- 24 Apr, 2023 20 commits
-
-
Lino Sanfilippo authored
In tpm_tis_resume() make sure that the locality has been claimed when tpm_tis_reenable_interrupts() is called. Otherwise the writings to the register might not have any effect. Fixes: 45baa1d1 ("tpm_tis: Re-enable interrupts upon (S3) resume") Signed-off-by:
Lino Sanfilippo <l.sanfilippo@kunbus.com> Tested-by:
Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by:
-
Lino Sanfilippo authored
Writing the TPM_INT_STATUS register in the interrupt handler to clear the interrupts only has effect if a locality is held. Since this is not guaranteed at the time the interrupt is fired, claim the locality explicitly in the handler. Signed-off-by:
Michael Niewöhner <linux@mniewoehner.de> Tested-by:
-
Lino Sanfilippo authored
The TIS interrupt handler at least has to read and write the interrupt status register. In case of SPI both operations result in a call to tpm_tis_spi_transfer() which uses the bus_lock_mutex of the spi device and thus must only be called from a sleepable context. To ensure this request a threaded interrupt handler. Signed-off-by:
-
Lino Sanfilippo authored
Implement a usage counter for the (default) locality used by the TPM TIS driver: Request the locality from the TPM if it has not been claimed yet, otherwise only increment the counter. Also release the locality if the counter is 0 otherwise only decrement the counter. Since in case of SPI the register accesses are locked by means of the SPI bus mutex use a sleepable lock (i.e. also a mutex) to ensure thread-safety of the counter which may be accessed by both a userspace thread and the interrupt handler. By doing this refactor the names of the amended functions to use a more appropriate prefix. Signed-off-by:
-
Lino Sanfilippo authored
After driver initialization tpm_tis_data->locality may only be modified in case of a LOCALITY CHANGE interrupt. In this case the interrupt handler iterates over all localities only to assign the active one to tpm_tis_data->locality. However this information is never used any more, so the assignment is not needed. Furthermore without the assignment tpm_tis_data->locality cannot change any more at driver runtime, and thus no protection against concurrent modification is required when the variable is read at other places. So remove this iteration entirely. Signed-off-by:
-
Lino Sanfilippo authored
Clean up wait_for_tpm_stat() by moving multiple similar interrupt mask checks into an own function. Signed-off-by:
-
Lino Sanfilippo authored
According to the TPM Interface Specification (TIS) support for "stsValid" and "commandReady" interrupts is only optional. This has to be taken into account when handling the interrupts in functions like wait_for_tpm_stat(). To determine the supported interrupts use the capability query. Also adjust wait_for_tpm_stat() to only wait for interrupt reported status changes. After that process all the remaining status changes by polling the status register. Signed-off-by:
-
Lino Sanfilippo authored
In tpm_tis_probe_single_irq() interrupt registers TPM_INT_VECTOR, TPM_INT_STATUS and TPM_INT_ENABLE are modified to setup the interrupts. Currently these modifications are done without holding a locality thus they have no effect. Fix this by claiming the (default) locality before the registers are written. Since now tpm_tis_gen_interrupt() is called with the locality already claimed remove locality request and release from this function. Signed-off-by:
-
Lino Sanfilippo authored
If in tpm_tis_probe_irq_single() an error occurs after the original interrupt vector has been read, restore the interrupts before the error is returned. Since the caller does not check the error value, return -1 in any case that the TPM_CHIP_FLAG_IRQ flag is not set. Since the return value of function tpm_tis_gen_interrupt() is not longer used, make it a void function. Fixes: 1107d065 ("tpm_tis: Introduce intermediate layer for TPM access") Signed-off-by:
-
Lino Sanfilippo authored
Both functions tpm_tis_probe_irq_single() and tpm_tis_probe_irq() may setup the interrupts and then return with an error. This case is indicated by a missing TPM_CHIP_FLAG_IRQ flag in chip->flags. Currently the interrupt setup is only undone if tpm_tis_probe_irq_single() fails. Undo the setup also if tpm_tis_probe_irq() fails. Signed-off-by:
-
Lino Sanfilippo authored
In disable_interrupts() the TPM_GLOBAL_INT_ENABLE bit is unset in the TPM_INT_ENABLE register to shut the interrupts off. However modifying the register is only possible with a held locality. So claim the locality before disable_interrupts() is called. Signed-off-by:
-
Lino Sanfilippo authored
The interrupt handler that sets the boolean variable irq_tested may run on another CPU as the thread that checks irq_tested as part of the irq test in tpm_tis_send(). Since nothing guarantees cache coherency between CPUs for unsynchronized accesses to boolean variables the testing thread might not perceive the value change done in the interrupt handler. Avoid this issue by setting the bit TPM_TIS_IRQ_TESTED in the flags field of the tpm_tis_data struct and by accessing this field with the bit manipulating functions that provide cache coherency. Also convert all other existing sites to use the proper macros when accessing this bitfield. Signed-off-by:
-
Eric Snowberg authored
Add machine keyring CA restriction options to control the type of keys that may be added to it. The motivation is separation of certificate signing from code signing keys. Subsquent work will limit certificates being loaded into the IMA keyring to code signing keys used for signature verification. When no restrictions are selected, all Machine Owner Keys (MOK) are added to the machine keyring. When CONFIG_INTEGRITY_CA_MACHINE_KEYRING is selected, the CA bit must be true. Also the key usage must contain keyCertSign, any other usage field may be set as well. When CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX is selected, the CA bit must be true. Also the key usage must contain keyCertSign and the digitialSignature usage may not be set. Signed-off-by:
Eric Snowberg <eric.snowberg@oracle.com> Acked-by:
Mimi Zohar <zohar@linux.ibm.com> Reviewed-by:
-
Eric Snowberg authored
Add a new link restriction. Restrict the addition of keys in a keyring based on the key to be added being a CA. Signed-off-by:
-
Eric Snowberg authored
Parse the X.509 Key Usage. The key usage extension defines the purpose of the key contained in the certificate. id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } KeyUsage ::= BIT STRING { digitalSignature (0), contentCommitment (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } If the keyCertSign or digitalSignature is set, store it in the public_key structure. Having the purpose of the key being stored during parsing, allows enforcement on the usage field in the future. This will be used in a follow on patch that requires knowing the certificate key usage type. Link: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3Signed-off-by: -
Eric Snowberg authored
Parse the X.509 Basic Constraints. The basic constraints extension identifies whether the subject of the certificate is a CA. BasicConstraints ::= SEQUENCE { cA BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER (0..MAX) OPTIONAL } If the CA is true, store it in the public_key. This will be used in a follow on patch that requires knowing if the public key is a CA. Link: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9Signed-off-by: -
Eric Snowberg authored
Compiling with 'W=1' results in warnings that 'Function parameter or member not described' Add the missing parameters for restrict_link_by_builtin_and_secondary_trusted and restrict_link_to_builtin_trusted. Use /* instead of /** for get_builtin_and_secondary_restriction, since it is a static function. Fix wrong function name restrict_link_to_builtin_trusted. Fixes: d3bfe841 ("certs: Add a secondary system keyring that can be added to dynamically") Signed-off-by:
Petr Vorel <pvorel@suse.cz> Reviewed-by:
-
Eric Snowberg authored
The kernel test robot reports undefined reference to public_key_verify_signature when CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not defined. Create a static version in this case and return -EINVAL. Fixes: db6c43bd ("crypto: KEYS: convert public key and digsig asym to the akcipher api") Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
-
Yu Zhe authored
Pointer variables of void * type do not require type cast. Signed-off-by:
Yu Zhe <yuzhe@nfschina.com> Reviewed-by:
-
Mark Hasemeyer authored
When waiting for a tpm ready completion, the cr50 i2c driver incorrectly assumes that the value of timeout_a is represented in milliseconds instead of jiffies. Remove the msecs_to_jiffies conversion. Signed-off-by:
Mark Hasemeyer <markhas@chromium.org> Reviewed-by:
-
- 23 Apr, 2023 9 commits
-
-
Linus Torvalds authored
-
Linus Torvalds authored
We started disabling '-Warray-bounds' for gcc-12 originally on s390, because it resulted in some warnings that weren't realistically fixable (commit 8b202ee2: "s390: disable -Warray-bounds"). That s390-specific issue was then found to be less common elsewhere, but generic (see f0be87c4: "gcc-12: disable '-Warray-bounds' universally for now"), and then later expanded the version check was expanded to gcc-11 (5a41237a: "gcc: disable -Warray-bounds for gcc-11 too"). And it turns out that I was much too optimistic in thinking that it's all going to go away, and here we are with gcc-13 showing all the same issues. So instead of expanding this one version at a time, let's just disable it for gcc-11+, and put an end limit to it only when we actually find a solution. Yes, I'm sure some of this is because the kernel just does odd things (like our "container_of()" use, but also knowingly playing games with things like linker tables and array layouts). And yes, some of the warnings are likely signs of real bugs, but when there are hundreds of false positives, that doesn't really help. Oh well. Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
Merge tag 'kbuild-fixes-v6.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - Fix the prefix in the kernel source tarball - Fix a typo in the copyright file in Debian package * tag 'kbuild-fixes-v6.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: use proper prefix for tarballs to fix rpm-pkg build error kbuild: deb-pkg: Fix a spell typo in mkdebian script
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull irq fix from Borislav Petkov: - Remove an over-zealous sanity check of the array of MSI-X vectors to be allocated for a device * tag 'irq_urgent_for_v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: PCI/MSI: Remove over-zealous hardware size check in pci_msix_validate_entries()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fix from Borislav Petkov - Fix for older binutils which do not support C-syntax constant suffixes * tag 'x86_urgent_for_v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/alternatives: Do not use integer constant suffixes in inline asm
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input fixes from Dmitry Torokhov: - a check in pegasus-notetaker driver to validate the type of pipe when probing a new device - a fix for Cypress touch controller to correctly parse maximum number of touches. * tag 'input-for-v6.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: cyttsp5 - fix sensing configuration data structure Input: pegasus-notetaker - check pipe type when probing
-
Masahiro Yamada authored
Since commit f8d94c4e ("kbuild: do not create intermediate *.tar for source tarballs"), 'make rpm-pkg' fails because the prefix of the source tarball is 'linux.tar/' instead of 'linux/'. $(basename $@) strips only '.gz' from the filename linux.tar.gz. You need to strip two suffixes from compressed tarballs and one suffix from uncompressed tarballs (for example 'perf-6.3.0.tar' generated by 'make perf-tar-src-pkg'). One tricky fix might be --prefix=$(firstword $(subst .tar, ,$@))/ but I think it is better to hard-code the prefix. Fixes: f8d94c4e ("kbuild: do not create intermediate *.tar for source tarballs") Reported-by:
Jiwei Sun <sunjw10@lenovo.com> Signed-off-by:
Masahiro Yamada <masahiroy@kernel.org> Reviewed-by:
Nicolas Schier <nicolas@fjasle.eu>
-
Woody Suwalski authored
Signed-off-by:
Woody Suwalski <terraluna977@gmail.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/mips/linuxLinus Torvalds authored
Pull MIPS fix from Thomas Bogendoerfer: "Fix for link errors" * tag 'mips-fixes_6.3_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: Define RUNTIME_DISCARD_EXIT in LD script
-
- 22 Apr, 2023 2 commits
-
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull kvm fixes from Paolo Bonzini: "Two serious ARM fixes: - Plug a buffer overflow due to the use of the user-provided register width for firmware regs. Outright reject accesses where the user register width does not match the kernel representation. - Protect non-atomic RMW operations on vCPU flags against preemption, as an update to the flags by an intervening preemption could be lost" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() KVM: arm64: Make vcpu flag updates non-preemptible -
git://git.samba.org/sfrench/cifs-2.6Linus Torvalds authored
Pull cifs fixes from Steve French: "Three small smb3 client fixes: - two important fixes for unbuffered read regression with the iov_iter changes (e.g. read soon after mount in some multichannel scenarios) - DFS prefix path fix (also for stable)" * tag '6.3-rc7-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: Reapply lost fix from commit 30b2b219 cifs: Fix unbuffered read cifs: avoid dup prefix path in dfs_get_automount_devname()
-
- 21 Apr, 2023 9 commits
-
-
Paolo Bonzini authored
Merge tag 'kvmarm-fixes-6.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm64 fixes for 6.3, part #4 - Plug a buffer overflow due to the use of the user-provided register width for firmware regs. Outright reject accesses where the user register width does not match the kernel representation. - Protect non-atomic RMW operations on vCPU flags against preemption, as an update to the flags by an intervening preemption could be lost.
-
Jiaxun Yang authored
MIPS's exit sections are discarded at runtime as well. Fixes link error: `.exit.text' referenced in section `__jump_table' of fs/fuse/inode.o: defined in discarded section `.exit.text' of fs/fuse/inode.o Fixes: 99cb0d91 ("arch: fix broken BuildID for arm64 and riscv") Reported-by:
"kernelci.org bot" <bot@kernelci.org> Signed-off-by:
Jiaxun Yang <jiaxun.yang@flygoat.com> Signed-off-by:
Thomas Bogendoerfer <tsbogend@alpha.franken.de>
-
Linus Torvalds authored
This reverts commit 5c62d5aa. This broke wake-on-lan for multiple people, and for much too long. Link: https://bugzilla.kernel.org/show_bug.cgi?id=217069 Link: https://lore.kernel.org/all/754225a2-95a9-2c36-1886-7da1a78308c2@loongson.cn/ Link: https://github.com/acpica/acpica/pull/866 Cc: Rafael J. Wysocki <rafael@kernel.org> Cc: Jianmin Lv <lvjianmin@loongson.cn> Cc: Huacai Chen <chenhuacai@loongson.cn> Cc: Bob Moore <robert.moore@intel.com> Cc: stable@kernel.org # 6.2 Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linuxLinus Torvalds authored
Pull btrfs fixes from David Sterba: "Two patches fixing the problem with aync discard. The default settings had a low IOPS limit and processing a large batch to discard would take a long time. On laptops this can cause increased power consumption due to disk activity. As async discard has been on by default since 6.2 this likely affects a lot of users. Summary: - increase the default IOPS limit 10x which reportedly helped - setting the sysfs IOPS value to 0 now does not throttle anymore allowing the discards to be processed at full speed. Previously there was an arbitrary 6 hour target for processing the pending batch" * tag 'for-6.3-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: reinterpret async discard iops_limit=0 as no delay btrfs: set default discard iops_limit to 1000 -
git://git.kernel.dk/linuxLinus Torvalds authored
Pull block fix from Jens Axboe: "Just a single revert of a patch from the 6.3 series" * tag 'block-6.3-2023-04-21' of git://git.kernel.dk/linux: Revert "block: Merge bio before checking ->cached_rq"
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "Here are some last-minute tiny driver fixes for 6.3-final. They include fixes for some fpga and iio drivers: - fpga bridge driver fix - fpga dfl error reporting fix - fpga m10bmc driver fix - fpga xilinx driver fix - iio light driver fix - iio dac fwhandle leak fix - iio adc driver fix All of these have been in linux-next for a few weeks with no reported problems" * tag 'char-misc-6.3-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: iio: light: tsl2772: fix reading proximity-diodes from device tree fpga: bridge: properly initialize bridge device before populating children iio: dac: ad5755: Add missing fwnode_handle_put() iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() fpga: xilinx-pr-decoupler: Use readl wrapper instead of pure readl fpga: dfl-pci: Drop redundant pci_enable_pcie_error_reporting() fpga: m10bmc-sec: Fix rsu_send_data() to return FW_UPLOAD_ERR_HW_ERROR
-
git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linuxLinus Torvalds authored
Pull gpio fixes from Bartosz Golaszewski: - use raw_spinlocks in regmaps that are used in interrupt context in gpio-104-idi-48 and gpio-104-dio-48e * tag 'gpio-fixes-for-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: gpio: 104-idi-48: Enable use_raw_spinlock for idi48_regmap_config gpio: 104-dio-48e: Enable use_raw_spinlock for dio48e_regmap_config
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "Just a few fixes: all small and device-specific (ASoC FSL, SOF, and HD-audio quirks), should be safe to apply at the last minute" * tag 'sound-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook ASoC: fsl_asrc_dma: fix potential null-ptr-deref ASoC: fsl_sai: Fix pins setting for i.MX8QM platform ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 ASoC: max98373: change power down sequence for smart amp ASoC: SOF: pm: Tear down pipelines only if DSP was active ASoC: SOF: ipc4-topology: Clarify bind failure caused by missing fw_module
-
Ekaterina Orlova authored
It seems there is a misprint in the check of strdup() return code that can lead to NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 4520c6a4 ("X.509: Add simple ASN.1 grammar compiler") Signed-off-by:
Ekaterina Orlova <vorobushek.ok@gmail.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Cc: keyrings@vger.kernel.org Cc: linux-kbuild@vger.kernel.org Link: https://lore.kernel.org/r/20230315172130.140-1-vorobushek.ok@gmail.com/Signed-off-by:
David Howells <dhowells@redhat.com> Signed-off-by:
-
