Merge remote-tracking branch 'up/f31' into master-riscv64

Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>

kernel.spec

@@ -144,7 +144,7 @@ Summary: The Linux kernel
 # pkg_release is what we'll fill in for the rpm Release: field
 %if 0%{?released_kernel}
 
-%define pkg_release %{fedora_build}%{?buildid}.2.riscv64%{?dist}
+%define pkg_release %{fedora_build}%{?buildid}.3.riscv64%{?dist}
 
 %else
 
@@ -599,14 +599,18 @@ Patch505: iwlwifi-fw-don-t-send-GEO_TX_POWER_LIMIT-command-to-FW-version-36.patc
 # new ids
 Patch506: 0001-x86-amd_nb-Add-PCI-device-IDs-for-family-17h-model-7.patch
 
+# rhbz 1752961
+Patch507: v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch
+Patch508: v3-tpm-only-set-efi_tpm_final_log_size-after-successful-event-log-parsing.patch
+
 # RISC-V SECCOMP support v2 (posted on linux-riscv)
 # http://lists.infradead.org/pipermail/linux-riscv/2019-August/006235.html
-Patch550: 0001-riscv-add-SECCOMP-support.patch
+#Patch550: 0001-riscv-add-SECCOMP-support.patch
 
 # RISC-V SiFive Unleashed CPUFreq support
 # WIP, private dev branch
 # https://github.com/sifive/riscv-linux/commits/dev/paulw/cpufreq-dt-aloe-v5.3-rc4
-Patch552: 0002-SiFive-Unleashed-CPUFreq.patch
+#Patch552: 0002-SiFive-Unleashed-CPUFreq.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1809,6 +1813,9 @@ fi
 #
 #
 %changelog
+* Mon Sep 30 2019 Laura Abbott <labbott@redhat.com>
+- Fix for tpm crashes (rhbz 1752961)
+
 * Mon Sep 23 2019 Peter Robinson <pbrobinson@fedoraproject.org> 5.3.1-300
 - Upstream patch for iwlwifi 8000 series FW issues (rhbz: 1749949)
 

