From: Sasha Levin Date: Sun, 28 Mar 2021 20:46:57 +0000 (-0400) Subject: Fixes for 4.19 X-Git-Tag: v5.11.11~48 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a732ad96dedfd818cdc20cad0849289b8959b7f2;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/acpi-scan-rearrange-memory-allocation-in-acpi_device.patch b/queue-4.19/acpi-scan-rearrange-memory-allocation-in-acpi_device.patch new file mode 100644 index 00000000000..34ba589eb9f --- /dev/null +++ b/queue-4.19/acpi-scan-rearrange-memory-allocation-in-acpi_device.patch @@ -0,0 +1,127 @@ +From db7b197142590b3344990fd23f052cfc6b006c1e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Jan 2021 19:46:47 +0100 +Subject: ACPI: scan: Rearrange memory allocation in acpi_device_add() + +From: Rafael J. Wysocki + +[ Upstream commit c1013ff7a5472db637c56bb6237f8343398c03a7 ] + +The upfront allocation of new_bus_id is done to avoid allocating +memory under acpi_device_lock, but it doesn't really help, +because (1) it leads to many unnecessary memory allocations for +_ADR devices, (2) kstrdup_const() is run under that lock anyway and +(3) it complicates the code. + +Rearrange acpi_device_add() to allocate memory for a new struct +acpi_device_bus_id instance only when necessary, eliminate a redundant +local variable from it and reduce the number of labels in there. + +No intentional functional impact. + +Signed-off-by: Rafael J. Wysocki +Reviewed-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/acpi/scan.c | 57 +++++++++++++++++++++------------------------ + 1 file changed, 26 insertions(+), 31 deletions(-) + +diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c +index d614cb72041e..712599019892 100644 +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -623,12 +623,23 @@ void acpi_bus_put_acpi_device(struct acpi_device *adev) + put_device(&adev->dev); + } + ++static struct acpi_device_bus_id *acpi_device_bus_id_match(const char *dev_id) ++{ ++ struct acpi_device_bus_id *acpi_device_bus_id; ++ ++ /* Find suitable bus_id and instance number in acpi_bus_id_list. */ ++ list_for_each_entry(acpi_device_bus_id, &acpi_bus_id_list, node) { ++ if (!strcmp(acpi_device_bus_id->bus_id, dev_id)) ++ return acpi_device_bus_id; ++ } ++ return NULL; ++} ++ + int acpi_device_add(struct acpi_device *device, + void (*release)(struct device *)) + { ++ struct acpi_device_bus_id *acpi_device_bus_id; + int result; +- struct acpi_device_bus_id *acpi_device_bus_id, *new_bus_id; +- int found = 0; + + if (device->handle) { + acpi_status status; +@@ -654,38 +665,26 @@ int acpi_device_add(struct acpi_device *device, + INIT_LIST_HEAD(&device->del_list); + mutex_init(&device->physical_node_lock); + +- new_bus_id = kzalloc(sizeof(struct acpi_device_bus_id), GFP_KERNEL); +- if (!new_bus_id) { +- pr_err(PREFIX "Memory allocation error\n"); +- result = -ENOMEM; +- goto err_detach; +- } +- + mutex_lock(&acpi_device_lock); +- /* +- * Find suitable bus_id and instance number in acpi_bus_id_list +- * If failed, create one and link it into acpi_bus_id_list +- */ +- list_for_each_entry(acpi_device_bus_id, &acpi_bus_id_list, node) { +- if (!strcmp(acpi_device_bus_id->bus_id, +- acpi_device_hid(device))) { +- acpi_device_bus_id->instance_no++; +- found = 1; +- kfree(new_bus_id); +- break; ++ ++ acpi_device_bus_id = acpi_device_bus_id_match(acpi_device_hid(device)); ++ if (acpi_device_bus_id) { ++ acpi_device_bus_id->instance_no++; ++ } else { ++ acpi_device_bus_id = kzalloc(sizeof(*acpi_device_bus_id), ++ GFP_KERNEL); ++ if (!acpi_device_bus_id) { ++ result = -ENOMEM; ++ goto err_unlock; + } +- } +- if (!found) { +- acpi_device_bus_id = new_bus_id; + acpi_device_bus_id->bus_id = + kstrdup_const(acpi_device_hid(device), GFP_KERNEL); + if (!acpi_device_bus_id->bus_id) { +- pr_err(PREFIX "Memory allocation error for bus id\n"); ++ kfree(acpi_device_bus_id); + result = -ENOMEM; +- goto err_free_new_bus_id; ++ goto err_unlock; + } + +- acpi_device_bus_id->instance_no = 0; + list_add_tail(&acpi_device_bus_id->node, &acpi_bus_id_list); + } + dev_set_name(&device->dev, "%s:%02x", acpi_device_bus_id->bus_id, acpi_device_bus_id->instance_no); +@@ -720,13 +719,9 @@ int acpi_device_add(struct acpi_device *device, + list_del(&device->node); + list_del(&device->wakeup_list); + +- err_free_new_bus_id: +- if (!found) +- kfree(new_bus_id); +- ++ err_unlock: + mutex_unlock(&acpi_device_lock); + +- err_detach: + acpi_detach_data(device->handle, acpi_scan_drop_device); + return result; + } +-- +2.30.1 + diff --git a/queue-4.19/acpi-scan-use-unique-number-for-instance_no.patch b/queue-4.19/acpi-scan-use-unique-number-for-instance_no.patch new file mode 100644 index 00000000000..7ac1e147ac8 --- /dev/null +++ b/queue-4.19/acpi-scan-use-unique-number-for-instance_no.patch @@ -0,0 +1,138 @@ +From 2f9daf9587c9f3122c01555a9162f3080dc10d4b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Mar 2021 18:31:00 +0200 +Subject: ACPI: scan: Use unique number for instance_no + +From: Andy Shevchenko + +[ Upstream commit eb50aaf960e3bedfef79063411ffd670da94b84b ] + +The decrementation of acpi_device_bus_id->instance_no +in acpi_device_del() is incorrect, because it may cause +a duplicate instance number to be allocated next time +a device with the same acpi_device_bus_id is added. + +Replace above mentioned approach by using IDA framework. + +While at it, define the instance range to be [0, 4096). + +Fixes: e49bd2dd5a50 ("ACPI: use PNPID:instance_no as bus_id of ACPI device") +Fixes: ca9dc8d42b30 ("ACPI / scan: Fix acpi_bus_id_list bookkeeping") +Signed-off-by: Andy Shevchenko +Cc: 4.10+ # 4.10+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/acpi/internal.h | 6 +++++- + drivers/acpi/scan.c | 33 ++++++++++++++++++++++++++++----- + include/acpi/acpi_bus.h | 1 + + 3 files changed, 34 insertions(+), 6 deletions(-) + +diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h +index 6def196cc23c..913613cf5c53 100644 +--- a/drivers/acpi/internal.h ++++ b/drivers/acpi/internal.h +@@ -18,6 +18,8 @@ + #ifndef _ACPI_INTERNAL_H_ + #define _ACPI_INTERNAL_H_ + ++#include ++ + #define PREFIX "ACPI: " + + int early_acpi_osi_init(void); +@@ -97,9 +99,11 @@ void acpi_scan_table_handler(u32 event, void *table, void *context); + + extern struct list_head acpi_bus_id_list; + ++#define ACPI_MAX_DEVICE_INSTANCES 4096 ++ + struct acpi_device_bus_id { + const char *bus_id; +- unsigned int instance_no; ++ struct ida instance_ida; + struct list_head node; + }; + +diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c +index 712599019892..d3c551bdc2da 100644 +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -482,9 +482,8 @@ static void acpi_device_del(struct acpi_device *device) + list_for_each_entry(acpi_device_bus_id, &acpi_bus_id_list, node) + if (!strcmp(acpi_device_bus_id->bus_id, + acpi_device_hid(device))) { +- if (acpi_device_bus_id->instance_no > 0) +- acpi_device_bus_id->instance_no--; +- else { ++ ida_simple_remove(&acpi_device_bus_id->instance_ida, device->pnp.instance_no); ++ if (ida_is_empty(&acpi_device_bus_id->instance_ida)) { + list_del(&acpi_device_bus_id->node); + kfree_const(acpi_device_bus_id->bus_id); + kfree(acpi_device_bus_id); +@@ -635,6 +634,21 @@ static struct acpi_device_bus_id *acpi_device_bus_id_match(const char *dev_id) + return NULL; + } + ++static int acpi_device_set_name(struct acpi_device *device, ++ struct acpi_device_bus_id *acpi_device_bus_id) ++{ ++ struct ida *instance_ida = &acpi_device_bus_id->instance_ida; ++ int result; ++ ++ result = ida_simple_get(instance_ida, 0, ACPI_MAX_DEVICE_INSTANCES, GFP_KERNEL); ++ if (result < 0) ++ return result; ++ ++ device->pnp.instance_no = result; ++ dev_set_name(&device->dev, "%s:%02x", acpi_device_bus_id->bus_id, result); ++ return 0; ++} ++ + int acpi_device_add(struct acpi_device *device, + void (*release)(struct device *)) + { +@@ -669,7 +683,9 @@ int acpi_device_add(struct acpi_device *device, + + acpi_device_bus_id = acpi_device_bus_id_match(acpi_device_hid(device)); + if (acpi_device_bus_id) { +- acpi_device_bus_id->instance_no++; ++ result = acpi_device_set_name(device, acpi_device_bus_id); ++ if (result) ++ goto err_unlock; + } else { + acpi_device_bus_id = kzalloc(sizeof(*acpi_device_bus_id), + GFP_KERNEL); +@@ -685,9 +701,16 @@ int acpi_device_add(struct acpi_device *device, + goto err_unlock; + } + ++ ida_init(&acpi_device_bus_id->instance_ida); ++ ++ result = acpi_device_set_name(device, acpi_device_bus_id); ++ if (result) { ++ kfree(acpi_device_bus_id); ++ goto err_unlock; ++ } ++ + list_add_tail(&acpi_device_bus_id->node, &acpi_bus_id_list); + } +- dev_set_name(&device->dev, "%s:%02x", acpi_device_bus_id->bus_id, acpi_device_bus_id->instance_no); + + if (device->parent) + list_add_tail(&device->node, &device->parent->children); +diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h +index d9773df60a36..8b19618bad0a 100644 +--- a/include/acpi/acpi_bus.h ++++ b/include/acpi/acpi_bus.h +@@ -248,6 +248,7 @@ struct acpi_pnp_type { + + struct acpi_device_pnp { + acpi_bus_id bus_id; /* Object name */ ++ int instance_no; /* Instance number of this object */ + struct acpi_pnp_type type; /* ID type */ + acpi_bus_address bus_address; /* _ADR */ + char *unique_id; /* _UID */ +-- +2.30.1 + diff --git a/queue-4.19/dm-verity-add-root-hash-pkcs-7-signature-verificatio.patch b/queue-4.19/dm-verity-add-root-hash-pkcs-7-signature-verificatio.patch new file mode 100644 index 00000000000..91c96a89b5d --- /dev/null +++ b/queue-4.19/dm-verity-add-root-hash-pkcs-7-signature-verificatio.patch @@ -0,0 +1,55 @@ +From ff903360694b40b3bf5f57f69b4bb3bfe0ed9a8b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Mar 2021 21:10:50 +0900 +Subject: dm verity: add root hash pkcs#7 signature verification + +From: JeongHyeon Lee + +[ Upstream commit 88cd3e6cfac915f50f7aa7b699bdf053afec866e ] + +The verification is to support cases where the root hash is not secured +by Trusted Boot, UEFI Secureboot or similar technologies. + +One of the use cases for this is for dm-verity volumes mounted after +boot, the root hash provided during the creation of the dm-verity volume +has to be secure and thus in-kernel validation implemented here will be +used before we trust the root hash and allow the block device to be +created. + +The signature being provided for verification must verify the root hash +and must be trusted by the builtin keyring for verification to succeed. + +The hash is added as a key of type "user" and the description is passed +to the kernel so it can look it up and use it for verification. + +Adds CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG which can be turned on if root +hash verification is needed. + +Kernel commandline dm_verity module parameter 'require_signatures' will +indicate whether to force root hash signature verification (for all dm +verity volumes). + +Signed-off-by: Jaskaran Khurana +Tested-and-Reviewed-by: Milan Broz +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-verity-target.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c +index 599be2d2b0ae..fa8c201fca77 100644 +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -34,7 +34,7 @@ + #define DM_VERITY_OPT_IGN_ZEROES "ignore_zero_blocks" + #define DM_VERITY_OPT_AT_MOST_ONCE "check_at_most_once" + +-#define DM_VERITY_OPTS_MAX (2 + DM_VERITY_OPTS_FEC) ++#define DM_VERITY_OPTS_MAX (3 + DM_VERITY_OPTS_FEC) + + static unsigned dm_verity_prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE; + +-- +2.30.1 + diff --git a/queue-4.19/series b/queue-4.19/series index 2e938d6f7c3..c231edf2ab9 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -56,3 +56,6 @@ bpf-don-t-do-bpf_cgroup_storage_set-for-kuprobe-tp-p.patch revert-netfilter-x_tables-switch-synchronization-to-.patch netfilter-x_tables-use-correct-memory-barriers.patch revert-netfilter-x_tables-update-remaining-dereferen.patch +acpi-scan-rearrange-memory-allocation-in-acpi_device.patch +acpi-scan-use-unique-number-for-instance_no.patch +dm-verity-add-root-hash-pkcs-7-signature-verificatio.patch