All of lore.kernel.org
 help / color / mirror / Atom feed
From: lizf@kernel.org
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Mikulas Patocka <mpatocka@redhat.com>,
	Mike Snitzer <snitzer@redhat.com>, Zefan Li <lizefan@huawei.com>
Subject: [PATCH 3.4 82/91] dm crypt: fix access beyond the end of allocated space
Date: Wed, 28 Jan 2015 12:08:51 +0800	[thread overview]
Message-ID: <1422418236-12852-164-git-send-email-lizf@kernel.org> (raw)
In-Reply-To: <1422418050-12581-1-git-send-email-lizf@kernel.org>

From: Mikulas Patocka <mpatocka@redhat.com>

3.4.105-rc1 review patch.  If anyone has any objections, please let me know.

------------------


commit d49ec52ff6ddcda178fc2476a109cf1bd1fa19ed upstream.

The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.

This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto").  However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two.  This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data").  By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.

To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc.  The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.

The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block.  dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.

When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).

dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure.  However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector.  If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.

Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.

Also correct the alignment of dm_crypt_request.  struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).

Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.

Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
[lizf: Backported by Mikulas]
Signed-off-by: Zefan Li <lizefan@huawei.com>
---
 drivers/md/dm-crypt.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 535c3e2..926989d 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1566,6 +1566,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 	unsigned int key_size, opt_params;
 	unsigned long long tmpll;
 	int ret;
+	size_t iv_size_padding;
 	struct dm_arg_set as;
 	const char *opt_string;
 	char dummy;
@@ -1602,12 +1603,23 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 
 	cc->dmreq_start = sizeof(struct ablkcipher_request);
 	cc->dmreq_start += crypto_ablkcipher_reqsize(any_tfm(cc));
-	cc->dmreq_start = ALIGN(cc->dmreq_start, crypto_tfm_ctx_alignment());
-	cc->dmreq_start += crypto_ablkcipher_alignmask(any_tfm(cc)) &
-			   ~(crypto_tfm_ctx_alignment() - 1);
+	cc->dmreq_start = ALIGN(cc->dmreq_start, __alignof__(struct dm_crypt_request));
+
+	if (crypto_ablkcipher_alignmask(any_tfm(cc)) < CRYPTO_MINALIGN) {
+		/* Allocate the padding exactly */
+		iv_size_padding = -(cc->dmreq_start + sizeof(struct dm_crypt_request))
+				& crypto_ablkcipher_alignmask(any_tfm(cc));
+	} else {
+		/*
+		 * If the cipher requires greater alignment than kmalloc
+		 * alignment, we don't know the exact position of the
+		 * initialization vector. We must assume worst case.
+		 */
+		iv_size_padding = crypto_ablkcipher_alignmask(any_tfm(cc));
+	}
 
 	cc->req_pool = mempool_create_kmalloc_pool(MIN_IOS, cc->dmreq_start +
-			sizeof(struct dm_crypt_request) + cc->iv_size);
+			sizeof(struct dm_crypt_request) + iv_size_padding + cc->iv_size);
 	if (!cc->req_pool) {
 		ti->error = "Cannot allocate crypt request mempool";
 		goto bad;
-- 
1.9.1


  parent reply	other threads:[~2015-01-28  4:21 UTC|newest]

Thread overview: 286+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-28  4:07 [PATCH 3.4 000/177] 3.4.106-rc1 review lizf
2015-01-28  4:06 ` [PATCH 3.4 01/91] KVM: s390: Fix user triggerable bug in dead code lizf
2015-01-28  5:54   ` Zefan Li
2015-01-28  4:06 ` [PATCH 3.4 001/177] kvm: x86: fix stale mmio cache bug lizf
2015-01-28  4:06 ` [PATCH 3.4 002/177] UBIFS: remove mst_mutex lizf
2015-01-28  4:06 ` [PATCH 3.4 02/91] regmap: Fix handling of volatile registers for format_write() chips lizf
2015-01-28  4:06 ` [PATCH 3.4 003/177] UBIFS: fix a race condition lizf
2015-01-28  4:06 ` [PATCH 3.4 03/91] drm/i915: Remove bogus __init annotation from DMI callbacks lizf
2015-01-28  4:06 ` [PATCH 3.4 004/177] UBIFS: fix free log space calculation lizf
2015-01-28  4:06 ` [PATCH 3.4 04/91] get rid of propagate_umount() mistakenly treating slaves as busy lizf
2015-01-28  4:06 ` [PATCH 3.4 005/177] Bluetooth: Fix issue with USB suspend in btusb driver lizf
2015-01-28  4:06 ` [PATCH 3.4 05/91] drm/vmwgfx: Fix a potential infinite spin waiting for fifo idle lizf
2015-01-28  4:06 ` [PATCH 3.4 06/91] ALSA: hda - Fix COEF setups for ALC1150 codec lizf
2015-01-28  4:06 ` [PATCH 3.4 006/177] KVM: s390: unintended fallthrough for external call lizf
2015-01-28  4:06 ` [PATCH 3.4 07/91] ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock lizf
2015-01-28  9:46   ` Jiri Kosina
2015-01-28  9:46     ` Jiri Kosina
2015-01-28  4:06 ` [PATCH 3.4 007/177] PCI: pciehp: Prevent NULL dereference during probe lizf
2015-01-28  4:06 ` [PATCH 3.4 008/177] PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size lizf
2015-01-28  4:06 ` [PATCH 3.4 08/91] regulatory: add NUL to alpha2 lizf
2015-01-28  4:06 ` [PATCH 3.4 009/177] Bluetooth: Fix setting correct security level when initiating SMP lizf
2015-01-28  4:06 ` [PATCH 3.4 09/91] percpu: fix pcpu_alloc_pages() failure path lizf
2015-01-28  4:06 ` [PATCH 3.4 010/177] Revert "percpu: free percpu allocation info for uniprocessor system" lizf
2015-01-28  4:06 ` [PATCH 3.4 10/91] percpu: perform tlb flush after pcpu_map_pages() failure lizf
2015-01-28  4:06 ` [PATCH 3.4 011/177] USB: serial: cp210x: added Ketra N1 wireless interface support lizf
2015-01-28  4:06 ` [PATCH 3.4 11/91] percpu: free percpu allocation info for uniprocessor system lizf
2015-01-28  4:06 ` [PATCH 3.4 012/177] USB: cp210x: add support for Seluxit USB dongle lizf
2015-01-28  4:06 ` [PATCH 3.4 12/91] cgroup: reject cgroup names with ' ' lizf
2015-01-28  4:06 ` [PATCH 3.4 013/177] PCI: Generate uppercase hex for modalias interface class lizf
2015-01-28  4:06 ` [PATCH 3.4 13/91] rtlwifi: rtl8192cu: Add new ID lizf
2015-01-28  4:06 ` [PATCH 3.4 014/177] USB: Add device quirk for ASUS T100 Base Station keyboard lizf
2015-01-28  4:06 ` [PATCH 3.4 14/91] ahci: Add Device IDs for Intel 9 Series PCH lizf
2015-01-28  4:06 ` [PATCH 3.4 15/91] ata_piix: " lizf
2015-01-28  4:06 ` [PATCH 3.4 015/177] firmware_class: make sure fw requests contain a name lizf
2015-01-28  4:06 ` [PATCH 3.4 016/177] Drivers: hv: vmbus: Cleanup vmbus_post_msg() lizf
2015-01-28  4:06 ` [PATCH 3.4 16/91] USB: ftdi_sio: add support for NOVITUS Bono E thermal printer lizf
2015-01-28  4:06 ` [PATCH 3.4 017/177] Drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl() lizf
2015-01-28  4:06 ` [PATCH 3.4 17/91] USB: sierra: avoid CDC class functions on "68A3" devices lizf
2015-01-28  4:06 ` [PATCH 3.4 018/177] Drivers: hv: vmbus: Cleanup vmbus_establish_gpadl() lizf
2015-01-28  4:06 ` [PATCH 3.4 18/91] USB: sierra: add 1199:68AA device ID lizf
2015-01-28  4:06 ` [PATCH 3.4 019/177] Drivers: hv: vmbus: Fix a bug in vmbus_open() lizf
2015-01-28  4:06 ` [PATCH 3.4 19/91] xen/manage: Always freeze/thaw processes when suspend/resuming lizf
2015-01-28  4:06 ` [PATCH 3.4 020/177] Drivers: hv: vmbus: Cleanup vmbus_close_internal() lizf
