From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Namjae Jeon <linkinjeon@kernel.org>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 6.2 094/173] ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
Date: Wed, 12 Apr 2023 10:33:40 +0200 [thread overview]
Message-ID: <20230412082841.869969841@linuxfoundation.org> (raw)
In-Reply-To: <20230412082838.125271466@linuxfoundation.org>
From: Namjae Jeon <linkinjeon@kernel.org>
commit dc8289f912387c3bcfbc5d2db29c8947fa207c11 upstream.
When smb1 mount fails, KASAN detect slab-out-of-bounds in
init_smb2_rsp_hdr like the following one.
For smb1 negotiate(56bytes) , init_smb2_rsp_hdr() for smb2 is called.
The issue occurs while handling smb1 negotiate as smb2 server operations.
Add smb server operations for smb1 (get_cmd_val, init_rsp_hdr,
allocate_rsp_buf, check_user_session) to handle smb1 negotiate so that
smb2 server operation does not handle it.
[ 411.400423] CIFS: VFS: Use of the less secure dialect vers=1.0 is
not recommended unless required for access to very old servers
[ 411.400452] CIFS: Attempting to mount \\192.168.45.139\homes
[ 411.479312] ksmbd: init_smb2_rsp_hdr : 492
[ 411.479323] ==================================================================
[ 411.479327] BUG: KASAN: slab-out-of-bounds in
init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
[ 411.479369] Read of size 16 at addr ffff888488ed0734 by task kworker/14:1/199
[ 411.479379] CPU: 14 PID: 199 Comm: kworker/14:1 Tainted: G
OE 6.1.21 #3
[ 411.479386] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8
Series/Z10PA-D8 Series, BIOS 3801 08/23/2019
[ 411.479390] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
[ 411.479425] Call Trace:
[ 411.479428] <TASK>
[ 411.479432] dump_stack_lvl+0x49/0x63
[ 411.479444] print_report+0x171/0x4a8
[ 411.479452] ? kasan_complete_mode_report_info+0x3c/0x200
[ 411.479463] ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
[ 411.479497] kasan_report+0xb4/0x130
[ 411.479503] ? init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
[ 411.479537] kasan_check_range+0x149/0x1e0
[ 411.479543] memcpy+0x24/0x70
[ 411.479550] init_smb2_rsp_hdr+0x1e2/0x1f4 [ksmbd]
[ 411.479585] handle_ksmbd_work+0x109/0x760 [ksmbd]
[ 411.479616] ? _raw_spin_unlock_irqrestore+0x50/0x50
[ 411.479624] ? smb3_encrypt_resp+0x340/0x340 [ksmbd]
[ 411.479656] process_one_work+0x49c/0x790
[ 411.479667] worker_thread+0x2b1/0x6e0
[ 411.479674] ? process_one_work+0x790/0x790
[ 411.479680] kthread+0x177/0x1b0
[ 411.479686] ? kthread_complete_and_exit+0x30/0x30
[ 411.479692] ret_from_fork+0x22/0x30
[ 411.479702] </TASK>
Fixes: 39b291b86b59 ("ksmbd: return unsupported error on smb1 mount")
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/server.c | 5 -
fs/ksmbd/smb2pdu.c | 3 -
fs/ksmbd/smb_common.c | 138 +++++++++++++++++++++++++++++++++++++++-----------
fs/ksmbd/smb_common.h | 2
4 files changed, 111 insertions(+), 37 deletions(-)
--- a/fs/ksmbd/server.c
+++ b/fs/ksmbd/server.c
@@ -289,10 +289,7 @@ static int queue_ksmbd_work(struct ksmbd
work->request_buf = conn->request_buf;
conn->request_buf = NULL;
- if (ksmbd_init_smb_server(work)) {
- ksmbd_free_work_struct(work);
- return -EINVAL;
- }
+ ksmbd_init_smb_server(work);
ksmbd_conn_enqueue_request(work);
atomic_inc(&conn->r_count);
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -235,9 +235,6 @@ int init_smb2_neg_rsp(struct ksmbd_work
struct smb2_negotiate_rsp *rsp;
struct ksmbd_conn *conn = work->conn;
- if (conn->need_neg == false)
- return -EINVAL;
-
*(__be32 *)work->response_buf =
cpu_to_be32(conn->vals->header_size);
--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -283,20 +283,121 @@ err_out:
return BAD_PROT_ID;
}
-int ksmbd_init_smb_server(struct ksmbd_work *work)
+#define SMB_COM_NEGOTIATE_EX 0x0
+
+/**
+ * get_smb1_cmd_val() - get smb command value from smb header
+ * @work: smb work containing smb header
+ *
+ * Return: smb command value
+ */
+static u16 get_smb1_cmd_val(struct ksmbd_work *work)
{
- struct ksmbd_conn *conn = work->conn;
+ return SMB_COM_NEGOTIATE_EX;
+}
- if (conn->need_neg == false)
+/**
+ * init_smb1_rsp_hdr() - initialize smb negotiate response header
+ * @work: smb work containing smb request
+ *
+ * Return: 0 on success, otherwise -EINVAL
+ */
+static int init_smb1_rsp_hdr(struct ksmbd_work *work)
+{
+ struct smb_hdr *rsp_hdr = (struct smb_hdr *)work->response_buf;
+ struct smb_hdr *rcv_hdr = (struct smb_hdr *)work->request_buf;
+
+ /*
+ * Remove 4 byte direct TCP header.
+ */
+ *(__be32 *)work->response_buf =
+ cpu_to_be32(sizeof(struct smb_hdr) - 4);
+
+ rsp_hdr->Command = SMB_COM_NEGOTIATE;
