* Request for review for 4.4-st78, 4.4-cip113
@ 2026-07-07 13:50 Ulrich Hecht
2026-07-13 10:37 ` Pavel Machek
2026-07-14 6:43 ` nobuhiro.iwamatsu.x90
0 siblings, 2 replies; 4+ messages in thread
From: Ulrich Hecht @ 2026-07-07 13:50 UTC (permalink / raw)
To: cip-dev@lists.cip-project.org, pavel@nabladev.com,
nobuhiro.iwamatsu.x90@mail.toshiba
Hi!
Here are the manual backports for the upcoming 4.4 kernel release. As always they can be found in https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-4.4.y-st-rc
6fc536e081b4e cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
a70db8dc8aa2d bcache: fix cached_dev.sb_bio use-after-free and crash
d6dc394717b9d can: mcp251x: add error handling for power enable in open and resume
270f518e2aab7 batman-adv: tt: fix negative tt_buff_len
b9d56f0fa7881 batman-adv: tt: fix negative last_changeset_len
2ea84dbb4204d batman-adv: frag: disallow unicast fragment in fragment
3075eb7fe5a6a batman-adv: fix fragment reassembly length accounting
5c81177e39927 batman-adv: clear current gateway during teardown
516397de58548 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
2c14f681cb8ca netfilter: nf_conntrack_sip: don't use simple_strtoul
a177703144795 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
90d4b856cc573 netfilter: conntrack: remove sprintf usage
a5e1c4172bf7b sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
a4e3e33596f1b HID: usbhid: fix deadlock in hid_post_reset()
b2df99543367b ALSA: core: Validate compress device numbers without dynamic minors
a856ea763a0c8 batman-adv: bla: put backbone reference on failed claim hash insert
420d73ca52ee2 batman-adv: bla: only purge non-released claims
283a66b993a78 batman-adv: bla: prevent use-after-free when deleting claims
1f1f946bac592 power: supply: max17042: avoid overflow when determining health
0bd353e476ab2 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
e27540595d282 md/raid5: fix soft lockup in retry_aligned_read()
16b4cbdf426d7 lib/ts_kmp: fix integer overflow in pattern length calculation
f03a0d998b054 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
7d2c7f0155186 gfs2: Validate i_depth for exhash directories
06c757446f45d rxrpc: reject undecryptable rxkad response tickets
f842b70abca24 wifi: brcmfmac: validate bsscfg indices in IF events
Thanks for having a look!
CU
Uli
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Request for review for 4.4-st78, 4.4-cip113
2026-07-07 13:50 Request for review for 4.4-st78, 4.4-cip113 Ulrich Hecht
@ 2026-07-13 10:37 ` Pavel Machek
2026-07-14 20:47 ` [cip-dev] " Ulrich Hecht
2026-07-14 6:43 ` nobuhiro.iwamatsu.x90
1 sibling, 1 reply; 4+ messages in thread
From: Pavel Machek @ 2026-07-13 10:37 UTC (permalink / raw)
To: Ulrich Hecht
Cc: cip-dev@lists.cip-project.org, pavel@nabladev.com,
nobuhiro.iwamatsu.x90@mail.toshiba
[-- Attachment #1: Type: text/plain, Size: 3102 bytes --]
Hi!
>
> Here are the manual backports for the upcoming 4.4 kernel release. As always they can be found in https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-4.4.y-st-rc
>
For now, I have not checked the batman-adv stuff. Two comments below.
a > 6fc536e081b4e cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
a > a70db8dc8aa2d bcache: fix cached_dev.sb_bio use-after-free and crash
a operation order in error handling does not match initialization > d6dc394717b9d can: mcp251x: add error handling for power enable in open and resume
> 270f518e2aab7 batman-adv: tt: fix negative tt_buff_len
> b9d56f0fa7881 batman-adv: tt: fix negative last_changeset_len
> 2ea84dbb4204d batman-adv: frag: disallow unicast fragment in fragment
> 3075eb7fe5a6a batman-adv: fix fragment reassembly length accounting
> 5c81177e39927 batman-adv: clear current gateway during teardown
a > 516397de58548 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
a introduces stricter parsing > 2c14f681cb8ca netfilter: nf_conntrack_sip: don't use simple_strtoul
a > a177703144795 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
a > 90d4b856cc573 netfilter: conntrack: remove sprintf usage
a > a5e1c4172bf7b sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
a just a robustness against fairly interesting device > a4e3e33596f1b HID: usbhid: fix deadlock in hid_post_reset()
a also removes a comment > b2df99543367b ALSA: core: Validate compress device numbers without dynamic minors
> a856ea763a0c8 batman-adv: bla: put backbone reference on failed claim hash insert
> 420d73ca52ee2 batman-adv: bla: only purge non-released claims
> 283a66b993a78 batman-adv: bla: prevent use-after-free when deleting claims
a just a fix for unusual dts > 1f1f946bac592 power: supply: max17042: avoid overflow when determining health
! no dec in munmap? , c/e, will we now have framebuffer refusing resize? > 0bd353e476ab2 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
I don't see how this works. mmap_count is increased in mmap, but I
don't see corresponding decrease in munmap.
a > e27540595d282 md/raid5: fix soft lockup in retry_aligned_read()
! check_mul_overflow -- is it generic for all types? does sizeof > return size_t?...? > 16b4cbdf426d7 lib/ts_kmp: fix integer overflow in pattern length calculation
+ unsigned int prefix_tbl_len;
+ if (unlikely(check_mul_overflow(len, sizeof(*kmp->prefix_tbl),
+ &prefix_tbl_len) ||
AFAICT sizeof returns size_t, so I'd be much if prefix_tbl_len was
size_t, too.
a just clang fortify workaround > f03a0d998b054 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
a > 7d2c7f0155186 gfs2: Validate i_depth for exhash directories
a > 06c757446f45d rxrpc: reject undecryptable rxkad response tickets
a > f842b70abca24 wifi: brcmfmac: validate bsscfg indices in IF events
>
Reviewed-by: Pavel Machek <pavel@nabladev.com>
Best regards,
Pavel
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Request for review for 4.4-st78, 4.4-cip113
2026-07-07 13:50 Request for review for 4.4-st78, 4.4-cip113 Ulrich Hecht
2026-07-13 10:37 ` Pavel Machek
@ 2026-07-14 6:43 ` nobuhiro.iwamatsu.x90
1 sibling, 0 replies; 4+ messages in thread
From: nobuhiro.iwamatsu.x90 @ 2026-07-14 6:43 UTC (permalink / raw)
To: uli, cip-dev, pavel
Hi Ulrich,
Thanks for your update.
> -----Original Message-----
> From: Ulrich Hecht <uli@fpond.eu>
> Sent: Tuesday, July 7, 2026 10:51 PM
> To: cip-dev@lists.cip-project.org; pavel@nabladev.com; iwamatsu nobuhiro(岩
> 松 信洋 □DITC○CPT) <nobuhiro.iwamatsu.x90@mail.toshiba>
> Subject: Request for review for 4.4-st78, 4.4-cip113
>
> Hi!
>
> Here are the manual backports for the upcoming 4.4 kernel release. As always
> they can be found in
> https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linu
> x-4.4.y-st-rc
>
> 6fc536e081b4e cdrom, scsi: sr: propagate read-only status to block layer via
> set_disk_ro() a70db8dc8aa2d bcache: fix cached_dev.sb_bio use-after-free
> and crash d6dc394717b9d can: mcp251x: add error handling for power enable
> in open and resume
> 270f518e2aab7 batman-adv: tt: fix negative tt_buff_len
> b9d56f0fa7881 batman-adv: tt: fix negative last_changeset_len
> 2ea84dbb4204d batman-adv: frag: disallow unicast fragment in fragment
> 3075eb7fe5a6a batman-adv: fix fragment reassembly length accounting
> 5c81177e39927 batman-adv: clear current gateway during teardown
> 516397de58548 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
> 2c14f681cb8ca netfilter: nf_conntrack_sip: don't use simple_strtoul
> a177703144795 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
> 90d4b856cc573 netfilter: conntrack: remove sprintf usage a5e1c4172bf7b sctp:
> fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
> a4e3e33596f1b HID: usbhid: fix deadlock in hid_post_reset() b2df99543367b
> ALSA: core: Validate compress device numbers without dynamic minors
> a856ea763a0c8 batman-adv: bla: put backbone reference on failed claim hash
> insert
> 420d73ca52ee2 batman-adv: bla: only purge non-released claims
> 283a66b993a78 batman-adv: bla: prevent use-after-free when deleting claims
> 1f1f946bac592 power: supply: max17042: avoid overflow when determining
> health
> 0bd353e476ab2 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent
> use-after-free
> e27540595d282 md/raid5: fix soft lockup in retry_aligned_read()
> 16b4cbdf426d7 lib/ts_kmp: fix integer overflow in pattern length calculation
> f03a0d998b054 ALSA: control: Validate buf_len before strnlen() in
> snd_ctl_elem_init_enum_names()
> 7d2c7f0155186 gfs2: Validate i_depth for exhash directories 06c757446f45d
> rxrpc: reject undecryptable rxkad response tickets
> f842b70abca24 wifi: brcmfmac: validate bsscfg indices in IF events
>
> Thanks for having a look!
I reviewed this series, There doesn't seem to be issue.
Reviewed-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.x90@mail.toshiba>
>
> CU
> Uli
Best regards,
Nobuhiro
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [cip-dev] Request for review for 4.4-st78, 4.4-cip113
2026-07-13 10:37 ` Pavel Machek
@ 2026-07-14 20:47 ` Ulrich Hecht
0 siblings, 0 replies; 4+ messages in thread
From: Ulrich Hecht @ 2026-07-14 20:47 UTC (permalink / raw)
To: pavel; +Cc: cip-dev@lists.cip-project.org, nobuhiro.iwamatsu.x90@mail.toshiba
Hi!
Thanks for the reviews.
> On 07/13/2026 12:37 PM CEST Pavel Machek via lists.cip-project.org <pavel=nabladev.com@lists.cip-project.org> wrote:
> For now, I have not checked the batman-adv stuff. Two comments below.
[...]
> ! no dec in munmap? , c/e, will we now have framebuffer refusing resize? > 0bd353e476ab2 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
>
> I don't see how this works. mmap_count is increased in mmap, but I
> don't see corresponding decrease in munmap.
Yup, same issue in mainline, it seems. I'll drop it.
> a > e27540595d282 md/raid5: fix soft lockup in retry_aligned_read()
> ! check_mul_overflow -- is it generic for all types? does sizeof > return size_t?...? > 16b4cbdf426d7 lib/ts_kmp: fix integer overflow in pattern length calculation
>
> + unsigned int prefix_tbl_len;
> + if (unlikely(check_mul_overflow(len, sizeof(*kmp->prefix_tbl),
> + &prefix_tbl_len) ||
>
> AFAICT sizeof returns size_t, so I'd be much if prefix_tbl_len was
> size_t, too.
Fair enough, but that's how it is in mainline, and unless there is something actually broken I'd prefer to keep it that way to avoid conflicts with future patches.
CU
Uli
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-07-14 20:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-07 13:50 Request for review for 4.4-st78, 4.4-cip113 Ulrich Hecht
2026-07-13 10:37 ` Pavel Machek
2026-07-14 20:47 ` [cip-dev] " Ulrich Hecht
2026-07-14 6:43 ` nobuhiro.iwamatsu.x90
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox