From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux@roeck-us.net
Cc: Alexander Potapenko <glider@google.com>,
"David S . Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Willy Tarreau <w@1wt.eu>
Subject: [PATCH 3.10 075/139] sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
Date: Wed, 1 Nov 2017 22:26:16 +0100 [thread overview]
Message-ID: <1509571600-4858-26-git-send-email-w@1wt.eu> (raw)
In-Reply-To: <1509571600-4858-1-git-send-email-w@1wt.eu>
From: Alexander Potapenko <glider@google.com>
commit b1f5bfc27a19f214006b9b4db7b9126df2dfdf5a upstream.
If the length field of the iterator (|pos.p| or |err|) is past the end
of the chunk, we shouldn't access it.
This bug has been detected by KMSAN. For the following pair of system
calls:
socket(PF_INET6, SOCK_STREAM, 0x84 /* IPPROTO_??? */) = 3
sendto(3, "A", 1, MSG_OOB, {sa_family=AF_INET6, sin6_port=htons(0),
inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 1
the tool has reported a use of uninitialized memory:
==================================================================
BUG: KMSAN: use of uninitialized memory in sctp_rcv+0x17b8/0x43b0
CPU: 1 PID: 2940 Comm: probe Not tainted 4.11.0-rc5+ #2926
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:16
dump_stack+0x172/0x1c0 lib/dump_stack.c:52
kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:927
__msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:469
__sctp_rcv_init_lookup net/sctp/input.c:1074
__sctp_rcv_lookup_harder net/sctp/input.c:1233
__sctp_rcv_lookup net/sctp/input.c:1255
sctp_rcv+0x17b8/0x43b0 net/sctp/input.c:170
sctp6_rcv+0x32/0x70 net/sctp/ipv6.c:984
ip6_input_finish+0x82f/0x1ee0 net/ipv6/ip6_input.c:279
NF_HOOK ./include/linux/netfilter.h:257
ip6_input+0x239/0x290 net/ipv6/ip6_input.c:322
dst_input ./include/net/dst.h:492
ip6_rcv_finish net/ipv6/ip6_input.c:69
NF_HOOK ./include/linux/netfilter.h:257
ipv6_rcv+0x1dbd/0x22e0 net/ipv6/ip6_input.c:203
__netif_receive_skb_core+0x2f6f/0x3a20 net/core/dev.c:4208
__netif_receive_skb net/core/dev.c:4246
process_backlog+0x667/0xba0 net/core/dev.c:4866
napi_poll net/core/dev.c:5268
net_rx_action+0xc95/0x1590 net/core/dev.c:5333
__do_softirq+0x485/0x942 kernel/softirq.c:284
do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902
</IRQ>
do_softirq kernel/softirq.c:328
__local_bh_enable_ip+0x25b/0x290 kernel/softirq.c:181
local_bh_enable+0x37/0x40 ./include/linux/bottom_half.h:31
rcu_read_unlock_bh ./include/linux/rcupdate.h:931
ip6_finish_output2+0x19b2/0x1cf0 net/ipv6/ip6_output.c:124
ip6_finish_output+0x764/0x970 net/ipv6/ip6_output.c:149
NF_HOOK_COND ./include/linux/netfilter.h:246
ip6_output+0x456/0x520 net/ipv6/ip6_output.c:163
dst_output ./include/net/dst.h:486
NF_HOOK ./include/linux/netfilter.h:257
ip6_xmit+0x1841/0x1c00 net/ipv6/ip6_output.c:261
sctp_v6_xmit+0x3b7/0x470 net/sctp/ipv6.c:225
sctp_packet_transmit+0x38cb/0x3a20 net/sctp/output.c:632
sctp_outq_flush+0xeb3/0x46e0 net/sctp/outqueue.c:885
sctp_outq_uncork+0xb2/0xd0 net/sctp/outqueue.c:750
sctp_side_effects net/sctp/sm_sideeffect.c:1773
sctp_do_sm+0x6962/0x6ec0 net/sctp/sm_sideeffect.c:1147
sctp_primitive_ASSOCIATE+0x12c/0x160 net/sctp/primitive.c:88
sctp_sendmsg+0x43e5/0x4f90 net/sctp/socket.c:1954
inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:633
sock_sendmsg net/socket.c:643
SYSC_sendto+0x608/0x710 net/socket.c:1696
SyS_sendto+0x8a/0xb0 net/socket.c:1664
do_syscall_64+0xe6/0x130 arch/x86/entry/common.c:285
entry_SYSCALL64_slow_path+0x25/0x25 arch/x86/entry/entry_64.S:246
RIP: 0033:0x401133
RSP: 002b:00007fff6d99cd38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00000000004002b0 RCX: 0000000000401133
RDX: 0000000000000001 RSI: 0000000000494088 RDI: 0000000000000003
RBP: 00007fff6d99cd90 R08: 00007fff6d99cd50 R09: 000000000000001c
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000004063d0 R14: 0000000000406460 R15: 0000000000000000
origin:
save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302
kmsan_internal_poison_shadow+0xb1/0x1a0 mm/kmsan/kmsan.c:198
kmsan_poison_shadow+0x6d/0xc0 mm/kmsan/kmsan.c:211
slab_alloc_node mm/slub.c:2743
__kmalloc_node_track_caller+0x200/0x360 mm/slub.c:4351
__kmalloc_reserve net/core/skbuff.c:138
__alloc_skb+0x26b/0x840 net/core/skbuff.c:231
alloc_skb ./include/linux/skbuff.h:933
sctp_packet_transmit+0x31e/0x3a20 net/sctp/output.c:570
sctp_outq_flush+0xeb3/0x46e0 net/sctp/outqueue.c:885
sctp_outq_uncork+0xb2/0xd0 net/sctp/outqueue.c:750
sctp_side_effects net/sctp/sm_sideeffect.c:1773
sctp_do_sm+0x6962/0x6ec0 net/sctp/sm_sideeffect.c:1147
sctp_primitive_ASSOCIATE+0x12c/0x160 net/sctp/primitive.c:88
sctp_sendmsg+0x43e5/0x4f90 net/sctp/socket.c:1954
inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:633
sock_sendmsg net/socket.c:643
SYSC_sendto+0x608/0x710 net/socket.c:1696
SyS_sendto+0x8a/0xb0 net/socket.c:1664
do_syscall_64+0xe6/0x130 arch/x86/entry/common.c:285
return_from_SYSCALL_64+0x0/0x6a arch/x86/entry/entry_64.S:246
==================================================================
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
include/net/sctp/sctp.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 845ab6d..b72cba7 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -555,6 +555,8 @@ _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
