[PATCH v5 1/5] tpm: Return on tpm2_create_null_primary() failure
Jarkko Sakkinen
jarkko at kernel.org
Mon Oct 7 23:47:02 UTC 2024
On Thu, 2024-10-03 at 10:57 -0400, Stefan Berger wrote:
>
>
> On 9/21/24 8:08 AM, Jarkko Sakkinen wrote:
> > tpm2_sessions_init() does not ignores the result of
>
> s/ignores/ignore
>
> > tpm2_create_null_primary(). Address this by returning -ENODEV to
> > the
> > caller.
>
> I am not sure why mapping all errors to -ENODEV resolves the fact
> that
> tpm2_sessions_init() does not ignore the result of
> tpm2_create_null_primary(). I think what you want is to return -
> ENODEV
> from tpm2_auto_startup.
Fair point.
>
> >
> > Cc: stable at vger.kernel.org # v6.10+
> > Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
> > Signed-off-by: Jarkko Sakkinen <jarkko at kernel.org>
> > ---
> > v5:
> > - Do not print klog messages on error, as tpm2_save_context()
> > already
> > takes care of this.
> > v4:
> > - Fixed up stable version.
> > v3:
> > - Handle TPM and POSIX error separately and return -ENODEV always
> > back
> > to the caller.
> > v2:
> > - Refined the commit message.
> > ---
> > drivers/char/tpm/tpm2-sessions.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm2-sessions.c
> > b/drivers/char/tpm/tpm2-sessions.c
> > index d3521aadd43e..0f09ac33ae99 100644
> > --- a/drivers/char/tpm/tpm2-sessions.c
> > +++ b/drivers/char/tpm/tpm2-sessions.c
> > @@ -1338,7 +1338,8 @@ static int tpm2_create_null_primary(struct
> > tpm_chip *chip)
> > tpm2_flush_context(chip, null_key);
> > }
> >
> > - return rc;
> > + /* Map all errors to -ENODEV: */
> > + return rc ? -ENODEV : rc;
>
> return rc ? -ENODEV : 0;
>
> > }
> >
> > /**
> > @@ -1354,7 +1355,7 @@ int tpm2_sessions_init(struct tpm_chip *chip)
> >
> > rc = tpm2_create_null_primary(chip);
> > if (rc)
> > - dev_err(&chip->dev, "TPM: security failed (NULL
> > seed derivation): %d\n", rc);
> > + return rc;
> >
> > chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL);
> > if (!chip->auth)
Thanks!
BR, Jarkko
More information about the Linux-security-module-archive
mailing list