v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch

@@ -0,0 +1,233 @@
+From patchwork Wed Sep 25 10:16:18 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+X-Patchwork-Id: 11160381
+Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org>
+Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
+ [172.30.200.123])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 43E0E112B
+	for <patchwork-linux-integrity@patchwork.kernel.org>;
+ Wed, 25 Sep 2019 10:16:35 +0000 (UTC)
+Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
+	by mail.kernel.org (Postfix) with ESMTP id 2BB5521D7A
+	for <patchwork-linux-integrity@patchwork.kernel.org>;
+ Wed, 25 Sep 2019 10:16:35 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S2389040AbfIYKQe (ORCPT
+        <rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
+        Wed, 25 Sep 2019 06:16:34 -0400
+Received: from mga06.intel.com ([134.134.136.31]:40402 "EHLO mga06.intel.com"
+        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+        id S1727141AbfIYKQe (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
+        Wed, 25 Sep 2019 06:16:34 -0400
+X-Amp-Result: SKIPPED(no attachment in message)
+X-Amp-File-Uploaded: False
+Received: from orsmga006.jf.intel.com ([10.7.209.51])
+  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
+ 25 Sep 2019 03:16:33 -0700
+X-ExtLoop1: 1
+X-IronPort-AV: E=Sophos;i="5.64,547,1559545200";
+   d="scan'208";a="193723106"
+Received: from dariusvo-mobl.ger.corp.intel.com (HELO localhost)
+ ([10.249.39.150])
+  by orsmga006.jf.intel.com with ESMTP; 25 Sep 2019 03:16:27 -0700
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+To: linux-integrity@vger.kernel.org
+Cc: Peter Jones <pjones@redhat.com>, linux-efi@vger.kernel.org,
+        stable@vger.kernel.org, Lyude Paul <lyude@redhat.com>,
+        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
+        Matthew Garrett <mjg59@google.com>,
+        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
+        Roberto Sassu <roberto.sassu@huawei.com>,
+        Bartosz Szczepanek <bsz@semihalf.com>,
+        linux-kernel@vger.kernel.org (open list)
+Subject: [PATCH v2 1/2] efi+tpm: Don't access event->count when it isn't
+ mapped.
+Date: Wed, 25 Sep 2019 13:16:18 +0300
+Message-Id: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com>
+X-Mailer: git-send-email 2.20.1
+MIME-Version: 1.0
+Sender: linux-integrity-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <linux-integrity.vger.kernel.org>
+X-Mailing-List: linux-integrity@vger.kernel.org
+
+From: Peter Jones <pjones@redhat.com>
+
+Some machines generate a lot of event log entries.  When we're
+iterating over them, the code removes the old mapping and adds a
+new one, so once we cross the page boundary we're unmapping the page
+with the count on it.  Hilarity ensues.
+
+This patch keeps the info from the header in local variables so we don't
+need to access that page again or keep track of if it's mapped.
+
+Fixes: 44038bc514a2 ("tpm: Abstract crypto agile event size calculations")
+Cc: linux-efi@vger.kernel.org
+Cc: linux-integrity@vger.kernel.org
+Cc: stable@vger.kernel.org
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Tested-by: Lyude Paul <lyude@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Acked-by: Matthew Garrett <mjg59@google.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+---
+ include/linux/tpm_eventlog.h | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h
+index 63238c84dc0b..12584b69a3f3 100644
+--- a/include/linux/tpm_eventlog.h
++++ b/include/linux/tpm_eventlog.h
+@@ -170,6 +170,7 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
+ 	u16 halg;
+ 	int i;
+ 	int j;
++	u32 count, event_type;
+ 
+ 	marker = event;
+ 	marker_start = marker;
+@@ -190,16 +191,22 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
+ 	}
+ 
+ 	event = (struct tcg_pcr_event2_head *)mapping;
++	/*
++	 * the loop below will unmap these fields if the log is larger than
++	 * one page, so save them here for reference.
++	 */
++	count = READ_ONCE(event->count);
++	event_type = READ_ONCE(event->event_type);
+ 
+ 	efispecid = (struct tcg_efi_specid_event_head *)event_header->event;
+ 
+ 	/* Check if event is malformed. */
+-	if (event->count > efispecid->num_algs) {
++	if (count > efispecid->num_algs) {
+ 		size = 0;
+ 		goto out;
+ 	}
+ 
+-	for (i = 0; i < event->count; i++) {
++	for (i = 0; i < count; i++) {
+ 		halg_size = sizeof(event->digests[i].alg_id);
+ 
+ 		/* Map the digest's algorithm identifier */
+@@ -256,8 +263,9 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
+ 		+ event_field->event_size;
+ 	size = marker - marker_start;
+ 
+-	if ((event->event_type == 0) && (event_field->event_size == 0))
++	if (event_type == 0 && event_field->event_size == 0)
+ 		size = 0;
++
+ out:
+ 	if (do_mapping)
+ 		TPM_MEMUNMAP(mapping, mapping_size);
+
+From patchwork Wed Sep 25 10:16:19 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+X-Patchwork-Id: 11160383
+Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org>
+Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
+ [172.30.200.123])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 363B114DB
+	for <patchwork-linux-integrity@patchwork.kernel.org>;
+ Wed, 25 Sep 2019 10:16:40 +0000 (UTC)
+Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
+	by mail.kernel.org (Postfix) with ESMTP id 1DCE921D7C
+	for <patchwork-linux-integrity@patchwork.kernel.org>;
+ Wed, 25 Sep 2019 10:16:40 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S2389138AbfIYKQj (ORCPT
+        <rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
+        Wed, 25 Sep 2019 06:16:39 -0400
+Received: from mga18.intel.com ([134.134.136.126]:21948 "EHLO mga18.intel.com"
+        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+        id S1727141AbfIYKQj (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
+        Wed, 25 Sep 2019 06:16:39 -0400
+X-Amp-Result: SKIPPED(no attachment in message)
+X-Amp-File-Uploaded: False
+Received: from orsmga004.jf.intel.com ([10.7.209.38])
+  by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
+ 25 Sep 2019 03:16:38 -0700
+X-ExtLoop1: 1
+X-IronPort-AV: E=Sophos;i="5.64,547,1559545200";
+   d="scan'208";a="340366339"
+Received: from dariusvo-mobl.ger.corp.intel.com (HELO localhost)
+ ([10.249.39.150])
+  by orsmga004.jf.intel.com with ESMTP; 25 Sep 2019 03:16:35 -0700
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+To: linux-integrity@vger.kernel.org
+Cc: Peter Jones <pjones@redhat.com>, linux-efi@vger.kernel.org,
+        stable@vger.kernel.org, Lyude Paul <lyude@redhat.com>,
+        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
+        Matthew Garrett <mjg59@google.com>,
+        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
+        linux-kernel@vger.kernel.org (open list)
+Subject: [PATCH v2 2/2] efi+tpm: don't traverse an event log with no events
+Date: Wed, 25 Sep 2019 13:16:19 +0300
+Message-Id: <20190925101622.31457-2-jarkko.sakkinen@linux.intel.com>
+X-Mailer: git-send-email 2.20.1
+In-Reply-To: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com>
+References: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com>
+MIME-Version: 1.0
+Sender: linux-integrity-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <linux-integrity.vger.kernel.org>
+X-Mailing-List: linux-integrity@vger.kernel.org
+
+From: Peter Jones <pjones@redhat.com>
+
+When there are no entries to put into the final event log, some machines
+will return the template they would have populated anyway.  In this case
+the nr_events field is 0, but the rest of the log is just garbage.
+
+This patch stops us from trying to iterate the table with
+__calc_tpm2_event_size() when the number of events in the table is 0.
+
+Fixes: c46f3405692d ("tpm: Reserve the TPM final events table")
+Cc: linux-efi@vger.kernel.org
+Cc: linux-integrity@vger.kernel.org
+Cc: stable@vger.kernel.org
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Tested-by: Lyude Paul <lyude@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Acked-by: Matthew Garrett <mjg59@google.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+---
+ drivers/firmware/efi/tpm.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
+index 1d3f5ca3eaaf..b9ae5c6f9b9c 100644
+--- a/drivers/firmware/efi/tpm.c
++++ b/drivers/firmware/efi/tpm.c
+@@ -75,11 +75,16 @@ int __init efi_tpm_eventlog_init(void)
+ 		goto out;
+ 	}
+ 
+-	tbl_size = tpm2_calc_event_log_size((void *)efi.tpm_final_log
+-					    + sizeof(final_tbl->version)
+-					    + sizeof(final_tbl->nr_events),
+-					    final_tbl->nr_events,
+-					    log_tbl->log);
++	tbl_size = 0;
++	if (final_tbl->nr_events != 0) {
++		void *events = (void *)efi.tpm_final_log
++				+ sizeof(final_tbl->version)
++				+ sizeof(final_tbl->nr_events);
++
++		tbl_size = tpm2_calc_event_log_size(events,
++						    final_tbl->nr_events,
++						    log_tbl->log);
++	}
+ 	memblock_reserve((unsigned long)final_tbl,
+ 			 tbl_size + sizeof(*final_tbl));
+ 	early_memunmap(final_tbl, sizeof(*final_tbl));

v3-tpm-only-set-efi_tpm_final_log_size-after-successful-event-log-parsing.patch

@@ -0,0 +1,190 @@
+From patchwork Wed Sep 25 17:27:05 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Jerry Snitselaar <jsnitsel@redhat.com>
+X-Patchwork-Id: 11161161
+Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org>
+Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
+ [172.30.200.123])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 88B8A1747
+	for <patchwork-linux-integrity@patchwork.kernel.org>;
+ Wed, 25 Sep 2019 17:27:13 +0000 (UTC)
+Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
+	by mail.kernel.org (Postfix) with ESMTP id 66F4F217F4
+	for <patchwork-linux-integrity@patchwork.kernel.org>;
+ Wed, 25 Sep 2019 17:27:13 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S2505171AbfIYR1J (ORCPT
+        <rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
+        Wed, 25 Sep 2019 13:27:09 -0400
+Received: from mx1.redhat.com ([209.132.183.28]:41496 "EHLO mx1.redhat.com"
+        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+        id S2505170AbfIYR1J (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
+        Wed, 25 Sep 2019 13:27:09 -0400
+Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
+ [10.5.11.22])
+        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
+        (No client certificate requested)
+        by mx1.redhat.com (Postfix) with ESMTPS id 4CE7C1056FB1;
+        Wed, 25 Sep 2019 17:27:08 +0000 (UTC)
+Received: from cantor.redhat.com (ovpn-117-191.phx2.redhat.com [10.3.117.191])
+        by smtp.corp.redhat.com (Postfix) with ESMTP id D081B1001B12;
+        Wed, 25 Sep 2019 17:27:07 +0000 (UTC)
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+To: linux-efi@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
+        stable@vger.kernel.org, Matthew Garrett <mjg59@google.com>,
+        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
+        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Subject: [PATCH v3] tpm: only set efi_tpm_final_log_size after successful
+ event log parsing
+Date: Wed, 25 Sep 2019 10:27:05 -0700
+Message-Id: <20190925172705.17358-1-jsnitsel@redhat.com>
+MIME-Version: 1.0
+X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
+X-Greylist: Sender IP whitelisted,
+ not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.64]);
+ Wed, 25 Sep 2019 17:27:08 +0000 (UTC)
+Sender: linux-integrity-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <linux-integrity.vger.kernel.org>
+X-Mailing-List: linux-integrity@vger.kernel.org
+
+If __calc_tpm2_event_size fails to parse an event it will return 0,
+resulting tpm2_calc_event_log_size returning -1. Currently there is
+no check of this return value, and efi_tpm_final_log_size can end up
+being set to this negative value resulting in a panic like the
+the one given below.
+
+Also __calc_tpm2_event_size returns a size of 0 when it fails
+to parse an event, so update function documentation to reflect this.
+
+[    0.774340] BUG: unable to handle page fault for address: ffffbc8fc00866ad
+[    0.774788] #PF: supervisor read access in kernel mode
+[    0.774788] #PF: error_code(0x0000) - not-present page
+[    0.774788] PGD 107d36067 P4D 107d36067 PUD 107d37067 PMD 107d38067 PTE 0
+[    0.774788] Oops: 0000 [#1] SMP PTI
+[    0.774788] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.3.0-0.rc2.1.elrdy.x86_64 #1
+[    0.774788] Hardware name: LENOVO 20HGS22D0W/20HGS22D0W, BIOS N1WET51W (1.30 ) 09/14/2018
+[    0.774788] RIP: 0010:memcpy_erms+0x6/0x10
+[    0.774788] Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
+[    0.774788] RSP: 0000:ffffbc8fc0073b30 EFLAGS: 00010286
+[    0.774788] RAX: ffff9b1fc7c5b367 RBX: ffff9b1fc8390000 RCX: ffffffffffffe962
+[    0.774788] RDX: ffffffffffffe962 RSI: ffffbc8fc00866ad RDI: ffff9b1fc7c5b367
+[    0.774788] RBP: ffff9b1c10ca7018 R08: ffffbc8fc0085fff R09: 8000000000000063
+[    0.774788] R10: 0000000000001000 R11: 000fffffffe00000 R12: 0000000000003367
+[    0.774788] R13: ffff9b1fcc47c010 R14: ffffbc8fc0085000 R15: 0000000000000002
+[    0.774788] FS:  0000000000000000(0000) GS:ffff9b1fce200000(0000) knlGS:0000000000000000
+[    0.774788] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[    0.774788] CR2: ffffbc8fc00866ad CR3: 000000029f60a001 CR4: 00000000003606f0
+[    0.774788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[    0.774788] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[    0.774788] Call Trace:
+[    0.774788]  tpm_read_log_efi+0x156/0x1a0
+[    0.774788]  tpm_bios_log_setup+0xc8/0x190
+[    0.774788]  tpm_chip_register+0x50/0x1c0
+[    0.774788]  tpm_tis_core_init.cold.9+0x28c/0x466
+[    0.774788]  tpm_tis_plat_probe+0xcc/0xea
+[    0.774788]  platform_drv_probe+0x35/0x80
+[    0.774788]  really_probe+0xef/0x390
+[    0.774788]  driver_probe_device+0xb4/0x100
+[    0.774788]  device_driver_attach+0x4f/0x60
+[    0.774788]  __driver_attach+0x86/0x140
+[    0.774788]  ? device_driver_attach+0x60/0x60
+[    0.774788]  bus_for_each_dev+0x76/0xc0
+[    0.774788]  ? klist_add_tail+0x3b/0x70
+[    0.774788]  bus_add_driver+0x14a/0x1e0
+[    0.774788]  ? tpm_init+0xea/0xea
+[    0.774788]  ? do_early_param+0x8e/0x8e
+[    0.774788]  driver_register+0x6b/0xb0
+[    0.774788]  ? tpm_init+0xea/0xea
+[    0.774788]  init_tis+0x86/0xd8
+[    0.774788]  ? do_early_param+0x8e/0x8e
+[    0.774788]  ? driver_register+0x94/0xb0
+[    0.774788]  do_one_initcall+0x46/0x1e4
+[    0.774788]  ? do_early_param+0x8e/0x8e
+[    0.774788]  kernel_init_freeable+0x199/0x242
+[    0.774788]  ? rest_init+0xaa/0xaa
+[    0.774788]  kernel_init+0xa/0x106
+[    0.774788]  ret_from_fork+0x35/0x40
+[    0.774788] Modules linked in:
+[    0.774788] CR2: ffffbc8fc00866ad
+[    0.774788] ---[ end trace 42930799f8d6eaea ]---
+[    0.774788] RIP: 0010:memcpy_erms+0x6/0x10
+[    0.774788] Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
+[    0.774788] RSP: 0000:ffffbc8fc0073b30 EFLAGS: 00010286
+[    0.774788] RAX: ffff9b1fc7c5b367 RBX: ffff9b1fc8390000 RCX: ffffffffffffe962
+[    0.774788] RDX: ffffffffffffe962 RSI: ffffbc8fc00866ad RDI: ffff9b1fc7c5b367
+[    0.774788] RBP: ffff9b1c10ca7018 R08: ffffbc8fc0085fff R09: 8000000000000063
+[    0.774788] R10: 0000000000001000 R11: 000fffffffe00000 R12: 0000000000003367
+[    0.774788] R13: ffff9b1fcc47c010 R14: ffffbc8fc0085000 R15: 0000000000000002
+[    0.774788] FS:  0000000000000000(0000) GS:ffff9b1fce200000(0000) knlGS:0000000000000000
+[    0.774788] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[    0.774788] CR2: ffffbc8fc00866ad CR3: 000000029f60a001 CR4: 00000000003606f0
+[    0.774788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[    0.774788] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[    0.774788] Kernel panic - not syncing: Fatal exception
+[    0.774788] Kernel Offset: 0x1d000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
+[    0.774788] ---[ end Kernel panic - not syncing: Fatal exception ]---
+
+The root cause of the issue that caused the failure of event parsing
+in this case is resolved by Peter Jone's patchset dealing with large
+event logs where crossing over a page boundary causes the page with
+the event count to be unmapped.
+
+Fixes: c46f3405692de ("tpm: Reserve the TPM final events table")
+Cc: linux-efi@vger.kernel.org
+Cc: linux-integrity@vger.kernel.org
+Cc: stable@vger.kernel.org
+Cc: Matthew Garrett <mjg59@google.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Reviewed-by:  <jarkko.sakkinen@linux.intel.com>
+---
+v3: rebase on top of Peter Jone's patchset
+v2: added FW_BUG to pr_err, and renamed label to out_calc.
+    Updated doc comment for __calc_tpm2_event_size.
+
+ drivers/firmware/efi/tpm.c   | 9 ++++++++-
+ include/linux/tpm_eventlog.h | 2 +-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
+index b9ae5c6f9b9c..703469c1ab8e 100644
+--- a/drivers/firmware/efi/tpm.c
++++ b/drivers/firmware/efi/tpm.c
+@@ -85,11 +85,18 @@ int __init efi_tpm_eventlog_init(void)
+ 						    final_tbl->nr_events,
+ 						    log_tbl->log);
+ 	}
++
++	if (tbl_size < 0) {
++		pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n");
++		goto out_calc;
++	}
++
+ 	memblock_reserve((unsigned long)final_tbl,
+ 			 tbl_size + sizeof(*final_tbl));
+-	early_memunmap(final_tbl, sizeof(*final_tbl));
+ 	efi_tpm_final_log_size = tbl_size;
+ 
++out_calc:
++	early_memunmap(final_tbl, sizeof(*final_tbl));
+ out:
+ 	early_memunmap(log_tbl, sizeof(*log_tbl));
+ 	return ret;
+diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h
+index 12584b69a3f3..2dfdd63ac034 100644
+--- a/include/linux/tpm_eventlog.h
++++ b/include/linux/tpm_eventlog.h
+@@ -152,7 +152,7 @@ struct tcg_algorithm_info {
+  * total. Once we've done this we know the offset of the data length field,
+  * and can calculate the total size of the event.
+  *
+- * Return: size of the event on success, <0 on failure
++ * Return: size of the event on success, 0 on failure
+  */
+ 
+ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,