On Mon, 2020-11-30 at 10:10 +0800, kernel test robot wrote: [...] > > 331 if (payload->blob_len < 0) > 332 return payload->blob_len; OK, I can rework this to use the signed version of blob len as below. James --- diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index e50563f58900..0d4c6f138b94 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -242,7 +242,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, struct trusted_key_options *options) { - unsigned int blob_len; + int blob_len = 0; struct tpm_buf buf; u32 hash; u32 flags; @@ -400,10 +400,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip, goto out; } - payload->blob_len = - tpm2_key_encode(payload, options, - &buf.data[TPM_HEADER_SIZE + 4], - blob_len); + blob_len = tpm2_key_encode(payload, options, + &buf.data[TPM_HEADER_SIZE + 4], + blob_len); out: tpm_buf_destroy(&buf); @@ -414,8 +413,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip, else rc = -EPERM; } - if (payload->blob_len < 0) - return payload->blob_len; + if (blob_len < 0) + return blob_len; + + payload->blob_len = blob_len; return rc; }