[PATCH] tpm: fix tpm disabling if NULL name changes

public inbox for linux-integrity@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] tpm: fix tpm disabling if NULL name changes
@ 2026-03-13 14:31 James Bottomley
  2026-03-23  5:36 ` Jarkko Sakkinen
  0 siblings, 1 reply; 2+ messages in thread
From: James Bottomley @ 2026-03-13 14:31 UTC (permalink / raw)
  To: linux-integrity; +Cc: Jarkko Sakkinen

There's a logic error in the earlier fix which means that if the NULL
name comparison fails, the tpm isn't disabled because rc remains zero.
Fix this by setting it to an error.

Cc: stable@vger.kernel.org # 6.12
Fixes: cc7d8594342a ("tpm: Rollback tpm2_load_null()")
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---

I didn't actually discover this problem until I was trying to do a
reset attack demo with an updated kernel.

 drivers/char/tpm/tpm2-sessions.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-
sessions.c
index 3b1cf1ca0420..bd1c0456e775 100644
--- a/drivers/char/tpm/tpm2-sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -961,6 +961,7 @@ static int tpm2_load_null(struct tpm_chip *chip,
u32 *null_key)
 	/* Deduce from the name change TPM interference: */
 	dev_err(&chip->dev, "null key integrity check failed\n");
 	tpm2_flush_context(chip, tmp_null_key);
+	rc = -ENODEV;
 
 err:
 	if (rc) {
-- 
2.51.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] tpm: fix tpm disabling if NULL name changes
  2026-03-13 14:31 [PATCH] tpm: fix tpm disabling if NULL name changes James Bottomley
@ 2026-03-23  5:36 ` Jarkko Sakkinen
  0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Sakkinen @ 2026-03-23  5:36 UTC (permalink / raw)
  To: James Bottomley; +Cc: linux-integrity

On Fri, Mar 13, 2026 at 10:31:03AM -0400, James Bottomley wrote:
> There's a logic error in the earlier fix which means that if the NULL
> name comparison fails, the tpm isn't disabled because rc remains zero.
> Fix this by setting it to an error.
> 
> Cc: stable@vger.kernel.org # 6.12
> Fixes: cc7d8594342a ("tpm: Rollback tpm2_load_null()")
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> ---
> 
> I didn't actually discover this problem until I was trying to do a
> reset attack demo with an updated kernel.
> 
>  drivers/char/tpm/tpm2-sessions.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-
> sessions.c
> index 3b1cf1ca0420..bd1c0456e775 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -961,6 +961,7 @@ static int tpm2_load_null(struct tpm_chip *chip,
> u32 *null_key)
>  	/* Deduce from the name change TPM interference: */
>  	dev_err(&chip->dev, "null key integrity check failed\n");
>  	tpm2_flush_context(chip, tmp_null_key);
> +	rc = -ENODEV;
>  
>  err:
>  	if (rc) {
> -- 
> 2.51.0
> 
> 

Possible to resend (fake ancestor)?

Other than that,

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-23  5:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-13 14:31 [PATCH] tpm: fix tpm disabling if NULL name changes James Bottomley
2026-03-23  5:36 ` Jarkko Sakkinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox