February 2022 - Linux-stable-mirror

[PATCH 1/2] drm/i195: Fix dbuf slice config lookup

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Apparently I totally fumbled the loop condition when I removed the ARRAY_SIZE() stuff from the dbuf slice config lookup. Comparing the loop index with the active_pipes bitmask is utter nonsense, what we want to do is check to see if the mask is zero or not. Cc: stable(a)vger.kernel.org Fixes: 05e8155afe35 ("drm/i915: Use a sentinel to terminate the dbuf slice arrays") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/intel_pm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c index 02084652fe3d..da721aea70ff 100644 --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -4848,7 +4848,7 @@ static u8 compute_dbuf_slices(enum pipe pipe, u8 active_pipes, bool join_mbus, { int i; - for (i = 0; i < dbuf_slices[i].active_pipes; i++) { + for (i = 0; dbuf_slices[i].active_pipes != 0; i++) { if (dbuf_slices[i].active_pipes == active_pipes && dbuf_slices[i].join_mbus == join_mbus) return dbuf_slices[i].dbuf_mask[pipe]; -- 2.34.1

2 years, 11 months

3
4
0 0

[PATCH 5.16 000/127] 5.16.8-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.16.8 release. There are 127 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 09 Feb 2022 13:38:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.16.8-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.16.8-rc2 Florian Westphal <fw(a)strlen.de> selftests: netfilter: check stateless nat udp checksum fixup Florian Westphal <fw(a)strlen.de> selftests: nft_concat_range: add test for reload with no element add/del Yang Li <yang.lee(a)linux.alibaba.com> gpio: mpc8xxx: Fix an ignored error return from platform_get_irq() Yang Li <yang.lee(a)linux.alibaba.com> gpio: idt3243x: Fix an ignored error return from platform_get_irq() Arnaldo Carvalho de Melo <acme(a)redhat.com> tools include UAPI: Sync sound/asound.h copy with the kernel sources Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY Xin Yin <yinxin.x(a)bytedance.com> ext4: fix incorrect type issue during replay_del_range Ritesh Harjani <riteshh(a)linux.ibm.com> ext4: fix error handling in ext4_fc_record_modified_inode() Ritesh Harjani <riteshh(a)linux.ibm.com> ext4: fix error handling in ext4_restore_inline_data() Xin Yin <yinxin.x(a)bytedance.com> ext4: modify the logic of ext4_mb_new_blocks_simple Xin Yin <yinxin.x(a)bytedance.com> ext4: prevent used blocks from being allocated during fast commit replay Sergey Shtylyov <s.shtylyov(a)omp.ru> EDAC/xgene: Fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> EDAC/altera: Fix deferred probing Peter Zijlstra <peterz(a)infradead.org> x86/perf: Default set FREEZE_ON_SMI for all Tristan Hume <tristan(a)thume.ca> perf/x86/intel/pt: Fix crash with stop filters in single-range mode Ian Rogers <irogers(a)google.com> perf stat: Fix display of grouped aliased events Marco Elver <elver(a)google.com> perf: Copy perf_event_attr::sig_data on modification Mark Rutland <mark.rutland(a)arm.com> kvm/arm64: rework guest entry logic Mark Rutland <mark.rutland(a)arm.com> kvm: add guest_state_{enter,exit}_irqoff() Sergei Trofimovich <slyich(a)gmail.com> objtool: Fix truncated string warning Riwen Lu <luriwen(a)kylinos.cn> rtc: cmos: Evaluate century appropriate Sasha Neftin <sasha.neftin(a)intel.com> e1000e: Separate ADP board type from TGP Nathan Chancellor <nathan(a)kernel.org> tools/resolve_btfids: Do not print any commands when building silently Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: futex: Use variable MAKE instead of make Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/exec: Remove pipe from TEST_GEN_FILES Hou Tao <hotforest(a)gmail.com> bpf: Use VM_MAP instead of VM_ALLOC for ringbuf Haiyue Wang <haiyue.wang(a)intel.com> gve: fix the wrong AdminQ buffer queue index check Dai Ngo <dai.ngo(a)oracle.com> nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. John Meneghini <jmeneghi(a)redhat.com> scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Tom Rix <trix(a)redhat.com> btrfs: fix use of uninitialized variable at rm device ioctl Florian Fainelli <f.fainelli(a)gmail.com> pinctrl: bcm2835: Fix a few error paths Łukasz Bartosik <lb(a)semihalf.com> pinctrl: intel: fix unexpected interrupt Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line Andre Przywara <andre.przywara(a)arm.com> pinctrl: sunxi: Fix H616 I2S3 pin data Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: only stop graphs that are started Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wcd938x: fix return value of mixer put function Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: lpass-rx-macro: fix sidetone register offsets Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wcd938x: fix incorrect used of portid Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: max9759: fix underflow in speaker_gain_control_put() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name Robert Hancock <robert.hancock(a)calian.com> ASoC: simple-card: fix probe failure on platform component Robert Hancock <robert.hancock(a)calian.com> ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes Miaoqian Lin <linmq006(a)gmail.com> ASoC: fsl: Add missing error handling in pcm030_fabric_probe Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: rt5682: Fix deadlock on resume Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled Matthew Brost <matthew.brost(a)intel.com> drm/i915: Lock timeline mutex directly in error path of eb_pin_timeline Dan Carpenter <dan.carpenter(a)oracle.com> drm/i915/overlay: Prevent divide by zero bugs in scaling Anitha Chrisanthus <anitha.chrisanthus(a)intel.com> drm/kmb: Fix for build errors with Warray-bounds Alexander Stein <alexander.stein(a)ew.tq-group.com> drm: mxsfb: Fix NULL pointer dereference Yannick Vignon <yannick.vignon(a)nxp.com> net: stmmac: ensure PTP time register reads are consistent Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work Camel Guo <camelg(a)axis.com> net: stmmac: dump gmac4 DMA registers correctly Lior Nahmanson <liorna(a)nvidia.com> net: macsec: Verify that send_sci is on when setting Tx sci explicitly Lior Nahmanson <liorna(a)nvidia.com> net: macsec: Fix offload support for NETDEV_UNREGISTER event Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() Yuji Ishikawa <yuji2.ishikawa(a)toshiba.co.jp> net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request. Wen Gu <guwen(a)linux.alibaba.com> net/smc: Forward wakeup to smc socket waitqueue after fallback Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: Return meaningful error codes from the netlink helpers Phil Sutter <phil(a)nwl.cc> netfilter: nft_reject_bridge: Fix for missing reply from prerouting Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: ca8210: Stop leaking skb's Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: mcr20a: Fix lifs/sifs periods Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: hwsim: Ensure proper channel selection at probe time Mark Zhang <markzhang(a)nvidia.com> IB/cm: Release previously acquired reference counter in the cm_id_priv Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/hfi1: Fix tstats alloc and dealloc Xin Xiong <xiongx18(a)fudan.edu.cn> spi: uniphier: fix reference count leak in uniphier_spi_probe() Miaoqian Lin <linmq006(a)gmail.com> spi: meson-spicc: add IRQ check in meson_spicc_probe Benjamin Gaignard <benjamin.gaignard(a)collabora.com> spi: mediatek: Avoid NULL pointer crash in interrupt Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: check for valid cs before applying chip select Joerg Roedel <jroedel(a)suse.de> iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() Guoqing Jiang <guoqing.jiang(a)linux.dev> iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Skip codec shutdown in case the codec is not registered Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix signedness of sscanf() arguments Tom Rix <trix(a)redhat.com> ALSA: usb-audio: initialize variables that could ignore errors Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Don't continue event handler after memory allocation failure Bernard Metzler <bmt(a)zurich.ibm.com> RDMA/siw: Fix broken RDMA Read Fence/Resume logic. Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/rdmavt: Validate remote_addr during loopback atomic tests Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/siw: Fix refcounting leak in siw_create_qp() Leon Romanovsky <leon(a)kernel.org> RDMA/ucma: Protect mc during concurrent multicast leaves Maor Gottlieb <maorg(a)nvidia.com> RDMA/cma: Use correct address when leaving multicast group Anshuman Khandual <anshuman.khandual(a)arm.com> arm64: Add Cortex-A510 CPU part definition James Morse <james.morse(a)arm.com> KVM: arm64: Stop handle_exit() from handling HVC twice when an SError occurs James Morse <james.morse(a)arm.com> KVM: arm64: Avoid consuming a stale esr value when SError occur Mayuresh Chitale <mchitale(a)ventanamicro.com> RISC-V: KVM: make CY, TM, and IR counters accessible in VU mode Guenter Roeck <linux(a)roeck-us.net> Revert "ASoC: mediatek: Check for error clk pointer" Paolo Abeni <pabeni(a)redhat.com> mptcp: fix msk traversal in mptcp_nl_cmd_set_flags() Helge Deller <deller(a)gmx.de> fbcon: Add option to enable legacy hardware acceleration Helge Deller <deller(a)gmx.de> Revert "fbcon: Disable accelerated scrolling" Helge Deller <deller(a)gmx.de> Revert "fbdev: Garbage collect fbdev scrolling acceleration, part 1 (from TODO list)" Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/hfi1: Fix AIP early init panic Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/hfi1: Fix alloc failure with larger txqueuelen Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/hfi1: Fix panic with larger ipoib send_queue_size Jordy Zomer <jordy(a)pwning.systems> dma-buf: heaps: Fix potential spectre v1 gadget Ryan Bair <ryandbair(a)gmail.com> cifs: fix workstation_name for multiuser mounts Martin K. Petersen <martin.petersen(a)oracle.com> block: bio-integrity: Advance seed correctly for larger interval sizes Lang Yu <lang.yu(a)amd.com> mm/kmemleak: avoid scanning potential huge holes Mike Rapoport <rppt(a)kernel.org> mm/pgtable: define pte_index so that preprocessor could recognize it Pasha Tatashin <pasha.tatashin(a)soleen.com> mm/debug_vm_pgtable: remove pte entry from the page table Uday Shankar <ushankar(a)purestorage.com> nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() Aun-Ali Zaidi <admin(a)kodeit.net> drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels Paul Hsieh <paul.hsieh(a)amd.com> drm/amd/display: watermark latencies is not enough on DCN31 Agustin Gutierrez <agustin.gutierrez(a)amd.com> drm/amd/display: Update watermark values for DCN301 Evan Quan <evan.quan(a)amd.com> drm/amd/pm: correct the MGpuFanBoost support for Beige Goby Lang Yu <Lang.Yu(a)amd.com> drm/amdgpu: fix a potential GPU hang on cyan skillfish Imre Deak <imre.deak(a)intel.com> drm/i915/adlp: Fix TypeC PHY-ready status readout Nick Lopez <github(a)glowingmonkey.org> drm/nouveau: fix off by one in BIOS boundary checking Dominique Martinet <asmadeus(a)codewreck.org> Revert "fs/9p: search open fids first" Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free after failure to create a snapshot Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> btrfs: fix deadlock between quota disable and qgroup rescan worker Qu Wenruo <wqu(a)suse.com> btrfs: don't start transaction for scrub if the fs is mounted read-only Anton Lundin <glance(a)acc.umu.se> ata: libata-core: Introduce ATA_HORKAGE_NO_LOG_DIR horkage Christian Lachner <gladiac(a)gmail.com> ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows Christian Lachner <gladiac(a)gmail.com> ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) Christian Lachner <gladiac(a)gmail.com> ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks Albert Geantă <albertgeanta(a)gmail.com> ALSA: hda/realtek: Add quirk for ASUS GU603 Takashi Iwai <tiwai(a)suse.de> ALSA: hda: realtek: Fix race at concurrent COEF updates Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix UAF of leds class devs at unbinding Jonas Hahnfeld <hahnjo(a)hahnjo.de> ALSA: usb-audio: Correct quirk for VF0770 Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() Dmitry Osipenko <digetx(a)gmail.com> ASoC: hdmi-codec: Fix OOB memory accesses Patrice Chotard <patrice.chotard(a)foss.st.com> spi: stm32-qspi: Update spi registering Minghao Chi <chi.minghao(a)zte.com.cn> ipc/sem: do not sleep with a spin lock held Paul Moore <paul(a)paul-moore.com> audit: improve audit queue handling when "audit=1" on cmdline Vratislav Bendel <vbendel(a)redhat.com> selinux: fix double free of cond_list on error paths Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable DSB usage for now ------------- Diffstat: Documentation/gpu/todo.rst | 24 - Makefile | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kvm/arm.c | 51 +- arch/arm64/kvm/handle_exit.c | 8 + arch/arm64/kvm/hyp/include/hyp/switch.h | 3 +- arch/riscv/kvm/vcpu.c | 4 + arch/x86/events/intel/core.c | 13 + arch/x86/events/intel/pt.c | 5 +- block/bio-integrity.c | 2 +- drivers/ata/libata-core.c | 10 + drivers/dma-buf/dma-heap.c | 2 + drivers/edac/altera_edac.c | 2 +- drivers/edac/xgene_edac.c | 2 +- drivers/gpio/gpio-idt3243x.c | 2 +- drivers/gpio/gpio-mpc8xxx.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 3 + .../drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c | 16 +- .../amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 20 +- drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 20 + .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 6 +- drivers/gpu/drm/i915/display/intel_overlay.c | 3 + drivers/gpu/drm/i915/display/intel_tc.c | 3 +- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 9 +- drivers/gpu/drm/i915/i915_pci.c | 2 +- drivers/gpu/drm/kmb/kmb_plane.c | 6 - drivers/gpu/drm/mxsfb/mxsfb_kms.c | 6 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +- drivers/infiniband/core/cm.c | 2 +- drivers/infiniband/core/cma.c | 22 +- drivers/infiniband/core/ucma.c | 34 +- drivers/infiniband/hw/hfi1/ipoib.h | 2 +- drivers/infiniband/hw/hfi1/ipoib_main.c | 27 +- drivers/infiniband/hw/hfi1/ipoib_tx.c | 38 +- drivers/infiniband/hw/mlx4/main.c | 2 +- drivers/infiniband/sw/rdmavt/qp.c | 2 + drivers/infiniband/sw/siw/siw.h | 7 +- drivers/infiniband/sw/siw/siw_qp_rx.c | 20 +- drivers/infiniband/sw/siw/siw_verbs.c | 3 +- drivers/iommu/amd/init.c | 2 + drivers/iommu/intel/irq_remapping.c | 13 +- drivers/net/dsa/Kconfig | 1 + drivers/net/ethernet/google/gve/gve_adminq.c | 2 +- drivers/net/ethernet/intel/e1000e/e1000.h | 4 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 20 + drivers/net/ethernet/intel/e1000e/netdev.c | 33 +- .../net/ethernet/stmicro/stmmac/dwmac-visconti.c | 9 +- drivers/net/ethernet/stmicro/stmmac/dwmac_dma.h | 1 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 19 +- .../net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 19 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +- drivers/net/ieee802154/ca8210.c | 1 + drivers/net/ieee802154/mac802154_hwsim.c | 1 + drivers/net/ieee802154/mcr20a.c | 4 +- drivers/net/macsec.c | 33 +- drivers/nvme/host/fabrics.h | 1 + drivers/pinctrl/bcm/pinctrl-bcm2835.c | 23 +- drivers/pinctrl/intel/pinctrl-intel.c | 64 +-- drivers/pinctrl/sunxi/pinctrl-sun50i-h616.c | 8 +- drivers/rtc/rtc-mc146818-lib.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 21 +- drivers/soc/mediatek/mtk-scpsys.c | 15 +- drivers/spi/spi-bcm-qspi.c | 2 +- drivers/spi/spi-meson-spicc.c | 5 + drivers/spi/spi-mt65xx.c | 2 +- drivers/spi/spi-stm32-qspi.c | 47 +- drivers/spi/spi-uniphier.c | 18 +- drivers/video/console/Kconfig | 20 + drivers/video/fbdev/core/bitblit.c | 16 + drivers/video/fbdev/core/fbcon.c | 557 ++++++++++++++++++++- drivers/video/fbdev/core/fbcon.h | 72 +++ drivers/video/fbdev/core/fbcon_ccw.c | 28 +- drivers/video/fbdev/core/fbcon_cw.c | 28 +- drivers/video/fbdev/core/fbcon_rotate.h | 9 + drivers/video/fbdev/core/fbcon_ud.c | 37 +- drivers/video/fbdev/core/tileblit.c | 16 + drivers/video/fbdev/skeletonfb.c | 12 +- fs/9p/fid.c | 9 +- fs/btrfs/block-group.c | 13 + fs/btrfs/ioctl.c | 7 +- fs/btrfs/qgroup.c | 21 +- fs/btrfs/transaction.c | 24 + fs/btrfs/transaction.h | 2 + fs/cifs/connect.c | 13 + fs/cifs/sess.c | 6 +- fs/ext4/ext4.h | 3 + fs/ext4/extents.c | 4 + fs/ext4/fast_commit.c | 89 ++-- fs/ext4/inline.c | 10 +- fs/ext4/mballoc.c | 26 +- fs/nfsd/nfs4state.c | 4 +- include/linux/fb.h | 2 +- include/linux/kvm_host.h | 112 ++++- include/linux/libata.h | 1 + include/linux/pgtable.h | 1 + include/net/neighbour.h | 18 +- include/uapi/sound/asound.h | 4 +- ipc/sem.c | 4 +- kernel/audit.c | 62 ++- kernel/bpf/ringbuf.c | 2 +- kernel/cgroup/cpuset.c | 10 + kernel/events/core.c | 16 + mm/debug_vm_pgtable.c | 2 + mm/kmemleak.c | 13 +- net/bridge/netfilter/nft_reject_bridge.c | 8 +- net/core/neighbour.c | 18 +- net/ieee802154/nl802154.c | 8 +- net/mptcp/pm_netlink.c | 34 +- net/smc/af_smc.c | 133 ++++- net/smc/smc.h | 20 +- security/selinux/ss/conditional.c | 3 +- sound/pci/hda/hda_auto_parser.c | 2 +- sound/pci/hda/hda_codec.c | 4 + sound/pci/hda/hda_generic.c | 17 +- sound/pci/hda/hda_generic.h | 3 + sound/pci/hda/patch_realtek.c | 67 ++- sound/soc/codecs/cpcap.c | 2 + sound/soc/codecs/hdmi-codec.c | 2 +- sound/soc/codecs/lpass-rx-macro.c | 8 +- sound/soc/codecs/max9759.c | 3 +- sound/soc/codecs/rt5682-i2c.c | 15 +- sound/soc/codecs/rt5682.c | 24 +- sound/soc/codecs/rt5682.h | 2 - sound/soc/codecs/wcd938x.c | 31 +- sound/soc/fsl/pcm030-audio-fabric.c | 11 +- sound/soc/generic/simple-card.c | 26 +- sound/soc/qcom/qdsp6/q6apm-dai.c | 7 +- sound/soc/soc-ops.c | 29 +- sound/soc/xilinx/xlnx_formatter_pcm.c | 27 +- sound/usb/mixer.c | 4 + sound/usb/quirks-table.h | 2 +- tools/bpf/resolve_btfids/Makefile | 6 +- tools/include/uapi/sound/asound.h | 4 +- tools/objtool/check.c | 2 +- tools/perf/util/stat-display.c | 19 +- tools/testing/selftests/exec/Makefile | 2 +- tools/testing/selftests/futex/Makefile | 4 +- .../selftests/netfilter/nft_concat_range.sh | 72 ++- tools/testing/selftests/netfilter/nft_nat.sh | 152 ++++++ 140 files changed, 2239 insertions(+), 575 deletions(-)

