From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
"chenxiaosong (A)" <chenxiaosong2@huawei.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Hawkins Jiawei <yin31149@gmail.com>,
syzbot+5f8dcabe4a3b2c51c607@syzkaller.appspotmail.com,
Anton Altaparmakov <anton@tuxera.com>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 5.15 180/181] ntfs: fix out-of-bounds read in ntfs_attr_find()
Date: Wed, 23 Nov 2022 09:52:23 +0100 [thread overview]
Message-ID: <20221123084610.135604067@linuxfoundation.org> (raw)
In-Reply-To: <20221123084602.707860461@linuxfoundation.org>
From: Hawkins Jiawei <yin31149@gmail.com>
commit 36a4d82dddbbd421d2b8e79e1cab68c8126d5075 upstream.
Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). To
ensure access on these ATTR_RECORDs are within bounds, kernel will do some
checking during iteration.
The problem is that during checking whether ATTR_RECORD's name is within
bounds, kernel will dereferences the ATTR_RECORD name_offset field, before
checking this ATTR_RECORD strcture is within bounds. This problem may
result out-of-bounds read in ntfs_attr_find(), reported by Syzkaller:
==================================================================
BUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
Read of size 2 at addr ffff88807e352009 by task syz-executor153/3607
[...]
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
ntfs_attr_lookup+0x1056/0x2070 fs/ntfs/attrib.c:1193
ntfs_read_inode_mount+0x89a/0x2580 fs/ntfs/inode.c:1845
ntfs_fill_super+0x1799/0x9320 fs/ntfs/super.c:2854
mount_bdev+0x34d/0x410 fs/super.c:1400
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1530
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1326/0x1e20 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
</TASK>
The buggy address belongs to the physical page:
page:ffffea0001f8d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e350
head:ffffea0001f8d400 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011842140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88807e351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88807e351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88807e352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88807e352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88807e352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
This patch solves it by moving the ATTR_RECORD strcture's bounds checking
earlier, then checking whether ATTR_RECORD's name is within bounds.
What's more, this patch also add some comments to improve its
maintainability.
Link: https://lkml.kernel.org/r/20220831160935.3409-3-yin31149@gmail.com
Link: https://lore.kernel.org/all/1636796c-c85e-7f47-e96f-e074fee3c7d3@huawei.com/
Link: https://groups.google.com/g/syzkaller-bugs/c/t_XdeKPGTR4/m/LECAuIGcBgAJ
Signed-off-by: chenxiaosong (A) <chenxiaosong2@huawei.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Reported-by: syzbot+5f8dcabe4a3b2c51c607@syzkaller.appspotmail.com
Tested-by: syzbot+5f8dcabe4a3b2c51c607@syzkaller.appspotmail.com
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs/attrib.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -594,11 +594,23 @@ static int ntfs_attr_find(const ATTR_TYP
for (;; a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) {
u8 *mrec_end = (u8 *)ctx->mrec +
le32_to_cpu(ctx->mrec->bytes_allocated);
- u8 *name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
- a->name_length * sizeof(ntfschar);
- if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end ||
- name_end > mrec_end)
+ u8 *name_end;
+
+ /* check whether ATTR_RECORD wrap */
+ if ((u8 *)a < (u8 *)ctx->mrec)
break;
+
+ /* check whether Attribute Record Header is within bounds */
+ if ((u8 *)a > mrec_end ||
+ (u8 *)a + sizeof(ATTR_RECORD) > mrec_end)
+ break;
+
+ /* check whether ATTR_RECORD's name is within bounds */
+ name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
+ a->name_length * sizeof(ntfschar);
+ if (name_end > mrec_end)
+ break;
+
ctx->attr = a;
if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) ||
a->type == AT_END))
next prev parent reply other threads:[~2022-11-23 9:38 UTC|newest]
Thread overview: 189+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-23 8:49 [PATCH 5.15 000/181] 5.15.80-rc1 review Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 001/181] mm: hwpoison: refactor refcount check handling Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 002/181] mm: hwpoison: handle non-anonymous THP correctly Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 003/181] mm: shmem: dont truncate page if memory failure happens Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 004/181] ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 005/181] ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 006/181] ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 007/181] ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 008/181] ASoC: rt1019: Fix the TDM settings Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 009/181] ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 010/181] spi: intel: Fix the offset to get the 64K erase opcode Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 011/181] ASoC: codecs: jz4725b: add missed Line In power control bit Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 012/181] ASoC: codecs: jz4725b: fix reported volume for Master ctl Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 013/181] ASoC: codecs: jz4725b: use right control for Capture Volume Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 014/181] ASoC: codecs: jz4725b: fix capture selector naming Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 015/181] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 016/181] selftests/futex: fix build for clang Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 017/181] selftests/intel_pstate: fix build for ARCH=x86_64 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 018/181] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 019/181] ASoC: rt1308-sdw: add the default value of some registers Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 020/181] drm/amd/display: Remove wrong pipe control lock Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 021/181] ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 022/181] RDMA/efa: Add EFA 0xefa2 PCI ID Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 023/181] btrfs: raid56: properly handle the error when unable to find the missing stripe Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 024/181] NFSv4: Retry LOCK on OLD_STATEID during delegation return Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 025/181] ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 026/181] firmware: arm_scmi: Cleanup the core driver removal callback Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 027/181] i2c: tegra: Allocate DMA memory for DMA engine Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 028/181] i2c: i801: add lis3lv02ds I2C address for Vostro 5568 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 029/181] drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 030/181] btrfs: remove pointless and double ulist frees in error paths of qgroup tests Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 031/181] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 032/181] x86/cpu: Add several Intel server CPU model numbers Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 033/181] ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 034/181] mtd: spi-nor: intel-spi: Disable write protection only if asked Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 035/181] spi: intel: Use correct mask for flash and protected regions Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 5.15 036/181] KVM: x86/pmu: Do not speculatively query Intel GP PMCs that dont exist yet Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 037/181] hugetlbfs: dont delete error page from pagecache Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 038/181] arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 039/181] arm64: dts: qcom: sm8150-xperia-kumano: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 040/181] arm64: dts: qcom: sm8250-xperia-edo: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 041/181] arm64: dts: qcom: sm8350-hdk: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 042/181] spi: stm32: Print summary callbacks suppressed message Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 043/181] ARM: dts: at91: sama7g5: fix signal name of pin PB2 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 044/181] ASoC: core: Fix use-after-free in snd_soc_exit() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 045/181] ASoC: tas2770: Fix set_tdm_slot in case of single slot Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 046/181] ASoC: tas2764: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 047/181] ARM: at91: pm: avoid soft resetting AC DLL Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 048/181] serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 049/181] serial: 8250_omap: remove wait loop from Errata i202 workaround Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 050/181] serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 051/181] serial: 8250: omap: Flush PM QOS work on remove Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 052/181] serial: imx: Add missing .thaw_noirq hook Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 053/181] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 054/181] bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 055/181] ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 056/181] pinctrl: rockchip: list all pins in a possible mux route for PX30 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 057/181] scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 058/181] block: sed-opal: kmalloc the cmd/resp buffers Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 059/181] bpf: Fix memory leaks in __check_func_call Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 060/181] arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 061/181] siox: fix possible memory leak in siox_device_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 062/181] parport_pc: Avoid FIFO port location truncation Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 063/181] pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 064/181] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 065/181] drm/panel: simple: set bpc field for logic technologies displays Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 066/181] drm/drv: Fix potential memory leak in drm_dev_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 067/181] drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 068/181] ARM: dts: imx7: Fix NAND controller size-cells Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 069/181] arm64: dts: imx8mm: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 070/181] arm64: dts: imx8mn: " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 071/181] ata: libata-transport: fix double ata_host_put() in ata_tport_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 072/181] ata: libata-transport: fix error handling " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 073/181] ata: libata-transport: fix error handling in ata_tlink_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 074/181] ata: libata-transport: fix error handling in ata_tdev_add() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 075/181] nfp: change eeprom length to max length enumerators Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 076/181] MIPS: fix duplicate definitions for exported symbols Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 077/181] MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 078/181] bpf: Initialize same number of free nodes for each pcpu_freelist Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 079/181] net: bgmac: Drop free_netdev() from bgmac_enet_remove() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 080/181] mISDN: fix possible memory leak in mISDN_dsp_element_register() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 081/181] net: hinic: Fix error handling in hinic_module_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 082/181] net: stmmac: ensure tx function is not running in stmmac_xdp_release() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 083/181] soc: imx8m: Enable OCOTP clock before reading the register Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 084/181] net: liquidio: release resources when liquidio driver open failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 085/181] mISDN: fix misuse of put_device() in mISDN_register_device() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 086/181] net: macvlan: Use built-in RCU list checking Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 087/181] net: caif: fix double disconnect client in chnl_net_open() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 088/181] bnxt_en: Remove debugfs when pci_register_driver failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 089/181] net: mhi: Fix memory leak in mhi_net_dellink() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 090/181] net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 091/181] xen/pcpu: fix possible memory leak in register_pcpu() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 092/181] net: ionic: Fix error handling in ionic_init_module() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 093/181] net: ena: Fix error handling in ena_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 094/181] net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 095/181] bridge: switchdev: Fix memory leaks when changing VLAN protocol Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 5.15 096/181] drbd: use after free in drbd_create_device() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 097/181] platform/x86/intel: pmc: Dont unconditionally attach Intel PMC when virtualized Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 098/181] platform/surface: aggregator: Do not check for repeated unsequenced packets Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 099/181] cifs: add check for returning value of SMB2_close_init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 100/181] net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 101/181] net/x25: Fix skb leak in x25_lapb_receive_frame() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 102/181] cifs: Fix wrong return value checking when GETFLAGS Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 103/181] net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 104/181] net: thunderbolt: Fix error handling in tbnet_init() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 105/181] cifs: add check for returning value of SMB2_set_info_init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 106/181] ftrace: Fix the possible incorrect kernel message Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 107/181] ftrace: Optimize the allocation for mcount entries Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 108/181] ftrace: Fix null pointer dereference in ftrace_add_mod() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 109/181] ring_buffer: Do not deactivate non-existant pages Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 110/181] tracing: Fix memory leak in tracing_read_pipe() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 111/181] tracing/ring-buffer: Have polling block on watermark Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 112/181] tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 113/181] tracing: Fix wild-memory-access in register_synth_event() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 114/181] tracing: Fix race where eprobes can be called before the event Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 115/181] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 116/181] tracing: kprobe: Fix potential null-ptr-deref on trace_array " Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 117/181] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 118/181] ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 119/181] ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 120/181] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 121/181] Revert "usb: dwc3: disable USB core PHY management" Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 122/181] slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 123/181] slimbus: stream: correct presence rate frequencies Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 124/181] speakup: fix a segfault caused by switching consoles Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 125/181] USB: bcma: Make GPIO explicitly optional Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 126/181] USB: serial: option: add Sierra Wireless EM9191 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 127/181] USB: serial: option: remove old LARA-R6 PID Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 128/181] USB: serial: option: add u-blox LARA-R6 00B modem Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 129/181] USB: serial: option: add u-blox LARA-L6 modem Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 130/181] USB: serial: option: add Fibocom FM160 0x0111 composition Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 131/181] usb: add NO_LPM quirk for Realforce 87U Keyboard Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 132/181] usb: chipidea: fix deadlock in ci_otg_del_timer Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 133/181] usb: cdns3: host: fix endless superspeed hub port reset Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 134/181] usb: typec: mux: Enter safe mode only when pins need to be reconfigured Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 135/181] iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 136/181] iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 137/181] iio: adc: mp2629: fix wrong comparison of channel Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 138/181] iio: adc: mp2629: fix potential array out of bound access Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 139/181] iio: pressure: ms5611: changed hardcoded SPI speed to value limited Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 140/181] dm ioctl: fix misbehavior if list_versions races with module loading Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 141/181] serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 142/181] serial: 8250: Flush DMA Rx on RLSI Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 143/181] serial: 8250_lpss: Configure DMA also w/o DMA filter Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 144/181] Input: iforce - invert valid length check when fetching device IDs Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 145/181] maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 146/181] net: phy: marvell: add sleep time after enabling the loopback bit Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 147/181] scsi: zfcp: Fix double free of FSF request when qdio send fails Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 148/181] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 149/181] iommu/vt-d: Set SRE bit only when hardware has SRS cap Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 150/181] firmware: coreboot: Register bus in module init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 151/181] mmc: core: properly select voltage range without power cycle Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 152/181] mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 153/181] mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 154/181] docs: update mediator contact information in CoC doc Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 155/181] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 5.15 156/181] perf/x86/intel/pt: Fix sampling using single range output Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 157/181] nvme: restrict management ioctls to admin Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 158/181] nvme: ensure subsystem reset is single threaded Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 159/181] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 160/181] perf: Improve missing SIGTRAP checking Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 161/181] ring-buffer: Include dropped pages in counting dirty patches Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 162/181] tracing: Fix warning on variable struct trace_array Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 163/181] net: use struct_group to copy ip/ipv6 header addresses Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 164/181] scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 165/181] scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 166/181] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 167/181] Input: i8042 - fix leaking of platform device on module removal Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 168/181] macvlan: enforce a consistent minimal mtu Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 169/181] tcp: cdg: allow tcp_cdg_release() to be called multiple times Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 170/181] kcm: avoid potential race in kcm_tx_work Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 171/181] kcm: close race conditions on sk_receive_queue Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 172/181] 9p: trans_fd/p9_conn_cancel: drop client lock earlier Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 173/181] gfs2: Check sb_bsize_shift after reading superblock Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 174/181] gfs2: Switch from strlcpy to strscpy Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 175/181] 9p/trans_fd: always use O_NONBLOCK read/write Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 176/181] wifi: wext: use flex array destination for memcpy() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 177/181] mm: fs: initialize fsdata passed to write_begin/write_end interface Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 178/181] net/9p: use a dedicated spinlock for trans_fd Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 5.15 179/181] ntfs: fix use-after-free in ntfs_attr_find() Greg Kroah-Hartman
2022-11-23 8:52 ` Greg Kroah-Hartman [this message]
2022-11-23 8:52 ` [PATCH 5.15 181/181] ntfs: check overflow when iterating ATTR_RECORDs Greg Kroah-Hartman
2022-11-23 15:27 ` [PATCH 5.15 000/181] 5.15.80-rc1 review Jon Hunter
2022-11-23 17:02 ` Guenter Roeck
2022-11-24 2:38 ` Guenter Roeck
2022-11-24 3:54 ` Bagas Sanjaya
2022-11-24 7:34 ` Ron Economos
2022-11-24 8:54 ` Naresh Kamboju
2022-11-24 10:50 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221123084610.135604067@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=anton@tuxera.com \
--cc=chenxiaosong2@huawei.com \
--cc=dan.carpenter@oracle.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=syzbot+5f8dcabe4a3b2c51c607@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yin31149@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).