forked from Minki/linux
KEYS: trusted: correctly initialize digests and fix locking issue
Commit0b6cf6b97b
("tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()") modifies tpm_pcr_extend() to accept a digest for each PCR bank. After modification, tpm_pcr_extend() expects that digests are passed in the same order as the algorithms set in chip->allocated_banks. This patch fixes two issues introduced in the last iterations of the patch set: missing initialization of the TPM algorithm ID in the tpm_digest structures passed to tpm_pcr_extend() by the trusted key module, and unreleased locks in the TPM driver due to returning from tpm_pcr_extend() without calling tpm_put_ops(). Cc: stable@vger.kernel.org Fixes:0b6cf6b97b
("tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
This commit is contained in:
parent
34cd83bb8a
commit
9f75c82246
@ -320,18 +320,22 @@ int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
|
||||
if (!chip)
|
||||
return -ENODEV;
|
||||
|
||||
for (i = 0; i < chip->nr_allocated_banks; i++)
|
||||
if (digests[i].alg_id != chip->allocated_banks[i].alg_id)
|
||||
return -EINVAL;
|
||||
for (i = 0; i < chip->nr_allocated_banks; i++) {
|
||||
if (digests[i].alg_id != chip->allocated_banks[i].alg_id) {
|
||||
rc = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
|
||||
rc = tpm2_pcr_extend(chip, pcr_idx, digests);
|
||||
tpm_put_ops(chip);
|
||||
return rc;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rc = tpm1_pcr_extend(chip, pcr_idx, digests[0].digest,
|
||||
"attempting extend a PCR value");
|
||||
|
||||
out:
|
||||
tpm_put_ops(chip);
|
||||
return rc;
|
||||
}
|
||||
|
@ -1228,11 +1228,16 @@ hashalg_fail:
|
||||
|
||||
static int __init init_digests(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
digests = kcalloc(chip->nr_allocated_banks, sizeof(*digests),
|
||||
GFP_KERNEL);
|
||||
if (!digests)
|
||||
return -ENOMEM;
|
||||
|
||||
for (i = 0; i < chip->nr_allocated_banks; i++)
|
||||
digests[i].alg_id = chip->allocated_banks[i].alg_id;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user