Re: [PATCH v3] tpm: Mask TPM RC in tpm2_start_auth_session()

From: Stefano Garzarella
Date: Mon Apr 07 2025 - 09:24:12 EST

On Mon, Apr 07, 2025 at 02:30:05PM +0300, Jarkko Sakkinen wrote:
On Mon, Apr 07, 2025 at 10:04:09AM +0200, Stefano Garzarella wrote:
On Mon, Apr 07, 2025 at 10:20:57AM +0300, Jarkko Sakkinen wrote:
> tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
>
> [ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
>
> Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
> error codes.
>
> Cc: stable@xxxxxxxxxxxxxxx # v6.10+
> Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
> Reported-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@xxxxxxxxxxxxxxxxxxx/
> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> ---
> v3:
> - rc > 0
> v2:
> - Investigate TPM rc only after destroying tpm_buf.
> ---
> drivers/char/tpm/tpm2-sessions.c | 31 +++++++++++++++++--------------
> include/linux/tpm.h | 1 +
> 2 files changed, 18 insertions(+), 14 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> index 3f89635ba5e8..abd54fb0a45a 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -40,11 +40,6 @@
> *
> * These are the usage functions:
> *
> - * tpm2_start_auth_session() which allocates the opaque auth structure
> - * and gets a session from the TPM. This must be called before
> - * any of the following functions. The session is protected by a
> - * session_key which is derived from a random salt value
> - * encrypted to the NULL seed.
> * tpm2_end_auth_session() kills the session and frees the resources.
> * Under normal operation this function is done by
> * tpm_buf_check_hmac_response(), so this is only to be used on
> @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
> }
>
> /**
> - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
> - * @chip: the TPM chip structure to create the session with
> + * tpm2_start_auth_session() - Create an a HMAC authentication session
> + * @chip: A TPM chip
> *
> - * This function loads the NULL seed from its saved context and starts
> - * an authentication session on the null seed, fills in the
> - * @chip->auth structure to contain all the session details necessary
> - * for performing the HMAC, encrypt and decrypt operations and
> - * returns. The NULL seed is flushed before this function returns.
> + * Loads the ephemeral key (null seed), and starts an HMAC authenticated
> + * session. The null seed is flushed before the return.
> *
> - * Return: zero on success or actual error encountered.
> + * Returns zero on success, or a POSIX error code.
> */
> int tpm2_start_auth_session(struct tpm_chip *chip)
> {
> @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
> /* hash algorithm for session */
> tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
>
> - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
> + rc = tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession");
> tpm2_flush_context(chip, null_key);
>
> if (rc == TPM2_RC_SUCCESS)
> @@ -1032,6 +1024,17 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
>
> tpm_buf_destroy(&buf);
>
> + if (rc > 0) {

To avoid the nesting blocks, can we include `TPM2_RC_SUCCESS` case in the
switch or move the `if (rc == TPM2_RC_SUCCESS)` before it?

What do you mean by "avoiding nesting blocks"?

Ooops, I thought `rc` was unsigned always returning TPM2_RC_* values,
but it looks it's not the case.

I meant the switch "block" inside the if block, at the end exactly what
you did in tpm_to_ret() in v4 :-)

Thanks,
Stefano