From: Greg Kroah-Hartman Date: Mon, 30 Apr 2018 14:27:43 +0000 (-0700) Subject: 4.16-stable patches X-Git-Tag: v4.16.7~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dbbe64e1a063ffdee310727e9bde388b12bf10a6;p=thirdparty%2Fkernel%2Fstable-queue.git 4.16-stable patches added patches: crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch --- diff --git a/queue-4.16/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch b/queue-4.16/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch new file mode 100644 index 00000000000..deca8314e81 --- /dev/null +++ b/queue-4.16/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch @@ -0,0 +1,71 @@ +From 716c7c32eae4b8a45c4f5602b50453865929b670 Mon Sep 17 00:00:00 2001 +From: Brijesh Singh +Date: Wed, 21 Feb 2018 08:41:39 -0600 +Subject: crypto: ccp - add check to get PSP master only when PSP is detected + +From: Brijesh Singh + +commit 716c7c32eae4b8a45c4f5602b50453865929b670 upstream. + +Paulian reported the below kernel crash on Ryzen 5 system: + +BUG: unable to handle kernel NULL pointer dereference at 0000000000000073 +RIP: 0010:.LC0+0x41f/0xa00 +RSP: 0018:ffffa9968003bdd0 EFLAGS: 00010002 +RAX: ffffffffb113b130 RBX: 0000000000000000 RCX: 00000000000005a7 +RDX: 00000000000000ff RSI: ffff8b46dee651a0 RDI: ffffffffb1bd617c +RBP: 0000000000000246 R08: 00000000000251a0 R09: 0000000000000000 +R10: ffffd81f11a38200 R11: ffff8b52e8e0a161 R12: ffffffffb19db220 +R13: 0000000000000007 R14: ffffffffb17e4888 R15: 5dccd7affc30a31e +FS: 0000000000000000(0000) GS:ffff8b46dee40000(0000) knlGS:0000000000000000 +CR2: 0000000000000073 CR3: 000080128120a000 CR4: 00000000003406e0 +Call Trace: + ? sp_get_psp_master_device+0x56/0x80 + ? map_properties+0x540/0x540 + ? psp_pci_init+0x20/0xe0 + ? map_properties+0x540/0x540 + ? sp_mod_init+0x16/0x1a + ? do_one_initcall+0x4b/0x190 + ? kernel_init_freeable+0x19b/0x23c + ? rest_init+0xb0/0xb0 + ? kernel_init+0xa/0x100 + ? ret_from_fork+0x22/0x40 + +Since Ryzen does not support PSP/SEV firmware hence i->psp_data will +NULL in all sp instances. In those cases, 'i' will point to the +list head after list_for_each_entry(). Dereferencing the head will +cause kernel crash. + +Add check to call get master device only when PSP/SEV is detected. + +Reported-by: Paulian Bogdan Marinca +Cc: Borislav Petkov +Cc: Tom Lendacky +CC: Gary R Hook +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Brijesh Singh +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/ccp/sp-dev.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/crypto/ccp/sp-dev.c ++++ b/drivers/crypto/ccp/sp-dev.c +@@ -252,12 +252,12 @@ struct sp_device *sp_get_psp_master_devi + goto unlock; + + list_for_each_entry(i, &sp_units, entry) { +- if (i->psp_data) ++ if (i->psp_data && i->get_psp_master_device) { ++ ret = i->get_psp_master_device(); + break; ++ } + } + +- if (i->get_psp_master_device) +- ret = i->get_psp_master_device(); + unlock: + write_unlock_irqrestore(&sp_unit_lock, flags); + return ret; diff --git a/queue-4.16/series b/queue-4.16/series index 0613e3504f1..4d50d190cf2 100644 --- a/queue-4.16/series +++ b/queue-4.16/series @@ -109,3 +109,4 @@ x86-smpboot-don-t-use-mwait_play_dead-on-amd-systems.patch x86-microcode-intel-save-microcode-patch-unconditionally.patch x86-microcode-do-not-exit-early-from-__reload_late.patch tick-sched-do-not-mess-with-an-enqueued-hrtimer.patch +crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch