On 10/21/24 1:39 AM, Jarkko Sakkinen wrote:
tpm2_sessions_init() does not ignore the result of tpm2_create_null_primary(). Address this by returning -ENODEV to the caller. Given that upper layers cannot help healing the situation
It looks like returning -ENODEV applied to a previous version of the patch.
further, deal with the TPM error here by
This sounds like an incomplete sentence...
Cc: stable@vger.kernel.org # v6.10+ Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation") Signed-off-by: Jarkko Sakkinen jarkko@kernel.org
v7:
- Add the error message back but fix it up a bit:
- Remove 'TPM:' given dev_err().
- s/NULL/null/ as this has nothing to do with the macro in libc.
- Fix the reasoning: null key creation failed
v6:
- Address: https://lore.kernel.org/linux-integrity/69c893e7-6b87-4daa-80db-44d1120e80fe... as TPM RC is taken care of at the call site. Add also the missing documentation for the return values.
v5:
- Do not print klog messages on error, as tpm2_save_context() already takes care of this.
v4:
- Fixed up stable version.
v3:
- Handle TPM and POSIX error separately and return -ENODEV always back to the caller.
v2:
- Refined the commit message.
drivers/char/tpm/tpm2-sessions.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..1e12e0b2492e 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1347,14 +1347,21 @@ static int tpm2_create_null_primary(struct tpm_chip *chip)
- Derive and context save the null primary and allocate memory in the
- struct tpm_chip for the authorizations.
- Return:
- 0 - OK
- -errno - A system error
*/ int tpm2_sessions_init(struct tpm_chip *chip) { int rc;
- TPM_RC - A TPM error
rc = tpm2_create_null_primary(chip);
- if (rc)
dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc);
- if (rc) {
dev_err(&chip->dev, "null primary key creation failed with %d\n", rc);return rc;- }
chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); if (!chip->auth)