git.ipfire.org Git - thirdparty/kernel/stable.git/commit

tpm: Cap the number of PCR banks

[ Upstream commit faf07e611dfa464b201223a7253e9dc5ee0f3c9e ]

tpm2_get_pcr_allocation() does not cap any upper limit for the number of
banks. Cap the limit to eight banks so that out of bounds values coming
from external I/O cause on only limited harm.

Cc: stable@vger.kernel.org # v5.10+
Fixes: bcfff8384f6c ("tpm: dynamically allocate the allocated_banks array")
Tested-by: Lai Yi <yi1.lai@linux.intel.com>
Reviewed-by: Jonathan McDowell <noodles@meta.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
[ added backward-compatible define for TPM_MAX_DIGEST_SIZE to support older ima_init.c code still using that macro name ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
	Tue, 30 Dec 2025 00:38:42 +0000 (19:38 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 19 Jan 2026 12:12:03 +0000 (13:12 +0100)
commit	8ceee7288152bc121a6bf92997261838c78bfe06
tree	daf682d4b214f4fa39cca02a63e66c28c1898646	tree \| snapshot
parent	9f48638b2f7e5e8393e061b21e66ebfb3a4bca49	commit \| diff

drivers/char/tpm/tpm-chip.c		diff \| blob \| blame \| history
drivers/char/tpm/tpm1-cmd.c		diff \| blob \| blame \| history
drivers/char/tpm/tpm2-cmd.c		diff \| blob \| blame \| history
include/linux/tpm.h		diff \| blob \| blame \| history