[kbuild] Re: [PATCH v11 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs

kernel test robot Sun, 13 Sep 2020 02:36:18 -0700

CC: [email protected]
In-Reply-To: <[email protected]>
References: <[email protected]>
TO: James Bottomley <[email protected]>
TO: [email protected]
CC: Mimi Zohar <[email protected]>
CC: Jarkko Sakkinen <[email protected]>
CC: David Woodhouse <[email protected]>
CC: [email protected]
CC: David Howells <[email protected]>


Hi James,

I love your patch! Perhaps something to improve:

[auto build test WARNING on integrity/next-integrity]
[also build test WARNING on linus/master v5.9-rc4 next-20200911]
[cannot apply to security/next-testing dhowells-fs/fscache-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    
https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200913-013201
base:   
https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git 
next-integrity
:::::: branch date: 16 hours ago
:::::: commit date: 16 hours ago
compiler: microblaze-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>


cppcheck warnings: (new ones prefixed by >>)

>> security/keys/trusted-keys/trusted_tpm2.c:38:25: warning: Either the 
>> condition '!scratch' is redundant or there is pointer arithmetic with NULL 
>> pointer. [nullPointerArithmeticRedundantCheck]
    u8 *end_work = scratch + SCRATCH_SIZE;
                           ^
   security/keys/trusted-keys/trusted_tpm2.c:50:6: note: Assuming that 
condition '!scratch' is not redundant
    if (!scratch)
        ^
   security/keys/trusted-keys/trusted_tpm2.c:38:25: note: Null pointer addition
    u8 *end_work = scratch + SCRATCH_SIZE;
                           ^

# 
https://github.com/0day-ci/linux/commit/ce13d03d29ab9ef7c6236ddfbd25ef4ea78dccff
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review 
James-Bottomley/TPM-2-0-trusted-key-rework/20200913-013201
git checkout ce13d03d29ab9ef7c6236ddfbd25ef4ea78dccff
vim +38 security/keys/trusted-keys/trusted_tpm2.c

ce13d03d29ab9e James Bottomley 2020-09-12  30  
ce13d03d29ab9e James Bottomley 2020-09-12  31  static int 
tpm2_key_encode(struct trusted_key_payload *payload,
ce13d03d29ab9e James Bottomley 2020-09-12  32                      struct 
trusted_key_options *options,
ce13d03d29ab9e James Bottomley 2020-09-12  33                      u8 *src, u32 
len)
ce13d03d29ab9e James Bottomley 2020-09-12  34  {
ce13d03d29ab9e James Bottomley 2020-09-12  35   const int SCRATCH_SIZE = 
PAGE_SIZE;
ce13d03d29ab9e James Bottomley 2020-09-12  36   u8 *scratch = 
kmalloc(SCRATCH_SIZE, GFP_KERNEL);
ce13d03d29ab9e James Bottomley 2020-09-12  37   u8 *work = scratch, *work1;
ce13d03d29ab9e James Bottomley 2020-09-12 @38   u8 *end_work = scratch + 
SCRATCH_SIZE;
ce13d03d29ab9e James Bottomley 2020-09-12  39   u8 *priv, *pub;
ce13d03d29ab9e James Bottomley 2020-09-12  40   u16 priv_len, pub_len;
ce13d03d29ab9e James Bottomley 2020-09-12  41  
ce13d03d29ab9e James Bottomley 2020-09-12  42   priv_len = 
get_unaligned_be16(src) + 2;
ce13d03d29ab9e James Bottomley 2020-09-12  43   priv = src;
ce13d03d29ab9e James Bottomley 2020-09-12  44  
ce13d03d29ab9e James Bottomley 2020-09-12  45   src += priv_len;
ce13d03d29ab9e James Bottomley 2020-09-12  46  
ce13d03d29ab9e James Bottomley 2020-09-12  47   pub_len = 
get_unaligned_be16(src) + 2;
ce13d03d29ab9e James Bottomley 2020-09-12  48   pub = src;
ce13d03d29ab9e James Bottomley 2020-09-12  49  
ce13d03d29ab9e James Bottomley 2020-09-12  50   if (!scratch)
ce13d03d29ab9e James Bottomley 2020-09-12  51           return -ENOMEM;
ce13d03d29ab9e James Bottomley 2020-09-12  52  
ce13d03d29ab9e James Bottomley 2020-09-12  53   work = asn1_encode_oid(work, 
end_work, tpm2key_oid,
ce13d03d29ab9e James Bottomley 2020-09-12  54                          
asn1_oid_len(tpm2key_oid));
ce13d03d29ab9e James Bottomley 2020-09-12  55  
ce13d03d29ab9e James Bottomley 2020-09-12  56   if (options->blobauth_len == 0) 
{
ce13d03d29ab9e James Bottomley 2020-09-12  57           unsigned char bool[3], 
*w = bool;
ce13d03d29ab9e James Bottomley 2020-09-12  58           /* tag 0 is emptyAuth */
ce13d03d29ab9e James Bottomley 2020-09-12  59           w = 
asn1_encode_boolean(w, w + sizeof(bool), true);
ce13d03d29ab9e James Bottomley 2020-09-12  60           if (WARN(IS_ERR(w), 
"BUG: Boolean failed to encode"))
ce13d03d29ab9e James Bottomley 2020-09-12  61                   return 
PTR_ERR(w);
ce13d03d29ab9e James Bottomley 2020-09-12  62           work = 
asn1_encode_tag(work, end_work, 0, bool, w - bool);
ce13d03d29ab9e James Bottomley 2020-09-12  63   }
ce13d03d29ab9e James Bottomley 2020-09-12  64  
ce13d03d29ab9e James Bottomley 2020-09-12  65   /*
ce13d03d29ab9e James Bottomley 2020-09-12  66    * Assume both octet strings 
will encode to a 2 byte definite length
ce13d03d29ab9e James Bottomley 2020-09-12  67    *
ce13d03d29ab9e James Bottomley 2020-09-12  68    * Note: For a well behaved 
TPM, this warning should never
ce13d03d29ab9e James Bottomley 2020-09-12  69    * trigger, so if it does 
there's something nefarious going on
ce13d03d29ab9e James Bottomley 2020-09-12  70    */
ce13d03d29ab9e James Bottomley 2020-09-12  71   if (WARN(work - scratch + 
pub_len + priv_len + 14 > SCRATCH_SIZE,
ce13d03d29ab9e James Bottomley 2020-09-12  72            "BUG: scratch buffer 
is too small"))
ce13d03d29ab9e James Bottomley 2020-09-12  73           return -EINVAL;
ce13d03d29ab9e James Bottomley 2020-09-12  74  
ce13d03d29ab9e James Bottomley 2020-09-12  75   work = 
asn1_encode_integer(work, end_work, options->keyhandle);
ce13d03d29ab9e James Bottomley 2020-09-12  76   work = 
asn1_encode_octet_string(work, end_work, pub, pub_len);
ce13d03d29ab9e James Bottomley 2020-09-12  77   work = 
asn1_encode_octet_string(work, end_work, priv, priv_len);
ce13d03d29ab9e James Bottomley 2020-09-12  78  
ce13d03d29ab9e James Bottomley 2020-09-12  79   work1 = payload->blob;
ce13d03d29ab9e James Bottomley 2020-09-12  80   work1 = 
asn1_encode_sequence(work1, work1 + sizeof(payload->blob),
ce13d03d29ab9e James Bottomley 2020-09-12  81                                
scratch, work - scratch);
ce13d03d29ab9e James Bottomley 2020-09-12  82   if (WARN(IS_ERR(work1), "BUG: 
ASN.1 encoder failed"))
ce13d03d29ab9e James Bottomley 2020-09-12  83           return PTR_ERR(work1);
ce13d03d29ab9e James Bottomley 2020-09-12  84  
ce13d03d29ab9e James Bottomley 2020-09-12  85   return work1 - payload->blob;
ce13d03d29ab9e James Bottomley 2020-09-12  86  }
ce13d03d29ab9e James Bottomley 2020-09-12  87  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]
_______________________________________________
kbuild mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[kbuild] Re: [PATCH v11 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs

Reply via email to