lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bb9ef4af-4a35-40e2-85cc-bcacae4f2dbc@linux.ibm.com>
Date: Wed, 23 Oct 2024 13:46:00 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Jarkko Sakkinen <jarkko@...nel.org>, linux-integrity@...r.kernel.org,
        Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
        James Bottomley <James.Bottomley@...senPartnership.com>
Cc: David Howells <dhowells@...hat.com>, Mimi Zohar <zohar@...ux.ibm.com>,
        Roberto Sassu <roberto.sassu@...wei.com>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH v7 1/5] tpm: Return on tpm2_create_null_primary() failure



On 10/21/24 1:39 AM, Jarkko Sakkinen wrote:
> tpm2_sessions_init() does not ignore the result of
> tpm2_create_null_primary(). Address this by returning -ENODEV to the
> caller. Given that upper layers cannot help healing the situation

It looks like returning -ENODEV applied to a previous version of the patch.

> further, deal with the TPM error here by

This sounds like an incomplete sentence...

> 
> Cc: stable@...r.kernel.org # v6.10+
> Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
> Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
> ---
> v7:
> - Add the error message back but fix it up a bit:
>    1. Remove 'TPM:' given dev_err().
>    2. s/NULL/null/ as this has nothing to do with the macro in libc.
>    3. Fix the reasoning: null key creation failed
> v6:
> - Address:
>    https://lore.kernel.org/linux-integrity/69c893e7-6b87-4daa-80db-44d1120e80fe@linux.ibm.com/
>    as TPM RC is taken care of at the call site. Add also the missing
>    documentation for the return values.
> v5:
> - Do not print klog messages on error, as tpm2_save_context() already
>    takes care of this.
> v4:
> - Fixed up stable version.
> v3:
> - Handle TPM and POSIX error separately and return -ENODEV always back
>    to the caller.
> v2:
> - Refined the commit message.
> ---
>   drivers/char/tpm/tpm2-sessions.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> index d3521aadd43e..1e12e0b2492e 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -1347,14 +1347,21 @@ static int tpm2_create_null_primary(struct tpm_chip *chip)
>    *
>    * Derive and context save the null primary and allocate memory in the
>    * struct tpm_chip for the authorizations.
> + *
> + * Return:
> + * * 0		- OK
> + * * -errno	- A system error
> + * * TPM_RC	- A TPM error
>    */
>   int tpm2_sessions_init(struct tpm_chip *chip)
>   {
>   	int rc;
>   
>   	rc = tpm2_create_null_primary(chip);
> -	if (rc)
> -		dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc);
> +	if (rc) {
> +		dev_err(&chip->dev, "null primary key creation failed with %d\n", rc);
> +		return rc;
> +	}
>   
>   	chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL);
>   	if (!chip->auth)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