On Mon, 2020-01-27 at 08:50 -0800, Lakshmi Ramasubramanian wrote:
> On 1/27/2020 8:01 AM, Mimi Zohar wrote:
>
> > +
> > + for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > + if (ima_tpm_chip->allocated_banks[i].alg_id == d.alg_id)
> > + break;
> > + }
> > +
> > + if (i == ima_tpm_chip->nr_allocated_banks)
> > + d.alg_id = ima_tpm_chip->allocated_banks[0].alg_id;
> > +
>
> Can the number of allocated banks (ima_tpm_chip->nr_allocated_banks) be
> zero? Should that be checked before accessing "allocated_banks"?
Yes, that might be the true, but I think the solution is not fixing
the problem here, but when ima_tpm_chip is set in ima_init().
tpm_default_chip() should be modified to return a TPM with at least
one bank enabled; and ima_init() needs to go into TPM-bypass mode if
there isn't.
Can anyone look into this please?
Mimi
