KEYS: trusted: Fix TPM reservation for seal/unseal

Message ID	30acbe05a0569bd3b3a9f968c4863e1f42b6d320.camel@HansenPartnership.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-integrity-owner@kernel.org> Message-ID: <30acbe05a0569bd3b3a9f968c4863e1f42b6d320.camel@HansenPartnership.com> Subject: [PATCH] KEYS: trusted: Fix TPM reservation for seal/unseal From: James Bottomley <James.Bottomley@HansenPartnership.com> To: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org Cc: jarkko@kernel.org, Mimi Zohar <zohar@linux.ibm.com> Date: Wed, 21 Apr 2021 15:42:47 -0700 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk
Series	KEYS: trusted: Fix TPM reservation for seal/unseal \| expand KEYS: trusted: Fix TPM reservation for seal/unseal

Message ID

30acbe05a0569bd3b3a9f968c4863e1f42b6d320.camel@HansenPartnership.com (mailing list archive)

State

New, archived

Headers

Message-ID: 
 <30acbe05a0569bd3b3a9f968c4863e1f42b6d320.camel@HansenPartnership.com>
Subject: [PATCH] KEYS: trusted: Fix TPM reservation for seal/unseal
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org
Cc: jarkko@kernel.org, Mimi Zohar <zohar@linux.ibm.com>
Date: Wed, 21 Apr 2021 15:42:47 -0700
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.4 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

KEYS: trusted: Fix TPM reservation for seal/unseal | expand

Commit Message

James Bottomley April 21, 2021, 10:42 p.m. UTC

The original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal
and unseal operations") was correct on the mailing list:

https://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/

But somehow got rebased so that the tpm_try_get_ops() in
tpm2_seal_trusted() got lost.  This causes an imbalanced put of the
TPM ops and causes oopses on TIS based hardware.

This fix puts back the lost tpm_try_get_ops()

Fixes: 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal operations")
Reported-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 security/keys/trusted-keys/trusted_tpm2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Mimi Zohar April 21, 2021, 11:11 p.m. UTC | #1

On Wed, 2021-04-21 at 15:42 -0700, James Bottomley wrote:
> The original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal
> and unseal operations") was correct on the mailing list:
> 
> https://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/
> 
> But somehow got rebased so that the tpm_try_get_ops() in
> tpm2_seal_trusted() got lost.  This causes an imbalanced put of the
> TPM ops and causes oopses on TIS based hardware.
> 
> This fix puts back the lost tpm_try_get_ops()
> 
> Fixes: 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal operations")
> Reported-by: Mimi Zohar <zohar@linux.ibm.com>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Thanks, James!

Acked-by: Mimi Zohar <zohar@linux.ibm.com>

Mimi

diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index d225ad140960..617fabd4d913 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -248,7 +248,7 @@  int tpm2_seal_trusted(struct tpm_chip *chip,
 	if (!options->keyhandle)
 		return -EINVAL;
 
-	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
+	rc = tpm_try_get_ops(chip);
 	if (rc)
 		return rc;

KEYS: trusted: Fix TPM reservation for seal/unseal

Commit Message

Comments

Patch