--- /dev/null
+From c307459b9d1fcb8bbf3ea5a4162979532322ef77 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 2 Oct 2020 10:38:13 -0700
+Subject: fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum
+
+From: Kees Cook <keescook@chromium.org>
+
+commit c307459b9d1fcb8bbf3ea5a4162979532322ef77 upstream.
+
+FIRMWARE_PREALLOC_BUFFER is a "how", not a "what", and confuses the LSMs
+that are interested in filtering between types of things. The "how"
+should be an internal detail made uninteresting to the LSMs.
+
+Fixes: a098ecd2fa7d ("firmware: support loading into a pre-allocated buffer")
+Fixes: fd90bc559bfb ("ima: based on policy verify firmware signatures (pre-allocated buffer)")
+Fixes: 4f0496d8ffa3 ("ima: based on policy warn about loading firmware (pre-allocated buffer)")
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Acked-by: Scott Branden <scott.branden@broadcom.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201002173828.2099543-2-keescook@chromium.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/firmware_loader/main.c | 5 ++---
+ fs/exec.c | 7 ++++---
+ include/linux/fs.h | 1 -
+ kernel/module.c | 2 +-
+ security/integrity/digsig.c | 2 +-
+ security/integrity/ima/ima_fs.c | 2 +-
+ security/integrity/ima/ima_main.c | 6 ++----
+ 7 files changed, 11 insertions(+), 14 deletions(-)
+
+--- a/drivers/base/firmware_loader/main.c
++++ b/drivers/base/firmware_loader/main.c
+@@ -470,14 +470,12 @@ fw_get_filesystem_firmware(struct device
+ int i, len;
+ int rc = -ENOENT;
+ char *path;
+- enum kernel_read_file_id id = READING_FIRMWARE;
+ size_t msize = INT_MAX;
+ void *buffer = NULL;
+
+ /* Already populated data member means we're loading into a buffer */
+ if (!decompress && fw_priv->data) {
+ buffer = fw_priv->data;
+- id = READING_FIRMWARE_PREALLOC_BUFFER;
+ msize = fw_priv->allocated_size;
+ }
+
+@@ -501,7 +499,8 @@ fw_get_filesystem_firmware(struct device
+
+ /* load firmware files from the mount namespace of init */
+ rc = kernel_read_file_from_path_initns(path, &buffer,
+- &size, msize, id);
++ &size, msize,
++ READING_FIRMWARE);
+ if (rc) {
+ if (rc != -ENOENT)
+ dev_warn(device, "loading %s failed with error %d\n",
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -955,6 +955,7 @@ int kernel_read_file(struct file *file,
+ {
+ loff_t i_size, pos;
+ ssize_t bytes = 0;
++ void *allocated = NULL;
+ int ret;
+
+ if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0)
+@@ -978,8 +979,8 @@ int kernel_read_file(struct file *file,
+ goto out;
+ }
+
+- if (id != READING_FIRMWARE_PREALLOC_BUFFER)
+- *buf = vmalloc(i_size);
++ if (!*buf)
++ *buf = allocated = vmalloc(i_size);
+ if (!*buf) {
+ ret = -ENOMEM;
+ goto out;
+@@ -1008,7 +1009,7 @@ int kernel_read_file(struct file *file,
+
+ out_free:
+ if (ret < 0) {
+- if (id != READING_FIRMWARE_PREALLOC_BUFFER) {
++ if (allocated) {
+ vfree(*buf);
+ *buf = NULL;
+ }
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -2861,7 +2861,6 @@ extern int do_pipe_flags(int *, int);
+ #define __kernel_read_file_id(id) \
+ id(UNKNOWN, unknown) \
+ id(FIRMWARE, firmware) \
+- id(FIRMWARE_PREALLOC_BUFFER, firmware) \
+ id(MODULE, kernel-module) \
+ id(KEXEC_IMAGE, kexec-image) \
+ id(KEXEC_INITRAMFS, kexec-initramfs) \
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -4028,7 +4028,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, c
+ {
+ struct load_info info = { };
+ loff_t size;
+- void *hdr;
++ void *hdr = NULL;
+ int err;
+
+ err = may_init_module();
+--- a/security/integrity/digsig.c
++++ b/security/integrity/digsig.c
+@@ -169,7 +169,7 @@ int __init integrity_add_key(const unsig
+
+ int __init integrity_load_x509(const unsigned int id, const char *path)
+ {
+- void *data;
++ void *data = NULL;
+ loff_t size;
+ int rc;
+ key_perm_t perm;
+--- a/security/integrity/ima/ima_fs.c
++++ b/security/integrity/ima/ima_fs.c
+@@ -272,7 +272,7 @@ static const struct file_operations ima_
+
+ static ssize_t ima_read_policy(char *path)
+ {
+- void *data;
++ void *data = NULL;
+ char *datap;
+ loff_t size;
+ int rc, pathlen = strlen(path);
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -621,19 +621,17 @@ void ima_post_path_mknod(struct dentry *
+ int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
+ {
+ /*
+- * READING_FIRMWARE_PREALLOC_BUFFER
+- *
+ * Do devices using pre-allocated memory run the risk of the
+ * firmware being accessible to the device prior to the completion
+ * of IMA's signature verification any more than when using two
+- * buffers?
++ * buffers? It may be desirable to include the buffer address
++ * in this API and walk all the dma_map_single() mappings to check.
+ */
+ return 0;
+ }
+
+ const int read_idmap[READING_MAX_ID] = {
+ [READING_FIRMWARE] = FIRMWARE_CHECK,
+- [READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK,
+ [READING_MODULE] = MODULE_CHECK,
+ [READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK,
+ [READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK,
--- /dev/null
+From a8b595b22d31f83b715511f59012f152a269d83b Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Thu, 15 Oct 2020 10:13:07 -0600
+Subject: io-wq: assign NUMA node locality if appropriate
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit a8b595b22d31f83b715511f59012f152a269d83b upstream.
+
+There was an assumption that kthread_create_on_node() would properly set
+NUMA affinities in terms of CPUs allowed, but it doesn't. Make sure we
+do this when creating an io-wq context on NUMA.
+
+Cc: stable@vger.kernel.org
+Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io-wq.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/io-wq.c
++++ b/fs/io-wq.c
+@@ -654,6 +654,7 @@ static bool create_io_worker(struct io_w
+ kfree(worker);
+ return false;
+ }
++ kthread_bind_mask(worker->task, cpumask_of_node(wqe->node));
+
+ raw_spin_lock_irq(&wqe->lock);
+ hlist_nulls_add_head_rcu(&worker->nulls_node, &wqe->free_list);
--- /dev/null
+From c9723750a699c3bd465493ac2be8992b72ccb105 Mon Sep 17 00:00:00 2001
+From: Martin Fuzzey <martin.fuzzey@flowbird.group>
+Date: Wed, 30 Sep 2020 10:36:46 +0200
+Subject: w1: mxc_w1: Fix timeout resolution problem leading to bus error
+
+From: Martin Fuzzey <martin.fuzzey@flowbird.group>
+
+commit c9723750a699c3bd465493ac2be8992b72ccb105 upstream.
+
+On my platform (i.MX53) bus access sometimes fails with
+ w1_search: max_slave_count 64 reached, will continue next search.
+
+The reason is the use of jiffies to implement a 200us timeout in
+mxc_w1_ds2_touch_bit().
+On some platforms the jiffies timer resolution is insufficient for this.
+
+Fix by replacing jiffies by ktime_get().
+
+For consistency apply the same change to the other use of jiffies in
+mxc_w1_ds2_reset_bus().
+
+Fixes: f80b2581a706 ("w1: mxc_w1: Optimize mxc_w1_ds2_touch_bit()")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
+Link: https://lore.kernel.org/r/1601455030-6607-1-git-send-email-martin.fuzzey@flowbird.group
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/w1/masters/mxc_w1.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/drivers/w1/masters/mxc_w1.c
++++ b/drivers/w1/masters/mxc_w1.c
+@@ -7,7 +7,7 @@
+ #include <linux/clk.h>
+ #include <linux/delay.h>
+ #include <linux/io.h>
+-#include <linux/jiffies.h>
++#include <linux/ktime.h>
+ #include <linux/module.h>
+ #include <linux/mod_devicetable.h>
+ #include <linux/platform_device.h>
+@@ -40,12 +40,12 @@ struct mxc_w1_device {
+ static u8 mxc_w1_ds2_reset_bus(void *data)
+ {
+ struct mxc_w1_device *dev = data;
+- unsigned long timeout;
++ ktime_t timeout;
+
+ writeb(MXC_W1_CONTROL_RPP, dev->regs + MXC_W1_CONTROL);
+
+ /* Wait for reset sequence 511+512us, use 1500us for sure */
+- timeout = jiffies + usecs_to_jiffies(1500);
++ timeout = ktime_add_us(ktime_get(), 1500);
+
+ udelay(511 + 512);
+
+@@ -55,7 +55,7 @@ static u8 mxc_w1_ds2_reset_bus(void *dat
+ /* PST bit is valid after the RPP bit is self-cleared */
+ if (!(ctrl & MXC_W1_CONTROL_RPP))
+ return !(ctrl & MXC_W1_CONTROL_PST);
+- } while (time_is_after_jiffies(timeout));
++ } while (ktime_before(ktime_get(), timeout));
+
+ return 1;
+ }
+@@ -68,12 +68,12 @@ static u8 mxc_w1_ds2_reset_bus(void *dat
+ static u8 mxc_w1_ds2_touch_bit(void *data, u8 bit)
+ {
+ struct mxc_w1_device *dev = data;
+- unsigned long timeout;
++ ktime_t timeout;
+
+ writeb(MXC_W1_CONTROL_WR(bit), dev->regs + MXC_W1_CONTROL);
+
+ /* Wait for read/write bit (60us, Max 120us), use 200us for sure */
+- timeout = jiffies + usecs_to_jiffies(200);
++ timeout = ktime_add_us(ktime_get(), 200);
+
+ udelay(60);
+
+@@ -83,7 +83,7 @@ static u8 mxc_w1_ds2_touch_bit(void *dat
+ /* RDST bit is valid after the WR1/RD bit is self-cleared */
+ if (!(ctrl & MXC_W1_CONTROL_WR(bit)))
+ return !!(ctrl & MXC_W1_CONTROL_RDST);
+- } while (time_is_after_jiffies(timeout));
++ } while (ktime_before(ktime_get(), timeout));
+
+ return 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
