From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Luo Qiu <luoqiu@kylinsec.com.cn>,
Ulf Hansson <ulf.hansson@linaro.org>
Subject: [PATCH 5.10 107/227] memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
Date: Tue, 8 Apr 2025 12:48:05 +0200 [thread overview]
Message-ID: <20250408104823.566273407@linuxfoundation.org> (raw)
In-Reply-To: <20250408104820.353768086@linuxfoundation.org>
5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luo Qiu <luoqiu@kylinsec.com.cn>
commit 4676741a3464b300b486e70585c3c9b692be1632 upstream.
This fixes the following crash:
==================================================================
BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]
Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241
CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1
Tainted: [E]=UNSIGNED_MODULE
Hardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024
Workqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]
Call Trace:
<TASK>
dump_stack_lvl+0x51/0x70
print_address_description.constprop.0+0x27/0x320
? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]
print_report+0x3e/0x70
kasan_report+0xab/0xe0
? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]
rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]
? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]
? __pfx___schedule+0x10/0x10
? kick_pool+0x3b/0x270
process_one_work+0x357/0x660
worker_thread+0x390/0x4c0
? __pfx_worker_thread+0x10/0x10
kthread+0x190/0x1d0
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2d/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1a/0x30
</TASK>
Allocated by task 161446:
kasan_save_stack+0x20/0x40
kasan_save_track+0x10/0x30
__kasan_kmalloc+0x7b/0x90
__kmalloc_noprof+0x1a7/0x470
memstick_alloc_host+0x1f/0xe0 [memstick]
rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]
platform_probe+0x60/0xe0
call_driver_probe+0x35/0x120
really_probe+0x123/0x410
__driver_probe_device+0xc7/0x1e0
driver_probe_device+0x49/0xf0
__device_attach_driver+0xc6/0x160
bus_for_each_drv+0xe4/0x160
__device_attach+0x13a/0x2b0
bus_probe_device+0xbd/0xd0
device_add+0x4a5/0x760
platform_device_add+0x189/0x370
mfd_add_device+0x587/0x5e0
mfd_add_devices+0xb1/0x130
rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]
usb_probe_interface+0x15c/0x460
call_driver_probe+0x35/0x120
really_probe+0x123/0x410
__driver_probe_device+0xc7/0x1e0
driver_probe_device+0x49/0xf0
__device_attach_driver+0xc6/0x160
bus_for_each_drv+0xe4/0x160
__device_attach+0x13a/0x2b0
rebind_marked_interfaces.isra.0+0xcc/0x110
usb_reset_device+0x352/0x410
usbdev_do_ioctl+0xe5c/0x1860
usbdev_ioctl+0xa/0x20
__x64_sys_ioctl+0xc5/0xf0
do_syscall_64+0x59/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Freed by task 161506:
kasan_save_stack+0x20/0x40
kasan_save_track+0x10/0x30
kasan_save_free_info+0x36/0x60
__kasan_slab_free+0x34/0x50
kfree+0x1fd/0x3b0
device_release+0x56/0xf0
kobject_cleanup+0x73/0x1c0
rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]
platform_remove+0x2f/0x50
device_release_driver_internal+0x24b/0x2e0
bus_remove_device+0x124/0x1d0
device_del+0x239/0x530
platform_device_del.part.0+0x19/0xe0
platform_device_unregister+0x1c/0x40
mfd_remove_devices_fn+0x167/0x170
device_for_each_child_reverse+0xc9/0x130
mfd_remove_devices+0x6e/0xa0
rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]
usb_unbind_interface+0xf3/0x3f0
device_release_driver_internal+0x24b/0x2e0
proc_disconnect_claim+0x13d/0x220
usbdev_do_ioctl+0xb5e/0x1860
usbdev_ioctl+0xa/0x20
__x64_sys_ioctl+0xc5/0xf0
do_syscall_64+0x59/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Last potentially related work creation:
kasan_save_stack+0x20/0x40
kasan_record_aux_stack+0x85/0x90
insert_work+0x29/0x100
__queue_work+0x34a/0x540
call_timer_fn+0x2a/0x160
expire_timers+0x5f/0x1f0
__run_timer_base.part.0+0x1b6/0x1e0
run_timer_softirq+0x8b/0xe0
handle_softirqs+0xf9/0x360
__irq_exit_rcu+0x114/0x130
sysvec_apic_timer_interrupt+0x72/0x90
asm_sysvec_apic_timer_interrupt+0x16/0x20
Second to last potentially related work creation:
kasan_save_stack+0x20/0x40
kasan_record_aux_stack+0x85/0x90
insert_work+0x29/0x100
__queue_work+0x34a/0x540
call_timer_fn+0x2a/0x160
expire_timers+0x5f/0x1f0
__run_timer_base.part.0+0x1b6/0x1e0
run_timer_softirq+0x8b/0xe0
handle_softirqs+0xf9/0x360
__irq_exit_rcu+0x114/0x130
sysvec_apic_timer_interrupt+0x72/0x90
asm_sysvec_apic_timer_interrupt+0x16/0x20
The buggy address belongs to the object at ffff888136335000
which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 896 bytes inside of
freed 2048-byte region [ffff888136335000, ffff888136335800)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x136330
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff)
page_type: f5(slab)
raw: 0017ffffc0000040 ffff888100042f00 ffffea000417a000 dead000000000002
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0017ffffc0000040 ffff888100042f00 ffffea000417a000 dead000000000002
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0017ffffc0000003 ffffea0004d8cc01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888136335280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888136335300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888136335380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888136335400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888136335480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Fixes: 6827ca573c03 ("memstick: rtsx_usb_ms: Support runtime power management")
Signed-off-by: Luo Qiu <luoqiu@kylinsec.com.cn>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/4B7BC3E6E291E6F2+20250317101438.25650-1-luoqiu@kylinsec.com.cn
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/memstick/host/rtsx_usb_ms.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/memstick/host/rtsx_usb_ms.c
+++ b/drivers/memstick/host/rtsx_usb_ms.c
@@ -813,6 +813,7 @@ static int rtsx_usb_ms_drv_remove(struct
host->eject = true;
cancel_work_sync(&host->handle_req);
+ cancel_delayed_work_sync(&host->poll_card);
mutex_lock(&host->host_mutex);
if (host->req) {
next prev parent reply other threads:[~2025-04-08 10:58 UTC|newest]
Thread overview: 232+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-08 10:46 [PATCH 5.10 000/227] 5.10.236-rc1 review Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 001/227] vlan: fix memory leak in vlan_newlink() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 002/227] clockevents/drivers/i8253: Fix stop sequence for timer 0 Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 003/227] sched/isolation: Prevent boot crash when the boot CPU is nohz_full Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 004/227] ipv6: Fix signed integer overflow in __ip6_append_data Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 005/227] KVM: x86: Reject Hyper-Vs SEND_IPI hypercalls if local APIC isnt in-kernel Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 006/227] x86/kexec: fix memory leak of elf header buffer Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 007/227] fbdev: hyperv_fb: iounmap() the correct memory when removing a device Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 008/227] pinctrl: bcm281xx: Fix incorrect regmap max_registers value Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 009/227] netfilter: conntrack: convert to refcount_t api Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 010/227] netfilter: nft_ct: fix use after free when attaching zone template Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 011/227] netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 012/227] ice: fix memory leak in aRFS after reset Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 013/227] netpoll: hold rcu read lock in __netpoll_send_skb() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 014/227] Drivers: hv: vmbus: Dont release fb_mmio resource in vmbus_free_mmio() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 015/227] net/mlx5: handle errors in mlx5_chains_create_table() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 016/227] netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 017/227] ipvs: prevent integer overflow in do_ip_vs_get_ctl() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 018/227] net_sched: Prevent creation of classes with TC_H_ROOT Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 019/227] netfilter: nft_exthdr: fix offset with ipv4_find_option() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 020/227] net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 021/227] nvme-fc: go straight to connecting state when initializing Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 022/227] hrtimers: Mark is_migration_base() with __always_inline Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 023/227] powercap: call put_device() on an error path in powercap_register_control_type() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 024/227] iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 025/227] scsi: qla1280: Fix kernel oops when debug level > 2 Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 026/227] ACPI: resource: IRQ override for Eluktronics MECH-17 Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 027/227] alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 028/227] vboxsf: fix building with GCC 15 Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 029/227] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 030/227] HID: ignore non-functional sensor in HP 5MP Camera Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 031/227] s390/cio: Fix CHPID "configure" attribute caching Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 032/227] thermal/cpufreq_cooling: Remove structure member documentation Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 033/227] ASoC: rsnd: dont indicate warning on rsnd_kctrl_accept_runtime() Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 034/227] ASoC: arizona/madera: use fsleep() in up/down DAPM event delays Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 035/227] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 036/227] nvmet-rdma: recheck queue state is LIVE in state lock in recv done Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 037/227] sctp: Fix undefined behavior in left shift operation Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 038/227] nvme: only allow entering LIVE from CONNECTING state Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 039/227] ASoC: tas2770: Fix volume scale Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 040/227] ASoC: tas2764: Fix power control mask Greg Kroah-Hartman
2025-04-08 10:46 ` [PATCH 5.10 041/227] ASoC: tas2764: Set the SDOUT polarity correctly Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 042/227] fuse: dont truncate cached, mutated symlink Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 043/227] x86/irq: Define trace events conditionally Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 044/227] mptcp: safety check before fallback Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 045/227] drm/nouveau: Do not override forced connector status Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 046/227] block: fix kmem_cache of name bio-108 already exists Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 047/227] USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 048/227] USB: serial: option: add Telit Cinterion FE990B compositions Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 049/227] USB: serial: option: fix Telit Cinterion FE990A name Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 050/227] USB: serial: option: match on interface class for Telit FN990B Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 051/227] x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 052/227] drm/atomic: Filter out redundant DPMS calls Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 053/227] drm/amd/display: Assign normalized_pix_clk when color depth = 14 Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 054/227] drm/amd/display: Fix slab-use-after-free on hdcp_work Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 055/227] qlcnic: fix memory leak issues in qlcnic_sriov_common.c Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 056/227] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 057/227] ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 058/227] i2c: ali1535: Fix an error handling path in ali1535_probe() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 059/227] i2c: ali15x3: Fix an error handling path in ali15x3_probe() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 060/227] i2c: sis630: Fix an error handling path in sis630_probe() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 061/227] drm/amd/display: Check plane scaling against format specific hw plane caps Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 062/227] drm/amd/display/dc/core/dc_resource: Staticify local functions Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 063/227] drm/amd/display: Reject too small viewport size when validating plane Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 064/227] drm/amd/display: fix odm scaling Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 065/227] drm/amd/display: Check for invalid input params when building scaling params Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 066/227] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 067/227] firmware: imx-scu: fix OF node leak in .probe() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 068/227] xfrm_output: Force software GSO only in tunnel mode Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 069/227] ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 070/227] RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 071/227] ARM: dts: bcm2711: Dont mark timer regs unconfigured Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 072/227] RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 073/227] RDMA/hns: Remove redundant phy_addr in hns_roce_hem_list_find_mtt() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 074/227] RDMA/hns: Fix soft lockup during bt pages loop Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 075/227] RDMA/hns: Fix wrong value of max_sge_rd Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 076/227] Bluetooth: Fix error code in chan_alloc_skb_cb() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 077/227] ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 078/227] ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 079/227] net: atm: fix use after free in lec_send() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 080/227] net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 081/227] i2c: omap: fix IRQ storms Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 082/227] drm/v3d: Dont run jobs that have errors flagged in its fence Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 083/227] regulator: check that dummy regulator has been probed before using it Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 084/227] mmc: atmel-mci: Add missing clk_disable_unprepare() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 085/227] proc: fix UAF in proc_get_inode() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 086/227] ARM: shmobile: smp: Enforce shmobile_smp_* alignment Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 087/227] drm/amdgpu: Fix even more out of bound writes from debugfs Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 088/227] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 089/227] bpf, sockmap: Fix race between element replace and close() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 090/227] batman-adv: Ignore own maximum aggregation size during RX Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 091/227] soc: qcom: pdr: Fix the potential deadlock Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 092/227] drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 093/227] ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 094/227] HID: hid-plantronics: Add mic mute mapping and generalize quirks Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 095/227] atm: Fix NULL pointer dereference Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 096/227] ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 097/227] ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 098/227] ARM: Remove address checking for MMUless devices Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 099/227] netfilter: socket: Lookup orig tuple for IPv6 SNAT Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 100/227] ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Greg Kroah-Hartman
2025-04-08 10:47 ` [PATCH 5.10 101/227] counter: stm32-lptimer-cnt: fix error handling when enabling Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 102/227] counter: microchip-tcb-capture: Fix undefined counter channel state on probe Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 103/227] tty: serial: 8250: Add some more device IDs Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 104/227] net: usb: qmi_wwan: add Telit Cinterion FN990B composition Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 105/227] net: usb: qmi_wwan: add Telit Cinterion FE990B composition Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 106/227] net: usb: usbnet: restore usb%d name exception for local mac addresses Greg Kroah-Hartman
2025-04-08 10:48 ` Greg Kroah-Hartman [this message]
2025-04-08 10:48 ` [PATCH 5.10 108/227] serial: 8250_dma: terminate correct DMA in tx_dma_flush() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 109/227] media: i2c: et8ek8: Dont strip remove function when driver is builtin Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 110/227] i2c: dev: check return value when calling dev_set_name() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 111/227] watch_queue: fix pipe accounting mismatch Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 112/227] x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 113/227] cpufreq: scpi: compare kHz instead of Hz Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 114/227] cpufreq: governor: Fix negative idle_time handling in dbs_update() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 115/227] x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 116/227] x86/platform: Only allow CONFIG_EISA for 32-bit Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 117/227] PM: sleep: Adjust check before setting power.must_resume Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 118/227] selinux: Chain up tool resolving errors in install_policy.sh Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 119/227] EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 120/227] EDAC/ie31200: Fix the DIMM size mask for several SoCs Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 121/227] EDAC/ie31200: Fix the error path order of ie31200_init() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 122/227] thermal: int340x: Add NULL check for adev Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 123/227] PM: sleep: Fix handling devices with direct_complete set on errors Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 124/227] lockdep: Dont disable interrupts on RT in disable_irq_nosync_lockdep.*() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 125/227] perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 126/227] ALSA: hda/realtek: Always honor no_shutup_pins Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 127/227] ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 128/227] drm/dp_mst: Fix drm RAD print Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 129/227] drm: xlnx: zynqmp: Fix max dma segment size Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 130/227] drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 131/227] drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 132/227] PCI/ASPM: Fix link state exit during switch upstream function removal Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 133/227] PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 134/227] PCI: brcmstb: Use internal register to change link capability Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 135/227] PCI/portdrv: Only disable pciehp interrupts early when needed Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 136/227] drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 137/227] PCI: Remove stray put_device() in pci_register_host_bridge() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 138/227] PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 139/227] drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 140/227] PCI: pciehp: Dont enable HPIE when resuming in poll mode Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 141/227] fbdev: au1100fb: Move a variable assignment behind a null pointer check Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 142/227] mdacon: rework dependency list Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 143/227] fbdev: sm501fb: Add some geometry checks Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 144/227] clk: amlogic: gxbb: drop incorrect flag on 32k clock Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 145/227] remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 146/227] clk: samsung: Fix UBSAN panic in samsung_clk_init() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 147/227] bpf: Use preempt_count() directly in bpf_send_signal_common() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 148/227] lib: 842: Improve error handling in sw842_compress() Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 149/227] pinctrl: renesas: rza2: Fix missing of_node_put() call Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 150/227] clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 151/227] IB/mad: Check available slots before posting receive WRs Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 152/227] pinctrl: tegra: Set SFIO mode to Mux Register Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 153/227] clk: amlogic: g12b: fix cluster A parent data Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 154/227] clk: amlogic: gxbb: drop non existing 32k clock parent Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 155/227] clk: amlogic: g12a: fix mmc A peripheral clock Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 156/227] x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 157/227] power: supply: max77693: Fix wrong conversion of charge input threshold value Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 158/227] RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 159/227] mfd: sm501: Switch to BIT() to mitigate integer overflows Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 160/227] x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Greg Kroah-Hartman
2025-04-08 10:48 ` [PATCH 5.10 161/227] crypto: hisilicon/sec2 - fix for aead auth key length Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 162/227] isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 163/227] coresight: catu: Fix number of pages while using 64k pages Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 164/227] iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 165/227] perf units: Fix insufficient array space Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 166/227] kexec: initialize ELF lowest address to ULONG_MAX Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 167/227] ocfs2: validate l_tree_depth to avoid out-of-bounds access Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 168/227] NFSv4: Dont trigger uneccessary scans for return-on-close delegations Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 169/227] perf python: Fixup description of sample.id event member Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 170/227] perf python: Decrement the refcount of just created event on failure Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 171/227] perf python: Dont keep a raw_data pointer to consumed ring buffer space Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 172/227] perf python: Check if there is space to copy all the event Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 173/227] fs/procfs: fix the comment above proc_pid_wchan() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 174/227] objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 175/227] exfat: fix the infinite loop in exfat_find_last_cluster() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 176/227] rtnetlink: Allocate vfinfo size for VF GUIDs when supported Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 177/227] ring-buffer: Fix bytes_dropped calculation issue Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 178/227] ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 179/227] octeontx2-af: Fix mbox INTR handler when num VFs > 64 Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 180/227] sched/smt: Always inline sched_smt_active() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 181/227] wifi: iwlwifi: fw: allocate chained SG tables for dump Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 182/227] nvme-tcp: fix possible UAF in nvme_tcp_poll Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 183/227] nvme-pci: clean up CMBMSC when registering CMB fails Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 184/227] nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 185/227] affs: generate OFS sequence numbers starting at 1 Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 186/227] affs: dont write overlarge OFS data block size fields Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 187/227] platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 188/227] sched/deadline: Use online cpus for validating runtime Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 189/227] locking/semaphore: Use wake_q to wake up processes outside lock critical section Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 190/227] ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 191/227] can: statistics: use atomic access in hot path Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 192/227] hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 193/227] spufs: fix a leak on spufs_new_file() failure Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 194/227] spufs: fix a leak in spufs_create_context() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 195/227] ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 196/227] ntb: intel: Fix using link status DBs Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 197/227] netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 198/227] net_sched: skbprio: Remove overly strict queue assertions Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 199/227] vsock: avoid timeout during connect() if the socket is closing Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 200/227] tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 201/227] netfilter: nft_tunnel: fix geneve_opt type confusion addition Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 202/227] ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 203/227] net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 204/227] net: fix geneve_opt length integer overflow Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 205/227] arcnet: Add NULL check in com20020pci_probe() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 206/227] can: flexcan: only change CAN state when link up in system PM Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 207/227] tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 208/227] tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 209/227] drm/amd/pm: Fix negative array index read Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 210/227] drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 211/227] ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 212/227] btrfs: handle errors from btrfs_dec_ref() properly Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 213/227] x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 214/227] x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 215/227] acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 216/227] ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 217/227] mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 218/227] tracing: Fix use-after-free in print_graph_function_flags during tracer switching Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 219/227] tracing: Ensure module defining synth event cannot be unloaded while tracing Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 220/227] ext4: dont over-report free space or inodes in statvfs Greg Kroah-Hartman
2025-04-08 10:49 ` [PATCH 5.10 221/227] ext4: fix OOB read when checking dotdot dir Greg Kroah-Hartman
2025-04-08 10:50 ` [PATCH 5.10 222/227] jfs: fix slab-out-of-bounds read in ea_get() Greg Kroah-Hartman
2025-04-08 10:50 ` [PATCH 5.10 223/227] jfs: add index corruption check to DT_GETPAGE() Greg Kroah-Hartman
2025-04-08 10:50 ` [PATCH 5.10 224/227] nfsd: put dl_stid if fail to queue dl_recall Greg Kroah-Hartman
2025-04-08 10:50 ` [PATCH 5.10 225/227] NFSD: Skip sending CB_RECALL_ANY when the backchannel isnt up Greg Kroah-Hartman
2025-04-08 10:50 ` [PATCH 5.10 226/227] netfilter: conntrack: fix crash due to confirmed bit load reordering Greg Kroah-Hartman
2025-04-08 10:50 ` [PATCH 5.10 227/227] x86/kexec: Fix double-free of elf header buffer Greg Kroah-Hartman
2025-04-08 20:26 ` [PATCH 5.10 000/227] 5.10.236-rc1 review Pavel Machek
2025-04-08 20:55 ` Florian Fainelli
2025-04-09 8:00 ` Jon Hunter
2025-04-09 9:50 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250408104823.566273407@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=luoqiu@kylinsec.com.cn \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox