From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 8 Jul 2017 08:59:09 +0000 (+0200)
Subject: 4.12-stable patches
X-Git-Tag: v4.9.37~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a663063bae036e34c2668f1e160e50cb78dc435;p=thirdparty%2Fkernel%2Fstable-queue.git

4.12-stable patches

added patches:
	add-shutdown-to-struct-class.patch
	tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
	tpm-issue-a-tpm2_shutdown-for-tpm2-devices.patch
---

diff --git a/queue-4.12/add-shutdown-to-struct-class.patch b/queue-4.12/add-shutdown-to-struct-class.patch
new file mode 100644
index 00000000000..df51d89f1b6
--- /dev/null
+++ b/queue-4.12/add-shutdown-to-struct-class.patch
@@ -0,0 +1,59 @@
+From f77af15165847406b15d8f70c382c4cb15846b2a Mon Sep 17 00:00:00 2001
+From: Josh Zimmerman <joshz@google.com>
+Date: Sun, 25 Jun 2017 14:53:23 -0700
+Subject: Add "shutdown" to "struct class".
+
+From: Josh Zimmerman <joshz@google.com>
+
+commit f77af15165847406b15d8f70c382c4cb15846b2a upstream.
+
+The TPM class has some common shutdown code that must be executed for
+all drivers. This adds some needed functionality for that.
+
+Signed-off-by: Josh Zimmerman <joshz@google.com>
+Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Fixes: 74d6b3ceaa17 ("tpm: fix suspend/resume paths for TPM 2.0")
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/core.c    |    6 +++++-
+ include/linux/device.h |    2 ++
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/base/core.c
++++ b/drivers/base/core.c
+@@ -2667,7 +2667,11 @@ void device_shutdown(void)
+ 		pm_runtime_get_noresume(dev);
+ 		pm_runtime_barrier(dev);
+ 
+-		if (dev->bus && dev->bus->shutdown) {
++		if (dev->class && dev->class->shutdown) {
++			if (initcall_debug)
++				dev_info(dev, "shutdown\n");
++			dev->class->shutdown(dev);
++		} else if (dev->bus && dev->bus->shutdown) {
+ 			if (initcall_debug)
+ 				dev_info(dev, "shutdown\n");
+ 			dev->bus->shutdown(dev);
+--- a/include/linux/device.h
++++ b/include/linux/device.h
+@@ -378,6 +378,7 @@ int subsys_virtual_register(struct bus_t
+  * @suspend:	Used to put the device to sleep mode, usually to a low power
+  *		state.
+  * @resume:	Used to bring the device from the sleep mode.
++ * @shutdown:	Called at shut-down time to quiesce the device.
+  * @ns_type:	Callbacks so sysfs can detemine namespaces.
+  * @namespace:	Namespace of the device belongs to this class.
+  * @pm:		The default device power management operations of this class.
+@@ -407,6 +408,7 @@ struct class {
+ 
+ 	int (*suspend)(struct device *dev, pm_message_t state);
+ 	int (*resume)(struct device *dev);
++	int (*shutdown)(struct device *dev);
+ 
+ 	const struct kobj_ns_type_operations *ns_type;
+ 	const void *(*namespace)(struct device *dev);
diff --git a/queue-4.12/series b/queue-4.12/series
index 0a8cbcdbecd..f24968da82a 100644
--- a/queue-4.12/series
+++ b/queue-4.12/series
@@ -10,3 +10,6 @@ usb-serial-option-add-two-longcheer-device-ids.patch
 usb-serial-qcserial-new-sierra-wireless-em7305-device-id.patch
 xhci-limit-usb2-port-wake-support-for-amd-promontory-hosts.patch
 gfs2-fix-glock-rhashtable-rcu-bug.patch
+add-shutdown-to-struct-class.patch
+tpm-issue-a-tpm2_shutdown-for-tpm2-devices.patch
+tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
diff --git a/queue-4.12/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch b/queue-4.12/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
new file mode 100644
index 00000000000..e7832bd4a81
--- /dev/null
+++ b/queue-4.12/tpm-fix-a-kernel-memory-leak-in-tpm-sysfs.c.patch
@@ -0,0 +1,41 @@
+From 13b47cfcfc60495cde216eef4c01040d76174cbe Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Date: Tue, 20 Jun 2017 11:38:02 +0200
+Subject: tpm: fix a kernel memory leak in tpm-sysfs.c
+
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+
+commit 13b47cfcfc60495cde216eef4c01040d76174cbe upstream.
+
+While cleaning up sysfs callback that prints EK we discovered a kernel
+memory leak. This commit fixes the issue by zeroing the buffer used for
+TPM command/response.
+
+The leak happen when we use either tpm_vtpm_proxy, tpm_ibmvtpm or
+xen-tpmfront.
+
+Fixes: 0883743825e3 ("TPM: sysfs functions consolidation")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm-sysfs.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/char/tpm/tpm-sysfs.c
++++ b/drivers/char/tpm/tpm-sysfs.c
+@@ -36,9 +36,10 @@ static ssize_t pubek_show(struct device
+ 	ssize_t err;
+ 	int i, rc;
+ 	char *str = buf;
+-
+ 	struct tpm_chip *chip = to_tpm_chip(dev);
+ 
++	memset(&tpm_cmd, 0, sizeof(tpm_cmd));
++
+ 	tpm_cmd.header.in = tpm_readpubek_header;
+ 	err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
+ 			       READ_PUBEK_RESULT_MIN_BODY_SIZE, 0,
diff --git a/queue-4.12/tpm-issue-a-tpm2_shutdown-for-tpm2-devices.patch b/queue-4.12/tpm-issue-a-tpm2_shutdown-for-tpm2-devices.patch
new file mode 100644
index 00000000000..4b1476a4cf1
--- /dev/null
+++ b/queue-4.12/tpm-issue-a-tpm2_shutdown-for-tpm2-devices.patch
@@ -0,0 +1,94 @@
+From d1bd4a792d3961a04e6154118816b00167aad91a Mon Sep 17 00:00:00 2001
+From: Josh Zimmerman <joshz@google.com>
+Date: Sun, 25 Jun 2017 14:53:24 -0700
+Subject: tpm: Issue a TPM2_Shutdown for TPM2 devices.
+
+From: Josh Zimmerman <joshz@google.com>
+
+commit d1bd4a792d3961a04e6154118816b00167aad91a upstream.
+
+If a TPM2 loses power without a TPM2_Shutdown command being issued (a
+"disorderly reboot"), it may lose some state that has yet to be
+persisted to NVRam, and will increment the DA counter. After the DA
+counter gets sufficiently large, the TPM will lock the user out.
+
+NOTE: This only changes behavior on TPM2 devices. Since TPM1 uses sysfs,
+and sysfs relies on implicit locking on chip->ops, it is not safe to
+allow this code to run in TPM1, or to add sysfs support to TPM2, until
+that locking is made explicit.
+
+Signed-off-by: Josh Zimmerman <joshz@google.com>
+Fixes: 74d6b3ceaa17 ("tpm: fix suspend/resume paths for TPM 2.0")
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm-chip.c  |   34 ++++++++++++++++++++++++++++++++++
+ drivers/char/tpm/tpm-sysfs.c |    3 +++
+ 2 files changed, 37 insertions(+)
+
+--- a/drivers/char/tpm/tpm-chip.c
++++ b/drivers/char/tpm/tpm-chip.c
+@@ -143,6 +143,39 @@ static void tpm_devs_release(struct devi
+ }
+ 
+ /**
++ * tpm_class_shutdown() - prepare the TPM device for loss of power.
++ * @dev: device to which the chip is associated.
++ *
++ * Issues a TPM2_Shutdown command prior to loss of power, as required by the
++ * TPM 2.0 spec.
++ * Then, calls bus- and device- specific shutdown code.
++ *
++ * XXX: This codepath relies on the fact that sysfs is not enabled for
++ * TPM2: sysfs uses an implicit lock on chip->ops, so this could race if TPM2
++ * has sysfs support enabled before TPM sysfs's implicit locking is fixed.
++ */
++static int tpm_class_shutdown(struct device *dev)
++{
++	struct tpm_chip *chip = container_of(dev, struct tpm_chip, dev);
++
++	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
++		down_write(&chip->ops_sem);
++		tpm2_shutdown(chip, TPM2_SU_CLEAR);
++		chip->ops = NULL;
++		up_write(&chip->ops_sem);
++	}
++	/* Allow bus- and device-specific code to run. Note: since chip->ops
++	 * is NULL, more-specific shutdown code will not be able to issue TPM
++	 * commands.
++	 */
++	if (dev->bus && dev->bus->shutdown)
++		dev->bus->shutdown(dev);
++	else if (dev->driver && dev->driver->shutdown)
++		dev->driver->shutdown(dev);
++	return 0;
++}
++
++/**
+  * tpm_chip_alloc() - allocate a new struct tpm_chip instance
+  * @pdev: device to which the chip is associated
+  *        At this point pdev mst be initialized, but does not have to
+@@ -181,6 +214,7 @@ struct tpm_chip *tpm_chip_alloc(struct d
+ 	device_initialize(&chip->devs);
+ 
+ 	chip->dev.class = tpm_class;
++	chip->dev.class->shutdown = tpm_class_shutdown;
+ 	chip->dev.release = tpm_dev_release;
+ 	chip->dev.parent = pdev;
+ 	chip->dev.groups = chip->groups;
+--- a/drivers/char/tpm/tpm-sysfs.c
++++ b/drivers/char/tpm/tpm-sysfs.c
+@@ -294,6 +294,9 @@ static const struct attribute_group tpm_
+ 
+ void tpm_sysfs_add_device(struct tpm_chip *chip)
+ {
++	/* XXX: If you wish to remove this restriction, you must first update
++	 * tpm_sysfs to explicitly lock chip->ops.
++	 */
+ 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ 		return;
+