- 03 Apr, 2017 23 commits
-
-
Hon Ching \(Vicky\) Lo authored
The current code passes the address of tpm_chip as the argument to dev_get_drvdata() without prior NULL check in tpm_ibmvtpm_get_desired_dma. This resulted an oops during kernel boot when vTPM is enabled in Power partition configured in active memory sharing mode. The vio_driver's get_desired_dma() is called before the probe(), which for vtpm is tpm_ibmvtpm_probe, and it's this latter function that initializes the driver and set data. Attempting to get data before the probe() caused the problem. This patch adds a NULL check to the tpm_ibmvtpm_get_desired_dma. fixes: 9e0d39d8 ("tpm: Remove useless priv field in struct tpm_vendor_specific") Cc: <stable@vger.kernel.org> Signed-off-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkine <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Jerry Snitselaar authored
Make sure size of response buffer is at least 6 bytes, or we will underflow and pass large size_t to memcpy_fromio(). This was encountered while testing earlier version of locality patchset. Cc: stable@vger.kernel.org Fixes: 30fc8d13 ("tpm: TPM 2.0 CRB Interface") Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
James Bottomley authored
Sessions are different from transient objects in that their handles may not be virtualized (because they're used for some hmac calculations). Additionally when a session is context saved, a vestigial memory remains in the TPM and if it is also flushed, that will be lost and the session context will refuse to load next time, so the code is updated to flush only transient objects after a context save. Add a separate array (chip->session_tbl) to save and restore sessions by handle. Use the failure of a context save or load to signal that the session has been flushed from the TPM and we can remove its memory from chip->session_tbl. Sessions are also isolated during each instance of a tpm space. This means that spaces shouldn't be able to see each other's sessions and is enforced by ensuring that a space user may only refer to sessions handles that are present in their own chip->session_tbl. Finally when a space is closed, all the sessions belonging to it should be flushed so the handles may be re-used by other spaces. Note that if we get a session save or load error, all sessions are effectively flushed. Even though we restore the session buffer, all the old sessions will refuse to load after the flush and they'll be purged from our session memory. This means that while transient context handling is still soft in the face of errors, session handling is hard (any failure of the model means all sessions are lost). Fixes-from: Colin Ian King <colin.king@canonical.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
James Bottomley authored
Currently the tpm spaces are not exposed to userspace. Make this exposure via a separate device, which can now be opened multiple times because each read/write transaction goes separately via the space. Concurrency is protected by the chip->tpm_mutex for each read/write transaction separately. The TPM is cleared of all transient objects by the time the mutex is dropped, so there should be no interference between the kernel and userspace. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
James Bottomley authored
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Jarkko Sakkinen authored
Added an ability to virtualize TPM commands into an isolated context that we call a TPM space because the word context is already heavily used in the TPM specification. Both the handle areas and bodies (where necessary) are virtualized. The mechanism works by adding a new parameter struct tpm_space to the tpm_transmit() function. This new structure contains the list of virtual handles and a buffer of page size (currently) for backing storage. When tpm_transmit() is called with a struct tpm_space instance it will execute the following sequence: 1. Take locks. 2. Load transient objects from the backing storage by using ContextLoad and map virtual handles to physical handles. 3. Perform the transaction. 4. Save transient objects to backing storage by using ContextSave and map resulting physical handle to virtual handle if there is such. This commit does not implement virtualization support for hmac and policy sessions. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-
Jarkko Sakkinen authored
Check for every TPM 2.0 command that the command code is supported and the command buffer has at least the length that can contain the header and the handle area. For ContextSave and FlushContext we mark the body to be part of the handle area. This gives validation for these commands at zero cost, including the body of the command. The more important reason for this is that we can virtualize these commands in the same way as you would virtualize the handle area of a command. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-
Jarkko Sakkinen authored
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-
Jarkko Sakkinen authored
Check that the length matches the length reported by the response header already in tpm_transmit() to improve validation. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-
Jarkko Sakkinen authored
Encapsulated crb_wait_for_reg32() so that state changes in other CRB registers than TPM_CRB_CTRL_REQ_x can be waited. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Tested-by: Gang Wei <gang.wei@intel.com>
-
Jarkko Sakkinen authored
In order to provide access to locality registers, this commits adds mapping of the head of the CRB registers, which are located right before the control area. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Tested-by: Gang Wei <gang.wei@intel.com>
-
Peter Huewe authored
Testing the implementation with a Raspberry Pi 2 showed that under some circumstances its SPI master erroneously releases the CS line before the transfer is complete, i.e. before the end of the last clock. In this case the TPM ignores the transfer and misses for example the GO command. The driver is unable to detect this communication problem and will wait for a command response that is never going to arrive, timing out eventually. As a workaround, the small delay ensures that the CS line is held long enough, even with a faulty SPI master. Other SPI masters are not affected, except for a negligible performance penalty. Cc: <stable@vger.kernel.org> Fixes: 0edbfea5 ("tpm/tpm_tis_spi: Add support for spi phy") Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Benoit Houyere <benoit.houyere@st.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Peter Huewe authored
Limiting transfers to MAX_SPI_FRAMESIZE was not expected by the upper layers, as tpm_tis has no such limitation. Add a loop to hide that limitation. v2: Moved scope of spi_message to the top as requested by Jarkko Cc: <stable@vger.kernel.org> Fixes: 0edbfea5 ("tpm/tpm_tis_spi: Add support for spi phy") Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Benoit Houyere <benoit.houyere@st.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Peter Huewe authored
Wait states are signaled in the last byte received from the TPM in response to the header, not the first byte. Check rx_buf[3] instead of rx_buf[0]. Cc: <stable@vger.kernel.org> Fixes: 0edbfea5 ("tpm/tpm_tis_spi: Add support for spi phy") Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Benoit Houyere <benoit.houyere@st.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Peter Huewe authored
Abort the transfer with ETIMEDOUT when the TPM signals more than TPM_RETRY wait states. Continuing with the transfer in this state will only lead to arbitrary failures in other parts of the code. Cc: <stable@vger.kernel.org> Fixes: 0edbfea5 ("tpm/tpm_tis_spi: Add support for spi phy") Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Benoit Houyere <benoit.houyere@st.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Peter Huewe authored
The algorithm for sending data to the TPM is mostly identical to the algorithm for receiving data from the TPM, so a single function is sufficient to handle both cases. This is a prequisite for all the other fixes, so we don't have to fix everything twice (send/receive) v2: u16 instead of u8 for the length. Cc: <stable@vger.kernel.org> Fixes: 0edbfea5 ("tpm/tpm_tis_spi: Add support for spi phy") Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Benoit Houyere <benoit.houyere@st.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Winkler, Tomas authored
This fix enables a platform to enter the idle state (suspend-to-idle) The driver needs to request explicitly go_idle upon completion from the pm suspend handler. The runtime pm is disabled on suspend during prepare state by calling pm_runtime_get_noresume, hence we cannot relay on runtime pm to leave the device in low power state. Symmetrically cmdReady is called upon resume. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Siged-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Arnd Bergmann authored
We get a newly introduced harmless warning when CONFIG_CRYPTO is disabled: warning: (TCG_TPM && TRUSTED_KEYS && IMA) selects CRYPTO_HASH_INFO which has unmet direct dependencies (CRYPTO) This adds another select to avoid the warning, consistent with other users of the crypto code. Fixes: c1f92b4b ("tpm: enhance TPM 2.0 PCR extend to support multiple banks") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Nayna Jain authored
Commit 500462a9 "timers: Switch to a non-cascading wheel" replaced the 'classic' timer wheel, which aimed for near 'exact' expiry of the timers. Their analysis was that the vast majority of timeout timers are used as safeguards, not as real timers, and are cancelled or rearmed before expiration. The only exception noted to this were networking timers with a small expiry time. Not included in the analysis was the TPM polling timer, which resulted in a longer normal delay and, every so often, a very long delay. The non-cascading wheel delay is based on CONFIG_HZ. For a description of the different rings and their delays, refer to the comments in kernel/time/timer.c. Below are the delays given for rings 0 - 2, which explains the longer "normal" delays and the very, long delays as seen on systems with CONFIG_HZ 250. * HZ 1000 steps * Level Offset Granularity Range * 0 0 1 ms 0 ms - 63 ms * 1 64 8 ms 64 ms - 511 ms * 2 128 64 ms 512 ms - 4095 ms (512ms - ~4s) * HZ 250 * Level Offset Granularity Range * 0 0 4 ms 0 ms - 255 ms * 1 64 32 ms 256 ms - 2047 ms (256ms - ~2s) * 2 128 256 ms 2048 ms - 16383 ms (~2s - ~16s) Below is a comparison of extending the TPM with 1000 measurements, using msleep() vs. usleep_delay() when configured for 1000 hz vs. 250 hz, before and after commit 500462a9. linux-4.7 | msleep() usleep_range() 1000 hz: 0m44.628s | 1m34.497s 29.243s 250 hz: 1m28.510s | 4m49.269s 32.386s linux-4.7 | min-max (msleep) min-max (usleep_range) 1000 hz: 0:017 - 2:760s | 0:015 - 3:967s 0:014 - 0:418s 250 hz: 0:028 - 1:954s | 0:040 - 4:096s 0:016 - 0:816s This patch replaces the msleep() with usleep_range() calls in the i2c nuvoton driver with a consistent max range value. Signed-of-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: stable@vger.kernel.org (linux-4.8) Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Jason Gunthorpe authored
The expectation is that the if the CRB cmd/rsp buffer falls within the ACPI region that the entire buffer will be within the reason. Otherwise resource reservation will fail when it crosses regions. Work around this BIOS bug by limiting the cmd/rsp buffer to the length of the declared ACPI region. BIOS vendors should fix this by making the ACPI and register length declarations consistent. Reported-by: Davide Guerri <davide.guerri@gmail.com> Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Davide Guerri <davide.guerri@gmail.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Alexander Steffen authored
TIS v1.3 for TPM 1.2 and PTP for TPM 2.0 disagree about which timeout value applies to reading a valid burstcount. It is TIMEOUT_D according to TIS, but TIMEOUT_A according to PTP, so choose the appropriate value depending on whether we deal with a TPM 1.2 or a TPM 2.0. This is important since according to the PTP TIMEOUT_D is much smaller than TIMEOUT_A. So the previous implementation could run into timeouts with a TPM 2.0, even though the TPM was behaving perfectly fine. During tpm2_probe TIMEOUT_D will be used even with a TPM 2.0, because TPM_CHIP_FLAG_TPM2 is not yet set. This is fine, since the timeout values will only be changed afterwards by tpm_get_timeouts. Until then TIS_TIMEOUT_D_MAX applies, which is large enough. Cc: stable@vger.kernel.org Fixes: aec04cbd ("tpm: TPM 2.0 FIFO Interface") Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
-
Elena Reshetova authored
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
-
Elena Reshetova authored
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
-
- 30 Mar, 2017 1 commit
-
-
Kees Cook authored
Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
-
- 28 Mar, 2017 2 commits
-
-
Tetsuo Handa authored
We switched from "struct task_struct"->security to "struct cred"->security in Linux 2.6.29. But not all LSM modules were happy with that change. TOMOYO LSM module is an example which want to use per "struct task_struct" security blob, for TOMOYO's security context is defined based on "struct task_struct" rather than "struct cred". AppArmor LSM module is another example which want to use it, for AppArmor is currently abusing the cred a little bit to store the change_hat and setexeccon info. Although security_task_free() hook was revived in Linux 3.4 because Yama LSM module wanted to release per "struct task_struct" security blob, security_task_alloc() hook and "struct task_struct"->security field were not revived. Nowadays, we are getting proposals of lightweight LSM modules which want to use per "struct task_struct" security blob. We are already allowing multiple concurrent LSM modules (up to one fully armored module which uses "struct cred"->security field or exclusive hooks like security_xfrm_state_pol_flow_match(), plus unlimited number of lightweight modules which do not use "struct cred"->security nor exclusive hooks) as long as they are built into the kernel. But this patch does not implement variable length "struct task_struct"->security field which will become needed when multiple LSM modules want to use "struct task_struct"-> security field. Although it won't be difficult to implement variable length "struct task_struct"->security field, let's think about it after we merged this patch. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Tested-by: Djalal Harouni <tixxdz@gmail.com> Acked-by: José Bollo <jobol@nonadev.net> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Kees Cook <keescook@chromium.org> Cc: James Morris <james.l.morris@oracle.com> Cc: José Bollo <jobol@nonadev.net> Signed-off-by: James Morris <james.l.morris@oracle.com>
-
James Morris authored
-
- 26 Mar, 2017 8 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "A smattering of different small fixes for some random driver subsystems. Nothing all that major, just resolutions for reported issues and bugs. All have been in linux-next with no reported issues" * tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits) extcon: int3496: Set the id pin to direction-input if necessary extcon: int3496: Use gpiod_get instead of gpiod_get_index extcon: int3496: Add dependency on X86 as it's Intel specific extcon: int3496: Add GPIO ACPI mapping table extcon: int3496: Rename GPIO pins in accordance with binding vmw_vmci: handle the return value from pci_alloc_irq_vectors correctly ppdev: fix registering same device name parport: fix attempt to write duplicate procfiles auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches Drivers: hv: vmbus: Don't leak memory when a channel is rescinded Drivers: hv: vmbus: Don't leak channel ids Drivers: hv: util: don't forget to init host_ts.lock Drivers: hv: util: move waiting for release to hv_utils_transport itself vmbus: remove hv_event_tasklet_disable/enable vmbus: use rcu for per-cpu channel list mei: don't wait for os version message reply mei: fix deadlock on mei reset intel_th: pci: Add Gemini Lake support intel_th: pci: Add Denverton SOC support intel_th: Don't leak module refcount on failure to activate ...
-
Linus Torvalds authored
Merge tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fix from Greg KH: "Here is a single kernfs fix for 4.11-rc4 that resolves a reported issue. It has been in linux-next with no reported issues" * tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file()
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/ttyLinus Torvalds authored
Pull tty/serial driver fixes from Greg KH: "Here are some tty and serial driver fixes for 4.11-rc4. One of these fix a long-standing issue in the ldisc code that was found by Dmitry Vyukov with his great fuzzing work. The other fixes resolve other reported issues, and there is one revert of a patch in 4.11-rc1 that wasn't correct. All of these have been in linux-next for a while with no reported issues" * tag 'tty-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: fix data race in tty_ldisc_ref_wait() tty: don't panic on OOM in tty_set_ldisc() Revert "tty: serial: pl011: add ttyAMA for matching pl011 console" tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision serial: 8250_dw: Fix breakage when HAVE_CLK=n serial: 8250_dw: Honor clk_round_rate errors in dw8250_set_termios
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull IIO driver fixes from Greg KH: "Here are some small IIO driver fixes for 4.11-rc4 that resolve a number of tiny reported issues. All of these have been in linux-next for a while with no reported issues" * tag 'staging-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: imu: st_lsm6dsx: fix FIFO_CTRL2 overwrite during watermark configuration iio: adc: ti_am335x_adc: fix fifo overrun recovery iio: sw-device: Fix config group initialization iio: magnetometer: ak8974: remove incorrect __exit markups iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB/PHY fixes from Greg KH: "Here are a number of small USB and PHY driver fixes for 4.11-rc4. Nothing major here, just an bunch of small fixes, and a handfull of good fixes from Johan for devices with crazy descriptors. There are a few new device ids in here as well. All of these have been in linux-next with no reported issues" * tag 'usb-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits) usb: gadget: f_hid: fix: Don't access hidg->req without spinlock held usb: gadget: udc: remove pointer dereference after free usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval usb: gadget: acm: fix endianness in notifications usb: dwc3: gadget: delay unmap of bounced requests USB: serial: qcserial: add Dell DW5811e usb: hub: Fix crash after failure to read BOS descriptor ACM gadget: fix endianness in notifications USB: usbtmc: fix probe error path USB: usbtmc: add missing endpoint sanity check USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems usb: musb: fix possible spinlock deadlock usb: musb: dsps: fix iounmap in error and exit paths usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk uwb: i1480-dfu: fix NULL-deref at probe uwb: hwa-rc: fix NULL-deref at probe USB: wusbcore: fix NULL-deref at probe USB: uss720: fix NULL-deref at probe ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull more powerpc fixes from Michael Ellerman: "These are all pretty minor. The fix for idle wakeup would be a bad bug but has not been observed in practice. The update to the gcc-plugins docs was Cc'ed to Kees and Jon, Kees OK'ed it going via powerpc and I didn't hear from Jon. - cxl: Route eeh events to all slices for pci_channel_io_perm_failure state - powerpc/64s: Fix idle wakeup potential to clobber registers - Revert "powerpc/64: Disable use of radix under a hypervisor" - gcc-plugins: update architecture list in documentation Thanks to: Andrew Donnellan, Nicholas Piggin, Paul Mackerras, Vaibhav Jain" * tag 'powerpc-4.11-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: gcc-plugins: update architecture list in documentation Revert "powerpc/64: Disable use of radix under a hypervisor" powerpc/64s: Fix idle wakeup potential to clobber registers cxl: Route eeh events to all slices for pci_channel_io_perm_failure state
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4Linus Torvalds authored
Pull ext4 fixes from Ted Ts'o: "Fix a memory leak on an error path, and two races when modifying inodes relating to the inline_data and metadata checksum features" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix two spelling nits ext4: lock the xattr block before checksuming it jbd2: don't leak memory if setting up journal fails ext4: mark inode dirty after converting inline directory
-
- 25 Mar, 2017 6 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscryptLinus Torvalds authored
Pull fscrypto fixes from Ted Ts'o: "A code cleanup and bugfix for fs/crypto" * tag 'fscrypt-for-linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt: fscrypt: eliminate ->prepare_context() operation fscrypt: remove broken support for detecting keyring key revocation
-
Linus Torvalds authored
Merge tag 'hwmon-for-linus-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - bug fixes in asus_atk0110, it87 and max31790 drivers - added missing API definition to hwmon core * tag 'hwmon-for-linus-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (asus_atk0110) fix uninitialized data access hwmon: Add missing HWMON_T_ALARM hwmon: (it87) Avoid registering the same chip on both SIO addresses hwmon: (max31790) Set correct PWM value
-
git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdmaLinus Torvalds authored
Pull rdma fixes from Doug Ledford: "This has been a slow -rc cycle for the RDMA subsystem. We really haven't had a lot of rc fixes come in. This pull request is the first of this entire rc cycle and it has all of the suitable fixes so far and it's still only about 20 patches. The fix for the minor breakage cause by the dma mapping patchset is in here, as well as a couple other potential oops fixes, but the rest is more minor. Summary: - fix for dma_ops change in this kernel, resolving the s390, powerpc, and IOMMU operation - a few other oops fixes - the rest are all minor fixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/qib: fix false-postive maybe-uninitialized warning RDMA/iser: Fix possible mr leak on device removal event IB/device: Convert ib-comp-wq to be CPU-bound IB/cq: Don't process more than the given budget IB/rxe: increment msn only when completing a request uapi: fix rdma/mlx5-abi.h userspace compilation errors IB/core: Restore I/O MMU, s390 and powerpc support IB/rxe: Update documentation link RDMA/ocrdma: fix a type issue in ocrdma_put_pd_num() IB/rxe: double free on error RDMA/vmw_pvrdma: Activate device on ethernet link up RDMA/vmw_pvrdma: Dont hardcode QP header page RDMA/vmw_pvrdma: Cleanup unused variables infiniband: Fix alignment of mmap cookies to support VIPT caching IB/core: Protect against self-requeue of a cq work item i40iw: Receive netdev events post INET_NOTIFIER state
-
git://git.infradead.org/users/pcmoore/auditLinus Torvalds authored
Pull audit fix from Paul Moore: "We've got an audit fix, and unfortunately it is big. While I'm not excited that we need to be sending you something this large during the -rcX phase, it does fix some very real, and very tangled, problems relating to locking, backlog queues, and the audit daemon connection. This code has passed our testsuite without problem and it has held up to my ad-hoc stress tests (arguably better than the existing code), please consider pulling this as fix for the next v4.11-rcX tag" * 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit: audit: fix auditd/kernel connection state tracking
-
Theodore Ts'o authored
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-
Theodore Ts'o authored
We must lock the xattr block before calculating or verifying the checksum in order to avoid spurious checksum failures. https://bugzilla.kernel.org/show_bug.cgi?id=193661Reported-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org
-