Home Home > GIT Browse > SLE15-SP1
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2019-01-21 13:26:39 +0100
committerJohannes Thumshirn <jthumshirn@suse.de>2019-01-21 13:26:39 +0100
commit2581a339dc9bdf95815bf1aee0c6f07a4b054c39 (patch)
treeaf28b4dc1a8cb18fca5a18cfba73a2082acf4319
parenta810c3c0e6628cd93782f23f2a46cad43f5c2786 (diff)
libnvdimm/dimm: Fix security capability detection for non-Intel
NVDIMMs (bsc#1122648).
-rw-r--r--patches.fixes/libnvdimm-dimm-fix-security-capability-detection-for-non-intel-nvdimms.patch56
-rw-r--r--series.conf1
2 files changed, 57 insertions, 0 deletions
diff --git a/patches.fixes/libnvdimm-dimm-fix-security-capability-detection-for-non-intel-nvdimms.patch b/patches.fixes/libnvdimm-dimm-fix-security-capability-detection-for-non-intel-nvdimms.patch
new file mode 100644
index 0000000000..a5bdfc6add
--- /dev/null
+++ b/patches.fixes/libnvdimm-dimm-fix-security-capability-detection-for-non-intel-nvdimms.patch
@@ -0,0 +1,56 @@
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Tue, 8 Jan 2019 15:34:52 -0800
+Subject: libnvdimm/dimm: Fix security capability detection for non-Intel
+ NVDIMMs
+Git-commit: 1cb95e072ede5e3d6a54eefd520db21b45985896
+Patch-mainline: v5.0-rc3
+References: bsc#1122648
+
+Kees reports a crash with the following signature...
+
+ RIP: 0010:nvdimm_visible+0x79/0x80
+ [..]
+ Call Trace:
+ internal_create_group+0xf4/0x380
+ sysfs_create_groups+0x46/0xb0
+ device_add+0x331/0x680
+ nd_async_device_register+0x15/0x60
+ async_run_entry_fn+0x38/0x100
+
+...when starting a QEMU environment with "label-less" DIMM. Without
+labels QEMU does not publish any DSM methods. Without defined methods
+the NVDIMM_FAMILY type is not established and the nfit driver will skip
+registering security operations.
+
+In that case the security state should be initialized to a negative
+value in __nvdimm_create() and nvdimm_visible() should skip
+interrogating the specific ops. However, since 'enum
+nvdimm_security_state' was only defined to contain positive values the
+"if (nvdimm->sec.state < 0)" check always fails.
+
+Define a negative error state to allow negative state values to be
+handled as expected.
+
+Fixes: f2989396553a ("acpi/nfit, libnvdimm: Introduce nvdimm_security_ops")
+Reviewed-by: Dave Jiang <dave.jiang@intel.com>
+Reported-by: Kees Cook <keescook@chromium.org>
+Tested-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ include/linux/libnvdimm.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h
+index 5440f11b0907..7315977b64da 100644
+--- a/include/linux/libnvdimm.h
++++ b/include/linux/libnvdimm.h
+@@ -160,6 +160,7 @@ static inline struct nd_blk_region_desc *to_blk_region_desc(
+ }
+
+ enum nvdimm_security_state {
++ NVDIMM_SECURITY_ERROR = -1,
+ NVDIMM_SECURITY_DISABLED,
+ NVDIMM_SECURITY_UNLOCKED,
+ NVDIMM_SECURITY_LOCKED,
+
diff --git a/series.conf b/series.conf
index 9528ede4b0..82ad4bb04c 100644
--- a/series.conf
+++ b/series.conf
@@ -42542,6 +42542,7 @@
patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch
patches.drivers/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch
patches.fixes/smc-move-unhash-as-early-as-possible-in-smc_release
+ patches.fixes/libnvdimm-dimm-fix-security-capability-detection-for-non-intel-nvdimms.patch
# dhowells/linux-fs keys-uefi
patches.suse/0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch