- Linux-stable-mirror - lists.linaro.org

Patch "tpm_tis: Move ilb_base_addr to tpm_tis_data" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm_tis: Move ilb_base_addr to tpm_tis_data to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm_tis-move-ilb_base_addr-to-tpm_tis_data.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c382babccba2c82fe57f9e647f290fb7bf4d130d Mon Sep 17 00:00:00 2001 From: Azhar Shaikh <azhar.shaikh(a)intel.com> Date: Fri, 22 Dec 2017 12:13:43 -0800 Subject: tpm_tis: Move ilb_base_addr to tpm_tis_data From: Azhar Shaikh <azhar.shaikh(a)intel.com> commit c382babccba2c82fe57f9e647f290fb7bf4d130d upstream. Move static variable ilb_base_addr to tpm_tis_data. Cc: stable(a)vger.kernel.org Signed-off-by: Azhar Shaikh <azhar.shaikh(a)intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm_tis.c | 75 ++++++++++++++-------------------------- drivers/char/tpm/tpm_tis_core.c | 16 ++++++++ drivers/char/tpm/tpm_tis_core.h | 13 ++++++ 3 files changed, 56 insertions(+), 48 deletions(-) --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -133,33 +133,24 @@ static int check_acpi_tpm2(struct device #endif #ifdef CONFIG_X86 -#define INTEL_LEGACY_BLK_BASE_ADDR 0xFED08000 -#define ILB_REMAP_SIZE 0x100 -#define LPC_CNTRL_REG_OFFSET 0x84 -#define LPC_CLKRUN_EN (1 << 2) - -static void __iomem *ilb_base_addr; - -static inline bool is_bsw(void) -{ - return ((boot_cpu_data.x86_model == INTEL_FAM6_ATOM_AIRMONT) ? 1 : 0); -} +#define LPC_CNTRL_OFFSET 0x84 +#define LPC_CLKRUN_EN (1 << 2) /** * tpm_platform_begin_xfer() - clear LPC CLKRUN_EN i.e. clocks will be running */ -static void tpm_platform_begin_xfer(void) +static void tpm_platform_begin_xfer(struct tpm_tis_data *data) { u32 clkrun_val; if (!is_bsw()) return; - clkrun_val = ioread32(ilb_base_addr + LPC_CNTRL_REG_OFFSET); + clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); /* Disable LPC CLKRUN# */ clkrun_val &= ~LPC_CLKRUN_EN; - iowrite32(clkrun_val, ilb_base_addr + LPC_CNTRL_REG_OFFSET); + iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); /* * Write any random value on port 0x80 which is on LPC, to make @@ -172,18 +163,18 @@ static void tpm_platform_begin_xfer(void /** * tpm_platform_end_xfer() - set LPC CLKRUN_EN i.e. clocks can be turned off */ -static void tpm_platform_end_xfer(void) +static void tpm_platform_end_xfer(struct tpm_tis_data *data) { u32 clkrun_val; if (!is_bsw()) return; - clkrun_val = ioread32(ilb_base_addr + LPC_CNTRL_REG_OFFSET); + clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); /* Enable LPC CLKRUN# */ clkrun_val |= LPC_CLKRUN_EN; - iowrite32(clkrun_val, ilb_base_addr + LPC_CNTRL_REG_OFFSET); + iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); /* * Write any random value on port 0x80 which is on LPC, to make @@ -193,16 +184,11 @@ static void tpm_platform_end_xfer(void) } #else -static inline bool is_bsw(void) -{ - return false; -} - -static void tpm_platform_begin_xfer(void) +static void tpm_platform_begin_xfer(struct tpm_tis_data *data) { } -static void tpm_platform_end_xfer(void) +static void tpm_platform_end_xfer(struct tpm_tis_data *data) { } #endif @@ -212,12 +198,12 @@ static int tpm_tcg_read_bytes(struct tpm { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(); + tpm_platform_begin_xfer(data); while (len--) *result++ = ioread8(phy->iobase + addr); - tpm_platform_end_xfer(); + tpm_platform_end_xfer(data); return 0; } @@ -227,12 +213,12 @@ static int tpm_tcg_write_bytes(struct tp { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(); + tpm_platform_begin_xfer(data); while (len--) iowrite8(*value++, phy->iobase + addr); - tpm_platform_end_xfer(); + tpm_platform_end_xfer(data); return 0; } @@ -241,11 +227,11 @@ static int tpm_tcg_read16(struct tpm_tis { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(); + tpm_platform_begin_xfer(data); *result = ioread16(phy->iobase + addr); - tpm_platform_end_xfer(); + tpm_platform_end_xfer(data); return 0; } @@ -254,11 +240,11 @@ static int tpm_tcg_read32(struct tpm_tis { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(); + tpm_platform_begin_xfer(data); *result = ioread32(phy->iobase + addr); - tpm_platform_end_xfer(); + tpm_platform_end_xfer(data); return 0; } @@ -267,11 +253,11 @@ static int tpm_tcg_write32(struct tpm_ti { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(); + tpm_platform_begin_xfer(data); iowrite32(value, phy->iobase + addr); - tpm_platform_end_xfer(); + tpm_platform_end_xfer(data); return 0; } @@ -350,9 +336,13 @@ MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl); static void tpm_tis_pnp_remove(struct pnp_dev *dev) { struct tpm_chip *chip = pnp_get_drvdata(dev); + struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); tpm_chip_unregister(chip); tpm_tis_remove(chip); + if (is_bsw()) + iounmap(priv->ilb_base_addr); + } static struct pnp_driver tis_pnp_driver = { @@ -399,10 +389,14 @@ static int tpm_tis_plat_probe(struct pla static int tpm_tis_plat_remove(struct platform_device *pdev) { struct tpm_chip *chip = dev_get_drvdata(&pdev->dev); + struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); tpm_chip_unregister(chip); tpm_tis_remove(chip); + if (is_bsw()) + iounmap(priv->ilb_base_addr); + return 0; } @@ -460,11 +454,6 @@ static int __init init_tis(void) if (rc) goto err_force; -#ifdef CONFIG_X86 - if (is_bsw()) - ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR, - ILB_REMAP_SIZE); -#endif rc = platform_driver_register(&tis_drv); if (rc) goto err_platform; @@ -483,10 +472,6 @@ err_pnp: err_platform: if (force_pdev) platform_device_unregister(force_pdev); -#ifdef CONFIG_X86 - if (is_bsw()) - iounmap(ilb_base_addr); -#endif err_force: return rc; } @@ -496,10 +481,6 @@ static void __exit cleanup_tis(void) pnp_unregister_driver(&tis_pnp_driver); platform_driver_unregister(&tis_drv); -#ifdef CONFIG_X86 - if (is_bsw()) - iounmap(ilb_base_addr); -#endif if (force_pdev) platform_device_unregister(force_pdev); } --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -701,6 +701,13 @@ int tpm_tis_core_init(struct device *dev priv->phy_ops = phy_ops; dev_set_drvdata(&chip->dev, priv); + if (is_bsw()) { + priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR, + ILB_REMAP_SIZE); + if (!priv->ilb_base_addr) + return -ENOMEM; + } + if (wait_startup(chip, 0) != 0) { rc = -ENODEV; goto out_err; @@ -791,9 +798,16 @@ int tpm_tis_core_init(struct device *dev } } - return tpm_chip_register(chip); + rc = tpm_chip_register(chip); + if (rc && is_bsw()) + iounmap(priv->ilb_base_addr); + + return rc; out_err: tpm_tis_remove(chip); + if (is_bsw()) + iounmap(priv->ilb_base_addr); + return rc; } EXPORT_SYMBOL_GPL(tpm_tis_core_init); --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -79,6 +79,9 @@ enum tis_defaults { #define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) #define TPM_RID(l) (0x0F04 | ((l) << 12)) +#define INTEL_LEGACY_BLK_BASE_ADDR 0xFED08000 +#define ILB_REMAP_SIZE 0x100 + enum tpm_tis_flags { TPM_TIS_ITPM_WORKAROUND = BIT(0), }; @@ -89,6 +92,7 @@ struct tpm_tis_data { int irq; bool irq_tested; unsigned int flags; + void __iomem *ilb_base_addr; wait_queue_head_t int_queue; wait_queue_head_t read_queue; const struct tpm_tis_phy_ops *phy_ops; @@ -144,6 +148,15 @@ static inline int tpm_tis_write32(struct return data->phy_ops->write32(data, addr, value); } +static inline bool is_bsw(void) +{ +#ifdef CONFIG_X86 + return ((boot_cpu_data.x86_model == INTEL_FAM6_ATOM_AIRMONT) ? 1 : 0); +#else + return false; +#endif +} + void tpm_tis_remove(struct tpm_chip *chip); int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, const struct tpm_tis_phy_ops *phy_ops, Patches currently in stable-queue which might be from azhar.shaikh(a)intel.com are queue-4.14/tpm_tis-move-ilb_base_addr-to-tpm_tis_data.patch queue-4.14/tpm-keep-clkrun-enabled-throughout-the-duration-of-transmit_cmd.patch

7 years, 3 months

1
0
0 0

Patch "tpm: remove unused variables" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm: remove unused variables to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm-remove-unused-variables.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 68021bf4734d15c9a9ed1c1072b9ebcfda3e39cc Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Tue, 2 Jan 2018 11:38:54 +0100 Subject: tpm: remove unused variables From: Arnd Bergmann <arnd(a)arndb.de> commit 68021bf4734d15c9a9ed1c1072b9ebcfda3e39cc upstream. The CLKRUN fix caused a few harmless compile-time warnings: drivers/char/tpm/tpm_tis.c: In function 'tpm_tis_pnp_remove': drivers/char/tpm/tpm_tis.c:274:23: error: unused variable 'priv' [-Werror=unused-variable] drivers/char/tpm/tpm_tis.c: In function 'tpm_tis_plat_remove': drivers/char/tpm/tpm_tis.c:324:23: error: unused variable 'priv' [-Werror=unused-variable] This removes the variables that have now become unused. Fixes: 6d0866cbc2d3 ("tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: James Morris <jmorris(a)namei.org> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm_tis.c | 2 -- 1 file changed, 2 deletions(-) --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -255,7 +255,6 @@ MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl); static void tpm_tis_pnp_remove(struct pnp_dev *dev) { struct tpm_chip *chip = pnp_get_drvdata(dev); - struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); tpm_chip_unregister(chip); tpm_tis_remove(chip); @@ -305,7 +304,6 @@ static int tpm_tis_plat_probe(struct pla static int tpm_tis_plat_remove(struct platform_device *pdev) { struct tpm_chip *chip = dev_get_drvdata(&pdev->dev); - struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); tpm_chip_unregister(chip); tpm_tis_remove(chip); Patches currently in stable-queue which might be from arnd(a)arndb.de are queue-4.14/watchdog-hpwdt-fix-unused-variable-warning.patch queue-4.14/arm-omap2-hide-omap3_save_secure_ram-on-non-omap3-builds.patch queue-4.14/dm-bufio-avoid-false-positive-wmaybe-uninitialized-warning.patch queue-4.14/objtool-fix-another-switch-table-detection-issue.patch queue-4.14/tpm-remove-unused-variables.patch

7 years, 3 months

1
0
0 0

Patch "tpm: only attempt to disable the LPC CLKRUN if is already enabled" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm: only attempt to disable the LPC CLKRUN if is already enabled to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm-only-attempt-to-disable-the-lpc-clkrun-if-is-already-enabled.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6c9f0ce0dffe64da2204f38b0fd90f3ae2a8903c Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas <javierm(a)redhat.com> Date: Mon, 25 Dec 2017 03:22:51 +0100 Subject: tpm: only attempt to disable the LPC CLKRUN if is already enabled From: Javier Martinez Canillas <javierm(a)redhat.com> commit 6c9f0ce0dffe64da2204f38b0fd90f3ae2a8903c upstream. Commit 5e572cab92f0 ("tpm: Enable CLKRUN protocol for Braswell systems") added logic in the TPM TIS driver to disable the Low Pin Count CLKRUN signal during TPM transactions. Unfortunately this breaks other devices that are attached to the LPC bus like for example PS/2 mouse and keyboards. One flaw with the logic is that it assumes that the CLKRUN is always enabled, and so it unconditionally enables it after a TPM transaction. But it could be that the CLKRUN# signal was already disabled in the LPC bus and so after the driver probes, CLKRUN_EN will remain enabled which may break other devices that are attached to the LPC bus but don't have support for the CLKRUN protocol. Fixes: 5e572cab92f0 ("tpm: Enable CLKRUN protocol for Braswell systems") Signed-off-by: Javier Martinez Canillas <javierm(a)redhat.com> Tested-by: James Ettle <james(a)ettle.org.uk> Tested-by: Jeffery Miller <jmiller(a)neverware.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -694,7 +694,8 @@ static void tpm_tis_clkrun_enable(struct struct tpm_tis_data *data = dev_get_drvdata(&chip->dev); u32 clkrun_val; - if (!IS_ENABLED(CONFIG_X86) || !is_bsw()) + if (!IS_ENABLED(CONFIG_X86) || !is_bsw() || + !data->ilb_base_addr) return; if (value) { @@ -751,6 +752,7 @@ int tpm_tis_core_init(struct device *dev acpi_handle acpi_dev_handle) { u32 vendor, intfcaps, intmask; + u32 clkrun_val; u8 rid; int rc, probe; struct tpm_chip *chip; @@ -776,6 +778,13 @@ int tpm_tis_core_init(struct device *dev ILB_REMAP_SIZE); if (!priv->ilb_base_addr) return -ENOMEM; + + clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET); + /* Check if CLKRUN# is already not enabled in the LPC bus */ + if (!(clkrun_val & LPC_CLKRUN_EN)) { + iounmap(priv->ilb_base_addr); + priv->ilb_base_addr = NULL; + } } if (chip->ops->clk_enable != NULL) Patches currently in stable-queue which might be from javierm(a)redhat.com are queue-4.14/tpm-delete-the-tpm_tis_clk_enable-flag.patch queue-4.14/tpm-only-attempt-to-disable-the-lpc-clkrun-if-is-already-enabled.patch

7 years, 3 months

1
0
0 0

Patch "tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm-keep-clkrun-enabled-throughout-the-duration-of-transmit_cmd.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b3e958ce4c585bf666de249dc794971ebc62d2d3 Mon Sep 17 00:00:00 2001 From: Azhar Shaikh <azhar.shaikh(a)intel.com> Date: Fri, 22 Dec 2017 12:13:44 -0800 Subject: tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd() From: Azhar Shaikh <azhar.shaikh(a)intel.com> commit b3e958ce4c585bf666de249dc794971ebc62d2d3 upstream. Commit 5e572cab92f0bb5 ("tpm: Enable CLKRUN protocol for Braswell systems") disabled CLKRUN protocol during TPM transactions and re-enabled once the transaction is completed. But there were still some corner cases observed where, reading of TPM header failed for savestate command while going to suspend, which resulted in suspend failure. To fix this issue keep the CLKRUN protocol disabled for the entire duration of a single TPM command and not disabling and re-enabling again for every TPM transaction. For the other TPM accesses outside TPM command flow, add a higher level of disabling and re-enabling the CLKRUN protocol, instead of doing for every TPM transaction. Fixes: 5e572cab92f0bb5 ("tpm: Enable CLKRUN protocol for Braswell systems") Signed-off-by: Azhar Shaikh <azhar.shaikh(a)intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm-interface.c | 6 ++ drivers/char/tpm/tpm_tis.c | 92 +++------------------------------ drivers/char/tpm/tpm_tis_core.c | 108 +++++++++++++++++++++++++++++++++++---- drivers/char/tpm/tpm_tis_core.h | 4 + include/linux/tpm.h | 1 5 files changed, 119 insertions(+), 92 deletions(-) --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -413,6 +413,9 @@ ssize_t tpm_transmit(struct tpm_chip *ch if (chip->dev.parent) pm_runtime_get_sync(chip->dev.parent); + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, true); + /* Store the decision as chip->locality will be changed. */ need_locality = chip->locality == -1; @@ -489,6 +492,9 @@ out: chip->locality = -1; } out_no_locality: + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, false); + if (chip->dev.parent) pm_runtime_put_sync(chip->dev.parent); --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -132,79 +132,17 @@ static int check_acpi_tpm2(struct device } #endif -#ifdef CONFIG_X86 -#define LPC_CNTRL_OFFSET 0x84 -#define LPC_CLKRUN_EN (1 << 2) - -/** - * tpm_platform_begin_xfer() - clear LPC CLKRUN_EN i.e. clocks will be running - */ -static void tpm_platform_begin_xfer(struct tpm_tis_data *data) -{ - u32 clkrun_val; - - if (!is_bsw()) - return; - - clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); - - /* Disable LPC CLKRUN# */ - clkrun_val &= ~LPC_CLKRUN_EN; - iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); - - /* - * Write any random value on port 0x80 which is on LPC, to make - * sure LPC clock is running before sending any TPM command. - */ - outb(0xCC, 0x80); - -} - -/** - * tpm_platform_end_xfer() - set LPC CLKRUN_EN i.e. clocks can be turned off - */ -static void tpm_platform_end_xfer(struct tpm_tis_data *data) -{ - u32 clkrun_val; - - if (!is_bsw()) - return; - - clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); - - /* Enable LPC CLKRUN# */ - clkrun_val |= LPC_CLKRUN_EN; - iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); - - /* - * Write any random value on port 0x80 which is on LPC, to make - * sure LPC clock is running before sending any TPM command. - */ - outb(0xCC, 0x80); - -} -#else -static void tpm_platform_begin_xfer(struct tpm_tis_data *data) -{ -} - -static void tpm_platform_end_xfer(struct tpm_tis_data *data) -{ -} -#endif - static int tpm_tcg_read_bytes(struct tpm_tis_data *data, u32 addr, u16 len, u8 *result) { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(data); + if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) + WARN(1, "CLKRUN not enabled!\n"); while (len--) *result++ = ioread8(phy->iobase + addr); - tpm_platform_end_xfer(data); - return 0; } @@ -213,13 +151,12 @@ static int tpm_tcg_write_bytes(struct tp { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(data); + if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) + WARN(1, "CLKRUN not enabled!\n"); while (len--) iowrite8(*value++, phy->iobase + addr); - tpm_platform_end_xfer(data); - return 0; } @@ -227,12 +164,11 @@ static int tpm_tcg_read16(struct tpm_tis { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(data); + if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) + WARN(1, "CLKRUN not enabled!\n"); *result = ioread16(phy->iobase + addr); - tpm_platform_end_xfer(data); - return 0; } @@ -240,12 +176,11 @@ static int tpm_tcg_read32(struct tpm_tis { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(data); + if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) + WARN(1, "CLKRUN not enabled!\n"); *result = ioread32(phy->iobase + addr); - tpm_platform_end_xfer(data); - return 0; } @@ -253,12 +188,11 @@ static int tpm_tcg_write32(struct tpm_ti { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - tpm_platform_begin_xfer(data); + if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) + WARN(1, "CLKRUN not enabled!\n"); iowrite32(value, phy->iobase + addr); - tpm_platform_end_xfer(data); - return 0; } @@ -340,9 +274,6 @@ static void tpm_tis_pnp_remove(struct pn tpm_chip_unregister(chip); tpm_tis_remove(chip); - if (is_bsw()) - iounmap(priv->ilb_base_addr); - } static struct pnp_driver tis_pnp_driver = { @@ -394,9 +325,6 @@ static int tpm_tis_plat_remove(struct pl tpm_chip_unregister(chip); tpm_tis_remove(chip); - if (is_bsw()) - iounmap(priv->ilb_base_addr); - return 0; } --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -31,6 +31,8 @@ #include "tpm.h" #include "tpm_tis_core.h" +static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value); + /* Before we attempt to access the TPM we must see that the valid bit is set. * The specification says that this bit is 0 at reset and remains 0 until the * 'TPM has gone through its self test and initialization and has established @@ -422,19 +424,28 @@ static bool tpm_tis_update_timeouts(stru int i, rc; u32 did_vid; + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, true); + rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid); if (rc < 0) - return rc; + goto out; for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) { if (vendor_timeout_overrides[i].did_vid != did_vid) continue; memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us, sizeof(vendor_timeout_overrides[i].timeout_us)); - return true; + rc = true; } - return false; + rc = false; + +out: + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, false); + + return rc; } /* @@ -654,14 +665,74 @@ void tpm_tis_remove(struct tpm_chip *chi u32 interrupt; int rc; + tpm_tis_clkrun_enable(chip, true); + rc = tpm_tis_read32(priv, reg, &interrupt); if (rc < 0) interrupt = 0; tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt); + + tpm_tis_clkrun_enable(chip, false); + + if (priv->ilb_base_addr) + iounmap(priv->ilb_base_addr); } EXPORT_SYMBOL_GPL(tpm_tis_remove); +/** + * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration + * of a single TPM command + * @chip: TPM chip to use + * @value: 1 - Disable CLKRUN protocol, so that clocks are free running + * 0 - Enable CLKRUN protocol + * Call this function directly in tpm_tis_remove() in error or driver removal + * path, since the chip->ops is set to NULL in tpm_chip_unregister(). + */ +static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value) +{ + struct tpm_tis_data *data = dev_get_drvdata(&chip->dev); + u32 clkrun_val; + + if (!IS_ENABLED(CONFIG_X86) || !is_bsw()) + return; + + if (value) { + data->flags |= TPM_TIS_CLK_ENABLE; + data->clkrun_enabled++; + if (data->clkrun_enabled > 1) + return; + clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); + + /* Disable LPC CLKRUN# */ + clkrun_val &= ~LPC_CLKRUN_EN; + iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); + + /* + * Write any random value on port 0x80 which is on LPC, to make + * sure LPC clock is running before sending any TPM command. + */ + outb(0xCC, 0x80); + } else { + data->clkrun_enabled--; + if (data->clkrun_enabled) + return; + + clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); + + /* Enable LPC CLKRUN# */ + clkrun_val |= LPC_CLKRUN_EN; + iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); + + /* + * Write any random value on port 0x80 which is on LPC, to make + * sure LPC clock is running before sending any TPM command. + */ + outb(0xCC, 0x80); + data->flags &= ~TPM_TIS_CLK_ENABLE; + } +} + static const struct tpm_class_ops tpm_tis = { .flags = TPM_OPS_AUTO_STARTUP, .status = tpm_tis_status, @@ -674,6 +745,7 @@ static const struct tpm_class_ops tpm_ti .req_canceled = tpm_tis_req_canceled, .request_locality = request_locality, .relinquish_locality = release_locality, + .clk_enable = tpm_tis_clkrun_enable, }; int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, @@ -708,6 +780,9 @@ int tpm_tis_core_init(struct device *dev return -ENOMEM; } + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, true); + if (wait_startup(chip, 0) != 0) { rc = -ENODEV; goto out_err; @@ -799,14 +874,18 @@ int tpm_tis_core_init(struct device *dev } rc = tpm_chip_register(chip); - if (rc && is_bsw()) - iounmap(priv->ilb_base_addr); + if (rc) + goto out_err; - return rc; + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, false); + + return 0; out_err: + if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL)) + chip->ops->clk_enable(chip, false); + tpm_tis_remove(chip); - if (is_bsw()) - iounmap(priv->ilb_base_addr); return rc; } @@ -819,22 +898,31 @@ static void tpm_tis_reenable_interrupts( u32 intmask; int rc; + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, true); + /* reenable interrupts that device may have lost or * BIOS/firmware may have disabled */ rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq); if (rc < 0) - return; + goto out; rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); if (rc < 0) - return; + goto out; intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE; tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); + +out: + if (chip->ops->clk_enable != NULL) + chip->ops->clk_enable(chip, false); + + return; } int tpm_tis_resume(struct device *dev) --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -79,11 +79,14 @@ enum tis_defaults { #define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) #define TPM_RID(l) (0x0F04 | ((l) << 12)) +#define LPC_CNTRL_OFFSET 0x84 +#define LPC_CLKRUN_EN (1 << 2) #define INTEL_LEGACY_BLK_BASE_ADDR 0xFED08000 #define ILB_REMAP_SIZE 0x100 enum tpm_tis_flags { TPM_TIS_ITPM_WORKAROUND = BIT(0), + TPM_TIS_CLK_ENABLE = BIT(1), }; struct tpm_tis_data { @@ -93,6 +96,7 @@ struct tpm_tis_data { bool irq_tested; unsigned int flags; void __iomem *ilb_base_addr; + u16 clkrun_enabled; wait_queue_head_t int_queue; wait_queue_head_t read_queue; const struct tpm_tis_phy_ops *phy_ops; --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -50,6 +50,7 @@ struct tpm_class_ops { unsigned long *timeout_cap); int (*request_locality)(struct tpm_chip *chip, int loc); void (*relinquish_locality)(struct tpm_chip *chip, int loc); + void (*clk_enable)(struct tpm_chip *chip, bool value); }; #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) Patches currently in stable-queue which might be from azhar.shaikh(a)intel.com are queue-4.14/tpm_tis-move-ilb_base_addr-to-tpm_tis_data.patch queue-4.14/tpm-keep-clkrun-enabled-throughout-the-duration-of-transmit_cmd.patch

7 years, 3 months

1
0
0 0

Patch "tpm: delete the TPM_TIS_CLK_ENABLE flag" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tpm: delete the TPM_TIS_CLK_ENABLE flag to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tpm-delete-the-tpm_tis_clk_enable-flag.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 764325add6c2ad1641199edde7b2995495fc2d7c Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas <javierm(a)redhat.com> Date: Mon, 25 Dec 2017 03:22:49 +0100 Subject: tpm: delete the TPM_TIS_CLK_ENABLE flag From: Javier Martinez Canillas <javierm(a)redhat.com> commit 764325add6c2ad1641199edde7b2995495fc2d7c upstream. This flag is only used to warn if CLKRUN_EN wasn't disabled on Braswell systems, but the only way this can happen is if the code is not correct. So it's an unnecessary check that just makes the code harder to read. Suggested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Javier Martinez Canillas <javierm(a)redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/tpm/tpm_tis.c | 15 --------------- drivers/char/tpm/tpm_tis_core.c | 2 -- drivers/char/tpm/tpm_tis_core.h | 1 - 3 files changed, 18 deletions(-) --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -137,9 +137,6 @@ static int tpm_tcg_read_bytes(struct tpm { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) - WARN(1, "CLKRUN not enabled!\n"); - while (len--) *result++ = ioread8(phy->iobase + addr); @@ -151,9 +148,6 @@ static int tpm_tcg_write_bytes(struct tp { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) - WARN(1, "CLKRUN not enabled!\n"); - while (len--) iowrite8(*value++, phy->iobase + addr); @@ -164,9 +158,6 @@ static int tpm_tcg_read16(struct tpm_tis { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) - WARN(1, "CLKRUN not enabled!\n"); - *result = ioread16(phy->iobase + addr); return 0; @@ -176,9 +167,6 @@ static int tpm_tcg_read32(struct tpm_tis { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) - WARN(1, "CLKRUN not enabled!\n"); - *result = ioread32(phy->iobase + addr); return 0; @@ -188,9 +176,6 @@ static int tpm_tcg_write32(struct tpm_ti { struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); - if (is_bsw() && !(data->flags & TPM_TIS_CLK_ENABLE)) - WARN(1, "CLKRUN not enabled!\n"); - iowrite32(value, phy->iobase + addr); return 0; --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -698,7 +698,6 @@ static void tpm_tis_clkrun_enable(struct return; if (value) { - data->flags |= TPM_TIS_CLK_ENABLE; data->clkrun_enabled++; if (data->clkrun_enabled > 1) return; @@ -729,7 +728,6 @@ static void tpm_tis_clkrun_enable(struct * sure LPC clock is running before sending any TPM command. */ outb(0xCC, 0x80); - data->flags &= ~TPM_TIS_CLK_ENABLE; } } --- a/drivers/char/tpm/tpm_tis_core.h +++ b/drivers/char/tpm/tpm_tis_core.h @@ -86,7 +86,6 @@ enum tis_defaults { enum tpm_tis_flags { TPM_TIS_ITPM_WORKAROUND = BIT(0), - TPM_TIS_CLK_ENABLE = BIT(1), }; struct tpm_tis_data { Patches currently in stable-queue which might be from javierm(a)redhat.com are queue-4.14/tpm-delete-the-tpm_tis_clk_enable-flag.patch queue-4.14/tpm-only-attempt-to-disable-the-lpc-clkrun-if-is-already-enabled.patch

7 years, 3 months

1
0
0 0

[PATCH] h8300: remove extranous __BIG_ENDIAN definition

by Arnd Bergmann

A bugfix I did earlier caused a build regression on h8300, which defines the __BIG_ENDIAN macro in a slightly different way than the generic code: arch/h8300/include/asm/byteorder.h:5:0: warning: "__BIG_ENDIAN" redefined We don't need to define it here, as the same macro is already provided by the linux/byteorder/big_endian.h, and that version does not conflict. While this is a v4.16 regression, my earlier patch also got backported to the 4.14 and 4.15 stable kernels, so we need the fixup there as well. Cc: stable(a)vger.kernel.org Fixes: 101110f6271c ("Kbuild: always define endianess in kconfig.h") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- arch/h8300/include/asm/byteorder.h | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/h8300/include/asm/byteorder.h b/arch/h8300/include/asm/byteorder.h index ecff2d1ca5a3..6eaa7ad5fc2c 100644 --- a/arch/h8300/include/asm/byteorder.h +++ b/arch/h8300/include/asm/byteorder.h @@ -2,7 +2,6 @@ #ifndef __H8300_BYTEORDER_H__ #define __H8300_BYTEORDER_H__ -#define __BIG_ENDIAN __ORDER_BIG_ENDIAN__ #include <linux/byteorder/big_endian.h> #endif -- 2.9.0

7 years, 3 months

1
0
0 0

Patch "netfilter: bridge: ebt_among: add missing match size checks" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: bridge: ebt_among: add missing match size checks to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-bridge-ebt_among-add-missing-match-size-checks.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c4585a2823edf4d1326da44d1524ecbfda26bb37 Mon Sep 17 00:00:00 2001 From: Florian Westphal <fw(a)strlen.de> Date: Mon, 19 Feb 2018 03:01:45 +0100 Subject: netfilter: bridge: ebt_among: add missing match size checks From: Florian Westphal <fw(a)strlen.de> commit c4585a2823edf4d1326da44d1524ecbfda26bb37 upstream. ebt_among is special, it has a dynamic match size and is exempt from the central size checks. Therefore it must check that the size of the match structure provided from userspace is sane by making sure em->match_size is at least the minimum size of the expected structure. The module has such a check, but its only done after accessing a structure that might be out of bounds. tested with: ebtables -A INPUT ... \ --among-dst fe:fe:fe:fe:fe:fe --among-dst fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe Reported-by: <syzbot+fe0b19af568972814355(a)syzkaller.appspotmail.com> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/bridge/netfilter/ebt_among.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c @@ -172,18 +172,35 @@ ebt_among_mt(const struct sk_buff *skb, return true; } +static bool poolsize_invalid(const struct ebt_mac_wormhash *w) +{ + return w && w->poolsize >= (INT_MAX / sizeof(struct ebt_mac_wormhash_tuple)); +} + static int ebt_among_mt_check(const struct xt_mtchk_param *par) { const struct ebt_among_info *info = par->matchinfo; const struct ebt_entry_match *em = container_of(par->matchinfo, const struct ebt_entry_match, data); - int expected_length = sizeof(struct ebt_among_info); + unsigned int expected_length = sizeof(struct ebt_among_info); const struct ebt_mac_wormhash *wh_dst, *wh_src; int err; + if (expected_length > em->match_size) + return -EINVAL; + wh_dst = ebt_among_wh_dst(info); - wh_src = ebt_among_wh_src(info); + if (poolsize_invalid(wh_dst)) + return -EINVAL; + expected_length += ebt_mac_wormhash_size(wh_dst); + if (expected_length > em->match_size) + return -EINVAL; + + wh_src = ebt_among_wh_src(info); + if (poolsize_invalid(wh_src)) + return -EINVAL; + expected_length += ebt_mac_wormhash_size(wh_src); if (em->match_size != EBT_ALIGN(expected_length)) { Patches currently in stable-queue which might be from fw(a)strlen.de are queue-4.14/netfilter-add-back-stackpointer-size-checks.patch queue-4.14/netfilter-ipv6-fix-use-after-free-write-in-nf_nat_ipv6_manip_pkt.patch queue-4.14/netfilter-ebtables-config_compat-don-t-trust-userland-offsets.patch queue-4.14/netfilter-bridge-ebt_among-add-missing-match-size-checks.patch

7 years, 3 months

3
2
0 0

Patch "netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-ebtables-config_compat-don-t-trust-userland-offsets.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b71812168571fa55e44cdd0254471331b9c4c4c6 Mon Sep 17 00:00:00 2001 From: Florian Westphal <fw(a)strlen.de> Date: Mon, 19 Feb 2018 01:24:15 +0100 Subject: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets From: Florian Westphal <fw(a)strlen.de> commit b71812168571fa55e44cdd0254471331b9c4c4c6 upstream. We need to make sure the offsets are not out of range of the total size. Also check that they are in ascending order. The WARN_ON triggered by syzkaller (it sets panic_on_warn) is changed to also bail out, no point in continuing parsing. Briefly tested with simple ruleset of -A INPUT --limit 1/s' --log plus jump to custom chains using 32bit ebtables binary. Reported-by: <syzbot+845a53d13171abf8bf29(a)syzkaller.appspotmail.com> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/bridge/netfilter/ebtables.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -2053,7 +2053,9 @@ static int ebt_size_mwt(struct compat_eb if (match_kern) match_kern->match_size = ret; - WARN_ON(type == EBT_COMPAT_TARGET && size_left); + if (WARN_ON(type == EBT_COMPAT_TARGET && size_left)) + return -EINVAL; + match32 = (struct compat_ebt_entry_mwt *) buf; } @@ -2109,6 +2111,15 @@ static int size_entry_mwt(struct ebt_ent * * offsets are relative to beginning of struct ebt_entry (i.e., 0). */ + for (i = 0; i < 4 ; ++i) { + if (offsets[i] >= *total) + return -EINVAL; + if (i == 0) + continue; + if (offsets[i-1] > offsets[i]) + return -EINVAL; + } + for (i = 0, j = 1 ; j < 4 ; j++, i++) { struct compat_ebt_entry_mwt *match32; unsigned int size; Patches currently in stable-queue which might be from fw(a)strlen.de are queue-4.14/netfilter-add-back-stackpointer-size-checks.patch queue-4.14/netfilter-ipv6-fix-use-after-free-write-in-nf_nat_ipv6_manip_pkt.patch queue-4.14/netfilter-ebtables-config_compat-don-t-trust-userland-offsets.patch queue-4.14/netfilter-bridge-ebt_among-add-missing-match-size-checks.patch

7 years, 3 months

3
3
0 0

Patch "netfilter: x_tables: fix missing timer initialization in xt_LED" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: x_tables: fix missing timer initialization in xt_LED to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-x_tables-fix-missing-timer-initialization-in-xt_led.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 10414014bc085aac9f787a5890b33b5605fbcfc4 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Mon, 12 Feb 2018 18:49:39 +0100 Subject: netfilter: x_tables: fix missing timer initialization in xt_LED From: Paolo Abeni <pabeni(a)redhat.com> commit 10414014bc085aac9f787a5890b33b5605fbcfc4 upstream. syzbot reported that xt_LED may try to use the ledinternal->timer without previously initializing it: ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 1826 Comm: kworker/1:2 Not tainted 4.15.0+ #306 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:__mod_timer kernel/time/timer.c:958 [inline] RIP: 0010:mod_timer+0x7d6/0x13c0 kernel/time/timer.c:1102 RSP: 0018:ffff8801d24fe9f8 EFLAGS: 00010293 RAX: ffff8801d25246c0 RBX: ffff8801aec6cb50 RCX: ffffffff816052c6 RDX: 0000000000000000 RSI: 00000000fffbd14b RDI: ffff8801aec6cb68 RBP: ffff8801d24fec98 R08: 0000000000000000 R09: 1ffff1003a49fd6c R10: ffff8801d24feb28 R11: 0000000000000005 R12: dffffc0000000000 R13: ffff8801d24fec70 R14: 00000000fffbd14b R15: ffff8801af608f90 FS: 0000000000000000(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000206d6fd0 CR3: 0000000006a22001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: led_tg+0x1db/0x2e0 net/netfilter/xt_LED.c:75 ip6t_do_table+0xc2a/0x1a30 net/ipv6/netfilter/ip6_tables.c:365 ip6table_raw_hook+0x65/0x80 net/ipv6/netfilter/ip6table_raw.c:42 nf_hook_entry_hookfn include/linux/netfilter.h:120 [inline] nf_hook_slow+0xba/0x1a0 net/netfilter/core.c:483 nf_hook.constprop.27+0x3f6/0x830 include/linux/netfilter.h:243 NF_HOOK include/linux/netfilter.h:286 [inline] ndisc_send_skb+0xa51/0x1370 net/ipv6/ndisc.c:491 ndisc_send_ns+0x38a/0x870 net/ipv6/ndisc.c:633 addrconf_dad_work+0xb9e/0x1320 net/ipv6/addrconf.c:4008 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 Code: 85 2a 0b 00 00 4d 8b 3c 24 4d 85 ff 75 9f 4c 8b bd 60 fd ff ff e8 bb 57 10 00 65 ff 0d 94 9a a1 7e e9 d9 fc ff ff e8 aa 57 10 00 <0f> 0b e8 a3 57 10 00 e9 14 fb ff ff e8 99 57 10 00 4c 89 bd 70 RIP: __mod_timer kernel/time/timer.c:958 [inline] RSP: ffff8801d24fe9f8 RIP: mod_timer+0x7d6/0x13c0 kernel/time/timer.c:1102 RSP: ffff8801d24fe9f8 ---[ end trace f661ab06f5dd8b3d ]--- The ledinternal struct can be shared between several different xt_LED targets, but the related timer is currently initialized only if the first target requires it. Fix it by unconditionally initializing the timer struct. v1 -> v2: call del_timer_sync() unconditionally, too. Fixes: 268cb38e1802 ("netfilter: x_tables: add LED trigger target") Reported-by: syzbot+10c98dc5725c6c8fc7fb(a)syzkaller.appspotmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/xt_LED.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/net/netfilter/xt_LED.c +++ b/net/netfilter/xt_LED.c @@ -141,10 +141,11 @@ static int led_tg_check(const struct xt_ goto exit_alloc; } - /* See if we need to set up a timer */ - if (ledinfo->delay > 0) - setup_timer(&ledinternal->timer, led_timeout_callback, - (unsigned long)ledinternal); + /* Since the letinternal timer can be shared between multiple targets, + * always set it up, even if the current target does not need it + */ + setup_timer(&ledinternal->timer, led_timeout_callback, + (unsigned long)ledinternal); list_add_tail(&ledinternal->list, &xt_led_triggers); @@ -181,8 +182,7 @@ static void led_tg_destroy(const struct list_del(&ledinternal->list); - if (ledinfo->delay > 0) - del_timer_sync(&ledinternal->timer); + del_timer_sync(&ledinternal->timer); led_trigger_unregister(&ledinternal->netfilter_led_trigger); Patches currently in stable-queue which might be from pabeni(a)redhat.com are queue-4.9/netfilter-nat-cope-with-negative-port-range.patch queue-4.9/netfilter-x_tables-fix-missing-timer-initialization-in-xt_led.patch

7 years, 3 months

1
0
0 0

Patch "[media] tc358743: fix register i2c_rd/wr function fix" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [media] tc358743: fix register i2c_rd/wr function fix to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tc358743-fix-register-i2c_rd-wr-function-fix.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f2c61f98e0b5f8b53b8fb860e5dcdd661bde7d0b Mon Sep 17 00:00:00 2001 From: Philipp Zabel <p.zabel(a)pengutronix.de> Date: Thu, 4 May 2017 12:20:17 -0300 Subject: [media] tc358743: fix register i2c_rd/wr function fix From: Philipp Zabel <p.zabel(a)pengutronix.de> commit f2c61f98e0b5f8b53b8fb860e5dcdd661bde7d0b upstream. The below mentioned fix contains a small but severe bug, fix it to make the driver work again. Fixes: 3538aa6ecfb2 ("[media] tc358743: fix register i2c_rd/wr functions") Cc: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Acked-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Hans Verkuil <hansverk(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/i2c/tc358743.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/media/i2c/tc358743.c +++ b/drivers/media/i2c/tc358743.c @@ -222,7 +222,7 @@ static void i2c_wr8(struct v4l2_subdev * static void i2c_wr8_and_or(struct v4l2_subdev *sd, u16 reg, u8 mask, u8 val) { - i2c_wrreg(sd, reg, (i2c_rdreg(sd, reg, 2) & mask) | val, 2); + i2c_wrreg(sd, reg, (i2c_rdreg(sd, reg, 1) & mask) | val, 1); } static u16 i2c_rd16(struct v4l2_subdev *sd, u16 reg) Patches currently in stable-queue which might be from p.zabel(a)pengutronix.de are queue-4.9/tc358743-fix-register-i2c_rd-wr-function-fix.patch

7 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror