From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 087/151] Bluetooth: SMP: Fix assumption of Central always being Initiator
Date: Sun, 1 Sep 2024 18:17:27 +0200 [thread overview]
Message-ID: <20240901160817.391471323@linuxfoundation.org> (raw)
In-Reply-To: <20240901160814.090297276@linuxfoundation.org>
5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 28cd47f75185c4818b0fb1b46f2f02faaba96376 ]
SMP initiator role shall be considered the one that initiates the
pairing procedure with SMP_CMD_PAIRING_REQ:
BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part H
page 1557:
Figure 2.1: LE pairing phases
Note that by sending SMP_CMD_SECURITY_REQ it doesn't change the role to
be Initiator.
Link: https://github.com/bluez/bluez/issues/567
Fixes: b28b4943660f ("Bluetooth: Add strict checks for allowed SMP PDUs")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/smp.c | 144 ++++++++++++++++++++++----------------------
1 file changed, 72 insertions(+), 72 deletions(-)
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 27381e7425a8f..20cae8f768762 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -914,7 +914,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
* Confirms and the responder Enters the passkey.
*/
if (smp->method == OVERLAP) {
- if (hcon->role == HCI_ROLE_MASTER)
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags))
smp->method = CFM_PASSKEY;
else
smp->method = REQ_PASSKEY;
@@ -964,7 +964,7 @@ static u8 smp_confirm(struct smp_chan *smp)
smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
- if (conn->hcon->out)
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags))
SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
else
SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
@@ -980,7 +980,8 @@ static u8 smp_random(struct smp_chan *smp)
int ret;
bt_dev_dbg(conn->hcon->hdev, "conn %p %s", conn,
- conn->hcon->out ? "initiator" : "responder");
+ test_bit(SMP_FLAG_INITIATOR, &smp->flags) ? "initiator" :
+ "responder");
ret = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp,
hcon->init_addr_type, &hcon->init_addr,
@@ -994,7 +995,7 @@ static u8 smp_random(struct smp_chan *smp)
return SMP_CONFIRM_FAILED;
}
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
u8 stk[16];
__le64 rand = 0;
__le16 ediv = 0;
@@ -1251,14 +1252,15 @@ static void smp_distribute_keys(struct smp_chan *smp)
rsp = (void *) &smp->prsp[1];
/* The responder sends its keys first */
- if (hcon->out && (smp->remote_key_dist & KEY_DIST_MASK)) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags) &&
+ (smp->remote_key_dist & KEY_DIST_MASK)) {
smp_allow_key_dist(smp);
return;
}
req = (void *) &smp->preq[1];
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
keydist = &rsp->init_key_dist;
*keydist &= req->init_key_dist;
} else {
@@ -1427,7 +1429,7 @@ static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16])
struct hci_conn *hcon = smp->conn->hcon;
u8 *na, *nb, a[7], b[7];
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
na = smp->prnd;
nb = smp->rrnd;
} else {
@@ -1455,7 +1457,7 @@ static void sc_dhkey_check(struct smp_chan *smp)
a[6] = hcon->init_addr_type;
b[6] = hcon->resp_addr_type;
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
local_addr = a;
remote_addr = b;
memcpy(io_cap, &smp->preq[1], 3);
@@ -1534,7 +1536,7 @@ static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
/* The round is only complete when the initiator
* receives pairing random.
*/
- if (!hcon->out) {
+ if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
sizeof(smp->prnd), smp->prnd);
if (smp->passkey_round == 20)
@@ -1562,7 +1564,7 @@ static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
sizeof(smp->prnd), smp->prnd);
return 0;
@@ -1573,7 +1575,7 @@ static u8 sc_passkey_round(struct smp_chan *smp, u8 smp_op)
case SMP_CMD_PUBLIC_KEY:
default:
/* Initiating device starts the round */
- if (!hcon->out)
+ if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags))
return 0;
bt_dev_dbg(hdev, "Starting passkey round %u",
@@ -1618,7 +1620,7 @@ static int sc_user_reply(struct smp_chan *smp, u16 mgmt_op, __le32 passkey)
}
/* Initiator sends DHKey check first */
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
sc_dhkey_check(smp);
SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
} else if (test_and_clear_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags)) {
@@ -1741,7 +1743,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
struct smp_cmd_pairing rsp, *req = (void *) skb->data;
struct l2cap_chan *chan = conn->smp;
struct hci_dev *hdev = conn->hcon->hdev;
- struct smp_chan *smp;
+ struct smp_chan *smp = chan->data;
u8 key_size, auth, sec_level;
int ret;
@@ -1750,16 +1752,14 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
if (skb->len < sizeof(*req))
return SMP_INVALID_PARAMS;
- if (conn->hcon->role != HCI_ROLE_SLAVE)
+ if (smp && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
return SMP_CMD_NOTSUPP;
- if (!chan->data)
+ if (!smp) {
smp = smp_chan_create(conn);
- else
- smp = chan->data;
-
- if (!smp)
- return SMP_UNSPECIFIED;
+ if (!smp)
+ return SMP_UNSPECIFIED;
+ }
/* We didn't start the pairing, so match remote */
auth = req->auth_req & AUTH_REQ_MASK(hdev);
@@ -1941,7 +1941,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
if (skb->len < sizeof(*rsp))
return SMP_INVALID_PARAMS;
- if (conn->hcon->role != HCI_ROLE_MASTER)
+ if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags))
return SMP_CMD_NOTSUPP;
skb_pull(skb, sizeof(*rsp));
@@ -2036,7 +2036,7 @@ static u8 sc_check_confirm(struct smp_chan *smp)
if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
return sc_passkey_round(smp, SMP_CMD_PAIRING_CONFIRM);
- if (conn->hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
smp->prnd);
SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
@@ -2058,7 +2058,7 @@ static int fixup_sc_false_positive(struct smp_chan *smp)
u8 auth;
/* The issue is only observed when we're in responder role */
- if (hcon->out)
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags))
return SMP_UNSPECIFIED;
if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
@@ -2094,7 +2094,8 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
struct hci_dev *hdev = hcon->hdev;
bt_dev_dbg(hdev, "conn %p %s", conn,
- hcon->out ? "initiator" : "responder");
+ test_bit(SMP_FLAG_INITIATOR, &smp->flags) ? "initiator" :
+ "responder");
if (skb->len < sizeof(smp->pcnf))
return SMP_INVALID_PARAMS;
@@ -2116,7 +2117,7 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
return ret;
}
- if (conn->hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
smp->prnd);
SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RANDOM);
@@ -2151,7 +2152,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
if (!test_bit(SMP_FLAG_SC, &smp->flags))
return smp_random(smp);
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
pkax = smp->local_pk;
pkbx = smp->remote_pk;
na = smp->prnd;
@@ -2164,7 +2165,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
}
if (smp->method == REQ_OOB) {
- if (!hcon->out)
+ if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags))
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
sizeof(smp->prnd), smp->prnd);
SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
@@ -2175,7 +2176,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
if (smp->method == REQ_PASSKEY || smp->method == DSP_PASSKEY)
return sc_passkey_round(smp, SMP_CMD_PAIRING_RANDOM);
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
u8 cfm[16];
err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->local_pk,
@@ -2216,7 +2217,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
return SMP_UNSPECIFIED;
