summaryrefslogtreecommitdiffstats
path: root/drivers/char
AgeCommit message (Collapse)AuthorFilesLines
2019-04-17ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrierCorey Minyard1-2/+17
free_user() could be called in atomic context. This patch pushed the free operation off into a workqueue. Example: BUG: sleeping function called from invalid context at kernel/workqueue.c:2856 in_atomic(): 1, irqs_disabled(): 0, pid: 177, name: ksoftirqd/27 CPU: 27 PID: 177 Comm: ksoftirqd/27 Not tainted 4.19.25-3 #1 Hardware name: AIC 1S-HV26-08/MB-DPSB04-06, BIOS IVYBV060 10/21/2015 Call Trace: dump_stack+0x5c/0x7b ___might_sleep+0xec/0x110 __flush_work+0x48/0x1f0 ? try_to_del_timer_sync+0x4d/0x80 _cleanup_srcu_struct+0x104/0x140 free_user+0x18/0x30 [ipmi_msghandler] ipmi_free_recv_msg+0x3a/0x50 [ipmi_msghandler] deliver_response+0xbd/0xd0 [ipmi_msghandler] deliver_local_response+0xe/0x30 [ipmi_msghandler] handle_one_recv_msg+0x163/0xc80 [ipmi_msghandler] ? dequeue_entity+0xa0/0x960 handle_new_recv_msgs+0x15c/0x1f0 [ipmi_msghandler] tasklet_action_common.isra.22+0x103/0x120 __do_softirq+0xf8/0x2d7 run_ksoftirqd+0x26/0x50 smpboot_thread_fn+0x11d/0x1e0 kthread+0x103/0x140 ? sort_range+0x20/0x20 ? kthread_destroy_worker+0x40/0x40 ret_from_fork+0x1f/0x40 Fixes: 77f8269606bf ("ipmi: fix use-after-free of user->release_barrier.rda") Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: stable@vger.kernel.org # 5.0 Cc: Yang Yingliang <yangyingliang@huawei.com>
2019-04-16ipmi: ipmi_si_hardcode.c: init si_type array to fix a crashTony Camuso1-0/+2
The intended behavior of function ipmi_hardcode_init_one() is to default to kcs interface when no type argument is presented when initializing ipmi with hard coded addresses. However, the array of char pointers allocated on the stack by function ipmi_hardcode_init() was not inited to zeroes, so it contained stack debris. Consequently, passing the cruft stored in this array to function ipmi_hardcode_init_one() caused a crash when it was unable to detect that the char * being passed was nonsense and tried to access the address specified by the bogus pointer. The fix is simply to initialize the si_type array to zeroes, so if there were no type argument given to at the command line, function ipmi_hardcode_init_one() could properly default to the kcs interface. Signed-off-by: Tony Camuso <tcamuso@redhat.com> Message-Id: <1554837603-40299-1-git-send-email-tcamuso@redhat.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-04-16ipmi: Fix failure on SMBIOS specified devicesCorey Minyard1-1/+0
An extra memset was put into a place that cleared the interface type. Reported-by: Tony Camuso <tcamuso@redhat.com> Fixes: 3cd83bac481dc4 ("ipmi: Consolidate the adding of platform devices") Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-04-08tpm: Fix the type of the return value in calc_tpm2_event_size()Yue Haibing1-2/+2
calc_tpm2_event_size() has an invalid signature because it returns a 'size_t' where as its signature says that it returns 'int'. Cc: <stable@vger.kernel.org> Fixes: 4d23cc323cdb ("tpm: add securityfs support for TPM 2.0 firmware event log") Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Yue Haibing <yuehaibing@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.morris@microsoft.com>
2019-04-08tpm: fix an invalid condition in tpm_common_pollTadeusz Struk1-1/+8
The poll condition should only check response_length, because reads should only be issued if there is data to read. The response_read flag only prevents double writes. The problem was that the write set the response_read to false, enqued a tpm job, and returned. Then application called poll which checked the response_read flag and returned EPOLLIN. Then the application called read, but got nothing. After all that the async_work kicked in. Added also mutex_lock around the poll check to prevent other possible race conditions. Fixes: 9488585b21bef0df12 ("tpm: add support for partial reads") Reported-by: Mantas Mikulėnas <grawity@gmail.com> Tested-by: Mantas Mikulėnas <grawity@gmail.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.morris@microsoft.com>
2019-04-08tpm: turn on TPM on suspend for TPM 1.xJarkko Sakkinen1-8/+6
tpm_chip_start/stop() should be also called for TPM 1.x devices on suspend. Add that functionality back. Do not lock the chip because it is unnecessary as there are no multiple threads using it when doing the suspend. Fixes: a3fbfae82b4c ("tpm: take TPM chip power gating out of tpm_transmit()") Reported-by: Paul Zimmerman <pauldzim@gmail.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Domenico Andreoli <domenico.andreoli@linux.com> Signed-off-by: James Morris <james.morris@microsoft.com>
2019-04-05tty: mark Siemens R3964 line discipline as BROKENGreg Kroah-Hartman1-1/+1
The n_r3964 line discipline driver was written in a different time, when SMP machines were rare, and users were trusted to do the right thing. Since then, the world has moved on but not this code, it has stayed rooted in the past with its lovely hand-crafted list structures and loads of "interesting" race conditions all over the place. After attempting to clean up most of the issues, I just gave up and am now marking the driver as BROKEN so that hopefully someone who has this hardware will show up out of the woodwork (I know you are out there!) and will help with debugging a raft of changes that I had laying around for the code, but was too afraid to commit as odds are they would break things. Many thanks to Jann and Linus for pointing out the initial problems in this codebase, as well as many reviews of my attempts to fix the issues. It was a case of whack-a-mole, and as you can see, the mole won. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-10Merge branch 'next-tpm' of ↵Linus Torvalds26-700/+721
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull tpm updates from James Morris: - Clean up the transmission flow Cleaned up the whole transmission flow. Locking of the chip is now done in the level of tpm_try_get_ops() and tpm_put_ops() instead taking the chip lock inside tpm_transmit(). The nested calls inside tpm_transmit(), used with the resource manager, have been refactored out. Should make easier to perform more complex transactions with the TPM without making the subsystem a bigger mess (e.g. encrypted channel patches by James Bottomley). - PPI 1.3 support TPM PPI 1.3 introduces an additional optional command parameter that may be needed for some commands. Display the parameter if the command requires such a parameter. Only command 23 (SetPCRBanks) needs one. The PPI request file will show output like this then: # echo "23 16" > request # cat request 23 16 # echo "5" > request # cat request 5 - Extend all PCR banks in IMA Instead of static PCR banks array, the array of available PCR banks is now allocated dynamically. The digests sizes are determined dynamically using a probe PCR read without relying crypto's static list of hash algorithms. This should finally make sealing of measurements in IMA safe and secure. - TPM 2.0 selftests Added a test suite to tools/testing/selftests/tpm2 previously outside of the kernel tree: https://github.com/jsakkine-intel/tpm2-scripts * 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (37 commits) tpm/ppi: Enable submission of optional command parameter for PPI 1.3 tpm/ppi: Possibly show command parameter if TPM PPI 1.3 is used tpm/ppi: Display up to 101 operations as define for version 1.3 tpm/ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_ID_1 tpm/ppi: pass function revision ID to tpm_eval_dsm() tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip() tpm: move tpm_chip definition to include/linux/tpm.h tpm: retrieve digest size of unknown algorithms with PCR read tpm: rename and export tpm2_digest and tpm2_algorithms tpm: dynamically allocate the allocated_banks array tpm: remove @flags from tpm_transmit() tpm: take TPM chip power gating out of tpm_transmit() tpm: introduce tpm_chip_start() and tpm_chip_stop() tpm: remove TPM_TRANSMIT_UNLOCKED flag tpm: use tpm_try_get_ops() in tpm-sysfs.c. tpm: remove @space from tpm_transmit() tpm: move TPM space code out of tpm_transmit() tpm: move tpm_validate_commmand() to tpm2-space.c tpm: clean up tpm_try_transmit() error handling flow ...
2019-03-08Merge tag 'for-linus-5.1' of git://github.com/cminyard/linux-ipmiLinus Torvalds20-482/+756
Pull IPMI updates from Corey Minyard: "A couple of bug fixes and a bunch of code cleanup: - Fix a use after free error in a certain error situation. - Fix some flag handling issues in the SSIF (I2C) IPMI driver. - A bunch of cleanups, spacing issues, converting pr_xxx to dev_xxx, use standard UUID handling, and some other minor stuff. - The IPMI code was creating a platform device if none was supplied. Instead of doing that, have every source that creates an IPMI device supply a device struct. This fixes several issues,including a crash in one situation, and cleans things up a bit" * tag 'for-linus-5.1' of git://github.com/cminyard/linux-ipmi: ipmi_si: Potential array underflow in hotmod_handler() ipmi_si: Remove hacks for adding a dummy platform devices ipmi_si: Consolidate scanning the platform bus ipmi_si: Remove hotmod devices on removal and exit ipmi_si: Remove hardcode IPMI devices by scanning the platform bus ipmi_si: Switch hotmod to use a platform device ipmi: Consolidate the adding of platform devices ipmi_si: Rename addr_type to addr_space to match what it does ipmi_si: Convert some types into unsigned ipmi_si: Fix crash when using hard-coded device ipmi: Use dedicated API for copying a UUID ipmi: Use defined constant for UUID representation ipmi:ssif: Change some pr_xxx to dev_xxx calls ipmi: kcs_bmc: handle devm_kasprintf() failure case ipmi: Fix return value when a message is truncated ipmi: clean an indentation issue, remove extraneous space ipmi: Make the smi watcher be disabled immediately when not needed ipmi: Fix how the lower layers are told to watch for messages ipmi: Fix SSIF flag requests ipmi_si: fix use-after-free of resource->name
2019-03-06Merge tag 'char-misc-5.1-rc1' of ↵Linus Torvalds9-629/+300
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here is the big char/misc driver patch pull request for 5.1-rc1. The largest thing by far is the new habanalabs driver for their AI accelerator chip. For now it is in the drivers/misc directory but will probably move to a new directory soon along with other drivers of this type. Other than that, just the usual set of individual driver updates and fixes. There's an "odd" merge in here from the DRM tree that they asked me to do as the MEI driver is starting to interact with the i915 driver, and it needed some coordination. All of those patches have been properly acked by the relevant subsystem maintainers. All of these have been in linux-next with no reported issues, most for quite some time" * tag 'char-misc-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (219 commits) habanalabs: adjust Kconfig to fix build errors habanalabs: use %px instead of %p in error print habanalabs: use do_div for 64-bit divisions intel_th: gth: Fix an off-by-one in output unassigning habanalabs: fix little-endian<->cpu conversion warnings habanalabs: use NULL to initialize array of pointers habanalabs: fix little-endian<->cpu conversion warnings habanalabs: soft-reset device if context-switch fails habanalabs: print pointer using %p habanalabs: fix memory leak with CBs with unaligned size habanalabs: return correct error code on MMU mapping failure habanalabs: add comments in uapi/misc/habanalabs.h habanalabs: extend QMAN0 job timeout habanalabs: set DMA0 completion to SOB 1007 habanalabs: fix validation of WREG32 to DMA completion habanalabs: fix mmu cache registers init habanalabs: disable CPU access on timeouts habanalabs: add MMU DRAM default page mapping habanalabs: Dissociate RAZWI info from event types misc/habanalabs: adjust Kconfig to fix build errors ...
2019-03-06Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-2/+0
Merge misc updates from Andrew Morton: - a few misc things - ocfs2 updates - most of MM * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (159 commits) tools/testing/selftests/proc/proc-self-syscall.c: remove duplicate include proc: more robust bulk read test proc: test /proc/*/maps, smaps, smaps_rollup, statm proc: use seq_puts() everywhere proc: read kernel cpu stat pointer once proc: remove unused argument in proc_pid_lookup() fs/proc/thread_self.c: code cleanup for proc_setup_thread_self() fs/proc/self.c: code cleanup for proc_setup_self() proc: return exit code 4 for skipped tests mm,mremap: bail out earlier in mremap_to under map pressure mm/sparse: fix a bad comparison mm/memory.c: do_fault: avoid usage of stale vm_area_struct writeback: fix inode cgroup switching comment mm/huge_memory.c: fix "orig_pud" set but not used mm/hotplug: fix an imbalance with DEBUG_PAGEALLOC mm/memcontrol.c: fix bad line in comment mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm/compaction: pass pgdat to too_many_isolated() instead of zone mm: remove zone_lru_lock() function, access ->lru_lock directly ...
2019-03-06Merge tag 'armsoc-drivers' of ↵Linus Torvalds3-0/+322
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM SoC driver updates from Arnd Bergmann: "As usual, the drivers/tee and drivers/reset subsystems get merged here, with the expected set of smaller updates and some new hardware support. The tee subsystem now supports device drivers to be attached to a tee, the first example here is a random number driver with its implementation in the secure world. Three new power domain drivers get added for specific chip families: - Broadcom BCM283x chips (used in Raspberry Pi) - Qualcomm Snapdragon phone chips - Xilinx ZynqMP FPGA SoCs One new driver is added to talk to the BPMP firmware on NVIDIA Tegra210 Existing drivers are extended for new SoC variants from NXP, NVIDIA, Amlogic and Qualcomm" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (113 commits) tee: optee: update optee_msg.h and optee_smc.h to dual license tee: add cancellation support to client interface dpaa2-eth: configure the cache stashing amount on a queue soc: fsl: dpio: configure cache stashing destination soc: fsl: dpio: enable frame data cache stashing per software portal soc: fsl: guts: make fsl_guts_get_svr() static hwrng: make symbol 'optee_rng_id_table' static tee: optee: Fix unsigned comparison with less than zero hwrng: Fix unsigned comparison with less than zero tee: fix possible error pointer ctx dereferencing hwrng: optee: Initialize some structs using memset instead of braces tee: optee: Initialize some structs using memset instead of braces soc: fsl: dpio: fix memory leak of a struct qbman on error exit path clk: tegra: dfll: Make symbol 'tegra210_cpu_cvb_tables' static soc: qcom: llcc-slice: Fix typos qcom: soc: llcc-slice: Consolidate some code qcom: soc: llcc-slice: Clear the global drv_data pointer on error drivers: soc: xilinx: Add ZynqMP power domain driver firmware: xilinx: Add APIs to control node status/power dt-bindings: power: Add ZynqMP power domain bindings ...
2019-03-05agp: efficeon: no need to set PG_reserved on GATT tablesDavid Hildenbrand1-2/+0
Patch series "mm: PG_reserved cleanups and documentation", v2. I was recently going over all users of PG_reserved. Short story: it is difficult and sometimes not really clear if setting/checking for PG_reserved is only a relict from the past. Easy to break things. I guess I now have a pretty good idea wh things are like that nowadays and how they evolved. I had way more cleanups in this series inititally, but some architectures take PG_reserved as a way to apply a different caching strategy (for MMIO pages). So I decided to only include the most obvious changes (that are less likely to break something). So the big chunk of manual SetPageReserved users are MMIO/DMA related things on device buffers. Most notably, for device memory we will hopefully soon stop setting PG_reserved. Then the documentation has to be updated. This patch (of 9): The l1 GATT page table is kept in a special on-chip page with 64 entries. We allocate the l2 page table pages via get_zeroed_page() and enter them into the table. These l2 pages are modified accordingly when inserting/removing memory via efficeon_insert_memory and efficeon_remove_memory. Apart from that, these pages are not exposed or ioremap'ed. We can stop setting them reserved (propably copied from generic code). Link: http://lkml.kernel.org/r/20190114125903.24845-2-david@redhat.com Signed-off-by: David Hildenbrand <david@redhat.com> Cc: David Airlie <airlied@linux.ie> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Matthew Wilcox <willy@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-05Merge branch 'linus' of ↵Linus Torvalds2-9/+11
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto update from Herbert Xu: "API: - Add helper for simple skcipher modes. - Add helper to register multiple templates. - Set CRYPTO_TFM_NEED_KEY when setkey fails. - Require neither or both of export/import in shash. - AEAD decryption test vectors are now generated from encryption ones. - New option CONFIG_CRYPTO_MANAGER_EXTRA_TESTS that includes random fuzzing. Algorithms: - Conversions to skcipher and helper for many templates. - Add more test vectors for nhpoly1305 and adiantum. Drivers: - Add crypto4xx prng support. - Add xcbc/cmac/ecb support in caam. - Add AES support for Exynos5433 in s5p. - Remove sha384/sha512 from artpec7 as hardware cannot do partial hash" [ There is a merge of the Freescale SoC tree in order to pull in changes required by patches to the caam/qi2 driver. ] * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (174 commits) crypto: s5p - add AES support for Exynos5433 dt-bindings: crypto: document Exynos5433 SlimSSS crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name crypto: af_alg - use struct_size() in sock_kfree_s() crypto: caam - remove redundant likely/unlikely annotation crypto: s5p - update iv after AES-CBC op end crypto: x86/poly1305 - Clear key material from stack in SSE2 variant crypto: caam - generate hash keys in-place crypto: caam - fix DMA mapping xcbc key twice crypto: caam - fix hash context DMA unmap size hwrng: bcm2835 - fix probe as platform device crypto: s5p-sss - Use AES_BLOCK_SIZE define instead of number crypto: stm32 - drop pointless static qualifier in stm32_hash_remove() crypto: chelsio - Fixed Traffic Stall crypto: marvell - Remove set but not used variable 'ivsize' crypto: ccp - Update driver messages to remove some confusion crypto: adiantum - add 1536 and 4096-byte test vectors crypto: nhpoly1305 - add a test vector with len % 16 != 0 crypto: arm/aes-ce - update IV after partial final CTR block ...
2019-02-28hwrng: bcm2835 - fix probe as platform deviceJonas Gorski1-8/+10
BCM63XX (MIPS) does not use device tree, so there cannot be any of_device_id, causing the driver to fail on probe: [ 0.904564] bcm2835-rng: probe of bcm63xx-rng failed with error -22 Fix this by checking for match data only if we are probing from device tree. Fixes: 8705f24f7b57 ("hwrng: bcm2835 - Enable BCM2835 RNG to work on BCM63xx platforms") Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-02-26hpet: Use struct_size() in kzalloc()Gustavo A. R. Silva1-5/+2
One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; struct boo entry[]; }; size = sizeof(struct foo) + count * sizeof(struct boo); instance = kzalloc(size, GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL); Notice that, in this case, variable siz is not necessary, hence it is removed. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-22ipmi_si: Potential array underflow in hotmod_handler()Dan Carpenter1-1/+2
The "ival" variable needs to signed so that we don't read before the start of the str[] array. This would only happen the user passed in a module parameter that was just comprised of space characters. Fixes: e80444ae4fc3 ("ipmi_si: Switch hotmod to use a platform device") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Message-Id: <20190222195530.GA306@kadam> Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Remove hacks for adding a dummy platform devicesCorey Minyard1-42/+3
All the IPMI address sources now supply a real device. This cheap hack is no longer necessary. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Consolidate scanning the platform busCorey Minyard4-30/+23
The same basic code was in two places. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Remove hotmod devices on removal and exitCorey Minyard3-6/+43
When a hotmod-added device is removed or when the module is removed, remove the platform devices that was created for it. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Remove hardcode IPMI devices by scanning the platform busCorey Minyard1-7/+15
Instead of keeping track of each one, just scan the platform bus for hardcode devices and remove them. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Switch hotmod to use a platform deviceCorey Minyard3-113/+98
Don't force the main code to create one for it. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi: Consolidate the adding of platform devicesCorey Minyard9-214/+205
It was being done in two different places now that hard-coded devices use platform devices, and it's about to be three with hotmod switching to platform devices. So put the code in one place. This required some rework on some interfaces to make the type space clean. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Rename addr_type to addr_space to match what it doesCorey Minyard8-27/+29
Make the naming consistent, and make the values an enum. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Convert some types into unsignedCorey Minyard1-4/+4
Things dealing with registers and addresses are all unsigned, make them so. Signed-off-by: Corey Minyard <cminyard@mvista.com>
2019-02-22ipmi_si: Fix crash when using hard-coded deviceCorey Minyard4-76/+216
When excuting a command like: modprobe ipmi_si ports=0xffc0e3 type=bt The system would get an oops. The trouble here is that ipmi_si_hardcode_find_bmc() is called before ipmi_si_platform_init(), but initialization of the hard-coded device creates an IPMI platform device, which won't be initialized yet. The real trouble is that hard-coded devices aren't created with any device, and the fixup is done later. So do it right, create the hard-coded devices as normal platform devices. This required adding some new resource types to the IPMI platform code for passing information required by the hard-coded device and adding some code to remove the hard-coded platform devices on module removal. To enforce the "hard-coded devices passed by the user take priority over firmware devices" rule, some special code was added to check and see if a hard-coded device already exists. Reported-by: Yang Yingliang <yangyingliang@huawei.com> Cc: stable@vger.kernel.org # v4.15+ Signed-off-by: Corey Minyard <cminyard@mvista.com> Tested-by: Yang Yingliang <yangyingliang@huawei.com>
2019-02-20hwrng: make symbol 'optee_rng_id_table' staticWei Yongjun1-1/+1
Fixes the following sparse warning: drivers/char/hw_random/optee-rng.c:265:35: warning: symbol 'optee_rng_id_table' was not declared. Should it be static? Fixes: 5fe8b1cc6a03 ("hwrng: add OP-TEE based rng driver") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-20hwrng: Fix unsigned comparison with less than zeroYueHaibing1-2/+2
The return from the call to tee_client_invoke_func can be a negative error code however this is being assigned to an unsigned variable 'ret' hence the check is always false. Fix this by making 'ret' an int. Detected by Coccinelle ("Unsigned expression compared with zero: ret < 0") Fixes: 5fe8b1cc6a03 ("hwrng: add OP-TEE based rng driver") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-20hwrng: optee: Initialize some structs using memset instead of bracesNathan Chancellor1-5/+13
Clang warns: drivers/char/hw_random/optee-rng.c:80:31: warning: suggest braces around initialization of subobject [-Wmissing-braces] struct tee_param param[4] = {0}; ^ {} drivers/char/hw_random/optee-rng.c:177:31: warning: suggest braces around initialization of subobject [-Wmissing-braces] struct tee_param param[4] = {0}; ^ {} drivers/char/hw_random/optee-rng.c:212:48: warning: suggest braces around initialization of subobject [-Wmissing-braces] struct tee_ioctl_open_session_arg sess_arg = {0}; ^ {} 3 warnings generated. One way to fix these warnings is to add additional braces like Clang suggests; however, there has been a bit of push back from some maintainers, who just prefer memset as it is unambiguous, doesn't depend on a particular compiler version, and properly initializes all subobjects [1][2]. Do that here so there are no more warnings. [1]: https://lore.kernel.org/lkml/022e41c0-8465-dc7a-a45c-64187ecd9684@amd.com/ [2]: https://lore.kernel.org/lkml/20181128.215241.702406654469517539.davem@davemloft.net/ Fixes: 5fe8b1cc6a03 ("hwrng: add OP-TEE based rng driver") Link: https://github.com/ClangBuiltLinux/linux/issues/369 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-15Merge tag 'tee-bus-for-5.1' of ↵Arnd Bergmann3-0/+314
https://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers Introduce TEE bus driver framework - supp_nowait flag for non-blocking tee requests - The tee bus driver framework - OP-TEE TEE bus device enumeration support - An OP-TEE based rng driver * tag 'tee-bus-for-5.1' of https://git.linaro.org/people/jens.wiklander/linux-tee: hwrng: add OP-TEE based rng driver tee: optee: add TEE bus device enumeration support tee: add bus driver framework for TEE based devices tee: add supp_nowait flag in tee_context struct
2019-02-13char: lp: mark expected switch fall-throughGustavo A. R. Silva1-2/+2
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. This patch fixes the following warnings: drivers/char/lp.c: In function ‘lp_compat_ioctl’: drivers/char/lp.c:756:6: warning: this statement may fall through [-Wimplicit-fallthrough=] if (!COMPAT_USE_64BIT_TIME) { ^ drivers/char/lp.c:761:2: note: here case LPSETTIMEOUT_NEW: ^~~~ drivers/char/lp.c: In function ‘lp_ioctl’: drivers/char/lp.c:728:6: warning: this statement may fall through [-Wimplicit-fallthrough=] if (BITS_PER_LONG == 32) { ^ drivers/char/lp.c:733:2: note: here case LPSETTIMEOUT_NEW: ^~~~ Warning level 3 was used: -Wimplicit-fallthrough=3 Notice that in some cases, the code comment is modified in accordance with what GCC is expecting to find. This patch is part of the ongoing efforts to enable -Wimplicit-fallthrough. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-13tpm/ppi: Enable submission of optional command parameter for PPI 1.3Stefan Berger1-6/+16
This patch enables a user to specify the additional optional command parameter by writing it into the request file: # echo "23 16" > request # cat request 23 16 For backwards compatibility: If only 1 parameter is given then we assume this is the operation request number. # echo "5" > request # cat request 5 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: David Safford <david.safford@ge.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm/ppi: Possibly show command parameter if TPM PPI 1.3 is usedStefan Berger1-2/+29
TPM PPI 1.3 introduces an additional optional command parameter that may be needed for some commands. Display the parameter if the command requires such a parameter. Only command 23 needs one. The PPI request file will show output like this then: # echo "23 16" > request # cat request 23 16 # echo "5" > request # cat request 5 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: David Safford <david.safford@ge.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm/ppi: Display up to 101 operations as define for version 1.3Stefan Berger1-1/+1
TPM PPI 1.3 defines operations up to number 101. We need to query up to this number to show the user what the firmware implements. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: David Safford <david.safford@ge.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm/ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_ID_1Stefan Berger1-10/+11
TPM PPI 1.3 introduces a function revision 2 for some functions. So, rename the existing TPM_PPI_REVISION_ID to TPM_PPI_REVISION_ID_1. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: David Safford <david.safford@ge.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm/ppi: pass function revision ID to tpm_eval_dsm()Stefan Berger1-8/+8
Since we will need to pass different function revision numbers to tpm_eval_dsm, convert this function now to take the function revision as an additional parameter. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: David Safford <david.safford@ge.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()Roberto Sassu3-27/+15
Currently, tpm_pcr_extend() accepts as an input only a SHA1 digest. This patch replaces the hash parameter of tpm_pcr_extend() with an array of tpm_digest structures, so that the caller can provide a digest for each PCR bank currently allocated in the TPM. tpm_pcr_extend() will not extend banks for which no digest was provided, as it happened before this patch, but instead it requires that callers provide the full set of digests. Since the number of digests will always be chip->nr_allocated_banks, the count parameter has been removed. Due to the API change, ima_pcr_extend() and pcrlock() have been modified. Since the number of allocated banks is not known in advance, the memory for the digests must be dynamically allocated. To avoid performance degradation and to avoid that a PCR extend is not done due to lack of memory, the array of tpm_digest structures is allocated by the users of the TPM driver at initialization time. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Mimi Zohar <zohar@linux.ibm.com> (on x86 for TPM 1.2 & PTT TPM 2.0) Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm: move tpm_chip definition to include/linux/tpm.hRoberto Sassu1-97/+4
The tpm_chip structure contains the list of PCR banks currently allocated in the TPM. When support for crypto agility will be added to the TPM driver, users of the driver have to provide a digest for each allocated bank to tpm_pcr_extend(). With this patch, they can obtain the PCR bank algorithms directly from chip->allocated_banks. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm: retrieve digest size of unknown algorithms with PCR readRoberto Sassu4-29/+81
Currently, the TPM driver retrieves the digest size from a table mapping TPM algorithms identifiers to identifiers defined by the crypto subsystem. If the algorithm is not defined by the latter, the digest size can be retrieved from the output of the PCR read command. The patch modifies the definition of tpm_pcr_read() and tpm2_pcr_read() to pass the desired hash algorithm and obtain the digest size at TPM startup. Algorithms and corresponding digest sizes are stored in the new structure tpm_bank_info, member of tpm_chip, so that the information can be used by other kernel subsystems. tpm_bank_info contains: the TPM algorithm identifier, necessary to generate the event log as defined by Trusted Computing Group (TCG); the digest size, to pad/truncate a digest calculated with a different algorithm; the crypto subsystem identifier, to calculate the digest of event data. This patch also protects against data corruption that could happen in the bus, by checking that the digest size returned by the TPM during a PCR read matches the size of the algorithm passed to tpm2_pcr_read(). For the initial PCR read, when digest sizes are not yet available, this patch ensures that the amount of data copied from the output returned by the TPM does not exceed the size of the array data are copied to. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm: rename and export tpm2_digest and tpm2_algorithmsRoberto Sassu4-23/+12
Rename tpm2_* to tpm_* and move the definitions to include/linux/tpm.h so that these can be used by other kernel subsystems (e.g. IMA). Also, set the length of the digest array in tpm_digest to a new constant named TPM_MAX_DIGEST_SIZE, equal to SHA512_DIGEST_SIZE. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm: dynamically allocate the allocated_banks arrayRoberto Sassu5-19/+44
This patch renames active_banks (member of tpm_chip) to allocated_banks, stores the number of allocated PCR banks in nr_allocated_banks (new member of tpm_chip), and replaces the static array with a pointer to a dynamically allocated array. tpm2_get_pcr_allocation() determines if a PCR bank is allocated by checking the mask in the TPML_PCR_SELECTION structure returned by the TPM for TPM2_Get_Capability(). If a bank is not allocated, the TPM returns that bank in TPML_PCR_SELECTION, with all bits in the mask set to zero. In this case, the bank is not included in chip->allocated_banks, to avoid that TPM driver users unnecessarily calculate a digest for that bank. One PCR bank with algorithm set to SHA1 is always allocated for TPM 1.x. As a consequence of the introduction of nr_allocated_banks, tpm_pcr_extend() does not check anymore if the algorithm stored in tpm_chip is equal to zero. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13tpm: remove @flags from tpm_transmit()Jarkko Sakkinen10-90/+73
Remove @flags from tpm_transmit() API. It is no longer used for anything. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: take TPM chip power gating out of tpm_transmit()Jarkko Sakkinen6-37/+40
Call tpm_chip_start() and tpm_chip_stop() in * tpm_chip_register() * tpm_class_shutdown() * tpm_del_char_device() * tpm_pm_suspend() * tpm_try_get_ops() and tpm_put_ops() * tpm2_del_space() And remove these calls from tpm_transmit(). The core reason for this change is that in tpm_vtpm_proxy a locality change requires a virtual TPM command (a command made up just for that driver). The consequence of this is that this commit removes the remaining nested calls. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: introduce tpm_chip_start() and tpm_chip_stop()Jarkko Sakkinen3-81/+116
Encapsulate power gating and locality functionality to tpm_chip_start() and tpm_chip_stop() in order to clean up the branching mess in tpm_transmit(). Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: remove TPM_TRANSMIT_UNLOCKED flagJarkko Sakkinen6-38/+17
Added locking as part of tpm_try_get_ops() and tpm_put_ops() as they are anyway used in most of the call sites except in tpmrm_release() where we take the locks manually. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: use tpm_try_get_ops() in tpm-sysfs.c.Jarkko Sakkinen1-45/+78
Use tpm_try_get_ops() in tpm-sysfs.c so that we can consider moving other decorations (locking, localities, power management for example) inside it. This direction can be of course taken only after other call sites for tpm_transmit() have been treated in the same way. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: remove @space from tpm_transmit()Jarkko Sakkinen8-53/+43
Remove @space from tpm_transmit() API` in order to completely remove the bound between low-level transmission functionality and TPM spaces. The only real dependency existing is the amount of data saved before trying to send a command to the TPM. It doesn't really matter if we save always a bit more than needed so this commit changes the amount saved always to be the size of the TPM header and three handles. Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: move TPM space code out of tpm_transmit()Jarkko Sakkinen3-33/+34
Prepare and commit TPM space before and after calling tpm_transmit() instead of doing that inside tpm_transmit(). After this change we can remove TPM_TRANSMIT_NESTED flag from tpm2_prepare_space() and tpm2_commit_space() and replace it with TPM_TRANSMIT_UNLOCKED. Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: move tpm_validate_commmand() to tpm2-space.cJarkko Sakkinen3-64/+66
Move tpm_validate_command() to tpm2-space.c and make it part of the tpm2_prepare_space() flow. Make cc resolution as part of the TPM space functionality in order to detach it from rest of the tpm_transmit() flow. Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>
2019-02-13tpm: clean up tpm_try_transmit() error handling flowJarkko Sakkinen3-52/+45
Move locking, locality handling and power management to tpm_transmit() in order to simplify the flow. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com>