[PATCH v8 1/3] tpm: Return tpm2_sessions_init() when null key creation fails

Stefan Berger stefanb at linux.ibm.com
Mon Oct 28 13:00:30 UTC 2024 


On 10/28/24 1:49 AM, Jarkko Sakkinen wrote:
> Do not continue tpm2_sessions_init() further if the null key pair creation
> fails.
> 
> Cc: stable at vger.kernel.org # v6.10+
> Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
> Signed-off-by: Jarkko Sakkinen <jarkko at kernel.org>

Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>

> ---
> v8:
> - Refine commit message.
> v7:
> - Add the error message back but fix it up a bit:
>    1. Remove 'TPM:' given dev_err().
>    2. s/NULL/null/ as this has nothing to do with the macro in libc.
>    3. Fix the reasoning: null key creation failed
> v6:
> - Address:
>    https://lore.kernel.org/linux-integrity/69c893e7-6b87-4daa-80db-44d1120e80fe@linux.ibm.com/
>    as TPM RC is taken care of at the call site. Add also the missing
>    documentation for the return values.
> v5:
> - Do not print klog messages on error, as tpm2_save_context() already
>    takes care of this.
> v4:
> - Fixed up stable version.
> v3:
> - Handle TPM and POSIX error separately and return -ENODEV always back
>    to the caller.
> v2:
> - Refined the commit message.
> ---
>   drivers/char/tpm/tpm2-sessions.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> index d3521aadd43e..a0306126e86c 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -1347,14 +1347,21 @@ static int tpm2_create_null_primary(struct tpm_chip *chip)
>    *
>    * Derive and context save the null primary and allocate memory in the
>    * struct tpm_chip for the authorizations.
> + *
> + * Return:
> + * * 0		- OK
> + * * -errno	- A system error
> + * * TPM_RC	- A TPM error
>    */
>   int tpm2_sessions_init(struct tpm_chip *chip)
>   {
>   	int rc;
>   
>   	rc = tpm2_create_null_primary(chip);
> -	if (rc)
> -		dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc);
> +	if (rc) {
> +		dev_err(&chip->dev, "null key creation failed with %d\n", rc);
> +		return rc;
> +	}
>   
>   	chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL);
>   	if (!chip->auth)

More information about the Linux-security-module-archive mailing list