From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: "Stefan Berger" <stefanb@linux.ibm.com>, <stable@vger.kernel.org>,
<linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v6 1/5] tpm: Return on tpm2_create_null_primary() failure
Date: Sat, 19 Oct 2024 22:39:44 +0300 [thread overview]
Message-ID: <D501D1CY5SJ4.SUKXHV680B30@kernel.org> (raw)
In-Reply-To: <20241015205842.117300-2-jarkko@kernel.org>
On Tue Oct 15, 2024 at 11:58 PM EEST, Jarkko Sakkinen wrote:
> tpm2_sessions_init() does not ignore the result of
> tpm2_create_null_primary(). Address this by returning -ENODEV to the
> caller. Given that upper layers cannot help healing the situation
> further, deal with the TPM error here by
>
> Cc: stable@vger.kernel.org # v6.10+
> Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> ---
> v6:
> - Address:
> https://lore.kernel.org/linux-integrity/69c893e7-6b87-4daa-80db-44d1120e80fe@linux.ibm.com/
> as TPM RC is taken care of at the call site. Add also the missing
> documentation for the return values.
> v5:
> - Do not print klog messages on error, as tpm2_save_context() already
> takes care of this.
> v4:
> - Fixed up stable version.
> v3:
> - Handle TPM and POSIX error separately and return -ENODEV always back
> to the caller.
> v2:
> - Refined the commit message.
> ---
> drivers/char/tpm/tpm2-sessions.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> index 511c67061728..253639767c1e 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -1347,6 +1347,11 @@ static int tpm2_create_null_primary(struct tpm_chip *chip)
> *
> * Derive and context save the null primary and allocate memory in the
> * struct tpm_chip for the authorizations.
> + *
> + * Return:
> + * * 0 - OK
> + * * -errno - A system error
> + * * TPM_RC - A TPM error
> */
> int tpm2_sessions_init(struct tpm_chip *chip)
> {
> @@ -1354,7 +1359,7 @@ int tpm2_sessions_init(struct tpm_chip *chip)
>
> rc = tpm2_create_null_primary(chip);
> if (rc)
> - dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc);
I can fixup this message back before sending PR.
> + return rc;
>
> chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL);
> if (!chip->auth)
I don't know what happened to the cover letter but this version is only
major tweaks to the previous version.
BR, Jarkko
next prev parent reply other threads:[~2024-10-19 19:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241015205842.117300-1-jarkko@kernel.org>
2024-10-15 20:58 ` [PATCH v6 1/5] tpm: Return on tpm2_create_null_primary() failure Jarkko Sakkinen
2024-10-19 19:39 ` Jarkko Sakkinen [this message]
2024-10-15 20:58 ` [PATCH v6 2/5] tpm: Implement tpm2_load_null() rollback Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 3/5] tpm: flush the null key only when /dev/tpm0 is accessed Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() Jarkko Sakkinen
2024-10-15 20:58 ` [PATCH v6 5/5] tpm: flush the auth session only when /dev/tpm0 is open Jarkko Sakkinen
2024-10-19 19:55 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D501D1CY5SJ4.SUKXHV680B30@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=stable@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.