On Thu, 30 Apr 2026 15:51:49 +0000, Stefan Berger <[email protected]> wrote:
> When the TIS, SPAPR, or CRB frontends negotiate a buffer size with the
> TPM backend, then the tpm_emulator (swtpm) could still adjust this size
> of the buffer to within bounds supported by swtpm+libtpms if the chosen
> size was outside the acceptable range. This could theoretically lead to
> the TPM 2 using a bigger buffer than what was requested and memory
> allocated for. In practice this would not happend since the requested size
> of 4096 bytes for TIS and SPAPR and 3968 bytes for CRB are in the
happen
>
>
> diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c
> index 75c33d290e7..653989ac0e3 100644
> --- a/backends/tpm/tpm_emulator.c
> +++ b/backends/tpm/tpm_emulator.c
> @@ -387,8 +388,18 @@ static int tpm_emulator_set_buffer_size(TPMBackend *tb,
> return -1;
> }
>
> + tpm_buffersize = be32_to_cpu(psbs.u.resp.buffersize);
> + /* Reject different buffer size used by the TPM than what was requested.
> */
> + if (wanted_size != 0 && wanted_size != tpm_buffersize) {
> + error_setg(errp,
> + "tpm-emulator: TPM did not accept the requested buffer
> size "
> + "of %zu bytes but adjusted it to %zu bytes\n",
Remove the trailing \n in error_setg() format string.
--
Marc-André Lureau <[email protected]>