+ *(__le32 *)rsp_hdr->Protocol = SMB1_PROTO_NUMBER;
+ rsp_hdr->Flags = SMBFLG_RESPONSE;
+ rsp_hdr->Flags2 = SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS |
+ SMBFLG2_EXT_SEC | SMBFLG2_IS_LONG_NAME;
+ rsp_hdr->Pid = rcv_hdr->Pid;
+ rsp_hdr->Mid = rcv_hdr->Mid;
+ return 0;
+}
+
+/**
+ * smb1_check_user_session() - check for valid session for a user
+ * @work: smb work containing smb request buffer
+ *
+ * Return: 0 on success, otherwise error
+ */
+static int smb1_check_user_session(struct ksmbd_work *work)
+{
+ unsigned int cmd = work->conn->ops->get_cmd_val(work);
+
+ if (cmd == SMB_COM_NEGOTIATE_EX)
return 0;
- init_smb3_11_server(conn);
+ return -EINVAL;
+}
+
+/**
+ * smb1_allocate_rsp_buf() - allocate response buffer for a command
+ * @work: smb work containing smb request
+ *
+ * Return: 0 on success, otherwise -ENOMEM
+ */
+static int smb1_allocate_rsp_buf(struct ksmbd_work *work)
+{
+ work->response_buf = kmalloc(MAX_CIFS_SMALL_BUFFER_SIZE,
+ GFP_KERNEL | __GFP_ZERO);
+ work->response_sz = MAX_CIFS_SMALL_BUFFER_SIZE;
+
+ if (!work->response_buf) {
+ pr_err("Failed to allocate %u bytes buffer\n",
+ MAX_CIFS_SMALL_BUFFER_SIZE);
+ return -ENOMEM;
+ }
- if (conn->ops->get_cmd_val(work) != SMB_COM_NEGOTIATE)
- conn->need_neg = false;
return 0;
}
+static struct smb_version_ops smb1_server_ops = {
+ .get_cmd_val = get_smb1_cmd_val,
+ .init_rsp_hdr = init_smb1_rsp_hdr,
+ .allocate_rsp_buf = smb1_allocate_rsp_buf,
+ .check_user_session = smb1_check_user_session,
+};
+
+static int smb1_negotiate(struct ksmbd_work *work)
+{
+ return ksmbd_smb_negotiate_common(work, SMB_COM_NEGOTIATE);
+}
+
+static struct smb_version_cmds smb1_server_cmds[1] = {
+ [SMB_COM_NEGOTIATE_EX] = { .proc = smb1_negotiate, },
+};
+
+static void init_smb1_server(struct ksmbd_conn *conn)
+{
+ conn->ops = &smb1_server_ops;
+ conn->cmds = smb1_server_cmds;
+ conn->max_cmds = ARRAY_SIZE(smb1_server_cmds);
+}
+
+void ksmbd_init_smb_server(struct ksmbd_work *work)
+{
+ struct ksmbd_conn *conn = work->conn;
+ __le32 proto;
+
+ if (conn->need_neg == false)
+ return;
+
+ proto = *(__le32 *)((struct smb_hdr *)work->request_buf)->Protocol;
+ if (proto == SMB1_PROTO_NUMBER)
+ init_smb1_server(conn);
+ else
+ init_smb3_11_server(conn);
+}
+
int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,
struct ksmbd_file *dir,
struct ksmbd_dir_info *d_info,
@@ -444,20 +545,10 @@ static int smb_handle_negotiate(struct k
ksmbd_debug(SMB, "Unsupported SMB1 protocol\n");
- /*
- * Remove 4 byte direct TCP header, add 2 byte bcc and
- * 2 byte DialectIndex.
- */
- *(__be32 *)work->response_buf =
- cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2 + 2);
+ /* Add 2 byte bcc and 2 byte DialectIndex. */
+ inc_rfc1001_len(work->response_buf, 4);
neg_rsp->hdr.Status.CifsError = STATUS_SUCCESS;
- neg_rsp->hdr.Command = SMB_COM_NEGOTIATE;
- *(__le32 *)neg_rsp->hdr.Protocol = SMB1_PROTO_NUMBER;
- neg_rsp->hdr.Flags = SMBFLG_RESPONSE;
- neg_rsp->hdr.Flags2 = SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS |
- SMBFLG2_EXT_SEC | SMBFLG2_IS_LONG_NAME;
-
neg_rsp->hdr.WordCount = 1;
neg_rsp->DialectIndex = cpu_to_le16(work->conn->dialect);
neg_rsp->ByteCount = 0;
@@ -474,23 +565,12 @@ int ksmbd_smb_negotiate_common(struct ks
ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);
if (command == SMB2_NEGOTIATE_HE) {
- struct smb2_hdr *smb2_hdr = smb2_get_msg(work->request_buf);
-
- if (smb2_hdr->ProtocolId != SMB2_PROTO_NUMBER) {
- ksmbd_debug(SMB, "Downgrade to SMB1 negotiation\n");
- command = SMB_COM_NEGOTIATE;
- }
- }
-
- if (command == SMB2_NEGOTIATE_HE) {
ret = smb2_handle_negotiate(work);
- init_smb2_neg_rsp(work);
return ret;
}
if (command == SMB_COM_NEGOTIATE) {
if (__smb2_negotiate(conn)) {
- conn->need_neg = true;
init_smb3_11_server(conn);
init_smb2_neg_rsp(work);
ksmbd_debug(SMB, "Upgrade to SMB2 negotiation\n");
--- a/fs/ksmbd/smb_common.h
+++ b/fs/ksmbd/smb_common.h
@@ -427,7 +427,7 @@ bool ksmbd_smb_request(struct ksmbd_conn
int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count);
-int ksmbd_init_smb_server(struct ksmbd_work *work);
+void ksmbd_init_smb_server(struct ksmbd_work *work);
struct ksmbd_kstat;
int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work,
next prev parent reply other threads:[~2023-04-12 8:51 UTC|newest]
Thread overview: 187+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-12 8:32 [PATCH 6.2 000/173] 6.2.11-rc1 review Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 001/173] dm cache: Add some documentation to dm-cache-background-tracker.h Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 002/173] dm integrity: Remove bi_sector thats only used by commented debug code Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 003/173] dm: change "unsigned" to "unsigned int" Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 004/173] dm: fix improper splitting for abnormal bios Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 005/173] drm/i915: Move the DSB setup/cleaup into the color code Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 006/173] drm/i915: Add a .color_post_update() hook Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 007/173] gpio: GPIO_REGMAP: select REGMAP instead of depending on it Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 008/173] Drivers: vmbus: Check for channel allocation before looking up relids Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 009/173] ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 010/173] pwm: hibvt: Explicitly set .polarity in .get_state() Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 011/173] pwm: cros-ec: " Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 012/173] pwm: iqs620a: " Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 013/173] pwm: sprd: " Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 014/173] pwm: meson: " Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 015/173] ASoC: codecs: lpass: fix the order or clks turn off during suspend Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 016/173] KVM: s390: pv: fix external interruption loop not always detected Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 017/173] wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap() Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 018/173] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 019/173] net: qrtr: Fix a refcount bug in qrtr_recvmsg() Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 020/173] net: phylink: add phylink_expects_phy() method Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 021/173] net: stmmac: check if MAC needs to attach to a PHY Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 022/173] net: stmmac: remove redundant fixup to support fixed-link mode Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 023/173] l2tp: generate correct module alias strings Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 024/173] wifi: brcmfmac: Fix SDIO suspend/resume regression Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 025/173] NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 026/173] nfsd: call op_release, even when op_func returns an error Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 027/173] icmp: guard against too small mtu Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 028/173] ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 029/173] net: dont let netpoll invoke NAPI if in xmit context Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 030/173] net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 031/173] net: ethernet: mtk_eth_soc: fix remaining throughput regression Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 032/173] sctp: check send stream number after wait_for_sndbuf Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 033/173] drm/i915/huc: Cancel HuC delayed load timer on reset Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 034/173] net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 035/173] ipv6: Fix an uninit variable access bug in __ip6_make_skb() Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 036/173] platform/x86: think-lmi: Fix memory leak when showing current settings Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 037/173] platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 038/173] platform/x86: think-lmi: Clean up display of current_value on Thinkstation Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 039/173] gpio: davinci: Do not clear the bank intr enable bit in save_context Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 040/173] gpio: davinci: Add irq chip flag to skip set wake Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 041/173] net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 042/173] net: stmmac: fix up RX flow hash indirection table when setting channels Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 043/173] sunrpc: only free unix grouplist after RCU settles Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 044/173] NFSD: callback request does not use correct credential for AUTH_SYS Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 045/173] ice: fix wrong fallback logic for FDIR Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 046/173] ice: Reset FDIR counter in FDIR init stage Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 047/173] raw: use net_hash_mix() in hash function Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 048/173] raw: Fix NULL deref in raw_get_next() Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 049/173] ping: Fix potentail NULL deref for /proc/net/icmp Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 050/173] ethtool: reset #lanes when lanes is omitted Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 051/173] netlink: annotate lockless accesses to nlk->max_recvmsg_len Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 052/173] gve: Secure enough bytes in the first TX desc for all TCP pkts Greg Kroah-Hartman
2023-04-12 8:32 ` [PATCH 6.2 053/173] arm64: compat: Work around uninitialized variable warning Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 054/173] net: stmmac: check fwnode for phy device before scanning for phy Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 055/173] cxl/pci: Fix CDAT retrieval on big endian Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 056/173] cxl/pci: Handle truncated CDAT header Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 057/173] cxl/pci: Handle truncated CDAT entries Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 058/173] cxl/pci: Handle excessive CDAT length Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 059/173] PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 060/173] PCI/DOE: Fix memory leak " Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 061/173] Revert "usb: xhci-pci: Set PROBE_PREFER_ASYNCHRONOUS" Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 062/173] usb: xhci: tegra: fix sleep in atomic call Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 063/173] xhci: Free the command allocated for setting LPM if we return early Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 064/173] xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 065/173] usb: cdnsp: Fixes error: uninitialized symbol len Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 066/173] usb: dwc3: pci: add support for the Intel Meteor Lake-S Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 067/173] USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 068/173] usb: typec: altmodes/displayport: Fix configure initial pin assignment Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 069/173] USB: serial: option: add Telit FE990 compositions Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 070/173] USB: serial: option: add Quectel RM500U-CN modem Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 071/173] drivers: iio: adc: ltc2497: fix LSB shift Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 072/173] iio: adis16480: select CONFIG_CRC32 Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 073/173] iio: adc: qcom-spmi-adc5: Fix the channel name Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 074/173] iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 075/173] iio: dac: cio-dac: Fix max DAC write value check for 12-bit Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 076/173] iio: adc: max11410: fix read_poll_timeout() usage Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 077/173] iio: accel: kionix-kx022a: Get the timestamp from the drivers private data in the trigger_handler Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 078/173] iio: buffer: correctly return bytes written in output buffers Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 079/173] iio: buffer: make sure O_NONBLOCK is respected Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 080/173] iio: light: cm32181: Unregister second I2C client if present Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 081/173] iio: light: vcnl4000: Fix WARN_ON on uninitialized lock Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 082/173] tty: serial: sh-sci: Fix transmit end interrupt handler Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 083/173] tty: serial: sh-sci: Fix Rx on RZ/G2L SCI Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 084/173] tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 085/173] tty: serial: fsl_lpuart: fix crash in lpuart_uport_is_active Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 086/173] nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 087/173] nilfs2: fix sysfs interface lifetime Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 088/173] fsdax: dedupe should compare the min of two iters length Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 089/173] fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 090/173] fsdax: force clear dirty mark if CoW Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 091/173] dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 092/173] serial: 8250: Prevent starting up DMA Rx on THRI interrupt Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 093/173] ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN Greg Kroah-Hartman
2023-04-12 8:33 ` Greg Kroah-Hartman [this message]
2023-04-12 8:33 ` [PATCH 6.2 095/173] ALSA: hda/realtek: Add quirk for Clevo X370SNW Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 096/173] ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 097/173] x86/acpi/boot: Correct acpi_is_processor_usable() check Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 098/173] x86/ACPI/boot: Use FADT version to check support for online capable Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 099/173] KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 100/173] KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 101/173] KVM: SVM: Flush Hyper-V TLB when required Greg Kroah-Hartman
2023-04-12 9:28 ` Vitaly Kuznetsov
2023-04-12 14:26 ` Sean Christopherson
2023-04-12 14:28 ` Paolo Bonzini
2023-04-12 14:47 ` Vitaly Kuznetsov
2023-04-12 8:33 ` [PATCH 6.2 102/173] mm: kfence: fix PG_slab and memcg_data clearing Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 103/173] mm: kfence: fix handling discontiguous page Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 104/173] coresight: etm4x: Do not access TRCIDR1 for identification Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 105/173] coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 106/173] counter: 104-quad-8: Fix race condition between FLAG and CNTR reads Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 107/173] counter: 104-quad-8: Fix Synapse action reported for Index signals Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 108/173] blk-mq: directly poll requests Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 109/173] ftrace: Mark get_lock_parent_ip() __always_inline Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 110/173] ftrace: Fix issue that direct->addr not restored in modify_ftrace_direct() Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 111/173] fs: drop peer group ids under namespace lock Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 112/173] can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 6.2 113/173] can: isotp: fix race between isotp_sendsmg() and isotp_release() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 114/173] can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 115/173] can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 116/173] ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 117/173] ACPI: video: Make acpi_backlight=video work independent from GPU driver Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 118/173] ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2 Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 119/173] ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530 Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 120/173] net: stmmac: Add queue reset into stmmac_xdp_open() function Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 121/173] tracing/synthetic: Fix races on freeing last_cmd Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 122/173] tracing/timerlat: Notify new max thread latency Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 123/173] tracing/osnoise: Fix notify new tracing_max_latency Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 124/173] tracing: Free error logs of tracing instances Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 125/173] iommufd: Check for uptr overflow Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 126/173] iommufd: Fix unpinning of pages when an access is present Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 127/173] iommufd: Do not corrupt the pfn list when doing batch carry Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 128/173] ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 129/173] ASoC: SOF: avoid a NULL dereference with unsupported widgets Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 130/173] iio: adc: ad7791: fix IRQ flags Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 131/173] io_uring: fix return value when removing provided buffers Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 132/173] io_uring: fix memory leak " Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 133/173] scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 134/173] scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 135/173] nvme: fix discard support without oncs Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 136/173] cifs: sanitize paths in cifs_update_super_prepath Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 137/173] block: ublk: make sure that block size is set correctly Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 138/173] block: dont set GD_NEED_PART_SCAN if scan partition failed Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 139/173] perf: Optimize perf_pmu_migrate_context() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 140/173] perf/core: Fix the same task check in perf_event_set_output Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 141/173] tracing/synthetic: Make lastcmd_mutex static Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 142/173] zsmalloc: document freeable stats Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 143/173] mm: vmalloc: avoid warn_alloc noise caused by fatal signal Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 144/173] wifi: mt76: mt7921: fix fw used for offload check for mt7922 Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 145/173] wifi: mt76: ignore key disable commands Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 146/173] ublk: read any SQE values upfront Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 147/173] drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 148/173] drm/nouveau/disp: Support more modes by checking with lower bpc Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 149/173] drm/i915: Fix context runtime accounting Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 150/173] drm/i915: fix race condition UAF in i915_perf_add_config_ioctl Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 151/173] ring-buffer: Fix race while reader and writer are on the same page Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 152/173] mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 153/173] mm/hugetlb: fix uffd wr-protection for CoW optimization path Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 154/173] maple_tree: fix get wrong data_end in mtree_lookup_walk() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 155/173] maple_tree: fix a potential concurrency bug in RCU mode Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 156/173] drm/amd/display: Clear MST topology if it fails to resume Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 157/173] drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 158/173] drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 159/173] drm/bridge: lt9611: Fix PLL being unable to lock Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 160/173] mm: take a page reference when removing device exclusive entries Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 161/173] maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 162/173] maple_tree: fix potential rcu issue Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 163/173] maple_tree: reduce user error potential Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 164/173] maple_tree: fix handle of invalidated state in mas_wr_store_setup() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 165/173] maple_tree: fix mas_prev() and mas_find() state handling Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 166/173] maple_tree: be more cautious about dead nodes Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 167/173] maple_tree: refine ma_state init from mas_start() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 168/173] maple_tree: detect dead nodes in mas_start() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 169/173] maple_tree: fix freeing of nodes in rcu mode Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 170/173] maple_tree: remove extra smp_wmb() from mas_dead_leaves() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 171/173] maple_tree: add smp_rmb() to dead node detection Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 172/173] maple_tree: add RCU lock checking to rcu callback functions Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 6.2 173/173] mm: enable maple tree RCU mode by default Greg Kroah-Hartman
2023-04-12 12:51 ` [PATCH 6.2 000/173] 6.2.11-rc1 review Conor Dooley
2023-04-12 18:16 ` Justin Forbes
2023-04-12 18:49 ` Florian Fainelli
2023-04-12 19:37 ` Shuah Khan
2023-04-12 20:42 ` Guenter Roeck
2023-04-12 23:59 ` Ron Economos
2023-04-13 2:18 ` Slade Watkins
2023-04-13 4:07 ` Bagas Sanjaya
2023-04-13 8:55 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230412082841.869969841@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linkinjeon@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox