From: kernel test robot <lkp@intel.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: oe-kbuild-all@lists.linux.dev
Subject: [jarkko-tpmdd:tpm2-session 14/14] security/keys/trusted-keys/trusted_tpm2.c:489:21: warning: the comparison will always evaluate as 'true' for the address of 'blobauth' will never be NULL
Date: Tue, 23 Sep 2025 07:29:02 +0200 [thread overview]
Message-ID: <202509230748.evWsUrty-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tpm2-session
head: 8443d24da35ca59b7be6056fa1ebe74070eb9e4a
commit: 8443d24da35ca59b7be6056fa1ebe74070eb9e4a [14/14] keys, trusted: Remove redundant helper
config: x86_64-rhel-9.4-func (https://download.01.org/0day-ci/archive/20250923/202509230748.evWsUrty-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250923/202509230748.evWsUrty-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202509230748.evWsUrty-lkp@intel.com/
All warnings (new ones prefixed by >>):
security/keys/trusted-keys/trusted_tpm2.c: In function 'tpm2_unseal_cmd':
>> security/keys/trusted-keys/trusted_tpm2.c:489:21: warning: the comparison will always evaluate as 'true' for the address of 'blobauth' will never be NULL [-Waddress]
489 | if (options->blobauth)
| ^~~~~~~
In file included from security/keys/trusted-keys/trusted_tpm2.c:14:
include/keys/trusted-type.h:41:23: note: 'blobauth' declared here
41 | unsigned char blobauth[TPM_DIGEST_SIZE];
| ^~~~~~~~
vim +489 security/keys/trusted-keys/trusted_tpm2.c
437
438 /**
439 * tpm2_unseal_cmd() - execute a TPM2_Unload command
440 *
441 * @chip: TPM chip to use
442 * @payload: the key data in clear and encrypted form
443 * @options: authentication values and other options
444 * @blob_handle: blob handle
445 *
446 * Return: 0 on success
447 * -EPERM on tpm error status
448 * < 0 error from tpm_send
449 */
450 static int tpm2_unseal_cmd(struct tpm_chip *chip,
451 struct trusted_key_payload *payload,
452 struct trusted_key_options *options,
453 u32 blob_handle)
454 {
455 struct tpm_header *head;
456 struct tpm_buf buf;
457 u16 data_len;
458 int offset;
459 u8 *data;
460 int rc;
461
462 rc = tpm2_start_auth_session(chip);
463 if (rc)
464 return rc;
465
466 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
467 if (rc) {
468 tpm2_end_auth_session(chip);
469 return rc;
470 }
471
472 tpm_buf_append_name(chip, &buf, blob_handle, NULL);
473
474 if (!options->policyhandle) {
475 tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT,
476 options->blobauth,
477 options->blobauth_len);
478 } else {
479 /*
480 * The policy session is generated outside the kernel, and thus
481 * the password will end up being unencrypted on the bus, as
482 * HMAC nonce cannot be calculated for it.
483 */
484 tpm_buf_append_u32(&buf, 9 + options->blobauth_len);
485 tpm_buf_append_u32(&buf, options->policyhandle);
486 tpm_buf_append_u16(&buf, 0);
487 tpm_buf_append_u8(&buf, 0);
488 tpm_buf_append_u16(&buf, options->blobauth_len);
> 489 if (options->blobauth)
490 tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
491 if (tpm2_chip_auth(chip)) {
492 tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0);
493 } else {
494 offset = buf.handles * 4 + TPM_HEADER_SIZE;
495 head = (struct tpm_header *)buf.data;
496 if (tpm_buf_length(&buf) == offset)
497 head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
498 }
499 }
500
501 tpm_buf_fill_hmac_session(chip, &buf);
502 rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
503 rc = tpm_buf_check_hmac_response(chip, &buf, rc);
504
505 if (!rc) {
506 data_len = be16_to_cpup(
507 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
508 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE) {
509 rc = -EFAULT;
510 goto out;
511 }
512
513 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) {
514 rc = -EFAULT;
515 goto out;
516 }
517 data = &buf.data[TPM_HEADER_SIZE + 6];
518
519 if (payload->old_format) {
520 /* migratable flag is at the end of the key */
521 memcpy(payload->key, data, data_len - 1);
522 payload->key_len = data_len - 1;
523 payload->migratable = data[data_len - 1];
524 } else {
525 /*
526 * migratable flag already collected from key
527 * attributes
528 */
529 memcpy(payload->key, data, data_len);
530 payload->key_len = data_len;
531 }
532 }
533
534 out:
535 tpm_buf_destroy(&buf);
536 return tpm_ret_to_err(rc);
537 }
538
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2025-09-23 5:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202509230748.evWsUrty-lkp@intel.com \
--to=lkp@intel.com \
--cc=jarkko@kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.