Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4666027pxu;
        Tue, 13 Oct 2020 04:22:15 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx3X/VkLZ25gosa1duZWBKr6+7fiN1PqDN0h8BlLa+n92cqw03yGRvuZs8CuMTKtiITmQBV
X-Received: by 2002:aa7:d892:: with SMTP id u18mr20139485edq.305.1602588135432;
        Tue, 13 Oct 2020 04:22:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1602588135; cv=none;
        d=google.com; s=arc-20160816;
        b=S0+CyejqM+Cu/vEFW5lhnVdCUjfHw+JqWZw+FNXvyPXZDycQ+XT4x4EFLZlwyqPx9W
         ADECnPWTgabpUpXVEbrDRsM9mVUu4jnOIt5q4ABxNjWbyJkAl3qJTAgs1p0XhppBTyyd
         4XrJt+Ca3gn4WzvVmTCZA+BBAIQK4+zkG9pOTj7wmwY6qeMdv9vSZnrd3EeFB4axpfXE
         EeEKgTbw1QbPUBgiaSvJXe8AgEYNXS5BesPWu7weuM2+fhnL+2D5/U2qiAzR3Kt0ygRo
         6JkFh8EM/gN2fKVfgBRfxsVjho4kAbDiJYsEIju+61/3FyPdgzVXzegcIyz3fZYrz64N
         g+yw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=Ogfl30FnJjF7SYJRnzl+oLYMM0vbSlsCSa/taGumSIw=;
        b=uZma/bsieFrHwB0vh+Tm7htNeyA+JNKLtwNCJuUhf1Cju6+wFPZtOb4PcjoqigNens
         04INiRcIMAwORtBsIUB7Bh2wKszTIYkvyWcJtH6t79uN+sslt4rSdhZZy/bzbrQ467BH
         D1JytwC9wfoh9LoJE3uNpAOVlgrN69SC6K6+BH7BVdveH3vWorqG0L0sBTrUKVop5Q7E
         FXbd4+Fb6o6UNZzHXm1PnEDyRv4j7xfpDGrG//sT5cgKi7iG8y9n4Pq+81dEt8Up5jQA
         Ozt9BDrnPeYH7Oz4lNIyf4kEd9mW2H54ktdeRhdSB5+mVIReLPjSji56m2C3aPPBbAJ9
         slig==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id lh27si13949062ejb.698.2020.10.13.04.21.53;
        Tue, 13 Oct 2020 04:22:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728128AbgJMCwX (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Mon, 12 Oct 2020 22:52:23 -0400
Received: from mail.kernel.org ([198.145.29.99]:32778 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727023AbgJMCwU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Oct 2020 22:52:20 -0400
Received: from localhost (83-245-197-237.elisa-laajakaista.fi [83.245.197.237])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 47CFA206FB;
        Tue, 13 Oct 2020 02:52:19 +0000 (UTC)
From:   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To:     linux-integrity@vger.kernel.org
Cc:     David Howells <dhowells@redhat.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        stable@vger.kernel.org, James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        David Safford <safford@watson.ibm.com>,
        keyrings@vger.kernel.org (open list:KEYS-TRUSTED),
        linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM),
        linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v4 2/3] KEYS: trusted: Fix migratable=1 failing
Date:   Tue, 13 Oct 2020 05:51:55 +0300
Message-Id: <20201013025156.111305-3-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20201013025156.111305-1-jarkko.sakkinen@linux.intel.com>
References: <20201013025156.111305-1-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Consider the following transcript:

$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
add_key: Invalid argument

The documentation has the following description:

  migratable=   0|1 indicating permission to reseal to new PCR values,
                default 1 (resealing allowed)

The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.

[*] Documentation/security/keys/trusted-encrypted.rst

Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 security/keys/trusted-keys/trusted_tpm1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index c7b1701cdac5..7a937c3c5283 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 		case Opt_migratable:
 			if (*args[0].from == '0')
 				pay->migratable = 0;
-			else
+			else if (*args[0].from != '1')
 				return -EINVAL;
 			break;
 		case Opt_pcrlock:
-- 
2.25.1