[PATCH v5 0/3] KEYS, trusted: a bunch of bug fixes

[PATCH v5 0/3] KEYS, trusted: a bunch of bug fixes

[jarkko]

From: Jarkko Sakkinen <jarkko@kernel.org>

This patch set contains a bunch of disjoint bug fixes.

v5:
* Call tpm_try_get_ops() and tpm_put_ops() inside tpm2_seal_trusted()
  and tpm2_unseal_trusted().
  https://lore.kernel.org/linux-integrity/CAFA6WYO4HJThYHhBxbx0Tr97sF_JFvTBur9uTGSQTtyQaOKpig@mail.gmail.com/

v4:
* Do not create stubs for tpm_transmit_cmd(), tpm_try_get_ops() and
  tpm_put_ops().
  https://lore.kernel.org/linux-integrity/20201013023927.GA71954@linux.intel.com/

v3:
* Reordered patches a bit, i.e. trivial fixes in the head and the least
  trivial in the tail.
  <no xref>
* Added the missing "return -ENODEV;" to tpm_transmit_cmd(), when the
  kernel is compiled without TPM support.
  https://lore.kernel.org/linux-integrity/202010110927.zsxMpek2-lkp@intel.com/

v2:
* Fix a kernel test bot warning.
  https://lore.kernel.org/linux-integrity/202010051152.9kxy43LO-lkp@intel.com/

Jarkko Sakkinen (3):
  KEYS: trusted: Fix incorrect handling of tpm_get_random()
  KEYS: trusted: Fix migratable=1 failing
  KEYS: trusted: Reserve TPM for seal and unseal operations

 drivers/char/tpm/tpm.h                    |  4 ----
 include/linux/tpm.h                       |  5 ++++-
 security/keys/trusted-keys/trusted_tpm1.c | 22 +++++++++++++++++----
 security/keys/trusted-keys/trusted_tpm2.c | 24 ++++++++++++++++++-----
 4 files changed, 41 insertions(+), 14 deletions(-)

-- 
2.30.0

[PATCH v5 1/3] KEYS: trusted: Fix incorrect handling of tpm_get_random()

[jarkko]

From: Jarkko Sakkinen <jarkko@kernel.org>

When tpm_get_random() was introduced, it defined the following API for the
return value:

1. A positive value tells how many bytes of random data was generated.
2. A negative value on error.

However, in the call sites the API was used incorrectly, i.e. as it would
only return negative values and otherwise zero. Returning he positive read
counts to the user space does not make any possible sense.

Fix this by returning -EIO when tpm_get_random() returns a positive value.

Fixes: 41ab999c80f1 ("tpm: Move tpm_get_random api into the TPM device driver")
Cc: stable@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Kent Yoder <key@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 security/keys/trusted-keys/trusted_tpm1.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 74d82093cbaa..204826b734ac 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -403,9 +403,12 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
 	int ret;
 
 	ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
-	if (ret != TPM_NONCE_SIZE)
+	if (ret < 0)
 		return ret;
 
+	if (ret != TPM_NONCE_SIZE)
+		return -EIO;
+
 	tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OSAP);
 	tpm_buf_append_u16(tb, type);
 	tpm_buf_append_u32(tb, handle);
@@ -496,8 +499,12 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
 		goto out;
 
 	ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
+	if (ret < 0)
+		return ret;
+
 	if (ret != TPM_NONCE_SIZE)
-		goto out;
+		return -EIO;
+
 	ordinal = htonl(TPM_ORD_SEAL);
 	datsize = htonl(datalen);
 	pcrsize = htonl(pcrinfosize);
@@ -601,9 +608,12 @@ static int tpm_unseal(struct tpm_buf *tb,
 
 	ordinal = htonl(TPM_ORD_UNSEAL);
 	ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
+	if (ret < 0)
+		return ret;
+
 	if (ret != TPM_NONCE_SIZE) {
 		pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
-		return ret;
+		return -EIO;
 	}
 	ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
 			   enonce1, nonceodd, cont, sizeof(uint32_t),
@@ -1013,8 +1023,12 @@ static int trusted_instantiate(struct key *key,
 	case Opt_new:
 		key_len = payload->key_len;
 		ret = tpm_get_random(chip, payload->key, key_len);
+		if (ret < 0)
+			goto out;
+
 		if (ret != key_len) {
 			pr_info("trusted_key: key_create failed (%d)\n", ret);
+			ret = -EIO;
 			goto out;
 		}
 		if (tpm2)
-- 
2.30.0

