Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp682643ybh; Sat, 3 Aug 2019 07:39:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqyVsG9JraSQVm3HD9YnmL2bKaMlv0T15Xoiu8+PTYbsuA9KxHLS6LfNCb1ED0a4+1Xc1F9j X-Received: by 2002:a17:902:3103:: with SMTP id w3mr12778189plb.84.1564843144949; Sat, 03 Aug 2019 07:39:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564843144; cv=none; d=google.com; s=arc-20160816; b=xmYjOtQ3siUDJSxuPcq/QFLCAdnoSgz6nmNN1ErIba04KwX0dNBRVaMoTq00DFkEFl T1/LGOiSrGxvxuZ6IZT0T8JF0FxsIcpYoClYoXgYziEouWqBE7/afFmghlDZI0ij4Rvi 08Aq3LBNFk0Z9BXRQeWwQZBOjZ+RaFzJNYp8p5OjTLqu/9+tM9IH/rscBUz8H7Ziefv7 WVrcexTJW1SK8WiRYeoh+f5nL5TP94llW9exeTViqst/eQN3VyJjQ8n7DI80sucwStyj z8hZ/iMoqW0BOoSnjX9i4PnsMFuWaSmAu3TNkz9nJwzrZygrYwhd8iXQyoIQX+9hnwX8 C7lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=P65EIjLx9nB19Udtd2EoQiJRl4Bp9EMvEIfFm2WlwZI=; b=Aa7h+eQGOo3PP+UOJ8pXlIWsDllA58TvrRsBjICMNxepijkCHPXKsGleHNUe5jXQjd pi1Rt/KhbGXvI+kNGrvQi/p1SmoJjKVhxWMIZy+ANBYt8W6QD8dPqI/kkn48QhuT3Wnz fyldjDRBq2Op+q9V6ay3mqTbjWlXlMPxvWL+8IKPjyPonzVK0+5emqKhDFo1I44Nddze ghrtzNHbX7uAVzhvLSEZPf2vkPcWXUuctnVUmCc6cS50G312tjgz4QVnRZHOxu+ZzDdU hcjp/3DkLFOaZeL4fu9+2JHwVj4YW+ufwb35B4t14y24I+HCUQ2YmR4H1gNgQUsUMTGI DtnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a25si41633580pfk.201.2019.08.03.07.38.49; Sat, 03 Aug 2019 07:39:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733206AbfHBPaq (ORCPT + 99 others); Fri, 2 Aug 2019 11:30:46 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:57690 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733136AbfHBPap (ORCPT ); Fri, 2 Aug 2019 11:30:45 -0400 Received: from 162-237-133-238.lightspeed.rcsntx.sbcglobal.net ([162.237.133.238] helo=elm) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1htZVr-0001Mo-Ax; Fri, 02 Aug 2019 15:30:35 +0000 Date: Fri, 2 Aug 2019 10:30:30 -0500 From: Tyler Hicks To: Roberto Sassu Cc: jarkko.sakkinen@linux.intel.com, jejb@linux.ibm.com, zohar@linux.ibm.com, jgg@ziepe.ca, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, crazyt2019+lml@gmail.com, nayna@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com Subject: Re: [PATCH v2] KEYS: trusted: allow module init if TPM is inactive or deactivated Message-ID: <20190802153030.GB26616@elm> References: <20190802150733.1972-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190802150733.1972-1-roberto.sassu@huawei.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-08-02 17:07:33, Roberto Sassu wrote: > Commit c78719203fc6 ("KEYS: trusted: allow trusted.ko to initialize w/o a > TPM") allows the trusted module to be loaded even a TPM is not found to ^ if > avoid module dependency problems. > > However, trusted module initialization can still fail if the TPM is > inactive or deactivated. This patch ignores tpm_get_random() errors in > init_digests() and returns -EFAULT in pcrlock() if the TPM didn't return > random data. > > Signed-off-by: Roberto Sassu The code changes look correct to me. Reviewed-by: Tyler Hicks For whoever takes this patch through their tree, I think that adding the following Fixes tag would be useful (as well as cc'ing stable): Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...") I think it is also worth leaving a short note, in the commit message, for backporters that commit 782779b60faa ("tpm: Actually fail on TPM errors during "get random"") should be included with any backports of this patch. Thanks! Tyler > --- > security/keys/trusted.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/security/keys/trusted.c b/security/keys/trusted.c > index 9a94672e7adc..34f04ffcf2e5 100644 > --- a/security/keys/trusted.c > +++ b/security/keys/trusted.c > @@ -389,6 +389,10 @@ static int pcrlock(const int pcrnum) > if (!capable(CAP_SYS_ADMIN)) > return -EPERM; > > + /* This happens if the TPM didn't return random data */ > + if (!digests) > + return -EFAULT; > + > return tpm_pcr_extend(chip, pcrnum, digests) ? -EINVAL : 0; > } > > @@ -1233,10 +1237,8 @@ static int __init init_digests(void) > int i; > > ret = tpm_get_random(chip, digest, TPM_MAX_DIGEST_SIZE); > - if (ret < 0) > - return ret; > - if (ret < TPM_MAX_DIGEST_SIZE) > - return -EFAULT; > + if (ret < 0 || ret < TPM_MAX_DIGEST_SIZE) > + return 0; > > digests = kcalloc(chip->nr_allocated_banks, sizeof(*digests), > GFP_KERNEL); > -- > 2.17.1 >