linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2 0/1] trusted-keys: match tpm_get_ops on all return paths
@ 2021-04-29 19:21 Ben Boeckel
  2021-04-29 19:21 ` [PATCH v2 1/1] " Ben Boeckel
  0 siblings, 1 reply; 7+ messages in thread
From: Ben Boeckel @ 2021-04-29 19:21 UTC (permalink / raw)
  To: keyrings
  Cc: Ben Boeckel, James Bottomley, linux-integrity, linux-kernel,
	linux-security-module

From: Ben Boeckel <mathstuf@gmail.com>

Bug report thread Message-Id: <YIpV9pcyM9/rWqEt@mwanda>

---
v1 -> v2:
  - simplify the return path since we're at the end of the function
    anyways

Ben Boeckel (1):
  trusted-keys: match tpm_get_ops on all return paths

 security/keys/trusted-keys/trusted_tpm2.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


base-commit: 3644286f6cbcea86f6fa4d308e7ac06bf2a3715a
-- 
2.30.2


^ permalink raw reply	[flat|nested] 7+ messages in thread
* [PATCH v2 1/1] trusted-keys: match tpm_get_ops on all return paths
  2021-04-29 19:21 [PATCH v2 0/1] trusted-keys: match tpm_get_ops on all return paths Ben Boeckel
@ 2021-04-29 19:21 ` Ben Boeckel
  2021-05-10 21:04   ` Ben Boeckel
  0 siblings, 1 reply; 7+ messages in thread
From: Ben Boeckel @ 2021-04-29 19:21 UTC (permalink / raw)
  To: keyrings
  Cc: Ben Boeckel, James Bottomley, linux-integrity, linux-kernel,
	linux-security-module, Dan Carpenter

From: Ben Boeckel <mathstuf@gmail.com>

The `tpm_get_ops` call at the beginning of the function is not paired
with a `tpm_put_ops` on this return path.

Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
---
 security/keys/trusted-keys/trusted_tpm2.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 617fabd4d913..0165da386289 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
 			rc = -EPERM;
 	}
 	if (blob_len < 0)
-		return blob_len;
-
-	payload->blob_len = blob_len;
+		rc = blob_len;
+	else
+		payload->blob_len = blob_len;
 
 	tpm_put_ops(chip);
 	return rc;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] trusted-keys: match tpm_get_ops on all return paths
  2021-04-29 19:21 ` [PATCH v2 1/1] " Ben Boeckel
@ 2021-05-10 21:04   ` Ben Boeckel
  2021-05-10 23:19     ` James Bottomley
                       ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Ben Boeckel @ 2021-05-10 21:04 UTC (permalink / raw)
  To: keyrings
  Cc: Ben Boeckel, James Bottomley, linux-integrity, linux-kernel,
	linux-security-module, Dan Carpenter

On Thu, Apr 29, 2021 at 15:21:56 -0400, Ben Boeckel wrote:
> From: Ben Boeckel <mathstuf@gmail.com>
> 
> The `tpm_get_ops` call at the beginning of the function is not paired
> with a `tpm_put_ops` on this return path.
> 
> Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
> ---
>  security/keys/trusted-keys/trusted_tpm2.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> index 617fabd4d913..0165da386289 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
>  			rc = -EPERM;
>  	}
>  	if (blob_len < 0)
> -		return blob_len;
> -
> -	payload->blob_len = blob_len;
> +		rc = blob_len;
> +	else
> +		payload->blob_len = blob_len;
>  
>  	tpm_put_ops(chip);
>  	return rc;

Ping? Is this going to make 5.13? This fixes an issue that is in
5.13-rc1.

--Ben

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] trusted-keys: match tpm_get_ops on all return paths
  2021-05-10 21:04   ` Ben Boeckel
@ 2021-05-10 23:19     ` James Bottomley
  2021-05-11 23:39     ` Jarkko Sakkinen
  2021-05-11 23:45     ` Jarkko Sakkinen
  2 siblings, 0 replies; 7+ messages in thread
From: James Bottomley @ 2021-05-10 23:19 UTC (permalink / raw)
  To: Ben Boeckel, keyrings
  Cc: Ben Boeckel, linux-integrity, linux-kernel,
	linux-security-module, Dan Carpenter

On Mon, 2021-05-10 at 17:04 -0400, Ben Boeckel wrote:
> On Thu, Apr 29, 2021 at 15:21:56 -0400, Ben Boeckel wrote:
> > From: Ben Boeckel <mathstuf@gmail.com>
> > 
> > The `tpm_get_ops` call at the beginning of the function is not
> > paired
> > with a `tpm_put_ops` on this return path.
> > 
> > Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key
> > format for the blobs")
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
> > ---
> >  security/keys/trusted-keys/trusted_tpm2.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> > b/security/keys/trusted-keys/trusted_tpm2.c
> > index 617fabd4d913..0165da386289 100644
> > --- a/security/keys/trusted-keys/trusted_tpm2.c
> > +++ b/security/keys/trusted-keys/trusted_tpm2.c
> > @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> >  			rc = -EPERM;
> >  	}
> >  	if (blob_len < 0)
> > -		return blob_len;
> > -
> > -	payload->blob_len = blob_len;
> > +		rc = blob_len;
> > +	else
> > +		payload->blob_len = blob_len;
> >  
> >  	tpm_put_ops(chip);
> >  	return rc;
> 
> Ping? Is this going to make 5.13? This fixes an issue that is in
> 5.13-rc1.

It's not urgent, since it's in an error in the ASN.1 encoder, the only
real way to produce it is if the system runs out of memory, which is
highly unlikely since the allocations are all GFP_KERNEL.  We've also
got another 8 or so weeks before 5.13 so there's time for this to go
through the normal review process.

James



^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] trusted-keys: match tpm_get_ops on all return paths
  2021-05-10 21:04   ` Ben Boeckel
  2021-05-10 23:19     ` James Bottomley
@ 2021-05-11 23:39     ` Jarkko Sakkinen
  2021-05-11 23:45     ` Jarkko Sakkinen
  2 siblings, 0 replies; 7+ messages in thread
From: Jarkko Sakkinen @ 2021-05-11 23:39 UTC (permalink / raw)
  To: Ben Boeckel
  Cc: keyrings, Ben Boeckel, James Bottomley, linux-integrity,
	linux-kernel, linux-security-module, Dan Carpenter

On Mon, May 10, 2021 at 05:04:33PM -0400, Ben Boeckel wrote:
> On Thu, Apr 29, 2021 at 15:21:56 -0400, Ben Boeckel wrote:
> > From: Ben Boeckel <mathstuf@gmail.com>
> > 
> > The `tpm_get_ops` call at the beginning of the function is not paired
> > with a `tpm_put_ops` on this return path.
> > 
> > Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
> > ---
> >  security/keys/trusted-keys/trusted_tpm2.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> > index 617fabd4d913..0165da386289 100644
> > --- a/security/keys/trusted-keys/trusted_tpm2.c
> > +++ b/security/keys/trusted-keys/trusted_tpm2.c
> > @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> >  			rc = -EPERM;
> >  	}
> >  	if (blob_len < 0)
> > -		return blob_len;
> > -
> > -	payload->blob_len = blob_len;
> > +		rc = blob_len;
> > +	else
> > +		payload->blob_len = blob_len;
> >  
> >  	tpm_put_ops(chip);
> >  	return rc;
> 
> Ping? Is this going to make 5.13? This fixes an issue that is in
> 5.13-rc1.

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

/Jarkko

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] trusted-keys: match tpm_get_ops on all return paths
  2021-05-10 21:04   ` Ben Boeckel
  2021-05-10 23:19     ` James Bottomley
  2021-05-11 23:39     ` Jarkko Sakkinen
@ 2021-05-11 23:45     ` Jarkko Sakkinen
  2021-05-11 23:58       ` Ben Boeckel
  2 siblings, 1 reply; 7+ messages in thread
From: Jarkko Sakkinen @ 2021-05-11 23:45 UTC (permalink / raw)
  To: Ben Boeckel
  Cc: keyrings, Ben Boeckel, James Bottomley, linux-integrity,
	linux-kernel, linux-security-module, Dan Carpenter

On Mon, May 10, 2021 at 05:04:33PM -0400, Ben Boeckel wrote:
> On Thu, Apr 29, 2021 at 15:21:56 -0400, Ben Boeckel wrote:
> > From: Ben Boeckel <mathstuf@gmail.com>
> > 
> > The `tpm_get_ops` call at the beginning of the function is not paired
> > with a `tpm_put_ops` on this return path.
> > 
> > Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
> > ---
> >  security/keys/trusted-keys/trusted_tpm2.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> > index 617fabd4d913..0165da386289 100644
> > --- a/security/keys/trusted-keys/trusted_tpm2.c
> > +++ b/security/keys/trusted-keys/trusted_tpm2.c
> > @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> >  			rc = -EPERM;
> >  	}
> >  	if (blob_len < 0)
> > -		return blob_len;
> > -
> > -	payload->blob_len = blob_len;
> > +		rc = blob_len;
> > +	else
> > +		payload->blob_len = blob_len;
> >  
> >  	tpm_put_ops(chip);
> >  	return rc;
> 
> Ping? Is this going to make 5.13? This fixes an issue that is in
> 5.13-rc1.
> 
> --Ben

I applied it, probably will do additional PR for v5.13 in order to fix
some urgent tpm_tis issues, so I'll include this to the same pull
request. Thanks for fixing this!

/Jarkko

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] trusted-keys: match tpm_get_ops on all return paths
  2021-05-11 23:45     ` Jarkko Sakkinen
@ 2021-05-11 23:58       ` Ben Boeckel
  0 siblings, 0 replies; 7+ messages in thread
From: Ben Boeckel @ 2021-05-11 23:58 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: keyrings, Ben Boeckel, James Bottomley, linux-integrity,
	linux-kernel, linux-security-module, Dan Carpenter

On Wed, May 12, 2021 at 02:45:59 +0300, Jarkko Sakkinen wrote:
> I applied it, probably will do additional PR for v5.13 in order to fix
> some urgent tpm_tis issues, so I'll include this to the same pull
> request. Thanks for fixing this!

Thanks for the update :) .

--Ben

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-05-11 23:58 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-29 19:21 [PATCH v2 0/1] trusted-keys: match tpm_get_ops on all return paths Ben Boeckel
2021-04-29 19:21 ` [PATCH v2 1/1] " Ben Boeckel
2021-05-10 21:04   ` Ben Boeckel
2021-05-10 23:19     ` James Bottomley
2021-05-11 23:39     ` Jarkko Sakkinen
2021-05-11 23:45     ` Jarkko Sakkinen
2021-05-11 23:58       ` Ben Boeckel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).