On Mon, 2024-07-15 at 14:25 +0300, Jarkko Sakkinen wrote:
> On Tue Jul 9, 2024 at 5:33 AM EEST, Hao Ge wrote:
> > From: Hao Ge <gehao@xxxxxxxxxx>
> >
> > We shouldn't dereference "auth" until after we have checked that it
> > is
> > non-NULL.
> >
> > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in
> > tpm_buf_append_hmac_session*()")
> > Signed-off-by: Hao Ge <gehao@xxxxxxxxxx>
>
> Also lacking:
>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Closes:
> https://lore.kernel.org/linux-integrity/3b1755a9-b12f-42fc-b26d-de2fe4e13ec2@stanley.mountain/T/#u
>
> What is happening here is that my commit exposed pre-existing bug to
> static analysis but it did not introduce a new regression.
Actually, it didn't. The previous design was sessions were config
determined and either auth would be non-NULL or attach would fail. You
chose with this series to make auth the indicator of whether sessions
should be used, and before this auth could not be NULL so no bug
existed.
Consider also the fidelity of the Fixes tag for stable: this commit
needs backporting with 7ca110f2679b and Fixes should identify that
James