2015-01-28  4:06 ` [PATCH 3.4 20/91] block: Fix dev_t minor allocation lifetime lizf
2015-01-28  4:06 ` [PATCH 3.4 021/177] spi: dw-mid: respect 8 bit mode lizf
2015-01-28  4:06 ` [PATCH 3.4 21/91] usb: dwc3: core: fix order of PM runtime calls lizf
2015-01-28  4:06 ` [PATCH 3.4 22/91] ahci: add pcid for Marvel 0x9182 controller lizf
2015-01-28  4:06 ` [PATCH 3.4 022/177] spi: dw-mid: terminate ongoing transfers at exit lizf
2015-01-28  4:06 ` [PATCH 3.4 23/91] drm/radeon: add connector quirk for fujitsu board lizf
2015-01-28  4:06 ` [PATCH 3.4 023/177] kvm: don't take vcpu mutex for obviously invalid vcpu ioctls lizf
2015-01-28  4:06 ` [PATCH 3.4 24/91] usb: host: xhci: fix compliance mode workaround lizf
2015-01-28  4:06 ` [PATCH 3.4 024/177] x86/intel/quark: Switch off CR4.PGE so TLB flush uses CR3 instead lizf
2015-01-28  4:06 ` [PATCH 3.4 25/91] Input: elantech - fix detection of touchpad on ASUS s301l lizf
2015-01-28  4:06 ` [PATCH 3.4 025/177] lockd: Try to reconnect if statd has moved lizf
2015-01-28  4:06 ` [PATCH 3.4 26/91] USB: ftdi_sio: Add support for GE Healthcare Nemo Tracker device lizf
2015-01-28  4:06 ` [PATCH 3.4 026/177] power: charger-manager: Fix NULL pointer exception with missing cm-fuel-gauge lizf
2015-01-28  4:07 ` [PATCH 3.4 027/177] rt2800: correct BBP1_TX_POWER_CTRL mask lizf
2015-01-28  4:07 ` [PATCH 3.4 27/91] uwb: init beacon cache entry before registering uwb device lizf
2015-01-28  4:07 ` [PATCH 3.4 028/177] Documentation: lzo: document part of the encoding lizf
2015-01-28  4:07 ` [PATCH 3.4 28/91] Input: synaptics - add support for ForcePads lizf
2015-01-28  4:07 ` [PATCH 3.4 029/177] Revert "lzo: properly check for overruns" lizf
2015-01-28  4:07 ` [PATCH 3.4 29/91] libceph: gracefully handle large reply messages from the mon lizf
2015-01-28  4:07 ` [PATCH 3.4 30/91] libceph: add process_one_ticket() helper lizf
2015-01-28  4:07 ` [PATCH 3.4 030/177] lzo: check for length overrun in variable length encoding lizf
2015-01-28  4:07 ` [PATCH 3.4 31/91] libceph: do not hard code max auth ticket len lizf
2015-01-28  4:07 ` [PATCH 3.4 031/177] regmap: debugfs: fix possbile NULL pointer dereference lizf
2015-01-28  4:07 ` [PATCH 3.4 32/91] Input: serport - add compat handling for SPIOCSTYPE ioctl lizf
2015-01-28  4:07 ` [PATCH 3.4 032/177] regmap: fix possible ZERO_SIZE_PTR pointer dereferencing error lizf
2015-01-28  4:07 ` [PATCH 3.4 033/177] libata-sff: Fix controllers with no ctl port lizf
2015-01-28  4:07 ` [PATCH 3.4 33/91] usb: hub: take hub->hdev reference when processing from eventlist lizf
2015-01-28  4:07 ` [PATCH 3.4 034/177] NFSv4: fix open/lock state recovery error handling lizf
2015-01-28  4:07 ` [PATCH 3.4 34/91] storage: Add single-LUN quirk for Jaz USB Adapter lizf
2015-01-28  4:07 ` [PATCH 3.4 035/177] serial: 8250: Add Quark X1000 to 8250_pci.c lizf
2015-01-28  4:07 ` [PATCH 3.4 35/91] xhci: Fix null pointer dereference if xhci initialization fails lizf
2015-01-28  4:07 ` [PATCH 3.4 036/177] framebuffer: fix border color lizf
2015-01-28  4:07 ` [PATCH 3.4 36/91] futex: Unlock hb->lock in futex_wait_requeue_pi() error path lizf
2015-01-28  4:07 ` [PATCH 3.4 37/91] alarmtimer: Return relative times in timer_gettime lizf
2015-01-28  4:07 ` [PATCH 3.4 037/177] mpc85xx_edac: Make L2 interrupt shared too lizf
2015-01-28  4:07 ` [PATCH 3.4 038/177] NFSv4.1: Fix an NFSv4.1 state renewal regression lizf
2015-01-28  4:07 ` [PATCH 3.4 38/91] alarmtimer: Do not signal SIGEV_NONE timers lizf
2015-01-28  4:07 ` [PATCH 3.4 39/91] alarmtimer: Lock k_itimer during timer callback lizf
2015-01-28  4:07 ` [PATCH 3.4 039/177] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write() lizf
2015-01-28  4:07 ` [PATCH 3.4 040/177] dm bufio: update last_accessed when relinking a buffer lizf
2015-01-28  4:07 ` [PATCH 3.4 40/91] don't bugger nd->seq on set_root_rcu() from follow_dotdot_rcu() lizf
2015-01-28  4:07 ` [PATCH 3.4 041/177] dm log userspace: fix memory leak in dm_ulog_tfr_init failure path lizf
2015-01-28  4:07 ` [PATCH 3.4 41/91] jiffies: Fix timeval conversion to jiffies lizf
2015-01-28  4:07 ` [PATCH 3.4 42/91] MIPS: ZBOOT: add missing <linux/string.h> include lizf
2015-01-28  4:07 ` [PATCH 3.4 042/177] ecryptfs: avoid to access NULL pointer when write metadata in xattr lizf
2015-01-28  4:07 ` [PATCH 3.4 043/177] pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE Controller lizf
2015-01-28  4:07 ` [PATCH 3.4 43/91] perf: Fix a race condition in perf_remove_from_context() lizf
2015-01-28  4:07 ` [PATCH 3.4 44/91] ASoC: samsung-i2s: Check secondary DAI exists before referencing lizf
2015-01-28  4:07 ` [PATCH 3.4 044/177] x86: Reject x32 executables if x32 ABI not supported lizf
2015-01-28  4:07 ` [PATCH 3.4 45/91] Input: i8042 - add Fujitsu U574 to no_timeout dmi table lizf
2015-01-28  4:07 ` [PATCH 3.4 045/177] fs: Fix theoretical division by 0 in super_cache_scan() lizf
2015-01-28  4:07 ` [PATCH 3.4 46/91] Input: i8042 - add nomux quirk for Avatar AVIU-145A6 lizf
2015-01-28  4:07 ` [PATCH 3.4 046/177] fs: make cont_expand_zero interruptible lizf
2015-01-28  4:07 ` [PATCH 3.4 047/177] fix misuses of f_count() in ppp and netlink lizf
2015-01-28  4:07 ` [PATCH 3.4 47/91] iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid lizf
2015-01-28  4:07 ` [PATCH 3.4 048/177] block: fix alignment_offset math that assumes io_min is a power-of-2 lizf
2015-01-28  4:07 ` [PATCH 3.4 48/91] iscsi-target: avoid NULL pointer in iscsi_copy_param_list failure lizf
2015-01-28  4:07 ` [PATCH 3.4 49/91] NFSv4: Fix another bug in the close/open_downgrade code lizf
2015-01-28  4:07 ` [PATCH 3.4 049/177] fanotify: enable close-on-exec on events' fd when requested in fanotify_init() lizf
2015-01-28  4:07 ` [PATCH 3.4 050/177] Input: synaptics - gate forcepad support by DMI check lizf
2015-01-28  4:07 ` [PATCH 3.4 50/91] libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu lizf
2015-01-28  4:07 ` [PATCH 3.4 051/177] Input: i8042 - add noloop quirk for Asus X750LN lizf
2015-01-28  4:07 ` [PATCH 3.4 51/91] USB: storage: Add quirk for Adaptec USBConnect 2000 USB-to-SCSI Adapter lizf
2015-01-28  4:07 ` [PATCH 3.4 52/91] USB: storage: Add quirk for Ariston Technologies iConnect USB to SCSI adapter lizf
2015-01-28  4:07 ` [PATCH 3.4 052/177] kernel: add support for gcc 5 lizf
2015-01-28  4:07 ` [PATCH 3.4 053/177] ALSA: emu10k1: Fix deadlock in synth voice lookup lizf
2015-01-28  4:07 ` [PATCH 3.4 53/91] USB: storage: Add quirks for Entrega/Xircom USB to SCSI converters lizf
2015-01-28  4:07 ` [PATCH 3.4 54/91] can: flexcan: mark TX mailbox as TX_INACTIVE lizf
2015-01-28  4:07 ` [PATCH 3.4 054/177] mnt: Prevent pivot_root from creating a loop in the mount tree lizf
2015-01-28  4:07 ` [PATCH 3.4 55/91] can: flexcan: correctly initialize mailboxes lizf
2015-01-28  4:07 ` [PATCH 3.4 055/177] virtio_pci: fix virtio spec compliance on restore lizf
2015-01-28  4:07 ` [PATCH 3.4 56/91] can: flexcan: implement workaround for errata ERR005829 lizf
2015-01-28  4:07 ` [PATCH 3.4 056/177] selinux: fix inode security list corruption lizf
2015-01-28  4:08 ` [PATCH 3.4 57/91] can: flexcan: put TX mailbox into TX_INACTIVE mode after tx-complete lizf
2015-01-28  4:08 ` [PATCH 3.4 057/177] futex: Ensure get_futex_key_refs() always implies a barrier lizf
2015-01-28  4:08 ` [PATCH 3.4 58/91] can: at91_can: add missing prepare and unprepare of the clock lizf
2015-01-28  4:08 ` [PATCH 3.4 058/177] x86,kvm,vmx: Preserve CR4 across VM entry lizf
2015-01-28  4:08 ` [PATCH 3.4 59/91] ALSA: pcm: fix fifo_size frame calculation lizf
2015-01-28  4:08 ` [PATCH 3.4 059/177] ext4: check EA value offset when loading lizf
2015-01-28  4:08 ` [PATCH 3.4 60/91] Fix nasty 32-bit overflow bug in buffer i/o code lizf
2015-01-28  4:08 ` [PATCH 3.4 060/177] ext4: don't check quota format when there are no quota files lizf
2015-01-28  4:08 ` [PATCH 3.4 61/91] parisc: Only use -mfast-indirect-calls option for 32-bit kernel builds lizf
2015-01-28  4:08 ` [PATCH 3.4 061/177] target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE lizf
2015-01-28  4:08 ` [PATCH 3.4 62/91] sched: Fix unreleased llc_shared_mask bit during CPU hotplug lizf
2015-01-28  4:08 ` [PATCH 3.4 062/177] vfs: fix data corruption when blocksize < pagesize for mmaped data lizf
2015-01-28  4:08 ` [PATCH 3.4 063/177] ext4: don't orphan or truncate the boot loader inode lizf
2015-01-28  4:08 ` [PATCH 3.4 63/91] sched: add macros to define bitops for task atomic flags lizf
2015-01-28  4:08 ` [PATCH 3.4 64/91] cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be " lizf
2015-01-28  4:08 ` [PATCH 3.4 064/177] ext4: add ext4_iget_normal() which is to be used for dir tree lookups lizf
2015-01-28  4:08 ` [PATCH 3.4 65/91] MIPS: mcount: Adjust stack pointer for static trace in MIPS32 lizf
2015-01-28  4:08 ` [PATCH 3.4 065/177] ext4: fix reservation overflow in ext4_da_write_begin lizf
2015-01-28  4:08 ` [PATCH 3.4 066/177] crypto: more robust crypto_memneq lizf
2015-01-28  4:08 ` [PATCH 3.4 66/91] nilfs2: fix data loss with mmap() lizf
2015-01-28  4:08 ` [PATCH 3.4 67/91] ocfs2/dlm: do not get resource spinlock if lockres is new lizf
2015-01-28  4:08 ` [PATCH 3.4 067/177] random: add and use memzero_explicit() for clearing data lizf
2015-01-28  4:08 ` [PATCH 3.4 068/177] ALSA: pcm: use the same dma mmap codepath both for arm and arm64 lizf
2015-01-28  4:08 ` [PATCH 3.4 68/91] shmem: fix nlink for rename overwrite directory lizf
2015-01-28  4:08 ` [PATCH 3.4 069/177] ALSA: usb-audio: Add support for Steinberg UR22 USB interface lizf
2015-01-28  4:08 ` [PATCH 3.4 69/91] ARM: 8165/1: alignment: don't break misaligned NEON load/store lizf
2015-01-28  4:08 ` [PATCH 3.4 70/91] ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error lizf
2015-01-28  4:08 ` [PATCH 3.4 070/177] freezer: Do not freeze tasks killed by OOM killer lizf
2015-01-28  4:08 ` [PATCH 3.4 071/177] kernel/fork.c:copy_process(): unify CLONE_THREAD-or-thread_group_leader code lizf
2015-01-28  4:08 ` [PATCH 3.4 71/91] mm: migrate: Close race between migration completion and mprotect lizf
2015-01-28  4:08 ` [PATCH 3.4 072/177] introduce for_each_thread() to replace the buggy while_each_thread() lizf
2015-01-28  4:08 ` [PATCH 3.4 72/91] perf: fix perf bug in fork() lizf
2015-01-28  4:08 ` [PATCH 3.4 073/177] OOM, PM: OOM killed task shouldn't escape PM suspend lizf
2015-01-28  4:08 ` [PATCH 3.4 73/91] init/Kconfig: Hide printk log config if CONFIG_PRINTK=n lizf
2015-01-28  4:08 ` [PATCH 3.4 074/177] MIPS: tlbex: Fix a missing statement for HUGETLB lizf
2015-01-28  4:08 ` [PATCH 3.4 74/91] genhd: fix leftover might_sleep() in blk_free_devt() lizf
2015-01-28  4:08 ` [PATCH 3.4 075/177] MIPS: tlbex: Properly fix HUGE TLB Refill exception handler lizf
2015-01-28  4:08 ` [PATCH 3.4 75/91] nl80211: clear skb cb before passing to netlink lizf
2015-01-28  4:08 ` [PATCH 3.4 076/177] cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers lizf
2015-01-28  4:08 ` [PATCH 3.4 76/91] ext4: propagate errors up to ext4_find_entry()'s callers lizf
2015-01-28  4:08 ` [PATCH 3.4 077/177] KVM: x86: Check non-canonical addresses upon WRMSR lizf
2015-01-28  4:08 ` [PATCH 3.4 77/91] ext4: avoid trying to kfree an ERR_PTR pointer lizf
2015-01-28  4:08 ` [PATCH 3.4 078/177] KVM: x86: Prevent host from panicking on shared MSR writes lizf
2015-01-28  4:08 ` [PATCH 3.4 78/91] NFS: fix stable regression lizf
2015-01-28  4:08 ` [PATCH 3.4 079/177] KVM: x86: Improve thread safety in pit lizf
2015-01-28  4:08 ` [PATCH 3.4 79/91] perf: Handle compat ioctl lizf
2015-01-28  4:08 ` [PATCH 3.4 080/177] KVM: x86: Fix wrong masking on relative jump/call lizf
2015-01-28  4:08 ` [PATCH 3.4 80/91] bluetooth: hci_ldisc: fix deadlock condition lizf
2015-01-28  4:08 ` [PATCH 3.4 081/177] KVM: x86: Emulator fixes for eip canonical checks on near branches lizf
2015-01-28  8:49   ` Nadav Amit
2015-01-28 11:48     ` Zefan Li
2015-01-28  4:08 ` [PATCH 3.4 81/91] mnt: Only change user settable mount flags in remount lizf
2015-01-28  4:08 ` [PATCH 3.4 082/177] KVM: x86: use new CS.RPL as CPL during task switch lizf
2015-01-28  4:08 ` lizf [this message]
2015-01-28  4:08 ` [PATCH 3.4 83/91] Fix spurious request sense in error handling lizf
2015-01-28  4:08 ` [PATCH 3.4 083/177] KVM: x86: Handle errors when RIP is set during far jumps lizf
2015-01-28  4:08 ` [PATCH 3.4 84/91] ipv4: move route garbage collector to work queue lizf
2015-01-28  4:08 ` [PATCH 3.4 084/177] nEPT: Nested INVEPT lizf
2015-01-28  4:08 ` [PATCH 3.4 85/91] ipv4: avoid parallel route cache gc executions lizf
2015-01-28  4:08 ` [PATCH 3.4 085/177] kvm: vmx: handle invvpid vm exit gracefully lizf
2015-01-28  4:08 ` [PATCH 3.4 86/91] ipv4: disable bh while doing route gc lizf
2015-01-28  4:08 ` [PATCH 3.4 086/177] kvm: x86: don't kill guest on unknown exit reason lizf
2015-01-28  4:09 ` [PATCH 3.4 087/177] kvm: fix excessive pages un-pinning in kvm_iommu_map error path lizf
2015-01-28  4:09 ` [PATCH 3.4 87/91] rtl8192ce: Fix null dereference in watchdog lizf
2015-01-28  4:09 ` [PATCH 3.4 88/91] ipv6: reuse ip6_frag_id from ip6_ufo_append_data lizf
2015-01-28  4:09 ` [PATCH 3.4 088/177] staging:iio:impedance-analyzer:ad5933 unwind use of IIO_CHAN macro lizf
2015-01-28  4:09 ` [PATCH 3.4 89/91] net: Do not enable tx-nocache-copy by default lizf
2015-01-28  4:09 ` [PATCH 3.4 089/177] staging:iio:ad5933: Drop "raw" from channel names lizf
2015-01-28  4:09 ` [PATCH 3.4 90/91] ixgbevf: Prevent RX/TX statistics getting reset to zero lizf
2015-01-28  4:09 ` [PATCH 3.4 090/177] spi: pl022: Fix incorrect dma_unmap_sg lizf
2015-01-28  4:09 ` [PATCH 3.4 91/91] l2tp: fix race while getting PMTU on PPP pseudo-wire lizf
2015-01-28  4:09 ` [PATCH 3.4 091/177] usb: dwc3: gadget: fix set_halt() bug with pending transfers lizf
2015-01-28  4:09 ` [PATCH 3.4 092/177] ext3: Don't check quota format when there are no quota files lizf
2015-01-28  4:09 ` [PATCH 3.4 093/177] USB: serial: cp210x: add Silicon Labs 358x VID and PID lizf
2015-01-28  4:09 ` [PATCH 3.4 094/177] USB: serial: ftdi_sio: Annotate the current Xsens PID assignments lizf
2015-01-28  4:09 ` [PATCH 3.4 095/177] USB: serial: ftdi_sio: Add support for new Xsens devices lizf
2015-01-28  4:09 ` [PATCH 3.4 096/177] usb: serial: ftdi_sio: add Awinda Station and Dongle products lizf
2015-01-28  4:09 ` [PATCH 3.4 097/177] usb: option: add support for Telit LE910 lizf
2015-01-28  4:09 ` [PATCH 3.4 098/177] USB: option: add Haier CE81B CDMA modem lizf
2015-01-28  4:09 ` [PATCH 3.4 099/177] x86, apic: Handle a bad TSC more gracefully lizf
2015-01-28  4:09 ` [PATCH 3.4 100/177] scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND lizf
2015-01-28  4:09 ` [PATCH 3.4 101/177] usb: serial: ftdi_sio: add "bricked" FTDI device PID lizf
2015-01-28  4:09 ` [PATCH 3.4 102/177] nfsd4: fix crash on unknown operation number lizf
2015-01-28  4:09 ` [PATCH 3.4 103/177] usb: dwc3: gadget: Properly initialize LINK TRB lizf
2015-01-28  4:09 ` [PATCH 3.4 104/177] Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544 lizf
2015-01-28  4:09 ` [PATCH 3.4 105/177] posix-timers: Fix stack info leak in timer_create() lizf
2015-01-28  4:09 ` [PATCH 3.4 106/177] futex: Fix a race condition between REQUEUE_PI and task death lizf
2015-01-28  4:09 ` [PATCH 3.4 107/177] PM / Sleep: fix recovery during resuming from hibernation lizf
2015-01-28  4:09 ` [PATCH 3.4 108/177] ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode lizf
2015-01-28  4:09 ` [PATCH 3.4 109/177] evm: check xattr value length and type in evm_inode_setxattr() lizf
2015-01-28  4:09 ` [PATCH 3.4 110/177] drm/radeon: remove invalid pci id lizf
2015-01-28  4:09 ` [PATCH 3.4 111/177] zap_pte_range: update addr when forcing flush after TLB batching faiure lizf
2015-01-28  4:09 ` [PATCH 3.4 112/177] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations lizf
2015-01-28  4:09 ` [PATCH 3.4 113/177] mm, thp: fix collapsing of hugepages on madvise lizf
2015-01-28  4:09 ` [PATCH 3.4 114/177] lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}() lizf
2015-01-28  4:09 ` [PATCH 3.4 115/177] ext4: fix overflow when updating superblock backups after resize lizf
2015-01-28  4:09 ` [PATCH 3.4 116/177] ext4: fix oops when loading block bitmap failed lizf
2015-01-28  4:09 ` [PATCH 3.4 117/177] wireless: rt2x00: add new rt2800usb device lizf
2015-01-28  4:09 ` [PATCH 3.4 118/177] drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size lizf
2015-01-28  4:09 ` [PATCH 3.4 119/177] tracing/syscalls: Fix perf syscall tracing when syscall_nr == -1 lizf
2015-01-28  4:09 ` [PATCH 3.4 120/177] tracing/syscalls: Ignore numbers outside NR_syscalls' range lizf
2015-01-28  4:09 ` [PATCH 3.4 121/177] ext4: bail out from make_indexed_dir() on first error lizf
2015-01-28  4:09 ` [PATCH 3.4 122/177] samsung-laptop: Add broken-acpi-video quirk for NC210/NC110 lizf
2015-01-28  4:09 ` [PATCH 3.4 123/177] acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80 lizf
2015-01-28  4:09 ` [PATCH 3.4 124/177] powerpc: do_notify_resume can be called with bad thread_info flags argument lizf
2015-01-28  4:09 ` [PATCH 3.4 125/177] USB: kobil_sct: fix non-atomic allocation in write path lizf
2015-01-28  4:09 ` [PATCH 3.4 126/177] USB: opticon: " lizf
2015-01-28  4:09 ` [PATCH 3.4 127/177] USB: cdc-acm: add device id for GW Instek AFG-2225 lizf
2015-01-28  4:09 ` [PATCH 3.4 128/177] usb: Do not allow usb_alloc_streams on unconfigured devices lizf
2015-01-28  4:09 ` [PATCH 3.4 129/177] usb-storage: handle a skipped data phase lizf
2015-01-28  4:09 ` [PATCH 3.4 130/177] USB: core: add device-qualifier quirk lizf
2015-01-28  4:09 ` [PATCH 3.4 131/177] USB: quirks: enable device-qualifier quirk for another Elan touchscreen lizf
2015-01-28  4:09 ` [PATCH 3.4 132/177] USB: quirks: enable device-qualifier quirk for yet " lizf
2015-01-28  4:09 ` [PATCH 3.4 133/177] xhci: no switching back on non-ULT Haswell lizf
2015-01-28  4:09 ` [PATCH 3.4 134/177] of: Fix overflow bug in string property parsing functions lizf
2015-01-28  4:09 ` [PATCH 3.4 135/177] Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup lizf
2015-01-28  4:09 ` [PATCH 3.4 136/177] ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect lizf
2015-01-28  4:09 ` [PATCH 3.4 137/177] staging:iio:ade7758: Fix check if channels are enabled in prenable lizf
2015-01-28  4:09 ` [PATCH 3.4 138/177] USB: cdc-acm: only raise DTR on transitions from B0 lizf
2015-01-28  4:09 ` [PATCH 3.4 139/177] serial: Fix divide-by-zero fault in uart_get_divisor() lizf
2015-01-28  4:09 ` [PATCH 3.4 140/177] tty: Fix high cpu load if tty is unreleaseable lizf
2015-01-28  4:09 ` [PATCH 3.4 141/177] tty: Prevent "read/write wait queue active!" log flooding lizf
2015-01-28  4:10 ` [PATCH 3.4 142/177] tty/vt: don't set font mappings on vc not supporting this lizf
2015-01-28  4:10 ` [PATCH 3.4 143/177] sysfs: driver core: Fix glue dir race condition by gdp_mutex lizf
2015-01-28  4:10 ` [PATCH 3.4 144/177] dm bufio: change __GFP_IO to __GFP_FS in shrinker callbacks lizf
2015-01-28  4:10 ` [PATCH 3.4 145/177] xtensa: re-wire umount syscall to sys_oldumount lizf
2015-01-28  4:10 ` [PATCH 3.4 146/177] dm raid: ensure superblock's size matches device's logical block size lizf
2015-01-28  4:10 ` [PATCH 3.4 147/177] ahci: Add Device IDs for Intel Sunrise Point PCH lizf
2015-01-28  4:10 ` [PATCH 3.4 148/177] mac80211: properly flush delayed scan work on interface removal lizf
2015-01-28  4:10 ` [PATCH 3.4 149/177] block: Fix computation of merged request priority lizf
2015-01-28  4:10 ` [PATCH 3.4 150/177] mac80211: fix use-after-free in defragmentation lizf
2015-01-28  4:10 ` [PATCH 3.4 151/177] macvtap: Fix csum_start when VLAN tags are present lizf
2015-01-28  4:10 ` [PATCH 3.4 152/177] KVM: x86: Fix uninitialized op->type for some immediate values lizf
2015-01-28  8:47   ` Nadav Amit
2015-01-28 11:48     ` Zefan Li
2015-01-28  4:10 ` [PATCH 3.4 153/177] drm/radeon: add missing crtc unlock when setting up the MC lizf
2015-01-28  4:10 ` [PATCH 3.4 154/177] Input: alps - ignore potential bare packets when device is out of sync lizf
2015-01-28  4:10 ` [PATCH 3.4 155/177] Input: alps - allow up to 2 invalid packets without resetting device lizf
2015-01-28  4:10 ` [PATCH 3.4 156/177] scsi: only re-lock door after EH on devices that were reset lizf
2015-01-28  4:10 ` [PATCH 3.4 157/177] audit: keep inode pinned lizf
2015-01-28  4:10 ` [PATCH 3.4 158/177] nfs: Fix use of uninitialized variable in nfs_getattr() lizf
2015-01-28  4:10 ` [PATCH 3.4 159/177] NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired lizf
2015-01-28  4:10 ` [PATCH 3.4 160/177] libceph: do not crash on large auth tickets lizf
2015-01-28  4:10 ` [PATCH 3.4 161/177] srp-target: Retry when QP creation fails with ENOMEM lizf
2015-01-28  4:10 ` [PATCH 3.4 162/177] ASoC: fsi: remove unsupported PAUSE flag lizf
2015-01-28  4:10 ` [PATCH 3.4 163/177] rt2x00: do not align payload on modern H/W lizf
2015-01-28  4:10 ` [PATCH 3.4 164/177] ASoC: sgtl5000: Fix SMALL_POP bit definition lizf
2015-01-28  4:10 ` [PATCH 3.4 165/177] x86: Require exact match for 'noxsave' command line option lizf
2015-01-28  4:10 ` [PATCH 3.4 166/177] can: dev: avoid calling kfree_skb() from interrupt context lizf
2015-01-28  4:10 ` [PATCH 3.4 167/177] can: esd_usb2: fix memory leak on disconnect lizf
2015-01-28  4:10 ` [PATCH 3.4 168/177] of/base: Fix PowerPC address parsing hack lizf
2015-01-28  4:10 ` [PATCH 3.4 169/177] MIPS: oprofile: Fix backtrace on 64-bit kernel lizf
2015-01-28  4:10 ` [PATCH 3.4 170/177] x86_64, traps: Stop using IST for #SS lizf
2015-01-28  4:10 ` [PATCH 3.4 171/177] x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C lizf
2015-01-28  4:10 ` [PATCH 3.4 172/177] x86_64, traps: Rework bad_iret lizf
2015-01-28  4:10 ` [PATCH 3.4 173/177] x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs lizf
2015-01-28  4:10 ` [PATCH 3.4 174/177] firewire: cdev: prevent kernel stack leaking into ioctl arguments lizf
2015-01-28  4:10 ` [PATCH 3.4 175/177] mm: Remove false WARN_ON from pagecache_isize_extended() lizf
2015-01-28  4:10 ` [PATCH 3.4 176/177] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit lizf
2015-01-28  4:10 ` [PATCH 3.4 177/177] x86/tls: Validate TLS entries to protect espfix lizf
2015-01-28  6:51   ` Willy Tarreau
2015-01-28  7:11     ` Zefan Li
2015-01-28  4:10 ` USB: serial: ftdi_sio: Add support for new Xsens devices lizf
2015-01-28  4:21 ` [PATCH 3.4 000/177] 3.4.106-rc1 review Zefan Li
2015-01-28 14:12 ` Guenter Roeck
2015-01-30  7:43   ` Zefan Li
2015-01-28 16:30 ` Ben Hutchings
2015-02-04  9:08   ` Zefan Li
2015-02-04  9:08   ` Zefan Li
  -- strict thread matches above, loose matches on Subject: below --
2014-11-27  8:36 [PATCH 3.4 00/91] 3.4.105-rc1 review lizf
2014-11-27  8:43 ` [PATCH 3.4 82/91] dm crypt: fix access beyond the end of allocated space lizf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1422418236-12852-164-git-send-email-lizf@kernel.org \
    --to=lizf@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizefan@huawei.com \
    --cc=mpatocka@redhat.com \
    --cc=snitzer@redhat.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.