2 years, 11 months

14
13
0 0

[PATCH] drm/nouveau/backlight: Just set all backlight types as RAW

by Lyude Paul

Currently we can get a warning on systems with eDP backlights like so: nv_backlight: invalid backlight type WARNING: CPU: 4 PID: 454 at drivers/video/backlight/backlight.c:420 backlight_device_register+0x226/0x250 This happens as a result of us not filling out props.type for the eDP backlight, even though we do it for all other backlight types. Since nothing in our driver uses anything but BACKLIGHT_RAW, let's take the props\.type assignments out of the codepaths for individual backlight types and just set it unconditionally to prevent this from happening again. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 6eca310e8924 ("drm/nouveau/kms/nv50-: Add basic DPCD backlight support for nouveau") Cc: <stable(a)vger.kernel.org> # v5.15+ --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 6af12dc99d7f..daf9f87477ba 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -101,7 +101,6 @@ nv40_backlight_init(struct nouveau_encoder *encoder, if (!(nvif_rd32(device, NV40_PMC_BACKLIGHT) & NV40_PMC_BACKLIGHT_MASK)) return -ENODEV; - props->type = BACKLIGHT_RAW; props->max_brightness = 31; *ops = &nv40_bl_ops; return 0; @@ -343,7 +342,6 @@ nv50_backlight_init(struct nouveau_backlight *bl, else *ops = &nva3_bl_ops; - props->type = BACKLIGHT_RAW; props->max_brightness = 100; return 0; @@ -411,6 +409,7 @@ nouveau_backlight_init(struct drm_connector *connector) goto fail_alloc; } + props.type = BACKLIGHT_RAW; bl->dev = backlight_device_register(backlight_name, connector->kdev, nv_encoder, ops, &props); if (IS_ERR(bl->dev)) { -- 2.34.1

2 years, 11 months

2
1
0 0

[PATCH] drm/nouveau/backlight: Fix LVDS backlight detection on some laptops

by Lyude Paul

It seems that some laptops will report having both an eDP and LVDS connector, even though only the LVDS connector is actually hooked up. This can lead to issues with backlight registration if the eDP connector ends up getting registered before the LVDS connector, as the backlight device will then be registered to the eDP connector instead of the LVDS connector. So, fix this by only registering the backlight on connectors that are reported as being connected. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 6eca310e8924 ("drm/nouveau/kms/nv50-: Add basic DPCD backlight support for nouveau") Bugzilla: https://gitlab.freedesktop.org/drm/nouveau/-/issues/137 Cc: <stable(a)vger.kernel.org> # v5.15+ --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index ae2f2abc8f5a..6af12dc99d7f 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -294,7 +294,8 @@ nv50_backlight_init(struct nouveau_backlight *bl, struct nouveau_drm *drm = nouveau_drm(nv_encoder->base.base.dev); struct nvif_object *device = &drm->client.device.object; - if (!nvif_rd32(device, NV50_PDISP_SOR_PWM_CTL(ffs(nv_encoder->dcb->or) - 1))) + if (!nvif_rd32(device, NV50_PDISP_SOR_PWM_CTL(ffs(nv_encoder->dcb->or) - 1)) || + nv_conn->base.status != connector_status_connected) return -ENODEV; if (nv_conn->type == DCB_CONNECTOR_eDP) { -- 2.34.1

2 years, 11 months

2
1
0 0

patch "usb: dwc3: gadget: Prevent core from processing stale TRBs" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc3: gadget: Prevent core from processing stale TRBs to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 117b4e96c7f362eb6459543883fc07f77662472c Mon Sep 17 00:00:00 2001 From: Udipto Goswami <quic_ugoswami(a)quicinc.com> Date: Mon, 7 Feb 2022 09:55:58 +0530 Subject: usb: dwc3: gadget: Prevent core from processing stale TRBs With CPU re-ordering on write instructions, there might be a chance that the HWO is set before the TRB is updated with the new mapped buffer address. And in the case where core is processing a list of TRBs it is possible that it fetched the TRBs when the HWO is set but before the buffer address is updated. Prevent this by adding a memory barrier before the HWO is updated to ensure that the core always process the updated TRBs. Fixes: f6bafc6a1c9d ("usb: dwc3: convert TRBs into bitshifts") Cc: stable <stable(a)vger.kernel.org> Reviewed-by: Pavankumar Kondeti <quic_pkondeti(a)quicinc.com> Signed-off-by: Udipto Goswami <quic_ugoswami(a)quicinc.com> Link: https://lore.kernel.org/r/1644207958-18287-1-git-send-email-quic_ugoswami@q… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/dwc3/gadget.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 520031ba38aa..183b90923f51 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1291,6 +1291,19 @@ static void __dwc3_prepare_one_trb(struct dwc3_ep *dep, struct dwc3_trb *trb, if (usb_endpoint_xfer_bulk(dep->endpoint.desc) && dep->stream_capable) trb->ctrl |= DWC3_TRB_CTRL_SID_SOFN(stream_id); + /* + * As per data book 4.2.3.2TRB Control Bit Rules section + * + * The controller autonomously checks the HWO field of a TRB to determine if the + * entire TRB is valid. Therefore, software must ensure that the rest of the TRB + * is valid before setting the HWO field to '1'. In most systems, this means that + * software must update the fourth DWORD of a TRB last. + * + * However there is a possibility of CPU re-ordering here which can cause + * controller to observe the HWO bit set prematurely. + * Add a write memory barrier to prevent CPU re-ordering. + */ + wmb(); trb->ctrl |= DWC3_TRB_CTRL_HWO; dwc3_ep_inc_enq(dep); -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH 4.14 00/69] 4.14.265-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.265 release. There are 69 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 09 Feb 2022 10:37:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.265-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.265-rc1 Ritesh Harjani <riteshh(a)linux.ibm.com> ext4: fix error handling in ext4_restore_inline_data() Sergey Shtylyov <s.shtylyov(a)omp.ru> EDAC/xgene: Fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> EDAC/altera: Fix deferred probing Riwen Lu <luriwen(a)kylinos.cn> rtc: cmos: Evaluate century appropriate Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: futex: Use variable MAKE instead of make Dai Ngo <dai.ngo(a)oracle.com> nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. John Meneghini <jmeneghi(a)redhat.com> scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Miaoqian Lin <linmq006(a)gmail.com> ASoC: fsl: Add missing error handling in pcm030_fabric_probe Dan Carpenter <dan.carpenter(a)oracle.com> drm/i915/overlay: Prevent divide by zero bugs in scaling Lior Nahmanson <liorna(a)nvidia.com> net: macsec: Verify that send_sci is on when setting Tx sci explicitly Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: Return meaningful error codes from the netlink helpers Miquel Raynal <miquel.raynal(a)bootlin.com> net: ieee802154: ca8210: Stop leaking skb's Miaoqian Lin <linmq006(a)gmail.com> spi: meson-spicc: add IRQ check in meson_spicc_probe Benjamin Gaignard <benjamin.gaignard(a)collabora.com> spi: mediatek: Avoid NULL pointer crash in interrupt Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: check for valid cs before applying chip select Joerg Roedel <jroedel(a)suse.de> iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() Guoqing Jiang <guoqing.jiang(a)linux.dev> iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() Leon Romanovsky <leonro(a)nvidia.com> RDMA/mlx4: Don't continue event handler after memory allocation failure Martin K. Petersen <martin.petersen(a)oracle.com> block: bio-integrity: Advance seed correctly for larger interval sizes Nick Lopez <github(a)glowingmonkey.org> drm/nouveau: fix off by one in BIOS boundary checking Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() Mark Brown <broonie(a)kernel.org> ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() Paul Moore <paul(a)paul-moore.com> audit: improve audit queue handling when "audit=1" on cmdline Eric Dumazet <edumazet(a)google.com> af_packet: fix data-race in packet_setsockopt / packet_setsockopt Eric Dumazet <edumazet(a)google.com> rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> net: amd-xgbe: Fix skb data length underflow Raju Rangoju <Raju.Rangoju(a)amd.com> net: amd-xgbe: ensure to reset the tx_timer_active flag Georgi Valkov <gvalkov(a)abv.bg> ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback Florian Westphal <fw(a)strlen.de> netfilter: nat: limit port clash resolution attempts Florian Westphal <fw(a)strlen.de> netfilter: nat: remove l4 protocol port rovers Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix truncated jump targets on heavy expansions Eric Dumazet <edumazet(a)google.com> ipv4: tcp: send zero IPID in SYNACK messages Eric Dumazet <edumazet(a)google.com> ipv4: raw: lock the socket in raw_bind() Hangyu Hua <hbh25y(a)gmail.com> yam: fix a memory leak in yam_siocdevprivate() Sukadev Bhattiprolu <sukadev(a)linux.ibm.com> ibmvnic: don't spin in tasklet José Expósito <jose.exposito89(a)gmail.com> drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable Xianting Tian <xianting.tian(a)linux.alibaba.com> drm/msm: Fix wrong size calculation Jianguo Wu <wujianguo(a)chinatelecom.cn> net-procfs: show net devices bound packet types Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: nfs_atomic_open() can race when looking up a non-regular file Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Handle case where the lookup of a directory fails Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Reduce maximum conversion rate for G781 Eric Dumazet <edumazet(a)google.com> ipv4: avoid using shared IP generator for connected sockets Xin Long <lucien.xin(a)gmail.com> ping: fix the sk_bound_dev_if match in ping_lookup Congyu Liu <liu3101(a)purdue.edu> net: fix information leakage in /proc/net/ptype Ido Schimmel <idosch(a)nvidia.com> ipv6_tunnel: Rate limit warning messages John Meneghini <jmeneghi(a)redhat.com> scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() Matthias Kaehlcke <mka(a)chromium.org> rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev Sujit Kautkar <sujitka(a)chromium.org> rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev Joe Damato <jdamato(a)fastly.com> i40e: fix unsigned stat widths Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> i40e: Increase delay to 1 s after global EMP reset Christophe Leroy <christophe.leroy(a)csgroup.eu> lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix boot failure with GCC latent entropy plugin Marek Behún <kabel(a)kernel.org> net: sfp: ignore disabled SFP node Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Do not disconnect while receiving VBUS off Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix hang in usb_kill_urb by adding memory barriers Pavankumar Kondeti <quic_pkondeti(a)quicinc.com> usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS Jon Hunter <jonathanh(a)nvidia.com> usb: common: ulpi: Fix crash in ulpi_match() Alan Stern <stern(a)rowland.harvard.edu> usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge Cameron Williams <cang1(a)live.co.uk> tty: Add support for Brainboxes UC cards. daniel.starke(a)siemens.com <daniel.starke(a)siemens.com> tty: n_gsm: fix SW flow control encoding/handling Valentin Caron <valentin.caron(a)foss.st.com> serial: stm32: fix software flow control transfer Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: do not update layer 4 checksum when mangling fragments Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> PM: wakeup: simplify the output logic of pm_show_wakelocks() Jan Kara <jack(a)suse.cz> udf: Fix NULL ptr deref when converting from inline format Jan Kara <jack(a)suse.cz> udf: Restore i_lenAlloc when inode expansion fails Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices Vasily Gorbik <gor(a)linux.ibm.com> s390/hypfs: include z/VM guests with access control group set Brian Gix <brian.gix(a)intel.com> Bluetooth: refactor malicious adv data check ------------- Diffstat: Makefile | 4 +- arch/powerpc/kernel/Makefile | 1 + arch/powerpc/lib/Makefile | 3 + arch/s390/hypfs/hypfs_vm.c | 6 +- block/bio-integrity.c | 2 +- drivers/edac/altera_edac.c | 2 +- drivers/edac/xgene_edac.c | 2 +- drivers/gpu/drm/i915/intel_overlay.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 +- drivers/gpu/drm/msm/msm_drv.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +- drivers/hwmon/lm90.c | 2 +- drivers/infiniband/hw/mlx4/main.c | 2 +- drivers/iommu/amd_iommu_init.c | 2 + drivers/iommu/intel_irq_remapping.c | 13 ++- drivers/misc/Makefile | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 14 +++- drivers/net/ethernet/ibm/ibmvnic.c | 6 -- drivers/net/ethernet/intel/i40e/i40e.h | 8 +- drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 16 ++-- drivers/net/hamradio/yam.c | 4 +- drivers/net/ieee802154/ca8210.c | 1 + drivers/net/macsec.c | 9 +++ drivers/net/phy/phylink.c | 5 ++ drivers/net/usb/ipheth.c | 6 +- drivers/rpmsg/rpmsg_char.c | 22 +----- drivers/rtc/rtc-mc146818-lib.c | 2 +- drivers/s390/scsi/zfcp_fc.c | 13 ++- drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 41 +++++----- drivers/spi/spi-bcm-qspi.c | 2 +- drivers/spi/spi-meson-spicc.c | 5 ++ drivers/spi/spi-mt65xx.c | 2 +- drivers/staging/typec/tcpm.c | 3 +- drivers/tty/n_gsm.c | 4 +- drivers/tty/serial/8250/8250_pci.c | 100 +++++++++++++++++++++++- drivers/tty/serial/stm32-usart.c | 2 +- drivers/usb/common/ulpi.c | 7 +- drivers/usb/core/hcd.c | 14 ++++ drivers/usb/core/urb.c | 12 +++ drivers/usb/gadget/function/f_sourcesink.c | 1 + drivers/usb/storage/unusual_devs.h | 10 +++ fs/ext4/inline.c | 10 ++- fs/nfs/dir.c | 18 +++++ fs/nfsd/nfs4state.c | 4 +- fs/udf/inode.c | 9 +-- include/linux/netdevice.h | 1 + include/net/ip.h | 21 +++-- include/net/netfilter/nf_nat_l4proto.h | 2 +- kernel/audit.c | 62 ++++++++++----- kernel/bpf/core.c | 59 ++++++++++++-- kernel/power/wakelock.c | 12 +-- net/bluetooth/hci_event.c | 10 +-- net/core/filter.c | 11 ++- net/core/net-procfs.c | 38 ++++++++- net/core/rtnetlink.c | 6 +- net/ieee802154/nl802154.c | 8 +- net/ipv4/ip_output.c | 11 ++- net/ipv4/ping.c | 3 +- net/ipv4/raw.c | 5 +- net/ipv6/ip6_tunnel.c | 8 +- net/netfilter/nf_nat_proto_common.c | 36 ++++++--- net/netfilter/nf_nat_proto_dccp.c | 5 +- net/netfilter/nf_nat_proto_sctp.c | 5 +- net/netfilter/nf_nat_proto_tcp.c | 5 +- net/netfilter/nf_nat_proto_udp.c | 10 +-- net/netfilter/nft_payload.c | 3 + net/packet/af_packet.c | 10 ++- sound/soc/fsl/pcm030-audio-fabric.c | 11 ++- sound/soc/soc-ops.c | 29 ++++++- tools/testing/selftests/futex/Makefile | 4 +- 71 files changed, 562 insertions(+), 217 deletions(-)

2 years, 11 months

5
73
0 0

[PATCH 1/3] KEYS: asym_tpm: fix buffer overreads in extract_key_parameters()

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> extract_key_parameters() can read past the end of the input buffer due to buggy and missing bounds checks. Fix it as follows: - Before reading each key length field, verify that there are at least 4 bytes remaining. - Avoid integer overflows when validating size fields; 'sz + 12' and '4 + sz' overflowed if 'sz' is near U32_MAX. - Before saving the pointer to the public key, check that it doesn't run past the end of the buffer. Fixes: f8c54e1ac4b8 ("KEYS: asym_tpm: extract key size & public key [ver #2]") Cc: <stable(a)vger.kernel.org> # v4.20+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/asymmetric_keys/asym_tpm.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c index 0959613560b9..60d20d44c885 100644 --- a/crypto/asymmetric_keys/asym_tpm.c +++ b/crypto/asymmetric_keys/asym_tpm.c @@ -814,7 +814,6 @@ static int extract_key_parameters(struct tpm_key *tk) { const void *cur = tk->blob; uint32_t len = tk->blob_len; - const void *pub_key; uint32_t sz; uint32_t key_len; @@ -845,14 +844,14 @@ static int extract_key_parameters(struct tpm_key *tk) return -EBADMSG; sz = get_unaligned_be32(cur + 8); - if (len < sz + 12) - return -EBADMSG; /* Move to TPM_RSA_KEY_PARMS */ - len -= 12; cur += 12; + len -= 12; /* Grab the RSA key length */ + if (len < 4) + return -EBADMSG; key_len = get_unaligned_be32(cur); switch (key_len) { @@ -866,29 +865,36 @@ static int extract_key_parameters(struct tpm_key *tk) } /* Move just past TPM_KEY_PARMS */ + if (len < sz) + return -EBADMSG; cur += sz; len -= sz; if (len < 4) return -EBADMSG; - sz = get_unaligned_be32(cur); - if (len < 4 + sz) - return -EBADMSG; + cur += 4; + len -= 4; /* Move to TPM_STORE_PUBKEY */ - cur += 4 + sz; - len -= 4 + sz; + if (len < sz) + return -EBADMSG; + cur += sz; + len -= sz; /* Grab the size of the public key, it should jive with the key size */ + if (len < 4) + return -EBADMSG; sz = get_unaligned_be32(cur); + cur += 4; + len -= 4; if (sz > 256) return -EINVAL; - - pub_key = cur + 4; + if (len < sz) + return -EBADMSG; tk->key_len = key_len; - tk->pub_key = pub_key; + tk->pub_key = cur; tk->pub_key_len = sz; return 0; -- 2.34.1

2 years, 11 months

2
6
0 0

[PATCH v2 2/2] KEYS: asymmetric: properly validate hash_algo and encoding

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> It is insecure to allow arbitrary hash algorithms and signature encodings to be used with arbitrary signature algorithms. Notably, ECDSA, ECRDSA, and SM2 all sign/verify raw hash values and don't disambiguate between different hash algorithms like RSA PKCS#1 v1.5 padding does. Therefore, they need to be restricted to certain sets of hash algorithms (ideally just one, but in practice small sets are used). Additionally, the encoding is an integral part of modern signature algorithms, and is not supposed to vary. Therefore, tighten the checks of hash_algo and encoding done by software_key_determine_akcipher(). Also rearrange the parameters to software_key_determine_akcipher() to put the public_key first, as this is the most important parameter and it often determines everything else. Fixes: 299f561a6693 ("x509: Add support for parsing x509 certs with ECDSA keys") Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") Fixes: 0d7a78643f69 ("crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm") Cc: stable(a)vger.kernel.org Tested-by: Stefan Berger <stefanb(a)linux.ibm.com> Tested-by: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/asymmetric_keys/public_key.c | 111 +++++++++++++++++++--------- 1 file changed, 76 insertions(+), 35 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index e36213945686..7c9e6be35c30 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -60,39 +60,83 @@ static void public_key_destroy(void *payload0, void *payload3) } /* - * Determine the crypto algorithm name. + * Given a public_key, and an encoding and hash_algo to be used for signing + * and/or verification with that key, determine the name of the corresponding + * akcipher algorithm. Also check that encoding and hash_algo are allowed. */ -static -int software_key_determine_akcipher(const char *encoding, - const char *hash_algo, - const struct public_key *pkey, - char alg_name[CRYPTO_MAX_ALG_NAME]) +static int +software_key_determine_akcipher(const struct public_key *pkey, + const char *encoding, const char *hash_algo, + char alg_name[CRYPTO_MAX_ALG_NAME]) { int n; - if (strcmp(encoding, "pkcs1") == 0) { - /* The data wangled by the RSA algorithm is typically padded - * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 - * sec 8.2]. + if (!encoding) + return -EINVAL; + + if (strcmp(pkey->pkey_algo, "rsa") == 0) { + /* + * RSA signatures usually use EMSA-PKCS1-1_5 [RFC3447 sec 8.2]. + */ + if (strcmp(encoding, "pkcs1") == 0) { + if (!hash_algo) + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, + "pkcs1pad(%s)", + pkey->pkey_algo); + else + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, + "pkcs1pad(%s,%s)", + pkey->pkey_algo, hash_algo); + return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; + } + if (strcmp(encoding, "raw") != 0) + return -EINVAL; + /* + * Raw RSA cannot differentiate between different hash + * algorithms. + */ + if (hash_algo) + return -EINVAL; + } else if (strncmp(pkey->pkey_algo, "ecdsa", 5) == 0) { + if (strcmp(encoding, "x962") != 0) + return -EINVAL; + /* + * ECDSA signatures are taken over a raw hash, so they don't + * differentiate between different hash algorithms. That means + * that the verifier should hard-code a specific hash algorithm. + * Unfortunately, in practice ECDSA is used with multiple SHAs, + * so we have to allow all of them and not just one. */ if (!hash_algo) - n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, - "pkcs1pad(%s)", - pkey->pkey_algo); - else - n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, - "pkcs1pad(%s,%s)", - pkey->pkey_algo, hash_algo); - return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; - } - - if (strcmp(encoding, "raw") == 0 || - strcmp(encoding, "x962") == 0) { - strcpy(alg_name, pkey->pkey_algo); - return 0; + return -EINVAL; + if (strcmp(hash_algo, "sha1") != 0 && + strcmp(hash_algo, "sha224") != 0 && + strcmp(hash_algo, "sha256") != 0 && + strcmp(hash_algo, "sha384") != 0 && + strcmp(hash_algo, "sha512") != 0) + return -EINVAL; + } else if (strcmp(pkey->pkey_algo, "sm2") == 0) { + if (strcmp(encoding, "raw") != 0) + return -EINVAL; + if (!hash_algo) + return -EINVAL; + if (strcmp(hash_algo, "sm3") != 0) + return -EINVAL; + } else if (strcmp(pkey->pkey_algo, "ecrdsa") == 0) { + if (strcmp(encoding, "raw") != 0) + return -EINVAL; + if (!hash_algo) + return -EINVAL; + if (strcmp(hash_algo, "streebog256") != 0 && + strcmp(hash_algo, "streebog512") != 0) + return -EINVAL; + } else { + /* Unknown public key algorithm */ + return -ENOPKG; } - - return -ENOPKG; + if (strscpy(alg_name, pkey->pkey_algo, CRYPTO_MAX_ALG_NAME) < 0) + return -EINVAL; + return 0; } static u8 *pkey_pack_u32(u8 *dst, u32 val) @@ -113,9 +157,8 @@ static int software_key_query(const struct kernel_pkey_params *params, u8 *key, *ptr; int ret, len; - ret = software_key_determine_akcipher(params->encoding, - params->hash_algo, - pkey, alg_name); + ret = software_key_determine_akcipher(pkey, params->encoding, + params->hash_algo, alg_name); if (ret < 0) return ret; @@ -179,9 +222,8 @@ static int software_key_eds_op(struct kernel_pkey_params *params, pr_devel("==>%s()\n", __func__); - ret = software_key_determine_akcipher(params->encoding, - params->hash_algo, - pkey, alg_name); + ret = software_key_determine_akcipher(pkey, params->encoding, + params->hash_algo, alg_name); if (ret < 0) return ret; @@ -340,9 +382,8 @@ int public_key_verify_signature(const struct public_key *pkey, return -EKEYREJECTED; } - ret = software_key_determine_akcipher(sig->encoding, - sig->hash_algo, - pkey, alg_name); + ret = software_key_determine_akcipher(pkey, sig->encoding, + sig->hash_algo, alg_name); if (ret < 0) return ret; -- 2.35.1

2 years, 11 months

2
1
0 0

[PATCH v2 1/2] KEYS: asymmetric: enforce that sig algo matches key algo

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Most callers of public_key_verify_signature(), including most indirect callers via verify_signature() as well as pkcs7_verify_sig_chain(), don't check that public_key_signature::pkey_algo matches public_key::pkey_algo. These should always match. However, a malicious signature could intentionally declare an unintended algorithm. It is essential that such signatures be rejected outright, or that the algorithm of the *key* be used -- not the algorithm of the signature as that would allow attackers to choose the algorithm used. Currently, public_key_verify_signature() correctly uses the key's algorithm when deciding which akcipher to allocate. That's good. However, it uses the signature's algorithm when deciding whether to do the first step of SM2, which is incorrect. Also, v4.19 and older kernels used the signature's algorithm for the entire process. Prevent such errors by making public_key_verify_signature() enforce that the signature's algorithm (if given) matches the key's algorithm. Also remove two checks of this done by callers, which are now redundant. Cc: stable(a)vger.kernel.org Tested-by: Stefan Berger <stefanb(a)linux.ibm.com> Tested-by: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/asymmetric_keys/pkcs7_verify.c | 6 ------ crypto/asymmetric_keys/public_key.c | 15 +++++++++++++++ crypto/asymmetric_keys/x509_public_key.c | 6 ------ 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index 0b4d07aa8811..f94a1d1ad3a6 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -174,12 +174,6 @@ static int pkcs7_find_key(struct pkcs7_message *pkcs7, pr_devel("Sig %u: Found cert serial match X.509[%u]\n", sinfo->index, certix); - if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) { - pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n", - sinfo->index); - continue; - } - sinfo->signer = x509; return 0; } diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 4fefb219bfdc..e36213945686 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -325,6 +325,21 @@ int public_key_verify_signature(const struct public_key *pkey, BUG_ON(!sig); BUG_ON(!sig->s); + /* + * If the signature specifies a public key algorithm, it *must* match + * the key's actual public key algorithm. + * + * Small exception: ECDSA signatures don't specify the curve, but ECDSA + * keys do. So the strings can mismatch slightly in that case: + * "ecdsa-nist-*" for the key, but "ecdsa" for the signature. + */ + if (sig->pkey_algo) { + if (strcmp(pkey->pkey_algo, sig->pkey_algo) != 0 && + (strncmp(pkey->pkey_algo, "ecdsa-", 6) != 0 || + strcmp(sig->pkey_algo, "ecdsa") != 0)) + return -EKEYREJECTED; + } + ret = software_key_determine_akcipher(sig->encoding, sig->hash_algo, pkey, alg_name); diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index fe14cae115b5..71cc1738fbfd 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -128,12 +128,6 @@ int x509_check_for_self_signed(struct x509_certificate *cert) goto out; } - ret = -EKEYREJECTED; - if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0 && - (strncmp(cert->pub->pkey_algo, "ecdsa-", 6) != 0 || - strcmp(cert->sig->pkey_algo, "ecdsa") != 0)) - goto out; - ret = public_key_verify_signature(cert->pub, cert->sig); if (ret < 0) { if (ret == -ENOPKG) { -- 2.35.1

2 years, 11 months

2
1
0 0

[PATCH v3] mtd: rawnand: protect access to rawnand devices while in suspend

by Sean Nyekjaer

Prevent rawnend access while in a suspended state. Commit 013e6292aaf5 ("mtd: rawnand: Simplify the locking") allows the rawnand layer to return errors rather than waiting in a blocking wait. Tested on a iMX6ULL. Fixes: 013e6292aaf5 ("mtd: rawnand: Simplify the locking") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Reviewed-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- Follow-up on discussion in: https://lkml.org/lkml/2021/10/4/41 https://lkml.org/lkml/2021/10/11/435 https://lkml.org/lkml/2021/10/20/184 https://lkml.org/lkml/2021/10/25/288 https://lkml.org/lkml/2021/10/26/55 https://lkml.org/lkml/2021/11/2/352 Changes since v1: - fixed uninitialized return Changes since v2: - fixed wait queue description drivers/mtd/nand/raw/nand_base.c | 44 +++++++++++++++----------------- include/linux/mtd/rawnand.h | 2 ++ 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index e7b2ba016d8c..8daaba96edb2 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -338,16 +338,19 @@ static int nand_isbad_bbm(struct nand_chip *chip, loff_t ofs) * * Return: -EBUSY if the chip has been suspended, 0 otherwise */ -static int nand_get_device(struct nand_chip *chip) +static void nand_get_device(struct nand_chip *chip) { - mutex_lock(&chip->lock); - if (chip->suspended) { + /* Wait until the device is resumed. */ + while (1) { + mutex_lock(&chip->lock); + if (!chip->suspended) { + mutex_lock(&chip->controller->lock); + return; + } mutex_unlock(&chip->lock); - return -EBUSY; - } - mutex_lock(&chip->controller->lock); - return 0; + wait_event(chip->resume_wq, !chip->suspended); + } } /** @@ -576,9 +579,7 @@ static int nand_block_markbad_lowlevel(struct nand_chip *chip, loff_t ofs) nand_erase_nand(chip, &einfo, 0); /* Write bad block marker to OOB */ - ret = nand_get_device(chip); - if (ret) - return ret; + nand_get_device(chip); ret = nand_markbad_bbm(chip, ofs); nand_release_device(chip); @@ -3826,9 +3827,7 @@ static int nand_read_oob(struct mtd_info *mtd, loff_t from, ops->mode != MTD_OPS_RAW) return -ENOTSUPP; - ret = nand_get_device(chip); - if (ret) - return ret; + nand_get_device(chip); if (!ops->datbuf) ret = nand_do_read_oob(chip, from, ops); @@ -4415,13 +4414,11 @@ static int nand_write_oob(struct mtd_info *mtd, loff_t to, struct mtd_oob_ops *ops) { struct nand_chip *chip = mtd_to_nand(mtd); - int ret; + int ret = 0; ops->retlen = 0; - ret = nand_get_device(chip); - if (ret) - return ret; + nand_get_device(chip); switch (ops->mode) { case MTD_OPS_PLACE_OOB: @@ -4481,9 +4478,7 @@ int nand_erase_nand(struct nand_chip *chip, struct erase_info *instr, return -EIO; /* Grab the lock and see if the device is available */ - ret = nand_get_device(chip); - if (ret) - return ret; + nand_get_device(chip); /* Shift to get first page */ page = (int)(instr->addr >> chip->page_shift); @@ -4570,7 +4565,7 @@ static void nand_sync(struct mtd_info *mtd) pr_debug("%s: called\n", __func__); /* Grab the lock and see if the device is available */ - WARN_ON(nand_get_device(chip)); + nand_get_device(chip); /* Release it and go back */ nand_release_device(chip); } @@ -4587,9 +4582,7 @@ static int nand_block_isbad(struct mtd_info *mtd, loff_t offs) int ret; /* Select the NAND device */ - ret = nand_get_device(chip); - if (ret) - return ret; + nand_get_device(chip); nand_select_target(chip, chipnr); @@ -4660,6 +4653,8 @@ static void nand_resume(struct mtd_info *mtd) __func__); } mutex_unlock(&chip->lock); + + wake_up_all(&chip->resume_wq); } /** @@ -5437,6 +5432,7 @@ static int nand_scan_ident(struct nand_chip *chip, unsigned int maxchips, chip->cur_cs = -1; mutex_init(&chip->lock); + init_waitqueue_head(&chip->resume_wq); /* Enforce the right timings for reset/detection */ chip->current_interface_config = nand_get_reset_interface_config(); diff --git a/include/linux/mtd/rawnand.h b/include/linux/mtd/rawnand.h index 5b88cd51fadb..dcf90144d70b 100644 --- a/include/linux/mtd/rawnand.h +++ b/include/linux/mtd/rawnand.h @@ -1240,6 +1240,7 @@ struct nand_secure_region { * @lock: Lock protecting the suspended field. Also used to serialize accesses * to the NAND device * @suspended: Set to 1 when the device is suspended, 0 when it's not + * @resume_wq: wait queue to sleep if rawnand is in suspended state. * @cur_cs: Currently selected target. -1 means no target selected, otherwise we * should always have cur_cs >= 0 && cur_cs < nanddev_ntargets(). * NAND Controller drivers should not modify this value, but they're @@ -1294,6 +1295,7 @@ struct nand_chip { /* Internals */ struct mutex lock; unsigned int suspended : 1; + wait_queue_head_t resume_wq; int cur_cs; int read_retries; struct nand_secure_region *secure_regions; -- 2.34.1

2 years, 11 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2022