On Mon, Sep 10, 2018 at 10:02:38PM +0200, Ard Biesheuvel wrote:
> >> [146535.257274] tpm tpm0: A TPM error (379) occurred attempting get random
> >> [146535.257304] usercopy: Kernel memory exposure attempt detected from SLUB object 'kmalloc-64' (offset 0, size 379)!
>
> The TPM return code '379' is returned from rng_get_data(), and
> interpreted as a byte count rather than an error code.
So there are two bugs here. Once is in the TPM hw_random driver; it
shouldn't be returning the TPM error code. The second is that
rng_dev_read() should be more suspicious and validate the number of
bytes returned from the low-level hw_random driver for sanity.
- Ted
