linux-toradex.git/drivers/char/tpm, branch tegra Linux kernel for Apalis and Colibri modules TPM: Zero buffer after copying to userspace 2011-09-22T23:46:41+00:00 Peter Huewe huewe.external.infineon@googlemail.com 2011-09-15T17:47:42+00:00 3321c07ae5068568cd61ac9f4ba749006a7185c9 Since the buffer might contain security related data it might be a good idea to zero the buffer after we have copied it to userspace. This got assigned CVE-2011-1162. Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: Stable Kernel <stable@kernel.org> Signed-off-by: James Morris <jmorris@namei.org> 
Since the buffer might contain security related data it might be a good idea to
zero the buffer after we have copied it to userspace.

This got assigned CVE-2011-1162.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
TPM: Call tpm_transmit with correct size 2011-09-22T23:46:29+00:00 Peter Huewe huewe.external.infineon@googlemail.com 2011-09-15T17:37:43+00:00 6b07d30aca7e52f2881b8c8c20c8a2cd28e8b3d3 This patch changes the call of tpm_transmit by supplying the size of the userspace buffer instead of TPM_BUFSIZE. This got assigned CVE-2011-1161. [The first hunk didn't make sense given one could expect way less data than TPM_BUFSIZE, so added tpm_transmit boundary check over bufsiz instead The last parameter of tpm_transmit() reflects the amount of data expected from the device, and not the buffer size being supplied to it. It isn't ideal to parse it directly, so we just set it to the maximum the input buffer can handle and let the userspace API to do such job.] Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: Stable Kernel <stable@kernel.org> Signed-off-by: James Morris <jmorris@namei.org> 
This patch changes the call of tpm_transmit by supplying the size of the
userspace buffer instead of TPM_BUFSIZE.

This got assigned CVE-2011-1161.

[The first hunk didn't make sense given one could expect
 way less data than TPM_BUFSIZE, so added tpm_transmit boundary
 check over bufsiz instead
 The last parameter of tpm_transmit() reflects the amount
 of data expected from the device, and not the buffer size
 being supplied to it. It isn't ideal to parse it directly,
 so we just set it to the maximum the input buffer can handle
 and let the userspace API to do such job.]

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
TPM: tpm_nsc: Fix a double free of pdev in cleanup_nsc 2011-09-22T23:46:17+00:00 Axel Lin axel.lin@gmail.com 2011-08-03T23:58:07+00:00 de69113ec1896443c732e8b812e8005fb44eeeeb platform_device_unregister() will release all resources and remove it from the subsystem, then drop reference count by calling platform_device_put(). We should not call kfree(pdev) after platform_device_unregister(pdev). Signed-off-by: Axel Lin <axel.lin@gmail.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 
platform_device_unregister() will release all resources
and remove it from the subsystem, then drop reference count by
calling platform_device_put().

We should not call kfree(pdev) after platform_device_unregister(pdev).

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
TPM: TCG_ATMEL should depend on HAS_IOPORT 2011-09-22T23:45:57+00:00 Geert Uytterhoeven geert@linux-m68k.org 2011-08-08T11:08:19+00:00 5ce5ed35939ece8a9c7e0f10c7f3d5bc000c6b64 On m68k, I get: drivers/char/tpm/tpm_atmel.h: In function ‘atmel_get_base_addr’: drivers/char/tpm/tpm_atmel.h:129: error: implicit declaration of function ‘ioport_map’ drivers/char/tpm/tpm_atmel.h:129: warning: return makes pointer from integer without a cast The code in tpm_atmel.h supports PPC64 (using the device tree and ioremap()) and "anything else" (using ioport_map()). However, ioportmap() is only available on platforms that set HAS_IOPORT. Although PC64 seems to have HAS_IOPORT, a "depends on HAS_IOPORT" should work, but I think it's better to expose the special PPC64 handling explicit using "depends on PPC64 || HAS_IOPORT". Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 
On m68k, I get:

drivers/char/tpm/tpm_atmel.h: In function ‘atmel_get_base_addr’:
drivers/char/tpm/tpm_atmel.h:129: error: implicit declaration of function ‘ioport_map’
drivers/char/tpm/tpm_atmel.h:129: warning: return makes pointer from integer without a cast

The code in tpm_atmel.h supports PPC64 (using the device tree and ioremap())
and "anything else" (using ioport_map()). However, ioportmap() is only
available on platforms that set HAS_IOPORT.

Although PC64 seems to have HAS_IOPORT, a "depends on HAS_IOPORT" should work,
but I think it's better to expose the special PPC64 handling explicit using
"depends on PPC64 || HAS_IOPORT".

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
tpm_tis: fix build when ACPI is not enabled 2011-08-04T00:25:21+00:00 Randy Dunlap rdunlap@xenotime.net 2011-08-03T23:21:11+00:00 1560ffe62a9d53a51faeec7417becfba4f2a0d18 Fix tpm_tis.c build when CONFIG_ACPI is not enabled by providing a stub function. Fixes many build errors/warnings: drivers/char/tpm/tpm_tis.c:89: error: dereferencing pointer to incomplete type drivers/char/tpm/tpm_tis.c:89: warning: type defaults to 'int' in declaration of 'type name' drivers/char/tpm/tpm_tis.c:89: error: request for member 'list' in something not a structure or union ... Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Cc: Leendert van Doorn <leendert@watson.ibm.com> Cc: James Morris <jmorris@namei.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Fix tpm_tis.c build when CONFIG_ACPI is not enabled by providing a stub
function.  Fixes many build errors/warnings:

  drivers/char/tpm/tpm_tis.c:89: error: dereferencing pointer to incomplete type
  drivers/char/tpm/tpm_tis.c:89: warning: type defaults to 'int' in declaration of 'type name'
  drivers/char/tpm/tpm_tis.c:89: error: request for member 'list' in something not a structure or union
  ...

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Cc: Leendert van Doorn <leendert@watson.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
tpm_nsc: Fix bug when loading multiple TPM drivers 2011-07-26T00:34:34+00:00 Stefan Berger stefanb@linux.vnet.ibm.com 2011-07-22T21:39:20+00:00 29412f0f6a19e34336368f13eab848091c343952 This patch fixes kernel bugzilla 34572. https://bugzilla.kernel.org/show_bug.cgi?id=34572 Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl> Tested-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl> Signed-off-by: James Morris <jmorris@namei.org> 
This patch fixes kernel bugzilla 34572.

https://bugzilla.kernel.org/show_bug.cgi?id=34572

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Tested-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Signed-off-by: James Morris <jmorris@namei.org>
tpm: Move tpm_tis_reenable_interrupts out of CONFIG_PNP block 2011-07-22T07:33:24+00:00 Stefan Berger stefanb@linux.vnet.ibm.com 2011-07-17T05:04:24+00:00 968543100a75bef892f52eb86e92e83b3b7bc581 This patch moves the tpm_tis_reenable_interrupts function out of the CONFIG_PNP-surrounded #define block. This solves a compilation error in case CONFIG_PNP is not defined. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reported-by: Randy Dunlap <rdunlap@xenotime.net> Acked-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: James Morris <jmorris@namei.org> 
This patch moves the tpm_tis_reenable_interrupts function out of the
CONFIG_PNP-surrounded #define block. This solves a compilation error in
case CONFIG_PNP is not defined.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: James Morris <jmorris@namei.org>
tpm: Fix compilation warning when CONFIG_PNP is not defined 2011-07-20T23:29:56+00:00 Stefan Berger stefanb@linux.vnet.ibm.com 2011-07-18T13:11:55+00:00 6eb77b214985f8c2568f1f20f941790fbf8bf97b The is_itpm() function is only accessed from a block surrounded by #ifdef CONFIG_PNP. Therefore, also surround it with #ifdef CONFIG_PNP and remove the #else branch causing the warning. http://lxr.linux.no/#linux+v2.6.39/drivers/char/tpm/tpm_tis.c#L622 v2: - fixes a previous typo Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: James Morris <jmorris@namei.org> 
The is_itpm() function is only accessed from a block surrounded by
#ifdef CONFIG_PNP. Therefore, also surround it with #ifdef CONFIG_PNP
and remove the #else branch causing the warning.

http://lxr.linux.no/#linux+v2.6.39/drivers/char/tpm/tpm_tis.c#L622

v2:
 - fixes a previous typo

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: James Morris <jmorris@namei.org>
tpm: Fix a typo 2011-07-12T21:53:09+00:00 Stefan Berger stefanb@linux.vnet.ibm.com 2011-03-30T16:13:34+00:00 c9206693457a946698e1d67db2b424e1d101493d This patch fixes a typo. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> 
This patch fixes a typo.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
tpm_tis: Probing function for Intel iTPM bug 2011-07-12T21:53:09+00:00 Stefan Berger stefanb@linux.vnet.ibm.com 2011-03-30T16:13:33+00:00 9519de3f265f112e992aa7f446d905196bd608e8 This patch introduces a function for automatic probing for the Intel iTPM STS_DATA_EXPECT flaw. The patch splits the current tpm_tis_send function into 2 parts where the 1st part is now called tpm_tis_send_data() and merely sends the data to the TPM. This function is then used for probing. The new tpm_tis_send function now first calls tpm_tis_send_data and if that succeeds has the TPM process the command and waits until the response is there. The probing for the Intel iTPM is only invoked if the user has not passed itpm=1 as parameter for the module *or* if such a TPM was detected via ACPI. Previously it was necessary to pass itpm=1 when also passing force=1 to the module when doing a 'modprobe'. This function is more general than the ACPI test function and the function relying on ACPI could probably be removed. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> 
This patch introduces a function for automatic probing for the Intel iTPM
STS_DATA_EXPECT flaw.

The patch splits the current tpm_tis_send function into 2 parts where the 1st
part is now called tpm_tis_send_data() and merely sends the data to the TPM.
This function is then used for probing. The new tpm_tis_send function now
first calls tpm_tis_send_data and if that succeeds has the TPM process the
command and waits until the response is there.

The probing for the Intel iTPM is only invoked if the user has not passed
itpm=1 as parameter for the module *or* if such a TPM was detected via ACPI.
Previously it was necessary to pass itpm=1 when also passing force=1 to the
module when doing a 'modprobe'. This function is more general than the ACPI
test function and the function relying on ACPI could probably be removed.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>