1. 12 Nov, 2020 4 commits
  2. 11 Nov, 2020 10 commits
  3. 10 Nov, 2020 6 commits
  4. 09 Nov, 2020 2 commits
    • Stefano Brivio's avatar
      tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies · 77a2d673
      Stefano Brivio authored
      Jianlin reports that a bridged IPv6 VXLAN endpoint, carrying IPv6
      packets over a link with a PMTU estimation of exactly 1350 bytes,
      won't trigger ICMPv6 Packet Too Big replies when the encapsulated
      datagrams exceed said PMTU value. VXLAN over IPv6 adds 70 bytes of
      overhead, so an ICMPv6 reply indicating 1280 bytes as inner MTU
      would be legitimate and expected.
      
      This comes from an off-by-one error I introduced in checks added
      as part of commit 4cb47a86 ("tunnels: PMTU discovery support
      for directly bridged IP packets"), whose purpose was to prevent
      sending ICMPv6 Packet Too Big messages with an MTU lower than the
      smallest permissible IPv6 link MTU, i.e. 1280 bytes.
      
      In iptunnel_pmtud_check_icmpv6(), avoid triggering a reply only if
      the advertised MTU would be less than, and not equal to, 1280 bytes.
      
      Also fix the analogous comparison for IPv4, that is, skip the ICMP
      reply only if the resulting MTU is strictly less than 576 bytes.
      
      This becomes apparent while running the net/pmtu.sh bridged VXLAN
      or GENEVE selftests with adjusted lower-link MTU values. Using
      e.g. GENEVE, setting ll_mtu to the values reported below, in the
      test_pmtu_ipvX_over_bridged_vxlanY_or_geneveY_exception() test
      function, we can see failures on the following tests:
      
                   test                | ll_mtu
        -------------------------------|--------
        pmtu_ipv4_br_geneve4_exception |   626
        pmtu_ipv6_br_geneve4_exception |  1330
        pmtu_ipv6_br_geneve6_exception |  1350
      
      owing to the different tunneling overheads implied by the
      corresponding configurations.
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Fixes: 4cb47a86 ("tunnels: PMTU discovery support for directly bridged IP packets")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Link: https://lore.kernel.org/r/4f5fc2f33bfdf8409549fafd4f952b008bf04d63.1604681709.git.sbrivio@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      77a2d673
    • Oliver Herms's avatar
      IPv6: Set SIT tunnel hard_header_len to zero · 8ef9ba4d
      Oliver Herms authored
      Due to the legacy usage of hard_header_len for SIT tunnels while
      already using infrastructure from net/ipv4/ip_tunnel.c the
      calculation of the path MTU in tnl_update_pmtu is incorrect.
      This leads to unnecessary creation of MTU exceptions for any
      flow going over a SIT tunnel.
      
      As SIT tunnels do not have a header themsevles other than their
      transport (L3, L2) headers we're leaving hard_header_len set to zero
      as tnl_update_pmtu is already taking care of the transport headers
      sizes.
      
      This will also help avoiding unnecessary IPv6 GC runs and spinlock
      contention seen when using SIT tunnels and for more than
      net.ipv6.route.gc_thresh flows.
      
      Fixes: c5441932 ("GRE: Refactor GRE tunneling code.")
      Signed-off-by: default avatarOliver Herms <oliver.peter.herms@gmail.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Link: https://lore.kernel.org/r/20201103104133.GA1573211@twsSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8ef9ba4d
  5. 07 Nov, 2020 5 commits
  6. 06 Nov, 2020 13 commits
    • KP Singh's avatar
      bpf: Update verification logic for LSM programs · 6f64e477
      KP Singh authored
      The current logic checks if the name of the BTF type passed in
      attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
      allows attachment to non-LSM hooks like the very function that performs
      this check, i.e. bpf_lsm_verify_prog.
      
      In order to ensure that this verification logic allows attachment to
      only LSM hooks, the LSM_HOOK definitions in lsm_hook_defs.h are used to
      generate a BTF_ID set. Upon verification, the attach_btf_id of the
      program being attached is checked for presence in this set.
      
      Fixes: 9e4e01df ("bpf: lsm: Implement attach, detach and execution")
      Signed-off-by: default avatarKP Singh <kpsingh@google.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Link: https://lore.kernel.org/bpf/20201105230651.2621917-1-kpsingh@chromium.org
      6f64e477
    • Linus Torvalds's avatar
      Merge branch 'mtd/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux · bf3e7628
      Linus Torvalds authored
      Pull mtd fixes from Miquel Raynal.
      
