1. Patchew
  2. linux
  3. View series

[PATCH v4] tpm: Mask TPM RC in tpm2_start_auth_session()

Jarkko Sakkinen posted 1 patch 8 months, 1 week ago 
drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
include/linux/tpm.h              | 21 +++++++++++++++++++++
2 files changed, 27 insertions(+), 14 deletions(-)
[PATCH v4] tpm: Mask TPM RC in tpm2_start_auth_session()
Posted by Jarkko Sakkinen 8 months, 1 week ago 
tpm2_start_auth_session() does not mask TPM RC correctly from the callers:

[   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session

Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
error codes.

Cc: stable@vger.kernel.org # v6.10+
Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
v4:
- tpm_to_ret()
v3:
- rc > 0
v2:
- Investigate TPM rc only after destroying tpm_buf.
---
 drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
 include/linux/tpm.h              | 21 +++++++++++++++++++++
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
index 3f89635ba5e8..102e099f22c1 100644
--- a/drivers/char/tpm/tpm2-sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -40,11 +40,6 @@
  *
  * These are the usage functions:
  *
- * tpm2_start_auth_session() which allocates the opaque auth structure
- *	and gets a session from the TPM.  This must be called before
- *	any of the following functions.  The session is protected by a
- *	session_key which is derived from a random salt value
- *	encrypted to the NULL seed.
  * tpm2_end_auth_session() kills the session and frees the resources.
  *	Under normal operation this function is done by
  *	tpm_buf_check_hmac_response(), so this is only to be used on
@@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
 }
 
 /**
- * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
- * @chip: the TPM chip structure to create the session with
+ * tpm2_start_auth_session() - Create an a HMAC authentication session
+ * @chip:	A TPM chip
  *
- * This function loads the NULL seed from its saved context and starts
- * an authentication session on the null seed, fills in the
- * @chip->auth structure to contain all the session details necessary
- * for performing the HMAC, encrypt and decrypt operations and
- * returns.  The NULL seed is flushed before this function returns.
+ * Loads the ephemeral key (null seed), and starts an HMAC authenticated
+ * session. The null seed is flushed before the return.
  *
- * Return: zero on success or actual error encountered.
+ * Returns zero on success, or a POSIX error code.
  */
 int tpm2_start_auth_session(struct tpm_chip *chip)
 {
@@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
 	/* hash algorithm for session */
 	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
 
-	rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
+	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
 	tpm2_flush_context(chip, null_key);
 
 	if (rc == TPM2_RC_SUCCESS)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 6c3125300c00..c826d5a9d894 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -257,8 +257,29 @@ enum tpm2_return_codes {
 	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
 	TPM2_RC_REFERENCE_H0	= 0x0910,
 	TPM2_RC_RETRY		= 0x0922,
+	TPM2_RC_SESSION_MEMORY	= 0x0903,
 };
 
+/*
+ * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
+ * fallback return value is -EFAULT.
+ */
+static inline ssize_t tpm_to_ret(ssize_t ret)
+{
+	/* Already a POSIX error: */
+	if (ret < 0)
+		return ret;
+
+	switch (ret) {
+	case TPM2_RC_SUCCESS:
+		return 0;
+	case TPM2_RC_SESSION_MEMORY:
+		return -ENOMEM;
+	default:
+		return -EFAULT;
+	}
+}
+
 enum tpm2_command_codes {
 	TPM2_CC_FIRST		        = 0x011F,
 	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
-- 
2.39.5
Re: [PATCH v4] tpm: Mask TPM RC in tpm2_start_auth_session()
Posted by Stefano Garzarella 8 months, 1 week ago 
On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote:
>tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
>
>[   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
>
>Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
>error codes.
>
>Cc: stable@vger.kernel.org # v6.10+
>Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
>Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
>Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
>Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>---
>v4:
>- tpm_to_ret()
>v3:
>- rc > 0
>v2:
>- Investigate TPM rc only after destroying tpm_buf.
>---
> drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
> include/linux/tpm.h              | 21 +++++++++++++++++++++
> 2 files changed, 27 insertions(+), 14 deletions(-)
>
>diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
>index 3f89635ba5e8..102e099f22c1 100644
>--- a/drivers/char/tpm/tpm2-sessions.c
>+++ b/drivers/char/tpm/tpm2-sessions.c
>@@ -40,11 +40,6 @@
>  *
>  * These are the usage functions:
>  *
>- * tpm2_start_auth_session() which allocates the opaque auth structure
>- *	and gets a session from the TPM.  This must be called before
>- *	any of the following functions.  The session is protected by a
>- *	session_key which is derived from a random salt value
>- *	encrypted to the NULL seed.
>  * tpm2_end_auth_session() kills the session and frees the resources.
>  *	Under normal operation this function is done by
>  *	tpm_buf_check_hmac_response(), so this is only to be used on
>@@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
> }
>
> /**
>- * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
>- * @chip: the TPM chip structure to create the session with
>+ * tpm2_start_auth_session() - Create an a HMAC authentication session
>+ * @chip:	A TPM chip
>  *
>- * This function loads the NULL seed from its saved context and starts
>- * an authentication session on the null seed, fills in the
>- * @chip->auth structure to contain all the session details necessary
>- * for performing the HMAC, encrypt and decrypt operations and
>- * returns.  The NULL seed is flushed before this function returns.
>+ * Loads the ephemeral key (null seed), and starts an HMAC authenticated
>+ * session. The null seed is flushed before the return.
>  *
>- * Return: zero on success or actual error encountered.
>+ * Returns zero on success, or a POSIX error code.
>  */
> int tpm2_start_auth_session(struct tpm_chip *chip)
> {
>@@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
> 	/* hash algorithm for session */
> 	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
>
>-	rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
>+	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
> 	tpm2_flush_context(chip, null_key);
>
> 	if (rc == TPM2_RC_SUCCESS)
>diff --git a/include/linux/tpm.h b/include/linux/tpm.h
>index 6c3125300c00..c826d5a9d894 100644
>--- a/include/linux/tpm.h
>+++ b/include/linux/tpm.h
>@@ -257,8 +257,29 @@ enum tpm2_return_codes {
> 	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
> 	TPM2_RC_REFERENCE_H0	= 0x0910,
> 	TPM2_RC_RETRY		= 0x0922,
>+	TPM2_RC_SESSION_MEMORY	= 0x0903,

nit: the other values are in ascending order, should we keep it or is it 
not important?

(more a question for me than for the patch)

> };
>
>+/*
>+ * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
>+ * fallback return value is -EFAULT.
>+ */
>+static inline ssize_t tpm_to_ret(ssize_t ret)
>+{
>+	/* Already a POSIX error: */
>+	if (ret < 0)
>+		return ret;
>+
>+	switch (ret) {
>+	case TPM2_RC_SUCCESS:
>+		return 0;
>+	case TPM2_RC_SESSION_MEMORY:
>+		return -ENOMEM;
>+	default:
>+		return -EFAULT;
>+	}
>+}

I like this and in the future we could reuse it in different places like 
tpm2_load_context() and tpm2_save_context().

Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>


BTW for my understading, looking at that code (sorry if the answer is 
obvious, but I'm learning) I'm confused about the use of 
tpm2_rc_value().

For example in tpm2_load_context() we have:

     	rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL);
     	...
	} else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE ||
		   rc == TPM2_RC_REFERENCE_H0) {

While in tpm2_save_context(), we have:

	rc = tpm_transmit_cmd(chip, &tbuf, 0, NULL);
	...
	} else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) {

So to check TPM2_RC_REFERENCE_H0 we are using tpm2_rc_value() only 
sometimes, what's the reason?

Thanks,
Stefano
Re: [PATCH v4] tpm: Mask TPM RC in tpm2_start_auth_session()
Posted by Jarkko Sakkinen 8 months, 1 week ago 
On Mon, Apr 07, 2025 at 03:51:21PM +0200, Stefano Garzarella wrote:
> On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote:
> > tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
> > 
> > [   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
> > 
> > Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
> > error codes.
> > 
> > Cc: stable@vger.kernel.org # v6.10+
> > Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
> > Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
> > Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > ---
> > v4:
> > - tpm_to_ret()
> > v3:
> > - rc > 0
> > v2:
> > - Investigate TPM rc only after destroying tpm_buf.
> > ---
> > drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
> > include/linux/tpm.h              | 21 +++++++++++++++++++++
> > 2 files changed, 27 insertions(+), 14 deletions(-)
> > 
> > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> > index 3f89635ba5e8..102e099f22c1 100644
> > --- a/drivers/char/tpm/tpm2-sessions.c
> > +++ b/drivers/char/tpm/tpm2-sessions.c
> > @@ -40,11 +40,6 @@
> >  *
> >  * These are the usage functions:
> >  *
> > - * tpm2_start_auth_session() which allocates the opaque auth structure
> > - *	and gets a session from the TPM.  This must be called before
> > - *	any of the following functions.  The session is protected by a
> > - *	session_key which is derived from a random salt value
> > - *	encrypted to the NULL seed.
> >  * tpm2_end_auth_session() kills the session and frees the resources.
> >  *	Under normal operation this function is done by
> >  *	tpm_buf_check_hmac_response(), so this is only to be used on
> > @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
> > }
> > 
> > /**
> > - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
> > - * @chip: the TPM chip structure to create the session with
> > + * tpm2_start_auth_session() - Create an a HMAC authentication session
> > + * @chip:	A TPM chip
> >  *
> > - * This function loads the NULL seed from its saved context and starts
> > - * an authentication session on the null seed, fills in the
> > - * @chip->auth structure to contain all the session details necessary
> > - * for performing the HMAC, encrypt and decrypt operations and
> > - * returns.  The NULL seed is flushed before this function returns.
> > + * Loads the ephemeral key (null seed), and starts an HMAC authenticated
> > + * session. The null seed is flushed before the return.
> >  *
> > - * Return: zero on success or actual error encountered.
> > + * Returns zero on success, or a POSIX error code.
> >  */
> > int tpm2_start_auth_session(struct tpm_chip *chip)
> > {
> > @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
> > 	/* hash algorithm for session */
> > 	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
> > 
> > -	rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
> > +	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
> > 	tpm2_flush_context(chip, null_key);
> > 
> > 	if (rc == TPM2_RC_SUCCESS)
> > diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> > index 6c3125300c00..c826d5a9d894 100644
> > --- a/include/linux/tpm.h
> > +++ b/include/linux/tpm.h
> > @@ -257,8 +257,29 @@ enum tpm2_return_codes {
> > 	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
> > 	TPM2_RC_REFERENCE_H0	= 0x0910,
> > 	TPM2_RC_RETRY		= 0x0922,
> > +	TPM2_RC_SESSION_MEMORY	= 0x0903,
> 
> nit: the other values are in ascending order, should we keep it or is it not
> important?
> 
> (more a question for me than for the patch)

nope

> 
> > };
> > 
> > +/*
> > + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
> > + * fallback return value is -EFAULT.
> > + */
> > +static inline ssize_t tpm_to_ret(ssize_t ret)
> > +{
> > +	/* Already a POSIX error: */
> > +	if (ret < 0)
> > +		return ret;
> > +
> > +	switch (ret) {
> > +	case TPM2_RC_SUCCESS:
> > +		return 0;
> > +	case TPM2_RC_SESSION_MEMORY:
> > +		return -ENOMEM;
> > +	default:
> > +		return -EFAULT;
> > +	}
> > +}
> 
> I like this and in the future we could reuse it in different places like
> tpm2_load_context() and tpm2_save_context().
> 
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> 
> 
> BTW for my understading, looking at that code (sorry if the answer is
> obvious, but I'm learning) I'm confused about the use of tpm2_rc_value().
> 
> For example in tpm2_load_context() we have:
> 
>     	rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL);
>     	...
> 	} else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE ||
> 		   rc == TPM2_RC_REFERENCE_H0) {
> 
> While in tpm2_save_context(), we have:
> 
> 	rc = tpm_transmit_cmd(chip, &tbuf, 0, NULL);
> 	...
> 	} else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) {
> 
> So to check TPM2_RC_REFERENCE_H0 we are using tpm2_rc_value() only
> sometimes, what's the reason?

Good catch, I'll update...

TPM RC is a struct or bitfield.

> 
> Thanks,
> Stefano
> 
> 

BR, Jarkko
Re: [PATCH v4] tpm: Mask TPM RC in tpm2_start_auth_session()
Posted by Jarkko Sakkinen 8 months, 1 week ago 
On Mon, Apr 07, 2025 at 09:13:37PM +0300, Jarkko Sakkinen wrote:
> On Mon, Apr 07, 2025 at 03:51:21PM +0200, Stefano Garzarella wrote:
> > On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote:
> > > tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
> > > 
> > > [   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
> > > 
> > > Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
> > > error codes.
> > > 
> > > Cc: stable@vger.kernel.org # v6.10+
> > > Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
> > > Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
> > > Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
> > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > > ---
> > > v4:
> > > - tpm_to_ret()
> > > v3:
> > > - rc > 0
> > > v2:
> > > - Investigate TPM rc only after destroying tpm_buf.
> > > ---
> > > drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
> > > include/linux/tpm.h              | 21 +++++++++++++++++++++
> > > 2 files changed, 27 insertions(+), 14 deletions(-)
> > > 
> > > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> > > index 3f89635ba5e8..102e099f22c1 100644
> > > --- a/drivers/char/tpm/tpm2-sessions.c
> > > +++ b/drivers/char/tpm/tpm2-sessions.c
> > > @@ -40,11 +40,6 @@
> > >  *
> > >  * These are the usage functions:
> > >  *
> > > - * tpm2_start_auth_session() which allocates the opaque auth structure
> > > - *	and gets a session from the TPM.  This must be called before
> > > - *	any of the following functions.  The session is protected by a
> > > - *	session_key which is derived from a random salt value
> > > - *	encrypted to the NULL seed.
> > >  * tpm2_end_auth_session() kills the session and frees the resources.
> > >  *	Under normal operation this function is done by
> > >  *	tpm_buf_check_hmac_response(), so this is only to be used on
> > > @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
> > > }
> > > 
> > > /**
> > > - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
> > > - * @chip: the TPM chip structure to create the session with
> > > + * tpm2_start_auth_session() - Create an a HMAC authentication session
> > > + * @chip:	A TPM chip
> > >  *
> > > - * This function loads the NULL seed from its saved context and starts
> > > - * an authentication session on the null seed, fills in the
> > > - * @chip->auth structure to contain all the session details necessary
> > > - * for performing the HMAC, encrypt and decrypt operations and
> > > - * returns.  The NULL seed is flushed before this function returns.
> > > + * Loads the ephemeral key (null seed), and starts an HMAC authenticated
> > > + * session. The null seed is flushed before the return.
> > >  *
> > > - * Return: zero on success or actual error encountered.
> > > + * Returns zero on success, or a POSIX error code.
> > >  */
> > > int tpm2_start_auth_session(struct tpm_chip *chip)
> > > {
> > > @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
> > > 	/* hash algorithm for session */
> > > 	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
> > > 
> > > -	rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
> > > +	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
> > > 	tpm2_flush_context(chip, null_key);
> > > 
> > > 	if (rc == TPM2_RC_SUCCESS)
> > > diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> > > index 6c3125300c00..c826d5a9d894 100644
> > > --- a/include/linux/tpm.h
> > > +++ b/include/linux/tpm.h
> > > @@ -257,8 +257,29 @@ enum tpm2_return_codes {
> > > 	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
> > > 	TPM2_RC_REFERENCE_H0	= 0x0910,
> > > 	TPM2_RC_RETRY		= 0x0922,
> > > +	TPM2_RC_SESSION_MEMORY	= 0x0903,
> > 
> > nit: the other values are in ascending order, should we keep it or is it not
> > important?
> > 
> > (more a question for me than for the patch)
> 
> nope
> 
> > 
> > > };
> > > 
> > > +/*
> > > + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
> > > + * fallback return value is -EFAULT.
> > > + */
> > > +static inline ssize_t tpm_to_ret(ssize_t ret)
> > > +{
> > > +	/* Already a POSIX error: */
> > > +	if (ret < 0)
> > > +		return ret;
> > > +
> > > +	switch (ret) {
> > > +	case TPM2_RC_SUCCESS:
> > > +		return 0;
> > > +	case TPM2_RC_SESSION_MEMORY:
> > > +		return -ENOMEM;
> > > +	default:
> > > +		return -EFAULT;
> > > +	}
> > > +}
> > 
> > I like this and in the future we could reuse it in different places like
> > tpm2_load_context() and tpm2_save_context().
> > 
> > Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> > 
> > 
> > BTW for my understading, looking at that code (sorry if the answer is
> > obvious, but I'm learning) I'm confused about the use of tpm2_rc_value().
> > 
> > For example in tpm2_load_context() we have:
> > 
> >     	rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL);
> >     	...
> > 	} else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE ||
> > 		   rc == TPM2_RC_REFERENCE_H0) {
> > 
> > While in tpm2_save_context(), we have:
> > 
> > 	rc = tpm_transmit_cmd(chip, &tbuf, 0, NULL);
> > 	...
> > 	} else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) {
> > 
> > So to check TPM2_RC_REFERENCE_H0 we are using tpm2_rc_value() only
> > sometimes, what's the reason?
> 
> Good catch, I'll update...
> 
> TPM RC is a struct or bitfield.

Applied to my -next: https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=next

BR, Jarkko
Re: [PATCH v4] tpm: Mask TPM RC in tpm2_start_auth_session()
Posted by Jarkko Sakkinen 8 months, 1 week ago 
On Mon, Apr 07, 2025 at 03:28:05PM +0300, Jarkko Sakkinen wrote:
> tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
> 
> [   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
> 
> Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
> error codes.
> 
> Cc: stable@vger.kernel.org # v6.10+
> Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
> Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
> Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> ---
> v4:
> - tpm_to_ret()
> v3:
> - rc > 0
> v2:
> - Investigate TPM rc only after destroying tpm_buf.
> ---
>  drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
>  include/linux/tpm.h              | 21 +++++++++++++++++++++
>  2 files changed, 27 insertions(+), 14 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
> index 3f89635ba5e8..102e099f22c1 100644
> --- a/drivers/char/tpm/tpm2-sessions.c
> +++ b/drivers/char/tpm/tpm2-sessions.c
> @@ -40,11 +40,6 @@
>   *
>   * These are the usage functions:
>   *
> - * tpm2_start_auth_session() which allocates the opaque auth structure
> - *	and gets a session from the TPM.  This must be called before
> - *	any of the following functions.  The session is protected by a
> - *	session_key which is derived from a random salt value
> - *	encrypted to the NULL seed.
>   * tpm2_end_auth_session() kills the session and frees the resources.
>   *	Under normal operation this function is done by
>   *	tpm_buf_check_hmac_response(), so this is only to be used on
> @@ -963,16 +958,13 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key)
>  }
>  
>  /**
> - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
> - * @chip: the TPM chip structure to create the session with
> + * tpm2_start_auth_session() - Create an a HMAC authentication session
> + * @chip:	A TPM chip
>   *
> - * This function loads the NULL seed from its saved context and starts
> - * an authentication session on the null seed, fills in the
> - * @chip->auth structure to contain all the session details necessary
> - * for performing the HMAC, encrypt and decrypt operations and
> - * returns.  The NULL seed is flushed before this function returns.
> + * Loads the ephemeral key (null seed), and starts an HMAC authenticated
> + * session. The null seed is flushed before the return.
>   *
> - * Return: zero on success or actual error encountered.
> + * Returns zero on success, or a POSIX error code.
>   */
>  int tpm2_start_auth_session(struct tpm_chip *chip)
>  {
> @@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip)
>  	/* hash algorithm for session */
>  	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
>  
> -	rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
> +	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));

The cool thing here is that e.g., in the case of
tpm2_start_auth_session, there is two implementation options:

1. tpm_to_ret(tpm2_start_auth_session)
2. tpm_to_ret(tpm_transmit_cmd)

Just want to expose this choice..


>  	tpm2_flush_context(chip, null_key);
>  
>  	if (rc == TPM2_RC_SUCCESS)
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 6c3125300c00..c826d5a9d894 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -257,8 +257,29 @@ enum tpm2_return_codes {
>  	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
>  	TPM2_RC_REFERENCE_H0	= 0x0910,
>  	TPM2_RC_RETRY		= 0x0922,
> +	TPM2_RC_SESSION_MEMORY	= 0x0903,
>  };
>  
> +/*
> + * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
> + * fallback return value is -EFAULT.
> + */
> +static inline ssize_t tpm_to_ret(ssize_t ret)
> +{
> +	/* Already a POSIX error: */
> +	if (ret < 0)
> +		return ret;
> +
> +	switch (ret) {
> +	case TPM2_RC_SUCCESS:
> +		return 0;
> +	case TPM2_RC_SESSION_MEMORY:
> +		return -ENOMEM;
> +	default:
> +		return -EFAULT;
> +	}
> +}
> +
>  enum tpm2_command_codes {
>  	TPM2_CC_FIRST		        = 0x011F,
>  	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
> -- 
> 2.39.5
> 

BR, Jarkko

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.