From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Wen Xu <wen.xu@gatech.edu>,
Chao Yu <yuchao0@huawei.com>, Jaegeuk Kim <jaegeuk@kernel.org>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 3.18 057/105] f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
Date: Mon, 24 Sep 2018 13:33:43 +0200 [thread overview]
Message-ID: <20180924113119.345191209@linuxfoundation.org> (raw)
In-Reply-To: <20180924113113.268650190@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit c77ec61ca0a49544ca81881cc5d5529858f7e196 ]
This patch adds to do sanity check with {sit,nat}_ver_bitmap_bytesize
during mount, in order to avoid accessing across cache boundary with
this abnormal bitmap size.
- Overview
buffer overrun in build_sit_info() when mounting a crafted f2fs image
- Reproduce
- Kernel message
[ 548.580867] F2FS-fs (loop0): Invalid log blocks per segment (8201)
[ 548.580877] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 548.584979] ==================================================================
[ 548.586568] BUG: KASAN: use-after-free in kmemdup+0x36/0x50
[ 548.587715] Read of size 64 at addr ffff8801e9c265ff by task mount/1295
[ 548.589428] CPU: 1 PID: 1295 Comm: mount Not tainted 4.18.0-rc1+ #4
[ 548.589432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 548.589438] Call Trace:
[ 548.589474] dump_stack+0x7b/0xb5
[ 548.589487] print_address_description+0x70/0x290
[ 548.589492] kasan_report+0x291/0x390
[ 548.589496] ? kmemdup+0x36/0x50
[ 548.589509] check_memory_region+0x139/0x190
[ 548.589514] memcpy+0x23/0x50
[ 548.589518] kmemdup+0x36/0x50
[ 548.589545] f2fs_build_segment_manager+0x8fa/0x3410
[ 548.589551] ? __asan_loadN+0xf/0x20
[ 548.589560] ? f2fs_sanity_check_ckpt+0x1be/0x240
[ 548.589566] ? f2fs_flush_sit_entries+0x10c0/0x10c0
[ 548.589587] ? __put_user_ns+0x40/0x40
[ 548.589604] ? find_next_bit+0x57/0x90
[ 548.589610] f2fs_fill_super+0x194b/0x2b40
[ 548.589617] ? f2fs_commit_super+0x1b0/0x1b0
[ 548.589637] ? set_blocksize+0x90/0x140
[ 548.589651] mount_bdev+0x1c5/0x210
[ 548.589655] ? f2fs_commit_super+0x1b0/0x1b0
[ 548.589667] f2fs_mount+0x15/0x20
[ 548.589672] mount_fs+0x60/0x1a0
[ 548.589683] ? alloc_vfsmnt+0x309/0x360
[ 548.589688] vfs_kern_mount+0x6b/0x1a0
[ 548.589699] do_mount+0x34a/0x18c0
[ 548.589710] ? lockref_put_or_lock+0xcf/0x160
[ 548.589716] ? copy_mount_string+0x20/0x20
[ 548.589728] ? memcg_kmem_put_cache+0x1b/0xa0
[ 548.589734] ? kasan_check_write+0x14/0x20
[ 548.589740] ? _copy_from_user+0x6a/0x90
[ 548.589744] ? memdup_user+0x42/0x60
[ 548.589750] ksys_mount+0x83/0xd0
[ 548.589755] __x64_sys_mount+0x67/0x80
[ 548.589781] do_syscall_64+0x78/0x170
[ 548.589797] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 548.589820] RIP: 0033:0x7f76fc331b9a
[ 548.589821] Code: 48 8b 0d 01 c3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ce c2 2b 00 f7 d8 64 89 01 48
[ 548.589880] RSP: 002b:00007ffd4f0a0e48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 548.589890] RAX: ffffffffffffffda RBX: 000000000146c030 RCX: 00007f76fc331b9a
[ 548.589892] RDX: 000000000146c210 RSI: 000000000146df30 RDI: 0000000001474ec0
[ 548.589895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013
[ 548.589897] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 0000000001474ec0
[ 548.589900] R13: 000000000146c210 R14: 0000000000000000 R15: 0000000000000003
[ 548.590242] The buggy address belongs to the page:
[ 548.591243] page:ffffea0007a70980 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 548.592886] flags: 0x2ffff0000000000()
[ 548.593665] raw: 02ffff0000000000 dead000000000100 dead000000000200 0000000000000000
[ 548.595258] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 548.603713] page dumped because: kasan: bad access detected
[ 548.605203] Memory state around the buggy address:
[ 548.606198] ffff8801e9c26480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 548.607676] ffff8801e9c26500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 548.609157] >ffff8801e9c26580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 548.610629] ^
[ 548.612088] ffff8801e9c26600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 548.613674] ffff8801e9c26680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 548.615141] ==================================================================
[ 548.616613] Disabling lock debugging due to kernel taint
[ 548.622871] WARNING: CPU: 1 PID: 1295 at mm/page_alloc.c:4065 __alloc_pages_slowpath+0xe4a/0x1420
[ 548.622878] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd mac_hid i2c_piix4 soundcore ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid1 raid0 multipath linear 8139too crct10dif_pclmul crc32_pclmul qxl drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt fb_sys_fops ttm drm aes_x86_64 crypto_simd cryptd 8139cp glue_helper mii pata_acpi floppy
[ 548.623217] CPU: 1 PID: 1295 Comm: mount Tainted: G B 4.18.0-rc1+ #4
[ 548.623219] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 548.623226] RIP: 0010:__alloc_pages_slowpath+0xe4a/0x1420
[ 548.623227] Code: ff ff 01 89 85 c8 fe ff ff e9 91 fc ff ff 41 89 c5 e9 5c fc ff ff 0f 0b 89 f8 25 ff ff f7 ff 89 85 8c fe ff ff e9 d5 f2 ff ff <0f> 0b e9 65 f2 ff ff 65 8b 05 38 81 d2 47 f6 c4 01 74 1c 65 48 8b
[ 548.623281] RSP: 0018:ffff8801f28c7678 EFLAGS: 00010246
[ 548.623284] RAX: 0000000000000000 RBX: 00000000006040c0 RCX: ffffffffb82f73b7
[ 548.623287] RDX: 1ffff1003e518eeb RSI: 000000000000000c RDI: 0000000000000000
[ 548.623290] RBP: ffff8801f28c7880 R08: 0000000000000000 R09: ffffed0047fff2c5
[ 548.623292] R10: 0000000000000001 R11: ffffed0047fff2c4 R12: ffff8801e88de040
[ 548.623295] R13: 00000000006040c0 R14: 000000000000000c R15: ffff8801f28c7938
[ 548.623299] FS: 00007f76fca51840(0000) GS:ffff8801f6f00000(0000) knlGS:0000000000000000
[ 548.623302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 548.623304] CR2: 00007f19b9171760 CR3: 00000001ed952000 CR4: 00000000000006e0
[ 548.623317] Call Trace:
[ 548.623325] ? kasan_check_read+0x11/0x20
[ 548.623330] ? __zone_watermark_ok+0x92/0x240
[ 548.623336] ? get_page_from_freelist+0x1c3/0x1d90
[ 548.623347] ? _raw_spin_lock_irqsave+0x2a/0x60
[ 548.623353] ? warn_alloc+0x250/0x250
[ 548.623358] ? save_stack+0x46/0xd0
[ 548.623361] ? kasan_kmalloc+0xad/0xe0
[ 548.623366] ? __isolate_free_page+0x2a0/0x2a0
[ 548.623370] ? mount_fs+0x60/0x1a0
[ 548.623374] ? vfs_kern_mount+0x6b/0x1a0
[ 548.623378] ? do_mount+0x34a/0x18c0
[ 548.623383] ? ksys_mount+0x83/0xd0
[ 548.623387] ? __x64_sys_mount+0x67/0x80
[ 548.623391] ? do_syscall_64+0x78/0x170
[ 548.623396] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 548.623401] __alloc_pages_nodemask+0x3c5/0x400
[ 548.623407] ? __alloc_pages_slowpath+0x1420/0x1420
[ 548.623412] ? __mutex_lock_slowpath+0x20/0x20
[ 548.623417] ? kvmalloc_node+0x31/0x80
[ 548.623424] alloc_pages_current+0x75/0x110
[ 548.623436] kmalloc_order+0x24/0x60
[ 548.623442] kmalloc_order_trace+0x24/0xb0
[ 548.623448] __kmalloc_track_caller+0x207/0x220
[ 548.623455] ? f2fs_build_node_manager+0x399/0xbb0
[ 548.623460] kmemdup+0x20/0x50
[ 548.623465] f2fs_build_node_manager+0x399/0xbb0
[ 548.623470] f2fs_fill_super+0x195e/0x2b40
[ 548.623477] ? f2fs_commit_super+0x1b0/0x1b0
[ 548.623481] ? set_blocksize+0x90/0x140
[ 548.623486] mount_bdev+0x1c5/0x210
[ 548.623489] ? f2fs_commit_super+0x1b0/0x1b0
[ 548.623495] f2fs_mount+0x15/0x20
[ 548.623498] mount_fs+0x60/0x1a0
[ 548.623503] ? alloc_vfsmnt+0x309/0x360
[ 548.623508] vfs_kern_mount+0x6b/0x1a0
[ 548.623513] do_mount+0x34a/0x18c0
[ 548.623518] ? lockref_put_or_lock+0xcf/0x160
[ 548.623523] ? copy_mount_string+0x20/0x20
[ 548.623528] ? memcg_kmem_put_cache+0x1b/0xa0
[ 548.623533] ? kasan_check_write+0x14/0x20
[ 548.623537] ? _copy_from_user+0x6a/0x90
[ 548.623542] ? memdup_user+0x42/0x60
[ 548.623547] ksys_mount+0x83/0xd0
[ 548.623552] __x64_sys_mount+0x67/0x80
[ 548.623557] do_syscall_64+0x78/0x170
[ 548.623562] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 548.623566] RIP: 0033:0x7f76fc331b9a
[ 548.623567] Code: 48 8b 0d 01 c3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ce c2 2b 00 f7 d8 64 89 01 48
[ 548.623632] RSP: 002b:00007ffd4f0a0e48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 548.623636] RAX: ffffffffffffffda RBX: 000000000146c030 RCX: 00007f76fc331b9a
[ 548.623639] RDX: 000000000146c210 RSI: 000000000146df30 RDI: 0000000001474ec0
[ 548.623641] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013
[ 548.623643] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 0000000001474ec0
[ 548.623646] R13: 000000000146c210 R14: 0000000000000000 R15: 0000000000000003
[ 548.623650] ---[ end trace 4ce02f25ff7d3df5 ]---
[ 548.623656] F2FS-fs (loop0): Failed to initialize F2FS node manager
[ 548.627936] F2FS-fs (loop0): Invalid log blocks per segment (8201)
[ 548.627940] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 548.635835] F2FS-fs (loop0): Failed to initialize F2FS node manager
- Location
https://elixir.bootlin.com/linux/v4.18-rc1/source/fs/f2fs/segment.c#L3578
sit_i->sit_bitmap = kmemdup(src_bitmap, bitmap_size, GFP_KERNEL);
Buffer overrun happens when doing memcpy. I suspect there is missing (inconsistent) checks on bitmap_size.
Reported by Wen Xu (wen.xu@gatech.edu) from SSLab, Gatech.
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -933,12 +933,17 @@ static int sanity_check_ckpt(struct f2fs
struct f2fs_super_block *raw_super = F2FS_RAW_SUPER(sbi);
struct f2fs_checkpoint *ckpt = F2FS_CKPT(sbi);
unsigned int main_segs, blocks_per_seg;
+ unsigned int sit_segs, nat_segs;
+ unsigned int sit_bitmap_size, nat_bitmap_size;
+ unsigned int log_blocks_per_seg;
int i;
total = le32_to_cpu(raw_super->segment_count);
fsmeta = le32_to_cpu(raw_super->segment_count_ckpt);
- fsmeta += le32_to_cpu(raw_super->segment_count_sit);
- fsmeta += le32_to_cpu(raw_super->segment_count_nat);
+ sit_segs = le32_to_cpu(raw_super->segment_count_sit);
+ fsmeta += sit_segs;
+ nat_segs = le32_to_cpu(raw_super->segment_count_nat);
+ fsmeta += nat_segs;
fsmeta += le32_to_cpu(ckpt->rsvd_segment_count);
fsmeta += le32_to_cpu(raw_super->segment_count_ssa);
@@ -959,6 +964,18 @@ static int sanity_check_ckpt(struct f2fs
return 1;
}
+ sit_bitmap_size = le32_to_cpu(ckpt->sit_ver_bitmap_bytesize);
+ nat_bitmap_size = le32_to_cpu(ckpt->nat_ver_bitmap_bytesize);
+ log_blocks_per_seg = le32_to_cpu(raw_super->log_blocks_per_seg);
+
+ if (sit_bitmap_size != ((sit_segs / 2) << log_blocks_per_seg) / 8 ||
+ nat_bitmap_size != ((nat_segs / 2) << log_blocks_per_seg) / 8) {
+ f2fs_msg(sbi->sb, KERN_ERR,
+ "Wrong bitmap size: sit: %u, nat:%u",
+ sit_bitmap_size, nat_bitmap_size);
+ return 1;
+ }
+
if (unlikely(f2fs_cp_error(sbi))) {
f2fs_msg(sbi->sb, KERN_ERR, "A bug case: need to run fsck");
return 1;
next prev parent reply other threads:[~2018-09-24 11:40 UTC|newest]
Thread overview: 121+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-24 11:32 [PATCH 3.18 000/105] 3.18.123-stable review Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 001/105] cifs: check if SMB2 PDU size has been padded and suppress the warning Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 002/105] hfsplus: dont return 0 when fill_super() failed Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 003/105] hfs: prevent crash on exit from failed search Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 004/105] fork: dont copy inconsistent signal handler state to child Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 005/105] reiserfs: change j_timestamp type to time64_t Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 006/105] fat: validate ->i_start before using Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 007/105] scripts: modpost: check memory allocation results Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 008/105] mm/fadvise.c: fix signed overflow UBSAN complaint Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 009/105] ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 010/105] mfd: sm501: Set coherent_dma_mask when creating subdevices Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 011/105] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 012/105] net/9p: fix error path of p9_virtio_probe Greg Kroah-Hartman
2018-09-24 11:32 ` [PATCH 3.18 013/105] powerpc: Fix size calculation using resource_size() Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 014/105] s390/dasd: fix hanging offline processing due to canceled worker Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 015/105] scsi: aic94xx: fix an error code in aic94xx_init() Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 016/105] PCI: mvebu: Fix I/O space end address calculation Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 017/105] dm kcopyd: avoid softlockup in run_complete_job Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 018/105] staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 019/105] selftests/powerpc: Kill child processes on SIGINT Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 020/105] smb3: fix reset of bytes read and written stats Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 021/105] SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 022/105] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 023/105] btrfs: replace: Reset on-disk dev stats value after replace Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 024/105] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 025/105] btrfs: Dont remove block group that still has pinned down bytes Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 026/105] debugobjects: Make stack check warning more informative Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 027/105] kbuild: make missing $DEPMOD a Warning instead of an Error Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 028/105] irda: Fix memory leak caused by repeated binds of irda socket Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 029/105] irda: Only insert new objects into the global database via setsockopt Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 030/105] enic: do not call enic_change_mtu in enic_probe Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 031/105] Fixes: Commit 86af955d02bb ("mm: numa: avoid waiting on freed migrated pages") Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 032/105] ASoC: wm8994: Fix missing break in switch Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 033/105] i2c: xiic: Make the start and the byte count write atomic Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 034/105] cfq: Give a chance for arming slice idle timer in case of group_idle Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 035/105] kthread: Fix use-after-free if kthread fork fails Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 036/105] kthread: fix boot hang (regression) on MIPS/OpenRISC Greg Kroah-Hartman
2018-09-24 11:33 ` [OpenRISC] " Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 037/105] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 038/105] staging/rts5208: Fix read overflow in memcpy Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 039/105] Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 040/105] scsi: target: fix __transport_register_session locking Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 041/105] md/raid5: fix data corruption of replacements after originals dropped Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 042/105] uio: potential double frees if __uio_register_device() fails Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 043/105] tty: rocket: Fix possible buffer overwrite on register_PCI Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 044/105] macintosh/via-pmu: Add missing mmio accessors Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 045/105] ath10k: prevent active scans on potential unusable channels Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 046/105] MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 047/105] ata: libahci: Correct setting of DEVSLP register Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 048/105] scsi: 3ware: fix return 0 on the error path of probe Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 049/105] Bluetooth: hidp: Fix handling of strncpy for hid->name information Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 050/105] x86/mm: Remove in_nmi() warning from vmalloc_fault() Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 051/105] gpio: ml-ioh: Fix buffer underwrite on probe error path Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 052/105] net: mvneta: fix mtu change on port without link Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 053/105] net: dcb: For wild-card lookups, use priority -1, not 0 Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 054/105] partitions/aix: append null character to print data from disk Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 055/105] partitions/aix: fix usage of uninitialized lv_info and lvname structures Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 056/105] mfd: ti_am335x_tscadc: Fix struct clk memory leak Greg Kroah-Hartman
2018-09-24 11:33 ` Greg Kroah-Hartman [this message]
2018-09-24 11:33 ` [PATCH 3.18 058/105] MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 059/105] xhci: Fix use-after-free in xhci_free_virt_device Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 060/105] netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 061/105] mm: get rid of vmacache_flush_all() entirely Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 062/105] ALSA: msnd: Fix the default sample sizes Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 063/105] ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 064/105] xfrm: fix passing zero to ERR_PTR() warning Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 065/105] gfs2: Special-case rindex for gfs2_grow Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 066/105] MIPS: ath79: fix system restart Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 067/105] mtd/maps: fix solutionengine.c printk format warnings Greg Kroah-Hartman
2018-09-24 11:33 ` Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 068/105] fbdev: omapfb: off by one in omapfb_register_client() Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 069/105] video: goldfishfb: fix memory leak on driver remove Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 070/105] fbdev/via: fix defined but not used warning Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 071/105] perf powerpc: Fix callchain ip filtering when return address is in a register Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 072/105] fbdev: Distinguish between interlaced and progressive modes Greg Kroah-Hartman
2018-09-24 11:33 ` [PATCH 3.18 073/105] perf powerpc: Fix callchain ip filtering Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 074/105] powerpc/powernv: opal_put_chars partial write fix Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 075/105] mac80211: restrict delayed tailroom needed decrement Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 076/105] s390/qeth: fix race in used-buffer accounting Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 077/105] s390/qeth: reset layer2 attribute on layer switch Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 078/105] platform/x86: toshiba_acpi: Fix defined but not used build warnings Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 079/105] RDMA/cma: Protect cma dev list with lock Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 080/105] pstore: Fix incorrect persistent ram buffer mapping Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 081/105] xen/netfront: fix waiting for xenbus state change Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 082/105] IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 083/105] Tools: hv: Fix a bug in the key delete code Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 084/105] usb: Dont die twice if PCI xhci host is not responding in resume Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 085/105] USB: Add quirk to support DJI CineSSD Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 086/105] usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 087/105] usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 088/105] USB: serial: io_ti: fix array underflow in completion handler Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 089/105] usb: misc: uss720: Fix two sleep-in-atomic-context bugs Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 090/105] USB: yurex: Fix buffer over-read in yurex_write() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 091/105] usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 092/105] cifs: prevent integer overflow in nxt_dir_entry() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 093/105] CIFS: fix wrapping bugs in num_entries() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 094/105] binfmt_elf: Respect error return from `regset->active Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 095/105] audit: fix use-after-free in audit_add_watch Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 096/105] mtdchar: fix overflows in adjustment of `count` Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 097/105] MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 098/105] ARM: hisi: handle of_iomap and fix missing of_node_put Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 099/105] ARM: hisi: check " Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 100/105] parport: sunbpp: fix error return code Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 101/105] rtc: bq4802: add error handling for devm_ioremap Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 102/105] ALSA: pcm: Fix snd_interval_refine first/last with open min/max Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 103/105] drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Greg Kroah-Hartman
2018-09-24 11:34 ` [PATCH 3.18 104/105] IB/nes: Fix a compiler warning Greg Kroah-Hartman
2018-09-24 16:38 ` Joe Perches
2018-09-24 17:59 ` Greg Kroah-Hartman
2018-09-24 18:03 ` Joe Perches
2018-09-24 18:40 ` Greg Kroah-Hartman
2018-09-24 22:39 ` Sasha Levin
2018-09-25 5:45 ` Joe Perches
2018-09-25 8:55 ` Greg Kroah-Hartman
2018-09-25 11:11 ` Joe Perches
2018-09-25 11:32 ` Greg Kroah-Hartman
2018-09-25 11:38 ` Joe Perches
2018-09-24 11:34 ` [PATCH 3.18 105/105] USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Greg Kroah-Hartman
2018-09-24 22:13 ` [PATCH 3.18 000/105] 3.18.123-stable review Shuah Khan
2018-09-25 20:38 ` Guenter Roeck
2018-09-25 20:40 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180924113119.345191209@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=jaegeuk@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=wen.xu@gatech.edu \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.