From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Robert Morris <rtm@csail.mit.edu>,
"Paulo Alcantara (SUSE)" <pc@manguebit.com>,
Steve French <stfrench@microsoft.com>,
Guruswamy Basavaiah <guruswamy.basavaiah@broadcom.com>
Subject: [PATCH 5.10 005/122] smb: client: fix potential OOBs in smb2_parse_contexts()
Date: Tue, 27 Feb 2024 14:26:06 +0100 [thread overview]
Message-ID: <20240227131558.879202806@linuxfoundation.org> (raw)
In-Reply-To: <20240227131558.694096204@linuxfoundation.org>
5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
[ Upstream commit af1689a9b7701d9907dfc84d2a4b57c4bc907144 ]
Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts().
This fixes following oops when accessing invalid create contexts from
server:
BUG: unable to handle page fault for address: ffff8881178d8cc3
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4a01067 P4D 4a01067 PUD 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x181/0x480
? search_module_extables+0x19/0x60
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x1b6/0x1c0
? asm_exc_page_fault+0x26/0x30
? smb2_parse_contexts+0xa0/0x3a0 [cifs]
SMB2_open+0x38d/0x5f0 [cifs]
? smb2_is_path_accessible+0x138/0x260 [cifs]
smb2_is_path_accessible+0x138/0x260 [cifs]
cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs]
cifs_smb3_do_mount+0x128/0x780 [cifs]
smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100
? capable+0x37/0x70
path_mount+0x2d7/0xb80
? srso_alias_return_thunk+0x5/0xfbef5
? _raw_spin_unlock_irqrestore+0x44/0x60
__x64_sys_mount+0x11a/0x150
do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f8737657b1e
Reported-by: Robert Morris <rtm@csail.mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
[Guru: Removed changes to cached_dir.c and checking return value
of smb2_parse_contexts in smb2ops.c]
Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 4 +-
fs/cifs/smb2pdu.c | 91 +++++++++++++++++++++++++++++++---------------------
fs/cifs/smb2proto.h | 12 ++++--
3 files changed, 65 insertions(+), 42 deletions(-)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -818,10 +818,12 @@ int open_shroot(unsigned int xid, struct
if (o_rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) {
kref_get(&tcon->crfid.refcount);
tcon->crfid.has_lease = true;
- smb2_parse_contexts(server, o_rsp,
+ rc = smb2_parse_contexts(server, rsp_iov,
&oparms.fid->epoch,
oparms.fid->lease_key, &oplock,
NULL, NULL);
+ if (rc)
+ goto oshr_exit;
} else
goto oshr_exit;
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1991,17 +1991,18 @@ parse_posix_ctxt(struct create_context *
posix->nlink, posix->mode, posix->reparse_tag);
}
-void
-smb2_parse_contexts(struct TCP_Server_Info *server,
- struct smb2_create_rsp *rsp,
- unsigned int *epoch, char *lease_key, __u8 *oplock,
- struct smb2_file_all_info *buf,
- struct create_posix_rsp *posix)
+int smb2_parse_contexts(struct TCP_Server_Info *server,
+ struct kvec *rsp_iov,
+ unsigned int *epoch,
+ char *lease_key, __u8 *oplock,
+ struct smb2_file_all_info *buf,
+ struct create_posix_rsp *posix)
{
- char *data_offset;
+ struct smb2_create_rsp *rsp = rsp_iov->iov_base;
struct create_context *cc;
- unsigned int next;
- unsigned int remaining;
+ size_t rem, off, len;
+ size_t doff, dlen;
+ size_t noff, nlen;
char *name;
static const char smb3_create_tag_posix[] = {
0x93, 0xAD, 0x25, 0x50, 0x9C,
@@ -2010,45 +2011,63 @@ smb2_parse_contexts(struct TCP_Server_In
};
*oplock = 0;
- data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);
- remaining = le32_to_cpu(rsp->CreateContextsLength);
- cc = (struct create_context *)data_offset;
+
+ off = le32_to_cpu(rsp->CreateContextsOffset);
+ rem = le32_to_cpu(rsp->CreateContextsLength);
+ if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len)
+ return -EINVAL;
+ cc = (struct create_context *)((u8 *)rsp + off);
/* Initialize inode number to 0 in case no valid data in qfid context */
if (buf)
buf->IndexNumber = 0;
- while (remaining >= sizeof(struct create_context)) {
- name = le16_to_cpu(cc->NameOffset) + (char *)cc;
- if (le16_to_cpu(cc->NameLength) == 4 &&
- strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0)
- *oplock = server->ops->parse_lease_buf(cc, epoch,
- lease_key);
- else if (buf && (le16_to_cpu(cc->NameLength) == 4) &&
- strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0)
- parse_query_id_ctxt(cc, buf);
- else if ((le16_to_cpu(cc->NameLength) == 16)) {
- if (posix &&
- memcmp(name, smb3_create_tag_posix, 16) == 0)
+ while (rem >= sizeof(*cc)) {
+ doff = le16_to_cpu(cc->DataOffset);
+ dlen = le32_to_cpu(cc->DataLength);
+ if (check_add_overflow(doff, dlen, &len) || len > rem)
+ return -EINVAL;
+
+ noff = le16_to_cpu(cc->NameOffset);
+ nlen = le16_to_cpu(cc->NameLength);
+ if (noff + nlen >= doff)
+ return -EINVAL;
+
+ name = (char *)cc + noff;
+ switch (nlen) {
+ case 4:
+ if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) {
+ *oplock = server->ops->parse_lease_buf(cc, epoch,
+ lease_key);
+ } else if (buf &&
+ !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) {
+ parse_query_id_ctxt(cc, buf);
+ }
+ break;
+ case 16:
+ if (posix && !memcmp(name, smb3_create_tag_posix, 16))
parse_posix_ctxt(cc, buf, posix);
+ break;
+ default:
+ cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n",
+ __func__, nlen, dlen);
+ if (IS_ENABLED(CONFIG_CIFS_DEBUG2))
+ cifs_dump_mem("context data: ", cc, dlen);
+ break;
}
- /* else {
- cifs_dbg(FYI, "Context not matched with len %d\n",
- le16_to_cpu(cc->NameLength));
- cifs_dump_mem("Cctxt name: ", name, 4);
- } */
- next = le32_to_cpu(cc->Next);
- if (!next)
+ off = le32_to_cpu(cc->Next);
+ if (!off)
break;
- remaining -= next;
- cc = (struct create_context *)((char *)cc + next);
+ if (check_sub_overflow(rem, off, &rem))
+ return -EINVAL;
+ cc = (struct create_context *)((u8 *)cc + off);
}
if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
*oplock = rsp->OplockLevel;
- return;
+ return 0;
}
static int
@@ -2915,8 +2934,8 @@ SMB2_open(const unsigned int xid, struct
}
- smb2_parse_contexts(server, rsp, &oparms->fid->epoch,
- oparms->fid->lease_key, oplock, buf, posix);
+ rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch,
+ oparms->fid->lease_key, oplock, buf, posix);
creat_exit:
SMB2_open_free(&rqst);
free_rsp_buf(resp_buftype, rsp);
--- a/fs/cifs/smb2proto.h
+++ b/fs/cifs/smb2proto.h
@@ -270,11 +270,13 @@ extern int smb3_validate_negotiate(const
extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
enum securityEnum);
-extern void smb2_parse_contexts(struct TCP_Server_Info *server,
- struct smb2_create_rsp *rsp,
- unsigned int *epoch, char *lease_key,
- __u8 *oplock, struct smb2_file_all_info *buf,
- struct create_posix_rsp *posix);
+int smb2_parse_contexts(struct TCP_Server_Info *server,
+ struct kvec *rsp_iov,
+ unsigned int *epoch,
+ char *lease_key, __u8 *oplock,
+ struct smb2_file_all_info *buf,
+ struct create_posix_rsp *posix);
+
extern int smb3_encryption_required(const struct cifs_tcon *tcon);
extern int smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
struct kvec *iov, unsigned int min_buf_size);
next prev parent reply other threads:[~2024-02-27 14:26 UTC|newest]
Thread overview: 140+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 13:26 [PATCH 5.10 000/122] 5.10.211-rc1 review Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 001/122] net/sched: Retire CBQ qdisc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 002/122] net/sched: Retire ATM qdisc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 003/122] net/sched: Retire dsmark qdisc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 004/122] smb: client: fix OOB in receive_encrypted_standard() Greg Kroah-Hartman
2024-02-27 13:26 ` Greg Kroah-Hartman [this message]
2024-02-27 13:26 ` [PATCH 5.10 006/122] smb: client: fix parsing of SMB3.1.1 POSIX create context Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 007/122] sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 008/122] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 009/122] zonefs: Improve error handling Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 010/122] sched/rt: Fix sysctl_sched_rr_timeslice intial value Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 011/122] sched/rt: Disallow writing invalid values to sched_rt_period_us Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 012/122] scsi: target: core: Add TMF to tmr_list handling Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 013/122] dmaengine: shdma: increase size of dev_id Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 014/122] dmaengine: fsl-qdma: increase size of irq_name Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 015/122] wifi: cfg80211: fix missing interfaces when dumping Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 016/122] wifi: mac80211: fix race condition on enabling fast-xmit Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 017/122] fbdev: savage: Error out if pixclock equals zero Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 018/122] fbdev: sis: " Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 019/122] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 020/122] ahci: asm1166: correct count of reported ports Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 021/122] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 022/122] ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 023/122] ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 024/122] dmaengine: ti: edma: Add some null pointer checks to the edma_probe Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 025/122] regulator: pwm-regulator: Add validity checks in continuous .get_voltage Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 026/122] nvmet-tcp: fix nvme tcp ida memory leak Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 027/122] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 028/122] spi: sh-msiof: avoid integer overflow in constants Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 029/122] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 030/122] nvme-fc: do not wait in vain when unloading module Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 031/122] nvmet-fcloop: swap the list_add_tail arguments Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 032/122] nvmet-fc: release reference on target port Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 033/122] nvmet-fc: abort command when there is no