tpm: Address !chip->auth in tpm2_*_auth_session()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause
a null derefence in tpm2_*_auth_session(). Thus, address !chip->auth in
tpm2_*_auth_session().

Cc: stable@vger.kernel.org # v6.9+
Reported-by: Stefan Berger <stefanb@linux.ibm.com>
Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@linux.ibm.com/
Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
Tested-by: Michael Ellerman <mpe@ellerman.id.au> # ppc
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

authored by

Jarkko Sakkinen and committed by

Jarkko Sakkinen 2 years ago 25ee48a5 661e504d

+12 -2

1 changed file

expand all

drivers

char

tpm

tpm2-sessions.c

+12 -2

drivers/char/tpm/tpm2-sessions.c

··· 824 824 */ 825 825 void tpm2_end_auth_session(struct tpm_chip *chip) 826 826 { 827 - tpm2_flush_context(chip, chip->auth->handle); 828 - memzero_explicit(chip->auth, sizeof(*chip->auth)); 827 + struct tpm2_auth *auth = chip->auth; 828 + 829 + if (!auth) 830 + return; 831 + 832 + tpm2_flush_context(chip, auth->handle); 833 + memzero_explicit(auth, sizeof(*auth)); 829 834 } 830 835 EXPORT_SYMBOL(tpm2_end_auth_session); 831 836 ··· 911 906 struct tpm2_auth *auth = chip->auth; 912 907 int rc; 913 908 u32 null_key; 909 + 910 + if (!auth) { 911 + dev_warn_once(&chip->dev, "auth session is not active\n"); 912 + return 0; 913 + } 914 914 915 915 rc = tpm2_load_null(chip, &null_key); 916 916 if (rc)