if (smp->method == REQ_OOB) {
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
sc_dhkey_check(smp);
SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
}
@@ -2290,10 +2291,27 @@ bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
return false;
}
+static void smp_send_pairing_req(struct smp_chan *smp, __u8 auth)
+{
+ struct smp_cmd_pairing cp;
+
+ if (smp->conn->hcon->type == ACL_LINK)
+ build_bredr_pairing_cmd(smp, &cp, NULL);
+ else
+ build_pairing_cmd(smp->conn, &cp, NULL, auth);
+
+ smp->preq[0] = SMP_CMD_PAIRING_REQ;
+ memcpy(&smp->preq[1], &cp, sizeof(cp));
+
+ smp_send_cmd(smp->conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
+ SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
+
+ set_bit(SMP_FLAG_INITIATOR, &smp->flags);
+}
+
static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
{
struct smp_cmd_security_req *rp = (void *) skb->data;
- struct smp_cmd_pairing cp;
struct hci_conn *hcon = conn->hcon;
struct hci_dev *hdev = hcon->hdev;
struct smp_chan *smp;
@@ -2342,16 +2360,20 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
skb_pull(skb, sizeof(*rp));
- memset(&cp, 0, sizeof(cp));
- build_pairing_cmd(conn, &cp, NULL, auth);
+ smp_send_pairing_req(smp, auth);
- smp->preq[0] = SMP_CMD_PAIRING_REQ;
- memcpy(&smp->preq[1], &cp, sizeof(cp));
+ return 0;
+}
- smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
- SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
+static void smp_send_security_req(struct smp_chan *smp, __u8 auth)
+{
+ struct smp_cmd_security_req cp;
- return 0;
+ cp.auth_req = auth;
+ smp_send_cmd(smp->conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
+ SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
+
+ clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
}
int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
@@ -2422,23 +2444,11 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
authreq |= SMP_AUTH_MITM;
}
- if (hcon->role == HCI_ROLE_MASTER) {
- struct smp_cmd_pairing cp;
-
- build_pairing_cmd(conn, &cp, NULL, authreq);
- smp->preq[0] = SMP_CMD_PAIRING_REQ;
- memcpy(&smp->preq[1], &cp, sizeof(cp));
-
- smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
- SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
- } else {
- struct smp_cmd_security_req cp;
- cp.auth_req = authreq;
- smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
- SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_REQ);
- }
+ if (hcon->role == HCI_ROLE_MASTER)
+ smp_send_pairing_req(smp, authreq);
+ else
+ smp_send_security_req(smp, authreq);
- set_bit(SMP_FLAG_INITIATOR, &smp->flags);
ret = 0;
unlock:
@@ -2689,8 +2699,6 @@ static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
static u8 sc_select_method(struct smp_chan *smp)
{
- struct l2cap_conn *conn = smp->conn;
- struct hci_conn *hcon = conn->hcon;
struct smp_cmd_pairing *local, *remote;
u8 local_mitm, remote_mitm, local_io, remote_io, method;
@@ -2703,7 +2711,7 @@ static u8 sc_select_method(struct smp_chan *smp)
* the "struct smp_cmd_pairing" from them we need to skip the
* first byte which contains the opcode.
*/
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
local = (void *) &smp->preq[1];
remote = (void *) &smp->prsp[1];
} else {
@@ -2772,7 +2780,7 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
/* Non-initiating device sends its public key after receiving
* the key from the initiating device.
*/
- if (!hcon->out) {
+ if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
err = sc_send_public_key(smp);
if (err)
return err;
@@ -2834,7 +2842,7 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
}
if (smp->method == REQ_OOB) {
- if (hcon->out)
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags))
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
sizeof(smp->prnd), smp->prnd);
@@ -2843,7 +2851,7 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
return 0;
}
- if (hcon->out)
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags))
SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_CONFIRM);
if (smp->method == REQ_PASSKEY) {
@@ -2858,7 +2866,7 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
/* The Initiating device waits for the non-initiating device to
* send the confirm value.
