From ee73a3781a7bb880dae4e244bb2d38676c9cd377 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 20 Jul 2023 19:09:15 +0200 Subject: [PATCH] 6.4-stable patches added patches: hid-amd_sfh-fix-for-shift-out-of-bounds.patch hid-amd_sfh-rename-the-float32-variable.patch hid-input-fix-mapping-for-camera-access-keys.patch net-lan743x-don-t-sleep-in-atomic-context.patch net-lan743x-select-fixed_phy.patch net-ncsi-change-from-ndo_set_mac_address-to-dev_set_mac_address.patch security-integrity-fix-pointer-to-esl-data-and-its-size-on-pseries.patch series --- ...-amd_sfh-fix-for-shift-out-of-bounds.patch | 90 ++++++++++++++ ...-amd_sfh-rename-the-float32-variable.patch | 56 +++++++++ ...t-fix-mapping-for-camera-access-keys.patch | 57 +++++++++ ...an743x-don-t-sleep-in-atomic-context.patch | 72 +++++++++++ queue-6.4/net-lan743x-select-fixed_phy.patch | 41 +++++++ ...t_mac_address-to-dev_set_mac_address.patch | 50 ++++++++ ...-to-esl-data-and-its-size-on-pseries.patch | 112 ++++++++++++++++++ queue-6.4/series | 7 ++ 8 files changed, 485 insertions(+) create mode 100644 queue-6.4/hid-amd_sfh-fix-for-shift-out-of-bounds.patch create mode 100644 queue-6.4/hid-amd_sfh-rename-the-float32-variable.patch create mode 100644 queue-6.4/hid-input-fix-mapping-for-camera-access-keys.patch create mode 100644 queue-6.4/net-lan743x-don-t-sleep-in-atomic-context.patch create mode 100644 queue-6.4/net-lan743x-select-fixed_phy.patch create mode 100644 queue-6.4/net-ncsi-change-from-ndo_set_mac_address-to-dev_set_mac_address.patch create mode 100644 queue-6.4/security-integrity-fix-pointer-to-esl-data-and-its-size-on-pseries.patch create mode 100644 queue-6.4/series diff --git a/queue-6.4/hid-amd_sfh-fix-for-shift-out-of-bounds.patch b/queue-6.4/hid-amd_sfh-fix-for-shift-out-of-bounds.patch new file mode 100644 index 00000000000..e5dcb5c69e5 --- /dev/null +++ b/queue-6.4/hid-amd_sfh-fix-for-shift-out-of-bounds.patch @@ -0,0 +1,90 @@ +From 87854366176403438d01f368b09de3ec2234e0f5 Mon Sep 17 00:00:00 2001 +From: Basavaraj Natikar +Date: Fri, 7 Jul 2023 12:27:22 +0530 +Subject: HID: amd_sfh: Fix for shift-out-of-bounds + +From: Basavaraj Natikar + +commit 87854366176403438d01f368b09de3ec2234e0f5 upstream. + +Shift operation of 'exp' and 'shift' variables exceeds the maximum number +of shift values in the u32 range leading to UBSAN shift-out-of-bounds. + +... +[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50 +[ 6.120598] shift exponent 104 is too large for 64-bit type 'long unsigned int' +[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10 +[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023 +[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh] +[ 6.120687] Call Trace: +[ 6.120690] +[ 6.120694] dump_stack_lvl+0x48/0x70 +[ 6.120704] dump_stack+0x10/0x20 +[ 6.120707] ubsan_epilogue+0x9/0x40 +[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170 +[ 6.120720] ? psi_group_change+0x25f/0x4b0 +[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh] +[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh] +[ 6.120748] ? __schedule+0xba7/0x1b60 +[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh] +[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh] +[ 6.120772] process_one_work+0x229/0x430 +[ 6.120780] worker_thread+0x4a/0x3c0 +[ 6.120784] ? __pfx_worker_thread+0x10/0x10 +[ 6.120788] kthread+0xf7/0x130 +[ 6.120792] ? __pfx_kthread+0x10/0x10 +[ 6.120795] ret_from_fork+0x29/0x50 +[ 6.120804] +... + +Fix this by adding the condition to validate shift ranges. + +Fixes: 93ce5e0231d7 ("HID: amd_sfh: Implement SFH1.1 functionality") +Cc: stable@vger.kernel.org +Tested-by: Kai-Heng Feng +Signed-off-by: Basavaraj Natikar +Signed-off-by: Akshata MukundShetty +Link: https://lore.kernel.org/r/20230707065722.9036-3-Basavaraj.Natikar@amd.com +Signed-off-by: Benjamin Tissoires +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +--- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c ++++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c +@@ -143,16 +143,32 @@ static int float_to_int(u32 flt32_val) + if (!exp && !mantissa) + return 0; + ++ /* ++ * Calculate the exponent and fraction part of floating ++ * point representation. ++ */ + exp -= 127; + if (exp < 0) { + exp = -exp; ++ if (exp >= BITS_PER_TYPE(u32)) ++ return 0; + zeropre = (((BIT(23) + mantissa) * 100) >> 23) >> exp; + return zeropre >= 50 ? sign : 0; + } + + shift = 23 - exp; +- flt32_val = BIT(exp) + (mantissa >> shift); +- fraction = mantissa & GENMASK(shift - 1, 0); ++ if (abs(shift) >= BITS_PER_TYPE(u32)) ++ return 0; ++ ++ if (shift < 0) { ++ shift = -shift; ++ flt32_val = BIT(exp) + (mantissa << shift); ++ shift = 0; ++ } else { ++ flt32_val = BIT(exp) + (mantissa >> shift); ++ } ++ ++ fraction = (shift == 0) ? 0 : mantissa & GENMASK(shift - 1, 0); + + return (((fraction * 100) >> shift) >= 50) ? sign * (flt32_val + 1) : sign * flt32_val; + } diff --git a/queue-6.4/hid-amd_sfh-rename-the-float32-variable.patch b/queue-6.4/hid-amd_sfh-rename-the-float32-variable.patch new file mode 100644 index 00000000000..6c555f58b84 --- /dev/null +++ b/queue-6.4/hid-amd_sfh-rename-the-float32-variable.patch @@ -0,0 +1,56 @@ +From c1685a862a4bea863537f06abaa37a123aef493c Mon Sep 17 00:00:00 2001 +From: Basavaraj Natikar +Date: Fri, 7 Jul 2023 12:27:21 +0530 +Subject: HID: amd_sfh: Rename the float32 variable + +From: Basavaraj Natikar + +commit c1685a862a4bea863537f06abaa37a123aef493c upstream. + +As float32 is also used in other places as a data type, it is necessary +to rename the float32 variable in order to avoid confusion. + +Cc: stable@vger.kernel.org +Tested-by: Kai-Heng Feng +Signed-off-by: Basavaraj Natikar +Signed-off-by: Akshata MukundShetty +Link: https://lore.kernel.org/r/20230707065722.9036-2-Basavaraj.Natikar@amd.com +Signed-off-by: Benjamin Tissoires +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c ++++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c +@@ -132,13 +132,13 @@ static void get_common_inputs(struct com + common->event_type = HID_USAGE_SENSOR_EVENT_DATA_UPDATED_ENUM; + } + +-static int float_to_int(u32 float32) ++static int float_to_int(u32 flt32_val) + { + int fraction, shift, mantissa, sign, exp, zeropre; + +- mantissa = float32 & GENMASK(22, 0); +- sign = (float32 & BIT(31)) ? -1 : 1; +- exp = (float32 & ~BIT(31)) >> 23; ++ mantissa = flt32_val & GENMASK(22, 0); ++ sign = (flt32_val & BIT(31)) ? -1 : 1; ++ exp = (flt32_val & ~BIT(31)) >> 23; + + if (!exp && !mantissa) + return 0; +@@ -151,10 +151,10 @@ static int float_to_int(u32 float32) + } + + shift = 23 - exp; +- float32 = BIT(exp) + (mantissa >> shift); ++ flt32_val = BIT(exp) + (mantissa >> shift); + fraction = mantissa & GENMASK(shift - 1, 0); + +- return (((fraction * 100) >> shift) >= 50) ? sign * (float32 + 1) : sign * float32; ++ return (((fraction * 100) >> shift) >= 50) ? sign * (flt32_val + 1) : sign * flt32_val; + } + + static u8 get_input_rep(u8 current_index, int sensor_idx, int report_id, diff --git a/queue-6.4/hid-input-fix-mapping-for-camera-access-keys.patch b/queue-6.4/hid-input-fix-mapping-for-camera-access-keys.patch new file mode 100644 index 00000000000..501b931e0f1 --- /dev/null +++ b/queue-6.4/hid-input-fix-mapping-for-camera-access-keys.patch @@ -0,0 +1,57 @@ +From e3ea6467f623b80906ff0c93b58755ab903ce12f Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Tue, 27 Jun 2023 15:09:01 -0700 +Subject: HID: input: fix mapping for camera access keys + +From: Dmitry Torokhov + +commit e3ea6467f623b80906ff0c93b58755ab903ce12f upstream. + +Commit 9f4211bf7f81 ("HID: add mapping for camera access keys") added +mapping for the camera access keys, but unfortunately used wrong usage +codes for them. HUTRR72[1] specifies that camera access controls use 0x76, +0x077 and 0x78 usages in the consumer control page. Previously mapped 0xd5, +0xd6 and 0xd7 usages are actually defined in HUTRR64[2] as game recording +controls. + +[1] https://www.usb.org/sites/default/files/hutrr72_-_usages_to_control_camera_access_0.pdf +[2] https://www.usb.org/sites/default/files/hutrr64b_-_game_recording_controllers_0.pdf + +Fixes: 9f4211bf7f81 ("HID: add mapping for camera access keys") +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Link: https://lore.kernel.org/r/ZJtd/fMXRUgq20TW@google.com +Signed-off-by: Benjamin Tissoires +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/hid-input.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index a1d2690a1a0d..851ee86eff32 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -1093,6 +1093,10 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel + case 0x074: map_key_clear(KEY_BRIGHTNESS_MAX); break; + case 0x075: map_key_clear(KEY_BRIGHTNESS_AUTO); break; + ++ case 0x076: map_key_clear(KEY_CAMERA_ACCESS_ENABLE); break; ++ case 0x077: map_key_clear(KEY_CAMERA_ACCESS_DISABLE); break; ++ case 0x078: map_key_clear(KEY_CAMERA_ACCESS_TOGGLE); break; ++ + case 0x079: map_key_clear(KEY_KBDILLUMUP); break; + case 0x07a: map_key_clear(KEY_KBDILLUMDOWN); break; + case 0x07c: map_key_clear(KEY_KBDILLUMTOGGLE); break; +@@ -1139,9 +1143,6 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel + case 0x0cd: map_key_clear(KEY_PLAYPAUSE); break; + case 0x0cf: map_key_clear(KEY_VOICECOMMAND); break; + +- case 0x0d5: map_key_clear(KEY_CAMERA_ACCESS_ENABLE); break; +- case 0x0d6: map_key_clear(KEY_CAMERA_ACCESS_DISABLE); break; +- case 0x0d7: map_key_clear(KEY_CAMERA_ACCESS_TOGGLE); break; + case 0x0d8: map_key_clear(KEY_DICTATE); break; + case 0x0d9: map_key_clear(KEY_EMOJI_PICKER); break; + +-- +2.41.0 + diff --git a/queue-6.4/net-lan743x-don-t-sleep-in-atomic-context.patch b/queue-6.4/net-lan743x-don-t-sleep-in-atomic-context.patch new file mode 100644 index 00000000000..2fd879c3d38 --- /dev/null +++ b/queue-6.4/net-lan743x-don-t-sleep-in-atomic-context.patch @@ -0,0 +1,72 @@ +From 7a8227b2e76be506b2ac64d2beac950ca04892a5 Mon Sep 17 00:00:00 2001 +From: Moritz Fischer +Date: Tue, 27 Jun 2023 03:50:00 +0000 +Subject: net: lan743x: Don't sleep in atomic context + +From: Moritz Fischer + +commit 7a8227b2e76be506b2ac64d2beac950ca04892a5 upstream. + +dev_set_rx_mode() grabs a spin_lock, and the lan743x implementation +proceeds subsequently to go to sleep using readx_poll_timeout(). + +Introduce a helper wrapping the readx_poll_timeout_atomic() function +and use it to replace the calls to readx_polL_timeout(). + +Fixes: 23f0703c125b ("lan743x: Add main source files for new lan743x driver") +Cc: stable@vger.kernel.org +Cc: Bryan Whitehead +Cc: UNGLinuxDriver@microchip.com +Signed-off-by: Moritz Fischer +Reviewed-by: Andrew Lunn +Link: https://lore.kernel.org/r/20230627035000.1295254-1-moritzf@google.com +Signed-off-by: Paolo Abeni +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/microchip/lan743x_main.c | 21 +++++++++++++++++---- + 1 file changed, 17 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/microchip/lan743x_main.c ++++ b/drivers/net/ethernet/microchip/lan743x_main.c +@@ -144,6 +144,18 @@ static int lan743x_csr_light_reset(struc + !(data & HW_CFG_LRST_), 100000, 10000000); + } + ++static int lan743x_csr_wait_for_bit_atomic(struct lan743x_adapter *adapter, ++ int offset, u32 bit_mask, ++ int target_value, int udelay_min, ++ int udelay_max, int count) ++{ ++ u32 data; ++ ++ return readx_poll_timeout_atomic(LAN743X_CSR_READ_OP, offset, data, ++ target_value == !!(data & bit_mask), ++ udelay_max, udelay_min * count); ++} ++ + static int lan743x_csr_wait_for_bit(struct lan743x_adapter *adapter, + int offset, u32 bit_mask, + int target_value, int usleep_min, +@@ -746,8 +758,8 @@ static int lan743x_dp_write(struct lan74 + u32 dp_sel; + int i; + +- if (lan743x_csr_wait_for_bit(adapter, DP_SEL, DP_SEL_DPRDY_, +- 1, 40, 100, 100)) ++ if (lan743x_csr_wait_for_bit_atomic(adapter, DP_SEL, DP_SEL_DPRDY_, ++ 1, 40, 100, 100)) + return -EIO; + dp_sel = lan743x_csr_read(adapter, DP_SEL); + dp_sel &= ~DP_SEL_MASK_; +@@ -758,8 +770,9 @@ static int lan743x_dp_write(struct lan74 + lan743x_csr_write(adapter, DP_ADDR, addr + i); + lan743x_csr_write(adapter, DP_DATA_0, buf[i]); + lan743x_csr_write(adapter, DP_CMD, DP_CMD_WRITE_); +- if (lan743x_csr_wait_for_bit(adapter, DP_SEL, DP_SEL_DPRDY_, +- 1, 40, 100, 100)) ++ if (lan743x_csr_wait_for_bit_atomic(adapter, DP_SEL, ++ DP_SEL_DPRDY_, ++ 1, 40, 100, 100)) + return -EIO; + } + diff --git a/queue-6.4/net-lan743x-select-fixed_phy.patch b/queue-6.4/net-lan743x-select-fixed_phy.patch new file mode 100644 index 00000000000..57cf7df4251 --- /dev/null +++ b/queue-6.4/net-lan743x-select-fixed_phy.patch @@ -0,0 +1,41 @@ +From 73c4d1b307aeb713e80ab03f90c7df9d417dc0f0 Mon Sep 17 00:00:00 2001 +From: Simon Horman +Date: Sat, 8 Jul 2023 15:06:25 +0100 +Subject: net: lan743x: select FIXED_PHY + +From: Simon Horman + +commit 73c4d1b307aeb713e80ab03f90c7df9d417dc0f0 upstream. + +The blamed commit introduces usage of fixed_phy_register() but +not a corresponding dependency on FIXED_PHY. + +This can result in a build failure. + + s390-linux-ld: drivers/net/ethernet/microchip/lan743x_main.o: in function `lan743x_phy_open': + drivers/net/ethernet/microchip/lan743x_main.c:1514: undefined reference to `fixed_phy_register' + +Fixes: 624864fbff92 ("net: lan743x: add fixed phy support for LAN7431 device") +Cc: stable@vger.kernel.org +Reported-by: Randy Dunlap +Closes: https://lore.kernel.org/netdev/725bf1c5-b252-7d19-7582-a6809716c7d6@infradead.org/ +Reviewed-by: Randy Dunlap +Tested-by: Randy Dunlap # build-tested +Signed-off-by: Simon Horman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/microchip/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/microchip/Kconfig ++++ b/drivers/net/ethernet/microchip/Kconfig +@@ -46,7 +46,7 @@ config LAN743X + tristate "LAN743x support" + depends on PCI + depends on PTP_1588_CLOCK_OPTIONAL +- select PHYLIB ++ select FIXED_PHY + select CRC16 + select CRC32 + help diff --git a/queue-6.4/net-ncsi-change-from-ndo_set_mac_address-to-dev_set_mac_address.patch b/queue-6.4/net-ncsi-change-from-ndo_set_mac_address-to-dev_set_mac_address.patch new file mode 100644 index 00000000000..1ffb57b8b18 --- /dev/null +++ b/queue-6.4/net-ncsi-change-from-ndo_set_mac_address-to-dev_set_mac_address.patch @@ -0,0 +1,50 @@ +From 790071347a0a1a89e618eedcd51c687ea783aeb3 Mon Sep 17 00:00:00 2001 +From: Ivan Mikhaylov +Date: Wed, 7 Jun 2023 18:17:42 +0300 +Subject: net/ncsi: change from ndo_set_mac_address to dev_set_mac_address + +From: Ivan Mikhaylov + +commit 790071347a0a1a89e618eedcd51c687ea783aeb3 upstream. + +Change ndo_set_mac_address to dev_set_mac_address because +dev_set_mac_address provides a way to notify network layer about MAC +change. In other case, services may not aware about MAC change and keep +using old one which set from network adapter driver. + +As example, DHCP client from systemd do not update MAC address without +notification from net subsystem which leads to the problem with acquiring +the right address from DHCP server. + +Fixes: cb10c7c0dfd9e ("net/ncsi: Add NCSI Broadcom OEM command") +Cc: stable@vger.kernel.org # v6.0+ 2f38e84 net/ncsi: make one oem_gma function for all mfr id +Signed-off-by: Paul Fertser +Signed-off-by: Ivan Mikhaylov +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ncsi/ncsi-rsp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/net/ncsi/ncsi-rsp.c ++++ b/net/ncsi/ncsi-rsp.c +@@ -616,7 +616,6 @@ static int ncsi_rsp_handler_oem_mlx_gma( + { + struct ncsi_dev_priv *ndp = nr->ndp; + struct net_device *ndev = ndp->ndev.dev; +- const struct net_device_ops *ops = ndev->netdev_ops; + struct ncsi_rsp_oem_pkt *rsp; + struct sockaddr saddr; + int ret = 0; +@@ -630,7 +629,9 @@ static int ncsi_rsp_handler_oem_mlx_gma( + /* Set the flag for GMA command which should only be called once */ + ndp->gma_flag = 1; + +- ret = ops->ndo_set_mac_address(ndev, &saddr); ++ rtnl_lock(); ++ ret = dev_set_mac_address(ndev, &saddr, NULL); ++ rtnl_unlock(); + if (ret < 0) + netdev_warn(ndev, "NCSI: 'Writing mac address to device failed\n"); + diff --git a/queue-6.4/security-integrity-fix-pointer-to-esl-data-and-its-size-on-pseries.patch b/queue-6.4/security-integrity-fix-pointer-to-esl-data-and-its-size-on-pseries.patch new file mode 100644 index 00000000000..ec52e3e7242 --- /dev/null +++ b/queue-6.4/security-integrity-fix-pointer-to-esl-data-and-its-size-on-pseries.patch @@ -0,0 +1,112 @@ +From e66effaf61ffb1dc6088492ca3a0e98dcbf1c10d Mon Sep 17 00:00:00 2001 +From: Nayna Jain +Date: Thu, 8 Jun 2023 08:04:44 -0400 +Subject: security/integrity: fix pointer to ESL data and its size on pseries + +From: Nayna Jain + +commit e66effaf61ffb1dc6088492ca3a0e98dcbf1c10d upstream. + +On PowerVM guest, variable data is prefixed with 8 bytes of timestamp. +Extract ESL by stripping off the timestamp before passing to ESL parser. + +Fixes: 4b3e71e9a34c ("integrity/powerpc: Support loading keys from PLPKS") +Cc: stable@vger.kenrnel.org # v6.3 +Signed-off-by: Nayna Jain +Tested-by: Nageswara R Sastry +Acked-by: Jarkko Sakkinen +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20230608120444.382527-1-nayna@linux.ibm.com +Signed-off-by: Greg Kroah-Hartman +--- + .../integrity/platform_certs/load_powerpc.c | 40 ++++++++++++------- + 1 file changed, 26 insertions(+), 14 deletions(-) + +diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c +index b9de70b90826..170789dc63d2 100644 +--- a/security/integrity/platform_certs/load_powerpc.c ++++ b/security/integrity/platform_certs/load_powerpc.c +@@ -15,6 +15,9 @@ + #include "keyring_handler.h" + #include "../integrity.h" + ++#define extract_esl(db, data, size, offset) \ ++ do { db = data + offset; size = size - offset; } while (0) ++ + /* + * Get a certificate list blob from the named secure variable. + * +@@ -55,8 +58,9 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) + */ + static int __init load_powerpc_certs(void) + { +- void *db = NULL, *dbx = NULL; +- u64 dbsize = 0, dbxsize = 0; ++ void *db = NULL, *dbx = NULL, *data = NULL; ++ u64 dsize = 0; ++ u64 offset = 0; + int rc = 0; + ssize_t len; + char buf[32]; +@@ -74,38 +78,46 @@ static int __init load_powerpc_certs(void) + return -ENODEV; + } + ++ if (strcmp("ibm,plpks-sb-v1", buf) == 0) ++ /* PLPKS authenticated variables ESL data is prefixed with 8 bytes of timestamp */ ++ offset = 8; ++ + /* + * Get db, and dbx. They might not exist, so it isn't an error if we + * can't get them. + */ +- db = get_cert_list("db", 3, &dbsize); +- if (!db) { ++ data = get_cert_list("db", 3, &dsize); ++ if (!data) { + pr_info("Couldn't get db list from firmware\n"); +- } else if (IS_ERR(db)) { +- rc = PTR_ERR(db); ++ } else if (IS_ERR(data)) { ++ rc = PTR_ERR(data); + pr_err("Error reading db from firmware: %d\n", rc); + return rc; + } else { +- rc = parse_efi_signature_list("powerpc:db", db, dbsize, ++ extract_esl(db, data, dsize, offset); ++ ++ rc = parse_efi_signature_list("powerpc:db", db, dsize, + get_handler_for_db); + if (rc) + pr_err("Couldn't parse db signatures: %d\n", rc); +- kfree(db); ++ kfree(data); + } + +- dbx = get_cert_list("dbx", 4, &dbxsize); +- if (!dbx) { ++ data = get_cert_list("dbx", 4, &dsize); ++ if (!data) { + pr_info("Couldn't get dbx list from firmware\n"); +- } else if (IS_ERR(dbx)) { +- rc = PTR_ERR(dbx); ++ } else if (IS_ERR(data)) { ++ rc = PTR_ERR(data); + pr_err("Error reading dbx from firmware: %d\n", rc); + return rc; + } else { +- rc = parse_efi_signature_list("powerpc:dbx", dbx, dbxsize, ++ extract_esl(dbx, data, dsize, offset); ++ ++ rc = parse_efi_signature_list("powerpc:dbx", dbx, dsize, + get_handler_for_dbx); + if (rc) + pr_err("Couldn't parse dbx signatures: %d\n", rc); +- kfree(dbx); ++ kfree(data); + } + + return rc; +-- +2.41.0 + diff --git a/queue-6.4/series b/queue-6.4/series new file mode 100644 index 00000000000..1e2e21aa08f --- /dev/null +++ b/queue-6.4/series @@ -0,0 +1,7 @@ +net-ncsi-change-from-ndo_set_mac_address-to-dev_set_mac_address.patch +security-integrity-fix-pointer-to-esl-data-and-its-size-on-pseries.patch +hid-input-fix-mapping-for-camera-access-keys.patch +hid-amd_sfh-rename-the-float32-variable.patch +hid-amd_sfh-fix-for-shift-out-of-bounds.patch +net-lan743x-don-t-sleep-in-atomic-context.patch +net-lan743x-select-fixed_phy.patch -- 2.47.3