_COMMAND && ordinal < TSC_MAX_ORDINAL))
 		duration_idx = tpm_ordinal_duration[ordinal];
-	else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) <
-		 TPM_MAX_PROTECTED_ORDINAL)
-		duration_idx =
-		    tpm_ordinal_duration[ordinal & TPM_PROTECTED_ORDINAL_MASK];
  
 	if (duration_idx != TPM_UNDEFINED)
 		duration = chip->vendor.duration[duration_idx];
...	...	@@ -40,8 +40,9 @@
40	40	};
41	41
42	42	#define TPM_MAX_ORDINAL 243
43		-#define TPM_MAX_PROTECTED_ORDINAL 12
44		-#define TPM_PROTECTED_ORDINAL_MASK 0xFF
	43	+#define TSC_MAX_ORDINAL 12
	44	+#define TPM_PROTECTED_COMMAND 0x00
	45	+#define TPM_CONNECTION_COMMAND 0x40
45	46
46	47	/*
47	48	* Bug workaround - some TPM's don't flush the most
48	49
49	50
...	...	@@ -336,13 +337,11 @@
336	337	{
337	338	int duration_idx = TPM_UNDEFINED;
338	339	int duration = 0;
	340	+ u8 category = (ordinal >> 24) & 0xFF;
339	341
340		- if (ordinal < TPM_MAX_ORDINAL)
	342	+ if ((category == TPM_PROTECTED_COMMAND && ordinal < TPM_MAX_ORDINAL) \|\|
	343	+ (category == TPM_CONNECTION_COMMAND && ordinal < TSC_MAX_ORDINAL))
341	344	duration_idx = tpm_ordinal_duration[ordinal];
342		- else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) <
343		- TPM_MAX_PROTECTED_ORDINAL)
344		- duration_idx =
345		- tpm_ordinal_duration[ordinal & TPM_PROTECTED_ORDINAL_MASK];
346	345
347	346	if (duration_idx != TPM_UNDEFINED)
348	347	duration = chip->vendor.duration[duration_idx];