From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jann Horn <jannh@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: [PATCH 4.18 110/145] sys: dont hold uts_sem while accessing userspace memory
Date: Fri, 7 Sep 2018 23:09:36 +0200 [thread overview]
Message-ID: <20180907210912.628191268@linuxfoundation.org> (raw)
In-Reply-To: <20180907210903.617721278@linuxfoundation.org>
4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream.
Holding uts_sem as a writer while accessing userspace memory allows a
namespace admin to stall all processes that attempt to take uts_sem.
Instead, move data through stack buffers and don't access userspace memory
while uts_sem is held.
Cc: stable@vger.kernel.org
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/kernel/osf_sys.c | 51 +++++++++-----------
arch/sparc/kernel/sys_sparc_32.c | 22 +++++----
arch/sparc/kernel/sys_sparc_64.c | 20 ++++----
kernel/sys.c | 95 ++++++++++++++++++---------------------
kernel/utsname_sysctl.c | 41 ++++++++++------
5 files changed, 119 insertions(+), 110 deletions(-)
--- a/arch/alpha/kernel/osf_sys.c
+++ b/arch/alpha/kernel/osf_sys.c
@@ -530,24 +530,19 @@ SYSCALL_DEFINE4(osf_mount, unsigned long
SYSCALL_DEFINE1(osf_utsname, char __user *, name)
{
int error;
+ char tmp[5 * 32];
down_read(&uts_sem);
- error = -EFAULT;
- if (copy_to_user(name + 0, utsname()->sysname, 32))
- goto out;
- if (copy_to_user(name + 32, utsname()->nodename, 32))
- goto out;
- if (copy_to_user(name + 64, utsname()->release, 32))
- goto out;
- if (copy_to_user(name + 96, utsname()->version, 32))
- goto out;
- if (copy_to_user(name + 128, utsname()->machine, 32))
- goto out;
+ memcpy(tmp + 0 * 32, utsname()->sysname, 32);
+ memcpy(tmp + 1 * 32, utsname()->nodename, 32);
+ memcpy(tmp + 2 * 32, utsname()->release, 32);
+ memcpy(tmp + 3 * 32, utsname()->version, 32);
+ memcpy(tmp + 4 * 32, utsname()->machine, 32);
+ up_read(&uts_sem);
- error = 0;
- out:
- up_read(&uts_sem);
- return error;
+ if (copy_to_user(name, tmp, sizeof(tmp)))
+ return -EFAULT;
+ return 0;
}
SYSCALL_DEFINE0(getpagesize)
@@ -567,18 +562,21 @@ SYSCALL_DEFINE2(osf_getdomainname, char
{
int len, err = 0;
char *kname;
+ char tmp[32];
- if (namelen > 32)
+ if (namelen < 0 || namelen > 32)
namelen = 32;
down_read(&uts_sem);
kname = utsname()->domainname;
len = strnlen(kname, namelen);
- if (copy_to_user(name, kname, min(len + 1, namelen)))
- err = -EFAULT;
+ len = min(len + 1, namelen);
+ memcpy(tmp, kname, len);
up_read(&uts_sem);
- return err;
+ if (copy_to_user(name, tmp, len))
+ return -EFAULT;
+ return 0;
}
/*
@@ -739,13 +737,14 @@ SYSCALL_DEFINE3(osf_sysinfo, int, comman
};
unsigned long offset;
const char *res;
- long len, err = -EINVAL;
+ long len;
+ char tmp[__NEW_UTS_LEN + 1];
offset = command-1;
if (offset >= ARRAY_SIZE(sysinfo_table)) {
/* Digital UNIX has a few unpublished interfaces here */
printk("sysinfo(%d)", command);
- goto out;
+ return -EINVAL;
}
down_read(&uts_sem);
@@ -753,13 +752,11 @@ SYSCALL_DEFINE3(osf_sysinfo, int, comman
len = strlen(res)+1;
if ((unsigned long)len > (unsigned long)count)
len = count;
- if (copy_to_user(buf, res, len))
- err = -EFAULT;
- else
- err = 0;
+ memcpy(tmp, res, len);
up_read(&uts_sem);
- out:
- return err;
+ if (copy_to_user(buf, tmp, len))
+ return -EFAULT;
+ return 0;
}
SYSCALL_DEFINE5(osf_getsysinfo, unsigned long, op, void __user *, buffer,
--- a/arch/sparc/kernel/sys_sparc_32.c
+++ b/arch/sparc/kernel/sys_sparc_32.c
@@ -197,23 +197,27 @@ SYSCALL_DEFINE5(rt_sigaction, int, sig,
SYSCALL_DEFINE2(getdomainname, char __user *, name, int, len)
{
- int nlen, err;
-
+ int nlen, err;
+ char tmp[__NEW_UTS_LEN + 1];
+
if (len < 0)
return -EINVAL;
- down_read(&uts_sem);
-
+ down_read(&uts_sem);
+
nlen = strlen(utsname()->domainname) + 1;
err = -EINVAL;
if (nlen > len)
- goto out;
+ goto out_unlock;
+ memcpy(tmp, utsname()->domainname, nlen);
+
+ up_read(&uts_sem);
- err = -EFAULT;
- if (!copy_to_user(name, utsname()->domainname, nlen))
- err = 0;
+ if (copy_to_user(name, tmp, nlen))
+ return -EFAULT;
+ return 0;
-out:
+out_unlock:
up_read(&uts_sem);
return err;
}
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -519,23 +519,27 @@ asmlinkage void sparc_breakpoint(struct
SYSCALL_DEFINE2(getdomainname, char __user *, name, int, len)
{
- int nlen, err;
+ int nlen, err;
+ char tmp[__NEW_UTS_LEN + 1];
if (len < 0)
return -EINVAL;
- down_read(&uts_sem);
-
+ down_read(&uts_sem);
+
nlen = strlen(utsname()->domainname) + 1;
err = -EINVAL;
if (nlen > len)
- goto out;
+ goto out_unlock;
+ memcpy(tmp, utsname()->domainname, nlen);
+
+ up_read(&uts_sem);
- err = -EFAULT;
- if (!copy_to_user(name, utsname()->domainname, nlen))
- err = 0;
+ if (copy_to_user(name, tmp, nlen))
+ return -EFAULT;
+ return 0;
-out:
+out_unlock:
up_read(&uts_sem);
return err;
}
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1237,18 +1237,19 @@ static int override_release(char __user
SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name)
{
- int errno = 0;
+ struct new_utsname tmp;
down_read(&uts_sem);
- if (copy_to_user(name, utsname(), sizeof *name))
- errno = -EFAULT;
+ memcpy(&tmp, utsname(), sizeof(tmp));
up_read(&uts_sem);
+ if (copy_to_user(name, &tmp, sizeof(tmp)))
+ return -EFAULT;
- if (!errno && override_release(name->release, sizeof(name->release)))
- errno = -EFAULT;
- if (!errno && override_architecture(name))
- errno = -EFAULT;
- return errno;
+ if (override_release(name->release, sizeof(name->release)))
+ return -EFAULT;
+ if (override_architecture(name))
+ return -EFAULT;
+ return 0;
}
#ifdef __ARCH_WANT_SYS_OLD_UNAME
@@ -1257,55 +1258,46 @@ SYSCALL_DEFINE1(newuname, struct new_uts
*/
SYSCALL_DEFINE1(uname, struct old_utsname __user *, name)
{
- int error = 0;
+ struct old_utsname tmp;
if (!name)
return -EFAULT;
down_read(&uts_sem);
- if (copy_to_user(name, utsname(), sizeof(*name)))
- error = -EFAULT;
+ memcpy(&tmp, utsname(), sizeof(tmp));
up_read(&uts_sem);
+ if (copy_to_user(name, &tmp, sizeof(tmp)))
+ return -EFAULT;
- if (!error && override_release(name->release, sizeof(name->release)))
- error = -EFAULT;
- if (!error && override_architecture(name))
- error = -EFAULT;
- return error;
+ if (override_release(name->release, sizeof(name->release)))
+ return -EFAULT;
+ if (override_architecture(name))
+ return -EFAULT;
+ return 0;
}
SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
{
- int error;
+ struct oldold_utsname tmp = {};
if (!name)
return -EFAULT;
- if (!access_ok(VERIFY_WRITE, name, sizeof(struct oldold_utsname)))
- return -EFAULT;
down_read(&uts_sem);
- error = __copy_to_user(&name->sysname, &utsname()->sysname,
- __OLD_UTS_LEN);
- error |= __put_user(0, name->sysname + __OLD_UTS_LEN);
- error |= __copy_to_user(&name->nodename, &utsname()->nodename,
- __OLD_UTS_LEN);
- error |= __put_user(0, name->nodename + __OLD_UTS_LEN);
- error |= __copy_to_user(&name->release, &utsname()->release,
- __OLD_UTS_LEN);
- error |= __put_user(0, name->release + __OLD_UTS_LEN);
- error |= __copy_to_user(&name->version, &utsname()->version,
- __OLD_UTS_LEN);
- error |= __put_user(0, name->version + __OLD_UTS_LEN);
- error |= __copy_to_user(&name->machine, &utsname()->machine,
- __OLD_UTS_LEN);
- error |= __put_user(0, name->machine + __OLD_UTS_LEN);
+ memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN);
+ memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN);
+ memcpy(&tmp.release, &utsname()->release, __OLD_UTS_LEN);
+ memcpy(&tmp.version, &utsname()->version, __OLD_UTS_LEN);
+ memcpy(&tmp.machine, &utsname()->machine, __OLD_UTS_LEN);
up_read(&uts_sem);
+ if (copy_to_user(name, &tmp, sizeof(tmp)))
+ return -EFAULT;
- if (!error && override_architecture(name))
- error = -EFAULT;
- if (!error && override_release(name->release, sizeof(name->release)))
- error = -EFAULT;
- return error ? -EFAULT : 0;
+ if (override_architecture(name))
+ return -EFAULT;
+ if (override_release(name->release, sizeof(name->release)))
+ return -EFAULT;
+ return 0;
}
#endif
@@ -1319,17 +1311,18 @@ SYSCALL_DEFINE2(sethostname, char __user
if (len < 0 || len > __NEW_UTS_LEN)
return -EINVAL;
- down_write(&uts_sem);
errno = -EFAULT;
if (!copy_from_user(tmp, name, len)) {
- struct new_utsname *u = utsname();
+ struct new_utsname *u;
+ down_write(&uts_sem);
+ u = utsname();
memcpy(u->nodename, tmp, len);
memset(u->nodename + len, 0, sizeof(u->nodename) - len);
errno = 0;
uts_proc_notify(UTS_PROC_HOSTNAME);
+ up_write(&uts_sem);
}
- up_write(&uts_sem);
return errno;
}
@@ -1337,8 +1330,9 @@ SYSCALL_DEFINE2(sethostname, char __user
SYSCALL_DEFINE2(gethostname, char __user *, name, int, len)
{
- int i, errno;
+ int i;
struct new_utsname *u;
+ char tmp[__NEW_UTS_LEN + 1];
if (len < 0)
return -EINVAL;
@@ -1347,11 +1341,11 @@ SYSCALL_DEFINE2(gethostname, char __user
i = 1 + strlen(u->nodename);
if (i > len)
i = len;
- errno = 0;
- if (copy_to_user(name, u->nodename, i))
- errno = -EFAULT;
+ memcpy(tmp, u->nodename, i);
up_read(&uts_sem);
- return errno;
+ if (copy_to_user(name, tmp, i))
+ return -EFAULT;
+ return 0;
}
#endif
@@ -1370,17 +1364,18 @@ SYSCALL_DEFINE2(setdomainname, char __us
if (len < 0 || len > __NEW_UTS_LEN)
return -EINVAL;
- down_write(&uts_sem);
errno = -EFAULT;
if (!copy_from_user(tmp, name, len)) {
- struct new_utsname *u = utsname();
+ struct new_utsname *u;
+ down_write(&uts_sem);
+ u = utsname();
memcpy(u->domainname, tmp, len);
memset(u->domainname + len, 0, sizeof(u->domainname) - len);
errno = 0;
uts_proc_notify(UTS_PROC_DOMAINNAME);
+ up_write(&uts_sem);
}
- up_write(&uts_sem);
return errno;
}
--- a/kernel/utsname_sysctl.c
+++ b/kernel/utsname_sysctl.c
@@ -18,7 +18,7 @@
#ifdef CONFIG_PROC_SYSCTL
-static void *get_uts(struct ctl_table *table, int write)
+static void *get_uts(struct ctl_table *table)
{
char *which = table->data;
struct uts_namespace *uts_ns;
@@ -26,21 +26,9 @@ static void *get_uts(struct ctl_table *t
uts_ns = current->nsproxy->uts_ns;
which = (which - (char *)&init_uts_ns) + (char *)uts_ns;
- if (!write)
- down_read(&uts_sem);
- else
- down_write(&uts_sem);
return which;
}
-static void put_uts(struct ctl_table *table, int write, void *which)
-{
- if (!write)
- up_read(&uts_sem);
- else
- up_write(&uts_sem);
-}
-
/*
* Special case of dostring for the UTS structure. This has locks
* to observe. Should this be in kernel/sys.c ????
@@ -50,13 +38,34 @@ static int proc_do_uts_string(struct ctl
{
struct ctl_table uts_table;
int r;
+ char tmp_data[__NEW_UTS_LEN + 1];
+
memcpy(&uts_table, table, sizeof(uts_table));
- uts_table.data = get_uts(table, write);
+ uts_table.data = tmp_data;
+
+ /*
+ * Buffer the value in tmp_data so that proc_dostring() can be called
+ * without holding any locks.
+ * We also need to read the original value in the write==1 case to
+ * support partial writes.
+ */
+ down_read(&uts_sem);
+ memcpy(tmp_data, get_uts(table), sizeof(tmp_data));
+ up_read(&uts_sem);
r = proc_dostring(&uts_table, write, buffer, lenp, ppos);
- put_uts(table, write, uts_table.data);
- if (write)
+ if (write) {
+ /*
+ * Write back the new value.
+ * Note that, since we dropped uts_sem, the result can
+ * theoretically be incorrect if there are two parallel writes
+ * at non-zero offsets to the same sysctl.
+ */
+ down_write(&uts_sem);
+ memcpy(get_uts(table), tmp_data, sizeof(tmp_data));
+ up_write(&uts_sem);
proc_sys_poll_notify(table->poll);
+ }
return r;
}
next prev parent reply other threads:[~2018-09-08 2:02 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-07 21:07 [PATCH 4.18 000/145] 4.18.7-stable review Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 001/145] rcu: Make expedited GPs handle CPU 0 being offline Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 002/145] net: 6lowpan: fix reserved space for single frames Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 003/145] net: mac802154: tx: expand tailroom if necessary Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 004/145] 9p/net: Fix zero-copy path in the 9p virtio transport Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 005/145] spi: davinci: fix a NULL pointer dereference Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 006/145] spi: pxa2xx: Add support for Intel Ice Lake Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 007/145] spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 008/145] spi: cadence: Change usleep_range() to udelay(), for atomic context Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 009/145] mmc: block: Fix unsupported parallel dispatch of requests Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 010/145] mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 011/145] mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 012/145] readahead: stricter check for bdi io_pages Greg Kroah-Hartman
2018-09-07 21:07 ` [PATCH 4.18 013/145] block: fix infinite loop if the device loses discard capability Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 014/145] block: blk_init_allocated_queue() set q->fq as NULL in the fail case Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 015/145] block: really disable runtime-pm for blk-mq Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 016/145] blkcg: Introduce blkg_root_lookup() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 017/145] block: Introduce blk_exit_queue() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 018/145] block: Ensure that a request queue is dissociated from the cgroup controller Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 019/145] apparmor: fix bad debug check in apparmor_secid_to_secctx() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 021/145] libertas: fix suspend and resume for SDIO connected cards Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 022/145] media: Revert "[media] tvp5150: fix pad format frame height" Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 023/145] mailbox: xgene-slimpro: Fix potential NULL pointer dereference Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 024/145] Replace magic for trusting the secondary keyring with #define Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 025/145] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 026/145] powerpc/fadump: handle crash memory ranges array index overflow Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 027/145] powerpc/64s: Fix page table fragment refcount race vs speculative references Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 028/145] powerpc/pseries: Fix endianness while restoring of r3 in MCE handler Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 029/145] powerpc/pkeys: Give all threads control of their key permissions Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 030/145] powerpc/pkeys: Deny read/write/execute by default Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 031/145] powerpc/pkeys: key allocation/deallocation must not change pkey registers Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 032/145] powerpc/pkeys: Save the pkey registers before fork Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 033/145] powerpc/pkeys: Fix calculation of total pkeys Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 034/145] powerpc/pkeys: Preallocate execute-only key Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 035/145] powerpc/nohash: fix pte_access_permitted() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 036/145] powerpc64/ftrace: Include ftrace.h needed for enable/disable calls Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 037/145] powerpc/powernv/pci: Work around races in PCI bridge enabling Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 038/145] cxl: Fix wrong comparison in cxl_adapter_context_get() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 039/145] ocxl: Fix page fault handler in case of fault on dying process Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 040/145] IB/mlx5: Honor cnt_set_id_valid flag instead of