rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove obsolete patches 

Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
This commit is contained in:
David Abdurachmanov 2020-03-21 17:14:48 +02:00
parent d973ee3b47
commit 6185d54571
Signed by: davidlt
GPG Key ID: 8B7F1DA0E2C9FDBB
9 changed files with 0 additions and 3196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
PATCH-v2-selinux-allow-labeling-before-policy-is-loaded.patch
View File

@ -1,153 +0,0 @@
From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <SRS0=e2dy=XH=vger.kernel.org=selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level:
X-Spam-Status: No, score=-15.0 required=3.0
tests=HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,
MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
by smtp.lore.kernel.org (Postfix) with ESMTP id 0CE63C4CEC5
for <selinux@archiver.kernel.org>; Thu, 12 Sep 2019 13:30:40 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id DC0B020CC7
for <selinux@archiver.kernel.org>; Thu, 12 Sep 2019 13:30:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1732192AbfILNaj (ORCPT <rfc822;selinux@archiver.kernel.org>);
Thu, 12 Sep 2019 09:30:39 -0400
Received: from mx1.redhat.com ([209.132.183.28]:52278 "EHLO mx1.redhat.com"
rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
id S1731687AbfILNaj (ORCPT <rfc822;selinux@vger.kernel.org>);
Thu, 12 Sep 2019 09:30:39 -0400
Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 97CC359465
for <selinux@vger.kernel.org>; Thu, 12 Sep 2019 13:30:38 +0000 (UTC)
Received: by mail-qt1-f197.google.com with SMTP id c8so13609684qtd.20
for <selinux@vger.kernel.org>; Thu, 12 Sep 2019 06:30:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=S/MIBrjCy5DTvfqPzJTJqDQQH1pDu780wgGyHs56w4k=;
b=H7fZr4X/c4ge0SXeHHRXrq3U4J60PWfSRqdCphTWxKjyLvBs8nktbJczT562oH7Hxv
hdvVjKgAzNxIXFdQetnmveDXojtHFrE21PNdo5ONQIyh35oZyrJB4ewZdUrNfbrvDc2y
ElMr/HoKEX5pY+GMJE4nzeBotlfCWU9BoAxJPUhzKA9Oib+AqDzQ0hCGH6pQY9RXRXBV
IMH21FE5dxQGtLHNCJXVxE14edDeRo8qQFWQw6ooogK7JvduuJrWBn3BmCbKz1YLTNZE
9wRXvaHFVGNhr79JrRcItTp6Sx+tZ3XY46CV+Wi6Rq1fu8MePP9zFdIQXw9wqyd+UgLa
AIlw==
X-Gm-Message-State: APjAAAXpWx500L+bZRH8M7OzuSb0aBlsvvjaBYCGvSkzojpa2nRWjtk0
cjKEj45ivsUgPW2Bbi6CGEtspqM4wmwb72z+ajR4hy5OjMT3KRh6W71HFbVPrlLYQTvse11Ax2d
wGOma7U/qIGDDYkjh/Q==
X-Received: by 2002:ac8:7b2e:: with SMTP id l14mr8094193qtu.11.1568295037636;
Thu, 12 Sep 2019 06:30:37 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzybFpoaFyGZXafGEdtHCL3XllpHltaXggcIZEb7De49V/kJzm1pU6vpg1gN8HtgnB3cilLuA==
X-Received: by 2002:ac8:7b2e:: with SMTP id l14mr8094176qtu.11.1568295037442;
Thu, 12 Sep 2019 06:30:37 -0700 (PDT)
Received: from localhost.localdomain ([12.133.141.2])
by smtp.gmail.com with ESMTPSA id h68sm11848865qkd.35.2019.09.12.06.30.35
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 12 Sep 2019 06:30:36 -0700 (PDT)
From: Jonathan Lebon <jlebon@redhat.com>
To: selinux@vger.kernel.org
Cc: Jonathan Lebon <jlebon@redhat.com>,
Victor Kamensky <kamensky@cisco.com>
Subject: [PATCH v2] selinux: allow labeling before policy is loaded
Date: Thu, 12 Sep 2019 09:30:07 -0400
Message-Id: <20190912133007.27545-1-jlebon@redhat.com>
X-Mailer: git-send-email 2.21.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: selinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org
Archived-At: <https://lore.kernel.org/selinux/20190912133007.27545-1-jlebon@redhat.com/>
List-Archive: <https://lore.kernel.org/selinux/>
List-Post: <mailto:selinux@vger.kernel.org>
Currently, the SELinux LSM prevents one from setting the
`security.selinux` xattr on an inode without a policy first being
loaded. However, this restriction is problematic: it makes it impossible
to have newly created files with the correct label before actually
loading the policy.
This is relevant in distributions like Fedora, where the policy is
loaded by systemd shortly after pivoting out of the initrd. In such
instances, all files created prior to pivoting will be unlabeled. One
then has to relabel them after pivoting, an operation which inherently
races with other processes trying to access those same files.
Going further, there are use cases for creating the entire root
filesystem on first boot from the initrd (e.g. Container Linux supports
this today[1], and we'd like to support it in Fedora CoreOS as well[2]).
One can imagine doing this in two ways: at the block device level (e.g.
laying down a disk image), or at the filesystem level. In the former,
labeling can simply be part of the image. But even in the latter
scenario, one still really wants to be able to set the right labels when
populating the new filesystem.
This patch enables this by changing behaviour in the following two ways:
1. allow `setxattr` if we're not initialized
2. don't try to set the in-core inode SID if we're not initialized;
instead leave it as `LABEL_INVALID` so that revalidation may be
attempted at a later time
Note the first hunk of this patch is mostly the same as a previously
discussed one[3], though it was part of a larger series which wasn't
accepted.
Co-developed-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Jonathan Lebon <jlebon@redhat.com>
[1] https://coreos.com/os/docs/latest/root-filesystem-placement.html
[2] https://github.com/coreos/fedora-coreos-tracker/issues/94
[3] https://www.spinics.net/lists/linux-initramfs/msg04593.html
---
v2:
- return early in selinux_inode_setxattr if policy hasn't been loaded
---
security/selinux/hooks.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 94de51628..dbe96c707 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3142,6 +3142,9 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
}
+ if (!selinux_state.initialized)
+ return (inode_owner_or_capable(inode) ? 0 : -EPERM);
+
sbsec = inode->i_sb->s_security;
if (!(sbsec->flags & SBLABEL_MNT))
return -EOPNOTSUPP;
@@ -3225,6 +3228,15 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
return;
}
+ if (!selinux_state.initialized) {
+ /* If we haven't even been initialized, then we can't validate
+ * against a policy, so leave the label as invalid. It may
+ * resolve to a valid label on the next revalidation try if
+ * we've since initialized.
+ */
+ return;
+ }
+
rc = security_context_to_sid_force(&selinux_state, value, size,
&newsid);
if (rc) {
--
2.21.0

78
Revert-ARM-bcm283x-Switch-V3D-over-to-using-the-PM-driver-instead-of-firmware.patch
View File

@ -1,78 +0,0 @@
From 9d1a8ad3c56f4e84a0ec46246b4c08a6d139f638 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 13 Oct 2019 14:33:23 +0100
Subject: [PATCH] Revert "ARM: bcm283x: Switch V3D over to using the PM driver
instead of firmware."
Since release of the new BCM2835 PM driver there has been several reports
of V3D probing issues. This is caused by timeouts during powering-up the
GRAFX PM domain:
bcm2835-power: Timeout waiting for grafx power OK
I was able to reproduce this reliable on my Raspberry Pi 3B+ after setting
force_turbo=1 in the firmware configuration. Since there are no issues
using the firmware PM driver with the same setup, there must be an issue
in the BCM2835 PM driver.
Unfortunately there hasn't been much progress in identifying the root cause
since June (mostly in the lack of documentation), so i decided to switch
back until the issue in the BCM2835 PM driver is fixed.
Link: https://github.com/raspberrypi/linux/issues/3046
Fixes: e1dc2b2e1bef (" ARM: bcm283x: Switch V3D over to using the PM driver instead of firmware.")
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Acked-by: Eric Anholt <eric@anholt.net>
---
a/arch/arm/boot/dts/bcm2835-rpi.dtsi | 4 ++++
b/arch/arm/boot/dts/bcm283x.dtsi | 4 +---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi.dtsi b/arch/arm/boot/dts/bcm2835-rpi.dtsi
index 715d50c64529..d136867c317f 100644
--- a/arch/arm/boot/dts/bcm2835-rpi.dtsi
+++ b/arch/arm/boot/dts/bcm2835-rpi.dtsi
@@ -90,6 +90,10 @@
status = "okay";
};
+&v3d {
+ power-domains = <&power RPI_POWER_DOMAIN_V3D>;
+};
+
&vec {
power-domains = <&power RPI_POWER_DOMAIN_VEC>;
status = "okay";
diff --git a/arch/arm/boot/dts/bcm283x.dtsi b/arch/arm/boot/dts/bcm283x.dtsi
index 4b21ddb26aa5..0c6a6611f285 100644
--- a/arch/arm/boot/dts/bcm283x.dtsi
+++ b/arch/arm/boot/dts/bcm283x.dtsi
@@ -3,7 +3,6 @@
#include <dt-bindings/clock/bcm2835-aux.h>
#include <dt-bindings/gpio/gpio.h>
#include <dt-bindings/interrupt-controller/irq.h>
-#include <dt-bindings/soc/bcm2835-pm.h>
/* firmware-provided startup stubs live here, where the secondary CPUs are
* spinning.
@@ -121,7 +120,7 @@
#interrupt-cells = <2>;
};
- pm: watchdog@7e100000 {
+ watchdog@7e100000 {
compatible = "brcm,bcm2835-pm", "brcm,bcm2835-pm-wdt";
#power-domain-cells = <1>;
#reset-cells = <1>;
@@ -641,7 +640,6 @@
compatible = "brcm,bcm2835-v3d";
reg = <0x7ec00000 0x1000>;
interrupts = <1 10>;
- power-domains = <&pm BCM2835_POWER_DOMAIN_GRAFX_V3D>;
};
vc4: gpu {
--
2.21.0

64
bcm2835-audio-Fix-draining-behavior-regression.patch
View File

@ -1,64 +0,0 @@
From 2eed19b99c8e95ff87afe6c140ed895c3fac5937 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Sat, 14 Sep 2019 17:24:05 +0200
Subject: staging: bcm2835-audio: Fix draining behavior regression
The PCM draining behavior got broken since the recent refactoring, and
this turned out to be the incorrect expectation of the firmware
behavior regarding "draining". While I expected the "drain" flag at
the stop operation would do processing the queued samples, it seems
rather dropping the samples.
As a quick fix, just drop the SNDRV_PCM_INFO_DRAIN_TRIGGER flag, so
that the driver uses the normal PCM draining procedure. Also, put
some caution comment to the function for future readers not to fall
into the same pitfall.
Fixes: d7ca3a71545b ("staging: bcm2835-audio: Operate non-atomic PCM ops")
BugLink: https://github.com/raspberrypi/linux/issues/2983
Cc: stable@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Stefan Wahren <wahrenst@gmx.net>
Link: https://lore.kernel.org/r/20190914152405.7416-1-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/vc04_services/bcm2835-audio/bcm2835-pcm.c | 4 ++--
drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-pcm.c b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-pcm.c
index bc1eaa3a0773..826016c3431a 100644
--- a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-pcm.c
+++ b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-pcm.c
@@ -12,7 +12,7 @@
static const struct snd_pcm_hardware snd_bcm2835_playback_hw = {
.info = (SNDRV_PCM_INFO_INTERLEAVED | SNDRV_PCM_INFO_BLOCK_TRANSFER |
SNDRV_PCM_INFO_MMAP | SNDRV_PCM_INFO_MMAP_VALID |
- SNDRV_PCM_INFO_DRAIN_TRIGGER | SNDRV_PCM_INFO_SYNC_APPLPTR),
+ SNDRV_PCM_INFO_SYNC_APPLPTR),
.formats = SNDRV_PCM_FMTBIT_U8 | SNDRV_PCM_FMTBIT_S16_LE,
.rates = SNDRV_PCM_RATE_CONTINUOUS | SNDRV_PCM_RATE_8000_48000,
.rate_min = 8000,
@@ -29,7 +29,7 @@ static const struct snd_pcm_hardware snd_bcm2835_playback_hw = {
static const struct snd_pcm_hardware snd_bcm2835_playback_spdif_hw = {
.info = (SNDRV_PCM_INFO_INTERLEAVED | SNDRV_PCM_INFO_BLOCK_TRANSFER |
SNDRV_PCM_INFO_MMAP | SNDRV_PCM_INFO_MMAP_VALID |
- SNDRV_PCM_INFO_DRAIN_TRIGGER | SNDRV_PCM_INFO_SYNC_APPLPTR),
+ SNDRV_PCM_INFO_SYNC_APPLPTR),
.formats = SNDRV_PCM_FMTBIT_S16_LE,
.rates = SNDRV_PCM_RATE_CONTINUOUS | SNDRV_PCM_RATE_44100 |
SNDRV_PCM_RATE_48000,
diff --git a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
index 23fba01107b9..c6f9cf1913d2 100644
--- a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
+++ b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
@@ -289,6 +289,7 @@ int bcm2835_audio_stop(struct bcm2835_alsa_stream *alsa_stream)
VC_AUDIO_MSG_TYPE_STOP, false);
}
+/* FIXME: this doesn't seem working as expected for "draining" */
int bcm2835_audio_drain(struct bcm2835_alsa_stream *alsa_stream)
{
struct vc_audio_msg m = {
--
cgit 1.2-0.3.lf.el7

