[PATCH 0/7] Second set of revertion of all of the umn.edu commits

[PATCH 0/7] Second set of revertion of all of the umn.edu commits

[Greg Kroah-Hartman]

Like the first set of 190 patches submitted here:
	https://lore.kernel.org/r/20210421130105.1226686-1-gregkh@linuxfoundation.org

I am working through all of the patches submitted by umn.edu email
addresses.  The remaining 79 set of patches that did not automatically
revert with git were looked at, and these are the remaining ones where a
revert was actually possible.  The other 72 commits did not need to be
listed at the moment as they fell into other categories (were already
fixed, applied to files not in the tree anymore, modified such that they
were no longer relevant, etc.)

The full report of all of this audit is currently being worked on by me
and other members of the LF Technical Advisarory Board, and will be
published when completed.

This remaining set of patches is to provide a public review of them, and
to determine if they are valid or not.  If the commit was valid, I'll
drop it from my list of reverts, if the commit was not correct, I'll
keep the revert and provide a "correct" fix for the issue as well.

The final set of "reverts of bad + correct patches" will be posted to
lkml and maintainers when all of this is completed.  Hopefully sometime
next week, but I'm not promising anything :)

Maintainers, if you could take a look at these and see if the original
was a valid commit or not, that would be most appreciated.  I'll be also
doing a review of them as well.

Thanks all for your help with this unexpected extra work...

greg k-h

Greg Kroah-Hartman (7):
  Revert "rocker: fix incorrect error handling in dma_rings_init"
  Revert "rtc: mc13xxx: fix a double-unlock issue"
  Revert "orinoco: avoid assertion in case of NULL pointer"
  Revert "ethtool: fix a potential missing-check bug"
  Revert "regulator: tps65910: fix a missing check of return value"
  Revert "leds: lp5523: fix a missing check of return value of
    lp55xx_read"
  Revert "serial: max310x: pass return value of spi_register_driver"

 drivers/leds/leds-lp5523.c                          | 4 +---
 drivers/net/ethernet/rocker/rocker_main.c           | 4 ++--
 drivers/net/wireless/intersil/orinoco/orinoco_usb.c | 3 +--
 drivers/regulator/tps65910-regulator.c              | 4 +---
 drivers/rtc/rtc-mc13xxx.c                           | 4 +---
 drivers/tty/serial/max310x.c                        | 4 ++--
 net/ethtool/ioctl.c                                 | 5 -----
 7 files changed, 8 insertions(+), 20 deletions(-)

-- 
2.31.1

[PATCH 1/7] Revert "rocker: fix incorrect error handling in dma_rings_init"

[Greg Kroah-Hartman]

This reverts commit 58d0c864e1a759a15c9df78f50ea5a5c32b3989e.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Aditya Pakki <pakki001@umn.edu>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/rocker/rocker_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/rocker/rocker_main.c b/drivers/net/ethernet/rocker/rocker_main.c
index 3473d296b2e2..35ebeeb40639 100644
--- a/drivers/net/ethernet/rocker/rocker_main.c
+++ b/drivers/net/ethernet/rocker/rocker_main.c
@@ -650,10 +650,10 @@ static int rocker_dma_rings_init(struct rocker *rocker)
 err_dma_event_ring_bufs_alloc:
 	rocker_dma_ring_destroy(rocker, &rocker->event_ring);
 err_dma_event_ring_create:
-	rocker_dma_cmd_ring_waits_free(rocker);
-err_dma_cmd_ring_waits_alloc:
 	rocker_dma_ring_bufs_free(rocker, &rocker->cmd_ring,
 				  DMA_BIDIRECTIONAL);
+err_dma_cmd_ring_waits_alloc:
+	rocker_dma_cmd_ring_waits_free(rocker);
 err_dma_cmd_ring_bufs_alloc:
 	rocker_dma_ring_destroy(rocker, &rocker->cmd_ring);
 	return err;
-- 
2.31.1

[PATCH 2/7] Revert "rtc: mc13xxx: fix a double-unlock issue"

[Greg Kroah-Hartman]

This reverts commit 8816cd726a4fee197af2d851cbe25991ae19ea14.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Qiushi Wu <wu000273@umn.edu>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/rtc/rtc-mc13xxx.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/rtc/rtc-mc13xxx.c b/drivers/rtc/rtc-mc13xxx.c
index d4234e78497e..0921ca792847 100644
--- a/drivers/rtc/rtc-mc13xxx.c
+++ b/drivers/rtc/rtc-mc13xxx.c
@@ -308,10 +308,8 @@ static int __init mc13xxx_rtc_probe(struct platform_device *pdev)
 	mc13xxx_unlock(mc13xxx);
 
 	ret = devm_rtc_register_device(priv->rtc);
-	if (ret) {
-		mc13xxx_lock(mc13xxx);
+	if (ret)
 		goto err_irq_request;
-	}
 
 	return 0;
 
-- 
2.31.1

[PATCH 3/7] Revert "orinoco: avoid assertion in case of NULL pointer"

[Greg Kroah-Hartman]

This reverts commit c705f9fc6a1736dcf6ec01f8206707c108dca824.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Aditya Pakki <pakki001@umn.edu>
Cc: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireless/intersil/orinoco/orinoco_usb.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
index dd31929261ab..60e626eb913d 100644
--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
@@ -1392,8 +1392,7 @@ static int ezusb_init(struct hermes *hw)
 	struct ezusb_priv *upriv = hw->priv;
 	int retval;
 
-	if (!upriv)
-		return -EINVAL;
+	BUG_ON(!upriv);
 
 	upriv->reply_count = 0;
 	/* Write the MAGIC number on the simulated registers to keep
-- 
2.31.1

[PATCH 4/7] Revert "ethtool: fix a potential missing-check bug"

[Greg Kroah-Hartman]

This reverts commit d656fe49e33df48ee6bc19e871f5862f49895c9e.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Wenwen Wang <wang6495@umn.edu>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ethtool/ioctl.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
index 771688e1b0da..34688ebfd74e 100644
--- a/net/ethtool/ioctl.c
+++ b/net/ethtool/ioctl.c
@@ -869,11 +869,6 @@ static noinline_for_stack int ethtool_get_rxnfc(struct net_device *dev,
 		info_size = sizeof(info);
 		if (copy_from_user(&info, useraddr, info_size))
 			return -EFAULT;
-		/* Since malicious users may modify the original data,
-		 * we need to check whether FLOW_RSS is still requested.
-		 */
-		if (!(info.flow_type & FLOW_RSS))
-			return -EINVAL;
 	}
 
 	if (info.cmd != cmd)
-- 
2.31.1

[PATCH 5/7] Revert "regulator: tps65910: fix a missing check of return value"

[Greg Kroah-Hartman]

This reverts commit cd07e3701fa6a4c68f8493ee1d12caa18d46ec6a.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Kangjie Lu <kjlu@umn.edu>
Cc: Mark Brown <broonie@kernel.org>
---
 drivers/regulator/tps65910-regulator.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/regulator/tps65910-regulator.c b/drivers/regulator/tps65910-regulator.c
index 1d5b0a1b86f7..8ad1ecc1559f 100644
--- a/drivers/regulator/tps65910-regulator.c
+++ b/drivers/regulator/tps65910-regulator.c
@@ -1098,10 +1098,8 @@ static int tps65910_probe(struct platform_device *pdev)
 	platform_set_drvdata(pdev, pmic);
 
 	/* Give control of all register to control port */
-	err = regmap_set_bits(pmic->mfd->regmap, TPS65910_DEVCTRL,
+	regmap_set_bits(pmic->mfd->regmap, TPS65910_DEVCTRL,
 				DEVCTRL_SR_CTL_I2C_SEL_MASK);
-	if (err < 0)
-		return err;
 
 	switch (tps65910_chip_id(tps65910)) {
 	case TPS65910:
-- 
2.31.1

[PATCH 6/7] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"

[Greg Kroah-Hartman]

This reverts commit 248b57015f35c94d4eae2fdd8c6febf5cd703900.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Kangjie Lu <kjlu@umn.edu>
Cc: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/leds/leds-lp5523.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/leds/leds-lp5523.c b/drivers/leds/leds-lp5523.c
index fc433e63b1dc..5036d7d5f3d4 100644
--- a/drivers/leds/leds-lp5523.c
+++ b/drivers/leds/leds-lp5523.c
@@ -305,9 +305,7 @@ static int lp5523_init_program_engine(struct lp55xx_chip *chip)
 
 	/* Let the programs run for couple of ms and check the engine status */
 	usleep_range(3000, 6000);
-	ret = lp55xx_read(chip, LP5523_REG_STATUS, &status);
-	if (ret)
-		return ret;
+	lp55xx_read(chip, LP5523_REG_STATUS, &status);
 	status &= LP5523_ENG_STATUS_MASK;
 
 	if (status != LP5523_ENG_STATUS_MASK) {
-- 
2.31.1

[PATCH 7/7] Revert "serial: max310x: pass return value of spi_register_driver"

[Greg Kroah-Hartman]

This reverts commit 51f689cc11333944c7a457f25ec75fcb41e99410.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper submitted to the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota) but later
withdrawn.

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/tty/serial/max310x.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
index 8534d6e45a1d..a3ba0e6520a1 100644
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -1518,10 +1518,10 @@ static int __init max310x_uart_init(void)
 		return ret;
 
 #ifdef CONFIG_SPI_MASTER
-	ret = spi_register_driver(&max310x_spi_driver);
+	spi_register_driver(&max310x_spi_driver);
 #endif
 
-	return ret;
+	return 0;
 }
 module_init(max310x_uart_init);
 
-- 
2.31.1

Re: [PATCH 7/7] Revert "serial: max310x: pass return value of spi_register_driver"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:11PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit 51f689cc11333944c7a457f25ec75fcb41e99410.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Kangjie Lu <kjlu@umn.edu>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/tty/serial/max310x.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
> index 8534d6e45a1d..a3ba0e6520a1 100644
> --- a/drivers/tty/serial/max310x.c
> +++ b/drivers/tty/serial/max310x.c
> @@ -1518,10 +1518,10 @@ static int __init max310x_uart_init(void)
>  		return ret;
>  
>  #ifdef CONFIG_SPI_MASTER
> -	ret = spi_register_driver(&max310x_spi_driver);
> +	spi_register_driver(&max310x_spi_driver);
>  #endif
>  
> -	return ret;
> +	return 0;
>  }
>  module_init(max310x_uart_init);
>  
> -- 
> 2.31.1
> 

This is incorrect because if spi_register_driver fails, the uart needs
to be properly unregistered before the module is unloaded automatically,
causing a crash.

I'll keep the revert and fix this up properly.

thanks,

greg k-h

Re: [PATCH 6/7] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:10PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit 248b57015f35c94d4eae2fdd8c6febf5cd703900.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Kangjie Lu <kjlu@umn.edu>
> Cc: Jacek Anaszewski <jacek.anaszewski@gmail.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/leds/leds-lp5523.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/leds/leds-lp5523.c b/drivers/leds/leds-lp5523.c
> index fc433e63b1dc..5036d7d5f3d4 100644
> --- a/drivers/leds/leds-lp5523.c
> +++ b/drivers/leds/leds-lp5523.c
> @@ -305,9 +305,7 @@ static int lp5523_init_program_engine(struct lp55xx_chip *chip)
>  
>  	/* Let the programs run for couple of ms and check the engine status */
>  	usleep_range(3000, 6000);
> -	ret = lp55xx_read(chip, LP5523_REG_STATUS, &status);
> -	if (ret)
> -		return ret;
> +	lp55xx_read(chip, LP5523_REG_STATUS, &status);
>  	status &= LP5523_ENG_STATUS_MASK;
>  
>  	if (status != LP5523_ENG_STATUS_MASK) {
> -- 
> 2.31.1
> 

This looks incorrect to me as lp5523_run_engine() has been called and
not cleaned up from properly.

I'll keep the revert and fix this up correctly.

thanks,

greg k-h

Re: [PATCH 5/7] Revert "regulator: tps65910: fix a missing check of return value"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:09PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit cd07e3701fa6a4c68f8493ee1d12caa18d46ec6a.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Kangjie Lu <kjlu@umn.edu>
> Cc: Mark Brown <broonie@kernel.org>
> ---
>  drivers/regulator/tps65910-regulator.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/regulator/tps65910-regulator.c b/drivers/regulator/tps65910-regulator.c
> index 1d5b0a1b86f7..8ad1ecc1559f 100644
> --- a/drivers/regulator/tps65910-regulator.c
> +++ b/drivers/regulator/tps65910-regulator.c
> @@ -1098,10 +1098,8 @@ static int tps65910_probe(struct platform_device *pdev)
>  	platform_set_drvdata(pdev, pmic);
>  
>  	/* Give control of all register to control port */
> -	err = regmap_set_bits(pmic->mfd->regmap, TPS65910_DEVCTRL,
> +	regmap_set_bits(pmic->mfd->regmap, TPS65910_DEVCTRL,
>  				DEVCTRL_SR_CTL_I2C_SEL_MASK);
> -	if (err < 0)
> -		return err;
>  
>  	switch (tps65910_chip_id(tps65910)) {
>  	case TPS65910:
> -- 
> 2.31.1
> 

This looks correct to me, I'll drop the revert.

thanks,

greg k-h

Re: [PATCH 4/7] Revert "ethtool: fix a potential missing-check bug"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:08PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit d656fe49e33df48ee6bc19e871f5862f49895c9e.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Wenwen Wang <wang6495@umn.edu>
> Cc: David S. Miller <davem@davemloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  net/ethtool/ioctl.c | 5 -----
>  1 file changed, 5 deletions(-)
> 
> diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
> index 771688e1b0da..34688ebfd74e 100644
> --- a/net/ethtool/ioctl.c
> +++ b/net/ethtool/ioctl.c
> @@ -869,11 +869,6 @@ static noinline_for_stack int ethtool_get_rxnfc(struct net_device *dev,
>  		info_size = sizeof(info);
>  		if (copy_from_user(&info, useraddr, info_size))
>  			return -EFAULT;
> -		/* Since malicious users may modify the original data,
> -		 * we need to check whether FLOW_RSS is still requested.
> -		 */
> -		if (!(info.flow_type & FLOW_RSS))
> -			return -EINVAL;
>  	}
>  
>  	if (info.cmd != cmd)
> -- 
> 2.31.1
> 

This change looks correct, I'll drop the revert from my tree.

thanks,

greg k-h

Re: [PATCH 3/7] Revert "orinoco: avoid assertion in case of NULL pointer"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:07PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit c705f9fc6a1736dcf6ec01f8206707c108dca824.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Aditya Pakki <pakki001@umn.edu>
> Cc: Kalle Valo <kvalo@codeaurora.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/net/wireless/intersil/orinoco/orinoco_usb.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
> index dd31929261ab..60e626eb913d 100644
> --- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
> +++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
> @@ -1392,8 +1392,7 @@ static int ezusb_init(struct hermes *hw)
>  	struct ezusb_priv *upriv = hw->priv;
>  	int retval;
>  
> -	if (!upriv)
> -		return -EINVAL;
> +	BUG_ON(!upriv);
>  
>  	upriv->reply_count = 0;
>  	/* Write the MAGIC number on the simulated registers to keep
> -- 
> 2.31.1
> 

The original commit here looks correct, I'll drop this revert.

thanks,

greg k-h

Re: [PATCH 2/7] Revert "rtc: mc13xxx: fix a double-unlock issue"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:06PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit 8816cd726a4fee197af2d851cbe25991ae19ea14.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Qiushi Wu <wu000273@umn.edu>
> Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/rtc/rtc-mc13xxx.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/rtc/rtc-mc13xxx.c b/drivers/rtc/rtc-mc13xxx.c
> index d4234e78497e..0921ca792847 100644
> --- a/drivers/rtc/rtc-mc13xxx.c
> +++ b/drivers/rtc/rtc-mc13xxx.c
> @@ -308,10 +308,8 @@ static int __init mc13xxx_rtc_probe(struct platform_device *pdev)
>  	mc13xxx_unlock(mc13xxx);
>  
>  	ret = devm_rtc_register_device(priv->rtc);
> -	if (ret) {
> -		mc13xxx_lock(mc13xxx);
> +	if (ret)
>  		goto err_irq_request;
> -	}
>  
>  	return 0;
>  
> -- 
> 2.31.1
> 

The original change here looks correct to me, I'll drop this revert from
my tree.

thanks,

greg k-h

Re: [PATCH 1/7] Revert "rocker: fix incorrect error handling in dma_rings_init"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:08:05PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit 58d0c864e1a759a15c9df78f50ea5a5c32b3989e.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper submitted to the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota) but later
> withdrawn.
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Aditya Pakki <pakki001@umn.edu>
> Cc: David S. Miller <davem@davemloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/net/ethernet/rocker/rocker_main.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/rocker/rocker_main.c b/drivers/net/ethernet/rocker/rocker_main.c
> index 3473d296b2e2..35ebeeb40639 100644
> --- a/drivers/net/ethernet/rocker/rocker_main.c
> +++ b/drivers/net/ethernet/rocker/rocker_main.c
> @@ -650,10 +650,10 @@ static int rocker_dma_rings_init(struct rocker *rocker)
>  err_dma_event_ring_bufs_alloc:
>  	rocker_dma_ring_destroy(rocker, &rocker->event_ring);
>  err_dma_event_ring_create:
> -	rocker_dma_cmd_ring_waits_free(rocker);
> -err_dma_cmd_ring_waits_alloc:
>  	rocker_dma_ring_bufs_free(rocker, &rocker->cmd_ring,
>  				  DMA_BIDIRECTIONAL);
> +err_dma_cmd_ring_waits_alloc:
> +	rocker_dma_cmd_ring_waits_free(rocker);
>  err_dma_cmd_ring_bufs_alloc:
>  	rocker_dma_ring_destroy(rocker, &rocker->cmd_ring);
>  	return err;
> -- 
> 2.31.1
> 

The original commit here looks correct to me, so unless someone objects,
I'll drop this revert from my tree.

thanks,

greg k-h

Re: [PATCH 7/7] Revert "serial: max310x: pass return value of spi_register_driver"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:41:51PM +0200, Greg Kroah-Hartman wrote:
> On Thu, Apr 29, 2021 at 03:08:11PM +0200, Greg Kroah-Hartman wrote:
> > This reverts commit 51f689cc11333944c7a457f25ec75fcb41e99410.
> > 
> > Commits from @umn.edu addresses have been found to be submitted in "bad
> > faith" to try to test the kernel community's ability to review "known
> > malicious" changes.  The result of these submissions can be found in a
> > paper submitted to the 42nd IEEE Symposium on Security and Privacy
> > entitled, "Open Source Insecurity: Stealthily Introducing
> > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > of Minnesota) and Kangjie Lu (University of Minnesota) but later
> > withdrawn.
> > 
> > Because of this, all submissions from this group must be reverted from
> > the kernel tree and will need to be re-reviewed again to determine if
> > they actually are a valid fix.  Until that work is complete, remove this
> > change to ensure that no problems are being introduced into the
> > codebase.
> > 
> > Cc: Kangjie Lu <kjlu@umn.edu>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >  drivers/tty/serial/max310x.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
> > index 8534d6e45a1d..a3ba0e6520a1 100644
> > --- a/drivers/tty/serial/max310x.c
> > +++ b/drivers/tty/serial/max310x.c
> > @@ -1518,10 +1518,10 @@ static int __init max310x_uart_init(void)
> >  		return ret;
> >  
> >  #ifdef CONFIG_SPI_MASTER
> > -	ret = spi_register_driver(&max310x_spi_driver);
> > +	spi_register_driver(&max310x_spi_driver);
> >  #endif
> >  
> > -	return ret;
> > +	return 0;
> >  }
> >  module_init(max310x_uart_init);
> >  
> > -- 
> > 2.31.1
> > 
> 
> This is incorrect because if spi_register_driver fails, the uart needs
> to be properly unregistered before the module is unloaded automatically,
> causing a crash.
> 
> I'll keep the revert and fix this up properly.

Argh, I already reviewed this one, sigh...

greg k-h

Re: [PATCH 6/7] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"

[Greg Kroah-Hartman]

On Thu, Apr 29, 2021 at 03:44:52PM +0200, Greg Kroah-Hartman wrote:
> On Thu, Apr 29, 2021 at 03:08:10PM +0200, Greg Kroah-Hartman wrote:
> > This reverts commit 248b57015f35c94d4eae2fdd8c6febf5cd703900.
> > 
> > Commits from @umn.edu addresses have been found to be submitted in "bad
> > faith" to try to test the kernel community's ability to review "known
> > malicious" changes.  The result of these submissions can be found in a
> > paper submitted to the 42nd IEEE Symposium on Security and Privacy
> > entitled, "Open Source Insecurity: Stealthily Introducing
> > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > of Minnesota) and Kangjie Lu (University of Minnesota) but later
> > withdrawn.
> > 
> > Because of this, all submissions from this group must be reverted from
> > the kernel tree and will need to be re-reviewed again to determine if
> > they actually are a valid fix.  Until that work is complete, remove this
> > change to ensure that no problems are being introduced into the
> > codebase.
> > 
> > Cc: Kangjie Lu <kjlu@umn.edu>
> > Cc: Jacek Anaszewski <jacek.anaszewski@gmail.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >  drivers/leds/leds-lp5523.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> > diff --git a/drivers/leds/leds-lp5523.c b/drivers/leds/leds-lp5523.c
> > index fc433e63b1dc..5036d7d5f3d4 100644
> > --- a/drivers/leds/leds-lp5523.c
> > +++ b/drivers/leds/leds-lp5523.c
> > @@ -305,9 +305,7 @@ static int lp5523_init_program_engine(struct lp55xx_chip *chip)
> >  
> >  	/* Let the programs run for couple of ms and check the engine status */
> >  	usleep_range(3000, 6000);
> > -	ret = lp55xx_read(chip, LP5523_REG_STATUS, &status);
> > -	if (ret)
> > -		return ret;
> > +	lp55xx_read(chip, LP5523_REG_STATUS, &status);
> >  	status &= LP5523_ENG_STATUS_MASK;
> >  
> >  	if (status != LP5523_ENG_STATUS_MASK) {
> > -- 
> > 2.31.1
> > 
> 
> This looks incorrect to me as lp5523_run_engine() has been called and
> not cleaned up from properly.
> 
> I'll keep the revert and fix this up correctly.

I already reviewed this one too, sorry for the noise.

greg k-h

Re: [PATCH 0/7] Second set of revertion of all of the umn.edu commits

[Pavel Machek]

[-- Attachment #1: Type: text/plain, Size: 1343 bytes --]

Hi!

> Maintainers, if you could take a look at these and see if the original
> was a valid commit or not, that would be most appreciated.  I'll be also
> doing a review of them as well.

> Thanks all for your help with this unexpected extra work...

We can do the extra work, but.. [and I have few reviews for the
original series but I believed it is not worth the noise].

Could you remind us why we are doing this extra work?

You are angry at unm.edu for some strange reason. They sent _three_
known-bad patches, and those are listed here:
https://www-users.cs.umn.edu/~kjlu/papers/full-disclosure.pdf . They
made sure those did not enter any git. Yes, that is slightly
questionable and they apologized. _But those were not even sent from
umn.edu addresses_.

The rest of their work is good. Yes, I found one useless patch, and
there are proably few more, but there's no indication those are evil,
and their error rate is pretty much "normal".

More importantly, it is pretty clear Sasha is pushing patches into
-stable without review. I don't see why that's tolerated, and effort
there would be more useful.

Please cc me if you decide to do any autogenerated reverts in
mainline. Because I don't believe that's okay thing to do.

Best regards,
								Pavel
-- 
http://www.livejournal.com/~pavelmachek

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: [PATCH 1/7] Revert "rocker: fix incorrect error handling in dma_rings_init"

[Pavel Machek]

[-- Attachment #1: Type: text/plain, Size: 439 bytes --]

On Thu 2021-04-29 15:08:05, Greg Kroah-Hartman wrote:
> This reverts commit 58d0c864e1a759a15c9df78f50ea5a5c32b3989e.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review

This is a lie.

Known bad _patches_ were sent from @gmail.com addresses, and this is not
one of them.

									Pavel

-- 
http://www.livejournal.com/~pavelmachek

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]