Re: [PATCH 1/8] security: keys: trusted: flush the key handle after use

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2019-12-07 at 21:07 -0800, James Bottomley wrote:
> The trusted keys code currently loads a blob into the TPM and unseals
> on the handle.  However, it never flushes the handle meaning that
> volatile contexts build up until the TPM becomes unusable.  Fix this
> by flushing the handle after the unseal.
> 
> Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> ---
>  drivers/char/tpm/tpm.h                    | 1 -
>  drivers/char/tpm/tpm2-cmd.c               | 1 +
>  include/linux/tpm.h                       | 1 +
>  security/keys/trusted-keys/trusted_tpm2.c | 1 +
>  4 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index b9e1547be6b5..5620747da0cf 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
>  int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
>  		    struct tpm_digest *digests);
>  int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
> -void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
>  ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
>  			u32 *value, const char *desc);
>  
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index fdb457704aa7..b87592f4a6c7 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
>  	tpm_transmit_cmd(chip, &buf, 0, "flushing context");
>  	tpm_buf_destroy(&buf);
>  }
> +EXPORT_SYMBOL(tpm2_flush_context);


Everything else is EXPORT_SYMBOL_GPL(). Why EXPORT_SYMBOL() here?


Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux