On Thu, Oct 20, 2016 at 05:21:29PM -0700, Josh Zimmerman wrote: > If the TPM we're connecting to uses a static burst count, it will report > a burst count of zero throughout the response read. However, get_burstcount > assumes that a response of zero indicates that the TPM is not ready to > receive more data. In this case, it returns a negative error code, which > is passed on to tpm_tis_{write,read}_bytes as a u16, causing > them to read/write far too many bytes. > > This patch checks for negative return codes and bails out from recv_data > and tpm_tis_send_data.
I guess this would need a "Fixes:" tag, wouldn't it? I would also add Cc: sta...@vger.kernel.org > --- > drivers/char/tpm/tpm_tis_core.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c > index e3bf31b..d0301dc 100644 > --- a/drivers/char/tpm/tpm_tis_core.c > +++ b/drivers/char/tpm/tpm_tis_core.c > @@ -186,6 +186,12 @@ static int recv_data(struct tpm_chip *chip, u8 *buf, > size_t count) > chip->timeout_c, > &priv->read_queue, true) == 0) { > burstcnt = min_t(int, get_burstcount(chip), count - size); > + if (burstcnt < 0) { > + dev_err(&chip->dev, > + "Unable to read burstcount in %s:%d (%s)\n", > + __FILE__, __LINE__, __func__); > + return rc; > + } "return burstcnt;" I guess __func__ would be enough to deduce the call site? > rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality), > burstcnt, buf + size); > @@ -272,6 +278,13 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 > *buf, size_t len) > > while (count < len - 1) { > burstcnt = min_t(int, get_burstcount(chip), len - count - 1); > + if (burstcnt < 0) { > + dev_err(&chip->dev, > + "Unable to read burstcount in %s:%d (%s)\n", > + __FILE__, __LINE__, __func__); > + rc = burstcnt; > + goto out_err; > + } > rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality), > burstcnt, buf + count); > if (rc < 0) > -- > 2.8.0.rc3.226.g39d4020 /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel