From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS, URIBL_BLOCKED,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A6EEC43441 for ; Fri, 16 Nov 2018 16:20:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D3BFB2086B for ; Fri, 16 Nov 2018 16:20:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="vhwFUlVj" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D3BFB2086B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-security-module-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390064AbeKQCc7 (ORCPT ); Fri, 16 Nov 2018 21:32:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:44904 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728481AbeKQCc6 (ORCPT ); Fri, 16 Nov 2018 21:32:58 -0500 Received: from localhost (unknown [64.114.255.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EDF6320825; Fri, 16 Nov 2018 16:19:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542385198; bh=fiNXAnJ0prtU/3Ve4W2KZh0TOP9dj5xMbRihD+M9muc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=vhwFUlVjbC0grCIACuFr9EebLd427VTRICGGj/p0+6xVgGpXTL8LKVNT+5aYkz3Jx nxuvBbqFLvy7+X8ZswVwnwDX7VO7rL48iB4wz4Rn7frOg2ZF6oMgUykNPlLScHiut2 8DriqfHtLEH4/K2BIn9hEOA03Sr+MTMw4KFjcSmU= Date: Fri, 16 Nov 2018 11:19:57 -0500 From: Sasha Levin To: Jarkko Sakkinen Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, James Bottomley , Tomas Winkler , Tadeusz Struk , Stefan Berger , Nayna Jain , stable@vger.kernel.org, Peter Huewe , Jason Gunthorpe , Arnd Bergmann , Greg Kroah-Hartman , open list Subject: Re: [PATCH v8 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit() Message-ID: <20181116161957.GG1706@sasha-vm> References: <20181116123845.15705-1-jarkko.sakkinen@linux.intel.com> <20181116123845.15705-9-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20181116123845.15705-9-jarkko.sakkinen@linux.intel.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On Fri, Nov 16, 2018 at 02:38:32PM +0200, Jarkko Sakkinen wrote: >Always call tpm2_flush_space() on failure in tpm_try_transmit() so that >the volatile memory of the TPM gets cleared. If /dev/tpm0 does not have >sufficient permissions (usually it has), this could lead to the leakage >of TPM objects. Through /dev/tpmrm0 this issue does not raise any new >security concerns. > >Cc: James Bottomley >Cc: stable@vger.kernel.org >Fixes: 745b361e989a ("tpm:tpm: infrastructure for TPM spaces") >Signed-off-by: Jarkko Sakkinen >Reviewed-by: Stefan Berger Hi Jarkko, This patch seems to depend on previous patches in this series, but those were not tagged for stable. Do they also need to be backported? If so, can you tag them as such? -- Thanks, Sasha