release 6.14.8
This commit is contained in:
@@ -1,99 +0,0 @@
|
||||
From 762de1df7e501e019c3ae273c7e5e2d4c04b303c Mon Sep 17 00:00:00 2001
|
||||
From: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
Date: Mon, 7 Apr 2025 15:28:05 +0300
|
||||
Subject: tpm: Mask TPM RC in tpm2_start_auth_session()
|
||||
|
||||
tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
|
||||
|
||||
[ 28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
|
||||
|
||||
Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
|
||||
error codes.
|
||||
|
||||
Cc: stable@vger.kernel.org # v6.10+
|
||||
Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
|
||||
Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
|
||||
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
---
|
||||
drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
|
||||
include/linux/tpm.h | 21 +++++++++++++++++++++
|
||||
2 files changed, 27 insertions(+), 14 deletions(-)
|
||||
|
||||
--- a/drivers/char/tpm/tpm2-sessions.c
|
||||
+++ b/drivers/char/tpm/tpm2-sessions.c
|
||||
@@ -40,11 +40,6 @@
|
||||
*
|
||||
* These are the usage functions:
|
||||
*
|
||||
- * tpm2_start_auth_session() which allocates the opaque auth structure
|
||||
- * and gets a session from the TPM. This must be called before
|
||||
- * any of the following functions. The session is protected by a
|
||||
- * session_key which is derived from a random salt value
|
||||
- * encrypted to the NULL seed.
|
||||
* tpm2_end_auth_session() kills the session and frees the resources.
|
||||
* Under normal operation this function is done by
|
||||
* tpm_buf_check_hmac_response(), so this is only to be used on
|
||||
@@ -963,16 +958,13 @@ err:
|
||||
}
|
||||
|
||||
/**
|
||||
- * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
|
||||
- * @chip: the TPM chip structure to create the session with
|
||||
+ * tpm2_start_auth_session() - Create an a HMAC authentication session
|
||||
+ * @chip: A TPM chip
|
||||
*
|
||||
- * This function loads the NULL seed from its saved context and starts
|
||||
- * an authentication session on the null seed, fills in the
|
||||
- * @chip->auth structure to contain all the session details necessary
|
||||
- * for performing the HMAC, encrypt and decrypt operations and
|
||||
- * returns. The NULL seed is flushed before this function returns.
|
||||
+ * Loads the ephemeral key (null seed), and starts an HMAC authenticated
|
||||
+ * session. The null seed is flushed before the return.
|
||||
*
|
||||
- * Return: zero on success or actual error encountered.
|
||||
+ * Returns zero on success, or a POSIX error code.
|
||||
*/
|
||||
int tpm2_start_auth_session(struct tpm_chip *chip)
|
||||
{
|
||||
@@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_c
|
||||
/* hash algorithm for session */
|
||||
tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
|
||||
|
||||
- rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
|
||||
+ rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
|
||||
tpm2_flush_context(chip, null_key);
|
||||
|
||||
if (rc == TPM2_RC_SUCCESS)
|
||||
--- a/include/linux/tpm.h
|
||||
+++ b/include/linux/tpm.h
|
||||
@@ -257,8 +257,29 @@ enum tpm2_return_codes {
|
||||
TPM2_RC_TESTING = 0x090A, /* RC_WARN */
|
||||
TPM2_RC_REFERENCE_H0 = 0x0910,
|
||||
TPM2_RC_RETRY = 0x0922,
|
||||
+ TPM2_RC_SESSION_MEMORY = 0x0903,
|
||||
};
|
||||
|
||||
+/*
|
||||
+ * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
|
||||
+ * fallback return value is -EFAULT.
|
||||
+ */
|
||||
+static inline ssize_t tpm_to_ret(ssize_t ret)
|
||||
+{
|
||||
+ /* Already a POSIX error: */
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
+
|
||||
+ switch (ret) {
|
||||
+ case TPM2_RC_SUCCESS:
|
||||
+ return 0;
|
||||
+ case TPM2_RC_SESSION_MEMORY:
|
||||
+ return -ENOMEM;
|
||||
+ default:
|
||||
+ return -EFAULT;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
enum tpm2_command_codes {
|
||||
TPM2_CC_FIRST = 0x011F,
|
||||
TPM2_CC_HIERARCHY_CONTROL = 0x0121,
|
||||
@@ -1,76 +0,0 @@
|
||||
From 74c95e079dc8b3c53ade90b2070458c0c69f3fdf Mon Sep 17 00:00:00 2001
|
||||
From: Oleksandr Natalenko <oleksandr@natalenko.name>
|
||||
Date: Tue, 8 Apr 2025 19:51:44 +0200
|
||||
Subject: fixes-6.14: update tpm2_start_auth_session() fix
|
||||
|
||||
Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
|
||||
---
|
||||
drivers/char/tpm/tpm2-sessions.c | 2 +-
|
||||
include/linux/tpm.h | 38 +++++++++++++++-----------------
|
||||
2 files changed, 19 insertions(+), 21 deletions(-)
|
||||
|
||||
--- a/drivers/char/tpm/tpm2-sessions.c
|
||||
+++ b/drivers/char/tpm/tpm2-sessions.c
|
||||
@@ -1016,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_c
|
||||
/* hash algorithm for session */
|
||||
tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
|
||||
|
||||
- rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
|
||||
+ rc = tpm_ret_to_err(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
|
||||
tpm2_flush_context(chip, null_key);
|
||||
|
||||
if (rc == TPM2_RC_SUCCESS)
|
||||
--- a/include/linux/tpm.h
|
||||
+++ b/include/linux/tpm.h
|
||||
@@ -260,26 +260,6 @@ enum tpm2_return_codes {
|
||||
TPM2_RC_SESSION_MEMORY = 0x0903,
|
||||
};
|
||||
|
||||
-/*
|
||||
- * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
|
||||
- * fallback return value is -EFAULT.
|
||||
- */
|
||||
-static inline ssize_t tpm_to_ret(ssize_t ret)
|
||||
-{
|
||||
- /* Already a POSIX error: */
|
||||
- if (ret < 0)
|
||||
- return ret;
|
||||
-
|
||||
- switch (ret) {
|
||||
- case TPM2_RC_SUCCESS:
|
||||
- return 0;
|
||||
- case TPM2_RC_SESSION_MEMORY:
|
||||
- return -ENOMEM;
|
||||
- default:
|
||||
- return -EFAULT;
|
||||
- }
|
||||
-}
|
||||
-
|
||||
enum tpm2_command_codes {
|
||||
TPM2_CC_FIRST = 0x011F,
|
||||
TPM2_CC_HIERARCHY_CONTROL = 0x0121,
|
||||
@@ -458,6 +438,24 @@ static inline u32 tpm2_rc_value(u32 rc)
|
||||
return (rc & BIT(7)) ? rc & 0xbf : rc;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Convert a return value from tpm_transmit_cmd() to POSIX error code.
|
||||
+ */
|
||||
+static inline ssize_t tpm_ret_to_err(ssize_t ret)
|
||||
+{
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
+
|
||||
+ switch (tpm2_rc_value(ret)) {
|
||||
+ case TPM2_RC_SUCCESS:
|
||||
+ return 0;
|
||||
+ case TPM2_RC_SESSION_MEMORY:
|
||||
+ return -ENOMEM;
|
||||
+ default:
|
||||
+ return -EFAULT;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
|
||||
|
||||
extern int tpm_is_tpm2(struct tpm_chip *chip);
|
||||
34
debian/patches/patchset-pf/fixes/0010-loop-don-t-require-write_iter-for-writable-files-in-.patch
vendored
Normal file
34
debian/patches/patchset-pf/fixes/0010-loop-don-t-require-write_iter-for-writable-files-in-.patch
vendored
Normal file
@@ -0,0 +1,34 @@
|
||||
From c3781ee15fb846bc6ad09a09baa2ced404e74e47 Mon Sep 17 00:00:00 2001
|
||||
From: Christoph Hellwig <hch@lst.de>
|
||||
Date: Tue, 20 May 2025 15:54:20 +0200
|
||||
Subject: loop: don't require ->write_iter for writable files in loop_configure
|
||||
|
||||
Block devices can be opened read-write even if they can't be written to
|
||||
for historic reasons. Remove the check requiring file->f_op->write_iter
|
||||
when the block devices was opened in loop_configure. The call to
|
||||
loop_check_backing_file just below ensures the ->write_iter is present
|
||||
for backing files opened for writing, which is the only check that is
|
||||
actually needed.
|
||||
|
||||
Fixes: f5c84eff634b ("loop: Add sanity check for read/write_iter")
|
||||
Reported-by: Christian Hesse <mail@eworm.de>
|
||||
Signed-off-by: Christoph Hellwig <hch@lst.de>
|
||||
Link: https://lore.kernel.org/r/20250520135420.1177312-1-hch@lst.de
|
||||
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
||||
Cherry-picked-for: https://lore.kernel.org/r/20250519175640.2fcac001@leda.eworm.net
|
||||
---
|
||||
drivers/block/loop.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
--- a/drivers/block/loop.c
|
||||
+++ b/drivers/block/loop.c
|
||||
@@ -972,9 +972,6 @@ static int loop_configure(struct loop_de
|
||||
if (!file)
|
||||
return -EBADF;
|
||||
|
||||
- if ((mode & BLK_OPEN_WRITE) && !file->f_op->write_iter)
|
||||
- return -EINVAL;
|
||||
-
|
||||
error = loop_check_backing_file(file);
|
||||
if (error)
|
||||
return error;
|
||||
@@ -1,35 +0,0 @@
|
||||
From 8ef14a884df5aaf48cf5f7ce6c91e7318cb07d4e Mon Sep 17 00:00:00 2001
|
||||
From: Jethro Donaldson <devel@jro.nz>
|
||||
Date: Thu, 15 May 2025 01:23:23 +1200
|
||||
Subject: smb: client: fix memory leak during error handling for POSIX mkdir
|
||||
|
||||
The response buffer for the CREATE request handled by smb311_posix_mkdir()
|
||||
is leaked on the error path (goto err_free_rsp_buf) because the structure
|
||||
pointer *rsp passed to free_rsp_buf() is not assigned until *after* the
|
||||
error condition is checked.
|
||||
|
||||
As *rsp is initialised to NULL, free_rsp_buf() becomes a no-op and the leak
|
||||
is instead reported by __kmem_cache_shutdown() upon subsequent rmmod of
|
||||
cifs.ko if (and only if) the error path has been hit.
|
||||
|
||||
Pass rsp_iov.iov_base to free_rsp_buf() instead, similar to the code in
|
||||
other functions in smb2pdu.c for which *rsp is assigned late.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Jethro Donaldson <devel@jro.nz>
|
||||
Signed-off-by: Steve French <stfrench@microsoft.com>
|
||||
---
|
||||
fs/smb/client/smb2pdu.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/fs/smb/client/smb2pdu.c
|
||||
+++ b/fs/smb/client/smb2pdu.c
|
||||
@@ -2967,7 +2967,7 @@ replay_again:
|
||||
/* Eventually save off posix specific response info and timestamps */
|
||||
|
||||
err_free_rsp_buf:
|
||||
- free_rsp_buf(resp_buftype, rsp);
|
||||
+ free_rsp_buf(resp_buftype, rsp_iov.iov_base);
|
||||
kfree(pc_buf);
|
||||
err_free_req:
|
||||
cifs_small_buf_release(req);
|
||||
Reference in New Issue
Block a user