From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Bhuvanesh Surachari <bhuvanesh_surachari@mentor.com>,
Eugeniu Rosca <erosca@de.adit-jv.com>,
Andrew Gabbasov <andrew_gabbasov@mentor.com>
Subject: [PATCH 4.14 207/315] usb: gadget: f_fs: Fix setting of device and driver data cross-references
Date: Mon, 19 Jul 2021 16:51:36 +0200 [thread overview]
Message-ID: <20210719144950.234580892@linuxfoundation.org> (raw)
In-Reply-To: <20210719144942.861561397@linuxfoundation.org>
From: Andrew Gabbasov <andrew_gabbasov@mentor.com>
commit ecfbd7b9054bddb12cea07fda41bb3a79a7b0149 upstream.
FunctionFS device structure 'struct ffs_dev' and driver data structure
'struct ffs_data' are bound to each other with cross-reference pointers
'ffs_data->private_data' and 'ffs_dev->ffs_data'. While the first one
is supposed to be valid through the whole life of 'struct ffs_data'
(and while 'struct ffs_dev' exists non-freed), the second one is cleared
in 'ffs_closed()' (called from 'ffs_data_reset()' or the last
'ffs_data_put()'). This can be called several times, alternating in
different order with 'ffs_free_inst()', that, if possible, clears
the other cross-reference.
As a result, different cases of these calls order may leave stale
cross-reference pointers, used when the pointed structure is already
freed. Even if it occasionally doesn't cause kernel crash, this error
is reported by KASAN-enabled kernel configuration.
For example, the case [last 'ffs_data_put()' - 'ffs_free_inst()'] was
fixed by commit cdafb6d8b8da ("usb: gadget: f_fs: Fix use-after-free in
ffs_free_inst").
The other case ['ffs_data_reset()' - 'ffs_free_inst()' - 'ffs_data_put()']
now causes KASAN reported error [1], when 'ffs_data_reset()' clears
'ffs_dev->ffs_data', then 'ffs_free_inst()' frees the 'struct ffs_dev',
but can't clear 'ffs_data->private_data', which is then accessed
in 'ffs_closed()' called from 'ffs_data_put()'. This happens since
'ffs_dev->ffs_data' reference is cleared too early.
Moreover, one more use case, when 'ffs_free_inst()' is called immediately
after mounting FunctionFS device (that is before the descriptors are
written and 'ffs_ready()' is called), and then 'ffs_data_reset()'
or 'ffs_data_put()' is called from accessing "ep0" file or unmounting
the device. This causes KASAN error report like [2], since
'ffs_dev->ffs_data' is not yet set when 'ffs_free_inst()' can't properly
clear 'ffs_data->private_data', that is later accessed to freed structure.
Fix these (and may be other) cases of stale pointers access by moving
setting and clearing of the mentioned cross-references to the single
places, setting both of them when 'struct ffs_data' is created and
bound to 'struct ffs_dev', and clearing both of them when one of the
structures is destroyed. It seems convenient to make this pointer
initialization and structures binding in 'ffs_acquire_dev()' and
make pointers clearing in 'ffs_release_dev()'. This required some
changes in these functions parameters and return types.
Also, 'ffs_release_dev()' calling requires some cleanup, fixing minor
issues, like (1) 'ffs_release_dev()' is not called if 'ffs_free_inst()'
is called without unmounting the device, and "release_dev" callback
is not called at all, or (2) "release_dev" callback is called before
"ffs_closed" callback on unmounting, which seems to be not correctly
nested with "acquire_dev" and "ffs_ready" callbacks.
Make this cleanup togther with other mentioned 'ffs_release_dev()' changes.
[1]
==================================================================
root@rcar-gen3:~# mkdir /dev/cfs
root@rcar-gen3:~# mkdir /dev/ffs
root@rcar-gen3:~# modprobe libcomposite
root@rcar-gen3:~# mount -t configfs none /dev/cfs
root@rcar-gen3:~# mkdir /dev/cfs/usb_gadget/g1
root@rcar-gen3:~# mkdir /dev/cfs/usb_gadget/g1/functions/ffs.ffs
[ 64.340664] file system registered
root@rcar-gen3:~# mount -t functionfs ffs /dev/ffs
root@rcar-gen3:~# cd /dev/ffs
root@rcar-gen3:/dev/ffs# /home/root/ffs-test
ffs-test: info: ep0: writing descriptors (in v2 format)
[ 83.181442] read descriptors
[ 83.186085] read strings
ffs-test: info: ep0: writing strings
ffs-test: dbg: ep1: starting
ffs-test: dbg: ep2: starting
ffs-test: info: ep1: starts
ffs-test: info: ep2: starts
ffs-test: info: ep0: starts
^C
root@rcar-gen3:/dev/ffs# cd /home/root/
root@rcar-gen3:~# rmdir /dev/cfs/usb_gadget/g1/functions/ffs.ffs
[ 98.935061] unloading
root@rcar-gen3:~# umount /dev/ffs
[ 102.734301] ==================================================================
[ 102.742059] BUG: KASAN: use-after-free in ffs_release_dev+0x64/0xa8 [usb_f_fs]
[ 102.749683] Write of size 1 at addr ffff0004d46ff549 by task umount/2997
[ 102.756709]
[ 102.758311] CPU: 0 PID: 2997 Comm: umount Not tainted 5.13.0-rc4+ #8
[ 102.764971] Hardware name: Renesas Salvator-X board based on r8a77951 (DT)
[ 102.772179] Call trace:
[ 102.774779] dump_backtrace+0x0/0x330
[ 102.778653] show_stack+0x20/0x2c
[ 102.782152] dump_stack+0x11c/0x1ac
[ 102.785833] print_address_description.constprop.0+0x30/0x274
[ 102.791862] kasan_report+0x14c/0x1c8
[ 102.795719] __asan_report_store1_noabort+0x34/0x58
[ 102.800840] ffs_release_dev+0x64/0xa8 [usb_f_fs]
[ 102.805801] ffs_fs_kill_sb+0x50/0x84 [usb_f_fs]
[ 102.810663] deactivate_locked_super+0xa0/0xf0
[ 102.815339] deactivate_super+0x98/0xac
[ 102.819378] cleanup_mnt+0xd0/0x1b0
[ 102.823057] __cleanup_mnt+0x1c/0x28
[ 102.826823] task_work_run+0x104/0x180
[ 102.830774] do_notify_resume+0x458/0x14e0
[ 102.835083] work_pending+0xc/0x5f8
[ 102.838762]
[ 102.840357] Allocated by task 2988:
[ 102.844032] kasan_save_stack+0x28/0x58
[ 102.848071] kasan_set_track+0x28/0x3c
[ 102.852016] ____kasan_kmalloc+0x84/0x9c
[ 102.856142] __kasan_kmalloc+0x10/0x1c
[ 102.860088] __kmalloc+0x214/0x2f8
[ 102.863678] kzalloc.constprop.0+0x14/0x20 [usb_f_fs]
[ 102.868990] ffs_alloc_inst+0x8c/0x208 [usb_f_fs]
[ 102.873942] try_get_usb_function_instance+0xf0/0x164 [libcomposite]
[ 102.880629] usb_get_function_instance+0x64/0x68 [libcomposite]
[ 102.886858] function_make+0x128/0x1ec [libcomposite]
[ 102.892185] configfs_mkdir+0x330/0x590 [configfs]
[ 102.897245] vfs_mkdir+0x12c/0x1bc
[ 102.900835] do_mkdirat+0x180/0x1d0
[ 102.904513] __arm64_sys_mkdirat+0x80/0x94
[ 102.908822] invoke_syscall+0xf8/0x25c
[ 102.912772] el0_svc_common.constprop.0+0x150/0x1a0
[ 102.917891] do_el0_svc+0xa0/0xd4
[ 102.921386] el0_svc+0x24/0x34
[ 102.924613] el0_sync_handler+0xcc/0x154
[ 102.928743] el0_sync+0x198/0x1c0
[ 102.932238]
[ 102.933832] Freed by task 2996:
[ 102.937144] kasan_save_stack+0x28/0x58
[ 102.941181] kasan_set_track+0x28/0x3c
[ 102.945128] kasan_set_free_info+0x28/0x4c
[ 102.949435] ____kasan_slab_free+0x104/0x118
[ 102.953921] __kasan_slab_free+0x18/0x24
[ 102.958047] slab_free_freelist_hook+0x148/0x1f0
[ 102.962897] kfree+0x318/0x440
[ 102.966123] ffs_free_inst+0x164/0x2d8 [usb_f_fs]
[ 102.971075] usb_put_function_instance+0x84/0xa4 [libcomposite]
[ 102.977302] ffs_attr_release+0x18/0x24 [usb_f_fs]
[ 102.982344] config_item_put+0x140/0x1a4 [configfs]
[ 102.987486] configfs_rmdir+0x3fc/0x518 [configfs]
[ 102.992535] vfs_rmdir+0x114/0x234
[ 102.996122] do_rmdir+0x274/0x2b0
[ 102.999617] __arm64_sys_unlinkat+0x94/0xc8
[ 103.004015] invoke_syscall+0xf8/0x25c
[ 103.007961] el0_svc_common.constprop.0+0x150/0x1a0
[ 103.013080] do_el0_svc+0xa0/0xd4
[ 103.016575] el0_svc+0x24/0x34
[ 103.019801] el0_sync_handler+0xcc/0x154
[ 103.023930] el0_sync+0x198/0x1c0
[ 103.027426]
[ 103.029020] The buggy address belongs to the object at ffff0004d46ff500
[ 103.029020] which belongs to the cache kmalloc-128 of size 128
[ 103.042079] The buggy address is located 73 bytes inside of
[ 103.042079] 128-byte region [ffff0004d46ff500, ffff0004d46ff580)
[ 103.054236] The buggy address belongs to the page:
[ 103.059262] page:0000000021aa849b refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0004d46fee00 pfn:0x5146fe
[ 103.070437] head:0000000021aa849b order:1 compound_mapcount:0
[ 103.076456] flags: 0x8000000000010200(slab|head|zone=2)
[ 103.081948] raw: 8000000000010200 fffffc0013521a80 0000000d0000000d ffff0004c0002300
[ 103.090052] raw: ffff0004d46fee00 000000008020001e 00000001ffffffff 0000000000000000
[ 103.098150] page dumped because: kasan: bad access detected
[ 103.103985]
[ 103.105578] Memory state around the buggy address:
[ 103.110602] ffff0004d46ff400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.118161] ffff0004d46ff480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.125726] >ffff0004d46ff500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.133284] ^
[ 103.139120] ffff0004d46ff580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.146679] ffff0004d46ff600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.154238] ==================================================================
[ 103.161792] Disabling lock debugging due to kernel taint
[ 103.167319] Unable to handle kernel paging request at virtual address 0037801d6000018e
[ 103.175406] Mem abort info:
[ 103.178457] ESR = 0x96000004
[ 103.181609] EC = 0x25: DABT (current EL), IL = 32 bits
[ 103.187020] SET = 0, FnV = 0
[ 103.190185] EA = 0, S1PTW = 0
[ 103.193417] Data abort info:
[ 103.196385] ISV = 0, ISS = 0x00000004
[ 103.200315] CM = 0, WnR = 0
[ 103.203366] [0037801d6000018e] address between user and kernel address ranges
[ 103.210611] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 103.216231] Modules linked in: usb_f_fs libcomposite configfs ath9k_htc led_class mac80211 libarc4 ath9k_common ath9k_hw ath cfg80211 aes_ce_blk sata_rc4
[ 103.259233] CPU: 0 PID: 2997 Comm: umount Tainted: G B 5.13.0-rc4+ #8
[ 103.267031] Hardware name: Renesas Salvator-X board based on r8a77951 (DT)
[ 103.273951] pstate: 00000005 (nzcv daif -PAN -UAO -TCO BTYPE=--)
[ 103.280001] pc : ffs_data_clear+0x138/0x370 [usb_f_fs]
[ 103.285197] lr : ffs_data_clear+0x124/0x370 [usb_f_fs]
[ 103.290385] sp : ffff800014777a80
[ 103.293725] x29: ffff800014777a80 x28: ffff0004d7649c80 x27: 0000000000000000
[ 103.300931] x26: ffff800014777fb0 x25: ffff60009aec9394 x24: ffff0004d7649ca4
[ 103.308136] x23: 1fffe0009a3d063a x22: dfff800000000000 x21: ffff0004d1e831d0
[ 103.315340] x20: e1c000eb00000bb4 x19: ffff0004d1e83000 x18: 0000000000000000
[ 103.322545] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 103.329748] x14: 0720072007200720 x13: 0720072007200720 x12: 1ffff000012ef658
[ 103.336952] x11: ffff7000012ef658 x10: 0720072007200720 x9 : ffff800011322648
[ 103.344157] x8 : ffff800014777818 x7 : ffff80000977b2c7 x6 : 0000000000000000
[ 103.351359] x5 : 0000000000000001 x4 : ffff7000012ef659 x3 : 0000000000000001
[ 103.358562] x2 : 0000000000000000 x1 : 1c38001d6000018e x0 : e1c000eb00000c70
[ 103.365766] Call trace:
[ 103.368235] ffs_data_clear+0x138/0x370 [usb_f_fs]
[ 103.373076] ffs_data_reset+0x20/0x304 [usb_f_fs]
[ 103.377829] ffs_data_closed+0x1ec/0x244 [usb_f_fs]
[ 103.382755] ffs_fs_kill_sb+0x70/0x84 [usb_f_fs]
[ 103.387420] deactivate_locked_super+0xa0/0xf0
[ 103.391905] deactivate_super+0x98/0xac
[ 103.395776] cleanup_mnt+0xd0/0x1b0
[ 103.399299] __cleanup_mnt+0x1c/0x28
[ 103.402906] task_work_run+0x104/0x180
[ 103.406691] do_notify_resume+0x458/0x14e0
[ 103.410823] work_pending+0xc/0x5f8
[ 103.414351] Code: b4000a54 9102f280 12000802 d343fc01 (38f66821)
[ 103.420490] ---[ end trace 57b43a50e8244f57 ]---
Segmentation fault
root@rcar-gen3:~#
==================================================================
[2]
==================================================================
root@rcar-gen3:~# mkdir /dev/ffs
root@rcar-gen3:~# modprobe libcomposite
root@rcar-gen3:~#
root@rcar-gen3:~# mount -t configfs none /dev/cfs
root@rcar-gen3:~# mkdir /dev/cfs/usb_gadget/g1
root@rcar-gen3:~# mkdir /dev/cfs/usb_gadget/g1/functions/ffs.ffs
[ 54.766480] file system registered
root@rcar-gen3:~# mount -t functionfs ffs /dev/ffs
root@rcar-gen3:~# rmdir /dev/cfs/usb_gadget/g1/functions/ffs.ffs
[ 63.197597] unloading
root@rcar-gen3:~# cat /dev/ffs/ep0
cat: read error:[ 67.213506] ==================================================================
[ 67.222095] BUG: KASAN: use-after-free in ffs_data_clear+0x70/0x370 [usb_f_fs]
[ 67.229699] Write of size 1 at addr ffff0004c26e974a by task cat/2994
[ 67.236446]
[ 67.238045] CPU: 0 PID: 2994 Comm: cat Not tainted 5.13.0-rc4+ #8
[ 67.244431] Hardware name: Renesas Salvator-X board based on r8a77951 (DT)
[ 67.251624] Call trace:
[ 67.254212] dump_backtrace+0x0/0x330
[ 67.258081] show_stack+0x20/0x2c
[ 67.261579] dump_stack+0x11c/0x1ac
[ 67.265260] print_address_description.constprop.0+0x30/0x274
[ 67.271286] kasan_report+0x14c/0x1c8
[ 67.275143] __asan_report_store1_noabort+0x34/0x58
[ 67.280265] ffs_data_clear+0x70/0x370 [usb_f_fs]
[ 67.285220] ffs_data_reset+0x20/0x304 [usb_f_fs]
[ 67.290172] ffs_data_closed+0x240/0x244 [usb_f_fs]
[ 67.295305] ffs_ep0_release+0x40/0x54 [usb_f_fs]
[ 67.300256] __fput+0x304/0x580
[ 67.303576] ____fput+0x18/0x24
[ 67.306893] task_work_run+0x104/0x180
[ 67.310846] do_notify_resume+0x458/0x14e0
[ 67.315154] work_pending+0xc/0x5f8
[ 67.318834]
[ 67.320429] Allocated by task 2988:
[ 67.324105] kasan_save_stack+0x28/0x58
[ 67.328144] kasan_set_track+0x28/0x3c
[ 67.332090] ____kasan_kmalloc+0x84/0x9c
[ 67.336217] __kasan_kmalloc+0x10/0x1c
[ 67.340163] __kmalloc+0x214/0x2f8
[ 67.343754] kzalloc.constprop.0+0x14/0x20 [usb_f_fs]
[ 67.349066] ffs_alloc_inst+0x8c/0x208 [usb_f_fs]
[ 67.354017] try_get_usb_function_instance+0xf0/0x164 [libcomposite]
[ 67.360705] usb_get_function_instance+0x64/0x68 [libcomposite]
[ 67.366934] function_make+0x128/0x1ec [libcomposite]
[ 67.372260] configfs_mkdir+0x330/0x590 [configfs]
[ 67.377320] vfs_mkdir+0x12c/0x1bc
[ 67.380911] do_mkdirat+0x180/0x1d0
[ 67.384589] __arm64_sys_mkdirat+0x80/0x94
[ 67.388899] invoke_syscall+0xf8/0x25c
[ 67.392850] el0_svc_common.constprop.0+0x150/0x1a0
[ 67.397969] do_el0_svc+0xa0/0xd4
[ 67.401464] el0_svc+0x24/0x34
[ 67.404691] el0_sync_handler+0xcc/0x154
[ 67.408819] el0_sync+0x198/0x1c0
[ 67.412315]
[ 67.413909] Freed by task 2993:
[ 67.417220] kasan_save_stack+0x28/0x58
[ 67.421257] kasan_set_track+0x28/0x3c
[ 67.425204] kasan_set_free_info+0x28/0x4c
[ 67.429513] ____kasan_slab_free+0x104/0x118
[ 67.434001] __kasan_slab_free+0x18/0x24
[ 67.438128] slab_free_freelist_hook+0x148/0x1f0
[ 67.442978] kfree+0x318/0x440
[ 67.446205] ffs_free_inst+0x164/0x2d8 [usb_f_fs]
[ 67.451156] usb_put_function_instance+0x84/0xa4 [libcomposite]
[ 67.457385] ffs_attr_release+0x18/0x24 [usb_f_fs]
[ 67.462428] config_item_put+0x140/0x1a4 [configfs]
[ 67.467570] configfs_rmdir+0x3fc/0x518 [configfs]
[ 67.472626] vfs_rmdir+0x114/0x234
[ 67.476215] do_rmdir+0x274/0x2b0
[ 67.479710] __arm64_sys_unlinkat+0x94/0xc8
[ 67.484108] invoke_syscall+0xf8/0x25c
[ 67.488055] el0_svc_common.constprop.0+0x150/0x1a0
[ 67.493175] do_el0_svc+0xa0/0xd4
[ 67.496671] el0_svc+0x24/0x34
[ 67.499896] el0_sync_handler+0xcc/0x154
[ 67.504024] el0_sync+0x198/0x1c0
[ 67.507520]
[ 67.509114] The buggy address belongs to the object at ffff0004c26e9700
[ 67.509114] which belongs to the cache kmalloc-128 of size 128
[ 67.522171] The buggy address is located 74 bytes inside of
[ 67.522171] 128-byte region [ffff0004c26e9700, ffff0004c26e9780)
[ 67.534328] The buggy address belongs to the page:
[ 67.539355] page:000000003177a217 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5026e8
[ 67.549175] head:000000003177a217 order:1 compound_mapcount:0
[ 67.555195] flags: 0x8000000000010200(slab|head|zone=2)
[ 67.560687] raw: 8000000000010200 fffffc0013037100 0000000c00000002 ffff0004c0002300
[ 67.568791] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 67.576890] page dumped because: kasan: bad access detected
[ 67.582725]
[ 67.584318] Memory state around the buggy address:
[ 67.589343] ffff0004c26e9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 67.596903] ffff0004c26e9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 67.604463] >ffff0004c26e9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 67.612022] ^
[ 67.617860] ffff0004c26e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 67.625421] ffff0004c26e9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 67.632981] ==================================================================
[ 67.640535] Disabling lock debugging due to kernel taint
File descriptor[ 67.646100] Unable to handle kernel paging request at virtual address fabb801d4000018d
in bad state
[ 67.655456] Mem abort info:
[ 67.659619] ESR = 0x96000004
[ 67.662801] EC = 0x25: DABT (current EL), IL = 32 bits
[ 67.668225] SET = 0, FnV = 0
[ 67.671375] EA = 0, S1PTW = 0
[ 67.674613] Data abort info:
[ 67.677587] ISV = 0, ISS = 0x00000004
[ 67.681522] CM = 0, WnR = 0
[ 67.684588] [fabb801d4000018d] address between user and kernel address ranges
[ 67.691849] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 67.697470] Modules linked in: usb_f_fs libcomposite configfs ath9k_htc led_class mac80211 libarc4 ath9k_common ath9k_hw ath cfg80211 aes_ce_blk crypto_simd cryptd aes_ce_cipher ghash_ce gf128mul sha2_ce sha1_ce evdev sata_rcar libata xhci_plat_hcd scsi_mod xhci_hcd rene4
[ 67.740467] CPU: 0 PID: 2994 Comm: cat Tainted: G B 5.13.0-rc4+ #8
[ 67.748005] Hardware name: Renesas Salvator-X board based on r8a77951 (DT)
[ 67.754924] pstate: 00000005 (nzcv daif -PAN -UAO -TCO BTYPE=--)
[ 67.760974] pc : ffs_data_clear+0x138/0x370 [usb_f_fs]
[ 67.766178] lr : ffs_data_clear+0x124/0x370 [usb_f_fs]
[ 67.771365] sp : ffff800014767ad0
[ 67.774706] x29: ffff800014767ad0 x28: ffff800009cf91c0 x27: ffff0004c54861a0
[ 67.781913] x26: ffff0004dc90b288 x25: 1fffe00099ec10f5 x24: 00000000000a801d
[ 67.789118] x23: 1fffe00099f6953a x22: dfff800000000000 x21: ffff0004cfb4a9d0
[ 67.796322] x20: d5e000ea00000bb1 x19: ffff0004cfb4a800 x18: 0000000000000000
[ 67.803526] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 67.810730] x14: 0720072007200720 x13: 0720072007200720 x12: 1ffff000028ecefa
[ 67.817934] x11: ffff7000028ecefa x10: 0720072007200720 x9 : ffff80001132c014
[ 67.825137] x8 : ffff8000147677d8 x7 : ffff8000147677d7 x6 : 0000000000000000
[ 67.832341] x5 : 0000000000000001 x4 : ffff7000028ecefb x3 : 0000000000000001
[ 67.839544] x2 : 0000000000000005 x1 : 1abc001d4000018d x0 : d5e000ea00000c6d
[ 67.846748] Call trace:
[ 67.849218] ffs_data_clear+0x138/0x370 [usb_f_fs]
[ 67.854058] ffs_data_reset+0x20/0x304 [usb_f_fs]
[ 67.858810] ffs_data_closed+0x240/0x244 [usb_f_fs]
[ 67.863736] ffs_ep0_release+0x40/0x54 [usb_f_fs]
[ 67.868488] __fput+0x304/0x580
[ 67.871665] ____fput+0x18/0x24
[ 67.874837] task_work_run+0x104/0x180
[ 67.878622] do_notify_resume+0x458/0x14e0
[ 67.882754] work_pending+0xc/0x5f8
[ 67.886282] Code: b4000a54 9102f280 12000802 d343fc01 (38f66821)
[ 67.892422] ---[ end trace 6d7cedf53d7abbea ]---
Segmentation fault
root@rcar-gen3:~#
==================================================================
Fixes: 4b187fceec3c ("usb: gadget: FunctionFS: add devices management code")
Fixes: 3262ad824307 ("usb: gadget: f_fs: Stop ffs_closed NULL pointer dereference")
Fixes: cdafb6d8b8da ("usb: gadget: f_fs: Fix use-after-free in ffs_free_inst")
Reported-by: Bhuvanesh Surachari <bhuvanesh_surachari@mentor.com>
Tested-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20210603171507.22514-1-andrew_gabbasov@mentor.com
[agabbasov: Backported to earlier mount API, resolved context conflicts]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 67 +++++++++++++++++--------------------
1 file changed, 32 insertions(+), 35 deletions(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -247,8 +247,8 @@ EXPORT_SYMBOL_GPL(ffs_lock);
static struct ffs_dev *_ffs_find_dev(const char *name);
static struct ffs_dev *_ffs_alloc_dev(void);
static void _ffs_free_dev(struct ffs_dev *dev);
-static void *ffs_acquire_dev(const char *dev_name);
-static void ffs_release_dev(struct ffs_data *ffs_data);
+static int ffs_acquire_dev(const char *dev_name, struct ffs_data *ffs_data);
+static void ffs_release_dev(struct ffs_dev *ffs_dev);
static int ffs_ready(struct ffs_data *ffs);
static void ffs_closed(struct ffs_data *ffs);
@@ -1505,7 +1505,6 @@ ffs_fs_mount(struct file_system_type *t,
};
struct dentry *rv;
int ret;
- void *ffs_dev;
struct ffs_data *ffs;
ENTER();
@@ -1526,19 +1525,16 @@ ffs_fs_mount(struct file_system_type *t,
return ERR_PTR(-ENOMEM);
}
- ffs_dev = ffs_acquire_dev(dev_name);
- if (IS_ERR(ffs_dev)) {
+ ret = ffs_acquire_dev(dev_name, ffs);
+ if (ret) {
ffs_data_put(ffs);
- return ERR_CAST(ffs_dev);
+ return ERR_PTR(ret);
}
- ffs->private_data = ffs_dev;
data.ffs_data = ffs;
rv = mount_nodev(t, flags, &data, ffs_sb_fill);
- if (IS_ERR(rv) && data.ffs_data) {
- ffs_release_dev(data.ffs_data);
+ if (IS_ERR(rv) && data.ffs_data)
ffs_data_put(data.ffs_data);
- }
return rv;
}
@@ -1548,10 +1544,8 @@ ffs_fs_kill_sb(struct super_block *sb)
ENTER();
kill_litter_super(sb);
- if (sb->s_fs_info) {
- ffs_release_dev(sb->s_fs_info);
+ if (sb->s_fs_info)
ffs_data_closed(sb->s_fs_info);
- }
}
static struct file_system_type ffs_fs_type = {
@@ -1620,6 +1614,7 @@ static void ffs_data_put(struct ffs_data
if (unlikely(refcount_dec_and_test(&ffs->ref))) {
pr_info("%s(): freeing\n", __func__);
ffs_data_clear(ffs);
+ ffs_release_dev(ffs->private_data);
BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
waitqueue_active(&ffs->ep0req_completion.wait) ||
waitqueue_active(&ffs->wait));
@@ -2924,6 +2919,7 @@ static inline struct f_fs_opts *ffs_do_f
struct ffs_function *func = ffs_func_from_usb(f);
struct f_fs_opts *ffs_opts =
container_of(f->fi, struct f_fs_opts, func_inst);
