summaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorJarkko Sakkinen <jarkko@kernel.org>2023-10-11 01:08:25 +0200
committerJarkko Sakkinen <jarkko@kernel.org>2023-10-24 02:06:06 +0200
commit31de287345f41bbfaec36a5c8cbdba035cf76442 (patch)
tree2cd10174e3300dcb4b09ab65128c35b6ae6997f8 /security/keys
parentMerge tag 'for-6.6-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff)
downloadlinux-31de287345f41bbfaec36a5c8cbdba035cf76442.tar.xz
linux-31de287345f41bbfaec36a5c8cbdba035cf76442.zip
KEYS: trusted: Rollback init_trusted() consistently
Do bind neither static calls nor trusted_key_exit() before a successful init, in order to maintain a consistent state. In addition, depart the init_trusted() in the case of a real error (i.e. getting back something else than -ENODEV). Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Closes: https://lore.kernel.org/linux-integrity/CAHk-=whOPoLaWM8S8GgoOPT7a2+nMH5h3TLKtn=R_3w4R1_Uvg@mail.gmail.com/ Cc: stable@vger.kernel.org # v5.13+ Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework") Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/trusted-keys/trusted_core.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 85fb5c22529a..fee1ab2c734d 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -358,17 +358,17 @@ static int __init init_trusted(void)
if (!get_random)
get_random = kernel_get_random;
- static_call_update(trusted_key_seal,
- trusted_key_sources[i].ops->seal);
- static_call_update(trusted_key_unseal,
- trusted_key_sources[i].ops->unseal);
- static_call_update(trusted_key_get_random,
- get_random);
- trusted_key_exit = trusted_key_sources[i].ops->exit;
- migratable = trusted_key_sources[i].ops->migratable;
-
ret = trusted_key_sources[i].ops->init();
- if (!ret)
+ if (!ret) {
+ static_call_update(trusted_key_seal, trusted_key_sources[i].ops->seal);
+ static_call_update(trusted_key_unseal, trusted_key_sources[i].ops->unseal);
+ static_call_update(trusted_key_get_random, get_random);
+
+ trusted_key_exit = trusted_key_sources[i].ops->exit;
+ migratable = trusted_key_sources[i].ops->migratable;
+ }
+
+ if (!ret || ret != -ENODEV)
break;
}