*/
- if (conn->hcon->out)
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags))
return 0;
err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->remote_pk, smp->prnd,
@@ -2892,7 +2900,7 @@ static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
a[6] = hcon->init_addr_type;
b[6] = hcon->resp_addr_type;
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
local_addr = a;
remote_addr = b;
memcpy(io_cap, &smp->prsp[1], 3);
@@ -2917,7 +2925,7 @@ static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
if (crypto_memneq(check->e, e, 16))
return SMP_DHKEY_CHECK_FAILED;
- if (!hcon->out) {
+ if (!test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
if (test_bit(SMP_FLAG_WAIT_USER, &smp->flags)) {
set_bit(SMP_FLAG_DHKEY_PENDING, &smp->flags);
return 0;
@@ -2929,7 +2937,7 @@ static int smp_cmd_dhkey_check(struct l2cap_conn *conn, struct sk_buff *skb)
sc_add_ltk(smp);
- if (hcon->out) {
+ if (test_bit(SMP_FLAG_INITIATOR, &smp->flags)) {
hci_le_start_enc(hcon, 0, 0, smp->tk, smp->enc_key_size);
hcon->enc_key_size = smp->enc_key_size;
}
@@ -3078,7 +3086,6 @@ static void bredr_pairing(struct l2cap_chan *chan)
struct l2cap_conn *conn = chan->conn;
struct hci_conn *hcon = conn->hcon;
struct hci_dev *hdev = hcon->hdev;
- struct smp_cmd_pairing req;
struct smp_chan *smp;
bt_dev_dbg(hdev, "chan %p", chan);
@@ -3130,14 +3137,7 @@ static void bredr_pairing(struct l2cap_chan *chan)
bt_dev_dbg(hdev, "starting SMP over BR/EDR");
- /* Prepare and send the BR/EDR SMP Pairing Request */
- build_bredr_pairing_cmd(smp, &req, NULL);
-
- smp->preq[0] = SMP_CMD_PAIRING_REQ;
- memcpy(&smp->preq[1], &req, sizeof(req));
-
- smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(req), &req);
- SMP_ALLOW_CMD(smp, SMP_CMD_PAIRING_RSP);
+ smp_send_pairing_req(smp, 0x00);
}
static void smp_resume_cb(struct l2cap_chan *chan)
--
2.43.0
next prev parent reply other threads:[~2024-09-01 16:53 UTC|newest]
Thread overview: 165+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-01 16:16 [PATCH 5.10 000/151] 5.10.225-rc1 review Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 001/151] fuse: Initialize beyond-EOF page contents before setting uptodate Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 002/151] ALSA: usb-audio: Support Yamaha P-125 quirk entry Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 003/151] xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 004/151] thunderbolt: Mark XDomain as unplugged when router is removed Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 005/151] s390/dasd: fix error recovery leading to data corruption on ESE devices Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 006/151] arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 007/151] dm resume: dont return EINVAL when signalled Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 008/151] dm persistent data: fix memory allocation failure Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 009/151] vfs: Dont evict inode under the inode lru traversing context Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 010/151] bitmap: introduce generic optimized bitmap_size() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 011/151] fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 012/151] selinux: fix potential counting error in avc_add_xperms_decision() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 013/151] btrfs: tree-checker: add dev extent item checks Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 014/151] drm/amdgpu: Actually check flags for all context ops Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 015/151] memcg_write_event_control(): fix a user-triggerable oops Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 016/151] drm/amdgpu/jpeg2: properly set atomics vmid field Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 017/151] s390/cio: rename bitmap_size() -> idset_bitmap_size() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 018/151] btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 019/151] s390/uv: Panic for set and remove shared access UVC errors Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 020/151] net/mlx5e: Correctly report errors for ethtool rx flows Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 021/151] atm: idt77252: prevent use after free in dequeue_rx() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 022/151] net: axienet: Fix register defines comment description Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 023/151] net: dsa: vsc73xx: pass value in phy_write operation Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 024/151] net: dsa: vsc73xx: use read_poll_timeout instead delay loop Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 025/151] net: dsa: vsc73xx: check busy flag in MDIO operations Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 026/151] mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 027/151] netfilter: flowtable: initialise extack before use Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 028/151] net: hns3: fix wrong use of semaphore up Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 029/151] net: hns3: fix a deadlock problem when config TC during resetting Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 030/151] ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 031/151] ssb: Fix division by zero issue in ssb_calc_clock_rate Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 032/151] wifi: mac80211: fix BA session teardown race Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 033/151] wifi: cw1200: Avoid processing an invalid TIM IE Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 034/151] i2c: riic: avoid potential division by zero Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 035/151] RDMA/rtrs: Fix the problem of variable not initialized fully Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 036/151] s390/smp,mcck: fix early IPI handling Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 037/151] media: radio-isa: use dev_name to fill in bus_info Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 038/151] staging: iio: resolver: ad2s1210: fix use before initialization Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 039/151] drm/amd/display: Validate hw_points_num before using it Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 040/151] staging: ks7010: disable bh on tx_dev_lock Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 041/151] binfmt_misc: cleanup on filesystem umount Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 042/151] media: qcom: venus: fix incorrect return value Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 043/151] scsi: spi: Fix sshdr use Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 044/151] gfs2: setattr_chown: Add missing initialization Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 045/151] wifi: iwlwifi: abort scan when rfkill on but device enabled Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 046/151] IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 047/151] powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 048/151] nvmet-trace: avoid dereferencing pointer too early Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 049/151] ext4: do not trim the group with corrupted block bitmap Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 050/151] quota: Remove BUG_ON from dqget() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 051/151] media: pci: cx23885: check cx23885_vdev_init() return Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 052/151] fs: binfmt_elf_efpic: dont use missing interpreters properties Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 053/151] scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 054/151] net/sun3_82586: Avoid reading past buffer in debug output Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 055/151] drm/lima: set gp bus_stop bit before hard reset Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 056/151] virtiofs: forbid newlines in tags Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 057/151] netlink: hold nlk->cb_mutex longer in __netlink_dump_start() Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 058/151] md: clean up invalid BUG_ON in md_ioctl Greg Kroah-Hartman
2024-09-01 16:16 ` [PATCH 5.10 059/151] x86: Increase brk randomness entropy for 64-bit systems Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 060/151] memory: stm32-fmc2-ebi: check regmap_read return value Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 061/151] parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 062/151] powerpc/boot: Handle allocation failure in simple_realloc() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 063/151] powerpc/boot: Only free if realloc() succeeds Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 064/151] btrfs: change BUG_ON to assertion when checking for delayed_node root Greg Kroah-Hartman
2024-09-11 4:02 ` Dominique Martinet
2024-09-11 5:23 ` Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 065/151] btrfs: handle invalid root reference found in may_destroy_subvol() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 066/151] btrfs: send: handle unexpected data in header buffer in begin_cmd() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 067/151] btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 068/151] f2fs: fix to do sanity check in update_sit_entry Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 069/151] usb: gadget: fsl: Increase size of name buffer for endpoints Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 070/151] Bluetooth: bnep: Fix out-of-bound access Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 071/151] net: hns3: add checking for vf id of mailbox Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 072/151] nvmet-tcp: do not continue for invalid icreq Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 073/151] NFS: avoid infinite loop in pnfs_update_layout Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 074/151] openrisc: Call setup_memory() earlier in the init sequence Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 075/151] s390/iucv: fix receive buffer virtual vs physical address confusion Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 076/151] usb: dwc3: core: Skip setting event buffers for host only controllers Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 077/151] fbdev: offb: replace of_node_put with __free(device_node) Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 078/151] irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 079/151] ext4: set the type of max_zeroout to unsigned int to avoid overflow Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 080/151] nvmet-rdma: fix possible bad dereference when freeing rsps Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 081/151] hrtimer: Prevent queuing of hrtimer without a function callback Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 082/151] gtp: pull network headers in gtp_dev_xmit() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 083/151] block: use "unsigned long" for blk_validate_block_size() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 084/151] media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 085/151] dm suspend: return -ERESTARTSYS instead of -EINTR Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 086/151] Bluetooth: hci_core: Fix LE quote calculation Greg Kroah-Hartman
2024-09-01 16:17 ` Greg Kroah-Hartman [this message]
2024-09-01 16:17 ` [PATCH 5.10 088/151] tc-testing: dont access non-existent variable on exception Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 089/151] kcm: Serialise kcm_sendmsg() for the same socket Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 090/151] netfilter: nft_counter: Synchronize nft_counter_reset() against reader Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 091/151] ip6_tunnel: Fix broken GRO Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 092/151] bonding: fix bond_ipsec_offload_ok return type Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 093/151] bonding: fix null pointer deref in bond_ipsec_offload_ok Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 094/151] bonding: fix xfrm real_dev null pointer dereference Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 095/151] bonding: fix xfrm state handling when clearing active slave Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 096/151] ice: fix ICE_LAST_OFFSET formula Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 097/151] net: dsa: mv88e6xxx: read FID when handling ATU violations Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 098/151] net: dsa: mv88e6xxx: replace ATU violation prints with trace points Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 099/151] net: dsa: mv88e6xxx: Fix out-of-bound access Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 