+ struct ffs_data *ffs_data;
int ret;
ENTER();
@@ -2938,12 +2934,13 @@ static inline struct f_fs_opts *ffs_do_f
if (!ffs_opts->no_configfs)
ffs_dev_lock();
ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
- func->ffs = ffs_opts->dev->ffs_data;
+ ffs_data = ffs_opts->dev->ffs_data;
if (!ffs_opts->no_configfs)
ffs_dev_unlock();
if (ret)
return ERR_PTR(ret);
+ func->ffs = ffs_data;
func->conf = c;
func->gadget = c->cdev->gadget;
@@ -3398,6 +3395,7 @@ static void ffs_free_inst(struct usb_fun
struct f_fs_opts *opts;
opts = to_f_fs_opts(f);
+ ffs_release_dev(opts->dev);
ffs_dev_lock();
_ffs_free_dev(opts->dev);
ffs_dev_unlock();
@@ -3585,47 +3583,48 @@ static void _ffs_free_dev(struct ffs_dev
{
list_del(&dev->entry);
- /* Clear the private_data pointer to stop incorrect dev access */
- if (dev->ffs_data)
- dev->ffs_data->private_data = NULL;
-
kfree(dev);
if (list_empty(&ffs_devices))
functionfs_cleanup();
}
-static void *ffs_acquire_dev(const char *dev_name)
+static int ffs_acquire_dev(const char *dev_name, struct ffs_data *ffs_data)
{
+ int ret = 0;
struct ffs_dev *ffs_dev;
ENTER();
ffs_dev_lock();
ffs_dev = _ffs_find_dev(dev_name);
- if (!ffs_dev)
- ffs_dev = ERR_PTR(-ENOENT);
- else if (ffs_dev->mounted)
- ffs_dev = ERR_PTR(-EBUSY);
- else if (ffs_dev->ffs_acquire_dev_callback &&
- ffs_dev->ffs_acquire_dev_callback(ffs_dev))
- ffs_dev = ERR_PTR(-ENOENT);
- else
+ if (!ffs_dev) {
+ ret = -ENOENT;
+ } else if (ffs_dev->mounted) {
+ ret = -EBUSY;
+ } else if (ffs_dev->ffs_acquire_dev_callback &&
+ ffs_dev->ffs_acquire_dev_callback(ffs_dev)) {
+ ret = -ENOENT;
+ } else {
ffs_dev->mounted = true;
+ ffs_dev->ffs_data = ffs_data;
+ ffs_data->private_data = ffs_dev;
+ }
ffs_dev_unlock();
- return ffs_dev;
+ return ret;
}
-static void ffs_release_dev(struct ffs_data *ffs_data)
+static void ffs_release_dev(struct ffs_dev *ffs_dev)
{
- struct ffs_dev *ffs_dev;
-
ENTER();
ffs_dev_lock();
- ffs_dev = ffs_data->private_data;
- if (ffs_dev) {
+ if (ffs_dev && ffs_dev->mounted) {
ffs_dev->mounted = false;
+ if (ffs_dev->ffs_data) {
+ ffs_dev->ffs_data->private_data = NULL;
+ ffs_dev->ffs_data = NULL;
+ }
if (ffs_dev->ffs_release_dev_callback)
ffs_dev->ffs_release_dev_callback(ffs_dev);
@@ -3653,7 +3652,6 @@ static int ffs_ready(struct ffs_data *ff
}
ffs_obj->desc_ready = true;
- ffs_obj->ffs_data = ffs;
if (ffs_obj->ffs_ready_callback) {
ret = ffs_obj->ffs_ready_callback(ffs);
@@ -3681,7 +3679,6 @@ static void ffs_closed(struct ffs_data *
goto done;
ffs_obj->desc_ready = false;
- ffs_obj->ffs_data = NULL;
if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
ffs_obj->ffs_closed_callback)
next prev parent reply other threads:[~2021-07-19 15:50 UTC|newest]
Thread overview: 321+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-19 14:48 [PATCH 4.14 000/315] 4.14.240-rc1 review Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 001/315] ALSA: usb-audio: fix rate on Ozone Z90 USB headset Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 002/315] media: dvb-usb: fix wrong definition Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 003/315] Input: usbtouchscreen - fix control-request directions Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 004/315] net: can: ems_usb: fix use-after-free in ems_usb_disconnect() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 005/315] usb: gadget: eem: fix echo command packet response issue Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 006/315] USB: cdc-acm: blacklist Heimann USB Appset device Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 007/315] ntfs: fix validity check for file name attribute Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 008/315] [xarray] iov_iter_fault_in_readable() should do nothing in xarray case Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 009/315] Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 010/315] ARM: dts: at91: sama5d4: fix pinctrl muxing Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 011/315] btrfs: send: fix invalid path for unlink operations after parent orphanization Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 012/315] btrfs: clear defrag status of a root if starting transaction fails Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 013/315] ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 014/315] ext4: fix kernel infoleak via ext4_extent_header Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 015/315] ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 016/315] ext4: remove check for zero nr_to_scan in ext4_es_scan() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 017/315] ext4: fix avefreec in find_group_orlov Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 018/315] ext4: use ext4_grp_locked_error in mb_find_extent Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 019/315] can: bcm: delay release of struct bcm_op after synchronize_rcu() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 020/315] can: gw: synchronize rcu operations before removing gw job entry Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 021/315] can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 022/315] SUNRPC: Fix the batch tasks count wraparound Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 023/315] SUNRPC: Should wake up the privileged task firstly Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 024/315] s390/cio: dont call css_wait_for_slow_path() inside a lock Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 025/315] rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 026/315] iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 027/315] iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 028/315] iio: ltr501: ltr501_read_ps(): add missing endianness conversion Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 029/315] serial: sh-sci: Stop dmaengine transfer in sci_stop_tx() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 030/315] serial_cs: Add Option International GSM-Ready 56K/ISDN modem Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 031/315] serial_cs: remove wrong GLOBETROTTER.cis entry Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 032/315] ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 033/315] ssb: sdio: Dont overwrite const buffer if block_write fails Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 034/315] rsi: Assign beacon rate settings to the correct rate_info descriptor field Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 035/315] seq_buf: Make trace_seq_putmem_hex() support data longer than 8 Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 036/315] fuse: check connected before queueing on fpq->io Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 037/315] spi: Make of_register_spi_device also set the fwnode Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 038/315] spi: spi-loopback-test: Fix tx_buf might be rx_buf Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 039/315] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 040/315] spi: omap-100k: Fix the length judgment problem Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 041/315] crypto: nx - add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 042/315] media: cpia2: fix memory leak in cpia2_usb_probe Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 043/315] media: cobalt: fix race condition in setting HPD Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 044/315] media: pvrusb2: fix warning in pvr2_i2c_core_done Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 045/315] crypto: qat - check return code of qat_hal_rd_rel_reg() Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 046/315] crypto: qat - remove unused macro in FW loader Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 047/315] media: em28xx: Fix possible memory leak of em28xx struct Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 048/315] media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 049/315] media: bt8xx: Fix a missing check bug in bt878_probe Greg Kroah-Hartman
2021-07-19 14:48 ` [PATCH 4.14 050/315] media: st-hva: Fix potential NULL pointer dereferences Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 051/315] media: dvd_usb: memory leak in cinergyt2_fe_attach Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 052/315] mmc: via-sdmmc: add a check against NULL pointer dereference Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 053/315] crypto: shash - avoid comparing pointers to exported functions under CFI Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 054/315] media: dvb_net: avoid speculation from net slot Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 055/315] media: siano: fix device register error path Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 056/315] btrfs: fix error handling in __btrfs_update_delayed_inode Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 057/315] btrfs: abort transaction if we fail to update the delayed inode Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 058/315] btrfs: disable build on platforms having page size 256K Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 059/315] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 060/315] HID: do not use down_interruptible() when unbinding devices Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 061/315] ACPI: processor idle: Fix up C-state latency if not ordered Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 062/315] hv_utils: Fix passing zero to PTR_ERR warning Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 063/315] lib: vsprintf: Fix handling of number field widths in vsscanf Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 064/315] ACPI: EC: Make more Asus laptops use ECDT _GPE Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 065/315] block_dump: remove block_dump feature in mark_inode_dirty() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 066/315] fs: dlm: cancel work sync othercon Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 067/315] random32: Fix implicit truncation warning in prandom_seed_state() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 068/315] fs: dlm: fix memory leak when fenced Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 069/315] ACPICA: Fix memory leak caused by _CID repair function Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 070/315] ACPI: bus: Call kobject_put() in acpi_init() error path Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 071/315] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 072/315] ACPI: tables: Add custom DSDT file as makefile prerequisite Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 073/315] HID: wacom: Correct base usage for capacitive ExpressKey status bits Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 074/315] ia64: mca_drv: fix incorrect array size calculation Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 075/315] media: s5p_cec: decrement usage count if disabled Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 076/315] crypto: ixp4xx - dma_unmap the correct address Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 077/315] crypto: ux500 - Fix error return code in hash_hw_final() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 078/315] sata_highbank: fix deferred probing Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 079/315] pata_rb532_cf: " Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 080/315] media: I2C: change RST to "RSET" to fix multiple build errors Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 081/315] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 082/315] crypto: ccp - Fix a resource leak in an error handling path Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 083/315] pata_ep93xx: fix deferred probing Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 084/315] media: exynos4-is: Fix a use after free in isp_video_release Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 085/315] media: tc358743: Fix error return code in tc358743_probe_of() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 086/315] media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 087/315] mmc: usdhi6rol0: fix error return code in usdhi6_probe() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 088/315] media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 089/315] hwmon: (max31722) Remove non-standard ACPI device IDs Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 090/315] hwmon: (max31790) Fix fan speed reporting for fan7..12 Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 091/315] btrfs: clear log tree recovering status if starting transaction fails Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 092/315] spi: spi-sun6i: Fix chipselect/clock bug Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 093/315] crypto: nx - Fix RCU warning in nx842_OF_upd_status Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 094/315] ACPI: sysfs: Fix a buffer overrun problem with description_show() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 095/315] ocfs2: fix snprintf() checking Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 096/315] net: pch_gbe: Propagate error from devm_gpio_request_one() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 097/315] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 098/315] ehea: fix error return code in ehea_restart_qps() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 099/315] RDMA/rxe: Fix failure during driver load Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 100/315] drm: qxl: ensure surf.data is ininitialized Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 101/315] wireless: carl9170: fix LEDS build errors & warnings Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 102/315] brcmsmac: mac80211_if: Fix a resource leak in an error handling path Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 103/315] ath10k: Fix an error code in ath10k_add_interface() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 104/315] netlabel: Fix memory leak in netlbl_mgmt_add_common Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 105/315] netfilter: nft_exthdr: check for IPv6 packet before further processing Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 106/315] samples/bpf: Fix the error return code of xdp_redirects main() Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 107/315] net: ethernet: aeroflex: fix UAF in greth_of_remove Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 108/315] net: ethernet: ezchip: fix UAF in nps_enet_remove Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 109/315] net: ethernet: ezchip: fix error handling Greg Kroah-Hartman
2021-07-19 14:49 ` [PATCH 4.14 110/315] pkt_sched: sch_qfq: fix qfq_change_class() error path Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 111/315] vxlan: add missing rcu_read_lock() in neigh_reduce() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 112/315] net: bcmgenet: Fix attaching to PYH failed on RPi 4B Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 113/315] i40e: Fix error handling in i40e_vsi_open Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 114/315] Revert "ibmvnic: remove duplicate napi_schedule call in open function" Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 115/315] Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 116/315] writeback: fix obtain a reference to a freeing memcg css Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 117/315] net: sched: fix warning in tcindex_alloc_perfect_hash Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 118/315] tty: nozomi: Fix a resource leak in an error handling function Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 119/315] mwifiex: re-fix for unaligned accesses Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 120/315] iio: adis_buffer: do not return ints in irq handlers Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 121/315] iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 122/315] iio: accel: bma220: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 123/315] iio: accel: hid: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 124/315] iio: accel: kxcjk-1013: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 125/315] iio: accel: stk8312: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 126/315] iio: accel: stk8ba50: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 127/315] iio: adc: ti-ads1015: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 128/315] iio: adc: vf610: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 129/315] iio: gyro: bmg160: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 130/315] iio: humidity: am2315: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 131/315] iio: prox: srf08: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 132/315] iio: prox: pulsed-light: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 133/315] iio: prox: as3935: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 134/315] iio: light: isl29125: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 135/315] iio: light: tcs3414: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 136/315] iio: potentiostat: lmp91000: Fix alignment of buffer " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 137/315] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 138/315] Input: hil_kbd - fix error return code in hil_dev_connect() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 139/315] char: pcmcia: error out if num_bytes_read is greater than 4 in set_protocol() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 140/315] tty: nozomi: Fix the error handling path of nozomi_card_init() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 141/315] scsi: FlashPoint: Rename si_flags field Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 142/315] s390: appldata depends on PROC_SYSCTL Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 143/315] eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 144/315] iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 145/315] staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 146/315] staging: gdm724x: check for overflow in gdm_lte_netif_rx() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 147/315] ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 148/315] of: Fix truncation of memory sizes on 32-bit platforms Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 149/315] scsi: mpt3sas: Fix error return value in _scsih_expander_add() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 150/315] phy: ti: dm816x: Fix the error handling path in dm816x_usb_phy_probe() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 151/315] extcon: sm5502: Drop invalid register write in sm5502_reg_data Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 152/315] extcon: max8997: Add missing modalias string Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 153/315] configfs: fix memleak in configfs_release_bin_file Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 154/315] leds: as3645a: Fix error return code in as3645a_parse_node() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 155/315] leds: ktd2692: Fix an error handling path Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 156/315] mm/huge_memory.c: dont discard hugepage if other processes are mapping it Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 157/315] selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 158/315] mmc: vub3000: fix control-request direction Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 159/315] scsi: core: Retry I/O for Notify (Enable Spinup) Required error Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 160/315] drm/mxsfb: Dont select DRM_KMS_FB_HELPER Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 161/315] drm/zte: " Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 162/315] drm/amd/amdgpu/sriov disable all ip hw status by default Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 163/315] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 164/315] hugetlb: clear huge pte during flush function on mips platform Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 165/315] atm: iphase: fix possible use-after-free in ia_module_exit() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 166/315] mISDN: fix possible use-after-free in HFC_cleanup() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 167/315] atm: nicstar: Fix possible use-after-free in nicstar_cleanup() Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 168/315] net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 169/315] reiserfs: add check for invalid 1st journal block Greg Kroah-Hartman
2021-07-19 14:50 ` [PATCH 4.14 170/315] drm/virtio: Fix double free on probe failure Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 171/315] udf: Fix NULL pointer dereference in udf_symlink function Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 172/315] e100: handle eeprom as little endian Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 173/315] clk: renesas: r8a77995: Add ZA2 clock Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 174/315] clk: tegra: Ensure that PLLU configuration is applied properly Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 175/315] ipv6: use prandom_u32() for ID generation Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 176/315] RDMA/cxgb4: Fix missing error code in create_qp() Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 177/315] dm space maps: dont reset space map allocation cursor when committing Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 178/315] virtio_net: Remove BUG() to avoid machine dead Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 179/315] net: bcmgenet: check return value after calling platform_get_resource() Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 180/315] net: micrel: " Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 181/315] fjes: " Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 182/315] selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 183/315] xfrm: Fix error reporting in xfrm_state_construct Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 184/315] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 185/315] wl1251: Fix possible buffer overflow in wl1251_cmd_scan Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 186/315] cw1200: add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 187/315] MIPS: add PMD table accounting into MIPSpmd_alloc_one Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 188/315] atm: nicstar: use dma_free_coherent instead of kfree Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 189/315] atm: nicstar: register the interrupt handler in the right place Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 190/315] vsock: notify server to shutdown when client has pending signal Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 191/315] RDMA/rxe: Dont overwrite errno from ib_umem_get() Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 192/315] iwlwifi: mvm: dont change band on bound PHY contexts Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 193/315] sfc: avoid double pci_remove of VFs Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 194/315] sfc: error code if SRIOV cannot be disabled Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 195/315] wireless: wext-spy: Fix out-of-bounds warning Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 196/315] RDMA/cma: Fix rdma_resolve_route() memory leak Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 197/315] Bluetooth: Fix the HCI to MGMT status conversion table Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 198/315] Bluetooth: Shutdown controller after workqueues are flushed or cancelled Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 199/315] Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 200/315] sctp: validate from_addr_param return Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 201/315] sctp: add size validation when walking chunks Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 202/315] fscrypt: dont ignore minor_hash when hash is 0 Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 203/315] bdi: Do not use freezable workqueue Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 204/315] fuse: reject internal errno Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 205/315] mac80211: fix memory corruption in EAPOL handling Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 206/315] powerpc/barrier: Avoid collision with clangs __lwsync macro Greg Kroah-Hartman
2021-07-19 14:51 ` Greg Kroah-Hartman [this message]
2021-07-19 14:51 ` [PATCH 4.14 208/315] drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 209/315] pinctrl/amd: Add device HID for new AMD GPIO controller Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 210/315] mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 211/315] mmc: core: clear flags before allowing to retune Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 212/315] mmc: core: Allow UHS-I voltage switch for SDSC cards if supported Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 213/315] ata: ahci_sunxi: Disable DIPM Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 214/315] cpu/hotplug: Cure the cpusets trainwreck Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 215/315] ASoC: tegra: Set driver_name=tegra for all machine drivers Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 216/315] qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 217/315] ipmi/watchdog: Stop watchdog timer when the current action is none Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 218/315] power: supply: ab8500: Fix an old bug Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 219/315] seq_buf: Fix overflow in seq_buf_putmem_hex() Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 220/315] tracing: Simplify & fix saved_tgids logic Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 221/315] ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 222/315] dm btree remove: assign new_root only when removal succeeds Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 223/315] media: dtv5100: fix control-request directions Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 224/315] media: zr364xx: fix memory leak in zr364xx_start_readpipe Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 225/315] media: gspca/sq905: fix control-request direction Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 226/315] media: gspca/sunplus: fix zero-length control requests Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 227/315] media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 228/315] jfs: fix GPF in diFree Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 229/315] smackfs: restrict bytes count in smk_set_cipso() Greg Kroah-Hartman
2021-07-19 14:51 ` [PATCH 4.14 230/315] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 231/315] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 232/315] scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 233/315] tracing: Do not reference char * as a string in histograms Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 234/315] PCI: aardvark: Dont rely on jiffies while holding spinlock Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 235/315] PCI: aardvark: Fix kernel panic during PIO transfer Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 236/315] tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 237/315] misc/libmasm/module: Fix two use after free in ibmasm_init_one Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 238/315] Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 239/315] w1: ds2438: fixing bug that would always get page0 Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 240/315] scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 241/315] scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 242/315] scsi: core: Cap scsi_host cmd_per_lun at can_queue Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 243/315] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 244/315] fs/jfs: Fix missing error code in lmLogInit() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 245/315] scsi: iscsi: Add iscsi_cls_conn refcount helpers Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 246/315] scsi: iscsi: Fix shost->max_id use Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 247/315] scsi: qedi: Fix null ref during abort handling Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 248/315] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 249/315] s390/sclp_vt220: fix console name to match device Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 250/315] ALSA: sb: Fix potential double-free of CSP mixer elements Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 251/315] powerpc/ps3: Add dma_mask to ps3_dma_region Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 252/315] gpio: zynq: Check return value of pm_runtime_get_sync Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 253/315] ALSA: ppc: fix error return code in snd_pmac_probe() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 254/315] selftests/powerpc: Fix "no_handler" EBB selftest Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 255/315] ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 256/315] ALSA: bebob: add support for ToneWeal FW66 Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 257/315] usb: gadget: f_hid: fix endianness issue with descriptors Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 258/315] usb: gadget: hid: fix error return code in hid_bind() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 259/315] powerpc/boot: Fixup device-tree on little endian Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 260/315] backlight: lm3630a: Fix return code of .update_status() callback Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 261/315] ALSA: hda: Add IRQ check for platform_get_irq() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 262/315] staging: rtl8723bs: fix macro value for 2.4Ghz only device Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 263/315] intel_th: Wait until port is in reset before programming it Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 264/315] i2c: core: Disable client irq on reboot/shutdown Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 265/315] lib/decompress_unlz4.c: correctly handle zero-padding around initrds Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 266/315] pwm: spear: Dont modify HW state in .remove callback Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 267/315] power: supply: ab8500: Avoid NULL pointers Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 268/315] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 269/315] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 270/315] ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 271/315] watchdog: Fix possible use-after-free in wdt_startup() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 272/315] watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 273/315] watchdog: Fix possible use-after-free by calling del_timer_sync() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 274/315] watchdog: iTCO_wdt: Account for rebooting on second timeout Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 275/315] x86/fpu: Return proper error codes from user access functions Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 276/315] orangefs: fix orangefs df output Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 277/315] ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 278/315] NFS: nfs_find_open_context() may only select open files Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 279/315] power: supply: charger-manager: add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 280/315] power: supply: ab8500: " Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 281/315] pwm: tegra: Dont modify HW state in .remove callback Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 282/315] ACPI: AMBA: Fix resource name in /proc/iomem Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 283/315] ACPI: video: Add quirk for the Dell Vostro 3350 Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 284/315] virtio-blk: Fix memory leak among suspend/resume procedure Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 285/315] virtio_net: Fix error handling in virtnet_restore() Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 286/315] virtio_console: Assure used length from device is limited Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 287/315] f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 288/315] PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 289/315] power: supply: rt5033_battery: Fix device tree enumeration Greg Kroah-Hartman
2021-07-19 14:52 ` [PATCH 4.14 290/315] um: fix error return code in slip_open() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 291/315] um: fix error return code in winch_tramp() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 292/315] watchdog: aspeed: fix hardware timeout calculation Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 293/315] nfs: fix acl memory leak of posix_acl_create() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 294/315] ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 295/315] x86/fpu: Limit xstate copy size in xstateregs_set() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 296/315] ALSA: isa: Fix error return code in snd_cmi8330_probe() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 297/315] NFSv4/pNFS: Dont call _nfs4_pnfs_v3_ds_connect multiple times Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 298/315] hexagon: use common DISCARDS macro Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 299/315] reset: a10sr: add missing of_match_table reference Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 300/315] ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 301/315] ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 302/315] memory: atmel-ebi: add missing of_node_put for loop iteration Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 303/315] rtc: fix snprintf() checking in is_rtc_hctosys() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 304/315] ARM: dts: r8a7779, marzen: Fix DU clock names Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 305/315] arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 Greg Kroah-Hartman
2021-07-19 15:47 ` Naresh Kamboju
2021-07-19 18:42 ` Greg Kroah-Hartman
2021-07-20 8:21 ` Petr Vorel
2021-07-20 8:15 ` Petr Vorel
2021-07-19 14:53 ` [PATCH 4.14 306/315] ARM: dts: BCM5301X: Fixup SPI binding Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 307/315] reset: bail if try_module_get() fails Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 308/315] memory: fsl_ifc: fix leak of IO mapping on probe failure Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 309/315] memory: fsl_ifc: fix leak of private memory " Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 310/315] ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 311/315] scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 312/315] mips: always link byteswap helpers into decompressor Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 313/315] mips: disable branch profiling in boot/decompress.o Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 314/315] MIPS: vdso: Invalid GIC access through VDSO Greg Kroah-Hartman
2021-07-19 14:53 ` [PATCH 4.14 315/315] net: bridge: multicast: fix PIM hello router port marking race Greg Kroah-Hartman
2021-07-19 15:58 ` [PATCH 4.14 000/315] 4.14.240-rc1 review Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210719144950.234580892@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andrew_gabbasov@mentor.com \
--cc=bhuvanesh_surachari@mentor.com \
--cc=erosca@de.adit-jv.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).