[PATCH v4 1/6] tpm: dynamically allocate active_banks array
Ken Goldman
kgold at linux.ibm.com
Thu Nov 8 15:54:38 UTC 2018
On 11/8/2018 10:21 AM, Jarkko Sakkinen wrote:
> I would just allocate array of the size of possible banks and grow
> nr_active_banks for active algorithms to keep the code simple because
> we are talking about insignificant amount of wasted space (might be
> even zero bytes given how kernel allocators works)>
Just beware that "possible banks" is tricky. While 2 is typical,
getcapability will return a bitmap for each digest algorithm. This is
also currently 2, but will be 3 in the next TPM, is 4 in the SW TPM,
and is potentially even higher.
Also, account for a TPM that is malicious and can return a count
as high as 0xffffffff. Range check count.
More information about the Linux-security-module-archive
mailing list