diff options
| author | Jarkko Sakkinen <jarkko@kernel.org> | 2021-01-29 01:56:21 +0200 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko@kernel.org> | 2021-02-16 10:40:28 +0200 |
| commit | 8c657a0590de585b1115847c17b34a58025f2f4b (patch) | |
| tree | 2ab5fb0d0bb465e620b4b023080899efaab928eb /fs/lockd/svcshare.c | |
| parent | 8da7520c80468c48f981f0b81fc1be6599e3b0ad (diff) | |
| download | linux-stable-8c657a0590de585b1115847c17b34a58025f2f4b.tar.gz linux-stable-8c657a0590de585b1115847c17b34a58025f2f4b.tar.bz2 linux-stable-8c657a0590de585b1115847c17b34a58025f2f4b.zip | |
KEYS: trusted: Reserve TPM for seal and unseal operations
When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
which are used to take temporarily the ownership of the TPM chip. The
ownership is only taken inside tpm_send(), but this is not sufficient,
as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
need to be done as a one single atom.
Take the TPM chip ownership before sending anything with
tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
TPM commands instead of tpm_send(), reverting back to the old behaviour.
Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: stable@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Acked-by Sumit Garg <sumit.garg@linaro.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'fs/lockd/svcshare.c')
0 files changed, 0 insertions, 0 deletions