54
drm-i915-Mark-contents-as-dirty-on-a-write-fault.patch
View File

@ -1,54 +0,0 @@
From 7a78f4f0497f903756183f8b227f6fddaba8cdb0 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Fri, 20 Sep 2019 13:18:21 +0100
Subject: [PATCH] drm/i915: Mark contents as dirty on a write fault
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since dropping the set-to-gtt-domain in commit a679f58d0510 ("drm/i915:
Flush pages on acquisition"), we no longer mark the contents as dirty on
a write fault. This has the issue of us then not marking the pages as
dirty on releasing the buffer, which means the contents are not written
out to the swap device (should we ever pick that buffer as a victim).
Notably, this is visible in the dumb buffer interface used for cursors.
Having updated the cursor contents via mmap, and swapped away, if the
shrinker should evict the old cursor, upon next reuse, the cursor would
be invisible.
E.g. echo 80 > /proc/sys/kernel/sysrq ; echo f > /proc/sysrq-trigger
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111541
Fixes: a679f58d0510 ("drm/i915: Flush pages on acquisition")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Matthew Auld <matthew.william.auld@gmail.com>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: <stable@vger.kernel.org> # v5.2+
Reviewed-by: Matthew Auld <matthew.william.auld@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190920121821.7223-1-chris@chris-wilson.co.uk
(cherry picked from commit 5028851cdfdf78dc22eacbc44a0ab0b3f599ee4a)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
---
drivers/gpu/drm/i915/gem/i915_gem_mman.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
index 39a661927d8e..c201289039fe 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
@@ -317,7 +317,11 @@ vm_fault_t i915_gem_fault(struct vm_fault *vmf)
msecs_to_jiffies_timeout(CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND));
GEM_BUG_ON(!obj->userfault_count);
- i915_vma_set_ggtt_write(vma);
+ if (write) {
+ GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
+ i915_vma_set_ggtt_write(vma);
+ obj->mm.dirty = true;
+ }
err_fence:
i915_vma_unpin_fence(vma);
--
2.21.0

80
dwc3-fix.patch
View File

@ -1,80 +0,0 @@
From 4749e0e61241cc121de572520a39dab365b9ea1d Mon Sep 17 00:00:00 2001
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Date: Thu, 8 Aug 2019 16:39:42 -0700
Subject: usb: dwc3: Update soft-reset wait polling rate
Starting from DWC_usb31 version 1.90a and later, the DCTL.CSFRST bit
will not be cleared until after all the internal clocks are synchronized
during soft-reset. This may take a little more than 50ms. Set the
polling rate at 20ms instead.
Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
---
drivers/usb/dwc3/core.c | 23 ++++++++++++++++++-----
drivers/usb/dwc3/core.h | 2 ++
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index 98bce85c29d0..252c397860ef 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -252,12 +252,25 @@ static int dwc3_core_soft_reset(struct dwc3 *dwc)
reg |= DWC3_DCTL_CSFTRST;
dwc3_writel(dwc->regs, DWC3_DCTL, reg);
+ /*
+ * For DWC_usb31 controller 1.90a and later, the DCTL.CSFRST bit
+ * is cleared only after all the clocks are synchronized. This can
+ * take a little more than 50ms. Set the polling rate at 20ms
+ * for 10 times instead.
+ */
+ if (dwc3_is_usb31(dwc) && dwc->revision >= DWC3_USB31_REVISION_190A)
+ retries = 10;
+
do {
reg = dwc3_readl(dwc->regs, DWC3_DCTL);
if (!(reg & DWC3_DCTL_CSFTRST))
goto done;
- udelay(1);
+ if (dwc3_is_usb31(dwc) &&
+ dwc->revision >= DWC3_USB31_REVISION_190A)
+ msleep(20);
+ else
+ udelay(1);
} while (--retries);
phy_exit(dwc->usb3_generic_phy);
@@ -267,11 +280,11 @@ static int dwc3_core_soft_reset(struct dwc3 *dwc)
done:
/*
- * For DWC_usb31 controller, once DWC3_DCTL_CSFTRST bit is cleared,
- * we must wait at least 50ms before accessing the PHY domain
- * (synchronization delay). DWC_usb31 programming guide section 1.3.2.
+ * For DWC_usb31 controller 1.80a and prior, once DCTL.CSFRST bit
+ * is cleared, we must wait at least 50ms before accessing the PHY
+ * domain (synchronization delay).
*/
- if (dwc3_is_usb31(dwc))
+ if (dwc3_is_usb31(dwc) && dwc->revision <= DWC3_USB31_REVISION_180A)
msleep(50);
return 0;
diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
index 3dd783b889cb..1c8b349379af 100644
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -1137,6 +1137,8 @@ struct dwc3 {
#define DWC3_USB31_REVISION_120A (0x3132302a | DWC3_REVISION_IS_DWC31)
#define DWC3_USB31_REVISION_160A (0x3136302a | DWC3_REVISION_IS_DWC31)
#define DWC3_USB31_REVISION_170A (0x3137302a | DWC3_REVISION_IS_DWC31)
+#define DWC3_USB31_REVISION_180A (0x3138302a | DWC3_REVISION_IS_DWC31)
+#define DWC3_USB31_REVISION_190A (0x3139302a | DWC3_REVISION_IS_DWC31)
u32 version_type;
--
cgit 1.2-0.3.lf.el7

2173
efi-lockdown.patch
View File

File diff suppressed because it is too large Load Diff

171
enforce-CAP_NET_RAW-for-raw-sockets.patch
View File

@ -1,171 +0,0 @@
From b91ee4aa2a2199ba4d4650706c272985a5a32d80 Mon Sep 17 00:00:00 2001
From: Ori Nimron <orinimron123@gmail.com>
Date: Fri, 20 Sep 2019 09:35:45 +0200
Subject: mISDN: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/isdn/mISDN/socket.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c
index c6ba37df4b9d..dff4132b3702 100644
--- a/drivers/isdn/mISDN/socket.c
+++ b/drivers/isdn/mISDN/socket.c
@@ -754,6 +754,8 @@ base_sock_create(struct net *net, struct socket *sock, int protocol, int kern)
if (sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern);
if (!sk)
--
cgit 1.2-0.3.lf.el7
From 6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac Mon Sep 17 00:00:00 2001
From: Ori Nimron <orinimron123@gmail.com>
Date: Fri, 20 Sep 2019 09:35:46 +0200
Subject: appletalk: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_APPLETALK socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/appletalk/ddp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 4072e9d394d6..b41375d4d295 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1023,6 +1023,11 @@ static int atalk_create(struct net *net, struct socket *sock, int protocol,
*/
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
goto out;
+
+ rc = -EPERM;
+ if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
+ goto out;
+
rc = -ENOMEM;
sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, kern);
if (!sk)
--
cgit 1.2-0.3.lf.el7
From 0614e2b73768b502fc32a75349823356d98aae2c Mon Sep 17 00:00:00 2001
From: Ori Nimron <orinimron123@gmail.com>
Date: Fri, 20 Sep 2019 09:35:47 +0200
Subject: ax25: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_AX25 socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ax25/af_ax25.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index ca5207767dc2..bb222b882b67 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -855,6 +855,8 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol,
break;
case SOCK_RAW:
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
break;
default:
return -ESOCKTNOSUPPORT;
--
cgit 1.2-0.3.lf.el7
From e69dbd4619e7674c1679cba49afd9dd9ac347eef Mon Sep 17 00:00:00 2001
From: Ori Nimron <orinimron123@gmail.com>
Date: Fri, 20 Sep 2019 09:35:48 +0200
Subject: ieee802154: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_IEEE802154 socket, CAP_NET_RAW needs to be
checked first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ieee802154/socket.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index badc5cfe4dc6..d93d4531aa9b 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -1008,6 +1008,9 @@ static int ieee802154_create(struct net *net, struct socket *sock,
switch (sock->type) {
case SOCK_RAW:
+ rc = -EPERM;
+ if (!capable(CAP_NET_RAW))
+ goto out;
proto = &ieee802154_raw_prot;
ops = &ieee802154_raw_ops;
break;
--
cgit 1.2-0.3.lf.el7
From 3a359798b176183ef09efb7a3dc59abad1cc7104 Mon Sep 17 00:00:00 2001
From: Ori Nimron <orinimron123@gmail.com>
Date: Fri, 20 Sep 2019 09:35:49 +0200
Subject: nfc: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/nfc/llcp_sock.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index 9b8742947aff..8dfea26536c9 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -1004,10 +1004,13 @@ static int llcp_sock_create(struct net *net, struct socket *sock,
sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
- if (sock->type == SOCK_RAW)
+ if (sock->type == SOCK_RAW) {
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
sock->ops = &llcp_rawsock_ops;
- else
+ } else {
sock->ops = &llcp_sock_ops;
+ }
sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC, kern);
if (sk == NULL)
--
cgit 1.2-0.3.lf.el7

233
v2-1-2-efi-tpm-Don-t-access-event--count-when-it-isn-t-mapped..patch
View File

@ -1,233 +0,0 @@
From patchwork Wed Sep 25 10:16:18 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 11160381
Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 43E0E112B
for <patchwork-linux-integrity@patchwork.kernel.org>;
Wed, 25 Sep 2019 10:16:35 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 2BB5521D7A
for <patchwork-linux-integrity@patchwork.kernel.org>;
Wed, 25 Sep 2019 10:16:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2389040AbfIYKQe (ORCPT
<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
Wed, 25 Sep 2019 06:16:34 -0400
Received: from mga06.intel.com ([134.134.136.31]:40402 "EHLO mga06.intel.com"
rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
id S1727141AbfIYKQe (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
Wed, 25 Sep 2019 06:16:34 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
25 Sep 2019 03:16:33 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,547,1559545200";
d="scan'208";a="193723106"
Received: from dariusvo-mobl.ger.corp.intel.com (HELO localhost)
([10.249.39.150])
by orsmga006.jf.intel.com with ESMTP; 25 Sep 2019 03:16:27 -0700
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-integrity@vger.kernel.org
Cc: Peter Jones <pjones@redhat.com>, linux-efi@vger.kernel.org,
stable@vger.kernel.org, Lyude Paul <lyude@redhat.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Matthew Garrett <mjg59@google.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Roberto Sassu <roberto.sassu@huawei.com>,
Bartosz Szczepanek <bsz@semihalf.com>,
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v2 1/2] efi+tpm: Don't access event->count when it isn't
mapped.
Date: Wed, 25 Sep 2019 13:16:18 +0300
Message-Id: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
From: Peter Jones <pjones@redhat.com>
Some machines generate a lot of event log entries. When we're
iterating over them, the code removes the old mapping and adds a
new one, so once we cross the page boundary we're unmapping the page
with the count on it. Hilarity ensues.
This patch keeps the info from the header in local variables so we don't
need to access that page again or keep track of if it's mapped.
Fixes: 44038bc514a2 ("tpm: Abstract crypto agile event size calculations")
Cc: linux-efi@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Peter Jones <pjones@redhat.com>
Tested-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Matthew Garrett <mjg59@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
include/linux/tpm_eventlog.h | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h
index 63238c84dc0b..12584b69a3f3 100644
--- a/include/linux/tpm_eventlog.h
+++ b/include/linux/tpm_eventlog.h
@@ -170,6 +170,7 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
u16 halg;
int i;
int j;
+ u32 count, event_type;
marker = event;
marker_start = marker;
@@ -190,16 +191,22 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
}
event = (struct tcg_pcr_event2_head *)mapping;
+ /*
+ * the loop below will unmap these fields if the log is larger than
+ * one page, so save them here for reference.
+ */
+ count = READ_ONCE(event->count);
+ event_type = READ_ONCE(event->event_type);
efispecid = (struct tcg_efi_specid_event_head *)event_header->event;
/* Check if event is malformed. */
- if (event->count > efispecid->num_algs) {
+ if (count > efispecid->num_algs) {
size = 0;
goto out;
}
- for (i = 0; i < event->count; i++) {
+ for (i = 0; i < count; i++) {
halg_size = sizeof(event->digests[i].alg_id);
/* Map the digest's algorithm identifier */
@@ -256,8 +263,9 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
+ event_field->event_size;
size = marker - marker_start;
- if ((event->event_type == 0) && (event_field->event_size == 0))
+ if (event_type == 0 && event_field->event_size == 0)
size = 0;
+
out:
if (do_mapping)
TPM_MEMUNMAP(mapping, mapping_size);
From patchwork Wed Sep 25 10:16:19 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
X-Patchwork-Id: 11160383
Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 363B114DB
for <patchwork-linux-integrity@patchwork.kernel.org>;
Wed, 25 Sep 2019 10:16:40 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 1DCE921D7C
for <patchwork-linux-integrity@patchwork.kernel.org>;
Wed, 25 Sep 2019 10:16:40 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2389138AbfIYKQj (ORCPT
<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
Wed, 25 Sep 2019 06:16:39 -0400
Received: from mga18.intel.com ([134.134.136.126]:21948 "EHLO mga18.intel.com"
rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
id S1727141AbfIYKQj (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
Wed, 25 Sep 2019 06:16:39 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
25 Sep 2019 03:16:38 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,547,1559545200";
d="scan'208";a="340366339"
Received: from dariusvo-mobl.ger.corp.intel.com (HELO localhost)
([10.249.39.150])
by orsmga004.jf.intel.com with ESMTP; 25 Sep 2019 03:16:35 -0700
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-integrity@vger.kernel.org
Cc: Peter Jones <pjones@redhat.com>, linux-efi@vger.kernel.org,
stable@vger.kernel.org, Lyude Paul <lyude@redhat.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Matthew Garrett <mjg59@google.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v2 2/2] efi+tpm: don't traverse an event log with no events
Date: Wed, 25 Sep 2019 13:16:19 +0300
Message-Id: <20190925101622.31457-2-jarkko.sakkinen@linux.intel.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com>
References: <20190925101622.31457-1-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
From: Peter Jones <pjones@redhat.com>
When there are no entries to put into the final event log, some machines
will return the template they would have populated anyway. In this case
the nr_events field is 0, but the rest of the log is just garbage.
This patch stops us from trying to iterate the table with
__calc_tpm2_event_size() when the number of events in the table is 0.
Fixes: c46f3405692d ("tpm: Reserve the TPM final events table")
Cc: linux-efi@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Peter Jones <pjones@redhat.com>
Tested-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Matthew Garrett <mjg59@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
drivers/firmware/efi/tpm.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
index 1d3f5ca3eaaf..b9ae5c6f9b9c 100644
--- a/drivers/firmware/efi/tpm.c
+++ b/drivers/firmware/efi/tpm.c
@@ -75,11 +75,16 @@ int __init efi_tpm_eventlog_init(void)
goto out;
}
- tbl_size = tpm2_calc_event_log_size((void *)efi.tpm_final_log
- + sizeof(final_tbl->version)
- + sizeof(final_tbl->nr_events),
- final_tbl->nr_events,
- log_tbl->log);
+ tbl_size = 0;
+ if (final_tbl->nr_events != 0) {
+ void *events = (void *)efi.tpm_final_log
+ + sizeof(final_tbl->version)
+ + sizeof(final_tbl->nr_events);
+
+ tbl_size = tpm2_calc_event_log_size(events,
+ final_tbl->nr_events,
+ log_tbl->log);
+ }
memblock_reserve((unsigned long)final_tbl,
tbl_size + sizeof(*final_tbl));
early_memunmap(final_tbl, sizeof(*final_tbl));

190
v3-tpm-only-set-efi_tpm_final_log_size-after-successful-event-log-parsing.patch
View File

@ -1,190 +0,0 @@
From patchwork Wed Sep 25 17:27:05 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jerry Snitselaar <jsnitsel@redhat.com>
X-Patchwork-Id: 11161161
Return-Path: <SRS0=gTbe=XU=vger.kernel.org=linux-integrity-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 88B8A1747
for <patchwork-linux-integrity@patchwork.kernel.org>;
Wed, 25 Sep 2019 17:27:13 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 66F4F217F4
for <patchwork-linux-integrity@patchwork.kernel.org>;
Wed, 25 Sep 2019 17:27:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2505171AbfIYR1J (ORCPT
<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
Wed, 25 Sep 2019 13:27:09 -0400
Received: from mx1.redhat.com ([209.132.183.28]:41496 "EHLO mx1.redhat.com"
rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
id S2505170AbfIYR1J (ORCPT <rfc822;linux-integrity@vger.kernel.org>);
Wed, 25 Sep 2019 13:27:09 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
[10.5.11.22])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 4CE7C1056FB1;
Wed, 25 Sep 2019 17:27:08 +0000 (UTC)
Received: from cantor.redhat.com (ovpn-117-191.phx2.redhat.com [10.3.117.191])
by smtp.corp.redhat.com (Postfix) with ESMTP id D081B1001B12;
Wed, 25 Sep 2019 17:27:07 +0000 (UTC)
From: Jerry Snitselaar <jsnitsel@redhat.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
stable@vger.kernel.org, Matthew Garrett <mjg59@google.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: [PATCH v3] tpm: only set efi_tpm_final_log_size after successful
event log parsing
Date: Wed, 25 Sep 2019 10:27:05 -0700
Message-Id: <20190925172705.17358-1-jsnitsel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.64]);
Wed, 25 Sep 2019 17:27:08 +0000 (UTC)
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
If __calc_tpm2_event_size fails to parse an event it will return 0,
resulting tpm2_calc_event_log_size returning -1. Currently there is
no check of this return value, and efi_tpm_final_log_size can end up
being set to this negative value resulting in a panic like the
the one given below.
Also __calc_tpm2_event_size returns a size of 0 when it fails
to parse an event, so update function documentation to reflect this.
[ 0.774340] BUG: unable to handle page fault for address: ffffbc8fc00866ad
[ 0.774788] #PF: supervisor read access in kernel mode
[ 0.774788] #PF: error_code(0x0000) - not-present page
[ 0.774788] PGD 107d36067 P4D 107d36067 PUD 107d37067 PMD 107d38067 PTE 0
[ 0.774788] Oops: 0000 [#1] SMP PTI
[ 0.774788] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.3.0-0.rc2.1.elrdy.x86_64 #1
[ 0.774788] Hardware name: LENOVO 20HGS22D0W/20HGS22D0W, BIOS N1WET51W (1.30 ) 09/14/2018
[ 0.774788] RIP: 0010:memcpy_erms+0x6/0x10
[ 0.774788] Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[ 0.774788] RSP: 0000:ffffbc8fc0073b30 EFLAGS: 00010286
[ 0.774788] RAX: ffff9b1fc7c5b367 RBX: ffff9b1fc8390000 RCX: ffffffffffffe962
[ 0.774788] RDX: ffffffffffffe962 RSI: ffffbc8fc00866ad RDI: ffff9b1fc7c5b367
[ 0.774788] RBP: ffff9b1c10ca7018 R08: ffffbc8fc0085fff R09: 8000000000000063
[ 0.774788] R10: 0000000000001000 R11: 000fffffffe00000 R12: 0000000000003367
[ 0.774788] R13: ffff9b1fcc47c010 R14: ffffbc8fc0085000 R15: 0000000000000002
[ 0.774788] FS: 0000000000000000(0000) GS:ffff9b1fce200000(0000) knlGS:0000000000000000
[ 0.774788] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.774788] CR2: ffffbc8fc00866ad CR3: 000000029f60a001 CR4: 00000000003606f0
[ 0.774788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 0.774788] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 0.774788] Call Trace:
[ 0.774788] tpm_read_log_efi+0x156/0x1a0
[ 0.774788] tpm_bios_log_setup+0xc8/0x190
[ 0.774788] tpm_chip_register+0x50/0x1c0
[ 0.774788] tpm_tis_core_init.cold.9+0x28c/0x466
[ 0.774788] tpm_tis_plat_probe+0xcc/0xea
[ 0.774788] platform_drv_probe+0x35/0x80
[ 0.774788] really_probe+0xef/0x390
[ 0.774788] driver_probe_device+0xb4/0x100
[ 0.774788] device_driver_attach+0x4f/0x60
[ 0.774788] __driver_attach+0x86/0x140
[ 0.774788] ? device_driver_attach+0x60/0x60
[ 0.774788] bus_for_each_dev+0x76/0xc0
[ 0.774788] ? klist_add_tail+0x3b/0x70
[ 0.774788] bus_add_driver+0x14a/0x1e0
[ 0.774788] ? tpm_init+0xea/0xea
[ 0.774788] ? do_early_param+0x8e/0x8e
[ 0.774788] driver_register+0x6b/0xb0
[ 0.774788] ? tpm_init+0xea/0xea
[ 0.774788] init_tis+0x86/0xd8
[ 0.774788] ? do_early_param+0x8e/0x8e
[ 0.774788] ? driver_register+0x94/0xb0
[ 0.774788] do_one_initcall+0x46/0x1e4
[ 0.774788] ? do_early_param+0x8e/0x8e
[ 0.774788] kernel_init_freeable+0x199/0x242
[ 0.774788] ? rest_init+0xaa/0xaa
[ 0.774788] kernel_init+0xa/0x106
[ 0.774788] ret_from_fork+0x35/0x40
[ 0.774788] Modules linked in:
[ 0.774788] CR2: ffffbc8fc00866ad
[ 0.774788] ---[ end trace 42930799f8d6eaea ]---
[ 0.774788] RIP: 0010:memcpy_erms+0x6/0x10
[ 0.774788] Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[ 0.774788] RSP: 0000:ffffbc8fc0073b30 EFLAGS: 00010286
[ 0.774788] RAX: ffff9b1fc7c5b367 RBX: ffff9b1fc8390000 RCX: ffffffffffffe962
[ 0.774788] RDX: ffffffffffffe962 RSI: ffffbc8fc00866ad RDI: ffff9b1fc7c5b367
[ 0.774788] RBP: ffff9b1c10ca7018 R08: ffffbc8fc0085fff R09: 8000000000000063
[ 0.774788] R10: 0000000000001000 R11: 000fffffffe00000 R12: 0000000000003367
[ 0.774788] R13: ffff9b1fcc47c010 R14: ffffbc8fc0085000 R15: 0000000000000002
[ 0.774788] FS: 0000000000000000(0000) GS:ffff9b1fce200000(0000) knlGS:0000000000000000
[ 0.774788] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.774788] CR2: ffffbc8fc00866ad CR3: 000000029f60a001 CR4: 00000000003606f0
[ 0.774788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 0.774788] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 0.774788] Kernel panic - not syncing: Fatal exception
[ 0.774788] Kernel Offset: 0x1d000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 0.774788] ---[ end Kernel panic - not syncing: Fatal exception ]---
The root cause of the issue that caused the failure of event parsing
in this case is resolved by Peter Jone's patchset dealing with large
event logs where crossing over a page boundary causes the page with
the event count to be unmapped.
Fixes: c46f3405692de ("tpm: Reserve the TPM final events table")
Cc: linux-efi@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: stable@vger.kernel.org
Cc: Matthew Garrett <mjg59@google.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: <jarkko.sakkinen@linux.intel.com>
---
v3: rebase on top of Peter Jone's patchset
v2: added FW_BUG to pr_err, and renamed label to out_calc.
Updated doc comment for __calc_tpm2_event_size.
drivers/firmware/efi/tpm.c | 9 ++++++++-
include/linux/tpm_eventlog.h | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
index b9ae5c6f9b9c..703469c1ab8e 100644
--- a/drivers/firmware/efi/tpm.c
+++ b/drivers/firmware/efi/tpm.c
@@ -85,11 +85,18 @@ int __init efi_tpm_eventlog_init(void)
final_tbl->nr_events,
log_tbl->log);
}
+
+ if (tbl_size < 0) {
+ pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n");
+ goto out_calc;
+ }
+
memblock_reserve((unsigned long)final_tbl,
tbl_size + sizeof(*final_tbl));
- early_memunmap(final_tbl, sizeof(*final_tbl));
efi_tpm_final_log_size = tbl_size;
+out_calc:
+ early_memunmap(final_tbl, sizeof(*final_tbl));
out:
early_memunmap(log_tbl, sizeof(*log_tbl));
return ret;
diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h
index 12584b69a3f3..2dfdd63ac034 100644
--- a/include/linux/tpm_eventlog.h
+++ b/include/linux/tpm_eventlog.h
@@ -152,7 +152,7 @@ struct tcg_algorithm_info {
* total. Once we've done this we know the offset of the data length field,
* and can calculate the total size of the event.
*
- * Return: size of the event on success, <0 on failure
+ * Return: size of the event on success, 0 on failure
*/
static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,