From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Lin Ma <linma@zju.edu.cn>,
Steffen Klassert <steffen.klassert@secunet.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 104/194] net: xfrm: Fix xfrm_address_filter OOB read
Date: Mon, 21 Aug 2023 21:41:23 +0200 [thread overview]
Message-ID: <20230821194127.264929960@linuxfoundation.org> (raw)
In-Reply-To: <20230821194122.695845670@linuxfoundation.org>
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit dfa73c17d55b921e1d4e154976de35317e43a93a ]
We found below OOB crash:
[ 44.211730] ==================================================================
[ 44.212045] BUG: KASAN: slab-out-of-bounds in memcmp+0x8b/0xb0
[ 44.212045] Read of size 8 at addr ffff88800870f320 by task poc.xfrm/97
[ 44.212045]
[ 44.212045] CPU: 0 PID: 97 Comm: poc.xfrm Not tainted 6.4.0-rc7-00072-gdad9774deaf1-dirty #4
[ 44.212045] Call Trace:
[ 44.212045] <TASK>
[ 44.212045] dump_stack_lvl+0x37/0x50
[ 44.212045] print_report+0xcc/0x620
[ 44.212045] ? __virt_addr_valid+0xf3/0x170
[ 44.212045] ? memcmp+0x8b/0xb0
[ 44.212045] kasan_report+0xb2/0xe0
[ 44.212045] ? memcmp+0x8b/0xb0
[ 44.212045] kasan_check_range+0x39/0x1c0
[ 44.212045] memcmp+0x8b/0xb0
[ 44.212045] xfrm_state_walk+0x21c/0x420
[ 44.212045] ? __pfx_dump_one_state+0x10/0x10
[ 44.212045] xfrm_dump_sa+0x1e2/0x290
[ 44.212045] ? __pfx_xfrm_dump_sa+0x10/0x10
[ 44.212045] ? __kernel_text_address+0xd/0x40
[ 44.212045] ? kasan_unpoison+0x27/0x60
[ 44.212045] ? mutex_lock+0x60/0xe0
[ 44.212045] ? __pfx_mutex_lock+0x10/0x10
[ 44.212045] ? kasan_save_stack+0x22/0x50
[ 44.212045] netlink_dump+0x322/0x6c0
[ 44.212045] ? __pfx_netlink_dump+0x10/0x10
[ 44.212045] ? mutex_unlock+0x7f/0xd0
[ 44.212045] ? __pfx_mutex_unlock+0x10/0x10
[ 44.212045] __netlink_dump_start+0x353/0x430
[ 44.212045] xfrm_user_rcv_msg+0x3a4/0x410
[ 44.212045] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 44.212045] ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 44.212045] ? __pfx_xfrm_dump_sa+0x10/0x10
[ 44.212045] ? __pfx_xfrm_dump_sa_done+0x10/0x10
[ 44.212045] ? __stack_depot_save+0x382/0x4e0
[ 44.212045] ? filter_irq_stacks+0x1c/0x70
[ 44.212045] ? kasan_save_stack+0x32/0x50
[ 44.212045] ? kasan_save_stack+0x22/0x50
[ 44.212045] ? kasan_set_track+0x25/0x30
[ 44.212045] ? __kasan_slab_alloc+0x59/0x70
[ 44.212045] ? kmem_cache_alloc_node+0xf7/0x260
[ 44.212045] ? kmalloc_reserve+0xab/0x120
[ 44.212045] ? __alloc_skb+0xcf/0x210
[ 44.212045] ? netlink_sendmsg+0x509/0x700
[ 44.212045] ? sock_sendmsg+0xde/0xe0
[ 44.212045] ? __sys_sendto+0x18d/0x230
[ 44.212045] ? __x64_sys_sendto+0x71/0x90
[ 44.212045] ? do_syscall_64+0x3f/0x90
[ 44.212045] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 44.212045] ? netlink_sendmsg+0x509/0x700
[ 44.212045] ? sock_sendmsg+0xde/0xe0
[ 44.212045] ? __sys_sendto+0x18d/0x230
[ 44.212045] ? __x64_sys_sendto+0x71/0x90
[ 44.212045] ? do_syscall_64+0x3f/0x90
[ 44.212045] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 44.212045] ? kasan_save_stack+0x22/0x50
[ 44.212045] ? kasan_set_track+0x25/0x30
[ 44.212045] ? kasan_save_free_info+0x2e/0x50
[ 44.212045] ? __kasan_slab_free+0x10a/0x190
[ 44.212045] ? kmem_cache_free+0x9c/0x340
[ 44.212045] ? netlink_recvmsg+0x23c/0x660
