From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
"Paulo Alcantara (Red Hat)" <pc@manguebit.com>,
Wang Zhaolong <wangzhaolong1@huawei.com>,
Steve French <stfrench@microsoft.com>
Subject: [PATCH 5.15 190/207] smb: client: Fix use-after-free in cifs_fill_dirent
Date: Mon, 2 Jun 2025 15:49:22 +0200 [thread overview]
Message-ID: <20250602134306.221240683@linuxfoundation.org> (raw)
In-Reply-To: <20250602134258.769974467@linuxfoundation.org>
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Zhaolong <wangzhaolong1@huawei.com>
commit a7a8fe56e932a36f43e031b398aef92341bf5ea0 upstream.
There is a race condition in the readdir concurrency process, which may
access the rsp buffer after it has been released, triggering the
following KASAN warning.
==================================================================
BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]
Read of size 4 at addr ffff8880099b819c by task a.out/342975
CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x53/0x70
print_report+0xce/0x640
kasan_report+0xb8/0xf0
cifs_fill_dirent+0xb03/0xb60 [cifs]
cifs_readdir+0x12cb/0x3190 [cifs]
iterate_dir+0x1a1/0x520
__x64_sys_getdents+0x134/0x220
do_syscall_64+0x4b/0x110
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f996f64b9f9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89
f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8
RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e
RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88
R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000
</TASK>
Allocated by task 408:
kasan_save_stack+0x20/0x40
kasan_save_track+0x14/0x30
__kasan_slab_alloc+0x6e/0x70
kmem_cache_alloc_noprof+0x117/0x3d0
mempool_alloc_noprof+0xf2/0x2c0
cifs_buf_get+0x36/0x80 [cifs]
allocate_buffers+0x1d2/0x330 [cifs]
cifs_demultiplex_thread+0x22b/0x2690 [cifs]
kthread+0x394/0x720
ret_from_fork+0x34/0x70
ret_from_fork_asm+0x1a/0x30
Freed by task 342979:
kasan_save_stack+0x20/0x40
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x37/0x50
kmem_cache_free+0x2b8/0x500
cifs_buf_release+0x3c/0x70 [cifs]
cifs_readdir+0x1c97/0x3190 [cifs]
iterate_dir+0x1a1/0x520
__x64_sys_getdents64+0x134/0x220
do_syscall_64+0x4b/0x110
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The buggy address belongs to the object at ffff8880099b8000
which belongs to the cache cifs_request of size 16588
The buggy address is located 412 bytes inside of
freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000
head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001
head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000
head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
POC is available in the link [1].
The problem triggering process is as follows:
Process 1 Process 2
-----------------------------------------------------------------
cifs_readdir
/* file->private_data == NULL */
initiate_cifs_search
cifsFile = kzalloc(sizeof(struct cifsFileInfo), GFP_KERNEL);
smb2_query_dir_first ->query_dir_first()
SMB2_query_directory
SMB2_query_directory_init
cifs_send_recv
smb2_parse_query_directory
srch_inf->ntwrk_buf_start = (char *)rsp;
srch_inf->srch_entries_start = (char *)rsp + ...
srch_inf->last_entry = (char *)rsp + ...
srch_inf->smallBuf = true;
find_cifs_entry
/* if (cfile->srch_inf.ntwrk_buf_start) */
cifs_small_buf_release(cfile->srch_inf // free
cifs_readdir ->iterate_shared()
/* file->private_data != NULL */
find_cifs_entry
/* in while (...) loop */
smb2_query_dir_next ->query_dir_next()
SMB2_query_directory
SMB2_query_directory_init
cifs_send_recv
compound_send_recv
smb_send_rqst
__smb_send_rqst
rc = -ERESTARTSYS;
/* if (fatal_signal_pending()) */
goto out;
return rc
/* if (cfile->srch_inf.last_entry) */
cifs_save_resume_key()
cifs_fill_dirent // UAF
/* if (rc) */
return -ENOENT;
Fix this by ensuring the return code is checked before using pointers
from the srch_inf.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=220131 [1]
Fixes: a364bc0b37f1 ("[CIFS] fix saving of resume key before CIFSFindNext")
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/readdir.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -785,11 +785,11 @@ find_cifs_entry(const unsigned int xid,
rc = server->ops->query_dir_next(xid, tcon, &cfile->fid,
search_flags,
&cfile->srch_inf);
+ if (rc)
+ return -ENOENT;
/* FindFirst/Next set last_entry to NULL on malformed reply */
if (cfile->srch_inf.last_entry)
cifs_save_resume_key(cfile->srch_inf.last_entry, cfile);
- if (rc)
- return -ENOENT;
}
if (index_to_find < cfile->srch_inf.index_of_last_entry) {
/* we found the buffer that contains the entry */
next prev parent reply other threads:[~2025-06-02 15:02 UTC|newest]
Thread overview: 219+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-02 13:46 [PATCH 5.15 000/207] 5.15.185-rc1 review Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 001/207] scsi: target: iscsi: Fix timeout on deleted connection Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 002/207] virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 003/207] dma-mapping: avoid potential unused data compilation warning Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 004/207] cgroup: Fix compilation issue due to cgroup_mutex not being exported Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 005/207] net: enetc: refactor bulk flipping of RX buffers to separate function Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 006/207] bpf: fix possible endless loop in BPF map iteration Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 007/207] samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 008/207] kconfig: merge_config: use an empty file as initfile Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 009/207] NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 010/207] tracing: Mark binary printing functions with __printf() attribute Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 011/207] mailbox: use error ret code of of_parse_phandle_with_args() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 012/207] fbdev: fsl-diu-fb: add missing device_remove_file() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 013/207] fbcon: Use correct erase colour for clearing in fbcon Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 014/207] fbdev: core: tileblit: Implement missing margin clearing for tileblit Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 015/207] NFSv4: Treat ENETUNREACH errors as fatal for state recovery Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 016/207] SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 017/207] SUNRPC: rpcbind should never reset the port to the value 0 Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 018/207] thermal/drivers/qoriq: Power down TMU on system suspend Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 019/207] dql: Fix dql->limit value when reset Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 020/207] lockdep: Fix wait context check on softirq for PREEMPT_RT Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 021/207] PCI: dwc: ep: Ensure proper iteration over outbound map windows Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 022/207] tools/build: Dont pass test log files to linker Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 023/207] pNFS/flexfiles: Report ENETDOWN as a connection error Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 024/207] PCI: vmd: Disable MSI remapping bypass under Xen Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 025/207] libnvdimm/labels: Fix divide error in nd_label_data_init() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 026/207] mmc: host: Wait for Vdd to settle on card power off Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 027/207] wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 028/207] i2c: qup: Vote for interconnect bandwidth to DRAM Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 029/207] i2c: pxa: fix call balance of i2c->clk handling routines Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 030/207] btrfs: make btrfs_discard_workfn() block_group ref explicit Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 031/207] btrfs: avoid linker error in btrfs_find_create_tree_block() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 032/207] btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 033/207] btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 034/207] i3c: master: svc: Fix missing STOP for master request Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 035/207] dlm: make tcp still work in multi-link env Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 036/207] clocksource/drivers/timer-riscv: Stop stimecmp when cpu hotplug Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 037/207] um: Store full CSGSFS and SS register from mcontext Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 038/207] um: Update min_low_pfn to match changes in uml_reserved Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 039/207] ext4: reorder capability check last Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 040/207] scsi: st: Tighten the page format heuristics with MODE SELECT Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 041/207] scsi: st: ERASE does not change tape location Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 042/207] vfio/pci: Handle INTx IRQ_NOTCONNECTED Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 043/207] tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 044/207] rtc: rv3032: fix EERD location Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 045/207] ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 046/207] kbuild: fix argument parsing in scripts/config Greg Kroah-Hartman
2025-06-02 13:46 ` [PATCH 5.15 047/207] crypto: octeontx2 - suppress auth failure screaming due to negative tests Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 048/207] dm: restrict dm device size to 2^63-512 bytes Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 049/207] xen: Add support for XenServer 6.1 platform device Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 050/207] RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 051/207] posix-timers: Add cond_resched() to posix_timer_add() search loop Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 052/207] timer_list: Dont use %pK through printk() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 053/207] netfilter: conntrack: Bound nf_conntrack sysctl writes Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 054/207] arm64/mm: Check PUD_TYPE_TABLE in pud_bad() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 055/207] mmc: sdhci: Disable SD card clock before changing parameters Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 056/207] ipv6: save dontfrag in cork Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 057/207] auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 058/207] ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 059/207] cpufreq: tegra186: Share policy per cluster Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 060/207] crypto: lzo - Fix compression buffer overrun Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 061/207] arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 062/207] powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 063/207] tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 064/207] rtc: ds1307: stop disabling alarms on probe Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 065/207] ieee802154: ca8210: Use proper setters and getters for bitwise types Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 066/207] ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 067/207] media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 068/207] dm cache: prevent BUG_ON by blocking retries on failed device resumes Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 069/207] orangefs: Do not truncate file size Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 070/207] remoteproc: qcom_wcnss: Handle platforms with only single power domain Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 071/207] drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 072/207] media: cx231xx: set device_caps for 417 Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 073/207] pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 074/207] net: ethernet: ti: cpsw_new: populate netdev of_node Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 075/207] net: pktgen: fix mpls maximum labels list parsing Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 076/207] ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 077/207] media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 078/207] clk: imx8mp: inform CCF of maximum frequency of clocks Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 079/207] x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 080/207] hwmon: (gpio-fan) Add missing mutex locks Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 081/207] ARM: at91: pm: fix at91_suspend_finish for ZQ calibration Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 082/207] drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 083/207] fpga: altera-cvp: Increase credit timeout Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 084/207] PCI: brcmstb: Expand inbound window size up to 64GB Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 085/207] PCI: brcmstb: Add a softdep to MIP MSI-X driver Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 086/207] firmware: arm_ffa: Set dma_mask for ffa devices Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 087/207] net/mlx5: Avoid report two health errors on same syndrome Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 088/207] selftests/net: have `gro.sh -t` return a correct exit code Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 089/207] drm/amdkfd: KFD release_work possible circular locking Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 090/207] net: xgene-v2: remove incorrect ACPI_PTR annotation Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 091/207] bonding: report duplicate MAC address in all situations Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 092/207] soc: ti: k3-socinfo: Do not use syscon helper to build regmap Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 093/207] x86/build: Fix broken copy command in genimage.sh when making isoimage Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 094/207] drm/amd/display: handle max_downscale_src_width fail check Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 095/207] x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 096/207] cpuidle: menu: Avoid discarding useful information Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 097/207] libbpf: Fix out-of-bound read Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 098/207] x86/kaslr: Reduce KASLR entropy on most x86 systems Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 099/207] MIPS: Use arch specific syscall name match function Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 100/207] MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 101/207] clocksource: mips-gic-timer: Enable counter when CPUs start Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 102/207] scsi: mpt3sas: Send a diag reset if target reset fails Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 103/207] wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 104/207] wifi: rtw88: Fix rtw_init_ht_cap() " Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 105/207] wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 106/207] net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Greg Kroah-Hartman
2025-06-02 13:47 ` [PATCH 5.15 107/207] EDAC/ie31200: work around false positive build warning Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 108/207] RDMA/core: Fix best page size finding when it can cross SG entries Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 109/207] can: c_can: Use of_property_present() to test existence of DT property Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 110/207] eth: mlx4: dont try to complete XDP frames in netpoll Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 111/207] PCI: Fix old_size lower bound in calculate_iosize() too Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 112/207] ACPI: HED: Always initialize before evged Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 113/207] net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 114/207] net/mlx5: Apply rate-limiting to high temperature warning Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 115/207] ASoC: ops: Enforce platform maximum on initial value Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 116/207] ASoC: tas2764: Power up/down amp on mute ops Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 117/207] ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 118/207] pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 119/207] smack: recognize ipv4 CIPSO w/o categories Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 120/207] media: v4l: Memset argument to 0 before calling get_mbus_config pad op Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 121/207] net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 122/207] phy: core: dont require set_mode() callback for phy_get_mode() to work Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 123/207] drm/amdgpu: reset psp->cmd to NULL after releasing the buffer Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 124/207] drm/amd/display: Initial psr_version with correct setting Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 125/207] net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 126/207] net/mlx5e: set the tx_queue_len for pfifo_fast Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 127/207] net/mlx5e: reduce rep rxq depth to 256 for ECPF Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 128/207] wifi: mac80211: dont unconditionally call drv_mgd_complete_tx() Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 129/207] wifi: mac80211: remove misplaced drv_mgd_complete_tx() call Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 130/207] arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 131/207] ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure() Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 132/207] r8152: add vendor/device ID pair for Dell Alienware AW1022z Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 133/207] wifi: rtw88: Fix download_firmware_validate() for RTL8814AU Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 134/207] clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 135/207] hwmon: (xgene-hwmon) use appropriate type for the latency value Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 136/207] media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 137/207] vxlan: Annotate FDB data races Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 138/207] r8169: dont scan PHY addresses > 0 Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 139/207] rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 140/207] rcu: fix header guard for rcu_all_qs() Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 141/207] net/mana: fix warning in the writer of client oob Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 142/207] scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 143/207] scsi: st: Restore some drive settings after reset Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 144/207] HID: usbkbd: Fix the bit shift number for LED_KANA Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 145/207] drm/ast: Find VBIOS mode from regular display size Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 146/207] bpftool: Fix readlink usage in get_fd_type Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 147/207] perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 148/207] wifi: rtw88: Dont use static local variable in rtw8822b_set_tx_power_index_by_rate Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 149/207] spi: zynqmp-gqspi: Always acknowledge interrupts Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 150/207] regulator: ad5398: Add device tree support Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 151/207] wifi: ath9k: return by of_get_mac_address Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 152/207] drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 153/207] drm: Add valid clones check Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 154/207] ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 155/207] pinctrl: meson: define the pull up/down resistor value as 60 kOhm Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 156/207] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 157/207] ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 158/207] nvmet-tcp: dont restore null sk_state_change Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 159/207] btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 160/207] xenbus: Allow PVH dom0 a non-local xenstore Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 161/207] __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 162/207] remoteproc: qcom_wcnss: Fix on platforms without fallback regulators Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 163/207] xfrm: Sanitize marks before insert Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 164/207] Bluetooth: L2CAP: Fix not checking l2cap_chan security level Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 165/207] bridge: netfilter: Fix forwarding of fragmented packets Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 166/207] net: dwmac-sun8i: Use parsed internal PHY address instead of 1 Greg Kroah-Hartman
2025-06-02 13:48 ` [PATCH 5.15 167/207] sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 168/207] net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 169/207] octeontx2-af: Set LMT_ENA bit for APR table entries Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 170/207] crypto: algif_hash - fix double free in hash_accept Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 171/207] padata: do not leak refcount in reorder_work Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 172/207] can: bcm: add locking for bcm_op runtime updates Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 173/207] can: bcm: add missing rcu read protection for procfs content Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 174/207] ALSA: pcm: Fix race of buffer access at PCM OSS layer Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 175/207] llc: fix data loss when reading from a socket in llc_ui_recvmsg() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 176/207] platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 177/207] drm/edid: fixed the bug that hdr metadata was not reset Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 178/207] Revert "drm/amd: Keep display off while going into S4" Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 179/207] memcg: always call cond_resched() after fn() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 180/207] mm/page_alloc.c: avoid infinite retries caused by cpuset race Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 181/207] Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 182/207] spi: spi-fsl-dspi: restrict register range for regmap access Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 183/207] spi: spi-fsl-dspi: Halt the module after a new message transfer Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 184/207] spi: spi-fsl-dspi: Reset SR flags before sending a new message Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 185/207] kbuild: Disable -Wdefault-const-init-unsafe Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 186/207] i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 187/207] xen/swiotlb: relax alignment requirements Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 188/207] drm/i915/gvt: fix unterminated-string-initialization warning Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 189/207] x86/its: Fix undefined reference to cpu_wants_rethunk_at() Greg Kroah-Hartman
2025-06-02 13:49 ` Greg Kroah-Hartman [this message]
2025-06-02 13:49 ` [PATCH 5.15 191/207] smb: client: Reset all search buffer pointers when releasing buffer Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 192/207] arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 193/207] net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 194/207] coredump: fix error handling for replace_fd() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 195/207] pid: add pidfd_prepare() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 196/207] fork: use pidfd_prepare() Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 197/207] coredump: hand a pidfd to the usermode coredump helper Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 198/207] HID: quirks: Add ADATA XPG alpha wireless mouse support Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 199/207] nfs: dont share pNFS DS connections between net namespaces Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 200/207] platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 201/207] um: let make clean properly clean underlying SUBARCH as well Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 202/207] spi: spi-sun4i: fix early activation Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 203/207] nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 204/207] tpm: tis: Double the timeout B to 4s Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 205/207] platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 206/207] platform/x86: thinkpad_acpi: Ignore battery threshold change event notification Greg Kroah-Hartman
2025-06-02 13:49 ` [PATCH 5.15 207/207] perf/arm-cmn: Initialise cmn->cpu earlier Greg Kroah-Hartman
2025-06-02 17:03 ` [PATCH 5.15 000/207] 5.15.185-rc1 review Florian Fainelli
2025-06-02 17:46 ` Richard Narron
2025-06-02 20:39 ` Pavel Machek
2025-06-03 4:02 ` Naresh Kamboju
2025-06-03 7:56 ` Greg Kroah-Hartman
2025-06-03 7:00 ` Ron Economos
2025-06-03 7:56 ` Greg Kroah-Hartman
2025-06-03 17:12 ` Shuah Khan
2025-06-03 17:24 ` Mark Brown
2025-06-03 20:22 ` Hardik Garg
2025-06-04 9:40 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250602134306.221240683@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=patches@lists.linux.dev \
--cc=pc@manguebit.com \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
--cc=wangzhaolong1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox