- Linux-stable-mirror - lists.linaro.org

[PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size

by Roberto Sassu

This patch protects against data corruption that could happen in the bus, by checking that that the digest size returned by the TPM during a PCR read matches the size of the algorithm passed to tpm2_pcr_read(). This check is performed after information about the PCR banks has been retrieved. Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/char/tpm/tpm2-cmd.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index acaaab72ef2e..974465f04b78 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -179,15 +179,29 @@ struct tpm2_pcr_read_out { int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, struct tpm_digest *digest_struct, u16 *digest_size_ptr) { + int i; int rc; struct tpm_buf buf; struct tpm2_pcr_read_out *out; u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; u16 digest_size; + u16 expected_digest_size = 0; if (pcr_idx >= TPM2_PLATFORM_PCR) return -EINVAL; + if (!digest_size_ptr) { + for (i = 0; i < chip->nr_allocated_banks && + chip->allocated_banks[i].alg_id != digest_struct->alg_id; + i++) + ; + + if (i == chip->nr_allocated_banks) + return -EINVAL; + + expected_digest_size = chip->allocated_banks[i].digest_size; + } + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); if (rc) return rc; @@ -207,7 +221,8 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; digest_size = be16_to_cpu(out->digest_size); - if (digest_size > sizeof(digest_struct->digest)) { + if (digest_size > sizeof(digest_struct->digest) || + (!digest_size_ptr && digest_size != expected_digest_size)) { rc = -EINVAL; goto out; } -- 2.17.1

6 years, 9 months

2
9
0 0

[PATCH AUTOSEL 4.14 01/21] pinctrl: meson: fix pinconf bias disable

by Sasha Levin

From: Jerome Brunet <jbrunet(a)baylibre.com> [ Upstream commit e39f9dd8206ad66992ac0e6218ef1ba746f2cce9 ] If a bias is enabled on a pin of an Amlogic SoC, calling .pin_config_set() with PIN_CONFIG_BIAS_DISABLE will not disable the bias. Instead it will force a pull-down bias on the pin. Instead of the pull type register bank, the driver should access the pull enable register bank. Fixes: 6ac730951104 ("pinctrl: add driver for Amlogic Meson SoCs") Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> Acked-by: Neil Armstrong <narmstrong(a)baylibre.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/meson/pinctrl-meson.c b/drivers/pinctrl/meson/pinctrl-meson.c index 66ed70c12733..6c43322dbb97 100644 --- a/drivers/pinctrl/meson/pinctrl-meson.c +++ b/drivers/pinctrl/meson/pinctrl-meson.c @@ -273,7 +273,7 @@ static int meson_pinconf_set(struct pinctrl_dev *pcdev, unsigned int pin, dev_dbg(pc->dev, "pin %u: disable bias\n", pin); meson_calc_reg_and_bit(bank, pin, REG_PULL, &reg, &bit); - ret = regmap_update_bits(pc->reg_pull, reg, + ret = regmap_update_bits(pc->reg_pullen, reg, BIT(bit), 0); if (ret) return ret; -- 2.17.1

6 years, 9 months

2
23
0 0

[PATCH for-4.4.y 00/10] Stable candidates for linux-4.4.y

by Amit Pundir

Hi Greg, Few stable candidates for 4.4.y for your consideration. Cherry picked and build tested on linux-4.4.165 for ARCH=arm/arm64 + allmodconfig. Few fixes are applicable for 3.18.y as well, but they needed minor rebasing, so I'll submit them shortly in a separate thread. Regards, Amit Pundir Amitkumar Karwar (1): mwifiex: Fix NULL pointer dereference in skb_dequeue() Johannes Thumshirn (1): cw1200: Don't leak memory if krealloc failes Karthik D A (1): mwifiex: fix p2p device doesn't find in scan problem Liping Zhang (1): netfilter: nf_tables: fix oops when inserting an element into a verdict map Mauricio Faria de Oliveira (1): scsi: qla2xxx: do not queue commands when unloading Subhash Jadavani (2): scsi: ufs: fix race between clock gating and devfreq scaling work scsi: ufshcd: release resources if probe fails Vasanthakumar Thiagarajan (1): ath10k: fix kernel panic due to race in accessing arvif list Venkat Gopalakrishnan (1): scsi: ufshcd: Fix race between clk scaling and ungate work Yaniv Gardi (1): scsi: ufs: fix bugs related to null pointer access and array size drivers/net/wireless/ath/ath10k/mac.c | 6 +++ drivers/net/wireless/cw1200/wsm.c | 16 ++++--- drivers/net/wireless/mwifiex/cfg80211.c | 10 ++++- drivers/net/wireless/mwifiex/wmm.c | 12 ++++-- drivers/scsi/qla2xxx/qla_os.c | 5 +++ drivers/scsi/ufs/ufs.h | 3 +- drivers/scsi/ufs/ufshcd-pci.c | 2 + drivers/scsi/ufs/ufshcd-pltfrm.c | 5 +-- drivers/scsi/ufs/ufshcd.c | 75 +++++++++++++++++++++++++++++---- net/netfilter/nf_tables_api.c | 1 + 10 files changed, 110 insertions(+), 25 deletions(-) -- 2.7.4

6 years, 9 months

1
10
0 0

[PATCH] scsi: lpfc: fix block guard enablement on SLI3 adapters

by Martin Wilck

Since f44ac12f1dcc, BG enablement is tracked with the LPFC_SLI3_BG_ENABLED bit, which is set in lpfc_get_cfgparam before lpfc_sli_config_sli_port() is called. The bit shouldn't be cleared before checking the feature. Based on problem analysis by David Bond. Fixes: f44ac12f1dcc "scsi: lpfc: Memory allocation error during driver start-up on power8" Tested-by: David Bond <dbond(a)suse.com> Signed-off-by: Martin Wilck <mwilck(a)suse.com> Cc: stable(a)vger.kernel.org # 4.17.x Cc: stable(a)vger.kernel.org # 4.18.x Cc: stable(a)vger.kernel.org # 4.19.x --- drivers/scsi/lpfc/lpfc_init.c | 6 +++++- drivers/scsi/lpfc/lpfc_sli.c | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c index 323a32e..6b61cae 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c @@ -167,7 +167,11 @@ lpfc_config_port_prep(struct lpfc_hba *phba) sizeof(phba->wwpn)); } - phba->sli3_options = 0x0; + /* + * Clear all option bits except LPFC_SLI3_BG_ENABLED, + * which was already set in lpfc_get_cfgparam() + */ + phba->sli3_options &= (uint32_t)LPFC_SLI3_BG_ENABLED; /* Setup and issue mailbox READ REV command */ lpfc_read_rev(phba, pmb); diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 783a154..b9e5cd7 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -4965,7 +4965,6 @@ lpfc_sli_config_port(struct lpfc_hba *phba, int sli_mode) phba->sli3_options &= ~(LPFC_SLI3_NPIV_ENABLED | LPFC_SLI3_HBQ_ENABLED | LPFC_SLI3_CRP_ENABLED | - LPFC_SLI3_BG_ENABLED | LPFC_SLI3_DSS_ENABLED); if (rc != MBX_SUCCESS) { lpfc_printf_log(phba, KERN_ERR, LOG_INIT, -- 2.19.1

6 years, 9 months

4
4
0 0

[net 2/4] i40e: Fix deletion of MAC filters

by Jeff Kirsher

From: Lihong Yang <lihong.yang(a)intel.com> In __i40e_del_filter function, the flag __I40E_MACVLAN_SYNC_PENDING for the PF state is wrongly set for the VSI. Deleting any of the MAC filters has caused the incorrect syncing for the PF. Fix it by setting this state flag to the intended PF. CC: stable <stable(a)vger.kernel.org> Signed-off-by: Lihong Yang <lihong.yang(a)intel.com> Tested-by: Andrew Bowers <andrewx.bowers(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> --- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 21c2688d6308..a3f45335437c 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -1413,7 +1413,7 @@ void __i40e_del_filter(struct i40e_vsi *vsi, struct i40e_mac_filter *f) } vsi->flags |= I40E_VSI_FLAG_FILTER_CHANGED; - set_bit(__I40E_MACVLAN_SYNC_PENDING, vsi->state); + set_bit(__I40E_MACVLAN_SYNC_PENDING, vsi->back->state); } /** -- 2.19.2

