Commit 418a2ab6 authored Jan 11, 2023 by Jarkko Sakkinen Committed by Yongqiang Liu Jan 11, 2023

KEYS: trusted: Fix migratable=1 failing

stable inclusion
from stable-v4.19.178
commit 643a663251e07ea55178fd9bfede9a7a4199cc24
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I664K9


CVE: NA

--------------------------------

commit 8da7520c upstream.

Consider the following transcript:

$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
add_key: Invalid argument

The documentation has the following description:

  migratable=   0|1 indicating permission to reseal to new PCR values,
                default 1 (resealing allowed)

The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.

[*] Documentation/security/keys/trusted-encrypted.rst

Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c72 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Reviewed-by: Wang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent 3e11fc7b

security/keys/trusted.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -796,7 +796,7 @@ static int getoptions(char c, struct trusted_key_payload pay,
		case Opt_migratable:
		if (*args[0].from == '0')
		pay->migratable = 0;
		else
		else if (*args[0].from != '1')
		return -EINVAL;
		break;
		case Opt_pcrlock: