On Thu, Feb 08, 2018 at 12:26:16PM -0800, James Bottomley wrote: > If a TPM is attached to a system via a serial bus on a platform that > suffers bit flips, we can get back dangerously wrong data. This patch > series aims never to do a direct copy into a kernel buffer based on an > unchecked size value returned from the TPM. > > Jeremy Boone (5): > tpm: fix potential buffer overruns caused by bit glitches on the bus > tpm: st33zp24: fix potential buffer overruns caused by bit glitches on > the bus > tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches > on the bus > tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches > on the bus > tpm_tis: fix potential buffer overruns caused by bit glitches on the > bus > > drivers/char/tpm/st33zp24/st33zp24.c | 4 ++-- > drivers/char/tpm/tpm-interface.c | 4 ++++ > drivers/char/tpm/tpm2-cmd.c | 4 ++++ > drivers/char/tpm/tpm_i2c_infineon.c | 5 +++-- > drivers/char/tpm/tpm_i2c_nuvoton.c | 5 +++-- > drivers/char/tpm/tpm_tis_core.c | 5 +++-- > 6 files changed, 19 insertions(+), 8 deletions(-) > > -- >o 2.12.3 Reviewed-by: Jarkko Sakkinen <jarkko.sakkkinen@xxxxxxxxxxxxxxx> I cannot test all of these but I'll put these to linux-next anyway. The changes are obvious and small scoped so if no one shouts they'll be part of the next PR. I've tested the changes that affect tpm2-cmd.c, tpm-interface.c and tpm_tis_core.c. For HW specific changes tested-by's would be much appreciated but I don't think they will break anything. Because these are quite critical fixes I wonder if I could do one more PR to 4.16? /Jarkko