6 years, 9 months

1
0
0 0

RE: [PATCH] KVM: VMX: re-add ple_gap module parameter

by Moger, Babu

My bad.. Sorry about this. I think this should also go to stable(a)vger.kernel.org > -----Original Message----- > From: Luiz Capitulino <lcapitulino(a)redhat.com> > Sent: Friday, November 23, 2018 12:27 PM > To: Liran Alon <liran.alon(a)oracle.com> > Cc: Paolo Bonzini <pbonzini(a)redhat.com>; Moger, Babu > <Babu.Moger(a)amd.com>; kvm(a)vger.kernel.org; linux- > kernel(a)vger.kernel.org > Subject: Re: [PATCH] KVM: VMX: re-add ple_gap module parameter > > On Fri, 23 Nov 2018 19:42:53 +0200 > Liran Alon <liran.alon(a)oracle.com> wrote: > > > > On 23 Nov 2018, at 19:02, Luiz Capitulino <lcapitulino(a)redhat.com> > wrote: > > > > > > > > > Apparently, the ple_gap parameter was accidentally removed > > > by commit c8e88717cfc6b36bedea22368d97667446318291. Add it > > > back. > > > > > > Signed-off-by: Luiz Capitulino <lcapitulino(a)redhat.com> > > > > Weird that nobody noticed this when patch was applied… Thanks. > > Reviewed-by: Liran Alon <liran.alon(a)oracle.com> Reviewed-by: Babu Moger <babu.moger(a)amd.com> > > I forgot to mention that I noticed this because I have systems > disabling ple with ple_gap=0 in modprobe.conf. In those systems > kvm_intel won't load anymore. > > > > > > --- > > > arch/x86/kvm/vmx.c | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > > > index 4555077d69ce..be6f13f1c25f 100644 > > > --- a/arch/x86/kvm/vmx.c > > > +++ b/arch/x86/kvm/vmx.c > > > @@ -174,6 +174,7 @@ module_param_named(preemption_timer, > enable_preemption_timer, bool, S_IRUGO); > > > * refer SDM volume 3b section 21.6.13 & 22.1.3. > > > */ > > > static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP; > > > +module_param(ple_gap, uint, 0444); > > > > > > static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW; > > > module_param(ple_window, uint, 0444); > > > -- > > > 2.17.2 > > > > >

6 years, 9 months

4
3
0 0

[PATCH] arm64: remove no-op -p linker flag

by ndesaulniers＠google.com

From: Greg Hackmann <ghackmann(a)android.com> (commit 1a381d4a0a9a0f999a13faaba22bf6b3fc80dcb9 upstream) Linking the ARM64 defconfig kernel with LLVM lld fails with the error: ld.lld: error: unknown argument: -p Makefile:1015: recipe for target 'vmlinux' failed Without this flag, the ARM64 defconfig kernel successfully links with lld and boots on Dragonboard 410c. After digging through binutils source and changelogs, it turns out that -p is only relevant to ancient binutils installations targeting 32-bit ARM. binutils accepts -p for AArch64 too, but it's always been undocumented and silently ignored. A comment in ld/emultempl/aarch64elf.em explains that it's "Only here for backwards compatibility". Since this flag is a no-op on ARM64, we can safely drop it. Acked-by: Will Deacon <will.deacon(a)arm.com> Reviewed-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- This is needed for linking arm64 kernels with LLVM's LLD linker. I'm most interested in this for 4.14 and know it applies cleanly there, but would like it in 4.9 and 4.4 if possible. The upstream patch first landed in v4.18-rc4. arch/arm64/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 48158c550110..7976d2d242fa 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -10,7 +10,7 @@ # # Copyright (C) 1995-2001 by Russell King -LDFLAGS_vmlinux :=-p --no-undefined -X +LDFLAGS_vmlinux :=--no-undefined -X CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET) GZFLAGS :=-9 -- 2.20.0.rc0.387.gc7a69e6b6c-goog

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] drm/mediatek: fix OF sibling-node lookup" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ceff2f4dcd44abf35864d9a99f85ac619e89a01d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 27 Aug 2018 10:21:46 +0200 Subject: [PATCH] drm/mediatek: fix OF sibling-node lookup Use the new of_get_compatible_child() helper to lookup the sibling instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related cec-node reference leak. Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support") Cc: stable <stable(a)vger.kernel.org> # 4.8 Cc: Junzhi Zhao <junzhi.zhao(a)mediatek.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: CK Hu <ck.hu(a)mediatek.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Rob Herring <robh(a)kernel.org> diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c index 2d45d1dd9554..643f5edd68fe 100644 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c @@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, } /* The CEC module handles HDMI hotplug detection */ - cec_np = of_find_compatible_node(np->parent, NULL, - "mediatek,mt8173-cec"); + cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec"); if (!cec_np) { dev_err(dev, "Failed to find CEC node\n"); return -EINVAL; @@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, if (!cec_pdev) { dev_err(hdmi->dev, "Waiting for CEC device %pOF\n", cec_np); + of_node_put(cec_np); return -EPROBE_DEFER; } + of_node_put(cec_np); hdmi->cec_dev = &cec_pdev->dev; /*

6 years, 9 months

3
2
0 0

[PATCH] Return only active connectors for GET_RESOURCES

by Stanislav Lisovskiy

Currently kernel might allocate different connector ids for the same outputs in case of DP MST, which seems to confuse userspace. There are can be different connector ids in the list, which could be assigned to the same output, while being in different states. This results in issues, like external displays staying blank after quick unplugging and plugging back(bug #106250). Returning only active DP connectors fixes the issue. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106250 Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy(a)intel.com> --- drivers/gpu/drm/drm_mode_config.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/drm_mode_config.c b/drivers/gpu/drm/drm_mode_config.c index ee80788f2c40..ec5b2b08a45e 100644 --- a/drivers/gpu/drm/drm_mode_config.c +++ b/drivers/gpu/drm/drm_mode_config.c @@ -143,6 +143,7 @@ int drm_mode_getresources(struct drm_device *dev, void *data, drm_connector_list_iter_begin(dev, &conn_iter); count = 0; connector_id = u64_to_user_ptr(card_res->connector_id_ptr); + DRM_DEBUG_KMS("GetResources: writing connectors start"); drm_for_each_connector_iter(connector, &conn_iter) { /* only expose writeback connectors if userspace understands them */ if (!file_priv->writeback_connectors && @@ -150,15 +151,20 @@ int drm_mode_getresources(struct drm_device *dev, void *data, continue; if (drm_lease_held(file_priv, connector->base.id)) { - if (count < card_res->count_connectors && - put_user(connector->base.id, connector_id + count)) { - drm_connector_list_iter_end(&conn_iter); - return -EFAULT; + if (connector->connector_type != DRM_MODE_CONNECTOR_DisplayPort || + connector->status != connector_status_disconnected) { + if (count < card_res->count_connectors && + put_user(connector->base.id, connector_id + count)) { + drm_connector_list_iter_end(&conn_iter); + return -EFAULT; + } + DRM_DEBUG_KMS("GetResources: connector %s", connector->name); + count++; } - count++; } } card_res->count_connectors = count; + DRM_DEBUG_KMS("GetResources: writing connectors end - count %d", count); drm_connector_list_iter_end(&conn_iter); return ret; -- 2.17.1

6 years, 9 months

3
2
0 0

FAILED: patch "[PATCH] power: supply: twl4030-charger: fix OF sibling-node lookup" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9844fb2e351311210e6660a9a1c62d17424a6145 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 27 Aug 2018 10:21:53 +0200 Subject: [PATCH] power: supply: twl4030-charger: fix OF sibling-node lookup Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Sebastian Reichel <sre(a)kernel.org> Reviewed-by: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Rob Herring <robh(a)kernel.org> diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER)

6 years, 9 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror