From: Sasha Levin <sashal@kernel.org>
Date: Wed, 9 Oct 2019 16:32:02 +0000 (-0400)
Subject: fixes for 5.3
X-Git-Tag: v4.14.149~4^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96cc5cbc2ec0653d07cfaf7df0c77b77e582ecb9;p=thirdparty%2Fkernel%2Fstable-queue.git

fixes for 5.3

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.3/libnvdimm-prevent-nvdimm-from-requesting-key-when-se.patch b/queue-5.3/libnvdimm-prevent-nvdimm-from-requesting-key-when-se.patch
new file mode 100644
index 00000000000..f4726509aab
--- /dev/null
+++ b/queue-5.3/libnvdimm-prevent-nvdimm-from-requesting-key-when-se.patch
@@ -0,0 +1,47 @@
+From c85b574ae4ffb5f24c5c11479643f81216789417 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Sep 2019 10:34:49 -0700
+Subject: libnvdimm: prevent nvdimm from requesting key when security is
+ disabled
+
+From: Dave Jiang <dave.jiang@intel.com>
+
+[ Upstream commit 674f31a352da5e9f621f757b9a89262f486533a0 ]
+
+Current implementation attempts to request keys from the keyring even when
+security is not enabled. Change behavior so when security is disabled it
+will skip key request.
+
+Error messages seen when no keys are installed and libnvdimm is loaded:
+
+    request-key[4598]: Cannot find command to construct key 661489677
+    request-key[4606]: Cannot find command to construct key 34713726
+
+Cc: stable@vger.kernel.org
+Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
+Signed-off-by: Dave Jiang <dave.jiang@intel.com>
+Link: https://lore.kernel.org/r/156934642272.30222.5230162488753445916.stgit@djiang5-desk3.ch.intel.com
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvdimm/security.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
+index a570f2263a424..5b7ea93edb935 100644
+--- a/drivers/nvdimm/security.c
++++ b/drivers/nvdimm/security.c
+@@ -177,6 +177,10 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
+ 			|| nvdimm->sec.state < 0)
+ 		return -EIO;
+ 
++	/* No need to go further if security is disabled */
++	if (nvdimm->sec.state == NVDIMM_SECURITY_DISABLED)
++		return 0;
++
+ 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
+ 		dev_dbg(dev, "Security operation in progress.\n");
+ 		return -EBUSY;
+-- 
+2.20.1
+
diff --git a/queue-5.3/series b/queue-5.3/series
index 2dfb93418ee..562676e4c39 100644
--- a/queue-5.3/series
+++ b/queue-5.3/series
@@ -145,3 +145,4 @@ staging-erofs-some-compressed-cluster-should-be-submitted-for-corrupted-images.p
 staging-erofs-add-two-missing-erofs_workgroup_put-for-corrupted-images.patch
 staging-erofs-avoid-endless-loop-of-invalid-lookback-distance-0.patch
 staging-erofs-detect-potential-multiref-due-to-corrupted-images.patch
+libnvdimm-prevent-nvdimm-from-requesting-key-when-se.patch