| Message ID | 1575781659.14069.9.camel@HansenPartnership.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix TPM 2.0 trusted keys | expand |
On Sat, 2019-12-07 at 21:07 -0800, James Bottomley wrote: > The trusted keys code currently loads a blob into the TPM and unseals > on the handle. However, it never flushes the handle meaning that > volatile contexts build up until the TPM becomes unusable. Fix this > by flushing the handle after the unseal. > > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> > --- > drivers/char/tpm/tpm.h | 1 - > drivers/char/tpm/tpm2-cmd.c | 1 + > include/linux/tpm.h | 1 + > security/keys/trusted-keys/trusted_tpm2.c | 1 + > 4 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h > index b9e1547be6b5..5620747da0cf 100644 > --- a/drivers/char/tpm/tpm.h > +++ b/drivers/char/tpm/tpm.h > @@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, > int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, > struct tpm_digest *digests); > int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); > -void tpm2_flush_context(struct tpm_chip *chip, u32 handle); > ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, > u32 *value, const char *desc); > > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c > index fdb457704aa7..b87592f4a6c7 100644 > --- a/drivers/char/tpm/tpm2-cmd.c > +++ b/drivers/char/tpm/tpm2-cmd.c > @@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle) > tpm_transmit_cmd(chip, &buf, 0, "flushing context"); > tpm_buf_destroy(&buf); > } > +EXPORT_SYMBOL(tpm2_flush_context); Everything else is EXPORT_SYMBOL_GPL(). Why EXPORT_SYMBOL() here?
On Mon, 2019-12-09 at 08:31 +0000, David Woodhouse wrote: > On Sat, 2019-12-07 at 21:07 -0800, James Bottomley wrote: > > The trusted keys code currently loads a blob into the TPM and > > unseals > > on the handle. However, it never flushes the handle meaning that > > volatile contexts build up until the TPM becomes unusable. Fix > > this > > by flushing the handle after the unseal. > > > > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.c > > om> > > --- > > drivers/char/tpm/tpm.h | 1 - > > drivers/char/tpm/tpm2-cmd.c | 1 + > > include/linux/tpm.h | 1 + > > security/keys/trusted-keys/trusted_tpm2.c | 1 + > > 4 files changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h > > index b9e1547be6b5..5620747da0cf 100644 > > --- a/drivers/char/tpm/tpm.h > > +++ b/drivers/char/tpm/tpm.h > > @@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 > > pcr_idx, > > int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, > > struct tpm_digest *digests); > > int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); > > -void tpm2_flush_context(struct tpm_chip *chip, u32 handle); > > ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, > > u32 *value, const char *desc); > > > > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2- > > cmd.c > > index fdb457704aa7..b87592f4a6c7 100644 > > --- a/drivers/char/tpm/tpm2-cmd.c > > +++ b/drivers/char/tpm/tpm2-cmd.c > > @@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, > > u32 handle) > > tpm_transmit_cmd(chip, &buf, 0, "flushing context"); > > tpm_buf_destroy(&buf); > > } > > +EXPORT_SYMBOL(tpm2_flush_context); > > > Everything else is EXPORT_SYMBOL_GPL(). Why EXPORT_SYMBOL() here? No reason ... well, except I'm not sure the difference has any utility, but since I don't really care either way, I'll change all the exports. James
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index b9e1547be6b5..5620747da0cf 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digests); int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); -void tpm2_flush_context(struct tpm_chip *chip, u32 handle); ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, const char *desc); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index fdb457704aa7..b87592f4a6c7 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle) tpm_transmit_cmd(chip, &buf, 0, "flushing context"); tpm_buf_destroy(&buf); } +EXPORT_SYMBOL(tpm2_flush_context); struct tpm2_get_cap_out { u8 more_data; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 0d6e949ba315..03e9b184411b 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -403,6 +403,7 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); extern struct tpm_chip *tpm_default_chip(void); +void tpm2_flush_context(struct tpm_chip *chip, u32 handle); #else static inline int tpm_is_tpm2(struct tpm_chip *chip) { diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index a9810ac2776f..08ec7f48f01d 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -309,6 +309,7 @@ int tpm2_unseal_trusted(struct tpm_chip *chip, return rc; rc = tpm2_unseal_cmd(chip, payload, options, blob_handle); + tpm2_flush_context(chip, blob_handle); return rc; }
The trusted keys code currently loads a blob into the TPM and unseals on the handle. However, it never flushes the handle meaning that volatile contexts build up until the TPM becomes unusable. Fix this by flushing the handle after the unseal. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> --- drivers/char/tpm/tpm.h | 1 - drivers/char/tpm/tpm2-cmd.c | 1 + include/linux/tpm.h | 1 + security/keys/trusted-keys/trusted_tpm2.c | 1 + 4 files changed, 3 insertions(+), 1 deletion(-)