linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] KEYS: trusted: Fix TPM reservation for seal/unseal
@ 2021-04-21 22:42 James Bottomley
  2021-04-21 23:11 ` Mimi Zohar
  0 siblings, 1 reply; 2+ messages in thread
From: James Bottomley @ 2021-04-21 22:42 UTC (permalink / raw)
  To: linux-integrity, keyrings; +Cc: jarkko, Mimi Zohar

The original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal
and unseal operations") was correct on the mailing list:

https://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/

But somehow got rebased so that the tpm_try_get_ops() in
tpm2_seal_trusted() got lost.  This causes an imbalanced put of the
TPM ops and causes oopses on TIS based hardware.

This fix puts back the lost tpm_try_get_ops()

Fixes: 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal operations")
Reported-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 security/keys/trusted-keys/trusted_tpm2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index d225ad140960..617fabd4d913 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -248,7 +248,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 	if (!options->keyhandle)
 		return -EINVAL;
 
-	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
+	rc = tpm_try_get_ops(chip);
 	if (rc)
 		return rc;
 
-- 
2.26.2



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] KEYS: trusted: Fix TPM reservation for seal/unseal
  2021-04-21 22:42 [PATCH] KEYS: trusted: Fix TPM reservation for seal/unseal James Bottomley
@ 2021-04-21 23:11 ` Mimi Zohar
  0 siblings, 0 replies; 2+ messages in thread
From: Mimi Zohar @ 2021-04-21 23:11 UTC (permalink / raw)
  To: James Bottomley, linux-integrity, keyrings; +Cc: jarkko

On Wed, 2021-04-21 at 15:42 -0700, James Bottomley wrote:
> The original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal
> and unseal operations") was correct on the mailing list:
> 
> https://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/
> 
> But somehow got rebased so that the tpm_try_get_ops() in
> tpm2_seal_trusted() got lost.  This causes an imbalanced put of the
> TPM ops and causes oopses on TIS based hardware.
> 
> This fix puts back the lost tpm_try_get_ops()
> 
> Fixes: 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal operations")
> Reported-by: Mimi Zohar <zohar@linux.ibm.com>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Thanks, James!

Acked-by: Mimi Zohar <zohar@linux.ibm.com>

Mimi


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-21 23:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 22:42 [PATCH] KEYS: trusted: Fix TPM reservation for seal/unseal James Bottomley
2021-04-21 23:11 ` Mimi Zohar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).