[PATCH v5 2/3] KEYS: trusted: Fix migratable=1 failing

[jarkko]

From: Jarkko Sakkinen <jarkko@kernel.org>

Consider the following transcript:

$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
add_key: Invalid argument

The documentation has the following description:

  migratable=   0|1 indicating permission to reseal to new PCR values,
                default 1 (resealing allowed)

The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.

[*] Documentation/security/keys/trusted-encrypted.rst

Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 security/keys/trusted-keys/trusted_tpm1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 204826b734ac..493eb91ed017 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 		case Opt_migratable:
 			if (*args[0].from == '0')
 				pay->migratable = 0;
-			else
+			else if (*args[0].from != '1')
 				return -EINVAL;
 			break;
 		case Opt_pcrlock:
-- 
2.30.0

[PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations

[jarkko]

From: Jarkko Sakkinen <jarkko@kernel.org>

When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
which are used to take temporarily the ownership of the TPM chip. The
ownership is only taken inside tpm_send(), but this is not sufficient,
as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
need to be done as a one single atom.

Take the TPM chip ownership before sending anything with
tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
TPM commands instead of tpm_send(), reverting back to the old behaviour.

Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: stable@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 drivers/char/tpm/tpm.h                    |  4 ----
 include/linux/tpm.h                       |  5 ++++-
 security/keys/trusted-keys/trusted_tpm2.c | 24 ++++++++++++++++++-----
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 947d1db0a5cc..283f78211c3a 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -164,8 +164,6 @@ extern const struct file_operations tpmrm_fops;
 extern struct idr dev_nums_idr;
 
 ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz);
-ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf,
-			 size_t min_rsp_body_length, const char *desc);
 int tpm_get_timeouts(struct tpm_chip *);
 int tpm_auto_startup(struct tpm_chip *chip);
 
@@ -194,8 +192,6 @@ static inline void tpm_msleep(unsigned int delay_msec)
 int tpm_chip_start(struct tpm_chip *chip);
 void tpm_chip_stop(struct tpm_chip *chip);
 struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip);
-__must_check int tpm_try_get_ops(struct tpm_chip *chip);
-void tpm_put_ops(struct tpm_chip *chip);
 
 struct tpm_chip *tpm_chip_alloc(struct device *dev,
 				const struct tpm_class_ops *ops);
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index ae2482510f8c..543aa3b1dedc 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -404,6 +404,10 @@ static inline u32 tpm2_rc_value(u32 rc)
 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
 
 extern int tpm_is_tpm2(struct tpm_chip *chip);
+extern __must_check int tpm_try_get_ops(struct tpm_chip *chip);
+extern void tpm_put_ops(struct tpm_chip *chip);
+extern ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf,
+				size_t min_rsp_body_length, const char *desc);
 extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
 			struct tpm_digest *digest);
 extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
@@ -417,7 +421,6 @@ static inline int tpm_is_tpm2(struct tpm_chip *chip)
 {
 	return -ENODEV;
 }
-
 static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx,
 			       struct tpm_digest *digest)
 {
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 08ec7f48f01d..c87c4df8703d 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -79,10 +79,16 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 	if (i == ARRAY_SIZE(tpm2_hash_map))
 		return -EINVAL;
 
-	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
+	rc = tpm_try_get_ops(chip);
 	if (rc)
 		return rc;
 
+	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
+	if (rc) {
+		tpm_put_ops(chip);
+		return rc;
+	}
+
 	tpm_buf_append_u32(&buf, options->keyhandle);
 	tpm2_buf_append_auth(&buf, TPM2_RS_PW,
 			     NULL /* nonce */, 0,
@@ -130,7 +136,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 		goto out;
 	}
 
-	rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
+	rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data");
 	if (rc)
 		goto out;
 
@@ -157,6 +163,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 			rc = -EPERM;
 	}
 
+	tpm_put_ops(chip);
 	return rc;
 }
 
@@ -211,7 +218,7 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
 		goto out;
 	}
 
-	rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
+	rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob");
 	if (!rc)
 		*blob_handle = be32_to_cpup(
 			(__be32 *) &buf.data[TPM_HEADER_SIZE]);
@@ -260,7 +267,7 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
 			     options->blobauth /* hmac */,
 			     TPM_DIGEST_SIZE);
 
-	rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
+	rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
 	if (rc > 0)
 		rc = -EPERM;
 
@@ -304,12 +311,19 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
 	u32 blob_handle;
 	int rc;
 
-	rc = tpm2_load_cmd(chip, payload, options, &blob_handle);
+	rc = tpm_try_get_ops(chip);
 	if (rc)
 		return rc;
 
+	rc = tpm2_load_cmd(chip, payload, options, &blob_handle);
+	if (rc)
+		goto out;
+
 	rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
 	tpm2_flush_context(chip, blob_handle);
 
+out:
+	tpm_put_ops(chip);
+
 	return rc;
 }
-- 
2.30.0

Re: [PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations

[Jarkko Sakkinen]

On Fri, 2021-01-29 at 14:44 +0530, Sumit Garg wrote:
> On Fri, 29 Jan 2021 at 05:26, <jarkko@kernel.org> wrote:
> > 
> > From: Jarkko Sakkinen <jarkko@kernel.org>
> > 
> > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
> > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
> > which are used to take temporarily the ownership of the TPM chip. The
> > ownership is only taken inside tpm_send(), but this is not sufficient,
> > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
> > need to be done as a one single atom.
> > 
> > Take the TPM chip ownership before sending anything with
> > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
> > TPM commands instead of tpm_send(), reverting back to the old behaviour.
> > 
> > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
> > Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
> > Cc: stable@vger.kernel.org
> > Cc: David Howells <dhowells@redhat.com>
> > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > Cc: Sumit Garg <sumit.garg@linaro.org>
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > ---
> >  drivers/char/tpm/tpm.h                    |  4 ----
> >  include/linux/tpm.h                       |  5 ++++-
> >  security/keys/trusted-keys/trusted_tpm2.c | 24 ++++++++++++++++++-----
> >  3 files changed, 23 insertions(+), 10 deletions(-)
> > 
> 
> Acked-by: Sumit Garg <sumit.garg@linaro.org>

Thanks.

/Jarkko

Re: [PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations

[Jarkko Sakkinen]

On Fri, 2021-01-29 at 08:58 -0500, Mimi Zohar wrote:
> On Fri, 2021-01-29 at 01:56 +0200, jarkko@kernel.org wrote:
> > From: Jarkko Sakkinen <jarkko@kernel.org>
> > 
> > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
> > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
> > which are used to take temporarily the ownership of the TPM chip. The
> > ownership is only taken inside tpm_send(), but this is not sufficient,
> > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
> > need to be done as a one single atom.
> > 
> > Take the TPM chip ownership before sending anything with
> > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
> > TPM commands instead of tpm_send(), reverting back to the old behaviour.
> > 
> > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
> > Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
> > Cc: stable@vger.kernel.org
> > Cc: David Howells <dhowells@redhat.com>
> > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > Cc: Sumit Garg <sumit.garg@linaro.org>
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> 
> Tested-by: Mimi Zohar <zohar@linux.ibm.com> (on TPM 1.2 & PTT, discrete
> TPM 2.0)

Thanks, is it OK to apply the whole series?

/Jarkko

Re: [PATCH v5 1/3] KEYS: trusted: Fix incorrect handling of tpm_get_random()

[Mimi Zohar]

On Fri, 2021-01-29 at 01:56 +0200, jarkko@kernel.org wrote:
> From: Jarkko Sakkinen <jarkko@kernel.org>
> 
> When tpm_get_random() was introduced, it defined the following API for the
> return value:
> 
> 1. A positive value tells how many bytes of random data was generated.
> 2. A negative value on error.
> 
> However, in the call sites the API was used incorrectly, i.e. as it would
> only return negative values and otherwise zero. Returning he positive read
> counts to the user space does not make any possible sense.
> 
> Fix this by returning -EIO when tpm_get_random() returns a positive value.
> 
> Fixes: 41ab999c80f1 ("tpm: Move tpm_get_random api into the TPM device driver")
> Cc: stable@vger.kernel.org
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Kent Yoder <key@linux.vnet.ibm.com>
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

thanks,

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>

Re: [PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations

[Mimi Zohar]

On Sat, 2021-01-30 at 23:28 +0200, Jarkko Sakkinen wrote:
> On Fri, 2021-01-29 at 08:58 -0500, Mimi Zohar wrote:
> > On Fri, 2021-01-29 at 01:56 +0200, jarkko@kernel.org wrote:
> > > From: Jarkko Sakkinen <jarkko@kernel.org>
> > > 
> > > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
> > > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
> > > which are used to take temporarily the ownership of the TPM chip. The
> > > ownership is only taken inside tpm_send(), but this is not sufficient,
> > > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
> > > need to be done as a one single atom.
> > > 
> > > Take the TPM chip ownership before sending anything with
> > > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
> > > TPM commands instead of tpm_send(), reverting back to the old behaviour.
> > > 
> > > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
> > > Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
> > > Cc: stable@vger.kernel.org
> > > Cc: David Howells <dhowells@redhat.com>
> > > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > > Cc: Sumit Garg <sumit.garg@linaro.org>
> > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > 
> > Tested-by: Mimi Zohar <zohar@linux.ibm.com> (on TPM 1.2 & PTT, discrete
> > TPM 2.0)
> 
> Thanks, is it OK to apply the whole series?

Yes.  The testing was with the entire patch set, but I didn't
explicitly test each change.  For the other two patches, please add my
Reviewed-by.

Mimi

Re: [PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations

[Jarkko Sakkinen]

On Sun, Jan 31, 2021 at 07:52:42AM -0500, Mimi Zohar wrote:
> On Sat, 2021-01-30 at 23:28 +0200, Jarkko Sakkinen wrote:
> > On Fri, 2021-01-29 at 08:58 -0500, Mimi Zohar wrote:
> > > On Fri, 2021-01-29 at 01:56 +0200, jarkko@kernel.org wrote:
> > > > From: Jarkko Sakkinen <jarkko@kernel.org>
> > > > 
> > > > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
> > > > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
> > > > which are used to take temporarily the ownership of the TPM chip. The
> > > > ownership is only taken inside tpm_send(), but this is not sufficient,
> > > > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
> > > > need to be done as a one single atom.
> > > > 
> > > > Take the TPM chip ownership before sending anything with
> > > > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
> > > > TPM commands instead of tpm_send(), reverting back to the old behaviour.
> > > > 
> > > > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
> > > > Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
> > > > Cc: stable@vger.kernel.org
> > > > Cc: David Howells <dhowells@redhat.com>
> > > > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > > > Cc: Sumit Garg <sumit.garg@linaro.org>
> > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > > 
> > > Tested-by: Mimi Zohar <zohar@linux.ibm.com> (on TPM 1.2 & PTT, discrete
> > > TPM 2.0)
> > 
> > Thanks, is it OK to apply the whole series?
> 
> Yes.  The testing was with the entire patch set, but I didn't
> explicitly test each change.  For the other two patches, please add my
> Reviewed-by.
> 
> Mimi

Thank you. I will do that.

/Jarkko