summaryrefslogtreecommitdiffstats
path: root/drivers/char (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ACPI / TPM: replace open-coded _DSM code with helper functionsJiang Liu2014-01-051-259/+145
| | | | | | | | | | | | | | | Use helper functions to simplify _DSM related code in TPM driver. This patch also help to get rid of following warning messages: [ 163.509575] ACPI Error: Incorrect return type [Buffer] requested [Package] (20130517/nsxfeval-135) But there is still an warning left. [ 181.637366] ACPI Warning: \_SB_.IIO0.LPC0.TPM_._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Package] (20130517/nsarguments-95) Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
* ACPI / TPM: match node name instead of full path when searching for TPM deviceJiang Liu2014-01-051-1/+1
| | | | | | | | When searching ACPI object for TPM device, it should match current ACPI object name instead of the full path. Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
* ACPI / TPM: fix memory leak when walking ACPI namespaceJiang Liu2014-01-051-6/+9
| | | | | | | | | | In function ppi_callback(), memory allocated by acpi_get_name() will get leaked when current device isn't the desired TPM device, so fix the memory leak. Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
* Merge tag 'char-misc-3.13-rc3' of ↵Linus Torvalds2013-12-091-0/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Nothing huge, just a few small bugfixes for problems reported, and a device id update" * tag 'char-misc-3.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: mei: add 9 series PCH mei device ids drivers/char/i8k.c: add Dell XPLS L421X MAINTAINERS: add HSI subsystem misc: mic: Suppress memory space sparse warnings misc: mic: Fix endianness issues. misc: mic: Fix user space namespace pollution from mic_common.h. misc: mic: Bug fix for sysfs poll usage. misc: mic: Minor bug fix in 'retry' loops. misc: mic: Change mic_notify(...) to return true. extcon: remove freed groups caused the panic or warning in unregister flow extcon: arizona: Get pdata from arizona structure not device
| * drivers/char/i8k.c: add Dell XPLS L421XAlan Cox2013-12-051-0/+7
| | | | | | | | | | | | | | | | | | | | Addresses https://bugzilla.kernel.org/show_bug.cgi?id=60772 Signed-off-by: Alan Cox <alan@linux.intel.com> Reported-by: Leho Kraav <leho@kraav.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds2013-11-246-4/+368
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull crypto update from Herbert Xu: - Made x86 ablk_helper generic for ARM - Phase out chainiv in favour of eseqiv (affects IPsec) - Fixed aes-cbc IV corruption on s390 - Added constant-time crypto_memneq which replaces memcmp - Fixed aes-ctr in omap-aes - Added OMAP3 ROM RNG support - Add PRNG support for MSM SoC's - Add and use Job Ring API in caam - Misc fixes [ NOTE! This pull request was sent within the merge window, but Herbert has some questionable email sending setup that makes him public enemy #1 as far as gmail is concerned. So most of his emails seem to be trapped by gmail as spam, resulting in me not seeing them. - Linus ] * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (49 commits) crypto: s390 - Fix aes-cbc IV corruption crypto: omap-aes - Fix CTR mode counter length crypto: omap-sham - Add missing modalias padata: make the sequence counter an atomic_t crypto: caam - Modify the interface layers to use JR API's crypto: caam - Add API's to allocate/free Job Rings crypto: caam - Add Platform driver for Job Ring hwrng: msm - Add PRNG support for MSM SoC's ARM: DT: msm: Add Qualcomm's PRNG driver binding document crypto: skcipher - Use eseqiv even on UP machines crypto: talitos - Simplify key parsing crypto: picoxcell - Simplify and harden key parsing crypto: ixp4xx - Simplify and harden key parsing crypto: authencesn - Simplify key parsing crypto: authenc - Export key parsing helper function crypto: mv_cesa: remove deprecated IRQF_DISABLED hwrng: OMAP3 ROM Random Number Generator support crypto: sha256_ssse3 - also test for BMI2 crypto: mv_cesa - Remove redundant of_match_ptr crypto: sahara - Remove redundant of_match_ptr ...
| * hwrng: msm - Add PRNG support for MSM SoC'sStanimir Varbanov2013-10-303-0/+210
| | | | | | | | | | | | | | | | | | This adds a driver for hardware random number generator present on Qualcomm MSM SoC's. Signed-off-by: Stanimir Varbanov <svarbanov@mm-sol.com> Reviewed-by: Stephen Boyd <sboyd@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * hwrng: OMAP3 ROM Random Number Generator supportPali Rohár2013-10-163-0/+155
| | | | | | | | | | | | | | | | | | | | | | | | | | This driver provides kernel-side support for the Random Number Generator hardware found on OMAP34xx processors. This driver comes from Maemo 2.6.28 kernel and was tested on Nokia RX-51. It is platform device because it needs board specific function for smc calls. Signed-off-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Juha Yrjola <juha.yrjola@solidboot.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * hwrng: pseries - Return errors to upper levels in pseries-rng.cMichael Ellerman2013-10-071-3/+11
| | | | | | | | | | | | | | | | | | We don't expect to get errors from the hypervisor when reading the rng, but if we do we should pass the error up to the hwrng driver. Otherwise the hwrng driver will continue calling us forever. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * hwrng: pseries - Use KBUILD_MODNAME in pseries-rng.cMichael Ellerman2013-10-071-3/+2
| | | | | | | | | | Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * hwrng: via-rng - Mark device ID table as __maybe_unusedBen Hutchings2013-09-131-1/+1
| | | | | | | | | | | | | | | | It is only used in modular builds. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | Merge branch 'for-linus2' of ↵Linus Torvalds2013-11-2214-126/+1092
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "In this patchset, we finally get an SELinux update, with Paul Moore taking over as maintainer of that code. Also a significant update for the Keys subsystem, as well as maintenance updates to Smack, IMA, TPM, and Apparmor" and since I wanted to know more about the updates to key handling, here's the explanation from David Howells on that: "Okay. There are a number of separate bits. I'll go over the big bits and the odd important other bit, most of the smaller bits are just fixes and cleanups. If you want the small bits accounting for, I can do that too. (1) Keyring capacity expansion. KEYS: Consolidate the concept of an 'index key' for key access KEYS: Introduce a search context structure KEYS: Search for auth-key by name rather than target key ID Add a generic associative array implementation. KEYS: Expand the capacity of a keyring Several of the patches are providing an expansion of the capacity of a keyring. Currently, the maximum size of a keyring payload is one page. Subtract a small header and then divide up into pointers, that only gives you ~500 pointers on an x86_64 box. However, since the NFS idmapper uses a keyring to store ID mapping data, that has proven to be insufficient to the cause. Whatever data structure I use to handle the keyring payload, it can only store pointers to keys, not the keys themselves because several keyrings may point to a single key. This precludes inserting, say, and rb_node struct into the key struct for this purpose. I could make an rbtree of records such that each record has an rb_node and a key pointer, but that would use four words of space per key stored in the keyring. It would, however, be able to use much existing code. I selected instead a non-rebalancing radix-tree type approach as that could have a better space-used/key-pointer ratio. I could have used the radix tree implementation that we already have and insert keys into it by their serial numbers, but that means any sort of search must iterate over the whole radix tree. Further, its nodes are a bit on the capacious side for what I want - especially given that key serial numbers are randomly allocated, thus leaving a lot of empty space in the tree. So what I have is an associative array that internally is a radix-tree with 16 pointers per node where the index key is constructed from the key type pointer and the key description. This means that an exact lookup by type+description is very fast as this tells us how to navigate directly to the target key. I made the data structure general in lib/assoc_array.c as far as it is concerned, its index key is just a sequence of bits that leads to a pointer. It's possible that someone else will be able to make use of it also. FS-Cache might, for example. (2) Mark keys as 'trusted' and keyrings as 'trusted only'. KEYS: verify a