Skip to content

Commit b9ff774

Browse files
torvaldstorvalds
committed
Merge tag 'tpmdd-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
Pull tpm updates from Jarkko Sakkinen: "This is a small sized pull request. One commit I would like to pinpoint is my fix for init_trusted() rollback, as for actual patch I did not receive any feedback" * tag 'tpmdd-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: keys: Remove unused extern declarations integrity: powerpc: Do not select CA_MACHINE_KEYRING KEYS: trusted: tee: Refactor register SHM usage KEYS: trusted: Rollback init_trusted() consistently
2 parents d82c0a3 + 03acb9c commit b9ff774

4 files changed

Lines changed: 30 additions & 63 deletions

File tree

security/integrity/Kconfig

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,6 @@ config INTEGRITY_MACHINE_KEYRING
6868
depends on INTEGRITY_ASYMMETRIC_KEYS
6969
depends on SYSTEM_BLACKLIST_KEYRING
7070
depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
71-
select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
72-
select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
7371
help
7472
If set, provide a keyring to which Machine Owner Keys (MOK) may
7573
be added. This keyring shall contain just MOK keys. Unlike keys

security/keys/internal.h

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -109,13 +109,6 @@ extern void __key_link_end(struct key *keyring,
109109
extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
110110
const struct keyring_index_key *index_key);
111111

112-
extern struct key *keyring_search_instkey(struct key *keyring,
113-
key_serial_t target_id);
114-
115-
extern int iterate_over_keyring(const struct key *keyring,
116-
int (*func)(const struct key *key, void *data),
117-
void *data);
118-
119112
struct keyring_search_context {
120113
struct keyring_index_key index_key;
121114
const struct cred *cred;

security/keys/trusted-keys/trusted_core.c

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -358,17 +358,17 @@ static int __init init_trusted(void)
358358
if (!get_random)
359359
get_random = kernel_get_random;
360360

361-
static_call_update(trusted_key_seal,
362-
trusted_key_sources[i].ops->seal);
363-
static_call_update(trusted_key_unseal,
364-
trusted_key_sources[i].ops->unseal);
365-
static_call_update(trusted_key_get_random,
366-
get_random);
367-
trusted_key_exit = trusted_key_sources[i].ops->exit;
368-
migratable = trusted_key_sources[i].ops->migratable;
369-
370361
ret = trusted_key_sources[i].ops->init();
371-
if (!ret)
362+
if (!ret) {
363+
static_call_update(trusted_key_seal, trusted_key_sources[i].ops->seal);
364+
static_call_update(trusted_key_unseal, trusted_key_sources[i].ops->unseal);
365+
static_call_update(trusted_key_get_random, get_random);
366+
367+
trusted_key_exit = trusted_key_sources[i].ops->exit;
368+
migratable = trusted_key_sources[i].ops->migratable;
369+
}
370+
371+
if (!ret || ret != -ENODEV)
372372
break;
373373
}
374374

security/keys/trusted-keys/trusted_tee.c

Lines changed: 20 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -65,38 +65,30 @@ static int trusted_tee_seal(struct trusted_key_payload *p, char *datablob)
6565
int ret;
6666
struct tee_ioctl_invoke_arg inv_arg;
6767
struct tee_param param[4];
68-
struct tee_shm *reg_shm_in = NULL, *reg_shm_out = NULL;
68+
struct tee_shm *reg_shm = NULL;
6969

7070
memset(&inv_arg, 0, sizeof(inv_arg));
7171
memset(&param, 0, sizeof(param));
7272

73-
reg_shm_in = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
74-
p->key_len);
75-
if (IS_ERR(reg_shm_in)) {
76-
dev_err(pvt_data.dev, "key shm register failed\n");
77-
return PTR_ERR(reg_shm_in);
78-
}
79-
80-
reg_shm_out = tee_shm_register_kernel_buf(pvt_data.ctx, p->blob,
81-
sizeof(p->blob));
82-
if (IS_ERR(reg_shm_out)) {
83-
dev_err(pvt_data.dev, "blob shm register failed\n");
84-
ret = PTR_ERR(reg_shm_out);
85-
goto out;
73+
reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
74+
sizeof(p->key) + sizeof(p->blob));
75+
if (IS_ERR(reg_shm)) {
76+
dev_err(pvt_data.dev, "shm register failed\n");
77+
return PTR_ERR(reg_shm);
8678
}
8779

8880
inv_arg.func = TA_CMD_SEAL;
8981
inv_arg.session = pvt_data.session_id;
9082
inv_arg.num_params = 4;
9183

9284
param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
93-
param[0].u.memref.shm = reg_shm_in;
85+
param[0].u.memref.shm = reg_shm;
9486
param[0].u.memref.size = p->key_len;
9587
param[0].u.memref.shm_offs = 0;
9688
param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
97-
param[1].u.memref.shm = reg_shm_out;
89+
param[1].u.memref.shm = reg_shm;
9890
param[1].u.memref.size = sizeof(p->blob);
99-
param[1].u.memref.shm_offs = 0;
91+
param[1].u.memref.shm_offs = sizeof(p->key);
10092

10193
ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param);
10294
if ((ret < 0) || (inv_arg.ret != 0)) {
@@ -107,11 +99,7 @@ static int trusted_tee_seal(struct trusted_key_payload *p, char *datablob)
10799
p->blob_len = param[1].u.memref.size;
108100
}
109101

110-
out:
111-
if (reg_shm_out)
112-
tee_shm_free(reg_shm_out);
113-
if (reg_shm_in)
114-
tee_shm_free(reg_shm_in);
102+
tee_shm_free(reg_shm);
115103

116104
return ret;
117105
}
@@ -124,36 +112,28 @@ static int trusted_tee_unseal(struct trusted_key_payload *p, char *datablob)
124112
int ret;
125113
struct tee_ioctl_invoke_arg inv_arg;
126114
struct tee_param param[4];
127-
struct tee_shm *reg_shm_in = NULL, *reg_shm_out = NULL;
115+
struct tee_shm *reg_shm = NULL;
128116

129117
memset(&inv_arg, 0, sizeof(inv_arg));
130118
memset(&param, 0, sizeof(param));
131119

132-
reg_shm_in = tee_shm_register_kernel_buf(pvt_data.ctx, p->blob,
133-
p->blob_len);
134-
if (IS_ERR(reg_shm_in)) {
135-
dev_err(pvt_data.dev, "blob shm register failed\n");
136-
return PTR_ERR(reg_shm_in);
137-
}
138-
139-
reg_shm_out = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
140-
sizeof(p->key));
141-
if (IS_ERR(reg_shm_out)) {
142-
dev_err(pvt_data.dev, "key shm register failed\n");
143-
ret = PTR_ERR(reg_shm_out);
144-
goto out;
120+
reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
121+
sizeof(p->key) + sizeof(p->blob));
122+
if (IS_ERR(reg_shm)) {
123+
dev_err(pvt_data.dev, "shm register failed\n");
124+
return PTR_ERR(reg_shm);
145125
}
146126

147127
inv_arg.func = TA_CMD_UNSEAL;
148128
inv_arg.session = pvt_data.session_id;
149129
inv_arg.num_params = 4;
150130

151131
param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
152-
param[0].u.memref.shm = reg_shm_in;
132+
param[0].u.memref.shm = reg_shm;
153133
param[0].u.memref.size = p->blob_len;
154-
param[0].u.memref.shm_offs = 0;
134+
param[0].u.memref.shm_offs = sizeof(p->key);
155135
param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
156-
param[1].u.memref.shm = reg_shm_out;
136+
param[1].u.memref.shm = reg_shm;
157137
param[1].u.memref.size = sizeof(p->key);
158138
param[1].u.memref.shm_offs = 0;
159139

@@ -166,11 +146,7 @@ static int trusted_tee_unseal(struct trusted_key_payload *p, char *datablob)
166146
p->key_len = param[1].u.memref.size;
167147
}
168148

169-
out:
170-
if (reg_shm_out)
171-
tee_shm_free(reg_shm_out);
172-
if (reg_shm_in)
173-
tee_shm_free(reg_shm_in);
149+
tee_shm_free(reg_shm);
174150

175151
return ret;
176152
}

0 commit comments

Comments
 (0)