lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241028055007.1708971-2-jarkko@kernel.org>
Date: Mon, 28 Oct 2024 07:49:59 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: linux-integrity@...r.kernel.org,
	Peter Huewe <peterhuewe@....de>,
	Jarkko Sakkinen <jarkko@...nel.org>,
	Jason Gunthorpe <jgg@...pe.ca>,
	James Bottomley <James.Bottomley@...senPartnership.com>
Cc: linux-kernel@...r.kernel.org,
	David Howells <dhowells@...hat.com>,
	Mimi Zohar <zohar@...ux.ibm.com>,
	Roberto Sassu <roberto.sassu@...wei.com>,
	Stefan Berger <stefanb@...ux.ibm.com>,
	Paul Moore <paul@...l-moore.com>,
	James Morris <jmorris@...ei.org>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
	Eric Snowberg <eric.snowberg@...cle.com>,
	keyrings@...r.kernel.org (open list:KEYS-TRUSTED),
	linux-security-module@...r.kernel.org (open list:SECURITY SUBSYSTEM),
	stable@...r.kernel.org
Subject: [PATCH v8 1/3] tpm: Return tpm2_sessions_init() when null key creation fails

Do not continue tpm2_sessions_init() further if the null key pair creation
fails.

Cc: stable@...r.kernel.org # v6.10+
Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
---
v8:
- Refine commit message.
v7:
- Add the error message back but fix it up a bit:
  1. Remove 'TPM:' given dev_err().
  2. s/NULL/null/ as this has nothing to do with the macro in libc.
  3. Fix the reasoning: null key creation failed
v6:
- Address:
  https://lore.kernel.org/linux-integrity/69c893e7-6b87-4daa-80db-44d1120e80fe@linux.ibm.com/
  as TPM RC is taken care of at the call site. Add also the missing
  documentation for the return values.
v5:
- Do not print klog messages on error, as tpm2_save_context() already
  takes care of this.
v4:
- Fixed up stable version.
v3:
- Handle TPM and POSIX error separately and return -ENODEV always back
  to the caller.
v2:
- Refined the commit message.
---
 drivers/char/tpm/tpm2-sessions.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
index d3521aadd43e..a0306126e86c 100644
--- a/drivers/char/tpm/tpm2-sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -1347,14 +1347,21 @@ static int tpm2_create_null_primary(struct tpm_chip *chip)
  *
  * Derive and context save the null primary and allocate memory in the
  * struct tpm_chip for the authorizations.
+ *
+ * Return:
+ * * 0		- OK
+ * * -errno	- A system error
+ * * TPM_RC	- A TPM error
  */
 int tpm2_sessions_init(struct tpm_chip *chip)
 {
 	int rc;
 
 	rc = tpm2_create_null_primary(chip);
-	if (rc)
-		dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc);
+	if (rc) {
+		dev_err(&chip->dev, "null key creation failed with %d\n", rc);
+		return rc;
+	}
 
 	chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL);
 	if (!chip->auth)
-- 
2.47.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