From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Olivier Sobrie <olivier@sobrie.be>,
Basavaraj Natikar <Basavaraj.Natikar@amd.com>,
Jiri Kosina <jkosina@suse.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 185/269] HID: amd_sfh: free driver_data after destroying hid device
Date: Tue, 10 Sep 2024 11:32:52 +0200 [thread overview]
Message-ID: <20240910092614.728368213@linuxfoundation.org> (raw)
In-Reply-To: <20240910092608.225137854@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olivier Sobrie <olivier@sobrie.be>
[ Upstream commit 97155021ae17b86985121b33cf8098bcde00d497 ]
HID driver callbacks aren't called anymore once hid_destroy_device() has
been called. Hence, hid driver_data should be freed only after the
hid_destroy_device() function returned as driver_data is used in several
callbacks.
I observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling
KASAN to debug memory allocation, I got this output:
[ 13.050438] ==================================================================
[ 13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]
[ 13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3
[ 13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479
[ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0
[ 13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024
[ 13.067860] Call Trace:
[ 13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8
[ 13.071486] <TASK>
[ 13.071492] dump_stack_lvl+0x5d/0x80
[ 13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)
[ 13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.082199] print_report+0x174/0x505
[ 13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.097464] kasan_report+0xc8/0x150
[ 13.101461] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]
[ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]
[ 13.127404] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.131925] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]
[ 13.136455] ? _raw_spin_lock_irqsave+0x96/0xf0
[ 13.140197] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 13.143602] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]
[ 13.147234] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.150446] ? __devm_add_action+0x167/0x1d0
[ 13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]
[ 13.158581] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.161814] platform_probe+0xa2/0x150
[ 13.165029] really_probe+0x1e3/0x8a0
[ 13.168243] __driver_probe_device+0x18c/0x370
[ 13.171500] driver_probe_device+0x4a/0x120
[ 13.175000] __driver_attach+0x190/0x4a0
[ 13.178521] ? __pfx___driver_attach+0x10/0x10
[ 13.181771] bus_for_each_dev+0x106/0x180
[ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10
[ 13.188229] ? __pfx_bus_for_each_dev+0x10/0x10
[ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.194382] bus_add_driver+0x29e/0x4d0
[ 13.197328] driver_register+0x1a5/0x360
[ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]
[ 13.203362] do_one_initcall+0xa7/0x380
[ 13.206432] ? __pfx_do_one_initcall+0x10/0x10
[ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.213211] ? kasan_unpoison+0x44/0x70
[ 13.216688] do_init_module+0x238/0x750
[ 13.219696] load_module+0x5011/0x6af0
[ 13.223096] ? kasan_save_stack+0x30/0x50
[ 13.226743] ? kasan_save_track+0x14/0x30
[ 13.230080] ? kasan_save_free_info+0x3b/0x60
[ 13.233323] ? poison_slab_object+0x109/0x180
[ 13.236778] ? __pfx_load_module+0x10/0x10
[ 13.239703] ? poison_slab_object+0x109/0x180
[ 13.243070] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.245924] ? init_module_from_file+0x13d/0x150
[ 13.248745] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.251503] ? init_module_from_file+0xdf/0x150
[ 13.254198] init_module_from_file+0xdf/0x150
[ 13.256826] ? __pfx_init_module_from_file+0x10/0x10
[ 13.259428] ? kasan_save_track+0x14/0x30
[ 13.261959] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.264471] ? kasan_save_free_info+0x3b/0x60
[ 13.267026] ? poison_slab_object+0x109/0x180
