| Message ID | 20210429183742.756766-2-list.lkml.keyrings@me.benboeckel.net (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | trusted-keys: match tpm_get_ops on all return paths | expand |
On Thu, 2021-04-29 at 14:37 -0400, Ben Boeckel wrote: > From: Ben Boeckel <mathstuf@gmail.com> > > The `tpm_get_ops` call at the beginning of the function is not paired > with a `tpm_put_ops` on this return path. > > Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key > format for the blobs") > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Ben Boeckel <mathstuf@gmail.com> > --- > security/keys/trusted-keys/trusted_tpm2.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/security/keys/trusted-keys/trusted_tpm2.c > b/security/keys/trusted-keys/trusted_tpm2.c > index 617fabd4d913..25c2c4d564de 100644 > --- a/security/keys/trusted-keys/trusted_tpm2.c > +++ b/security/keys/trusted-keys/trusted_tpm2.c > @@ -335,8 +335,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > else > rc = -EPERM; > } > - if (blob_len < 0) > + if (blob_len < 0) { > + tpm_put_ops(chip); > return blob_len; > + } > > payload->blob_len = blob_len; > Actually, I think this is a better fix to avoid multiple put and returns. James --- diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index d225ad140960..cbf2a932577b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, rc = -EPERM; } if (blob_len < 0) - return blob_len; - - payload->blob_len = blob_len; + rc = blob_len; + else + payload->blob_len = blob_len; tpm_put_ops(chip); return rc;
On Thu, Apr 29, 2021 at 11:50:50 -0700, James Bottomley wrote: > Actually, I think this is a better fix to avoid multiple put and > returns. > > James > > --- > > diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c > index d225ad140960..cbf2a932577b 100644 > --- a/security/keys/trusted-keys/trusted_tpm2.c > +++ b/security/keys/trusted-keys/trusted_tpm2.c > @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > rc = -EPERM; > } > if (blob_len < 0) > - return blob_len; > - > - payload->blob_len = blob_len; > + rc = blob_len; > + else > + payload->blob_len = blob_len; > > tpm_put_ops(chip); > return rc; Ah, that does look better. I had first added a new label, but that didn't seem like an improvement in readability. I grabbed this pattern from an early return earlier in the function. But given that this is the end (and appears to be unlikely to have more logic inserted in the future), this seems more reasonable to me as well. Do you want me to respin or just let it up to you at this point? Thanks, --Ben
On Thu, 2021-04-29 at 15:03 -0400, Ben Boeckel wrote: > On Thu, Apr 29, 2021 at 11:50:50 -0700, James Bottomley wrote: > > Actually, I think this is a better fix to avoid multiple put and > > returns. > > > > James > > > > --- > > > > diff --git a/security/keys/trusted-keys/trusted_tpm2.c > > b/security/keys/trusted-keys/trusted_tpm2.c > > index d225ad140960..cbf2a932577b 100644 > > --- a/security/keys/trusted-keys/trusted_tpm2.c > > +++ b/security/keys/trusted-keys/trusted_tpm2.c > > @@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > > rc = -EPERM; > > } > > if (blob_len < 0) > > - return blob_len; > > - > > - payload->blob_len = blob_len; > > + rc = blob_len; > > + else > > + payload->blob_len = blob_len; > > > > tpm_put_ops(chip); > > return rc; > > Ah, that does look better. I had first added a new label, but that > didn't seem like an improvement in readability. I grabbed this > pattern from an early return earlier in the function. But given that > this is the end (and appears to be unlikely to have more logic > inserted in the future), this seems more reasonable to me as well. Do > you want me to respin or just let it up to you at this point? Can you respin? ... I'm a bit lossy at the moment due to pressure of work. Thanks, James
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 617fabd4d913..25c2c4d564de 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -335,8 +335,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, else rc = -EPERM; } - if (blob_len < 0) + if (blob_len < 0) { + tpm_put_ops(chip); return blob_len; + } payload->blob_len = blob_len;