[ 44.212045] ? sock_recvmsg+0xeb/0xf0
[ 44.212045] ? __sys_recvfrom+0x13c/0x1f0
[ 44.212045] ? __x64_sys_recvfrom+0x71/0x90
[ 44.212045] ? do_syscall_64+0x3f/0x90
[ 44.212045] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 44.212045] ? copyout+0x3e/0x50
[ 44.212045] netlink_rcv_skb+0xd6/0x210
[ 44.212045] ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 44.212045] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 44.212045] ? __pfx_sock_has_perm+0x10/0x10
[ 44.212045] ? mutex_lock+0x8d/0xe0
[ 44.212045] ? __pfx_mutex_lock+0x10/0x10
[ 44.212045] xfrm_netlink_rcv+0x44/0x50
[ 44.212045] netlink_unicast+0x36f/0x4c0
[ 44.212045] ? __pfx_netlink_unicast+0x10/0x10
[ 44.212045] ? netlink_recvmsg+0x500/0x660
[ 44.212045] netlink_sendmsg+0x3b7/0x700
[ 44.212045] ? __pfx_netlink_sendmsg+0x10/0x10
[ 44.212045] ? __pfx_netlink_sendmsg+0x10/0x10
[ 44.212045] sock_sendmsg+0xde/0xe0
[ 44.212045] __sys_sendto+0x18d/0x230
[ 44.212045] ? __pfx___sys_sendto+0x10/0x10
[ 44.212045] ? rcu_core+0x44a/0xe10
[ 44.212045] ? __rseq_handle_notify_resume+0x45b/0x740
[ 44.212045] ? _raw_spin_lock_irq+0x81/0xe0
[ 44.212045] ? __pfx___rseq_handle_notify_resume+0x10/0x10
[ 44.212045] ? __pfx_restore_fpregs_from_fpstate+0x10/0x10
[ 44.212045] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10
[ 44.212045] ? __pfx_task_work_run+0x10/0x10
[ 44.212045] __x64_sys_sendto+0x71/0x90
[ 44.212045] do_syscall_64+0x3f/0x90
[ 44.212045] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 44.212045] RIP: 0033:0x44b7da
[ 44.212045] RSP: 002b:00007ffdc8838548 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 44.212045] RAX: ffffffffffffffda RBX: 00007ffdc8839978 RCX: 000000000044b7da
[ 44.212045] RDX: 0000000000000038 RSI: 00007ffdc8838770 RDI: 0000000000000003
[ 44.212045] RBP: 00007ffdc88385b0 R08: 00007ffdc883858c R09: 000000000000000c
[ 44.212045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.212045] R13: 00007ffdc8839968 R14: 00000000004c37d0 R15: 0000000000000001
[ 44.212045] </TASK>
[ 44.212045]
[ 44.212045] Allocated by task 97:
[ 44.212045] kasan_save_stack+0x22/0x50
[ 44.212045] kasan_set_track+0x25/0x30
[ 44.212045] __kasan_kmalloc+0x7f/0x90
[ 44.212045] __kmalloc_node_track_caller+0x5b/0x140
[ 44.212045] kmemdup+0x21/0x50
[ 44.212045] xfrm_dump_sa+0x17d/0x290
[ 44.212045] netlink_dump+0x322/0x6c0
[ 44.212045] __netlink_dump_start+0x353/0x430
[ 44.212045] xfrm_user_rcv_msg+0x3a4/0x410
[ 44.212045] netlink_rcv_skb+0xd6/0x210
[ 44.212045] xfrm_netlink_rcv+0x44/0x50
[ 44.212045] netlink_unicast+0x36f/0x4c0
[ 44.212045] netlink_sendmsg+0x3b7/0x700
[ 44.212045] sock_sendmsg+0xde/0xe0
[ 44.212045] __sys_sendto+0x18d/0x230
[ 44.212045] __x64_sys_sendto+0x71/0x90
[ 44.212045] do_syscall_64+0x3f/0x90
[ 44.212045] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 44.212045]
[ 44.212045] The buggy address belongs to the object at ffff88800870f300
[ 44.212045] which belongs to the cache kmalloc-64 of size 64
[ 44.212045] The buggy address is located 32 bytes inside of
[ 44.212045] allocated 36-byte region [ffff88800870f300, ffff88800870f324)
[ 44.212045]
[ 44.212045] The buggy address belongs to the physical page:
[ 44.212045] page:00000000e4de16ee refcount:1 mapcount:0 mapping:000000000 ...
