tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Matthew R. Ochs <[email protected]>	2024-05-22 15:06:40 +0300
committer	Jarkko Sakkinen <[email protected]>	2024-05-28 13:03:57 +0300
commit	195aba96b854dd664768f382cd1db375d8181f88 (patch)
tree	696d793032d6c1268ed7084e83674838248ce44d /lib/test_fortify/write_overflow-memcpy.c
parent	2bfcfd584ff5ccc8bb7acde19b42570414bf880b (diff)

tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN. Introduce SPI_HDRSIZE to account for the header and use to allocate the transfer buffer. Fixes: a86a42ac2bd6 ("tpm_tis_spi: Add hardware wait polling") Signed-off-by: Matthew R. Ochs <[email protected]> Tested-by: Carol Soto <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>

Diffstat (limited to 'lib/test_fortify/write_overflow-memcpy.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: