Merge tag 'char-misc-5.13-rc1-round2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull char/misc driver fixes from Greg KH:
"Here are two char/misc fixes for 5.13-rc1 to resolve reported issues.

The first is a bugfix for the nitro_enclaves driver that fixed some
important problems. The second was a dyndbg bugfix that resolved some
reported problems in dynamic debugging control.

Both have been in linux-next for a while with no reported issues"

* tag 'char-misc-5.13-rc1-round2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
dyndbg: fix parsing file query without a line-range suffix
nitro_enclaves: Fix stale file descriptors on failed usercopy

Linus Torvalds 5 years ago 5a5bcd43 d8cb379c

+18 -27

2 changed files

expand all

drivers

virt

nitro_enclaves

ne_misc_dev.c

lib

dynamic_debug.c

+17 -26

drivers/virt/nitro_enclaves/ne_misc_dev.c

··· 1524 1524 * enclave file descriptor to be further used for enclave 1525 1525 * resources handling e.g. memory regions and CPUs. 1526 1526 * @ne_pci_dev : Private data associated with the PCI device. 1527 - * @slot_uid: Generated unique slot id associated with an enclave. 1527 + * @slot_uid: User pointer to store the generated unique slot id 1528 + * associated with an enclave to. 1528 1529 * 1529 1530 * Context: Process context. This function is called with the ne_pci_dev enclave 1530 1531 * mutex held. ··· 1533 1532 * * Enclave fd on success. 1534 1533 * * Negative return value on failure. 1535 1534 */ 1536 - static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 *slot_uid) 1535 + static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_uid) 1537 1536 { 1538 1537 struct ne_pci_dev_cmd_reply cmd_reply = {}; 1539 1538 int enclave_fd = -1; ··· 1635 1634 1636 1635 list_add(&ne_enclave->enclave_list_entry, &ne_pci_dev->enclaves_list); 1637 1636 1638 - *slot_uid = ne_enclave->slot_uid; 1637 + if (copy_to_user(slot_uid, &ne_enclave->slot_uid, sizeof(ne_enclave->slot_uid))) { 1638 + /* 1639 + * As we're holding the only reference to 'enclave_file', fput() 1640 + * will call ne_enclave_release() which will do a proper cleanup 1641 + * of all so far allocated resources, leaving only the unused fd 1642 + * for us to free. 1643 + */ 1644 + fput(enclave_file); 1645 + put_unused_fd(enclave_fd); 1646 + 1647 + return -EFAULT; 1648 + } 1639 1649 1640 1650 fd_install(enclave_fd, enclave_file); 1641 1651 ··· 1683 1671 switch (cmd) { 1684 1672 case NE_CREATE_VM: { 1685 1673 int enclave_fd = -1; 1686 - struct file *enclave_file = NULL; 1687 1674 struct ne_pci_dev *ne_pci_dev = ne_devs.ne_pci_dev; 1688 - int rc = -EINVAL; 1689 - u64 slot_uid = 0; 1675 + u64 __user *slot_uid = (void __user *)arg; 1690 1676 1691 1677 mutex_lock(&ne_pci_dev->enclaves_list_mutex); 1692 - 1693 - enclave_fd = ne_create_vm_ioctl(ne_pci_dev, &slot_uid); 1694 - if (enclave_fd < 0) { 1695 - rc = enclave_fd; 1696 - 1697 - mutex_unlock(&ne_pci_dev->enclaves_list_mutex); 1698 - 1699 - return rc; 1700 - } 1701 - 1678 + enclave_fd = ne_create_vm_ioctl(ne_pci_dev, slot_uid); 1702 1679 mutex_unlock(&ne_pci_dev->enclaves_list_mutex); 1703 - 1704 - if (copy_to_user((void __user *)arg, &slot_uid, sizeof(slot_uid))) { 1705 - enclave_file = fget(enclave_fd); 1706 - /* Decrement file refs to have release() called. */ 1707 - fput(enclave_file); 1708 - fput(enclave_file); 1709 - put_unused_fd(enclave_fd); 1710 - 1711 - return -EFAULT; 1712 - } 1713 1680 1714 1681 return enclave_fd; 1715 1682 }

+1 -1

lib/dynamic_debug.c

··· 396 396 /* tail :$info is function or line-range */ 397 397 fline = strchr(query->filename, ':'); 398 398 if (!fline) 399 - break; 399 + continue; 400 400 *fline++ = '\0'; 401 401 if (isalpha(*fline) || *fline == '*' || *fline == '?') { 402 402 /* take as function name */