[ 44.212045] flags: 0x100000000000200(slab|node=0|zone=1)
[ 44.212045] page_type: 0xffffffff()
[ 44.212045] raw: 0100000000000200 ffff888004c41640 dead000000000122 0000000000000000
[ 44.212045] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 44.212045] page dumped because: kasan: bad access detected
[ 44.212045]
[ 44.212045] Memory state around the buggy address:
[ 44.212045] ffff88800870f200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 44.212045] ffff88800870f280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 44.212045] >ffff88800870f300: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
[ 44.212045] ^
[ 44.212045] ffff88800870f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.212045] ffff88800870f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.212045] ==================================================================
By investigating the code, we find the root cause of this OOB is the lack
of checks in xfrm_dump_sa(). The buggy code allows a malicious user to pass
arbitrary value of filter->splen/dplen. Hence, with crafted xfrm states,
the attacker can achieve 8 bytes heap OOB read, which causes info leak.
if (attrs[XFRMA_ADDRESS_FILTER]) {
filter = kmemdup(nla_data(attrs[XFRMA_ADDRESS_FILTER]),
sizeof(*filter), GFP_KERNEL);
if (filter == NULL)
return -ENOMEM;
// NO MORE CHECKS HERE !!!
}
This patch fixes the OOB by adding necessary boundary checks, just like
the code in pfkey_dump() function.
Fixes: d3623099d350 ("ipsec: add support of limited SA dump")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_user.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 2d68a173b2273..3e32fe99a6818 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1250,6 +1250,15 @@ static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb)
sizeof(*filter), GFP_KERNEL);
if (filter == NULL)
return -ENOMEM;
+
+ /* see addr_match(), (prefix length >> 5) << 2
+ * will be used to compare xfrm_address_t
+ */
+ if (filter->splen > (sizeof(xfrm_address_t) << 3) ||
+ filter->dplen > (sizeof(xfrm_address_t) << 3)) {
+ kfree(filter);
+ return -EINVAL;
+ }
}
if (attrs[XFRMA_PROTO])
--
2.40.1
next prev parent reply other threads:[~2023-08-21 19:54 UTC|newest]
Thread overview: 227+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-21 19:39 [PATCH 6.1 000/194] 6.1.47-rc1 review Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 001/194] mmc: sdhci-f-sdh30: Replace with sdhci_pltfm Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 002/194] cpuidle: psci: Extend information in log about OSI/PC mode Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 003/194] cpuidle: psci: Move enabling OSI mode after power domains creation Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 004/194] zsmalloc: consolidate zs_pools migrate_lock and size_classs locks Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 005/194] zsmalloc: fix races between modifications of fullness and isolated Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 006/194] selftests: forwarding: tc_actions: cleanup temporary files when test is aborted Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 007/194] selftests: forwarding: tc_actions: Use ncat instead of nc Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 008/194] net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 009/194] net/smc: Fix setsockopt and sysctl to specify same buffer size again Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 010/194] net: phy: at803x: Use devm_regulator_get_enable_optional() Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 011/194] net: phy: at803x: fix the wol setting functions Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 012/194] drm/amdgpu: fix calltrace warning in amddrm_buddy_fini Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 013/194] drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 014/194] drm/amdgpu: fix memory leak in mes self test Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 015/194] ASoC: Intel: sof_sdw: add quirk for MTL RVP Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 016/194] ASoC: Intel: sof_sdw: add quirk for LNL RVP Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 017/194] PCI: tegra194: Fix possible array out of bounds access Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 018/194] ASoC: SOF: amd: Add pci revision id check Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 019/194] drm/stm: ltdc: fix late dereference check Greg Kroah-Hartman
2023-08-21 19:39 ` [PATCH 6.1 020/194] drm: rcar-du: remove R-Car H3 ES1.* workarounds Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 021/194] ASoC: amd: vangogh: Add check for acp config flags in vangogh platform Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 022/194] ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 023/194] ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 024/194] ASoC: Intel: sof_sdw: Add support for Rex soundwire Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 025/194] iopoll: Call cpu_relax() in busy loops Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 026/194] ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 027/194] dma-remap: use kvmalloc_array/kvfree for larger dma memory remap Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 028/194] accel/habanalabs: add pci health check during heartbeat Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 029/194] HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 030/194] iommu/amd: Introduce Disable IRTE Caching Support Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 031/194] drm/amdgpu: install stub fence into potential unused fence pointers Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 032/194] drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 033/194] RDMA/mlx5: Return the firmware result upon destroying QP/RQ Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 034/194] drm/amd/display: Skip DPP DTO update if root clock is gated Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 035/194] drm/amd/display: Enable dcn314 DPP RCO Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 036/194] ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 037/194] HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 038/194] ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 039/194] smb: client: fix warning in cifs_smb3_do_mount() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 040/194] cifs: fix session state check in reconnect to avoid use-after-free issue Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 041/194] serial: stm32: Ignore return value of uart_remove_one_port() in .remove() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 042/194] led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node() loops Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 043/194] media: v4l2-mem2mem: add lock to protect parameter num_rdy Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 044/194] media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250 Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 045/194] usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 046/194] usb: gadget: uvc: queue empty isoc requests if no video buffer is available Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 047/194] media: platform: mediatek: vpu: fix NULL ptr dereference Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 048/194] thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 049/194] usb: chipidea: imx: dont request QoS for imx8ulp Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 050/194] usb: chipidea: imx: add missing USB PHY DPDM wakeup setting Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 051/194] gfs2: Fix possible data races in gfs2_show_options() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 052/194] pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 053/194] thunderbolt: Add Intel Barlow Ridge PCI ID Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 054/194] thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 055/194] firewire: net: fix use after free in fwnet_finish_incoming_packet() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 056/194] watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 057/194] Bluetooth: L2CAP: Fix use-after-free Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 058/194] Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 059/194] ceph: try to dump the msgs when decoding fails Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 060/194] drm/amdgpu: Fix potential fence use-after-free v2 Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 061/194] fs/ntfs3: Enhance sanity check while generating attr_list Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 062/194] fs: ntfs3: Fix possible null-pointer dereferences in mi_read() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 063/194] fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 064/194] ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 065/194] ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 066/194] ALSA: hda/realtek: Add quirk for ASUS ROG GX650P Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 067/194] ALSA: hda/realtek: Add quirk for ASUS ROG GA402X Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 068/194] ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 069/194] powerpc/kasan: Disable KCOV in KASAN code Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 070/194] Bluetooth: MGMT: Use correct address for memcpy() Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 071/194] ring-buffer: Do not swap cpu_buffer during resize process Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 072/194] igc: read before write to SRRCTL register Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 073/194] drm/amd/display: save restore hdcp state when display is unplugged from mst hub Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 074/194] drm/amd/display: phase3 mst hdcp for multiple displays Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 075/194] drm/amd/display: fix access hdcp_workqueue assert Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 076/194] KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 077/194] ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 078/194] fbdev/hyperv-fb: Do not set struct fb_info.apertures Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 079/194] video/aperture: Only remove sysfb on the default vga pci device Greg Kroah-Hartman
2023-08-21 19:40 ` [PATCH 6.1 080/194] btrfs: move out now unused BG from the reclaim list Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 081/194] btrfs: convert btrfs_block_group::needs_free_space to runtime flag Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 082/194] btrfs: convert btrfs_block_group::seq_zone " Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 083/194] btrfs: fix use-after-free of new block group that became unused Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 084/194] virtio-mmio: dont break lifecycle of vm_dev Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 085/194] vduse: Use proper spinlock for IRQ injection Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 086/194] vdpa/mlx5: Fix mr->initialized semantics Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 087/194] vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 088/194] cifs: fix potential oops in cifs_oplock_break Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 089/194] i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 090/194] i2c: hisi: Only handle the interrupt of the drivers transfer Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 091/194] i2c: tegra: Fix i2c-tegra DMA config option processing Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 092/194] fbdev: mmp: fix value check in mmphw_probe() Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 093/194] powerpc/rtas_flash: allow user copy to flash block cache objects Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 094/194] vdpa: Add features attr to vdpa_nl_policy for nlattr length check Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 095/194] vdpa: Add queue index " Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 096/194] vdpa: Add max vqp " Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 097/194] vdpa: Enable strict validation for netlinks ops Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 098/194] tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 099/194] tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 100/194] btrfs: fix incorrect splitting in btrfs_drop_extent_map_range Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 101/194] btrfs: fix BUG_ON condition in btrfs_cancel_balance Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 102/194] i2c: designware: Correct length byte validation logic Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 103/194] i2c: designware: Handle invalid SMBus block data response length value Greg Kroah-Hartman
2023-08-21 19:41 ` Greg Kroah-Hartman [this message]
2023-08-21 19:41 ` [PATCH 6.1 105/194] net: af_key: fix sadb_x_filter validation Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 106/194] net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 107/194] xfrm: fix slab-use-after-free in decode_session6 Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 108/194] ip6_vti: " Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 109/194] ip_vti: fix potential " Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 110/194] xfrm: add NULL check in xfrm_update_ae_params Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 111/194] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 112/194] virtio_net: notify MAC address change on device initialization Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 113/194] virtio-net: set queues after driver_ok Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 114/194] net: pcs: Add missing put_device call in miic_create Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 115/194] net: phy: fix IRQ-based wake-on-lan over hibernate / power off Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 116/194] selftests: mirror_gre_changes: Tighten up the TTL test match Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 117/194] drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 118/194] net: macb: In ZynqMP resume always configure PS GTR for non-wakeup source Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 119/194] octeon_ep: cancel tx_timeout_task later in remove sequence Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 120/194] netfilter: nf_tables: fix false-positive lockdep splat Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 121/194] netfilter: nf_tables: deactivate catchall elements in next generation Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 122/194] ipvs: fix racy memcpy in proc_do_sync_threshold Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 123/194] netfilter: nft_dynset: disallow object maps Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 124/194] net: phy: broadcom: stub c45 read/write for 54810 Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 125/194] team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 126/194] net: openvswitch: reject negative ifindex Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 127/194] iavf: fix FDIR rule fields masks validation Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 128/194] i40e: fix misleading debug logs Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 129/194] net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 130/194] sfc: dont unregister flow_indr if it was never registered Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 131/194] sock: Fix misuse of sk_under_memory_pressure() Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 132/194] net: do not allow gso_size to be set to GSO_BY_FRAGS Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 133/194] qede: fix firmware halt over suspend and resume Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 134/194] ice: Block switchdev mode when ADQ is active and vice versa Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 135/194] bus: ti-sysc: Flush posted write on enable before reset Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 136/194] arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 137/194] arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 138/194] arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+ Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 139/194] ARM: dts: imx: align LED node names with dtschema Greg Kroah-Hartman
2023-08-21 19:41 ` [PATCH 6.1 140/194] ARM: dts: imx6: phytec: fix RTC interrupt level Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 141/194] arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 142/194] ARM: dts: imx: Set default tuning step for imx6sx usdhc Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 143/194] arm64: dts: imx93: Fix anatop node size Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 144/194] ASoC: rt5665: add missed regulator_bulk_disable Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 145/194] ASoC: meson: axg-tdm-formatter: fix channel slot allocation Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 146/194] ALSA: hda/realtek: Add quirks for HP G11 Laptops Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 147/194] soc: aspeed: uart-routing: Use __sysfs_match_string Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 148/194] soc: aspeed: socinfo: Add kfree for kstrdup Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 149/194] ALSA: hda/realtek - Remodified 3k pull low procedure Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 150/194] riscv: uaccess: Return the number of bytes effectively not copied Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 151/194] serial: 8250: Fix oops for port->pm on uart_change_pm() Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 152/194] ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 153/194] cifs: Release folio lock on fscache read hit Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 154/194] riscv: Handle zicsr/zifencei issue between gcc and binutils Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 155/194] virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 156/194] arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 157/194] blk-crypto: dynamically allocate fallback profile Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 158/194] mmc: wbsd: fix double mmc_free_host() in wbsd_init() Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 159/194] mmc: block: Fix in_flight[issue_type] value error Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 160/194] drm/qxl: fix UAF on handle creation Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 161/194] drm/i915/sdvo: fix panel_type initialization Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 162/194] drm/amd: flush any delayed gfxoff on suspend entry Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 163/194] drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 164/194] drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 165/194] ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 166/194] drm/amd/display: disable RCO for DCN314 Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 167/194] zsmalloc: allow only one active pool compaction context Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 168/194] sched/fair: unlink misfit task from cpu overutilized Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 169/194] sched/fair: Remove capacity inversion detection Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 170/194] drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 171/194] hugetlb: do not clear hugetlb dtor until allocating vmemmap Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 172/194] netfilter: set default timeout to 3 secs for sctp shutdown send and recv state Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 173/194] x86/cpu: Fix __x86_return_thunk symbol type Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 174/194] x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 175/194] x86/alternative: Make custom return thunk unconditional Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 176/194] x86/cpu: Clean up SRSO return thunk mess Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 177/194] x86/cpu: Rename original retbleed methods Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 178/194] x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 179/194] x86/cpu: Cleanup the untrain mess Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 180/194] x86/srso: Explain the untraining sequences a bit more Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 181/194] x86/static_call: Fix __static_call_fixup() Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 182/194] x86/retpoline: Dont clobber RFLAGS during srso_safe_ret() Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 183/194] x86/CPU/AMD: Fix the DIV(0) initial fix attempt Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 184/194] x86/srso: Disable the mitigation on unaffected configurations Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 185/194] x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 186/194] objtool/x86: Fixup frame-pointer vs rethunk Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 187/194] x86/srso: Correct the mitigation status when SMT is disabled Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 188/194] arm64/ptrace: Ensure that SME is set up for target when writing SSVE state Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 189/194] drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 190/194] drm/amdgpu: keep irq count in amdgpu_irq_disable_all Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 191/194] af_unix: Fix null-ptr-deref in unix_stream_sendpage() Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 192/194] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 193/194] net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled Greg Kroah-Hartman
2023-08-21 19:42 ` [PATCH 6.1 194/194] mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove Greg Kroah-Hartman
2023-08-21 22:58 ` [PATCH 6.1 000/194] 6.1.47-rc1 review Joel Fernandes
2023-08-22 15:41 ` Joel Fernandes
2023-08-21 23:35 ` Takeshi Ogasawara
2023-08-22 3:00 ` Bagas Sanjaya
2023-08-22 10:55 ` Naresh Kamboju
2023-08-22 15:27 ` Salvatore Bonaccorso
2023-08-22 15:51 ` Greg Kroah-Hartman
2023-08-22 17:27 ` Greg Kroah-Hartman
2023-08-22 11:01 ` SeongJae Park
2023-08-22 14:08 ` Shuah Khan
2023-08-22 20:23 ` Florian Fainelli
2023-08-22 23:55 ` Ron Economos
2023-08-23 0:49 ` Guenter Roeck
2023-08-23 7:03 ` Greg Kroah-Hartman
2023-08-23 8:17 ` Naresh Kamboju
2023-08-23 8:27 ` Greg Kroah-Hartman
2023-08-23 13:30 ` Guenter Roeck
2023-08-23 15:50 ` Greg Kroah-Hartman
2023-08-24 13:35 ` Greg Kroah-Hartman
2023-08-24 15:08 ` Guenter Roeck
2023-08-24 15:15 ` Greg Kroah-Hartman
2023-08-24 15:58 ` Guenter Roeck
2023-08-24 16:40 ` Greg Kroah-Hartman
2023-08-23 13:28 ` Guenter Roeck
2023-08-23 8:54 ` Sudip Mukherjee (Codethink)
2023-08-23 9:26 ` Greg Kroah-Hartman
2023-08-23 10:32 ` Naresh Kamboju
2023-08-23 13:30 ` Guenter Roeck
2023-08-23 14:37 ` Sudip Mukherjee
2023-08-23 9:35 ` Conor Dooley
2023-08-23 13:37 ` Guenter Roeck
2023-08-23 15:24 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230821194127.264929960@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linma@zju.edu.cn \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).