From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Hawkins Jiawei <yin31149@gmail.com>,
Anton Altaparmakov <anton@tuxera.com>,
ChenXiaoSong <chenxiaosong2@huawei.com>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 5.15 179/181] ntfs: fix use-after-free in ntfs_attr_find()
Date: Wed, 23 Nov 2022 09:52:22 +0100 [thread overview]
Message-ID: <20221123084610.094442919@linuxfoundation.org> (raw)
In-Reply-To: <20221123084602.707860461@linuxfoundation.org>
From: Hawkins Jiawei <yin31149@gmail.com>
commit d85a1bec8e8d552ab13163ca1874dcd82f3d1550 upstream.
Patch series "ntfs: fix bugs about Attribute", v2.
This patchset fixes three bugs relative to Attribute in record:
Patch 1 adds a sanity check to ensure that, attrs_offset field in first
mft record loading from disk is within bounds.
Patch 2 moves the ATTR_RECORD's bounds checking earlier, to avoid
dereferencing ATTR_RECORD before checking this ATTR_RECORD is within
bounds.
Patch 3 adds an overflow checking to avoid possible forever loop in
ntfs_attr_find().
Without patch 1 and patch 2, the kernel triggersa KASAN use-after-free
detection as reported by Syzkaller.
Although one of patch 1 or patch 2 can fix this, we still need both of
them. Because patch 1 fixes the root cause, and patch 2 not only fixes
the direct cause, but also fixes the potential out-of-bounds bug.
This patch (of 3):
Syzkaller reported use-after-free read as follows:
==================================================================
BUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
Read of size 2 at addr ffff88807e352009 by task syz-executor153/3607
[...]
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
ntfs_attr_lookup+0x1056/0x2070 fs/ntfs/attrib.c:1193
ntfs_read_inode_mount+0x89a/0x2580 fs/ntfs/inode.c:1845
ntfs_fill_super+0x1799/0x9320 fs/ntfs/super.c:2854
mount_bdev+0x34d/0x410 fs/super.c:1400
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1530
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1326/0x1e20 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
</TASK>
The buggy address belongs to the physical page:
page:ffffea0001f8d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e350
head:ffffea0001f8d400 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011842140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88807e351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88807e351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88807e352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88807e352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88807e352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Kernel will loads $MFT/$DATA's first mft record in
ntfs_read_inode_mount().
Yet the problem is that after loading, kernel doesn't check whether
attrs_offset field is a valid value.
To be more specific, if attrs_offset field is larger than bytes_allocated
field, then it may trigger the out-of-bounds read bug(reported as
use-after-free bug) in ntfs_attr_find(), when kernel tries to access the
corresponding mft record's attribute.
This patch solves it by adding the sanity check between attrs_offset field
and bytes_allocated field, after loading the first mft record.
Link: https://lkml.kernel.org/r/20220831160935.3409-1-yin31149@gmail.com
Link: https://lkml.kernel.org/r/20220831160935.3409-2-yin31149@gmail.com
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: ChenXiaoSong <chenxiaosong2@huawei.com>
Cc: syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -1829,6 +1829,13 @@ int ntfs_read_inode_mount(struct inode *
goto err_out;
}
+ /* Sanity check offset to the first attribute */
+ if (le16_to_cpu(m->attrs_offset) >= le32_to_cpu(m->bytes_allocated)) {
+ ntfs_error(sb, "Incorrect mft offset to the first attribute %u in superblock.",
+ le16_to_cpu(m->attrs_offset));
+ goto err_out;
+ }
+
/* Need this to sanity check attribute list references to $MFT. */
vi->i_generation = ni->seq_no = le16_to_cpu(m->sequence_number);
next prev parent reply other threads:[~2022-11-23 9:38 UTC|newest]
Thread overview: 189+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-23 8:49 [PATCH 5.15 000/181] 5.15.80-rc1 review Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 001/181] mm: hwpoison: refactor refcount check handling Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 002/181] mm: hwpoison: handle non-anonymous THP correctly Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 003/181] mm: shmem: dont truncate page if memory failure happens Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 004/181] ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 005/181] ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 006/181] ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 007/181] ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 008/181] ASoC: rt1019: Fix the TDM settings Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 009/181] ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 010/181] spi: intel: Fix the offset to get the 64K erase opcode Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 011/181] ASoC: codecs: jz4725b: add missed Line In power control bit Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 012/181] ASoC: codecs: jz4725b: fix reported volume for Master ctl Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 013/181] ASoC: codecs: jz4725b: use right control for Capture Volume Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 014/181] ASoC: codecs: jz4725b: fix capture selector naming Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 015/181] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 016/181] selftests/futex: fix build for clang Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 017/181] selftests/intel_pstate: fix build for ARCH=x86_64 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 018/181] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 019/181] ASoC: rt1308-sdw: add the default value of some registers Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 020/181] drm/amd/display: Remove wrong pipe control lock Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 021/181] ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 022/181] RDMA/efa: Add EFA 0xefa2 PCI ID Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 023/181] btrfs: raid56: properly handle the error when unable to find the missing stripe Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 024/181] NFSv4: Retry LOCK on OLD_STATEID during delegation return Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 025/181] ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 026/181] firmware: arm_scmi: Cleanup the core driver removal callback Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 027/181] i2c: tegra: Allocate DMA memory for DMA engine Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 028/181] i2c: i801: add lis3lv02ds I2C address for Vostro 5568 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 029/181] drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 030/181] btrfs: remove pointless and double ulist frees in error paths of qgroup tests Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 031/181] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 032/181] x86/cpu: Add several Intel server CPU model numbers Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 033/181] ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 034/181] mtd: spi-nor: intel-spi: Disable write protection only if asked Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 035/181] spi: intel: Use correct mask for flash and protected regions Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 036/181] KVM: x86/pmu: Do not speculatively query Intel GP PMCs that dont exist yet Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 037/181] hugetlbfs: dont delete error page from pagecache Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 038/181] arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 039/181] arm64: dts: qcom: sm8150-xperia-kumano: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 040/181] arm64: dts: qcom: sm8250-xperia-edo: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 041/181] arm64: dts: qcom: sm8350-hdk: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 042/181] spi: stm32: Print summary callbacks suppressed message Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 043/181] ARM: dts: at91: sama7g5: fix signal name of pin PB2 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 044/181] ASoC: core: Fix use-after-free in snd_soc_exit() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 045/181] ASoC: tas2770: Fix set_tdm_slot in case of single slot Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 046/181] ASoC: tas2764: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 047/181] ARM: at91: pm: avoid soft resetting AC DLL Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 048/181] serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 049/181] serial: 8250_omap: remove wait loop from Errata i202 workaround Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 050/181] serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 051/181] serial: 8250: omap: Flush PM QOS work on remove Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 052/181] serial: imx: Add missing .thaw_noirq hook Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 053/181] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 054/181] bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 055/181] ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 056/181] pinctrl: rockchip: list all pins in a possible mux route for PX30 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 057/181] scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 058/181] block: sed-opal: kmalloc the cmd/resp buffers Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 059/181] bpf: Fix memory leaks in __check_func_call Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 060/181] arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 061/181] siox: fix possible memory leak in siox_device_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 062/181] parport_pc: Avoid FIFO port location truncation Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 063/181] pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 064/181] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 065/181] drm/panel: simple: set bpc field for logic technologies displays Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 066/181] drm/drv: Fix potential memory leak in drm_dev_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 067/181] drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 068/181] ARM: dts: imx7: Fix NAND controller size-cells Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 069/181] arm64: dts: imx8mm: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 070/181] arm64: dts: imx8mn: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 071/181] ata: libata-transport: fix double ata_host_put() in ata_tport_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 072/181] ata: libata-transport: fix error handling " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 073/181] ata: libata-transport: fix error handling in ata_tlink_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 074/181] ata: libata-transport: fix error handling in ata_tdev_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 075/181] nfp: change eeprom length to max length enumerators Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 076/181] MIPS: fix duplicate definitions for exported symbols Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 077/181] MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 078/181] bpf: Initialize same number of free nodes for each pcpu_freelist Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 079/181] net: bgmac: Drop free_netdev() from bgmac_enet_remove() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 080/181] mISDN: fix possible memory leak in mISDN_dsp_element_register() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 081/181] net: hinic: Fix error handling in hinic_module_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 082/181] net: stmmac: ensure tx function is not running in stmmac_xdp_release() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 083/181] soc: imx8m: Enable OCOTP clock before reading the register Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 084/181] net: liquidio: release resources when liquidio driver open failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 085/181] mISDN: fix misuse of put_device() in mISDN_register_device() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 086/181] net: macvlan: Use built-in RCU list checking Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 087/181] net: caif: fix double disconnect client in chnl_net_open() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 088/181] bnxt_en: Remove debugfs when pci_register_driver failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 089/181] net: mhi: Fix memory leak in mhi_net_dellink() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 090/181] net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 091/181] xen/pcpu: fix possible memory leak in register_pcpu() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 092/181] net: ionic: Fix error handling in ionic_init_module() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 093/181] net: ena: Fix error handling in ena_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 094/181] net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 095/181] bridge: switchdev: Fix memory leaks when changing VLAN protocol Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 096/181] drbd: use after free in drbd_create_device() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 097/181] platform/x86/intel: pmc: Dont unconditionally attach Intel PMC when virtualized Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 098/181] platform/surface: aggregator: Do not check for repeated unsequenced packets Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 099/181] cifs: add check for returning value of SMB2_close_init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 100/181] net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 101/181] net/x25: Fix skb leak in x25_lapb_receive_frame() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 102/181] cifs: Fix wrong return value checking when GETFLAGS Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 103/181] net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 104/181] net: thunderbolt: Fix error handling in tbnet_init() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 105/181] cifs: add check for returning value of SMB2_set_info_init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 106/181] ftrace: Fix the possible incorrect kernel message Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 107/181] ftrace: Optimize the allocation for mcount entries Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 108/181] ftrace: Fix null pointer dereference in ftrace_add_mod() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 109/181] ring_buffer: Do not deactivate non-existant pages Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 110/181] tracing: Fix memory leak in tracing_read_pipe() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 111/181] tracing/ring-buffer: Have polling block on watermark Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 112/181] tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 113/181] tracing: Fix wild-memory-access in register_synth_event() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 114/181] tracing: Fix race where eprobes can be called before the event Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 115/181] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 116/181] tracing: kprobe: Fix potential null-ptr-deref on trace_array " Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 117/181] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 118/181] ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 119/181] ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 120/181] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 121/181] Revert "usb: dwc3: disable USB core PHY management" Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 122/181] slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 123/181] slimbus: stream: correct presence rate frequencies Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 124/181] speakup: fix a segfault caused by switching consoles Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 125/181] USB: bcma: Make GPIO explicitly optional Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 126/181] USB: serial: option: add Sierra Wireless EM9191 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 127/181] USB: serial: option: remove old LARA-R6 PID Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 128/181] USB: serial: option: add u-blox LARA-R6 00B modem Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 129/181] USB: serial: option: add u-blox LARA-L6 modem Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 130/181] USB: serial: option: add Fibocom FM160 0x0111 composition Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 131/181] usb: add NO_LPM quirk for Realforce 87U Keyboard Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 132/181] usb: chipidea: fix deadlock in ci_otg_del_timer Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 133/181] usb: cdns3: host: fix endless superspeed hub port reset Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 134/181] usb: typec: mux: Enter safe mode only when pins need to be reconfigured Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 135/181] iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 136/181] iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 137/181] iio: adc: mp2629: fix wrong comparison of channel Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 138/181] iio: adc: mp2629: fix potential array out of bound access Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 139/181] iio: pressure: ms5611: changed hardcoded SPI speed to value limited Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 140/181] dm ioctl: fix misbehavior if list_versions races with module loading Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 141/181] serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 142/181] serial: 8250: Flush DMA Rx on RLSI Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 143/181] serial: 8250_lpss: Configure DMA also w/o DMA filter Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 144/181] Input: iforce - invert valid length check when fetching device IDs Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 145/181] maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 146/181] net: phy: marvell: add sleep time after enabling the loopback bit Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 147/181] scsi: zfcp: Fix double free of FSF request when qdio send fails Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 148/181] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 149/181] iommu/vt-d: Set SRE bit only when hardware has SRS cap Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 150/181] firmware: coreboot: Register bus in module init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 151/181] mmc: core: properly select voltage range without power cycle Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 152/181] mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 153/181] mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 154/181] docs: update mediator contact information in CoC doc Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 155/181] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 156/181] perf/x86/intel/pt: Fix sampling using single range output Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 157/181] nvme: restrict management ioctls to admin Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 158/181] nvme: ensure subsystem reset is single threaded Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 159/181] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 160/181] perf: Improve missing SIGTRAP checking Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 161/181] ring-buffer: Include dropped pages in counting dirty patches Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 162/181] tracing: Fix warning on variable struct trace_array Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 163/181] net: use struct_group to copy ip/ipv6 header addresses Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 164/181] scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 165/181] scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 166/181] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 167/181] Input: i8042 - fix leaking of platform device on module removal Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 168/181] macvlan: enforce a consistent minimal mtu Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 169/181] tcp: cdg: allow tcp_cdg_release() to be called multiple times Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 170/181] kcm: avoid potential race in kcm_tx_work Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 171/181] kcm: close race conditions on sk_receive_queue Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 172/181] 9p: trans_fd/p9_conn_cancel: drop client lock earlier Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 173/181] gfs2: Check sb_bsize_shift after reading superblock Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 174/181] gfs2: Switch from strlcpy to strscpy Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 175/181] 9p/trans_fd: always use O_NONBLOCK read/write Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 176/181] wifi: wext: use flex array destination for memcpy() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 177/181] mm: fs: initialize fsdata passed to write_begin/write_end interface Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 178/181] net/9p: use a dedicated spinlock for trans_fd Greg Kroah-Hartman
2022-11-23 8:52 ` Greg Kroah-Hartman [this message]
2022-11-23 8:52 ` [PATCH 5.15 180/181] ntfs: fix out-of-bounds read in ntfs_attr_find() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 181/181] ntfs: check overflow when iterating ATTR_RECORDs Greg Kroah-Hartman
2022-11-23 15:27 ` [PATCH 5.15 000/181] 5.15.80-rc1 review Jon Hunter
2022-11-23 17:02 ` Guenter Roeck
2022-11-24 2:38 ` Guenter Roeck
2022-11-24 3:54 ` Bagas Sanjaya
2022-11-24 7:34 ` Ron Economos
2022-11-24 8:54 ` Naresh Kamboju
2022-11-24 10:50 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221123084610.094442919@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=anton@tuxera.com \
--cc=chenxiaosong2@huawei.com \
--cc=dan.carpenter@oracle.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yin31149@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.