      * 'mtd/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
        mtd: rawnand: stm32_fmc2: fix broken ECC
        mtd: spi-nor: Fix address width on flash chips > 16MB
        mtd: spi-nor: Don't copy self-pointing struct around
        mtd: rawnand: ifc: Move the ECC engine initialization to the right place
        mtd: rawnand: mxc: Move the ECC engine initialization to the right place
      bf3e7628
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v5.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · 44d80621
      Linus Torvalds authored
      Pull spi fix from Mark Brown:
       "This is an additional fix on top of 5e31ba0c ('spi: bcm2835: fix
        gpio cs level inversion') - when sending my prior pull request I had
        misremembred the status of that patch, apologies for the noise here"
      
      * tag 'spi-fix-v5.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: bcm2835: remove use of uninitialized gpio flags variable
      44d80621
    • Linus Torvalds's avatar
      Merge tag 'sound-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · bb72bbe8
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Quite a bunch of small fixes that have been gathered since the last
        pull, including changes like below:
      
         - HD-audio runtime PM fixes and refactoring
      
         - HD-audio and USB-audio quirks
      
         - SOF warning fix
      
         - Various ASoC device-specific fixes for Intel, Qualcomm, etc"
      
      * tag 'sound-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (26 commits)
        ALSA: usb-audio: Add implicit feedback quirk for Qu-16
        ASoC: mchp-spdiftx: Do not set Validity bit(s)
        ALSA: usb-audio: Add implicit feedback quirk for MODX
        ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
        ALSA: hda/realtek - Enable headphone for ASUS TM420
        ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
        ASoC: qcom: lpass-cpu: Fix clock disable failure
        ASoC: qcom: lpass-sc7180: Fix MI2S bitwidth field bit positions
        ASoC: codecs: wcd9335: Set digital gain range correctly
        ASoC: codecs: wcd934x: Set digital gain range correctly
        ALSA: hda: Reinstate runtime_allow() for all hda controllers
        ALSA: hda: Separate runtime and system suspend
        ALSA: hda: Refactor codec PM to use direct-complete optimization
        ALSA: hda/realtek - Fixed HP headset Mic can't be detected
        ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2
        ALSA: make snd_kcontrol_new name a normal string
        ALSA: fix kernel-doc markups
        ASoC: SOF: loader: handle all SOF_IPC_EXT types
        ASoC: cs42l51: manage mclk shutdown delay
        ASoC: qcom: sdm845: set driver name correctly
        ...
      bb72bbe8
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2020-11-06-1' of git://anongit.freedesktop.org/drm/drm · fc7b66ef
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "It's Friday here so that means another installment of drm fixes to
        distract you from the counting process.
      
        Changes all over the place, the amdgpu changes contain support for a
        new GPU that is close to current one already in the tree (Green
        Sardine) so it shouldn't have much side effects.
      
        Otherwise imx has a few cleanup patches and fixes, amdgpu and i915
        have around the usual smattering of fixes, fonts got constified, and
        vc4/panfrost has some minor fixes. All in all a fairly regular rc3.
      
        We have an outstanding nouveau regression, but the author is looking
        into the fix, so should be here next week.
      
        I now return you to counting.
      
        fonts:
         - constify font structures.
      
        MAINTAINERS:
         - Fix path for amdgpu power management
      
        amdgpu:
         - Add support for more navi1x SKUs
         - Fix for suspend on CI dGPUs
         - VCN DPG fix for Picasso
         - Sienna Cichlid fixes
         - Polaris DPM fix
         - Add support for Green Sardine
      
        amdkfd:
         - Fix an allocation failure check
      
        i915:
         - Fix set domain's cache coherency
         - Fixes around breadcrumbs
         - Fix encoder lookup during PSR atomic
         - Hold onto an explicit ref to i915_vma_work.pinned
         - gvt: HWSP reset handling fix
         - gvt: flush workaround
         - gvt: vGPU context pin/unpin
         - gvt: mmio cmd access fix for bxt/apl
      
        imx:
         - drop unused functions and callbacks
         - reuse imx_drm_encoder_parse_of
         - spinlock rework
         - memory leak fix
         - minor cleanups
      
        vc4:
         - resource cleanup fix
      
        panfrost:
         - madvise/shrinker fix"
      
      * tag 'drm-fixes-2020-11-06-1' of git://anongit.freedesktop.org/drm/drm: (55 commits)
        drm/amdgpu/display: remove DRM_AMD_DC_GREEN_SARDINE
        drm/amd/display: Add green_sardine support to DM
        drm/amd/display: Add green_sardine support to DC
        drm/amdgpu: enable vcn support for green_sardine (v2)
        drm/amdgpu: enable green_sardine_asd.bin loading (v2)
        drm/amdgpu/sdma: add sdma engine support for green_sardine (v2)
        drm/amdgpu: add gfx support for green_sardine (v2)
        drm/amdgpu: add soc15 common ip block support for green_sardine (v3)
        drm/amdgpu: add green_sardine support for gpu_info and ip block setting (v2)
        drm/amdgpu: add Green_Sardine APU flag
        drm/amdgpu: resolved ASD loading issue on sienna
        amdkfd: Check kvmalloc return before memcpy
        drm/amdgpu: update golden setting for sienna_cichlid
        amd/amdgpu: Disable VCN DPG mode for Picasso
        drm/amdgpu/swsmu: remove duplicate call to smu_set_default_dpm_table
        drm/i915: Hold onto an explicit ref to i915_vma_work.pinned
        drm/i915/gt: Flush xcs before tgl breadcrumbs
        drm/i915/gt: Expose more parameters for emitting writes into the ring
        drm/i915: Fix encoder lookup during PSR atomic check
        drm/i915/gt: Use the local HWSP offset during submission
        ...
      fc7b66ef
    • Linus Torvalds's avatar
      Merge tag 'tpmdd-next-v5.10-rc4' of... · 28ced768
      Linus Torvalds authored
      Merge tag 'tpmdd-next-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
      
      Pull tpm fixes from Jarkko Sakkinen:
       "Two critical tpm driver bug fixes"
      
      * tag 'tpmdd-next-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
        tpm: efi: Don't create binary_bios_measurements file for an empty log
        tpm_tis: Disable interrupts on ThinkPad T490s
      28ced768
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v5.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 02a2aa35
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Fix a NULL-ptr dereference in the Intel VT-d driver
      
       - Two fixes for Intel SVM support
      
       - Increase IRQ remapping table size in the AMD IOMMU driver. The old
         number of 128 turned out to be too low for some recent devices.
      
       - Fix a mask check in generic IOMMU code
      
      * tag 'iommu-fixes-v5.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu: Fix a check in iommu_check_bind_data()
        iommu/vt-d: Fix a bug for PDP check in prq_event_thread
        iommu/vt-d: Fix sid not set issue in intel_svm_bind_gpasid()
        iommu/vt-d: Fix kernel NULL pointer dereference in find_domain()
        iommu/amd: Increase interrupt remapping table limit to 512 entries
      02a2aa35
    • Linus Torvalds's avatar
      Merge tag 'vfio-v5.10-rc3' of git://github.com/awilliam/linux-vfio · 1669ecf9
      Linus Torvalds authored
      Pull VFIO fixes from Alex Williamson:
      
       - Remove code by using existing helper (Zenghui Yu)
      
       - fsl-mc copy-user return and underflow fixes (Dan Carpenter)
      
       - fsl-mc static function declaration (Diana Craciun)
      
       - Fix ioeventfd sleeping under spinlock (Alex Williamson)
      
       - Fix pm reference count leak in vfio-platform (Zhang Qilong)
      
       - Allow opening IGD device w/o OpRegion support (Fred Gao)
      
      * tag 'vfio-v5.10-rc3' of git://github.com/awilliam/linux-vfio:
        vfio/pci: Bypass IGD init in case of -ENODEV
        vfio: platform: fix reference leak in vfio_platform_open
        vfio/pci: Implement ioeventfd thread handler for contended memory lock
        vfio/fsl-mc: Make vfio_fsl_mc_irqs_allocate static
        vfio/fsl-mc: prevent underflow in vfio_fsl_mc_mmap()
        vfio/fsl-mc: return -EFAULT if copy_to_user() fails
        vfio/type1: Use the new helper to find vfio_group
      1669ecf9
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 30f3f68e
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Here's the weekly batch of fixes for arm64. Not an awful lot here, but
        there are still a few unresolved issues relating to CPU hotplug, RCU
        and IRQ tracing that I hope to queue fixes for next week.
      
        Summary:
      
         - Fix early use of kprobes
      
         - Fix kernel placement in kexec_file_load()
      
         - Bump maximum number of NUMA nodes"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: kexec_file: try more regions if loading segments fails
        arm64: kprobes: Use BRK instead of single-step when executing instructions out-of-line
        arm64: NUMA: Kconfig: Increase NODES_SHIFT to 4
      30f3f68e
    • Linus Torvalds's avatar
      Merge tag 'arc-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · 4257087e
      Linus Torvalds authored
      Pull ARC fixes from Vineet Gupta:
      
       - Unbork HSDKv1 platform (won't boot) due to memory map issue
      
       - Prevent stack unwinder from infinite looping
      
      * tag 'arc-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: [plat-hsdk] Remap CCMs super early in asm boot trampoline
        ARC: stack unwinding: avoid indefinite looping
      4257087e
    • Linus Torvalds's avatar
      Merge tag 's390-5.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · ee518148
      Linus Torvalds authored
      Pull s390 fixes from Heiko Carstens:
      
       - fix reference counting for ap devices
      
       - fix paes selftest
      
       - fix pmd_deref()/pud_deref() so they can also handle large pages
      
       - remove unused vdso file and defines
      
       - update defconfigs
      
       - call rcu_cpu_starting() early in smp init code to avoid lockdep
         warnings
      
       - fix hotplug of PCI function missing bus
      
      * tag 's390-5.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/pci: fix hot-plug of PCI function missing bus
        s390/smp: move rcu_cpu_starting() earlier
        s390/pkey: fix paes selftest failure with paes and pkey static build
        s390: update defconfigs
        s390/vdso: remove unused constants
        s390/vdso: remove empty unused file
        s390/mm: make pmd/pud_deref() large page aware
        s390/ap: fix ap devices reference counting
      ee518148
    • Linus Torvalds's avatar
      Merge tag 'net-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 41f16530
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.10-rc3, including fixes from wireless, can, and
        netfilter subtrees.
      
        Current merge window - bugs in new features:
      
         - can: isotp: isotp_rcv_cf(): enable RX timeout handling in
           listen-only mode
      
        Previous releases - regressions:
      
         - mac80211:
            - don't require VHT elements for HE on 2.4 GHz
            - fix regression where EAPOL frames were sent in plaintext
      
         - netfilter:
            - ipset: Update byte and packet counters regardless of whether
              they match
      
         - ip_tunnel: fix over-mtu packet send by allowing fragmenting even if
           inner packet has IP_DF (don't fragment) set in its header (when
           TUNNEL_DONT_FRAGMENT flag is not set on the tunnel dev)
      
         - net: fec: fix MDIO probing for some FEC hardware blocks
      
         - ip6_tunnel: set inner ipproto before ip6_tnl_encap to un-break gso
           support
      
         - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian
           platforms, sparse-related fix used the wrong integer size
      
        Previous releases - always broken:
      
         - netfilter: use actual socket sk rather than skb sk when routing
           harder
      
         - r8169: work around short packet hw bug on RTL8125 by padding frames
      
         - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping
           advertisement, the hardware does not support it
      
         - chelsio/chtls: fix always leaking ctrl_skb and another leak caused
           by a race condition
      
         - fix drivers incorrectly writing into skbs on TX:
            - cadence: force nonlinear buffers to be cloned
            - gianfar: Account for Tx PTP timestamp in the skb headroom
            - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
      
         - can: flexcan:
            - remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A
            - add ECC initialization for VF610 and LX2160A
            - flexcan_remove(): disable wakeup completely
      
         - can: fix packet echo functionality:
            - peak_canfd: fix echo management when loopback is on
            - make sure skbs are not freed in IRQ context in case they need to
              be dropped
            - always clone the skbs to make sure they have a reference on the
              socket, and prevent it from disappearing
            - fix real payload length return value for RTR frames
      
         - can: j1939: return failure on bind if netdev is down, rather than
           waiting indefinitely
      
        Misc:
      
         - IPv6: reply ICMP error if the first fragment don't include all
           headers to improve compliance with RFC 8200"
      
      * tag 'net-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (66 commits)
        ionic: check port ptr before use
        r8169: work around short packet hw bug on RTL8125
        net: openvswitch: silence suspicious RCU usage warning
        chelsio/chtls: fix always leaking ctrl_skb
        chelsio/chtls: fix memory leaks caused by a race
        can: flexcan: flexcan_remove(): disable wakeup completely
        can: flexcan: add ECC initialization for VF610
        can: flexcan: add ECC initialization for LX2160A
        can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A
        can: mcp251xfd: remove unneeded break
        can: mcp251xfd: mcp251xfd_regmap_nocrc_read(): fix semicolon.cocci warnings
        can: mcp251xfd: mcp251xfd_regmap_crc_read(): increase severity of CRC read error messages
        can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
        can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
        can: peak_usb: add range checking in decode operations
        can: xilinx_can: handle failure cases of pm_runtime_get_sync
        can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path
        can: isotp: padlen(): make const array static, makes object smaller
        can: isotp: isotp_rcv_cf(): enable RX timeout handling in listen-only mode
        can: isotp: Explain PDU in CAN_ISOTP help text
        ...
      41f16530
    • Tyler Hicks's avatar
      tpm: efi: Don't create binary_bios_measurements file for an empty log · 8ffd778a
      Tyler Hicks authored
      Mimic the pre-existing ACPI and Device Tree event log behavior by not
      creating the binary_bios_measurements file when the EFI TPM event log is
      empty.
      
      This fixes the following NULL pointer dereference that can occur when
      reading /sys/kernel/security/tpm0/binary_bios_measurements after the
      kernel received an empty event log from the firmware:
      
       BUG: kernel NULL pointer dereference, address: 000000000000002c
       #PF: supervisor read access in kernel mode
       #PF: error_code(0x0000) - not-present page
       PGD 0 P4D 0
       Oops: 0000 [#1] SMP PTI
       CPU: 2 PID: 3932 Comm: fwupdtpmevlog Not tainted 5.9.0-00003-g629990edad62 #17
       Hardware name: LENOVO 20LCS03L00/20LCS03L00, BIOS N27ET38W (1.24 ) 11/28/2019
       RIP: 0010:tpm2_bios_measurements_start+0x3a/0x550
       Code: 54 53 48 83 ec 68 48 8b 57 70 48 8b 1e 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 48 8b 82 c0 06 00 00 48 8b 8a c8 06 00 00 <44> 8b 60 1c 48 89 4d a0 4c 89 e2 49 83 c4 20 48 83 fb 00 75 2a 49
       RSP: 0018:ffffa9c901203db0 EFLAGS: 00010246
       RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000010
       RDX: ffff8ba1eb99c000 RSI: ffff8ba1e4ce8280 RDI: ffff8ba1e4ce8258
       RBP: ffffa9c901203e40 R08: ffffa9c901203dd8 R09: ffff8ba1ec443300
       R10: ffffa9c901203e50 R11: 0000000000000000 R12: ffff8ba1e4ce8280
       R13: ffffa9c901203ef0 R14: ffffa9c901203ef0 R15: ffff8ba1e4ce8258
       FS:  00007f6595460880(0000) GS:ffff8ba1ef880000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 000000000000002c CR3: 00000007d8d18003 CR4: 00000000003706e0
       DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
       Call Trace:
        ? __kmalloc_node+0x113/0x320
        ? kvmalloc_node+0x31/0x80
        seq_read+0x94/0x420
        vfs_read+0xa7/0x190
        ksys_read+0xa7/0xe0
        __x64_sys_read+0x1a/0x20
        do_syscall_64+0x37/0x80
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      In this situation, the bios_event_log pointer in the tpm_bios_log struct
      was not NULL but was equal to the ZERO_SIZE_PTR (0x10) value. This was
      due to the following kmemdup() in tpm_read_log_efi():
      
      int tpm_read_log_efi(struct tpm_chip *chip)
      {
      ...
      	/* malloc EventLog space */
      	log->bios_event_log = kmemdup(log_tbl->log, log_size, GFP_KERNEL);
      	if (!log->bios_event_log) {
      		ret = -ENOMEM;
      		goto out;
      	}
      ...
      }
      
      When log_size is zero, due to an empty event log from firmware,
      ZERO_SIZE_PTR is returned from kmemdup(). Upon a read of the
      binary_bios_measurements file, the tpm2_bios_measurements_start()
      function does not perform a ZERO_OR_NULL_PTR() check on the
      bios_event_log pointer before dereferencing it.
      
      Rather than add a ZERO_OR_NULL_PTR() check in functions that make use of
      the bios_event_log pointer, simply avoid creating the
      binary_bios_measurements_file as is done in other event log retrieval
      backends.
      
      Explicitly ignore all of the events in the final event log when the main
      event log is empty. The list of events in the final event log cannot be
      accurately parsed without referring to the first event in the main event
      log (the event log header) so the final event log is useless in such a
      situation.
      
      Fixes: 58cc1e4f ("tpm: parse TPM event logs based on EFI table")
      Link: https://lore.kernel.org/linux-integrity/E1FDCCCB-CA51-4AEE-AC83-9CDE995EAE52@canonical.com/Reported-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Reported-by: default avatarKenneth R. Crudup <kenny@panix.com>
      Reported-by: default avatarMimi Zohar <zohar@linux.ibm.com>
      Cc: Thiébaud Weksteen <tweek@google.com>
      Cc: Ard Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarTyler Hicks <tyhicks@linux.microsoft.com>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      8ffd778a