Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.9.12 2020-11-18T18:22:15+00:00 2020-11-18T18:22:15+00:00 Jerry Snitselaar jsnitsel@redhat.com 2020-10-15T21:44:30+00:00 urn:sha1:3d916fae61458da323f670e40e5377bba4d2162f [ Upstream commit b154ce11ead925de6a94feb3b0317fafeefa0ebc ] There is a misconfiguration in the bios of the gpio pin used for the interrupt in the T490s. When interrupts are enabled in the tpm_tis driver code this results in an interrupt storm. This was initially reported when we attempted to enable the interrupt code in the tpm_tis driver, which previously wasn't setting a flag to enable it. Due to the reports of the interrupt storm that code was reverted and we went back to polling instead of using interrupts. Now that we know the T490s problem is a firmware issue, add code to check if the system is a T490s and disable interrupts if that is the case. This will allow us to enable interrupts for everyone else. If the user has a fixed bios they can force the enabling of interrupts with tpm_tis.interrupts=1 on the kernel command line. Cc: Peter Huewe <peterhuewe@gmx.de> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-11-18T18:22:08+00:00 Tyler Hicks tyhicks@linux.microsoft.com 2020-10-28T15:41:02+00:00 urn:sha1:0821c9441d98cbd37d82f290f675baba58fbc80c [ Upstream commit 8ffd778aff45be760292225049e0141255d4ad6e ] Mimic the pre-existing ACPI and Device Tree event log behavior by not creating the binary_bios_measurements file when the EFI TPM event log is empty. This fixes the following NULL pointer dereference that can occur when reading /sys/kernel/security/tpm0/binary_bios_measurements after the kernel received an empty event log from the firmware: BUG: kernel NULL pointer dereference, address: 000000000000002c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 2 PID: 3932 Comm: fwupdtpmevlog Not tainted 5.9.0-00003-g629990edad62 #17 Hardware name: LENOVO 20LCS03L00/20LCS03L00, BIOS N27ET38W (1.24 ) 11/28/2019 RIP: 0010:tpm2_bios_measurements_start+0x3a/0x550 Code: 54 53 48 83 ec 68 48 8b 57 70 48 8b 1e 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 48 8b 82 c0 06 00 00 48 8b 8a c8 06 00 00 <44> 8b 60 1c 48 89 4d a0 4c 89 e2 49 83 c4 20 48 83 fb 00 75 2a 49 RSP: 0018:ffffa9c901203db0 EFLAGS: 00010246 RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000010 RDX: ffff8ba1eb99c000 RSI: ffff8ba1e4ce8280 RDI: ffff8ba1e4ce8258 RBP: ffffa9c901203e40 R08: ffffa9c901203dd8 R09: ffff8ba1ec443300 R10: ffffa9c901203e50 R11: 0000000000000000 R12: ffff8ba1e4ce8280 R13: ffffa9c901203ef0 R14: ffffa9c901203ef0 R15: ffff8ba1e4ce8258 FS: 00007f6595460880(0000) GS:ffff8ba1ef880000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000002c CR3: 00000007d8d18003 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __kmalloc_node+0x113/0x320 ? kvmalloc_node+0x31/0x80 seq_read+0x94/0x420 vfs_read+0xa7/0x190 ksys_read+0xa7/0xe0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x37/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xa9 In this situation, the bios_event_log pointer in the tpm_bios_log struct was not NULL but was equal to the ZERO_SIZE_PTR (0x10) value. This was due to the following kmemdup() in tpm_read_log_efi(): int tpm_read_log_efi(struct tpm_chip *chip) { ... /* malloc EventLog space */ log->bios_event_log = kmemdup(log_tbl->log, log_size, GFP_KERNEL); if (!log->bios_event_log) { ret = -ENOMEM; goto out; } ... } When log_size is zero, due to an empty event log from firmware, ZERO_SIZE_PTR is returned from kmemdup(). Upon a read of the binary_bios_measurements file, the tpm2_bios_measurements_start() function does not perform a ZERO_OR_NULL_PTR() check on the bios_event_log pointer before dereferencing it. Rather than add a ZERO_OR_NULL_PTR() check in functions that make use of the bios_event_log pointer, simply avoid creating the binary_bios_measurements_file as is done in other event log retrieval backends. Explicitly ignore all of the events in the final event log when the main event log is empty. The list of events in the final event log cannot be accurately parsed without referring to the first event in the main event log (the event log header) so the final event log is useless in such a situation. Fixes: 58cc1e4faf10 ("tpm: parse TPM event logs based on EFI table") Link: https://lore.kernel.org/linux-integrity/E1FDCCCB-CA51-4AEE-AC83-9CDE995EAE52@canonical.com/ Reported-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Reported-by: Kenneth R. Crudup <kenny@panix.com> Reported-by: Mimi Zohar <zohar@linux.ibm.com> Cc: Thiébaud Weksteen <tweek@google.com> Cc: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-08-04T02:30:59+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-08-04T02:30:59+00:00 urn:sha1:822ef14e9dc73079c646d33aa77e2ac42361b39e Pull ARM SoC driver updates from Arnd Bergmann: "A couple of subsystems have their own subsystem maintainers but choose to have the code merged through the soc tree as upstream, as the code tends to be used across multiple SoCs or has SoC specific drivers itself: - memory controllers: Krzysztof Kozlowski takes ownership of the drivers/memory subsystem and its drivers, starting out with a set of cleanup patches. A larger driver for the Tegra memory controller that was accidentally missed for v5.8 is now added. - reset controllers: Only minor updates to drivers/reset this time - firmware: The "turris mox" firmware driver gains support for signed firmware blobs The tegra firmware driver gets extended to export some debug information Various updates to i.MX firmware drivers, mostly cosmetic - ARM SCMI/SCPI: A new mechanism for platform notifications is added, among a number of minor changes. - optee: Probing of the TEE bus is rewritten to better support detection of devices that depend on the tee-supplicant user space. A new firmware based trusted platform module (fTPM) driver is added based on OP-TEE - SoC attributes: A new driver is added to provide a generic soc_device for identifying a machine through the SMCCC ARCH_SOC_ID firmware interface rather than by probing SoC family specific registers. The series also contains some cleanups to the common soc_device code. There are also a number of updates to SoC specific drivers, the main ones are: - Mediatek cmdq driver gains a few in-kernel interfaces - Minor updates to Qualcomm RPMh, socinfo, rpm drivers, mostly adding support for additional SoC variants - The Qualcomm GENI core code gains interconnect path voting and performance level support, and integrating this into a number of device drivers. - A new driver for Samsung Exynos5800 voltage coupler for - Renesas RZ/G2H (R8A774E1) SoC support gets added to a couple of SoC specific device drivers - Updates to the TI K3 Ring Accelerator driver" * tag 'arm-drivers-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (164 commits) soc: qcom: geni: Fix unused label warning soc: qcom: smd-rpm: Fix kerneldoc memory: jz4780_nemc: Only request IO memory the driver will use soc: qcom: pdr: Reorder the PD state indication ack MAINTAINERS: Add Git repository for memory controller drivers memory: brcmstb_dpfe: Fix language typo memory: samsung: exynos5422-dmc: Correct white space issues memory: samsung: exynos-srom: Correct alignment memory: pl172: Enclose macro argument usage in parenthesis memory: of: Correct kerneldoc memory: omap-gpmc: Fix language typo memory: omap-gpmc: Correct white space issues memory: omap-gpmc: Use 'unsigned int' for consistency memory: omap-gpmc: Enclose macro argument usage in parenthesis memory: omap-gpmc: Correct kerneldoc memory: mvebu-devbus: Align with open parenthesis memory: mvebu-devbus: Add missing braces to all arms of if statement memory: bt1-l2-ctl: Add blank lines after declarations soc: TI knav_qmss: make symbol 'knav_acc_range_ops' static firmware: ti_sci: Replace HTTP links with HTTPS ones ... 2020-07-24T06:29:21+00:00 Stefan Berger stefanb@linux.ibm.com 2020-07-06T23:58:07+00:00 urn:sha1:85467f63a05c43364ba0b90d0c05bb89191543fa In case a TPM2 is attached, search for a TPM2 ACPI table when trying to get the event log from ACPI. If one is found, use it to get the start and length of the log area. This allows non-UEFI systems, such as SeaBIOS, to pass an event log when using a TPM2. Cc: Peter Huewe <peterhuewe@gmx.de> Cc: Jason Gunthorpe <jgg@ziepe.ca> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2020-07-24T06:26:23+00:00 Jarkko Sakkinen jarkko.sakkinen@linux.intel.com 2020-07-02T22:55:59+00:00 urn:sha1:6c4e79d99e6f42b79040f1a33cd4018f5425030b The size of the buffers for storing context's and sessions can vary from arch to arch as PAGE_SIZE can be anything between 4 kB and 256 kB (the maximum for PPC64). Define a fixed buffer size set to 16 kB. This should be enough for most use with three handles (that is how many we allow at the moment). Parametrize the buffer size while doing this, so that it is easier to revisit this later on if required. Cc: stable@vger.kernel.org Reported-by: Stefan Berger <stefanb@linux.ibm.com> Fixes: 745b361e989a ("tpm: infrastructure for TPM spaces") Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2020-07-13T13:11:44+00:00 Arnd Bergmann arnd@arndb.de 2020-07-13T13:11:42+00:00 urn:sha1:38d9dff186f1c88ce8ca92700d6cedc374ff9900 Enable multi-stage OP-TEE bus enumeration Probes drivers on the OP-TEE bus in two steps. First for drivers which do not depend on tee-supplicant. After tee-supplicant has been started probe the devices which do depend on tee-supplicant. Also introduces driver which uses an OP-TEE based fTPM Trusted Application depends on tee-supplicant NV RAM implementation based on RPMB secure storage. * tag 'optee-bus-for-v5.9' of git://git.linaro.org/people/jens.wiklander/linux-tee: tpm_ftpm_tee: register driver on TEE bus optee: enable support for multi-stage bus enumeration optee: use uuid for sysfs driver entry Link: https://lore.kernel.org/r/20200710085230.GA1312913@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de> 2020-07-10T07:41:58+00:00 Maxim Uvarov maxim.uvarov@linaro.org 2020-06-18T13:52:51+00:00 urn:sha1:9f1944c23c8cb1c033b73de80cf6c612a2a80a2b OP-TEE based fTPM Trusted Application depends on tee-supplicant to provide NV RAM implementation based on RPMB secure storage. So this dependency can be resolved via TEE bus where we only invoke fTPM driver probe once fTPM device is registered on the bus which is only true after the tee-supplicant is up and running. Additionally, TEE bus provides auto device enumeration. Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> Suggested-by: Sumit Garg <sumit.garg@linaro.org> Suggested-by: Arnd Bergmann <arnd@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2020-07-07T01:25:17+00:00 Jarkko Sakkinen jarkko.sakkinen@linux.intel.com 2020-07-06T20:53:42+00:00 urn:sha1:786a2aa281f4c4ba424ea8b8ea1e85ab62c4a57c Removing IFX0102 from tpm_tis was not a right move because both tpm_tis and tpm_infineon use the same device ID. Revert the commit and add a remark about a bug caused by commit 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter"). Fixes: e918e570415c ("tpm_tis: Remove the HID IFX0102") Reported-by: Peter Huewe <peterhuewe@gmx.de> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2020-07-02T14:49:00+00:00 Jarkko Sakkinen jarkko.sakkinen@linux.intel.com 2020-06-25T02:31:11+00:00 urn:sha1:e918e570415ced9898a51109000a3f39a6e03be5 Acer C720 running Linux v5.3 reports this in klog: tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16) tpm tpm0: tpm_try_transmit: send(): error -5 tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts tpm_tis tpm_tis: Could not get TPM timeouts and durations tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16) tpm tpm0: tpm_try_transmit: send(): error -5 tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts tpm_tis 00:08: Could not get TPM timeouts and durations ima: No TPM chip found, activating TPM-bypass! tpm_inf_pnp 00:08: Found TPM with ID IFX0102 % git --no-pager grep IFX0102 drivers/char/tpm drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0}, drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */ Obviously IFX0102 was added to the HID table for the TCG TIS driver by mistake. Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter") Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877 Cc: stable@vger.kernel.org Cc: Kylene Jo Hall <kjhall@us.ibm.com> Reported-by: Ferry Toth: <ferry.toth@elsinga.info> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2020-07-02T14:49:00+00:00 Douglas Anderson dianders@chromium.org 2020-06-19T21:20:01+00:00 urn:sha1:7187bf7f6297a8cfc74512a4493e06028626482d On a Chromebook I'm working on I noticed a big (~1 second) delay during bootup where nothing was happening. Right around this big delay there were messages about the TPM: [ 2.311352] tpm_tis_spi spi0.0: TPM ready IRQ confirmed on attempt 2 [ 3.332790] tpm_tis_spi spi0.0: Cr50 firmware version: ... I put a few printouts in and saw that tpm_tis_spi_init() (specifically tpm_chip_register() in that function) was taking the lion's share of this time, though ~115 ms of the time was in cr50_print_fw_version(). Let's make a one-line change to prefer async probe for tpm_tis_spi. There's no reason we need to block other drivers from probing while we load. NOTES: * It's possible that other hardware runs through the init sequence faster than Cr50 and this isn't such a big problem for them. However, even if they are faster they are still doing _some_ transfers over a SPI bus so this should benefit everyone even if to a lesser extent. * It's possible that there are extra delays in the code that could be optimized out. I didn't dig since once I enabled async probe they no longer impacted me. Signed-off-by: Douglas Anderson <dianders@chromium.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>