certificate is signed by a 'trusted' key KEYS: Make the system 'trusted' keyring viewable by userspace KEYS: Add a 'trusted' flag and a 'trusted only' flag KEYS: Separate the kernel signature checking keyring from module signing These patches allow keys carrying asymmetric public keys to be marked as being 'trusted' and allow keyrings to be marked as only permitting the addition or linkage of trusted keys. Keys loaded from hardware during kernel boot or compiled into the kernel during build are marked as being trusted automatically. New keys can be loaded at runtime with add_key(). They are checked against the system keyring contents and if their signatures can be validated with keys that are already marked trusted, then they are marked trusted also and can thus be added into the master keyring. Patches from Mimi Zohar make this usable with the IMA keyrings also. (3) Remove the date checks on the key used to validate a module signature. X.509: Remove certificate date checks It's not reasonable to reject a signature just because the key that it was generated with is no longer valid datewise - especially if the kernel hasn't yet managed to set the system clock when the first module is loaded - so just remove those checks. (4) Make it simpler to deal with additional X.509 being loaded into the kernel. KEYS: Load *.x509 files into kernel keyring KEYS: Have make canonicalise the paths of the X.509 certs better to deduplicate The builder of the kernel now just places files with the extension ".x509" into the kernel source or build trees and they're concatenated by the kernel build and stuffed into the appropriate section. (5) Add support for userspace kerberos to use keyrings. KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches KEYS: Implement a big key type that can save to tmpfs Fedora went to, by default, storing kerberos tickets and tokens in tmpfs. We looked at storing it in keyrings instead as that confers certain advantages such as tickets being automatically deleted after a certain amount of time and the ability for the kernel to get at these tokens more easily. To make this work, two things were needed: (a) A way for the tickets to persist beyond the lifetime of all a user's sessions so that cron-driven processes can still use them. The problem is that a user's session keyrings are deleted when the session that spawned them logs out and the user's user keyring is deleted when the UID is deleted (typically when the last log out happens), so neither of these places is suitable. I've added a system keyring into which a 'persistent' keyring is created for each UID on request. Each time a user requests their persistent keyring, the expiry time on it is set anew. If the user doesn't ask for it for, say, three days, the keyring is automatically expired and garbage collected using the existing gc. All the kerberos tokens it held are then also gc'd. (b) A key type that can hold really big tickets (up to 1MB in size). The problem is that Active Directory can return huge tickets with lots of auxiliary data attached. We don't, however, want to eat up huge tracts of unswappable kernel space for this, so if the ticket is greater than a certain size, we create a swappable shmem file and dump the contents in there and just live with the fact we then have an inode and a dentry overhead. If the ticket is smaller than that, we slap it in a kmalloc()'d buffer" * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (121 commits) KEYS: Fix keyring content gc scanner KEYS: Fix error handling in big_key instantiation KEYS: Fix UID check in keyctl_get_persistent() KEYS: The RSA public key algorithm needs to select MPILIB ima: define '_ima' as a builtin 'trusted' keyring ima: extend the measurement list to include the file signature kernel/system_certificate.S: use real contents instead of macro GLOBAL() KEYS: fix error return code in big_key_instantiate() KEYS: Fix keyring quota misaccounting on key replacement and unlink KEYS: Fix a race between negating a key and reading the error set KEYS: Make BIG_KEYS boolean apparmor: remove the "task" arg from may_change_ptraced_domain() apparmor: remove parent task info from audit logging apparmor: remove tsk field from the apparmor_audit_struct apparmor: fix capability to not use the current task, during reporting Smack: Ptrace access check mode ima: provide hash algo info in the xattr ima: enable support for larger default filedata hash algorithms ima: define kernel parameter 'ima_template=' to change configured default ima: add Kconfig default measurement list template ...
| * | tpm: use tabs instead of whitespaces in KconfigPeter Huewe2013-10-221-8/+8
| | | | | | | | | | | | | | | | | | just like the other entries Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Fix module name description in Kconfig for tpm_i2c_infineonPeter Huewe2013-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | This patch changes the displayed module name from tpm_tis_i2c_infineon to its actual name tpm_i2c_infineon. Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Add support for Atmel I2C TPMsJason Gunthorpe2013-10-223-0/+294
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is based on the work of Teddy Reed <teddy@prosauce.org> published on GitHub: https://github.com/theopolis/tpm-i2c-atmel.git 34894b988b67e0ae55088d6388e77b0dbf10c07d That driver was never merged, I have taken it as a starting port, forward ported, tested and revised the driver: - Make it broadly textually similar to the Infineon and Nuvoton I2C driver - Place everything in a format suitable for mainline inclusion - Use high level I2C functions i2c_master_send and i2c_master_recv for data xfer - Use the timeout system from the core code, by faking out a status register - Only I2C transfer the number of bytes in the reply, not a fixed message size. - checkpatch cleanups - Testing on ARM Kirkwood, with this device tree, using a AT97SC3204T-X1A180 tpm@29 { compatible = "atmel,at97sc3204t"; reg = <0x29>; }; Signed-off-by: Teddy Reed <teddy@prosauce.org> [jgg: revised and tested] Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> [phuewe: minor whitespace changes] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Add support for the Nuvoton NPCT501 I2C TPMJason Gunthorpe2013-10-223-0/+721
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This chip is/was also branded as a Winbond WPCT301. Originally written by Dan Morav <dmorav@nuvoton.com> and posted to LKML: https://lkml.org/lkml/2011/9/7/206 The original posting was not merged, I have taken it as a starting point, forward ported, tested and revised the driver: - Rework interrupt handling to work properly with level triggered interrupts. The old version just locked up. - Synchronize various items with Peter Huewe's Infineon driver: * Add durations/timeouts sysfs calls * Remove I2C device auto-detection * Don't fiddle with chip->release * Call tpm_dev_vendor_release in the probe error path * Use MODULE_DEVICE_TABLE for the I2C ids * Provide OF compatible strings for DT support * Use SIMPLE_DEV_PM_OPS * Use module_i2c_driver - checkpatch cleanups - Testing on ARM Kirkwood with GPIO interrupts, with this device tree: tpm@57 { compatible = "nuvoton,npct501"; reg = <0x57>; interrupt-parent = <&gpio1>; interrupts = <6 IRQ_TYPE_LEVEL_LOW>; }; Signed-off-by: Dan Morav <dmorav@nuvoton.com> [jgg: revised and tested] Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> [phuewe: minor whitespace changes, fixed module name in kconfig] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Merge the tpm-bios module with tpm.oJason Gunthorpe2013-10-223-11/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we can have multiple .c files in the tpm module there is no reason for tpm-bios. tpm-bios exported several functions: tpm_bios_log_setup, tpm_bios_log_teardown, tpm_add_ppi, and tpm_remove_ppi. They are only used by tpm, and if tpm-bios is built then tpm will unconditionally require them. Further, tpm-bios does nothing on its own, it has no module_init function. Thus we remove the exports and merge the modules to simplify things. The Makefile conditions are changed slightly to match the code, tpm_ppi is always required if CONFIG_ACPI is set. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
| * | tpm: Rename tpm.c to tpm-interface.cJason Gunthorpe2013-10-222-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is preparation for making the tpm module multi-file. kbuild does not like having a .c file with the same name as a module. We wish to keep the tpm module name so that userspace doesn't see this change. tpm-interface.c is chosen because the next several commits in the series migrate items into tpm-sysfs.c, tpm-dev.c and tpm-class.c. All that will be left is tpm command processing and interfacing code. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
| * | tpm: cleanup checkpatch warningsPeter Huewe2013-10-221-22/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | before we rename the file it might be a good idea to cleanup the long persisting checkpatch warnings. Since everything is really trivial, splitting the patch up would only result in noise. For the interested reader - here the checkpatch warnings: (regrouped for easer readability) ERROR: trailing whitespace + * Specifications at www.trustedcomputinggroup.org^I $ + * $ +^I/* $ +^I parameters (RSA 12->bytes: keybit, #primes, expbit) $ WARNING: unnecessary whitespace before a quoted newline + "invalid count value %x %zx \n", count, bufsiz); ERROR: do not use assignment in if condition + if ((rc = chip->vendor.send(chip, (u8 *) buf, count)) < 0) { ERROR: space required after that ',' (ctx:VxV) + len = tpm_transmit(chip,(u8 *) cmd, len); ^ ERROR: "foo * bar" should be "foo *bar" +ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, +ssize_t tpm_show_temp_deactivated(struct device * dev, + struct device_attribute * attr, char *buf) WARNING: please, no space before tabs + * @chip_num: ^Itpm idx # or ANY$ + * @res_buf: ^ITPM_PCR value$ + * ^I^Isize of res_buf is 20 bytes (or NULL if you don't care)$ + * @chip_num: ^Itpm idx # or AN&$ + * @hash: ^Ihash value used to extend pcr value$ ERROR: code indent should use tabs where possible +^I TPM_ORD_CONTINUE_SELFTEST);$ WARNING: line over 80 characters +static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, bool check_cancel, ERROR: trailing whitespace + * Called from tpm_<specific>.c probe function only for devices $ total: 16 errors, 7 warnings, 1554 lines checked Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Remove tpm_show_caps_1_2Jason Gunthorpe2013-10-226-39/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The version of the TPM should not depend on the bus it is connected through. 1.1, 1.2 and soon 2.0 TPMS will be all be able to use the same bus interfaces. Make tpm_show_caps try the 1.2 capability first. If that fails then fall back to the 1.1 capability. This effectively auto-detects what interface the TPM supports at run-time. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: st33: Remove chip->data_buffer access from this driverJason Gunthorpe2013-10-221-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some reason this driver thinks that chip->data_buffer needs to be set before it can call tpm_pm_*. This is not true. data_buffer is used only by /dev/tpmX, which is why it is managed exclusively by the fops functions. Cc: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
| * | tpm: Remove redundant dev_set_drvdataJason Gunthorpe2013-10-223-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TPM drivers should not call dev_set_drvdata (or aliases), only the core code is allowed to call dev_set_drvdata, and it does it during tpm_register_hardware. These extra sets are harmless, but are an anti-pattern that many drivers have copied. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Acked-by: Ashley Lai <adlai@linux.vnet.ibm.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Use container_of to locate the tpm_chip in tpm_openJason Gunthorpe2013-10-221-17/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | misc_open sets the file->private_date to the misc_dev when calling open. We can use container_of to go from the misc_dev back to the tpm_chip. Future clean ups will move tpm_open into a new file and this change means we do not have to export the tpm_chip list. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Acked-by: Ashley Lai <adlai@linux.vnet.ibm.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: Store devname in the tpm_chipJason Gunthorpe2013-10-222-11/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just put the memory directly in the chip structure, rather than in a 2nd dedicated kmalloc. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Acked-by: Ashley Lai <adlai@linux.vnet.ibm.com>
| * | tpm atmel: Call request_region with the correct baseJason Gunthorpe2013-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit e0dd03caf20d040a0a86 ("tpm: return chip from tpm_register_hardware") changed the code path here so that ateml_get_base_addr no longer directly altered the tpm_vendor_specific structure, and instead placed the base address on the stack. The commit missed updating the request_region call, which would have resulted in request_region being called with 0 as the base address. I don't know if request_region(0, ..) will fail, if so the driver has been broken since 2006 and we should remove it from the tree as it has no users. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
| * | tpm: ibmvtpm: Use %zd formatting for size_t format argumentsJason Gunthorpe2013-10-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This suppresses compile warnings on 32 bit builds. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Acked-by: Ashley Lai <adlai@linux.vnet.ibm.com>
* | | Merge tag 'random_for_linus' of ↵Linus Torvalds2013-11-161-242/+405
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull /dev/random changes from Ted Ts'o: "The /dev/random changes for 3.13 including a number of improvements in the following areas: performance, avoiding waste of entropy, better tracking of entropy estimates, support for non-x86 platforms that have a register which can't be used for fine-grained timekeeping, but which might be good enough for the random driver. Also add some printk's so that we can see how quickly /dev/urandom can get initialized, and when programs try to use /dev/urandom before it is fully initialized (since this could be a security issue). This shouldn't be an issue on x86 desktop/laptops --- a test on my Lenovo T430s laptop shows that /dev/urandom is getting fully initialized approximately two seconds before the root file system is mounted read/write --- this may be an issue with ARM and MIPS embedded/mobile systems, though. These printk's will be a useful canary before potentially adding a future change to start blocking processes which try to read from /dev/urandom before it is initialized, which is something FreeBSD does already for security reasons, and which security folks have been agitating for Linux to also adopt" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: add debugging code to detect early use of get_random_bytes() random: initialize the last_time field in struct timer_rand_state random: don't zap entropy count in rand_initialize() random: printk notifications for urandom pool initialization random: make add_timer_randomness() fill the nonblocking pool first random: convert DEBUG_ENT to tracepoints random: push extra entropy to the output pools random: drop trickle mode random: adjust the generator polynomials in the mixing function slightly random: speed up the fast_mix function by a factor of four random: cap the rate which the /dev/urandom pool gets reseeded random: optimize the entropy_store structure random: optimize spinlock use in add_device_randomness() random: fix the tracepoint for get_random_bytes(_arch) random: account for entropy loss due to overwrites random: allow fractional bits to be tracked random: statically compute poolbitshift, poolbytes, poolbits random: mix in architectural randomness earlier in extract_buf()
| * | | random: add debugging code to detect early use of get_random_bytes()Theodore Ts'o2013-11-041-0/+9
| | | | | | | | | | | | | | | | Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: initialize the last_time field in struct timer_rand_stateTheodore Ts'o2013-11-041-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we initialize jiffies to wrap five minutes before boot (see INITIAL_JIFFIES defined in include/linux/jiffies.h) it's important to make sure the last_time field is initialized to INITIAL_JIFFIES. Otherwise, the entropy estimator will overestimate the amount of entropy resulting from the first call to add_timer_randomness(), generally by about 8 bits. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: don't zap entropy count in rand_initialize()Theodore Ts'o2013-11-041-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rand_initialize() function was being run fairly late in the kernel boot sequence. This was unfortunate, since it zero'ed the entropy counters, thus throwing away credit that was accumulated earlier in the boot sequence, and it also meant that initcall functions run before rand_initialize were using a minimally initialized pool. To fix this, fix init_std_data() to no longer zap the entropy counter; it wasn't necessary, and move rand_initialize() to be an early initcall. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: printk notifications for urandom pool initializationTheodore Ts'o2013-11-041-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Print a notification to the console when the nonblocking pool is initialized. Also printk a warning when a process tries reading from /dev/urandom before it is fully initialized. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: make add_timer_randomness() fill the nonblocking pool firstTheodore Ts'o2013-11-041-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change add_timer_randomness() so that it directs incoming entropy to the nonblocking pool first if it hasn't been fully initialized yet. This matches the strategy we use in add_interrupt_randomness(), which allows us to push the randomness where we need it the most during when the system is first booting up, so that get_random_bytes() and /dev/urandom become safe to use as soon as possible. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: convert DEBUG_ENT to tracepointsTheodore Ts'o2013-10-101-36/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using the random driver's ad-hoc DEBUG_ENT() mechanism, use tracepoints instead. This allows for a much more fine-grained control of which debugging mechanism which a developer might need, and unifies the debugging messages with all of the existing tracepoints. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: push extra entropy to the output poolsTheodore Ts'o2013-10-101-32/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the input pool gets filled, start transfering entropy to the output pools until they get filled. This allows us to use the output pools to store more system entropy. Waste not, want not.... Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: drop trickle modeTheodore Ts'o2013-10-101-17/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The add_timer_randomness() used to drop into trickle mode when entropy pool was estimated to be 87.5% full. This was important when add_timer_randomness() was used to sample interrupts. It's not used for this any more --- add_interrupt_randomness() now uses fast_mix() instead. By elimitating trickle mode, it allows us to fully utilize entropy provided by add_input_randomness() and add_disk_randomness() even when the input pool is above the old trickle threshold of 87.5%. This helps to answer the criticism in [1] in their hypothetical scenario where our entropy estimator was inaccurate, even though the measurements in [2] seem to indicate that our entropy estimator given real-life entropy collection is actually pretty good, albeit on the conservative side (which was as it was designed). [1] http://eprint.iacr.org/2013/338.pdf [2] http://eprint.iacr.org/2012/251.pdf Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: adjust the generator polynomials in the mixing function slightlyTheodore Ts'o2013-10-101-54/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our mixing functions were analyzed by Lacharme, Roeck, Strubel, and Videau in their paper, "The Linux Pseudorandom Number Generator Revisited" (see: http://eprint.iacr.org/2012/251.pdf). They suggested a slight change to improve our mixing functions slightly. I also adjusted the comments to better explain what is going on, and to document why the polynomials were changed. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: speed up the fast_mix function by a factor of fourTheodore Ts'o2013-10-101-22/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By mixing the entropy in chunks of 32-bit words instead of byte by byte, we can speed up the fast_mix function significantly. Since it is called on every single interrupt, on systems with a very heavy interrupt load, this can make a noticeable difference. Also fix a compilation warning in add_interrupt_randomness() and avoid xor'ing cycles and jiffies together just in case we have an architecture which tries to define random_get_entropy() by returning jiffies. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Reported-by: Jörn Engel <joern@logfs.org>
| * | | random: cap the rate which the /dev/urandom pool gets reseededTheodore Ts'o2013-10-101-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to avoid draining the input pool of its entropy at too high of a rate, enforce a minimum time interval between reseedings of the urandom pool. This is set to 60 seconds by default. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: optimize the entropy_store structureTheodore Ts'o2013-10-101-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use smaller types to slightly shrink the size of the entropy store structure. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: optimize spinlock use in add_device_randomness()Theodore Ts'o2013-10-101-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The add_device_randomness() function calls mix_pool_bytes() twice for the input pool and the non-blocking pool, for a total of four times. By using _mix_pool_byte() and taking the spinlock in add_device_randomness(), we can halve the number of times we need take each pool's spinlock. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: fix the tracepoint for get_random_bytes(_arch)Theodore Ts'o2013-10-101-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a problem where get_random_bytes_arch() was calling the tracepoint get_random_bytes(). So add a new tracepoint for get_random_bytes_arch(), and make get_random_bytes() and get_random_bytes_arch() call their correct tracepoint. Also, add a new tracepoint for add_device_randomness() Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| * | | random: account for entropy loss due to overwritesH. Peter Anvin2013-10-101-8/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we write entropy into a non-empty pool, we currently don't account at all for the fact that we will probabilistically overwrite some of the entropy in that pool. This means that unless the pool is fully empty, we are currently *guaranteed* to overestimate the amount of entropy in the pool! Assuming Shannon entropy with zero correlations we end up with an exponentally decaying value of new entropy added: entropy <- entropy + (pool_size - entropy) * (1 - exp(-add_entropy/pool_size)) However, calculations involving fractional exponentials are not practical in the kernel, so apply a piecewise linearization: For add_entropy <= pool_size/2 then (1 - exp(-add_entropy/pool_size)) >= (add_entropy/pool_size)*0.7869... ... so we can approximate the exponential with 3/4*add_entropy/pool_size and still be on the safe side by adding at most pool_size/2 at a time. In order for the loop not to take arbitrary amounts of time if a bad ioctl is received, terminate if we are within one bit of full. This way the loop is guaranteed to terminate after no more than log2(poolsize) iterations, no matter what the input value is. The vast majority of the time the loop will be executed exactly once. The piecewise linearization is very conservative, approaching 3/4 of the usable input value for small inputs, however, our entropy estimation is pretty weak at best, especially for small values; we have no handle on correlation; and the Shannon entropy measure (Rényi entropy of order 1) is not the correct one to use in the first place, but rather the correct entropy measure is the min-entropy, the Rényi entropy of infinite order. As such, this conservatism seems more than justified. This does introduce fractional bit values. I have left it to have 3 bits of fraction, so that with a pool of 2^12 bits the multiply in credit_entropy_bits() can still fit into an int, as 2*(3+12) < 31. It is definitely possible to allow for more fractional accounting, but that multiply then would have to be turned into a 32*32 -> 64 multiply. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: DJ Johnston <dj.johnston@intel.com>
| * | | random: allow fractional bits to be trackedH. Peter Anvin2013-10-101-46/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow fractional bits of entropy to be tracked by scaling the entropy counter (fixed point). This will be used in a subsequent patch that accounts for entropy lost due to overwrites. [ Modified by tytso to fix up a few missing places where the entropy_count wasn't properly converted from fractional bits to bits. ] Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
| * | | random: statically compute poolbitshift, poolbytes, poolbitsH. Peter Anvin2013-10-101-20/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a macro to statically compute poolbitshift (will be used in a subsequent patch), poolbytes, and poolbits. On virtually all architectures the cost of a memory load with an offset is the same as the one of a memory load. It is still possible for this to generate worse code since the C compiler doesn't know the fixed relationship between these fields, but that is somewhat unlikely. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
| * | | random: mix in architectural randomness earlier in extract_buf()Theodore Ts'o2013-10-101-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously if CPU chip had a built-in random number generator (i.e., RDRAND on newer x86 chips), we mixed it in at the very end of extract_buf() using an XOR operation. We now mix it in right after the calculate a hash across the entire pool. This has the advantage that any contribution of entropy from the CPU's HWRNG will get mixed back into the pool. In addition, it means that if the HWRNG has any defects (either accidentally or maliciously introduced), this will be mitigated via the non-linear transform of the SHA-1 hash function before we hand out generated output. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
* | | | Merge tag 'virtio-next-for-linus' of ↵Linus Torvalds2013-11-152-16/+13
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux Pull virtio updates from Rusty Russell: "Nothing really exciting: some groundwork for changing virtio endian, and some robustness fixes for broken virtio devices, plus minor tweaks" * tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: virtio_scsi: verify if queue is broken after virtqueue_get_buf() x86, asmlinkage, lguest: Pass in globals into assembler statement virtio: mmio: fix signature checking for BE guests virtio_ring: adapt to notify() returning bool virtio_net: verify if queue is broken after virtqueue_get_buf() virtio_console: verify if queue is broken after virtqueue_get_buf() virtio_blk: verify if queue is broken after virtqueue_get_buf() virtio_ring: add new function virtqueue_is_broken() virtio_test: verify if virtqueue_kick() succeeded virtio_net: verify if virtqueue_kick() succeeded virtio_ring: let virtqueue_{kick()/notify()} return a bool virtio_ring: change host notification API virtio_config: remove virtio_config_val virtio: use size-based config accessors. virtio_config: introduce size-based accessors. virtio_ring: plug kmemleak false positive. virtio: pm: use CONFIG_PM_SLEEP instead of CONFIG_PM
| * | | | virtio_console: verify if queue is broken after virtqueue_get_buf()Heinz Graalfs2013-10-291-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If virtqueue_get_buf() returns with a NULL pointer it should be verified if the virtqueue is broken, in order to avoid loop calling cpu_relax(). Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
| * | | | virtio: use size-based config accessors.Rusty Russell2013-10-171-10/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This lets the transport do endian conversion if necessary, and insulates the drivers from the difference. Most drivers can use the simple helpers virtio_cread() and virtio_cwrite(). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
| * | | | virtio: pm: use CONFIG_PM_SLEEP instead of CONFIG_PMAaron Lu2013-09-232-4/+4
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The freeze and restore functions defined in virtio drivers are used for suspend and hibernate, so CONFIG_PM_SLEEP is more appropriate than CONFIG_PM. This patch replace all CONFIG_PM with CONFIG_PM_SLEEP for virtio drivers that implement freeze and restore callbacks. Signed-off-by: Aaron Lu <aaron.lu@intel.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* | | | tree-wide: use reinit_completion instead of INIT_COMPLETIONWolfram Sang2013-11-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use this new function to make code more comprehensible, since we are reinitialzing the completion, not initializing. [akpm@linux-foundation.org: linux-next resyncs] Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Acked-by: Linus Walleij <linus.walleij@linaro.org> (personally at LCE13) Cc: Ingo Molnar <mingo@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>