From: Jarkko Sakkinen <jarkko@kernel.org>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: linux-integrity@vger.kernel.org
Subject: Re: [PATCH] tpm: fix tpm disabling if NULL name changes
Date: Mon, 23 Mar 2026 07:36:32 +0200 [thread overview]
Message-ID: <acDRYGH37TzlT23b@kernel.org> (raw)
In-Reply-To: <e12b2c091d85ae6bb1f54133c7d4727770f1ee9f.camel@HansenPartnership.com>
On Fri, Mar 13, 2026 at 10:31:03AM -0400, James Bottomley wrote:
> There's a logic error in the earlier fix which means that if the NULL
> name comparison fails, the tpm isn't disabled because rc remains zero.
> Fix this by setting it to an error.
>
> Cc: stable@vger.kernel.org # 6.12
> Fixes: cc7d8594342a ("tpm: Rollback tpm2_load_null()")
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> ---
>
> I didn't actually discover this problem until I was trying to do a
> reset attack demo with an updated kernel.
>
> drivers/char/tpm/tpm2-sessions.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-
> sessions.c
> index 3b1cf1ca0420..bd1c0456e775 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -961,6 +961,7 @@ static int tpm2_load_null(struct tpm_chip *chip,
> u32 *null_key)
> /* Deduce from the name change TPM interference: */
> dev_err(&chip->dev, "null key integrity check failed\n");
> tpm2_flush_context(chip, tmp_null_key);
> + rc = -ENODEV;
>
> err:
> if (rc) {
> --
> 2.51.0
>
>
Possible to resend (fake ancestor)?
Other than that,
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
prev parent reply other threads:[~2026-03-23 5:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-13 14:31 [PATCH] tpm: fix tpm disabling if NULL name changes James Bottomley
2026-03-23 5:36 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acDRYGH37TzlT23b@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.