On Mon, Sep 10, 2018 at 10:02:38PM +0200, Ard Biesheuvel wrote: > >> [146535.257274] tpm tpm0: A TPM error (379) occurred attempting get random > >> [146535.257304] usercopy: Kernel memory exposure attempt detected from SLUB object 'kmalloc-64' (offset 0, size 379)! > > The TPM return code '379' is returned from rng_get_data(), and > interpreted as a byte count rather than an error code. So there are two bugs here. Once is in the TPM hw_random driver; it shouldn't be returning the TPM error code. The second is that rng_dev_read() should be more suspicious and validate the number of bytes returned from the low-level hw_random driver for sanity. - Ted