Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails

From: Jason Gunthorpe
Date: Fri Nov 17 2017 - 11:57:59 EST


On Fri, Nov 17, 2017 at 11:07:24AM +0100, Javier Martinez Canillas wrote:

> This patch is an RFC because I'm not sure if this is the correct way to fix this
> issue. I'm not that familiar with the TPM driver so may had missed some details.
>
> And example of user-space getting confused by the TPM chardev returning -EINVAL
> when sending a not supported TPM command can be seen in this tpm2-tools issue:
>
> https://github.com/intel/tpm2-tools/issues/621

I think this is a user space bug, unfortunately.

We talked about this when the spaces code was first written and it
seemed the best was to just return EINVAL to indicate that the kernel
could not accept the request.

This result is semantically different from the TPM could not execute
or complete the request.

Regarding your specific issue, can you make the command you want to
use validate? Would that make sense?

> + /*
> + * If command validation fails, sent it to the TPM anyways so it can
> + * report a proper error to user-space. Just don't do any TPM space
> + * management in this case.
> + */
> + cmd_validated = tpm_validate_command(chip, space, buf, bufsiz);

And sending a command that failed to validate to the TPM cannot be
done, as it violates our security model

Jason