[ 13.269494] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.271949] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.274324] ? _raw_spin_lock+0x85/0xe0
[ 13.276671] ? __pfx__raw_spin_lock+0x10/0x10
[ 13.278963] ? __rseq_handle_notify_resume+0x1a6/0xad0
[ 13.281193] idempotent_init_module+0x23b/0x650
[ 13.283420] ? __pfx_idempotent_init_module+0x10/0x10
[ 13.285619] ? __pfx___seccomp_filter+0x10/0x10
[ 13.287714] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.289828] ? __fget_light+0x57/0x420
[ 13.291870] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.293880] ? security_capable+0x74/0xb0
[ 13.295820] __x64_sys_finit_module+0xbe/0x130
[ 13.297874] do_syscall_64+0x82/0x190
[ 13.299898] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.301905] ? irqtime_account_irq+0x3d/0x1f0
[ 13.303877] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.305753] ? __irq_exit_rcu+0x4e/0x130
[ 13.307577] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.309489] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 13.311371] RIP: 0033:0x7a21f96ade9d
[ 13.313234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 63 de 0c 00 f7 d8 64 89 01 48
[ 13.317051] RSP: 002b:00007ffeae934e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 13.319024] RAX: ffffffffffffffda RBX: 00005987276bfcf0 RCX: 00007a21f96ade9d
[ 13.321100] RDX: 0000000000000004 RSI: 00007a21f8eda376 RDI: 000000000000001c
[ 13.323314] RBP: 00007a21f8eda376 R08: 0000000000000001 R09: 00007ffeae934ec0
[ 13.325505] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000
[ 13.327637] R13: 00005987276c1250 R14: 0000000000000000 R15: 00005987276c4530
[ 13.329737] </TASK>
[ 13.333945] Allocated by task 139:
[ 13.336111] kasan_save_stack+0x30/0x50
[ 13.336121] kasan_save_track+0x14/0x30
[ 13.336125] __kasan_kmalloc+0xaa/0xb0
[ 13.336129] amdtp_hid_probe+0xb1/0x440 [amd_sfh]
[ 13.336138] amd_sfh_hid_client_init+0xb8a/0x10f0 [amd_sfh]
[ 13.336144] sfh_init_work+0x47/0x120 [amd_sfh]
[ 13.336150] process_one_work+0x673/0xeb0
[ 13.336155] worker_thread+0x795/0x1250
[ 13.336160] kthread+0x290/0x350
[ 13.336164] ret_from_fork+0x34/0x70
[ 13.336169] ret_from_fork_asm+0x1a/0x30
[ 13.338175] Freed by task 139:
[ 13.340064] kasan_save_stack+0x30/0x50
[ 13.340072] kasan_save_track+0x14/0x30
[ 13.340076] kasan_save_free_info+0x3b/0x60
[ 13.340081] poison_slab_object+0x109/0x180
[ 13.340085] __kasan_slab_free+0x32/0x50
[ 13.340089] kfree+0xe5/0x310
[ 13.340094] amdtp_hid_remove+0xb2/0x160 [amd_sfh]
[ 13.340102] amd_sfh_hid_client_deinit+0x324/0x640 [amd_sfh]
[ 13.340107] amd_sfh_hid_client_init+0x94a/0x10f0 [amd_sfh]
[ 13.340113] sfh_init_work+0x47/0x120 [amd_sfh]
[ 13.340118] process_one_work+0x673/0xeb0
[ 13.340123] worker_thread+0x795/0x1250
[ 13.340127] kthread+0x290/0x350
[ 13.340132] ret_from_fork+0x34/0x70
[ 13.340136] ret_from_fork_asm+0x1a/0x30
[ 13.342482] The buggy address belongs to the object at ffff88813152f400
which belongs to the cache kmalloc-64 of size 64
[ 13.347357] The buggy address is located 8 bytes inside of
freed 64-byte region [ffff88813152f400, ffff88813152f440)
[ 13.347367] The buggy address belongs to the physical page:
[ 13.355409] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13152f
[ 13.355416] anon flags: 0x2ffff8000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 13.355423] page_type: 0xffffefff(slab)
[ 13.355429] raw: 02ffff8000000000 ffff8881000428c0 ffffea0004c43a00 0000000000000005
[ 13.355435] raw: 0000000000000000 0000000000200020 00000001ffffefff 0000000000000000
[ 13.355439] page dumped because: kasan: bad access detected
[ 13.357295] Memory state around the buggy address:
[ 13.357299] ffff88813152f300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 13.357303] ffff88813152f380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 13.357306] >ffff88813152f400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 13.357309] ^
[ 13.357311] ffff88813152f480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 13.357315] ffff88813152f500: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc
[ 13.357318] ==================================================================
[ 13.357405] Disabling lock debugging due to kernel taint
[ 13.383534] Oops: general protection fault, probably for non-canonical address 0xe0a1bc4140000013: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 13.383544] KASAN: maybe wild-memory-access in range [0x050e020a00000098-0x050e020a0000009f]
[ 13.383551] CPU: 3 PID: 479 Comm: (udev-worker) Tainted: G B 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0
[ 13.383561] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024
[ 13.383565] RIP: 0010:amd_sfh_get_report+0x81/0x530 [amd_sfh]
[ 13.383580] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 78 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 49 8d 7c 24 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1a 03 00 00 45 8b 74 24 10 45
[ 13.383585] RSP: 0018:ffff8881261f7388 EFLAGS: 00010212
[ 13.383592] RAX: dffffc0000000000 RBX: ffff88813152f400 RCX: 0000000000000002
[ 13.383597] RDX: 00a1c04140000013 RSI: 0000000000000008 RDI: 050e020a0000009b
[ 13.383600] RBP: ffff88814d010000 R08: 0000000000000002 R09: fffffbfff3ddb8c0
[ 13.383604] R10: ffffffff9eedc607 R11: ffff88810ce98000 R12: 050e020a0000008b
[ 13.383607] R13: ffff88814d010000 R14: dffffc0000000000 R15: 0000000000000004
[ 13.383611] FS: 00007a21f94d0880(0000) GS:ffff8887e7d80000(0000) knlGS:0000000000000000
[ 13.383615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 13.383618] CR2: 00007e0014c438f0 CR3: 000000012614c000 CR4: 0000000000f50ef0
[ 13.383622] PKRU: 55555554
[ 13.383625] Call Trace:
[ 13.383629] <TASK>
[ 13.383632] ? __die_body.cold+0x19/0x27
[ 13.383644] ? die_addr+0x46/0x70
[ 13.383652] ? exc_general_protection+0x150/0x240
[ 13.383664] ? asm_exc_general_protection+0x26/0x30
[ 13.383674] ? amd_sfh_get_report+0x81/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.383686] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.383697] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]
[ 13.383706] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.383713] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]
[ 13.383727] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]
[ 13.383739] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.383745] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]
[ 13.383753] ? _raw_spin_lock_irqsave+0x96/0xf0
[ 13.383762] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 13.383768] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]
[ 13.383790] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.383795] ? __devm_add_action+0x167/0x1d0
[ 13.383806] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]
[ 13.383818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.383826] platform_probe+0xa2/0x150
[ 13.383832] really_probe+0x1e3/0x8a0
[ 13.383838] __driver_probe_device+0x18c/0x370
[ 13.383844] driver_probe_device+0x4a/0x120
[ 13.383851] __driver_attach+0x190/0x4a0
[ 13.383857] ? __pfx___driver_attach+0x10/0x10
[ 13.383863] bus_for_each_dev+0x106/0x180
[ 13.383868] ? __pfx__raw_spin_lock+0x10/0x10
[ 13.383874] ? __pfx_bus_for_each_dev+0x10/0x10
[ 13.383880] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.383887] bus_add_driver+0x29e/0x4d0
[ 13.383895] driver_register+0x1a5/0x360
[ 13.383902] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]
[ 13.383910] do_one_initcall+0xa7/0x380
[ 13.383919] ? __pfx_do_one_initcall+0x10/0x10
[ 13.383927] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.383933] ? kasan_unpoison+0x44/0x70
[ 13.383943] do_init_module+0x238/0x750
[ 13.383955] load_module+0x5011/0x6af0
[ 13.383962] ? kasan_save_stack+0x30/0x50
[ 13.383968] ? kasan_save_track+0x14/0x30
[ 13.383973] ? kasan_save_free_info+0x3b/0x60
[ 13.383980] ? poison_slab_object+0x109/0x180
[ 13.383993] ? __pfx_load_module+0x10/0x10
[ 13.384007] ? poison_slab_object+0x109/0x180
[ 13.384012] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384018] ? init_module_from_file+0x13d/0x150
[ 13.384025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384032] ? init_module_from_file+0xdf/0x150
[ 13.384037] init_module_from_file+0xdf/0x150
[ 13.384044] ? __pfx_init_module_from_file+0x10/0x10
[ 13.384050] ? kasan_save_track+0x14/0x30
[ 13.384055] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384060] ? kasan_save_free_info+0x3b/0x60
[ 13.384066] ? poison_slab_object+0x109/0x180
[ 13.384071] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384080] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384085] ? _raw_spin_lock+0x85/0xe0
[ 13.384091] ? __pfx__raw_spin_lock+0x10/0x10
[ 13.384096] ? __rseq_handle_notify_resume+0x1a6/0xad0
[ 13.384106] idempotent_init_module+0x23b/0x650
[ 13.384114] ? __pfx_idempotent_init_module+0x10/0x10
[ 13.384120] ? __pfx___seccomp_filter+0x10/0x10
[ 13.384129] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384135] ? __fget_light+0x57/0x420
[ 13.384142] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384147] ? security_capable+0x74/0xb0
[ 13.384157] __x64_sys_finit_module+0xbe/0x130
[ 13.384164] do_syscall_64+0x82/0x190
[ 13.384174] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384179] ? irqtime_account_irq+0x3d/0x1f0
[ 13.384188] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384193] ? __irq_exit_rcu+0x4e/0x130
[ 13.384201] ? srso_alias_return_thunk+0x5/0xfbef5
[ 13.384206] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 13.384212] RIP: 0033:0x7a21f96ade9d
[ 13.384263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 63 de 0c 00 f7 d8 64 89 01 48
[ 13.384267] RSP: 002b:00007ffeae934e78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 13.384273] RAX: ffffffffffffffda RBX: 00005987276bfcf0 RCX: 00007a21f96ade9d
[ 13.384277] RDX: 0000000000000004 RSI: 00007a21f8eda376 RDI: 000000000000001c
[ 13.384280] RBP: 00007a21f8eda376 R08: 0000000000000001 R09: 00007ffeae934ec0
[ 13.384284] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000
[ 13.384288] R13: 00005987276c1250 R14: 0000000000000000 R15: 00005987276c4530
[ 13.384297] </TASK>
[ 13.384299] Modules linked in: soundwire_amd(+) hid_sensor_gyro_3d(+) hid_sensor_magn_3d hid_sensor_accel_3d soundwire_generic_allocation amdxcp hid_sensor_trigger drm_exec industrialio_triggered_buffer soundwire_bus gpu_sched kvm_amd kfifo_buf qmi_helpers joydev drm_buddy hid_sensor_iio_common mousedev snd_soc_core industrialio i2c_algo_bit mac80211 snd_compress drm_suballoc_helper kvm snd_hda_intel drm_ttm_helper ac97_bus snd_pcm_dmaengine snd_intel_dspcfg ttm thinkpad_acpi(+) snd_intel_sdw_acpi hid_sensor_hub snd_rpl_pci_acp6x drm_display_helper snd_hda_codec hid_multitouch libarc4 snd_acp_pci platform_profile think_lmi(+) hid_generic firmware_attributes_class wmi_bmof cec snd_acp_legacy_common sparse_keymap rapl snd_hda_core psmouse cfg80211 pcspkr snd_pci_acp6x snd_hwdep video snd_pcm snd_pci_acp5x snd_timer snd_rn_pci_acp3x ucsi_acpi snd_acp_config snd sp5100_tco rfkill snd_soc_acpi typec_ucsi thunderbolt amd_sfh k10temp mhi soundcore i2c_piix4 snd_pci_acp3x typec i2c_hid_acpi roles i2c_hid wmi acpi_tad amd_pmc
[ 13.384454] mac_hid i2c_dev crypto_user loop nfnetlink zram ip_tables x_tables dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel serio_raw sha512_ssse3 atkbd sha256_ssse3 libps2 sha1_ssse3 vivaldi_fmap nvme aesni_intel crypto_simd nvme_core cryptd ccp xhci_pci i8042 nvme_auth xhci_pci_renesas serio vfat fat btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq
[ 13.384552] ---[ end trace 0000000000000000 ]---
KASAN reports a use-after-free of hid->driver_data in function
amd_sfh_get_report(). The backtrace indicates that the function is called
by amdtp_hid_request() which is one of the callbacks of hid device.
The current make sure that driver_data is freed only once
hid_destroy_device() returned.
Note that I observed the crash both on v6.9.9 and v6.10.0. The
code seems to be as it was from the early days of the driver.
Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
Acked-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_hid.c b/drivers/hid/amd-sfh-hid/amd_sfh_hid.c
index 705b52337068..81f3024b7b1b 100644
--- a/drivers/hid/amd-sfh-hid/amd_sfh_hid.c
+++ b/drivers/hid/amd-sfh-hid/amd_sfh_hid.c
@@ -171,11 +171,13 @@ int amdtp_hid_probe(u32 cur_hid_dev, struct amdtp_cl_data *cli_data)
void amdtp_hid_remove(struct amdtp_cl_data *cli_data)
{
int i;
+ struct amdtp_hid_data *hid_data;
for (i = 0; i < cli_data->num_hid_devices; ++i) {
if (cli_data->hid_sensor_hubs[i]) {
- kfree(cli_data->hid_sensor_hubs[i]->driver_data);
+ hid_data = cli_data->hid_sensor_hubs[i]->driver_data;
hid_destroy_device(cli_data->hid_sensor_hubs[i]);
+ kfree(hid_data);
cli_data->hid_sensor_hubs[i] = NULL;
}
}
--
2.43.0
next prev parent reply other threads:[~2024-09-10 10:34 UTC|newest]
Thread overview: 281+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-10 9:29 [PATCH 6.6 000/269] 6.6.51-rc1 review Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 001/269] sch/netem: fix use after free in netem_dequeue Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 002/269] net: microchip: vcap: Fix use-after-free error in kunit test Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 003/269] ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 004/269] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 005/269] KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 006/269] KVM: SVM: Dont advertise Bus Lock Detect to guest if SVM support is missing Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 007/269] ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 008/269] ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 009/269] ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 010/269] powerpc/qspinlock: Fix deadlock in MCS queue Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 011/269] smb: client: fix double put of @cfile in smb2_set_path_size() Greg Kroah-Hartman
2024-09-10 9:29 ` [PATCH 6.6 012/269] ksmbd: unset the binding mark of a reused connection Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 013/269] ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 014/269] ata: libata: Fix memory leak for error path in ata_host_alloc() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 015/269] x86/tdx: Fix data leak in mmio_read() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 016/269] perf/x86/intel: Limit the period on Haswell Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 017/269] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 018/269] x86/kaslr: Expose and use the end of the physical memory address space Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 019/269] rtmutex: Drop rt_mutex::wait_lock before scheduling Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 020/269] nvme-pci: Add sleep quirk for Samsung 990 Evo Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 021/269] rust: types: Make Opaque::get const Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 022/269] rust: macros: provide correct provenance when constructing THIS_MODULE Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 023/269] Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 024/269] Bluetooth: MGMT: Ignore keys being loaded with invalid type Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 025/269] mmc: core: apply SD quirks earlier during probe Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 026/269] mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 027/269] mmc: sdhci-of-aspeed: fix module autoloading Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 028/269] mmc: cqhci: Fix checking of CQHCI_HALT state Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 029/269] fuse: update stats for pages in dropped aux writeback list Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 030/269] fuse: use unsigned type for getxattr/listxattr size truncation Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 031/269] fuse: fix memory leak in fuse_create_open Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 032/269] clk: starfive: jh7110-sys: Add notifier for PLL0 clock Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 033/269] clk: qcom: clk-alpha-pll: Fix the pll post div mask Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 034/269] clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 035/269] clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 036/269] clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 037/269] can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 038/269] kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 039/269] mm: vmalloc: ensure vmap_block is initialised before adding to queue Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 040/269] spi: rockchip: Resolve unbalanced runtime PM / system PM handling Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 041/269] tracing/osnoise: Use a cpumask to know what threads are kthreads Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 042/269] tracing/timerlat: Only clear timer if a kthread exists Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 043/269] tracing: Avoid possible softlockup in tracing_iter_reset() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 044/269] tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 045/269] userfaultfd: dont BUG_ON() if khugepaged yanks our page table Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 046/269] userfaultfd: fix checks for huge PMDs Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 047/269] fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 048/269] eventfs: Use list_del_rcu() for SRCU protected list variable Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 049/269] net: mana: Fix error handling in mana_create_txq/rxqs NAPI cleanup Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 050/269] net: mctp-serial: Fix missing escapes on transmit Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 051/269] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 052/269] x86/apic: Make x2apic_disable() work correctly Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 053/269] Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 054/269] tcp_bpf: fix return value of tcp_bpf_sendmsg() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 055/269] ila: call nf_unregister_net_hooks() sooner Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 056/269] sched: sch_cake: fix bulk flow accounting logic for host fairness Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 057/269] nilfs2: fix missing cleanup on rollforward recovery error Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 058/269] nilfs2: protect references to superblock parameters exposed in sysfs Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 059/269] nilfs2: fix state management in error path of log writing function Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 060/269] drm/i915: Do not attempt to load the GSC multiple times Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 061/269] ALSA: control: Apply sanity check of input values for user elements Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 062/269] ALSA: hda: Add input value sanity checks to HDMI channel map controls Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 063/269] wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 064/269] wifi: ath12k: fix firmware crash due to invalid peer nss Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 065/269] smack: unix sockets: fix accept()ed socket label Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 066/269] bpf, verifier: Correct tail_call_reachable for bpf prog Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 067/269] ELF: fix kernel.randomize_va_space double read Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 068/269] accel/habanalabs/gaudi2: unsecure edma max outstanding register Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 069/269] irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 070/269] af_unix: Remove put_pid()/put_cred() in copy_peercred() Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 071/269] x86/kmsan: Fix hook for unaligned accesses Greg Kroah-Hartman
2024-09-10 9:30 ` [PATCH 6.6 072/269] iommu: sun50i: clear bypass register Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 073/269] netfilter: nf_conncount: fix wrong variable type Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 074/269] wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 075/269] udf: Avoid excessive partition lengths Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 076/269] fs/ntfs3: One more reason to mark inode bad Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 077/269] riscv: kprobes: Use patch_text_nosync() for insn slots Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 078/269] media: vivid: fix wrong sizeimage value for mplane Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 079/269] leds: spi-byte: Call of_node_put() on error path Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 080/269] wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 081/269] usb: uas: set host status byte on data completion error Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 082/269] usb: gadget: aspeed_udc: validate endpoint index for ast udc Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 083/269] drm/amd/display: Run DC_LOG_DC after checking link->link_enc Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 084/269] drm/amd/display: Check HDCP returned status Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 085/269] drm/amdgpu: Fix smatch static checker warning Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 086/269] drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 087/269] media: vivid: dont set HDMI TX controls if there are no HDMI outputs Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 088/269] vfio/spapr: Always clear TCEs before unsetting the window Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 089/269] ice: Check all ice_vsi_rebuild() errors in function Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 090/269] PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 091/269] Input: ili210x - use kvmalloc() to allocate buffer for firmware update Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 092/269] media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 093/269] pcmcia: Use resource_size function on resource object Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 094/269] drm/amd/display: Check denominator pbn_div before used Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 095/269] drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 096/269] can: bcm: Remove proc entry when dev is unregistered Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 097/269] can: m_can: Release irq on error in m_can_open Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 098/269] can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 099/269] rust: Use awk instead of recent xargs Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 100/269] rust: kbuild: fix export of bss symbols Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 101/269] cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 102/269] igb: Fix not clearing TimeSync interrupts for 82580 Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 103/269] ice: Add netif_device_attach/detach into PF reset flow Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 104/269] platform/x86: dell-smbios: Fix error path in dell_smbios_init() Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 105/269] regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 106/269] can: kvaser_pciefd: Skip redundant NULL pointer check in ISR Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 107/269] can: kvaser_pciefd: Remove unnecessary comment Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 108/269] can: kvaser_pciefd: Rename board_irq to pci_irq Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 109/269] can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 110/269] can: kvaser_pciefd: Use a single write when releasing RX buffers Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 111/269] Bluetooth: qca: If memdump doesnt work, re-enable IBS Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 112/269] Bluetooth: hci_event: Use HCI error defines instead of magic values Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 113/269] Bluetooth: hci_conn: Only do ACL connections sequentially Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 114/269] Bluetooth: Remove pending ACL connection attempts Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 115/269] Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 116/269] Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 117/269] Bluetooth: hci_sync: Attempt to dequeue connection attempt Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 118/269] Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 119/269] Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 120/269] igc: Unlock on error in igc_io_resume() Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 121/269] hwmon: (hp-wmi-sensors) Check if WMI event data exists Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 122/269] net: phy: Fix missing of_node_put() for leds Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 123/269] ice: protect XDP configuration with a mutex Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 124/269] ice: do not bring the VSI up, if it was down before the XDP setup Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 125/269] usbnet: modern method to get random MAC Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 126/269] bpf: Add sockptr support for getsockopt Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 127/269] bpf: Add sockptr support for setsockopt Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 128/269] net/socket: Break down __sys_setsockopt Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 129/269] net/socket: Break down __sys_getsockopt Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 130/269] bpf, net: Fix a potential race in do_sock_getsockopt() Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 131/269] bareudp: Fix device stats updates Greg Kroah-Hartman
2024-09-10 9:31 ` [PATCH 6.6 132/269] fou: Fix null-ptr-deref in GRO Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 133/269] r8152: fix the firmware doesnt work Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 134/269] net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 135/269] net: dsa: vsc73xx: fix possible subblocks range of CAPT block Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 136/269] selftests: net: enable bind tests Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 137/269] xen: privcmd: Fix possible access to a freed kirqfd instance Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 138/269] firmware: cs_dsp: Dont allow writes to read-only controls Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 139/269] phy: zynqmp: Take the phy mutex in xlate Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 140/269] ASoC: topology: Properly initialize soc_enum values Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 141/269] dm init: Handle minors larger than 255 Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 142/269] iommu/vt-d: Handle volatile descriptor status read Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 143/269] cgroup: Protect css->cgroup write under css_set_lock Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 144/269] um: line: always fill *error_out in setup_one_line() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 145/269] devres: Initialize an uninitialized struct member Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 146/269] pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 147/269] virtio_ring: fix KMSAN error for premapped mode Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 148/269] wifi: rtw88: usb: schedule rx work after everything is set up Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 149/269] scsi: ufs: core: Remove SCSI host only if added Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 150/269] scsi: pm80xx: Set phy->enable_completion only when we wait for it Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 151/269] crypto: qat - fix unintentional re-enabling of error interrupts Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 152/269] hwmon: (adc128d818) Fix underflows seen when writing limit attributes Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 153/269] hwmon: (lm95234) " Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 154/269] hwmon: (nct6775-core) " Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 155/269] hwmon: (w83627ehf) " Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 156/269] ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 157/269] libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 158/269] drm/amdgpu: Set no_hw_access when VF request full GPU fails Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 159/269] ext4: fix possible tid_t sequence overflows Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 160/269] jbd2: avoid mount failed when commit block is partial submitted Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 161/269] dma-mapping: benchmark: Dont starve others when doing the test Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 162/269] wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 163/269] drm/amdgpu: reject gang submit on reserved VMIDs Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 164/269] smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 165/269] fs/ntfs3: Check more cases when directory is corrupted Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 166/269] btrfs: replace BUG_ON with ASSERT in walk_down_proc() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 167/269] btrfs: clean up our handling of refs == 0 in snapshot delete Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 168/269] btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 169/269] cxl/region: Verify target positions using the ordered target list Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 170/269] riscv: set trap vector earlier Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 171/269] PCI: Add missing bridge lock to pci_bus_lock() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 172/269] tcp: Dont drop SYN+ACK for simultaneous connect() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 173/269] Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 174/269] net: dpaa: avoid on-stack arrays of NR_CPUS elements Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 175/269] LoongArch: Use correct API to map cmdline in relocate_kernel() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 176/269] regmap: maple: work around gcc-14.1 false-positive warning Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 177/269] vfs: Fix potential circular locking through setxattr() and removexattr() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 178/269] i3c: master: svc: resend target address when get NACK Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 179/269] i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 180/269] kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 181/269] spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 182/269] btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 183/269] s390/vmlinux.lds.S: Move ro_after_init section behind rodata section Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 184/269] HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Greg Kroah-Hartman
2024-09-10 9:32 ` Greg Kroah-Hartman [this message]
2024-09-10 9:32 ` [PATCH 6.6 186/269] Input: uinput - reject requests with unreasonable number of slots Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 187/269] usbnet: ipheth: race between ipheth_close and error handling Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 188/269] Squashfs: sanity check symbolic link size Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 189/269] of/irq: Prevent device address out-of-bounds read in interrupt map walk Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 190/269] lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 191/269] MIPS: cevt-r4k: Dont call get_c0_compare_int if timer irq is installed Greg Kroah-Hartman
2024-09-10 9:32 ` [PATCH 6.6 192/269] spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 193/269] ata: pata_macio: Use WARN instead of BUG Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 194/269] smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 195/269] NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 196/269] riscv: Use WRITE_ONCE() when setting page table entries Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 197/269] mm: Introduce pudp/p4dp/pgdp_get() functions Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 198/269] riscv: mm: Only compile pgtable.c if MMU Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 199/269] riscv: Use accessors to page table entries instead of direct dereference Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 200/269] ACPI: CPPC: Add helper to get the highest performance value Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 201/269] cpufreq: amd-pstate: Enable amd-pstate preferred core support Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 202/269] cpufreq: amd-pstate: fix the highest frequency issue which limits performance Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 203/269] tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 204/269] intel: legacy: Partial revert of field get conversion Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 205/269] staging: iio: frequency: ad9834: Validate frequency parameter value Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 206/269] iio: buffer-dmaengine: fix releasing dma channel on error Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 207/269] iio: fix scale application in iio_convert_raw_to_processed_unlocked Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 208/269] iio: adc: ad7124: fix config comparison Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 209/269] iio: adc: ad7606: remove frstdata check for serial mode Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 210/269] iio: adc: ad7124: fix chip ID mismatch Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 211/269] usb: dwc3: core: update LC timer as per USB Spec V3.2 Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 212/269] usb: cdns2: Fix controller reset issue Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 213/269] usb: dwc3: Avoid waking up gadget during startxfer Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 214/269] misc: fastrpc: Fix double free of buf in error path Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 215/269] binder: fix UAF caused by offsets overwrite Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 216/269] nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 217/269] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 218/269] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 219/269] VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 220/269] clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 221/269] clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 222/269] clocksource/drivers/timer-of: Remove percpu irq related code Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 223/269] uprobes: Use kzalloc to allocate xol area Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 224/269] perf/aux: Fix AUX buffer serialization Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 225/269] mm/vmscan: use folio_migratetype() instead of get_pageblock_migratetype() Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 226/269] Revert "mm: skip CMA pages when they are not available" Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 227/269] workqueue: wq_watchdog_touch is always called with valid CPU Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 228/269] workqueue: Improve scalability of workqueue watchdog touch Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 229/269] ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 230/269] ACPI: processor: Fix memory leaks in error paths of processor_add() Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 231/269] arm64: acpi: Move get_cpu_for_acpi_id() to a header Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 232/269] arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 233/269] can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 234/269] can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 235/269] can: mcp251xfd: clarify the meaning of timestamp Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 236/269] can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 237/269] drm/amd: Add gfx12 swizzle mode defs Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 238/269] drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 239/269] ata: libata-scsi: Remove redundant sense_buffer memsets Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 240/269] ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 241/269] crypto: starfive - Align rsa input data to 32-bit Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 242/269] crypto: starfive - Fix nent assignment in rsa dec Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 243/269] clk: qcom: ipq9574: Update the alpha PLL type for GPLLs Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 244/269] powerpc/64e: remove unused IBM HTW code Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 245/269] powerpc/64e: split out nohash Book3E 64-bit code Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 246/269] powerpc/64e: Define mmu_pte_psize static Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 247/269] powerpc/vdso: Dont discard rela sections Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 248/269] ASoC: tegra: Fix CBB error during probe() Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 249/269] nvmet-tcp: fix kernel crash if commands allocation fails Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 250/269] nvme-pci: allocate tagset on reset if necessary Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 251/269] ASoc: SOF: topology: Clear SOF link platform name upon unload Greg Kroah-Hartman
2024-09-10 9:33 ` [PATCH 6.6 252/269] ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 253/269] clk: qcom: gcc-sm8550: Dont use parking clk_ops for QUPs Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 254/269] clk: qcom: gcc-sm8550: Dont park the USB RCG at registration time Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 255/269] drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 256/269] drm/i915/fence: Mark debug_fence_free() " Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 257/269] gpio: rockchip: fix OF node leak in probe() Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 258/269] gpio: modepin: Enable module autoloading Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 259/269] smb: client: fix double put of @cfile in smb2_rename_path() Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 260/269] riscv: Fix toolchain vector detection Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 261/269] riscv: Do not restrict memory size because of linear mapping on nommu Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 262/269] ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 263/269] membarrier: riscv: Add full memory barrier in switch_mm() Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 264/269] x86/mm: Fix PTI for i386 some more Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 265/269] btrfs: fix race between direct IO write and fsync when using same fd Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 266/269] spi: spi-fsl-lpspi: Fix off-by-one in prescale max Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 267/269] Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 268/269] Bluetooth: hci_sync: Fix UAF on create_le_conn_complete Greg Kroah-Hartman
2024-09-10 9:34 ` [PATCH 6.6 269/269] Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Greg Kroah-Hartman
2024-09-10 18:45 ` [PATCH 6.6 000/269] 6.6.51-rc1 review Harshit Mogalapalli
2024-09-10 19:12 ` Florian Fainelli
2024-09-10 22:02 ` Mark Brown
2024-09-10 23:20 ` Shuah Khan
2024-09-10 23:23 ` Takeshi Ogasawara
2024-09-11 10:11 ` Naresh Kamboju
2024-09-12 0:19 ` Ron Economos
2024-09-12 7:19 ` Jon Hunter
2024-09-12 7:24 ` Jon Hunter
2024-09-12 7:34 ` Greg Kroah-Hartman
2024-09-12 7:19 ` Kexy Biscuit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240910092614.728368213@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Basavaraj.Natikar@amd.com \
--cc=jkosina@suse.com \
--cc=olivier@sobrie.be \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox