There's a logic error in the earlier fix which means that if the NULL name comparison fails, the tpm isn't disabled because rc remains zero. Fix this by setting it to an error.
Cc: [email protected] # 6.12 Fixes: cc7d8594342a ("tpm: Rollback tpm2_load_null()") Signed-off-by: James Bottomley <[email protected]> --- I didn't actually discover this problem until I was trying to do a reset attack demo with an updated kernel. drivers/char/tpm/tpm2-sessions.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2- sessions.c index 3b1cf1ca0420..bd1c0456e775 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -961,6 +961,7 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) /* Deduce from the name change TPM interference: */ dev_err(&chip->dev, "null key integrity check failed\n"); tpm2_flush_context(chip, tmp_null_key); + rc = -ENODEV; err: if (rc) { -- 2.51.0