binding Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 034/122] ext4: correct the hole length returned by ext4_map_blocks() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 035/122] Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 036/122] efi: runtime: Fix potential overflow of soft-reserved region size Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 037/122] efi: Dont add memblocks for soft-reserved memory Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 038/122] hwmon: (coretemp) Enlarge per package core count limit Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 039/122] scsi: lpfc: Use unsigned type for num_sge Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 040/122] firewire: core: send bus reset promptly on gap count error Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 041/122] virtio-blk: Ensure no requests in virtqueues before deleting vqs Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 042/122] pmdomain: renesas: r8a77980-sysc: CR7 must be always on Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 043/122] ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 044/122] irqchip/mips-gic: Dont touch vl_map if a local interrupt is not routable Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 045/122] ARM: dts: imx: Set default tuning step for imx6sx usdhc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 046/122] ASoC: fsl_micfil: register platform component before registering cpu dai Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 047/122] media: av7110: prevent underflow in write_ts_to_decoder() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 048/122] hvc/xen: prevent concurrent accesses to the shared ring Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 049/122] hsr: Avoid double remove of a node Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 050/122] x86/uaccess: Implement macros for CMPXCHG on user addresses Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 051/122] seccomp: Invalidate seccomp mode to catch death failures Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 052/122] block: ataflop: fix breakage introduced at blk-mq refactoring Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 053/122] powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 054/122] powerpc/watchpoints: Annotate atomic context in more places Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 055/122] cifs: add a warning when the in-flight count goes negative Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 056/122] mtd: spinand: macronix: Add support for MX35LFxGE4AD Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 057/122] ASoC: Intel: boards: harden codec property handling Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.10 058/122] ASoC: Intel: boards: get codec device with ACPI instead of bus search Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 059/122] ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 060/122] task_stack, x86/cea: Force-inline stack helpers Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 061/122] btrfs: tree-checker: check for overlapping extent items Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 062/122] btrfs: introduce btrfs_lookup_match_dir Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 063/122] btrfs: unify lookup return value when dir entry is missing Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 064/122] btrfs: do not pin logs too early during renames Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 065/122] lan743x: fix for potential NULL pointer dereference with bare card Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 066/122] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 067/122] iwlwifi: mvm: do more useful queue sync accounting Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 068/122] iwlwifi: mvm: write queue_sync_state only for sync Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 069/122] jbd2: remove redundant buffer io error checks Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 070/122] jbd2: recheck chechpointing non-dirty buffer Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 071/122] jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 072/122] x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 073/122] erofs: fix lz4 inplace decompression Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 074/122] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 075/122] s390/cio: fix invalid -EBUSY on ccw_device_start Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 076/122] dm-crypt: dont modify the data when using authenticated encryption Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 077/122] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 078/122] KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 079/122] gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 080/122] PCI/MSI: Prevent MSI hardware interrupt number truncation Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 081/122] l2tp: pass correct message length to ip6_append_data Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 082/122] ARM: ep93xx: Add terminator to gpiod_lookup_table Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 083/122] Revert "x86/ftrace: Use alternative RET encoding" Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 084/122] x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 085/122] x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Greg Kroah-Hartman
2024-03-04 18:49 ` Omar Sandoval
2024-03-05 11:27 ` [PATCH for 5.10-stable] x86/paravirt: Fix build due to __text_gen_insn() backport Borislav Petkov
2024-03-11 20:43 ` Omar Sandoval
2024-03-18 10:17 ` [PATCH 5.10 085/122] x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Emeric Brun
2024-03-18 14:20 ` Borislav Petkov
2024-03-20 16:03 ` Sasha Levin
2024-02-27 13:27 ` [PATCH 5.10 086/122] x86/ftrace: Use alternative RET encoding Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 087/122] x86/returnthunk: Allow different return thunks Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 088/122] Revert "x86/alternative: Make custom return thunk unconditional" Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 089/122] x86/alternative: Make custom return thunk unconditional Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 090/122] usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 091/122] usb: cdns3: fix memory double free when handle zero packet Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 092/122] usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 093/122] usb: roles: fix NULL pointer issue when put modules reference Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 094/122] usb: roles: dont get/set_role() when usb_role_switch is unregistered Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 095/122] mptcp: fix lockless access in subflow ULP diag Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 096/122] IB/hfi1: Fix a memleak in init_credit_return Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 097/122] RDMA/bnxt_re: Return error for SRQ resize Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 098/122] RDMA/srpt: Support specifying the srpt_service_guid parameter Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 099/122] RDMA/qedr: Fix qedr_create_user_qp error flow Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 100/122] arm64: dts: rockchip: set num-cs property for spi on px30 Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 101/122] RDMA/srpt: fix function pointer cast warnings Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 102/122] bpf, scripts: Correct GPL license name Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 103/122] scsi: jazz_esp: Only build if SCSI core is builtin Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 104/122] nouveau: fix function cast warnings Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 105/122] ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 106/122] ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 107/122] afs: Increase buffer size in afs_update_volume_status() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 108/122] ipv6: sr: fix possible use-after-free and null-ptr-deref Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 109/122] packet: move from strlcpy with unused retval to strscpy Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 110/122] net: dev: Convert sa_data to flexible array in struct sockaddr Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 111/122] s390: use the correct count for __iowrite64_copy() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 112/122] tls: rx: jump to a more appropriate label Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 113/122] tls: rx: drop pointless else after goto Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 114/122] tls: stop recv() if initial process_rx_list gave us non-DATA Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 115/122] netfilter: nf_tables: set dormant flag on hook register failure Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 116/122] drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 117/122] drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.10 118/122] drm/amd/display: Fix memory leak in dm_sw_fini() Greg Kroah-Hartman
2024-02-27 13:28 ` [PATCH 5.10 119/122] block: ataflop: more blk-mq refactoring fixes Greg Kroah-Hartman
2024-02-27 13:28 ` [PATCH 5.10 120/122] fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Greg Kroah-Hartman
2024-02-27 13:28 ` [PATCH 5.10 121/122] arp: Prevent overflow in arp_req_get() Greg Kroah-Hartman
2024-02-27 13:28 ` [PATCH 5.10 122/122] ext4: regenerate buddy after block freeing failed if under fc replay Greg Kroah-Hartman
2024-02-27 18:28 ` [PATCH 5.10 000/122] 5.10.211-rc1 review Pavel Machek
2024-02-27 18:56 ` Daniel Díaz
2024-02-27 18:56 ` Florian Fainelli
2024-02-28 6:03 ` Greg Kroah-Hartman
2024-02-27 18:58 ` Florian Fainelli
2024-02-27 23:59 ` Dominique Martinet
2024-02-28 6:06 ` Greg Kroah-Hartman
2024-02-28 20:39 ` Kees Cook
2024-02-29 2:22 ` Dominique Martinet
2024-02-28 13:42 ` Jon Hunter
2024-02-29 10:56 ` Shreeya Patel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240227131558.879202806@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=guruswamy.basavaiah@broadcom.com \
--cc=patches@lists.linux.dev \
--cc=pc@manguebit.com \
--cc=rtm@csail.mit.edu \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox