On Wed, 2019-01-16 at 23:23 +0200, Jarkko Sakkinen wrote: [...]
- rc = tpm2_commit_space(chip, space, ordinal, buf, &len);
+out_space:
- if (rc)
tpm2_flush_space(chip);
- else
rc = tpm2_commit_space(chip, space, ordinal, buf,
&len);
I don't think this is quite right. tpm2_flush_space only flushes the handles it knows about and those are the ones from before the TPM operation was attempted. If the operation has altered the internal state we could miss a created handle in this flush and it would effectively reside forever in the TPM. We should be able to rely on the TPM preserving the original state if it returns an error, so I think your patch works for that part. However rc is also set to -EFAULT on a transmission error and if that's on the receive path, the TPM may have changed state before the error occurred.
If the object is to move the TPM back to where it was before the error occurred, even in the case of transmit errors, then I think we need to invent a new kind of flush that queries the current TPM state and then flushes everything.
James