From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Date: Tue, 13 Oct 2020 00:28:14 +0000 Subject: [PATCH v3 2/3] KEYS: trusted: Fix migratable=1 failing Message-Id: <20201013002815.40256-3-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable List-Id: References: <20201013002815.40256-1-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20201013002815.40256-1-jarkko.sakkinen@linux.intel.com> To: linux-integrity@vger.kernel.org Cc: David Howells , Mimi Zohar , James Bottomley , Jarkko Sakkinen , stable@vger.kernel.org, James Morris , "Serge E. Hallyn" , David Safford , "open list:KEYS-TRUSTED" , "open list:SECURITY SUBSYSTEM" , open list Consider the following transcript: $ keyctl add trusted kmk "new 32 blobauth=3Dhelloworld keyhandle=80000000 m= igratable=3D1" @u add_key: Invalid argument The documentation has the following description: migratable=3D 0|1 indicating permission to reseal to new PCR values, default 1 (resealing allowed) The consequence is that "migratable=3D1" should succeed. Fix this by allowing this condition to pass instead of return -EINVAL. [*] Documentation/security/keys/trusted-encrypted.rst Cc: stable@vger.kernel.org Cc: "James E.J. Bottomley" Cc: Mimi Zohar Cc: David Howells Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Signed-off-by: Jarkko Sakkinen --- security/keys/trusted-keys/trusted_tpm1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trus= ted-keys/trusted_tpm1.c index c7b1701cdac5..7a937c3c5283 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_paylo= ad *pay, case Opt_migratable: if (*args[0].from =3D '0') pay->migratable =3D 0; - else + else if (*args[0].from !=3D '1') return -EINVAL; break; case Opt_pcrlock: --=20 2.25.1