#define _sctp_walk_params(pos, chunk, end, member)\
for (pos.v = chunk->member;\
+ (pos.v + offsetof(struct sctp_paramhdr, length) + sizeof(pos.p->length) <\
+ (void *)chunk + end) &&\
pos.v <= (void *)chunk + end - ntohs(pos.p->length) &&\
ntohs(pos.p->length) >= sizeof(sctp_paramhdr_t);\
pos.v += WORD_ROUND(ntohs(pos.p->length)))
@@ -565,6 +567,8 @@ _sctp_walk_errors((err), (chunk_hdr), ntohs((chunk_hdr)->length))
#define _sctp_walk_errors(err, chunk_hdr, end)\
for (err = (sctp_errhdr_t *)((void *)chunk_hdr + \
sizeof(sctp_chunkhdr_t));\
+ ((void *)err + offsetof(sctp_errhdr_t, length) + sizeof(err->length) <\
+ (void *)chunk_hdr + end) &&\
(void *)err <= (void *)chunk_hdr + end - ntohs(err->length) &&\
ntohs(err->length) >= sizeof(sctp_errhdr_t); \
err = (sctp_errhdr_t *)((void *)err + WORD_ROUND(ntohs(err->length))))
--
2.8.0.rc2.1.gbe9624a
next prev parent reply other threads:[~2017-11-01 21:30 UTC|newest]
Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-01 21:17 [PATCH 3.10 000/139] 3.10.108-stable review Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 001/139] ipvs: SNAT packet replies only for NATed connections Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 002/139] net: reduce skb_warn_bad_offload() noise Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 003/139] net: skb_needs_check() accepts CHECKSUM_NONE for tx Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 004/139] Staging: comedi: comedi_fops: Avoid orphaned proc entry Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 005/139] udp: consistently apply ufo or fragmentation Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 006/139] Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 007/139] Bluetooth: cmtp: cmtp_add_connection() " Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 008/139] tcp: introduce tcp_rto_delta_us() helper for xmit timer fix Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 009/139] tcp: enable xmit timer fix by having TLP use time when RTO should fire Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 010/139] tcp: fix xmit timer to only be reset if data ACKed/SACKed Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 011/139] mm/page_alloc: Remove kernel address exposure in free_reserved_area() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 012/139] leak in O_DIRECT readv past the EOF Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 013/139] usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 014/139] usb: renesas_usbhs: fix the sequence in xfer_work() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 015/139] usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 016/139] fs/exec.c: account for argv/envp pointers Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 017/139] rxrpc: Fix several cases where a padded len isn't checked in ticket decode Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 018/139] xfrm: policy: check policy direction value Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 019/139] nl80211: check for the required netlink attributes presence Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 020/139] ALSA: seq: Fix use-after-free at creating a port Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 021/139] MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn' Willy Tarreau
2017-11-06 4:41 ` Huacai Chen
2017-11-06 5:07 ` Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 022/139] serial: ifx6x60: fix use-after-free on module unload Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 023/139] KEYS: fix dereferencing NULL payload with nonzero length Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 024/139] usb: chipidea: debug: check before accessing ci_role Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 025/139] cpufreq: conservative: Allow down_threshold to take values from 1 to 10 Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 026/139] powerpc/kprobes: Pause function_graph tracing during jprobes handling Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 027/139] staging: comedi: fix clean-up of comedi_class in comedi_init() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 028/139] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 029/139] vt: fix unchecked __put_user() in tioclinux ioctls Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 030/139] crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 031/139] PM / Domains: Fix unsafe iteration over modified list of device links Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 032/139] powerpc/64: Fix atomic64_inc_not_zero() to return an int Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 033/139] powerpc: Fix emulation of mfocrf in emulate_step() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 034/139] powerpc/asm: Mark cr0 as clobbered in mftb() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 035/139] usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 036/139] MIPS: Actually decode JALX in `__compute_return_epc_for_insn' Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 037/139] MIPS: Fix unaligned PC interpretation in `compute_return_epc' Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 038/139] MIPS: math-emu: Prevent wrong ISA mode instruction emulation Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 039/139] libata: array underflow in ata_find_dev() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 040/139] workqueue: restore WQ_UNBOUND/max_active==1 to be ordered Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 041/139] ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 042/139] ext4: fix overflow caused by missing cast in ext4_resize_fs() Willy Tarreau
2017-11-01 21:17 ` [PATCH 3.10 043/139] media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl Willy Tarreau
2017-11-01 21:25 ` Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 044/139] target: Avoid mappedlun symlink creation during lun shutdown Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 050/139] scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 051/139] usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 052/139] usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 053/139] iommu/amd: Finish TLB flush in amd_iommu_unmap() Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 054/139] direct-io: Prevent NULL pointer access in submit_page_section Willy Tarreau
2017-11-01 22:43 ` Andreas Gruenbacher
2017-11-02 6:17 ` Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 055/139] USB: serial: console: fix use-after-free after failed setup Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 056/139] KEYS: don't let add_key() update an uninstantiated key Willy Tarreau
2017-11-01 21:25 ` [PATCH 3.10 058/139] ext4: keep existing extra fields when inode expands Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 059/139] MIPS: Fix mips_atomic_set() retry condition Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 062/139] md/bitmap: disable bitmap_resize for file-backed bitmaps Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 064/139] netfilter: invoke synchronize_rcu after set the _hook_ to NULL Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 065/139] md/raid10: submit bio directly to replacement disk Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 066/139] md: fix super_offset endianness in super_1_rdev_size_change Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 067/139] lib/cmdline.c: fix get_options() overflow while parsing ranges Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 068/139] ext4: fix SEEK_HOLE Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 069/139] net: prevent sign extension in dev_get_stats() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 070/139] kernel/extable.c: mark core_kernel_text notrace Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 071/139] wext: handle NULL extra data in iwe_stream_add_point better Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 072/139] netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 073/139] ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 074/139] ext4: avoid deadlock when expanding inode size Willy Tarreau
2017-11-01 21:26 ` Willy Tarreau [this message]
2017-11-01 21:26 ` [PATCH 3.10 076/139] sctp: fix the check for _sctp_walk_params and _sctp_walk_errors Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 077/139] sctp: fully initialize the IPv6 address in sctp_v6_to_addr() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 078/139] sctp: potential read out of bounds in sctp_ulpevent_type_enabled() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 079/139] tcp: disallow cwnd undo when switching congestion control Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 080/139] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 081/139] tcp: reset sk_rx_dst in tcp_disconnect() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 082/139] tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 083/139] tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 084/139] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 085/139] net/packet: check length in getsockopt() called with PACKET_HDRLEN Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 086/139] net: Set sk_prot_creator when cloning sockets to the right proto Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 087/139] net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 088/139] net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 089/139] x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 090/139] kvm: async_pf: fix rcu_irq_enter() with irqs enabled Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 091/139] net: ping: do not abuse udp_poll() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 092/139] scsi: qla2xxx: don't disable a not previously enabled PCI device Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 093/139] drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 094/139] net: xilinx_emaclite: fix receive buffer overflow Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 095/139] serial: efm32: Fix parity management in 'efm32_uart_console_get_options()' Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 096/139] x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 097/139] mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 098/139] [media] pvrusb2: reduce stack usage pvr2_eeprom_analyze() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 099/139] usb: r8a66597-hcd: select a different endpoint on timeout Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 045/139] fuse: initialize the flock flag in fuse_file on allocation Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 046/139] scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 047/139] scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 048/139] scsi: zfcp: fix missing trace records for early returns in TMF eh handlers Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 049/139] scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 100/139] usb: r8a66597-hcd: decrease timeout Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 101/139] drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 102/139] net: phy: fix marvell phy status reading Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 103/139] net: korina: Fix NAPI versus resources freeing Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 104/139] xfrm: NULL dereference on allocation failure Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 105/139] xfrm: Oops on error in pfkey_msg2xfrm_state() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 106/139] cpufreq: s3c2416: double free on driver init error path Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 107/139] KVM: x86: zero base3 of unusable segments Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 108/139] KEYS: Fix an error code in request_master_key() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 109/139] ipv6: avoid unregistering inet6_dev for loopback Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 110/139] cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 111/139] cfg80211: Check if PMKID attribute is of expected size Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 112/139] mm: fix overflow check in expand_upwards() Willy Tarreau
2017-11-02 9:19 ` Geert Uytterhoeven
2017-11-02 9:44 ` Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 113/139] crypto: caam - fix signals handling Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 114/139] [media] ir-core: fix gcc-7 warning on bool arithmetic Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 115/139] udf: Fix deadlock between writeback and udf_setsize() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 116/139] perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 117/139] net/mlx4: Remove BUG_ON from ICM allocation routine Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 118/139] ipv4: initialize fib_trie prior to register_netdev_notifier call Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 119/139] workqueue: implicit ordered attribute should be overridable Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 120/139] packet: fix tp_reserve race in packet_set_ring Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 121/139] staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 122/139] ALSA: core: Fix unexpected error at replacing user TLV Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 123/139] ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 124/139] qlge: avoid memcpy buffer overflow Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 125/139] ipv6: fix memory leak with multiple tables during netns destruction Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 126/139] ipv6: fix typo in fib6_net_exit() Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 127/139] ip6_gre: fix endianness errors in ip6gre_err Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 128/139] crypto: AF_ALG - remove SGL terminator indicator when chaining Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 129/139] scsi: qla2xxx: Fix an integer overflow in sysfs code Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 130/139] tracing: Apply trace_clock changes to instance max buffer Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 131/139] tracing: Erase irqsoff trace with empty write Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 132/139] btrfs: prevent to set invalid default subvolid Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 133/139] IB/ipoib: rtnl_unlock can not come after free_netdev Willy Tarreau
2017-11-01 21:26 ` [PATCH 3.10 134/139] team: fix memory leaks Willy Tarreau
2017-11-01 21:27 ` [PATCH 3.10 135/139] IB/qib: fix false-postive maybe-uninitialized warning Willy Tarreau
2017-11-01 21:27 ` [PATCH 3.10 136/139] KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit Willy Tarreau
2017-11-01 21:27 ` [PATCH 3.10 137/139] usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options Willy Tarreau
2017-11-01 21:27 ` [PATCH 3.10 138/139] scsi: scsi_dh_emc: return success in clariion_std_inquiry() Willy Tarreau
2017-11-01 21:27 ` [PATCH 3.10 139/139] can: esd_usb2: Fix can_dlc value for received RTR, frames Willy Tarreau
2017-11-02 1:21 ` [PATCH 3.10 000/139] 3.10.108-stable review Guenter Roeck
2017-11-02 6:12 ` Willy Tarreau
2017-11-05 4:27 ` Levin, Alexander (Sasha Levin)
2017-11-05 14:03 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1509571600-4858-26-git-send-email-w@1wt.eu \
--to=w@1wt.eu \
--cc=davem@davemloft.net \
--cc=glider@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).