lwn.git/drivers/char/tpm/tpm2-cmd.c, branch docs-fixes

tpm: Fix auth session leak in tpm2_get_random() error path

2026-04-21T15:54:28+00:00

When tpm_buf_fill_hmac_session() fails inside the do-while loop in tpm2_get_random(), the function returns directly after destroying the buffer, without ending the auth session via tpm2_end_auth_session(). This leaks the TPM auth session resource. All other error paths within the loop correctly reach the 'out' label which calls both tpm_buf_destroy() and tpm2_end_auth_session(). Fix this by replacing the early return with a goto to the existing 'out' label, which already handles both cleanup operations. The redundant tpm_buf_destroy() call is removed since 'out' takes care of it. Cc: stable@vger.kernel.org # v6.19+ Fixes: 6e9722e9a7bf ("tpm2-sessions: Fix out of range indexing in name_size") Signed-off-by: Gunnar Kudrjavets Reviewed-by: Justinien Bouron Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

tpm: Make tcpci_pm_ops variable static const

2026-04-21T15:54:27+00:00

File-scope 'tcpci_pm_ops' is not used outside of this unit and is not modified anywhere, so make it static const to silence sparse warning: tcpci.c:1002:1: warning: symbol 'tcpci_pm_ops' was not declared. Should it be static? Signed-off-by: Krzysztof Kozlowski Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

tpm2-sessions: Open code tpm_buf_append_hmac_session()

2025-12-05T04:42:51+00:00

Open code 'tpm_buf_append_hmac_session_opt' to the call site, as it only masks a call sequence and does otherwise nothing particularly useful. Signed-off-by: Jarkko Sakkinen Reviewed-by: Jonathan McDowell

tpm2-sessions: Remove 'attributes' parameter from tpm_buf_append_auth

2025-12-05T04:42:51+00:00

Remove 'attributes' parameter from 'tpm_buf_append_auth', as it is not used by the function. Fixes: 27184f8905ba ("tpm: Opt-in in disable PCR integrity protection") Signed-off-by: Jarkko Sakkinen Reviewed-by: Jonathan McDowell

tpm2-sessions: Fix tpm2_read_public range checks

2025-12-05T04:42:44+00:00

tpm2_read_public() has some rudimentary range checks but the function does not ensure that the response buffer has enough bytes for the full TPMT_HA payload. Re-implement the function with necessary checks and validation, and return name and name size for all handle types back to the caller. Cc: stable@vger.kernel.org # v6.10+ Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Signed-off-by: Jarkko Sakkinen Reviewed-by: Jonathan McDowell

tpm2-sessions: Fix out of range indexing in name_size

2025-12-05T04:31:07+00:00

'name_size' does not have any range checks, and it just directly indexes with TPM_ALG_ID, which could lead into memory corruption at worst. Address the issue by only processing known values and returning -EINVAL for unrecognized values. Make also 'tpm_buf_append_name' and 'tpm_buf_fill_hmac_session' fallible so that errors are detected before causing any spurious TPM traffic. End also the authorization session on failure in both of the functions, as the session state would be then by definition corrupted. Cc: stable@vger.kernel.org # v6.10+ Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Reviewed-by: Jonathan McDowell Signed-off-by: Jarkko Sakkinen

tpm: Cap the number of PCR banks

2025-12-03T20:55:28+00:00

tpm2_get_pcr_allocation() does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm. Cc: stable@vger.kernel.org # v5.10+ Fixes: bcfff8384f6c ("tpm: dynamically allocate the allocated_banks array") Tested-by: Lai Yi Reviewed-by: Jonathan McDowell Reviewed-by: Roberto Sassu Signed-off-by: Jarkko Sakkinen

KEYS: trusted: Replace a redundant instance of tpm2_hash_map

2025-11-29T20:57:30+00:00

'trusted_tpm2' duplicates 'tpm2_hash_map' originally part of the TPN driver, which is suboptimal. Implement and export `tpm2_find_hash_alg()` in the driver, and substitute the redundant code in 'trusted_tpm2' with a call to the new function. Reviewed-by: Jonathan McDowell Signed-off-by: Jarkko Sakkinen

tpm: use a map for tpm2_calc_ordinal_duration()

2025-10-10T05:21:45+00:00

The current shenanigans for duration calculation introduce too much complexity for a trivial problem, and further the code is hard to patch and maintain. Address these issues with a flat look-up table, which is easy to understand and patch. If leaf driver specific patching is required in future, it is easy enough to make a copy of this table during driver initialization and add the chip parameter back. 'chip->duration' is retained for TPM 1.x. As the first entry for this new behavior address TCG spec update mentioned in this issue: https://github.com/raspberrypi/linux/issues/7054 Therefore, for TPM_SelfTest the duration is set to 3000 ms. This does not categorize a as bug, given that this is introduced to the spec after the feature was originally made. Reviewed-by: Serge Hallyn Signed-off-by: Jarkko Sakkinen

tpm: Lazily flush auth session when getting random data

2025-03-27T13:34:04+00:00

Lazy flushing of TPM auth sessions was introduced to speed up IMA measurments into the TPM. Make use of it in tpm2_get_random as well, which has the added benefit of not needlessly cleaning up the session that IMA is using when there are no userspace accesses taking place. Command trace before for every call: hwrng (0x00000161): 14 (52965242 ns) hwrng (0x00000176): 48 (161612432 ns) hwrng (0x00000165): 10 (2410494 ns) hwrng (0x0000017B): 117 (70699883 ns) hwrng (0x0000017B): 117 (70959666 ns) hwrng (0x00000165): 10 (2756827 ns) After, with repeated calls showing no setup: hwrng (0x00000161): 14 (53044582 ns) hwrng (0x00000176): 48 (160491333 ns) hwrng (0x00000165): 10 (2408220 ns) hwrng (0x0000017B): 117 (70695037 ns) hwrng (0x0000017B): 117 (70994984 ns) hwrng (0x0000017B): 117 (70195388 ns) hwrng (0x0000017B): 117 (70973835 ns) Signed-off-by: Jonathan McDowell Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen