1. 22 May, 2020 2 commits
    • Gustavo A. R. Silva's avatar
      tpm: eventlog: Replace zero-length array with flexible-array member · ab91c2a8
      Gustavo A. R. Silva authored
      The current codebase makes use of the zero-length array language
      extension to the C90 standard, but the preferred mechanism to declare
      variable-length types such as these ones is a flexible array member[1][2],
      introduced in C99:
      
      struct foo {
              int stuff;
              struct boo array[];
      };
      
      By making use of the mechanism above, we will get a compiler warning
      in case the flexible array does not occur last in the structure, which
      will help us prevent some kind of undefined behavior bugs from being
      inadvertently introduced[3] to the codebase from now on.
      
      Also, notice that, dynamic memory allocations won't be affected by
      this change:
      
      "Flexible array members have incomplete type, and so the sizeof operator
      may not be applied. As a quirk of the original implementation of
      zero-length arrays, sizeof evaluates to zero."[1]
      
      sizeof(flexible-array-member) triggers a warning because flexible array
      members have incomplete type[1]. There are some instances of code in
      which the sizeof operator is being incorrectly/erroneously applied to
      zero-length arrays and the result is zero. Such instances may be hiding
      some bugs. So, this work (flexible-array member conversions) will also
      help to get completely rid of those sorts of issues.
      
      Also, the following issue shows up due to the flexible-array member
      having incomplete type[4]:
      
      drivers/char/tpm/eventlog/tpm2.c: In function ‘tpm2_bios_measurements_start’:
      drivers/char/tpm/eventlog/tpm2.c:54:46: error: invalid application of ‘sizeof’ to incomplete type ‘u8[]’ {aka ‘unsigned char[]’}
         54 |  size = sizeof(struct tcg_pcr_event) - sizeof(event_header->event)
            |                                              ^
      drivers/char/tpm/eventlog/tpm2.c: In function ‘tpm2_bios_measurements_next’:
      drivers/char/tpm/eventlog/tpm2.c:102:10: error: invalid application of ‘sizeof’ to incomplete type ‘u8[]’ {aka ‘unsigned char[]’}
        102 |    sizeof(event_header->event) + event_header->event_size;
            |          ^
      drivers/char/tpm/eventlog/tpm2.c: In function ‘tpm2_binary_bios_measurements_show’:
      drivers/char/tpm/eventlog/tpm2.c:140:10: error: invalid application of ‘sizeof’ to incomplete type ‘u8[]’ {aka ‘unsigned char[]’}
        140 |    sizeof(event_header->event) + event_header->event_size;
            |          ^
      scripts/Makefile.build:266: recipe for target 'drivers/char/tpm/eventlog/tpm2.o' failed
      make[3]: *** [drivers/char/tpm/eventlog/tpm2.o] Error 1
      
      As mentioned above: "Flexible array members have incomplete type, and
      so the sizeof operator may not be applied. As a quirk of the original
      implementation of zero-length arrays, sizeof evaluates to zero."[1] As
      in "sizeof(event_header->event) always evaluated to 0, so removing it
      has no effect".
      
      Lastly, make use of the struct_size() helper to deal with the
      flexible array member and its host structure.
      
      This issue was found with the help of Coccinelle.
      
      [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
      [2] https://github.com/KSPP/linux/issues/21
      [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour")
      [4] https://github.com/KSPP/linux/issues/43Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      ab91c2a8
    • Andy Shevchenko's avatar
      tpm/tpm_ftpm_tee: Use UUID API for exporting the UUID · 8c872863
      Andy Shevchenko authored
      There is export_uuid() function which exports uuid_t to the u8 array.
      Use it instead of open coding variant.
      
      This allows to hide the uuid_t internals.
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Acked-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      8c872863
  2. 21 May, 2020 8 commits
  3. 20 May, 2020 6 commits
  4. 19 May, 2020 12 commits
  5. 18 May, 2020 8 commits
    • Ricardo Ribalda Delgado's avatar
      mtd: Fix mtd not registered due to nvmem name collision · 7b01b723
      Ricardo Ribalda Delgado authored
      When the nvmem framework is enabled, a nvmem device is created per mtd
      device/partition.
      
      It is not uncommon that a device can have multiple mtd devices with
      partitions that have the same name. Eg, when there DT overlay is allowed
      and the same device with mtd is attached twice.
      
      Under that circumstances, the mtd fails to register due to a name
      duplication on the nvmem framework.
      
      With this patch we use the mtdX name instead of the partition name,
      which is unique.
      
      [    8.948991] sysfs: cannot create duplicate filename '/bus/nvmem/devices/Production Data'
      [    8.948992] CPU: 7 PID: 246 Comm: systemd-udevd Not tainted 5.5.0-qtec-standard #13
      [    8.948993] Hardware name: AMD Dibbler/Dibbler, BIOS 05.22.04.0019 10/26/2019
      [    8.948994] Call Trace:
      [    8.948996]  dump_stack+0x50/0x70
      [    8.948998]  sysfs_warn_dup.cold+0x17/0x2d
      [    8.949000]  sysfs_do_create_link_sd.isra.0+0xc2/0xd0
      [    8.949002]  bus_add_device+0x74/0x140
      [    8.949004]  device_add+0x34b/0x850
      [    8.949006]  nvmem_register.part.0+0x1bf/0x640
      ...
      [    8.948926] mtd mtd8: Failed to register NVMEM device
      
      Fixes: c4dfa25a ("mtd: add support for reading MTD devices via the nvmem API")
      Signed-off-by: default avatarRicardo Ribalda Delgado <ribalda@kernel.org>
      Acked-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      7b01b723
    • Miquel Raynal's avatar
      mtd: spinand: Propagate ECC information to the MTD structure · 3507273d
      Miquel Raynal authored
      This is done by default in the raw NAND core (nand_base.c) but was
      missing in the SPI-NAND core. Without these two lines the ecc_strength
      and ecc_step_size values are not exported to the user through sysfs.
      
      Fixes: 7529df46 ("mtd: nand: Add core infrastructure to support SPI NANDs")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Reviewed-by: default avatarBoris Brezillon <boris.brezillon@collabora.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      3507273d
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity · 642b151f
      Linus Torvalds authored
      Pull integrity fixes from Mimi Zohar:
       "A couple of miscellaneous bug fixes for the integrity subsystem:
      
        IMA:
      
         - Properly modify the open flags in order to calculate the file hash.
      
         - On systems requiring the IMA policy to be signed, the policy is
           loaded differently. Don't differentiate between "enforce" and
           either "log" or "fix" modes how the policy is loaded.
      
        EVM:
      
         - Two patches to fix an EVM race condition, normally the result of
           attempting to load an unsupported hash algorithm.
      
         - Use the lockless RCU version for walking an append only list"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
        evm: Fix a small race in init_desc()
        evm: Fix RCU list related warnings
        ima: Fix return value of ima_write_policy()
        evm: Check also if *tfm is an error pointer in init_desc()
        ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
      642b151f
    • Linus Torvalds's avatar
      Merge tag 'for-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat · 45088963
      Linus Torvalds authored
      Pull exfat fixes from Namjae Jeon:
      
       - Fix potential memory leak in exfat_find
      
       - Set exfat's splice_write to iter_file_splice_write to fix a splice
         failure on direct-opened files
      
      * tag 'for-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
        exfat: fix possible memory leak in exfat_find()
        exfat: use iter_file_splice_write
      45088963
    • David Howells's avatar
      afs: Don't unlock fetched data pages until the op completes successfully · 9d1be4f4
      David Howells authored
      Don't call req->page_done() on each page as we finish filling it with
      the data coming from the network.  Whilst this might speed up the
      application a bit, it's a problem if there's a network failure and the
      operation has to be reissued.
      
      If this happens, an oops occurs because afs_readpages_page_done() clears
      the pointer to each page it unlocks and when a retry happens, the
      pointers to the pages it wants to fill are now NULL (and the pages have
      been unlocked anyway).
      
      Instead, wait till the operation completes successfully and only then
      release all the pages after clearing any terminal gap (the server can
      give us less data than we requested as we're allowed to ask for more
      than is available).
      
      KASAN produces a bug like the following, and even without KASAN, it can
      oops and panic.
      
          BUG: KASAN: wild-memory-access in _copy_to_iter+0x323/0x5f4
          Write of size 1404 at addr 0005088000000000 by task md5sum/5235
      
          CPU: 0 PID: 5235 Comm: md5sum Not tainted 5.7.0-rc3-fscache+ #250
          Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
          Call Trace:
           memcpy+0x39/0x58
           _copy_to_iter+0x323/0x5f4
           __skb_datagram_iter+0x89/0x2a6
           skb_copy_datagram_iter+0x129/0x135
           rxrpc_recvmsg_data.isra.0+0x615/0xd42
           rxrpc_kernel_recv_data+0x1e9/0x3ae
           afs_extract_data+0x139/0x33a
           yfs_deliver_fs_fetch_data64+0x47a/0x91b
           afs_deliver_to_call+0x304/0x709
           afs_wait_for_call_to_complete+0x1cc/0x4ad
           yfs_fs_fetch_data+0x279/0x288
           afs_fetch_data+0x1e1/0x38d
           afs_readpages+0x593/0x72e
           read_pages+0xf5/0x21e
           __do_page_cache_readahead+0x128/0x23f
           ondemand_readahead+0x36e/0x37f
           generic_file_buffered_read+0x234/0x680
           new_sync_read+0x109/0x17e
           vfs_read+0xe6/0x138
           ksys_read+0xd8/0x14d
           do_syscall_64+0x6e/0x8a
           entry_SYSCALL_64_after_hwframe+0x49/0xb3
      
      Fixes: 196ee9cd ("afs: Make afs_fs_fetch_data() take a list of pages")
      Fixes: 30062bd1 ("afs: Implement YFS support in the fs client")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9d1be4f4
    • Rafael J. Wysocki's avatar
      ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive · 607b9df6
      Rafael J. Wysocki authored
      Flushing the EC work while suspended to idle when the EC GPE status
      is not set causes some EC wakeup events (notably power button and
      lid ones) to be missed after a series of spurious wakeups on the Dell
      XPS13 9360 in my office.
      
      If that happens, the machine cannot be woken up from suspend-to-idle
      by the power button or lid status change and it needs to be woken up
      in some other way (eg. by a key press).
      
      Flushing the EC work only after successful dispatching the EC GPE,
      which means that its status has been set, avoids the issue, so change
      the code in question accordingly.
      
      Fixes: 7b301750 ("ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake()")
      Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Tested-by: default avatarChris Chiu <chiu@endlessm.com>
      607b9df6
    • Wei Yongjun's avatar
      exfat: fix possible memory leak in exfat_find() · 94182167
      Wei Yongjun authored
      'es' is malloced from exfat_get_dentry_set() in exfat_find() and should
      be freed before leaving from the error handling cases, otherwise it will
      cause memory leak.
      
      Fixes: 5f2aa075 ("exfat: add inode operations")
      Signed-off-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
      Signed-off-by: default avatarNamjae Jeon <namjae.jeon@samsung.com>
      94182167
    • Eric Sandeen's avatar
      exfat: use iter_file_splice_write · 03577948
      Eric Sandeen authored
      Doing copy_file_range() on exfat with a file opened for direct IO leads
      to an -EFAULT:
      
      # xfs_io -f -d -c "truncate 32768" \
             -c "copy_range -d 16384 -l 16384 -f 0" /mnt/test/junk
      copy_range: Bad address
      
      and the reason seems to be that we go through:
      
      default_file_splice_write
       splice_from_pipe
        __splice_from_pipe
         write_pipe_buf
          __kernel_write
           new_sync_write
            generic_file_write_iter
             generic_file_direct_write
              exfat_direct_IO
               do_blockdev_direct_IO
                iov_iter_get_pages
      
      and land in iterate_all_kinds(), which does "return -EFAULT" for our kvec
      iter.
      
      Setting exfat's splice_write to iter_file_splice_write fixes this and lets
      fsx (which originally detected the problem) run to success from
      the xfstests harness.
      Signed-off-by: default avatarEric Sandeen <sandeen@sandeen.net>
      Signed-off-by: default avatarNamjae Jeon <namjae.jeon@samsung.com>
      03577948
  6. 17 May, 2020 4 commits