From nobody Sat Feb 7 11:31:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 791262F12A5; Sun, 25 Jan 2026 19:26:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769369186; cv=none; b=jPW3iF6CjQR1XQTs5q3t0RASoHKjwhYno3frSsCPUKG+SrGh+FbOuIsg0S9mFTT2cb2prsJiHaStT5KyjdB/rk7yEXZgME0zNCTKGPMLG0d1R4L4FphPKLmxVaDMYu0yejCZ+byvFSYUVzK+hLqXrayU3+/mCCzGnm180tCcq7s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769369186; c=relaxed/simple; bh=9w+/oURefUip/dy6+VaUNMG1zj0+wul0RQftvWiJcvI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gDkmT6dPfto5UWPhh+S2G4HQp7zkiULnSJCyPtpH4pY3jgqT3X3+OdD286T7UDnqduUlzB891Fvh+hAm5WjElOUmCV5QehrYXe0NhcL+4nP3UcKcI5U/6978wu6kuXad4gg9lSJyQuK9BFqWwXU3K4f5CA5tpOo9HOcEq49fR2M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=J+W1v6pf; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="J+W1v6pf" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C5322C4CEF1; Sun, 25 Jan 2026 19:26:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1769369186; bh=9w+/oURefUip/dy6+VaUNMG1zj0+wul0RQftvWiJcvI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J+W1v6pfajC32luuFpH5LN1Lm2BUlpNawD1hLs2h2Q8sNLFU4FNS+XWfVqXXbsLWW XJjaNiEjgIH7mBuhvXdEKpfV1Ndho2+DPobBniPnaZy/E7nG4k+3RyZda8nb1bG6tC ers2pJ6K3m750SDNuIeLn9kQCxUINVqlxWtTpf5nw7I9t4ZqOq2Wst3zo6VQypm2jx ccWAJ8NQsN5wu15loQxM89WTtLH2TanIFlwQzpgW+2xlSZQgJYR5O9kF8y9Fn+9ISV xhDjfDTjB8KvZLfSAqpDdlX+GNiXXzaGYBNsGSGH4mQvbtJf8dJX6JbcG/eaP/xGcY Lb00MZz2hqdhw== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Jonathan McDowell , James Bottomley , Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org (open list:KEYS-TRUSTED), linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v9 10/11] tpm-buf: Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW Date: Sun, 25 Jan 2026 21:25:20 +0200 Message-ID: <20260125192526.782202-11-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260125192526.782202-1-jarkko@kernel.org> References: <20260125192526.782202-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jarkko Sakkinen Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW into TPM_BUF_INVALID, given that they are identical. The only difference are the log messages. In addition, add a missing TPM_BUF_INVALID check to tpm_buf_append_handle() following the pattern from other functions in tpm-buf.c. Signed-off-by: Jarkko Sakkinen Reviewed-by: Jonathan McDowell --- drivers/char/tpm/tpm-buf.c | 10 ++++------ include/linux/tpm.h | 8 +++----- security/keys/trusted-keys/trusted_tpm2.c | 6 +++--- 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index 1d2b87455d3a..11b6bcf2f43d 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -103,13 +103,12 @@ EXPORT_SYMBOL_GPL(tpm_buf_length); */ void tpm_buf_append(struct tpm_buf *buf, const u8 *new_data, u16 new_lengt= h) { - /* Return silently if overflow has already happened. */ - if (buf->flags & TPM_BUF_OVERFLOW) + if (buf->flags & TPM_BUF_INVALID) return; =20 if ((buf->length + new_length) > PAGE_SIZE) { WARN(1, "tpm_buf: write overflow\n"); - buf->flags |=3D TPM_BUF_OVERFLOW; + buf->flags |=3D TPM_BUF_INVALID; return; } =20 @@ -156,14 +155,13 @@ static void tpm_buf_read(struct tpm_buf *buf, off_t *= offset, size_t count, void { off_t next_offset; =20 - /* Return silently if overflow has already happened. */ - if (buf->flags & TPM_BUF_BOUNDARY_ERROR) + if (buf->flags & TPM_BUF_INVALID) return; =20 next_offset =3D *offset + count; if (next_offset > buf->length) { WARN(1, "tpm_buf: read out of boundary\n"); - buf->flags |=3D TPM_BUF_BOUNDARY_ERROR; + buf->flags |=3D TPM_BUF_INVALID; return; } =20 diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e8339f0c9a2e..5a5d8e584e7b 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -382,12 +382,10 @@ struct tpm_header { } __packed; =20 enum tpm_buf_flags { - /* the capacity exceeded: */ - TPM_BUF_OVERFLOW =3D BIT(0), /* TPM2B format: */ - TPM_BUF_TPM2B =3D BIT(1), - /* read out of boundary: */ - TPM_BUF_BOUNDARY_ERROR =3D BIT(2), + TPM_BUF_TPM2B =3D BIT(0), + /* The buffer is in invalid and unusable state: */ + TPM_BUF_INVALID =3D BIT(1), }; =20 /* diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trus= ted-keys/trusted_tpm2.c index dbacebe7af56..8e694318b200 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -292,7 +292,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip, /* creation PCR */ tpm_buf_append_u32(&buf, 0); =20 - if (buf.flags & TPM_BUF_OVERFLOW) { + if (buf.flags & TPM_BUF_INVALID) { rc =3D -E2BIG; tpm2_end_auth_session(chip); goto out; @@ -308,7 +308,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out; =20 blob_len =3D tpm_buf_read_u32(&buf, &offset); - if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) { + if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_INVALID) { rc =3D -E2BIG; goto out; } @@ -412,7 +412,7 @@ static int tpm2_load_cmd(struct tpm_chip *chip, =20 tpm_buf_append(&buf, blob, blob_len); =20 - if (buf.flags & TPM_BUF_OVERFLOW) { + if (buf.flags & TPM_BUF_INVALID) { rc =3D -E2BIG; tpm2_end_auth_session(chip); goto out; --=20 2.52.0