100/151] netem: fix return value if duplicate enqueue fails Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 101/151] ipv6: prevent UAF in ip6_send_skb() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 102/151] net: xilinx: axienet: Always disable promiscuous mode Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 103/151] net: xilinx: axienet: Fix dangling multicast addresses Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 104/151] drm/msm/dpu: dont play tricks with debug macros Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 105/151] drm/msm/dp: reset the link phy params before link training Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 106/151] mmc: mmc_test: Fix NULL dereference on allocation failure Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 107/151] Bluetooth: MGMT: Add error handling to pair_device() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 108/151] binfmt_misc: pass binfmt_misc flags to the interpreter Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 109/151] MIPS: Loongson64: Set timer mode in cpu-probe Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 110/151] HID: wacom: Defer calculation of resolution until resolution_code is known Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 111/151] HID: microsoft: Add rumble support to latest xbox controllers Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 112/151] cxgb4: add forgotten u64 ivlan cast before shift Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 113/151] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 114/151] mmc: dw_mmc: allow biu and ciu clocks to defer Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 115/151] Revert "drm/amd/display: Validate hw_points_num before using it" Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 116/151] ALSA: timer: Relax start tick time check for slave timer elements Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 117/151] nfsd: Dont call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg() Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 118/151] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Greg Kroah-Hartman
2024-09-01 16:17 ` [PATCH 5.10 119/151] Input: MT - limit max slots Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 120/151] tools: move alignment-related macros to new <linux/align.h> Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 121/151] drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 122/151] KVM: arm64: Dont use cbz/adr with external symbols Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 123/151] pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 124/151] pinctrl: single: fix potential NULL dereference in pcs_get_function() Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 125/151] wifi: mwifiex: duplicate static structs used in driver instances Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 126/151] mptcp: sched: check both backup in retrans Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 127/151] ipc: replace costly bailout check in sysvipc_find_ipc() Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 128/151] drm/amdkfd: dont allow mapping the MMIO HDP page with large pages Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 129/151] media: uvcvideo: Fix integer overflow calculating timestamp Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 130/151] Revert "Input: ioc3kbd - convert to platform remove callback returning void" Greg Kroah-Hartman
2024-09-02 1:15 ` Dominique Martinet
2024-09-02 6:03 ` Greg Kroah-Hartman
2024-09-02 6:42 ` Dominique Martinet
2024-09-02 7:07 ` Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 131/151] ata: libata-core: Fix null pointer dereference on error Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 132/151] cgroup/cpuset: Prevent UAF in proc_cpuset_show() Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 133/151] net:rds: Fix possible deadlock in rds_message_put Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 134/151] ovl: do not fail because of O_NOATIME Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 135/151] soundwire: stream: fix programming slave ports for non-continous port maps Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 136/151] dmaengine: dw: Add peripheral bus width verification Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 137/151] dmaengine: dw: Add memory " Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 138/151] ethtool: check device is present when getting link settings Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 139/151] gtp: fix a potential NULL pointer dereference Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 140/151] net: busy-poll: use ktime_get_ns() instead of local_clock() Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 141/151] nfc: pn533: Add poll mod list filling check Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 142/151] soc: qcom: cmd-db: Map shared memory as WC, not WB Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 143/151] cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 144/151] USB: serial: option: add MeiG Smart SRM825L Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 145/151] usb: dwc3: omap: add missing depopulate in probe error path Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 146/151] usb: dwc3: core: Prevent USB core invalid event buffer address access Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 147/151] usb: dwc3: st: fix probed platform device ref count on probe error path Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 148/151] usb: dwc3: st: add missing depopulate in " Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 149/151] usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 150/151] scsi: aacraid: Fix double-free on probe failure Greg Kroah-Hartman
2024-09-01 16:18 ` [PATCH 5.10 151/151] apparmor: fix policy_unpack_test on big endian systems Greg Kroah-Hartman
2024-09-01 21:31 ` [PATCH 5.10 000/151] 5.10.225-rc1 review Dominique Martinet
2024-09-02 7:10 ` Pavel Machek
2024-09-02 8:33 ` Naresh Kamboju
2024-09-04 9:29 ` Greg Kroah-Hartman
2024-09-02 16:25 ` Florian Fainelli
2024-09-03 8:44 ` Jon Hunter
2024-09-03 11:49 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240901160817.391471323@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=luiz.von.dentz@intel.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox