| Message ID | 20250407122806.15400-1-jarkko@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v4] tpm: Mask TPM RC in tpm2_start_auth_session() | expand |
On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote: > tpm2_start_auth_session() does not mask TPM RC correctly from the callers: > > [ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session > > Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX > error codes. > > Cc: stable@vger.kernel.org # v6.10+ > Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") > Reported-by: Herbert Xu <herbert@gondor.apana.org.au> > Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/ > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > --- > v4: > - tpm_to_ret() > v3: > - rc > 0 > v2: > - Investigate TPM rc only after destroying tpm_buf. > --- > drivers/char/tpm/tpm2-sessions.c | 20 ++++++-------------- > include/linux/tpm.h | 21 +++++++++++++++++++++ > 2 files changed, 27 insertions(+), 14 deletions(-) > > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c > index 3f89635ba5e8..102e099f22c1 100644 > --- a/drivers/char/tpm/tpm2-sessions.c > +++ b/drivers/char/tpm/tpm2-sessions.c > @@ -40,11 +40,6 @@ > * > * These are the usage functions: > * > - * tpm2_start_auth_session() which allocates the opaque auth structure > - * and gets a session from the TPM. This must be called before > - * any of the following functions. The session is protected by a > - * session_key which is derived from a random salt value > - * encrypted to the NULL seed. > * tpm2_end_auth_session() kills the session and frees the resources. > * Under normal operation this function is done by > * tpm_buf_check_hmac_response(), so this is only to be used on > @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) > } > > /** > - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM > - * @chip: the TPM chip structure to create the session with > + * tpm2_start_auth_session() - Create an a HMAC authentication session > + * @chip: A TPM chip > * > - * This function loads the NULL seed from its saved context and starts > - * an authentication session on the null seed, fills in the > - * @chip->auth structure to contain all the session details necessary > - * for performing the HMAC, encrypt and decrypt operations and > - * returns. The NULL seed is flushed before this function returns. > + * Loads the ephemeral key (null seed), and starts an HMAC authenticated > + * session. The null seed is flushed before the return. > * > - * Return: zero on success or actual error encountered. > + * Returns zero on success, or a POSIX error code. > */ > int tpm2_start_auth_session(struct tpm_chip *chip) > { > @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) > /* hash algorithm for session */ > tpm_buf_append_u16(&buf, TPM_ALG_SHA256); > > - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); > + rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession")); The cool thing here is that e.g., in the case of tpm2_start_auth_session, there is two implementation options: 1. tpm_to_ret(tpm2_start_auth_session) 2. tpm_to_ret(tpm_transmit_cmd) Just want to expose this choice.. > tpm2_flush_context(chip, null_key); > > if (rc == TPM2_RC_SUCCESS) > diff --git a/include/linux/tpm.h b/include/linux/tpm.h > index 6c3125300c00..c826d5a9d894 100644 > --- a/include/linux/tpm.h > +++ b/include/linux/tpm.h > @@ -257,8 +257,29 @@ enum tpm2_return_codes { > TPM2_RC_TESTING = 0x090A, /* RC_WARN */ > TPM2_RC_REFERENCE_H0 = 0x0910, > TPM2_RC_RETRY = 0x0922, > + TPM2_RC_SESSION_MEMORY = 0x0903, > }; > > +/* > + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The > + * fallback return value is -EFAULT. > + */ > +static inline ssize_t tpm_to_ret(ssize_t ret) > +{ > + /* Already a POSIX error: */ > + if (ret < 0) > + return ret; > + > + switch (ret) { > + case TPM2_RC_SUCCESS: > + return 0; > + case TPM2_RC_SESSION_MEMORY: > + return -ENOMEM; > + default: > + return -EFAULT; > + } > +} > + > enum tpm2_command_codes { > TPM2_CC_FIRST = 0x011F, > TPM2_CC_HIERARCHY_CONTROL = 0x0121, > -- > 2.39.5 > BR, Jarkko
On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote: >tpm2_start_auth_session() does not mask TPM RC correctly from the callers: > >[ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session > >Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX >error codes. > >Cc: stable@vger.kernel.org # v6.10+ >Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") >Reported-by: Herbert Xu <herbert@gondor.apana.org.au> >Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/ >Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> >--- >v4: >- tpm_to_ret() >v3: >- rc > 0 >v2: >- Investigate TPM rc only after destroying tpm_buf. >--- > drivers/char/tpm/tpm2-sessions.c | 20 ++++++-------------- > include/linux/tpm.h | 21 +++++++++++++++++++++ > 2 files changed, 27 insertions(+), 14 deletions(-) > >diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c >index 3f89635ba5e8..102e099f22c1 100644 >--- a/drivers/char/tpm/tpm2-sessions.c >+++ b/drivers/char/tpm/tpm2-sessions.c >@@ -40,11 +40,6 @@ > * > * These are the usage functions: > * >- * tpm2_start_auth_session() which allocates the opaque auth structure >- * and gets a session from the TPM. This must be called before >- * any of the following functions. The session is protected by a >- * session_key which is derived from a random salt value >- * encrypted to the NULL seed. > * tpm2_end_auth_session() kills the session and frees the resources. > * Under normal operation this function is done by > * tpm_buf_check_hmac_response(), so this is only to be used on >@@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) > } > > /** >- * tpm2_start_auth_session() - create a HMAC authentication session with the TPM >- * @chip: the TPM chip structure to create the session with >+ * tpm2_start_auth_session() - Create an a HMAC authentication session >+ * @chip: A TPM chip > * >- * This function loads the NULL seed from its saved context and starts >- * an authentication session on the null seed, fills in the >- * @chip->auth structure to contain all the session details necessary >- * for performing the HMAC, encrypt and decrypt operations and >- * returns. The NULL seed is flushed before this function returns. >+ * Loads the ephemeral key (null seed), and starts an HMAC authenticated >+ * session. The null seed is flushed before the return. > * >- * Return: zero on success or actual error encountered. >+ * Returns zero on success, or a POSIX error code. > */ > int tpm2_start_auth_session(struct tpm_chip *chip) > { >@@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) > /* hash algorithm for session */ > tpm_buf_append_u16(&buf, TPM_ALG_SHA256); > >- rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); >+ rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession")); > tpm2_flush_context(chip, null_key); > > if (rc == TPM2_RC_SUCCESS) >diff --git a/include/linux/tpm.h b/include/linux/tpm.h >index 6c3125300c00..c826d5a9d894 100644 >--- a/include/linux/tpm.h >+++ b/include/linux/tpm.h >@@ -257,8 +257,29 @@ enum tpm2_return_codes { > TPM2_RC_TESTING = 0x090A, /* RC_WARN */ > TPM2_RC_REFERENCE_H0 = 0x0910, > TPM2_RC_RETRY = 0x0922, >+ TPM2_RC_SESSION_MEMORY = 0x0903, nit: the other values are in ascending order, should we keep it or is it not important? (more a question for me than for the patch) > }; > >+/* >+ * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The >+ * fallback return value is -EFAULT. >+ */ >+static inline ssize_t tpm_to_ret(ssize_t ret) >+{ >+ /* Already a POSIX error: */ >+ if (ret < 0) >+ return ret; >+ >+ switch (ret) { >+ case TPM2_RC_SUCCESS: >+ return 0; >+ case TPM2_RC_SESSION_MEMORY: >+ return -ENOMEM; >+ default: >+ return -EFAULT; >+ } >+} I like this and in the future we could reuse it in different places like tpm2_load_context() and tpm2_save_context(). Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> BTW for my understading, looking at that code (sorry if the answer is obvious, but I'm learning) I'm confused about the use of tpm2_rc_value(). For example in tpm2_load_context() we have: rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); ... } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || rc == TPM2_RC_REFERENCE_H0) { While in tpm2_save_context(), we have: rc = tpm_transmit_cmd(chip, &tbuf, 0, NULL); ... } else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) { So to check TPM2_RC_REFERENCE_H0 we are using tpm2_rc_value() only sometimes, what's the reason? Thanks, Stefano
On Mon, Apr 07, 2025 at 03:51:21PM +0200, Stefano Garzarella wrote: > On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote: > > tpm2_start_auth_session() does not mask TPM RC correctly from the callers: > > > > [ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session > > > > Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX > > error codes. > > > > Cc: stable@vger.kernel.org # v6.10+ > > Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") > > Reported-by: Herbert Xu <herbert@gondor.apana.org.au> > > Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/ > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > --- > > v4: > > - tpm_to_ret() > > v3: > > - rc > 0 > > v2: > > - Investigate TPM rc only after destroying tpm_buf. > > --- > > drivers/char/tpm/tpm2-sessions.c | 20 ++++++-------------- > > include/linux/tpm.h | 21 +++++++++++++++++++++ > > 2 files changed, 27 insertions(+), 14 deletions(-) > > > > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c > > index 3f89635ba5e8..102e099f22c1 100644 > > --- a/drivers/char/tpm/tpm2-sessions.c > > +++ b/drivers/char/tpm/tpm2-sessions.c > > @@ -40,11 +40,6 @@ > > * > > * These are the usage functions: > > * > > - * tpm2_start_auth_session() which allocates the opaque auth structure > > - * and gets a session from the TPM. This must be called before > > - * any of the following functions. The session is protected by a > > - * session_key which is derived from a random salt value > > - * encrypted to the NULL seed. > > * tpm2_end_auth_session() kills the session and frees the resources. > > * Under normal operation this function is done by > > * tpm_buf_check_hmac_response(), so this is only to be used on > > @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) > > } > > > > /** > > - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM > > - * @chip: the TPM chip structure to create the session with > > + * tpm2_start_auth_session() - Create an a HMAC authentication session > > + * @chip: A TPM chip > > * > > - * This function loads the NULL seed from its saved context and starts > > - * an authentication session on the null seed, fills in the > > - * @chip->auth structure to contain all the session details necessary > > - * for performing the HMAC, encrypt and decrypt operations and > > - * returns. The NULL seed is flushed before this function returns. > > + * Loads the ephemeral key (null seed), and starts an HMAC authenticated > > + * session. The null seed is flushed before the return. > > * > > - * Return: zero on success or actual error encountered. > > + * Returns zero on success, or a POSIX error code. > > */ > > int tpm2_start_auth_session(struct tpm_chip *chip) > > { > > @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) > > /* hash algorithm for session */ > > tpm_buf_append_u16(&buf, TPM_ALG_SHA256); > > > > - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); > > + rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession")); > > tpm2_flush_context(chip, null_key); > > > > if (rc == TPM2_RC_SUCCESS) > > diff --git a/include/linux/tpm.h b/include/linux/tpm.h > > index 6c3125300c00..c826d5a9d894 100644 > > --- a/include/linux/tpm.h > > +++ b/include/linux/tpm.h > > @@ -257,8 +257,29 @@ enum tpm2_return_codes { > > TPM2_RC_TESTING = 0x090A, /* RC_WARN */ > > TPM2_RC_REFERENCE_H0 = 0x0910, > > TPM2_RC_RETRY = 0x0922, > > + TPM2_RC_SESSION_MEMORY = 0x0903, > > nit: the other values are in ascending order, should we keep it or is it not > important? > > (more a question for me than for the patch) nope > > > }; > > > > +/* > > + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The > > + * fallback return value is -EFAULT. > > + */ > > +static inline ssize_t tpm_to_ret(ssize_t ret) > > +{ > > + /* Already a POSIX error: */ > > + if (ret < 0) > > + return ret; > > + > > + switch (ret) { > > + case TPM2_RC_SUCCESS: > > + return 0; > > + case TPM2_RC_SESSION_MEMORY: > > + return -ENOMEM; > > + default: > > + return -EFAULT; > > + } > > +} > > I like this and in the future we could reuse it in different places like > tpm2_load_context() and tpm2_save_context(). > > Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> > > > BTW for my understading, looking at that code (sorry if the answer is > obvious, but I'm learning) I'm confused about the use of tpm2_rc_value(). > > For example in tpm2_load_context() we have: > > rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); > ... > } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || > rc == TPM2_RC_REFERENCE_H0) { > > While in tpm2_save_context(), we have: > > rc = tpm_transmit_cmd(chip, &tbuf, 0, NULL); > ... > } else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) { > > So to check TPM2_RC_REFERENCE_H0 we are using tpm2_rc_value() only > sometimes, what's the reason? Good catch, I'll update... TPM RC is a struct or bitfield. > > Thanks, > Stefano > > BR, Jarkko
On Mon, Apr 07, 2025 at 09:13:37PM +0300, Jarkko Sakkinen wrote: > On Mon, Apr 07, 2025 at 03:51:21PM +0200, Stefano Garzarella wrote: > > On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote: > > > tpm2_start_auth_session() does not mask TPM RC correctly from the callers: > > > > > > [ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session > > > > > > Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX > > > error codes. > > > > > > Cc: stable@vger.kernel.org # v6.10+ > > > Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") > > > Reported-by: Herbert Xu <herbert@gondor.apana.org.au> > > > Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/ > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > > --- > > > v4: > > > - tpm_to_ret() > > > v3: > > > - rc > 0 > > > v2: > > > - Investigate TPM rc only after destroying tpm_buf. > > > --- > > > drivers/char/tpm/tpm2-sessions.c | 20 ++++++-------------- > > > include/linux/tpm.h | 21 +++++++++++++++++++++ > > > 2 files changed, 27 insertions(+), 14 deletions(-) > > > > > > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c > > > index 3f89635ba5e8..102e099f22c1 100644 > > > --- a/drivers/char/tpm/tpm2-sessions.c > > > +++ b/drivers/char/tpm/tpm2-sessions.c > > > @@ -40,11 +40,6 @@ > > > * > > > * These are the usage functions: > > > * > > > - * tpm2_start_auth_session() which allocates the opaque auth structure > > > - * and gets a session from the TPM. This must be called before > > > - * any of the following functions. The session is protected by a > > > - * session_key which is derived from a random salt value > > > - * encrypted to the NULL seed. > > > * tpm2_end_auth_session() kills the session and frees the resources. > > > * Under normal operation this function is done by > > > * tpm_buf_check_hmac_response(), so this is only to be used on > > > @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) > > > } > > > > > > /** > > > - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM > > > - * @chip: the TPM chip structure to create the session with > > > + * tpm2_start_auth_session() - Create an a HMAC authentication session > > > + * @chip: A TPM chip > > > * > > > - * This function loads the NULL seed from its saved context and starts > > > - * an authentication session on the null seed, fills in the > > > - * @chip->auth structure to contain all the session details necessary > > > - * for performing the HMAC, encrypt and decrypt operations and > > > - * returns. The NULL seed is flushed before this function returns. > > > + * Loads the ephemeral key (null seed), and starts an HMAC authenticated > > > + * session. The null seed is flushed before the return. > > > * > > > - * Return: zero on success or actual error encountered. > > > + * Returns zero on success, or a POSIX error code. > > > */ > > > int tpm2_start_auth_session(struct tpm_chip *chip) > > > { > > > @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) > > > /* hash algorithm for session */ > > > tpm_buf_append_u16(&buf, TPM_ALG_SHA256); > > > > > > - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); > > > + rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession")); > > > tpm2_flush_context(chip, null_key); > > > > > > if (rc == TPM2_RC_SUCCESS) > > > diff --git a/include/linux/tpm.h b/include/linux/tpm.h > > > index 6c3125300c00..c826d5a9d894 100644 > > > --- a/include/linux/tpm.h > > > +++ b/include/linux/tpm.h > > > @@ -257,8 +257,29 @@ enum tpm2_return_codes { > > > TPM2_RC_TESTING = 0x090A, /* RC_WARN */ > > > TPM2_RC_REFERENCE_H0 = 0x0910, > > > TPM2_RC_RETRY = 0x0922, > > > + TPM2_RC_SESSION_MEMORY = 0x0903, > > > > nit: the other values are in ascending order, should we keep it or is it not > > important? > > > > (more a question for me than for the patch) > > nope > > > > > > }; > > > > > > +/* > > > + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The > > > + * fallback return value is -EFAULT. > > > + */ > > > +static inline ssize_t tpm_to_ret(ssize_t ret) > > > +{ > > > + /* Already a POSIX error: */ > > > + if (ret < 0) > > > + return ret; > > > + > > > + switch (ret) { > > > + case TPM2_RC_SUCCESS: > > > + return 0; > > > + case TPM2_RC_SESSION_MEMORY: > > > + return -ENOMEM; > > > + default: > > > + return -EFAULT; > > > + } > > > +} > > > > I like this and in the future we could reuse it in different places like > > tpm2_load_context() and tpm2_save_context(). > > > > Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> > > > > > > BTW for my understading, looking at that code (sorry if the answer is > > obvious, but I'm learning) I'm confused about the use of tpm2_rc_value(). > > > > For example in tpm2_load_context() we have: > > > > rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL); > > ... > > } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE || > > rc == TPM2_RC_REFERENCE_H0) { > > > > While in tpm2_save_context(), we have: > > > > rc = tpm_transmit_cmd(chip, &tbuf, 0, NULL); > > ... > > } else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) { > > > > So to check TPM2_RC_REFERENCE_H0 we are using tpm2_rc_value() only > > sometimes, what's the reason? > > Good catch, I'll update... > > TPM RC is a struct or bitfield. Applied to my -next: https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=next BR, Jarkko
diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 3f89635ba5e8..102e099f22c1 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -40,11 +40,6 @@ * * These are the usage functions: * - * tpm2_start_auth_session() which allocates the opaque auth structure - * and gets a session from the TPM. This must be called before - * any of the following functions. The session is protected by a - * session_key which is derived from a random salt value - * encrypted to the NULL seed. * tpm2_end_auth_session() kills the session and frees the resources. * Under normal operation this function is done by * tpm_buf_check_hmac_response(), so this is only to be used on @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) } /** - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM - * @chip: the TPM chip structure to create the session with + * tpm2_start_auth_session() - Create an a HMAC authentication session + * @chip: A TPM chip * - * This function loads the NULL seed from its saved context and starts - * an authentication session on the null seed, fills in the - * @chip->auth structure to contain all the session details necessary - * for performing the HMAC, encrypt and decrypt operations and - * returns. The NULL seed is flushed before this function returns. + * Loads the ephemeral key (null seed), and starts an HMAC authenticated + * session. The null seed is flushed before the return. * - * Return: zero on success or actual error encountered. + * Returns zero on success, or a POSIX error code. */ int tpm2_start_auth_session(struct tpm_chip *chip) { @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) /* hash algorithm for session */ tpm_buf_append_u16(&buf, TPM_ALG_SHA256); - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); + rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession")); tpm2_flush_context(chip, null_key); if (rc == TPM2_RC_SUCCESS) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 6c3125300c00..c826d5a9d894 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -257,8 +257,29 @@ enum tpm2_return_codes { TPM2_RC_TESTING = 0x090A, /* RC_WARN */ TPM2_RC_REFERENCE_H0 = 0x0910, TPM2_RC_RETRY = 0x0922, + TPM2_RC_SESSION_MEMORY = 0x0903, }; +/* + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The + * fallback return value is -EFAULT. + */ +static inline ssize_t tpm_to_ret(ssize_t ret) +{ + /* Already a POSIX error: */ + if (ret < 0) + return ret; + + switch (ret) { + case TPM2_RC_SUCCESS: + return 0; + case TPM2_RC_SESSION_MEMORY: + return -ENOMEM; + default: + return -EFAULT; + } +} + enum tpm2_command_codes { TPM2_CC_FIRST = 0x011F, TPM2_CC_HIERARCHY_CONTROL = 0x0121,
tpm2_start_auth_session() does not mask TPM RC correctly from the callers: [ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX error codes. Cc: stable@vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Reported-by: Herbert Xu <herbert@gondor.apana.org.au> Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/ Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> --- v4: - tpm_to_ret() v3: - rc > 0 v2: - Investigate TPM rc only after destroying tpm_buf. --- drivers/char/tpm/tpm2-sessions.c | 20 ++++++-------------- include/linux/tpm.h | 21 +++++++++++++++++++++ 2 files changed, 27 insertions(+), 14 deletions(-)