On Fri, Mar 13, 2026 at 10:31:03AM -0400, James Bottomley wrote: > There's a logic error in the earlier fix which means that if the NULL > name comparison fails, the tpm isn't disabled because rc remains zero. > Fix this by setting it to an error. > > Cc: [email protected] # 6.12 > Fixes: cc7d8594342a ("tpm: Rollback tpm2_load_null()") > Signed-off-by: James Bottomley <[email protected]> > --- > > I didn't actually discover this problem until I was trying to do a > reset attack demo with an updated kernel. > > drivers/char/tpm/tpm2-sessions.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2- > sessions.c > index 3b1cf1ca0420..bd1c0456e775 100644 > --- a/drivers/char/tpm/tpm2-sessions.c > +++ b/drivers/char/tpm/tpm2-sessions.c > @@ -961,6 +961,7 @@ static int tpm2_load_null(struct tpm_chip *chip, > u32 *null_key) > /* Deduce from the name change TPM interference: */ > dev_err(&chip->dev, "null key integrity check failed\n"); > tpm2_flush_context(chip, tmp_null_key); > + rc = -ENODEV; > > err: > if (rc) { > -- > 2.51.0 > >
Possible to resend (fake ancestor)? Other than that, Reviewed-by: Jarkko Sakkinen <[email protected]> BR, Jarkko