set_id Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 041/145] IB/mlx5: Fix leaking stack memory to userspace Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 042/145] IB/srpt: Fix srpt_cm_req_recv() error path (1/2) Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 043/145] IB/srpt: Fix srpt_cm_req_recv() error path (2/2) Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 044/145] IB/srpt: Support HCAs with more than two ports Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 045/145] overflow.h: Add arithmetic shift helper Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 046/145] RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 047/145] ib_srpt: Fix a use-after-free in srpt_close_ch() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 048/145] ib_srpt: Fix a use-after-free in __srpt_close_all_ch() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 049/145] RDMA/rxe: Set wqe->status correctly if an unexpected response is received Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 050/145] 9p: fix multiple NULL-pointer-dereferences Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 051/145] fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 052/145] 9p/virtio: fix off-by-one error in sg list bounds check Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 053/145] net/9p/client.c: version pointer uninitialized Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 054/145] net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 055/145] dm integrity: change suspending variable from bool to int Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 056/145] dm thin: stop no_space_timeout worker when switching to write-mode Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 057/145] dm cache metadata: save in-core policy_hint_size to on-disk superblock Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 058/145] dm cache metadata: set dirty on all cache blocks after a crash Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 059/145] dm crypt: dont decrease device limits Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 060/145] dm writecache: fix a crash due to reading past end of dirty_bitmap Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 062/145] Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 063/145] Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 064/145] iio: sca3000: Fix missing return in switch Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 065/145] iio: ad9523: Fix displayed phase Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 066/145] iio: ad9523: Fix return value for ad952x_store() Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 067/145] extcon: Release locking when sending the notification of connector state Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 068/145] eventpoll.h: wrap casts in () properly Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 069/145] vmw_balloon: fix inflation of 64-bit GFNs Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 070/145] vmw_balloon: do not use 2MB without batching Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 071/145] vmw_balloon: VMCI_DOORBELL_SET does not check status Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 072/145] vmw_balloon: fix VMCI use when balloon built into kernel Greg Kroah-Hartman
2018-09-07 21:08 ` [PATCH 4.18 073/145] rtc: omap: fix resource leak in registration error path Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 074/145] rtc: omap: fix potential crash on power off Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 075/145] tracing: Do not call start/stop() functions when tracing_on does not change Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 076/145] tracing/blktrace: Fix to allow setting same value Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 077/145] printk/tracing: Do not trace printk_nmi_enter() Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 078/145] livepatch: Validate module/old func name length Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 079/145] uprobes: Use synchronize_rcu() not synchronize_sched() Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 080/145] mfd: hi655x: Fix regmap area declared size for hi655x Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 081/145] ovl: fix wrong use of impure dir cache in ovl_iterate() Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 082/145] ACPICA: AML Parser: skip opcodes that open a scope upon parse failure Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 083/145] ACPICA: Clear status of all events when entering sleep states Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 084/145] drivers/block/zram/zram_drv.c: fix bug storing backing_dev Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 085/145] sched: idle: Avoid retaining the tick when it has been stopped Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 086/145] cpuidle: menu: Handle stopped tick more aggressively Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 087/145] cpufreq: governor: Avoid accessing invalid governor_data Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 088/145] PM / sleep: wakeup: Fix build error caused by missing SRCU support Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 089/145] ALSA: ac97: fix device initialization in the compat layer Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 090/145] ALSA: ac97: fix check of pm_runtime_get_sync failure Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 091/145] ALSA: ac97: fix unbalanced pm_runtime_enable Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 092/145] i2c: designware: Re-init controllers with pm_disabled set on resume Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 093/145] KVM: VMX: fixes for vmentry_l1d_flush module parameter Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 094/145] KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 095/145] xtensa: limit offsets in __loop_cache_{all,page} Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 096/145] xtensa: increase ranges in ___invalidate_{i,d}cache_all Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 097/145] block, bfq: return nbytes and not zero from struct cftype .write() method Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 098/145] pnfs/blocklayout: off by one in bl_map_stripe() Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 099/145] nfsd: fix leaked file lock with nfs exported overlayfs Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 100/145] NFSv4 client live hangs after live data migration recovery Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 101/145] NFSv4: Fix locking in pnfs_generic_recover_commit_reqs Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 102/145] NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 103/145] ARM: tegra: Fix Tegra30 Cardhu PCA954x reset Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 104/145] ARM: dts: am57xx-idk: Enable dual role for USB2 port Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 105/145] pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 106/145] mm/tlb: Remove tlb_remove_table() non-concurrent condition Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 107/145] iommu/ipmmu-vmsa: Dont register as BUS IOMMU if machine doesnt have IPMMU-VMSA Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 108/145] iommu/vt-d: Add definitions for PFSID Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 109/145] iommu/vt-d: Fix dev iotlb pfsid use Greg Kroah-Hartman
2018-09-07 21:09 ` Greg Kroah-Hartman [this message]
2018-09-07 21:09 ` [PATCH 4.18 111/145] userns: move user access out of the mutex Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 112/145] ubifs: Fix memory leak in lprobs self-check Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 113/145] Revert "UBIFS: Fix potential integer overflow in allocation" Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 114/145] ubifs: Check data node size before truncate Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 115/145] ubifs: xattr: Dont operate on deleted inodes Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 116/145] ubifs: Fix directory size calculation for symlinks Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 117/145] ubifs: Fix synced_i_size calculation for xattr inodes Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 118/145] pwm: tiehrpwm: Dont use emulation mode bits to control PWM output Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 119/145] pwm: tiehrpwm: Fix disabling of output of PWMs Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 120/145] fb: fix lost console when the user unplugs a USB adapter Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 121/145] udlfb: fix semaphore value leak Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 122/145] udlfb: fix display corruption of the last line Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 123/145] udlfb: dont switch if we are switching to the same videomode Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 124/145] udlfb: set optimal write delay Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 125/145] udlfb: make a local copy of fb_ops Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 126/145] udlfb: handle allocation failure Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 127/145] udlfb: set line_length in dlfb_ops_set_par Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 128/145] getxattr: use correct xattr length Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 129/145] libnvdimm: Use max contiguous area for namespace size Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 130/145] libnvdimm: fix ars_status output length calculation Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 131/145] bcache: release dc->writeback_lock properly in bch_writeback_thread() Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 132/145] kconfig: fix "Cant open ..." in parallel build Greg Kroah-Hartman
2018-09-07 21:09 ` [PATCH 4.18 133/145] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 135/145] perf auxtrace: Fix queue resize Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 136/145] crypto: vmx - Fix sleep-in-atomic bugs Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 137/145] crypto: aesni - Use unaligned loads from gcm_context_data Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 138/145] crypto: arm64/sm4-ce - check for the right CPU feature bit Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 142/145] fs/quota: Fix spectre gadget in do_quotactl Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 143/145] udf: Fix mounting of Win7 created UDF filesystems Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 144/145] cpuidle: menu: Retain tick when shallow state is selected Greg Kroah-Hartman
2018-09-07 21:10 ` [PATCH 4.18 145/145] arm64: mm: always enable CONFIG_HOLES_IN_ZONE Greg Kroah-Hartman
2018-09-08 21:16 ` [PATCH 4.18 000/145] 4.18.7-stable review Guenter Roeck
2018-09-09 8:35 ` Greg Kroah-Hartman
2018-09-09 4:22 ` Naresh Kamboju
2018-09-10 15:48 ` Shuah Khan
2018-09-10 15:56 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180907210912.628191268@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).