stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
@ 2021-04-21 12:58 ` Greg Kroah-Hartman
  2021-04-21 17:54   ` Rafael J. Wysocki
  2021-04-27 14:50   ` Greg Kroah-Hartman
  2021-04-21 12:58 ` [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()" Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  8 siblings, 2 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 12:58 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, Qiushi Wu, 4 . 10+, Rafael J . Wysocki

This reverts commit 4d8be4bc94f74bb7d096e1c2e44457b530d5a170.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Qiushi Wu <wu000273@umn.edu>
Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/acpi/cppc_acpi.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 69057fcd2c04..42650b34e45e 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -830,7 +830,6 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
 			"acpi_cppc");
 	if (ret) {
 		per_cpu(cpc_desc_ptr, pr->id) = NULL;
-		kobject_put(&cpc_ptr->kobj);
 		goto out_free;
 	}
 
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
  2021-04-21 12:58 ` [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()" Greg Kroah-Hartman
@ 2021-04-21 12:58 ` Greg Kroah-Hartman
  2021-04-21 17:54   ` Rafael J. Wysocki
  2021-04-21 12:59 ` [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()" Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 12:58 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, Qiushi Wu, 3 . 10+, Rafael J . Wysocki

This reverts commit 6e6c25283dff866308c87b49434c7dbad4774cc0.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Qiushi Wu <wu000273@umn.edu>
Cc: 3.10+ <stable@vger.kernel.org> # 3.10+
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/acpi/sysfs.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
index 8baf7644a0d0..842bf63b91e9 100644
--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
@@ -986,10 +986,8 @@ void acpi_sysfs_add_hotplug_profile(struct acpi_hotplug_profile *hotplug,
 
 	error = kobject_init_and_add(&hotplug->kobj,
 		&acpi_hotplug_profile_ktype, hotplug_kobj, "%s", name);
-	if (error) {
-		kobject_put(&hotplug->kobj);
+	if (error)
 		goto err_out;
-	}
 
 	kobject_uevent(&hotplug->kobj, KOBJ_ADD);
 	return;
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
  2021-04-21 12:58 ` [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()" Greg Kroah-Hartman
  2021-04-21 12:58 ` [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()" Greg Kroah-Hartman
@ 2021-04-21 12:59 ` Greg Kroah-Hartman
  2021-04-21 13:29   ` Steven Rostedt
  2021-04-21 12:59 ` [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference" Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 12:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Steven Rostedt

This reverts commit 91862cc7867bba4ee5c8fcf0ca2f1d30427b6129.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: http
Cc: stable@vger.kernel.org
Cc: Wenwen Wang <wang6495@umn.edu>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/trace/trace.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 5c777627212f..faed4f44d224 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -691,10 +691,8 @@ int trace_pid_write(struct trace_pid_list *filtered_pids,
 	 * not modified.
 	 */
 	pid_list = kmalloc(sizeof(*pid_list), GFP_KERNEL);
-	if (!pid_list) {
-		trace_parser_put(&parser);
+	if (!pid_list)
 		return -ENOMEM;
-	}
 
 	pid_list->pid_max = READ_ONCE(pid_max);
 
@@ -704,7 +702,6 @@ int trace_pid_write(struct trace_pid_list *filtered_pids,
 
 	pid_list->pids = vzalloc((pid_list->pid_max + 7) >> 3);
 	if (!pid_list->pids) {
-		trace_parser_put(&parser);
 		kfree(pid_list);
 		return -ENOMEM;
 	}
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
                   ` (2 preceding siblings ...)
  2021-04-21 12:59 ` [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()" Greg Kroah-Hartman
@ 2021-04-21 12:59 ` Greg Kroah-Hartman
  2021-04-22  5:03   ` Jiri Slaby
  2021-04-21 12:59 ` [PATCH 120/190] Revert "tty: atmel_serial: " Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 12:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, Kangjie Lu, stable

This reverts commit 6734330654dac550f12e932996b868c6d0dcb421.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Kangjie Lu <kjlu@umn.edu>
Cc: stable <stable@vger.kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/tty/serial/mxs-auart.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c
index f414d6acad69..edad6ebbdfd5 100644
--- a/drivers/tty/serial/mxs-auart.c
+++ b/drivers/tty/serial/mxs-auart.c
@@ -1644,10 +1644,6 @@ static int mxs_auart_probe(struct platform_device *pdev)
 
 	s->port.mapbase = r->start;
 	s->port.membase = ioremap(r->start, resource_size(r));
-	if (!s->port.membase) {
-		ret = -ENOMEM;
-		goto out_disable_clks;
-	}
 	s->port.ops = &mxs_auart_ops;
 	s->port.iotype = UPIO_MEM;
 	s->port.fifosize = MXS_AUART_FIFO_SIZE;
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 120/190] Revert "tty: atmel_serial: fix a potential NULL pointer dereference"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
                   ` (3 preceding siblings ...)
  2021-04-21 12:59 ` [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference" Greg Kroah-Hartman
@ 2021-04-21 12:59 ` Greg Kroah-Hartman
  2021-04-22  5:18   ` Jiri Slaby
  2021-04-21 12:59 ` [PATCH 121/190] Revert "serial: mvebu-uart: Fix to avoid " Greg Kroah-Hartman
                   ` (3 subsequent siblings)
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 12:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, Kangjie Lu, Richard Genoud, stable

This reverts commit c85be041065c0be8bc48eda4c45e0319caf1d0e5.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Kangjie Lu <kjlu@umn.edu>
Cc: Richard Genoud <richard.genoud@gmail.com>
Cc: stable <stable@vger.kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/tty/serial/atmel_serial.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
index a24e5c2b30bc..9786d8e5f04f 100644
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1256,10 +1256,6 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
 					 sg_dma_len(&atmel_port->sg_rx)/2,
 					 DMA_DEV_TO_MEM,
 					 DMA_PREP_INTERRUPT);
-	if (!desc) {
-		dev_err(port->dev, "Preparing DMA cyclic failed\n");
-		goto chan_err;
-	}
 	desc->callback = atmel_complete_rx_dma;
 	desc->callback_param = port;
 	atmel_port->desc_rx = desc;
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 121/190] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
                   ` (4 preceding siblings ...)
  2021-04-21 12:59 ` [PATCH 120/190] Revert "tty: atmel_serial: " Greg Kroah-Hartman
@ 2021-04-21 12:59 ` Greg Kroah-Hartman
  2021-04-22  5:25   ` Jiri Slaby
  2021-04-21 13:00 ` [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread" Greg Kroah-Hartman
                   ` (2 subsequent siblings)
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 12:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, Aditya Pakki, stable

This reverts commit 32f47179833b63de72427131169809065db6745e.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Aditya Pakki <pakki001@umn.edu>
Cc: stable <stable@vger.kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/tty/serial/mvebu-uart.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c
index e0c00a1b0763..51b0ecabf2ec 100644
--- a/drivers/tty/serial/mvebu-uart.c
+++ b/drivers/tty/serial/mvebu-uart.c
@@ -818,9 +818,6 @@ static int mvebu_uart_probe(struct platform_device *pdev)
 		return -EINVAL;
 	}
 
-	if (!match)
-		return -ENODEV;
-
 	/* Assume that all UART ports have a DT alias or none has */
 	id = of_alias_get_id(pdev->dev.of_node, "serial");
 	if (!pdev->dev.of_node || id < 0)
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
                   ` (5 preceding siblings ...)
  2021-04-21 12:59 ` [PATCH 121/190] Revert "serial: mvebu-uart: Fix to avoid " Greg Kroah-Hartman
@ 2021-04-21 13:00 ` Greg Kroah-Hartman
  2021-04-28  5:46   ` Greg Kroah-Hartman
  2021-04-21 13:00 ` [PATCH 181/190] Revert "dm ioctl: harden copy_params()'s copy_from_user() from malicious users" Greg Kroah-Hartman
  2021-04-21 13:01 ` [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue" Greg Kroah-Hartman
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 13:00 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Aditya Pakki, Song Liu

This reverts commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: stable@vger.kernel.org # v3.16+
Cc: Guoqing Jiang <gqjiang@suse.com>
Cc: Aditya Pakki <pakki001@umn.edu>
Cc: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/raid10.c | 2 --
 drivers/md/raid5.c  | 2 --
 2 files changed, 4 deletions(-)

diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index a9ae7d113492..4fec1cdd4207 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3896,8 +3896,6 @@ static int raid10_run(struct mddev *mddev)
 		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
 		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
 							"reshape");
-		if (!mddev->sync_thread)
-			goto out_free_conf;
 	}
 
 	return 0;
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 5d57a5bd171f..9b2bd50beee7 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -7677,8 +7677,6 @@ static int raid5_run(struct mddev *mddev)
 		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
 		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
 							"reshape");
-		if (!mddev->sync_thread)
-			goto abort;
 	}
 
 	/* Ok, everything is just fine now */
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 181/190] Revert "dm ioctl: harden copy_params()'s copy_from_user() from malicious users"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
                   ` (6 preceding siblings ...)
  2021-04-21 13:00 ` [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread" Greg Kroah-Hartman
@ 2021-04-21 13:00 ` Greg Kroah-Hartman
  2021-04-27 16:58   ` Greg Kroah-Hartman
  2021-04-21 13:01 ` [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue" Greg Kroah-Hartman
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 13:00 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Mike Snitzer

This reverts commit 800a7340ab7dd667edf95e74d8e4f23a17e87076.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: stable@vger.kernel.org
Cc: Wenwen Wang <wang6495@umn.edu>
Cc: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/dm-ioctl.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index 1ca65b434f1f..820342de92cd 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1747,7 +1747,8 @@ static void free_params(struct dm_ioctl *param, size_t param_size, int param_fla
 }
 
 static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
-		       int ioctl_flags, struct dm_ioctl **param, int *param_flags)
+		       int ioctl_flags,
+		       struct dm_ioctl **param, int *param_flags)
 {
 	struct dm_ioctl *dmi;
 	int secure_data;
@@ -1788,13 +1789,18 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern
 
 	*param_flags |= DM_PARAMS_MALLOC;
 
-	/* Copy from param_kernel (which was already copied from user) */
-	memcpy(dmi, param_kernel, minimum_data_size);
-
-	if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size,
-			   param_kernel->data_size - minimum_data_size))
+	if (copy_from_user(dmi, user, param_kernel->data_size))
 		goto bad;
+
 data_copied:
+	/*
+	 * Abort if something changed the ioctl data while it was being copied.
+	 */
+	if (dmi->data_size != param_kernel->data_size) {
+		DMERR("rejecting ioctl: data size modified while processing parameters");
+		goto bad;
+	}
+
 	/* Wipe the user buffer so we do not return it to userspace */
 	if (secure_data && clear_user(user, param_kernel->data_size))
 		goto bad;
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue"
       [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
                   ` (7 preceding siblings ...)
  2021-04-21 13:00 ` [PATCH 181/190] Revert "dm ioctl: harden copy_params()'s copy_from_user() from malicious users" Greg Kroah-Hartman
@ 2021-04-21 13:01 ` Greg Kroah-Hartman
  2021-04-21 16:30   ` Takashi Iwai
  8 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 13:01 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, Wenwen Wang, stable, Takashi Iwai

This reverts commit 3f12888dfae2a48741c4caa9214885b3aaf350f9.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Wenwen Wang <wang6495@umn.edu>
Cc: <stable@vger.kernel.org>
Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/core/control_compat.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sound/core/control_compat.c b/sound/core/control_compat.c
index 1d708aab9c98..857acf83ae47 100644
--- a/sound/core/control_compat.c
+++ b/sound/core/control_compat.c
@@ -381,7 +381,8 @@ static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
 	    copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
 		goto error;
-	if (get_user(data->owner, &data32->owner))
+	if (get_user(data->owner, &data32->owner) ||
+	    get_user(data->type, &data32->type))
 		goto error;
 	switch (data->type) {
 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 29+ messages in thread

* Re: [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()"
  2021-04-21 12:59 ` [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()" Greg Kroah-Hartman
@ 2021-04-21 13:29   ` Steven Rostedt
  2021-04-21 13:33     ` Steven Rostedt
  0 siblings, 1 reply; 29+ messages in thread
From: Steven Rostedt @ 2021-04-21 13:29 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Wenwen Wang

On Wed, 21 Apr 2021 14:59:16 +0200
Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:

> This reverts commit 91862cc7867bba4ee5c8fcf0ca2f1d30427b6129.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 

I have reviewed this change, and this is a valid fix and does not need to
be reverted.

The code before the change is:

	if (trace_parser_get_init(&parser, PID_BUF_SIZE + 1))
		return -ENOMEM;

Where that does:

int trace_parser_get_init(struct trace_parser *parser, int size)
{
	memset(parser, 0, sizeof(*parser));

	parser->buffer = kmalloc(size, GFP_KERNEL);
	if (!parser->buffer)
		return 1;

	parser->size = size;
	return 0;
}

And the trace_parser_put() does:

void trace_parser_put(struct trace_parser *parser)
{
	kfree(parser->buffer);
	parser->buffer = NULL;
}

Hence, exiting the function without calling trace_parser_put() will indeed
leak memory.

Please do not revert this patch.

Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

-- Steve


> Cc: http
> Cc: stable@vger.kernel.org
> Cc: Wenwen Wang <wang6495@umn.edu>
> Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  kernel/trace/trace.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 5c777627212f..faed4f44d224 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -691,10 +691,8 @@ int trace_pid_write(struct trace_pid_list *filtered_pids,
>  	 * not modified.
>  	 */
>  	pid_list = kmalloc(sizeof(*pid_list), GFP_KERNEL);
> -	if (!pid_list) {
> -		trace_parser_put(&parser);
> +	if (!pid_list)
>  		return -ENOMEM;
> -	}
>  
>  	pid_list->pid_max = READ_ONCE(pid_max);
>  
> @@ -704,7 +702,6 @@ int trace_pid_write(struct trace_pid_list *filtered_pids,
>  
>  	pid_list->pids = vzalloc((pid_list->pid_max + 7) >> 3);
>  	if (!pid_list->pids) {
> -		trace_parser_put(&parser);
>  		kfree(pid_list);
>  		return -ENOMEM;
>  	}


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()"
  2021-04-21 13:29   ` Steven Rostedt
@ 2021-04-21 13:33     ` Steven Rostedt
  2021-04-21 13:51       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Steven Rostedt @ 2021-04-21 13:33 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Wenwen Wang

On Wed, 21 Apr 2021 09:29:19 -0400
Steven Rostedt <rostedt@goodmis.org> wrote:

> Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

Just to clear up any confusion about my tag above. It was a second review
of the original patch, not for the revert.

-- Steve

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()"
  2021-04-21 13:33     ` Steven Rostedt
@ 2021-04-21 13:51       ` Greg Kroah-Hartman
  2021-04-27 12:00         ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-21 13:51 UTC (permalink / raw)
  To: Steven Rostedt; +Cc: linux-kernel, stable, Wenwen Wang

On Wed, Apr 21, 2021 at 09:33:43AM -0400, Steven Rostedt wrote:
> On Wed, 21 Apr 2021 09:29:19 -0400
> Steven Rostedt <rostedt@goodmis.org> wrote:
> 
> > Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> 
> Just to clear up any confusion about my tag above. It was a second review
> of the original patch, not for the revert.

Fair enough, I'll handle it, thanks!

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue"
  2021-04-21 13:01 ` [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue" Greg Kroah-Hartman
@ 2021-04-21 16:30   ` Takashi Iwai
  2021-04-27 13:57     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Takashi Iwai @ 2021-04-21 16:30 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, Wenwen Wang, stable

On Wed, 21 Apr 2021 15:01:02 +0200,
Greg Kroah-Hartman wrote:
> 
> This reverts commit 3f12888dfae2a48741c4caa9214885b3aaf350f9.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Wenwen Wang <wang6495@umn.edu>
> Cc: <stable@vger.kernel.org>
> Cc: Takashi Iwai <tiwai@suse.de>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This one is, unlike other patches I've been involved with, about the
ALSA core code, and this change is likely worth to keep.

The code change is correct, and even though it's really a minor issue,
an optimization is right.


thanks,

Takashi


> ---
>  sound/core/control_compat.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/sound/core/control_compat.c b/sound/core/control_compat.c
> index 1d708aab9c98..857acf83ae47 100644
> --- a/sound/core/control_compat.c
> +++ b/sound/core/control_compat.c
> @@ -381,7 +381,8 @@ static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
>  	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
>  	    copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
>  		goto error;
> -	if (get_user(data->owner, &data32->owner))
> +	if (get_user(data->owner, &data32->owner) ||
> +	    get_user(data->type, &data32->type))
>  		goto error;
>  	switch (data->type) {
>  	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
> -- 
> 2.31.1
> 

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()"
  2021-04-21 12:58 ` [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()" Greg Kroah-Hartman
@ 2021-04-21 17:54   ` Rafael J. Wysocki
  2021-04-27 14:50   ` Greg Kroah-Hartman
  1 sibling, 0 replies; 29+ messages in thread
From: Rafael J. Wysocki @ 2021-04-21 17:54 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: Qiushi Wu, 4 . 10+

On 4/21/2021 2:58 PM, Greg Kroah-Hartman wrote:
> This reverts commit 4d8be4bc94f74bb7d096e1c2e44457b530d5a170.
>
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
>
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
>
> Cc: Qiushi Wu <wu000273@umn.edu>
> Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
> Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>


> ---
>   drivers/acpi/cppc_acpi.c | 1 -
>   1 file changed, 1 deletion(-)
>
> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
> index 69057fcd2c04..42650b34e45e 100644
> --- a/drivers/acpi/cppc_acpi.c
> +++ b/drivers/acpi/cppc_acpi.c
> @@ -830,7 +830,6 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
>   			"acpi_cppc");
>   	if (ret) {
>   		per_cpu(cpc_desc_ptr, pr->id) = NULL;
> -		kobject_put(&cpc_ptr->kobj);
>   		goto out_free;
>   	}
>   



^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()"
  2021-04-21 12:58 ` [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()" Greg Kroah-Hartman
@ 2021-04-21 17:54   ` Rafael J. Wysocki
  2021-04-27 14:50     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Rafael J. Wysocki @ 2021-04-21 17:54 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: Qiushi Wu, 3 . 10+

On 4/21/2021 2:58 PM, Greg Kroah-Hartman wrote:
> This reverts commit 6e6c25283dff866308c87b49434c7dbad4774cc0.
>
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
>
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
>
> Cc: Qiushi Wu <wu000273@umn.edu>
> Cc: 3.10+ <stable@vger.kernel.org> # 3.10+
> Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>


> ---
>   drivers/acpi/sysfs.c | 4 +---
>   1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
> index 8baf7644a0d0..842bf63b91e9 100644
> --- a/drivers/acpi/sysfs.c
> +++ b/drivers/acpi/sysfs.c
> @@ -986,10 +986,8 @@ void acpi_sysfs_add_hotplug_profile(struct acpi_hotplug_profile *hotplug,
>   
>   	error = kobject_init_and_add(&hotplug->kobj,
>   		&acpi_hotplug_profile_ktype, hotplug_kobj, "%s", name);
> -	if (error) {
> -		kobject_put(&hotplug->kobj);
> +	if (error)
>   		goto err_out;
> -	}
>   
>   	kobject_uevent(&hotplug->kobj, KOBJ_ADD);
>   	return;



^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference"
  2021-04-21 12:59 ` [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference" Greg Kroah-Hartman
@ 2021-04-22  5:03   ` Jiri Slaby
  2021-04-26 17:03     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Jiri Slaby @ 2021-04-22  5:03 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: Kangjie Lu, stable

On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
> This reverts commit 6734330654dac550f12e932996b868c6d0dcb421.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Kangjie Lu <kjlu@umn.edu>
> Cc: stable <stable@vger.kernel.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>   drivers/tty/serial/mxs-auart.c | 4 ----
>   1 file changed, 4 deletions(-)
> 
> diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c
> index f414d6acad69..edad6ebbdfd5 100644
> --- a/drivers/tty/serial/mxs-auart.c
> +++ b/drivers/tty/serial/mxs-auart.c
> @@ -1644,10 +1644,6 @@ static int mxs_auart_probe(struct platform_device *pdev)
>   
>   	s->port.mapbase = r->start;
>   	s->port.membase = ioremap(r->start, resource_size(r));
> -	if (!s->port.membase) {
> -		ret = -ENOMEM;
> -		goto out_disable_clks;
> -	}

I don't think this needs to be reverted -- the original fix is correct.

>   	s->port.ops = &mxs_auart_ops;
>   	s->port.iotype = UPIO_MEM;
>   	s->port.fifosize = MXS_AUART_FIFO_SIZE;
> 


-- 
js
suse labs

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 120/190] Revert "tty: atmel_serial: fix a potential NULL pointer dereference"
  2021-04-21 12:59 ` [PATCH 120/190] Revert "tty: atmel_serial: " Greg Kroah-Hartman
@ 2021-04-22  5:18   ` Jiri Slaby
  2021-04-22  6:47     ` Richard Genoud
  0 siblings, 1 reply; 29+ messages in thread
From: Jiri Slaby @ 2021-04-22  5:18 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: Kangjie Lu, Richard Genoud, stable

On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
> This reverts commit c85be041065c0be8bc48eda4c45e0319caf1d0e5.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Kangjie Lu <kjlu@umn.edu>
> Cc: Richard Genoud <richard.genoud@gmail.com>
> Cc: stable <stable@vger.kernel.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>   drivers/tty/serial/atmel_serial.c | 4 ----
>   1 file changed, 4 deletions(-)
> 
> diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
> index a24e5c2b30bc..9786d8e5f04f 100644
> --- a/drivers/tty/serial/atmel_serial.c
> +++ b/drivers/tty/serial/atmel_serial.c
> @@ -1256,10 +1256,6 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
>   					 sg_dma_len(&atmel_port->sg_rx)/2,
>   					 DMA_DEV_TO_MEM,
>   					 DMA_PREP_INTERRUPT);
> -	if (!desc) {
> -		dev_err(port->dev, "Preparing DMA cyclic failed\n");
> -		goto chan_err;
> -	}

I cannot find anything malicious in the original fix:
* port->dev is valid for dev_err
* dmaengine_prep_dma_cyclic returns NULL in case of error
* chan_err invokes atmel_release_rx_dma which undoes the previous 
initialization code.

Hence a NACK from me for the revert.

>   	desc->callback = atmel_complete_rx_dma;
>   	desc->callback_param = port;
>   	atmel_port->desc_rx = desc;
> 


-- 
js
suse labs

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 121/190] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference"
  2021-04-21 12:59 ` [PATCH 121/190] Revert "serial: mvebu-uart: Fix to avoid " Greg Kroah-Hartman
@ 2021-04-22  5:25   ` Jiri Slaby
  0 siblings, 0 replies; 29+ messages in thread
From: Jiri Slaby @ 2021-04-22  5:25 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel; +Cc: Aditya Pakki, stable

On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
> This reverts commit 32f47179833b63de72427131169809065db6745e.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Aditya Pakki <pakki001@umn.edu>
> Cc: stable <stable@vger.kernel.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>   drivers/tty/serial/mvebu-uart.c | 3 ---
>   1 file changed, 3 deletions(-)
> 
> diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c
> index e0c00a1b0763..51b0ecabf2ec 100644
> --- a/drivers/tty/serial/mvebu-uart.c
> +++ b/drivers/tty/serial/mvebu-uart.c
> @@ -818,9 +818,6 @@ static int mvebu_uart_probe(struct platform_device *pdev)
>   		return -EINVAL;
>   	}
>   
> -	if (!match)
> -		return -ENODEV;

The original fix doesn't hurt, but is useless. ->probe is called when 
of_match_device matched.

So the revert is OK.

>   	/* Assume that all UART ports have a DT alias or none has */
>   	id = of_alias_get_id(pdev->dev.of_node, "serial");
>   	if (!pdev->dev.of_node || id < 0)
> 


-- 
js
suse labs

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 120/190] Revert "tty: atmel_serial: fix a potential NULL pointer dereference"
  2021-04-22  5:18   ` Jiri Slaby
@ 2021-04-22  6:47     ` Richard Genoud
  2021-04-26 17:04       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Richard Genoud @ 2021-04-22  6:47 UTC (permalink / raw)
  To: Jiri Slaby, Greg Kroah-Hartman, linux-kernel
  Cc: Kangjie Lu, Richard Genoud, stable



Le 22/04/2021 à 07:18, Jiri Slaby a écrit :
> On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
>> This reverts commit c85be041065c0be8bc48eda4c45e0319caf1d0e5.
>>
>> Commits from @umn.edu addresses have been found to be submitted in "bad
>> faith" to try to test the kernel community's ability to review "known
>> malicious" changes.  The result of these submissions can be found in a
>> paper published at the 42nd IEEE Symposium on Security and Privacy
>> entitled, "Open Source Insecurity: Stealthily Introducing
>> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
>> of Minnesota) and Kangjie Lu (University of Minnesota).
>>
>> Because of this, all submissions from this group must be reverted from
>> the kernel tree and will need to be re-reviewed again to determine if
>> they actually are a valid fix.  Until that work is complete, remove this
>> change to ensure that no problems are being introduced into the
>> codebase.
>>
>> Cc: Kangjie Lu <kjlu@umn.edu>
>> Cc: Richard Genoud <richard.genoud@gmail.com>
>> Cc: stable <stable@vger.kernel.org>
>> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> ---
>>   drivers/tty/serial/atmel_serial.c | 4 ----
>>   1 file changed, 4 deletions(-)
>>
>> diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
>> index a24e5c2b30bc..9786d8e5f04f 100644
>> --- a/drivers/tty/serial/atmel_serial.c
>> +++ b/drivers/tty/serial/atmel_serial.c
>> @@ -1256,10 +1256,6 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
>>                        sg_dma_len(&atmel_port->sg_rx)/2,
>>                        DMA_DEV_TO_MEM,
>>                        DMA_PREP_INTERRUPT);
>> -    if (!desc) {
>> -        dev_err(port->dev, "Preparing DMA cyclic failed\n");
>> -        goto chan_err;
>> -    }
> 
> I cannot find anything malicious in the original fix:
> * port->dev is valid for dev_err
> * dmaengine_prep_dma_cyclic returns NULL in case of error
> * chan_err invokes atmel_release_rx_dma which undoes the previous initialization code.
> 
> Hence a NACK from me for the revert.

I agree with your NACK.
Back at the time (march 2019), I reviewed the changed and asked for a 2nd version and
I didn't found anything suspicious.
But the more eyes, the better.

cf http://lkml.iu.edu/hypermail/linux/kernel/1903.1/05858.html

> 
>>       desc->callback = atmel_complete_rx_dma;
>>       desc->callback_param = port;
>>       atmel_port->desc_rx = desc;
>>
> 
> 

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference"
  2021-04-22  5:03   ` Jiri Slaby
@ 2021-04-26 17:03     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-26 17:03 UTC (permalink / raw)
  To: Jiri Slaby; +Cc: linux-kernel, Kangjie Lu, stable

On Thu, Apr 22, 2021 at 07:03:55AM +0200, Jiri Slaby wrote:
> On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
> > This reverts commit 6734330654dac550f12e932996b868c6d0dcb421.
> > 
> > Commits from @umn.edu addresses have been found to be submitted in "bad
> > faith" to try to test the kernel community's ability to review "known
> > malicious" changes.  The result of these submissions can be found in a
> > paper published at the 42nd IEEE Symposium on Security and Privacy
> > entitled, "Open Source Insecurity: Stealthily Introducing
> > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > of Minnesota) and Kangjie Lu (University of Minnesota).
> > 
> > Because of this, all submissions from this group must be reverted from
> > the kernel tree and will need to be re-reviewed again to determine if
> > they actually are a valid fix.  Until that work is complete, remove this
> > change to ensure that no problems are being introduced into the
> > codebase.
> > 
> > Cc: Kangjie Lu <kjlu@umn.edu>
> > Cc: stable <stable@vger.kernel.org>
> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >   drivers/tty/serial/mxs-auart.c | 4 ----
> >   1 file changed, 4 deletions(-)
> > 
> > diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c
> > index f414d6acad69..edad6ebbdfd5 100644
> > --- a/drivers/tty/serial/mxs-auart.c
> > +++ b/drivers/tty/serial/mxs-auart.c
> > @@ -1644,10 +1644,6 @@ static int mxs_auart_probe(struct platform_device *pdev)
> >   	s->port.mapbase = r->start;
> >   	s->port.membase = ioremap(r->start, resource_size(r));
> > -	if (!s->port.membase) {
> > -		ret = -ENOMEM;
> > -		goto out_disable_clks;
> > -	}
> 
> I don't think this needs to be reverted -- the original fix is correct.
> 

Now dropped, thanks for the review!

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 120/190] Revert "tty: atmel_serial: fix a potential NULL pointer dereference"
  2021-04-22  6:47     ` Richard Genoud
@ 2021-04-26 17:04       ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-26 17:04 UTC (permalink / raw)
  To: Richard Genoud; +Cc: Jiri Slaby, linux-kernel, Kangjie Lu, stable

On Thu, Apr 22, 2021 at 06:47:20AM +0000, Richard Genoud wrote:
> 
> 
> Le 22/04/2021 à 07:18, Jiri Slaby a écrit :
> > On 21. 04. 21, 14:59, Greg Kroah-Hartman wrote:
> > > This reverts commit c85be041065c0be8bc48eda4c45e0319caf1d0e5.
> > > 
> > > Commits from @umn.edu addresses have been found to be submitted in "bad
> > > faith" to try to test the kernel community's ability to review "known
> > > malicious" changes.  The result of these submissions can be found in a
> > > paper published at the 42nd IEEE Symposium on Security and Privacy
> > > entitled, "Open Source Insecurity: Stealthily Introducing
> > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > > of Minnesota) and Kangjie Lu (University of Minnesota).
> > > 
> > > Because of this, all submissions from this group must be reverted from
> > > the kernel tree and will need to be re-reviewed again to determine if
> > > they actually are a valid fix.  Until that work is complete, remove this
> > > change to ensure that no problems are being introduced into the
> > > codebase.
> > > 
> > > Cc: Kangjie Lu <kjlu@umn.edu>
> > > Cc: Richard Genoud <richard.genoud@gmail.com>
> > > Cc: stable <stable@vger.kernel.org>
> > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > ---
> > >   drivers/tty/serial/atmel_serial.c | 4 ----
> > >   1 file changed, 4 deletions(-)
> > > 
> > > diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
> > > index a24e5c2b30bc..9786d8e5f04f 100644
> > > --- a/drivers/tty/serial/atmel_serial.c
> > > +++ b/drivers/tty/serial/atmel_serial.c
> > > @@ -1256,10 +1256,6 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
> > >                        sg_dma_len(&atmel_port->sg_rx)/2,
> > >                        DMA_DEV_TO_MEM,
> > >                        DMA_PREP_INTERRUPT);
> > > -    if (!desc) {
> > > -        dev_err(port->dev, "Preparing DMA cyclic failed\n");
> > > -        goto chan_err;
> > > -    }
> > 
> > I cannot find anything malicious in the original fix:
> > * port->dev is valid for dev_err
> > * dmaengine_prep_dma_cyclic returns NULL in case of error
> > * chan_err invokes atmel_release_rx_dma which undoes the previous initialization code.
> > 
> > Hence a NACK from me for the revert.
> 
> I agree with your NACK.
> Back at the time (march 2019), I reviewed the changed and asked for a 2nd version and
> I didn't found anything suspicious.
> But the more eyes, the better.
> 
> cf http://lkml.iu.edu/hypermail/linux/kernel/1903.1/05858.html

Thanks for the review, now dropped.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()"
  2021-04-21 13:51       ` Greg Kroah-Hartman
@ 2021-04-27 12:00         ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-27 12:00 UTC (permalink / raw)
  To: Steven Rostedt; +Cc: linux-kernel, stable, Wenwen Wang

On Wed, Apr 21, 2021 at 03:51:59PM +0200, Greg Kroah-Hartman wrote:
> On Wed, Apr 21, 2021 at 09:33:43AM -0400, Steven Rostedt wrote:
> > On Wed, 21 Apr 2021 09:29:19 -0400
> > Steven Rostedt <rostedt@goodmis.org> wrote:
> > 
> > > Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> > 
> > Just to clear up any confusion about my tag above. It was a second review
> > of the original patch, not for the revert.
> 
> Fair enough, I'll handle it, thanks!

Revert is now dropped from my tree, thanks for the review.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue"
  2021-04-21 16:30   ` Takashi Iwai
@ 2021-04-27 13:57     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-27 13:57 UTC (permalink / raw)
  To: Takashi Iwai; +Cc: linux-kernel, Wenwen Wang, stable

On Wed, Apr 21, 2021 at 06:30:07PM +0200, Takashi Iwai wrote:
> On Wed, 21 Apr 2021 15:01:02 +0200,
> Greg Kroah-Hartman wrote:
> > 
> > This reverts commit 3f12888dfae2a48741c4caa9214885b3aaf350f9.
> > 
> > Commits from @umn.edu addresses have been found to be submitted in "bad
> > faith" to try to test the kernel community's ability to review "known
> > malicious" changes.  The result of these submissions can be found in a
> > paper published at the 42nd IEEE Symposium on Security and Privacy
> > entitled, "Open Source Insecurity: Stealthily Introducing
> > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > of Minnesota) and Kangjie Lu (University of Minnesota).
> > 
> > Because of this, all submissions from this group must be reverted from
> > the kernel tree and will need to be re-reviewed again to determine if
> > they actually are a valid fix.  Until that work is complete, remove this
> > change to ensure that no problems are being introduced into the
> > codebase.
> > 
> > Cc: Wenwen Wang <wang6495@umn.edu>
> > Cc: <stable@vger.kernel.org>
> > Cc: Takashi Iwai <tiwai@suse.de>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> This one is, unlike other patches I've been involved with, about the
> ALSA core code, and this change is likely worth to keep.
> 
> The code change is correct, and even though it's really a minor issue,
> an optimization is right.

Thanks for the review, now dropped.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()"
  2021-04-21 12:58 ` [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()" Greg Kroah-Hartman
  2021-04-21 17:54   ` Rafael J. Wysocki
@ 2021-04-27 14:50   ` Greg Kroah-Hartman
  1 sibling, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-27 14:50 UTC (permalink / raw)
  To: linux-kernel; +Cc: Qiushi Wu, 4 . 10+, Rafael J . Wysocki

On Wed, Apr 21, 2021 at 02:58:35PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit 4d8be4bc94f74bb7d096e1c2e44457b530d5a170.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: Qiushi Wu <wu000273@umn.edu>
> Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
> Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/acpi/cppc_acpi.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
> index 69057fcd2c04..42650b34e45e 100644
> --- a/drivers/acpi/cppc_acpi.c
> +++ b/drivers/acpi/cppc_acpi.c
> @@ -830,7 +830,6 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
>  			"acpi_cppc");
>  	if (ret) {
>  		per_cpu(cpc_desc_ptr, pr->id) = NULL;
> -		kobject_put(&cpc_ptr->kobj);
>  		goto out_free;
>  	}
>  
> -- 
> 2.31.1
>

The original change here looks correct, so I will drop this revert from
my tree.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()"
  2021-04-21 17:54   ` Rafael J. Wysocki
@ 2021-04-27 14:50     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-27 14:50 UTC (permalink / raw)
  To: Rafael J. Wysocki; +Cc: linux-kernel, Qiushi Wu, 3 . 10+

On Wed, Apr 21, 2021 at 07:54:23PM +0200, Rafael J. Wysocki wrote:
> On 4/21/2021 2:58 PM, Greg Kroah-Hartman wrote:
> > This reverts commit 6e6c25283dff866308c87b49434c7dbad4774cc0.
> > 
> > Commits from @umn.edu addresses have been found to be submitted in "bad
> > faith" to try to test the kernel community's ability to review "known
> > malicious" changes.  The result of these submissions can be found in a
> > paper published at the 42nd IEEE Symposium on Security and Privacy
> > entitled, "Open Source Insecurity: Stealthily Introducing
> > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > of Minnesota) and Kangjie Lu (University of Minnesota).
> > 
> > Because of this, all submissions from this group must be reverted from
> > the kernel tree and will need to be re-reviewed again to determine if
> > they actually are a valid fix.  Until that work is complete, remove this
> > change to ensure that no problems are being introduced into the
> > codebase.
> > 
> > Cc: Qiushi Wu <wu000273@umn.edu>
> > Cc: 3.10+ <stable@vger.kernel.org> # 3.10+
> > Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

Thanks for the review (and on the other acpi patch), but this commit
looks like it was correct, so I am going to drop the revert from my
tree.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 181/190] Revert "dm ioctl: harden copy_params()'s copy_from_user() from malicious users"
  2021-04-21 13:00 ` [PATCH 181/190] Revert "dm ioctl: harden copy_params()'s copy_from_user() from malicious users" Greg Kroah-Hartman
@ 2021-04-27 16:58   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-27 16:58 UTC (permalink / raw)
  To: linux-kernel; +Cc: stable, Wenwen Wang, Mike Snitzer

On Wed, Apr 21, 2021 at 03:00:56PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit 800a7340ab7dd667edf95e74d8e4f23a17e87076.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: stable@vger.kernel.org
> Cc: Wenwen Wang <wang6495@umn.edu>
> Cc: Mike Snitzer <snitzer@redhat.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/md/dm-ioctl.c | 18 ++++++++++++------
>  1 file changed, 12 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
> index 1ca65b434f1f..820342de92cd 100644
> --- a/drivers/md/dm-ioctl.c
> +++ b/drivers/md/dm-ioctl.c
> @@ -1747,7 +1747,8 @@ static void free_params(struct dm_ioctl *param, size_t param_size, int param_fla
>  }
>  
>  static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
> -		       int ioctl_flags, struct dm_ioctl **param, int *param_flags)
> +		       int ioctl_flags,
> +		       struct dm_ioctl **param, int *param_flags)
>  {
>  	struct dm_ioctl *dmi;
>  	int secure_data;
> @@ -1788,13 +1789,18 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern
>  
>  	*param_flags |= DM_PARAMS_MALLOC;
>  
> -	/* Copy from param_kernel (which was already copied from user) */
> -	memcpy(dmi, param_kernel, minimum_data_size);
> -
> -	if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size,
> -			   param_kernel->data_size - minimum_data_size))
> +	if (copy_from_user(dmi, user, param_kernel->data_size))
>  		goto bad;
> +
>  data_copied:
> +	/*
> +	 * Abort if something changed the ioctl data while it was being copied.
> +	 */
> +	if (dmi->data_size != param_kernel->data_size) {
> +		DMERR("rejecting ioctl: data size modified while processing parameters");
> +		goto bad;
> +	}
> +
>  	/* Wipe the user buffer so we do not return it to userspace */
>  	if (secure_data && clear_user(user, param_kernel->data_size))
>  		goto bad;
> -- 
> 2.31.1
> 

Original looks correct, dropping this commit now.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread"
  2021-04-21 13:00 ` [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread" Greg Kroah-Hartman
@ 2021-04-28  5:46   ` Greg Kroah-Hartman
  2021-04-30  6:10     ` Song Liu
  0 siblings, 1 reply; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-28  5:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: stable, Guoqing Jiang, Aditya Pakki, Song Liu

On Wed, Apr 21, 2021 at 03:00:09PM +0200, Greg Kroah-Hartman wrote:
> This reverts commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec.
> 
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes.  The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
> 
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix.  Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
> 
> Cc: stable@vger.kernel.org # v3.16+
> Cc: Guoqing Jiang <gqjiang@suse.com>
> Cc: Aditya Pakki <pakki001@umn.edu>
> Cc: Song Liu <songliubraving@fb.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/md/raid10.c | 2 --
>  drivers/md/raid5.c  | 2 --
>  2 files changed, 4 deletions(-)
> 
> diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
> index a9ae7d113492..4fec1cdd4207 100644
> --- a/drivers/md/raid10.c
> +++ b/drivers/md/raid10.c
> @@ -3896,8 +3896,6 @@ static int raid10_run(struct mddev *mddev)
>  		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
>  		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
>  							"reshape");
> -		if (!mddev->sync_thread)
> -			goto out_free_conf;
>  	}
>  
>  	return 0;
> diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
> index 5d57a5bd171f..9b2bd50beee7 100644
> --- a/drivers/md/raid5.c
> +++ b/drivers/md/raid5.c
> @@ -7677,8 +7677,6 @@ static int raid5_run(struct mddev *mddev)
>  		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
>  		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
>  							"reshape");
> -		if (!mddev->sync_thread)
> -			goto abort;
>  	}
>  
>  	/* Ok, everything is just fine now */
> -- 
> 2.31.1
> 

These changes look ok, but the error handling logic seems to be freeing
the incorrect thread, not the one that these functions create.  That's
independant of this change, but seems odd.  If someone cares about it,
it should probably be looked at, or if correct, a comment would be nice
as it's really confusing.

Dropping this revert.

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread"
  2021-04-28  5:46   ` Greg Kroah-Hartman
@ 2021-04-30  6:10     ` Song Liu
  2021-04-30  6:34       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 29+ messages in thread
From: Song Liu @ 2021-04-30  6:10 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Guoqing Jiang, Aditya Pakki



> On Apr 27, 2021, at 10:46 PM, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> 
> On Wed, Apr 21, 2021 at 03:00:09PM +0200, Greg Kroah-Hartman wrote:
>> This reverts commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec.
>> 
>> Commits from @umn.edu addresses have been found to be submitted in "bad
>> faith" to try to test the kernel community's ability to review "known
>> malicious" changes.  The result of these submissions can be found in a
>> paper published at the 42nd IEEE Symposium on Security and Privacy
>> entitled, "Open Source Insecurity: Stealthily Introducing
>> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
>> of Minnesota) and Kangjie Lu (University of Minnesota).
>> 
>> Because of this, all submissions from this group must be reverted from
>> the kernel tree and will need to be re-reviewed again to determine if
>> they actually are a valid fix.  Until that work is complete, remove this
>> change to ensure that no problems are being introduced into the
>> codebase.
>> 
>> Cc: stable@vger.kernel.org # v3.16+
>> Cc: Guoqing Jiang <gqjiang@suse.com>
>> Cc: Aditya Pakki <pakki001@umn.edu>
>> Cc: Song Liu <songliubraving@fb.com>
>> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> ---
>> drivers/md/raid10.c | 2 --
>> drivers/md/raid5.c  | 2 --
>> 2 files changed, 4 deletions(-)
>> 
>> diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
>> index a9ae7d113492..4fec1cdd4207 100644
>> --- a/drivers/md/raid10.c
>> +++ b/drivers/md/raid10.c
>> @@ -3896,8 +3896,6 @@ static int raid10_run(struct mddev *mddev)
>> 		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
>> 		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
>> 							"reshape");
>> -		if (!mddev->sync_thread)
>> -			goto out_free_conf;
>> 	}
>> 
>> 	return 0;
>> diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
>> index 5d57a5bd171f..9b2bd50beee7 100644
>> --- a/drivers/md/raid5.c
>> +++ b/drivers/md/raid5.c
>> @@ -7677,8 +7677,6 @@ static int raid5_run(struct mddev *mddev)
>> 		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
>> 		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
>> 							"reshape");
>> -		if (!mddev->sync_thread)
>> -			goto abort;
>> 	}
>> 
>> 	/* Ok, everything is just fine now */
>> -- 
>> 2.31.1
>> 
> 
> These changes look ok, but the error handling logic seems to be freeing
> the incorrect thread, not the one that these functions create.  That's
> independant of this change, but seems odd.  If someone cares about it,
> it should probably be looked at, or if correct, a comment would be nice
> as it's really confusing.

I don't think this is confusing. raid[5|10]_run() creates two threads:
first mddev->thread, then mddev->sync_thread. If we fail to create the
second thread (sync_thread), we free the first thread (mddev->thread) in 
the error handling logic. 

Thanks,
Song


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread"
  2021-04-30  6:10     ` Song Liu
@ 2021-04-30  6:34       ` Greg Kroah-Hartman
  0 siblings, 0 replies; 29+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-30  6:34 UTC (permalink / raw)
  To: Song Liu; +Cc: linux-kernel, stable, Guoqing Jiang, Aditya Pakki

On Fri, Apr 30, 2021 at 06:10:24AM +0000, Song Liu wrote:
> 
> 
> > On Apr 27, 2021, at 10:46 PM, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> > 
> > On Wed, Apr 21, 2021 at 03:00:09PM +0200, Greg Kroah-Hartman wrote:
> >> This reverts commit e406f12dde1a8375d77ea02d91f313fb1a9c6aec.
> >> 
> >> Commits from @umn.edu addresses have been found to be submitted in "bad
> >> faith" to try to test the kernel community's ability to review "known
> >> malicious" changes.  The result of these submissions can be found in a
> >> paper published at the 42nd IEEE Symposium on Security and Privacy
> >> entitled, "Open Source Insecurity: Stealthily Introducing
> >> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> >> of Minnesota) and Kangjie Lu (University of Minnesota).
> >> 
> >> Because of this, all submissions from this group must be reverted from
> >> the kernel tree and will need to be re-reviewed again to determine if
> >> they actually are a valid fix.  Until that work is complete, remove this
> >> change to ensure that no problems are being introduced into the
> >> codebase.
> >> 
> >> Cc: stable@vger.kernel.org # v3.16+
> >> Cc: Guoqing Jiang <gqjiang@suse.com>
> >> Cc: Aditya Pakki <pakki001@umn.edu>
> >> Cc: Song Liu <songliubraving@fb.com>
> >> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >> ---
> >> drivers/md/raid10.c | 2 --
> >> drivers/md/raid5.c  | 2 --
> >> 2 files changed, 4 deletions(-)
> >> 
> >> diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
> >> index a9ae7d113492..4fec1cdd4207 100644
> >> --- a/drivers/md/raid10.c
> >> +++ b/drivers/md/raid10.c
> >> @@ -3896,8 +3896,6 @@ static int raid10_run(struct mddev *mddev)
> >> 		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
> >> 		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
> >> 							"reshape");
> >> -		if (!mddev->sync_thread)
> >> -			goto out_free_conf;
> >> 	}
> >> 
> >> 	return 0;
> >> diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
> >> index 5d57a5bd171f..9b2bd50beee7 100644
> >> --- a/drivers/md/raid5.c
> >> +++ b/drivers/md/raid5.c
> >> @@ -7677,8 +7677,6 @@ static int raid5_run(struct mddev *mddev)
> >> 		set_bit(MD_RECOVERY_RUNNING, &mddev->recovery);
> >> 		mddev->sync_thread = md_register_thread(md_do_sync, mddev,
> >> 							"reshape");
> >> -		if (!mddev->sync_thread)
> >> -			goto abort;
> >> 	}
> >> 
> >> 	/* Ok, everything is just fine now */
> >> -- 
> >> 2.31.1
> >> 
> > 
> > These changes look ok, but the error handling logic seems to be freeing
> > the incorrect thread, not the one that these functions create.  That's
> > independant of this change, but seems odd.  If someone cares about it,
> > it should probably be looked at, or if correct, a comment would be nice
> > as it's really confusing.
> 
> I don't think this is confusing. raid[5|10]_run() creates two threads:
> first mddev->thread, then mddev->sync_thread. If we fail to create the
> second thread (sync_thread), we free the first thread (mddev->thread) in 
> the error handling logic. 

Look a bit lower, in "abort:" you do clean up "->thread", but never
"->sync_thread"  You can get to "abort:" after sync_thread is properly
registered.

That is what I was trying to say above, as it's not obvious because
"->thread" was created in a different function, setup_conf(), to see it
be freed here in the error path of raid[5|10]_run() wasn't all that
clear to me.

Anyway, these are code paths that are obviously never hit, so it's
probably not a big deal.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 29+ messages in thread

end of thread, other threads:[~2021-04-30  6:34 UTC | newest]

Thread overview: 29+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20210421130105.1226686-1-gregkh@linuxfoundation.org>
2021-04-21 12:58 ` [PATCH 040/190] Revert "ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()" Greg Kroah-Hartman
2021-04-21 17:54   ` Rafael J. Wysocki
2021-04-27 14:50   ` Greg Kroah-Hartman
2021-04-21 12:58 ` [PATCH 041/190] Revert "ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()" Greg Kroah-Hartman
2021-04-21 17:54   ` Rafael J. Wysocki
2021-04-27 14:50     ` Greg Kroah-Hartman
2021-04-21 12:59 ` [PATCH 081/190] Revert "tracing: Fix a memory leak by early error exit in trace_pid_write()" Greg Kroah-Hartman
2021-04-21 13:29   ` Steven Rostedt
2021-04-21 13:33     ` Steven Rostedt
2021-04-21 13:51       ` Greg Kroah-Hartman
2021-04-27 12:00         ` Greg Kroah-Hartman
2021-04-21 12:59 ` [PATCH 119/190] Revert "tty: mxs-auart: fix a potential NULL pointer dereference" Greg Kroah-Hartman
2021-04-22  5:03   ` Jiri Slaby
2021-04-26 17:03     ` Greg Kroah-Hartman
2021-04-21 12:59 ` [PATCH 120/190] Revert "tty: atmel_serial: " Greg Kroah-Hartman
2021-04-22  5:18   ` Jiri Slaby
2021-04-22  6:47     ` Richard Genoud
2021-04-26 17:04       ` Greg Kroah-Hartman
2021-04-21 12:59 ` [PATCH 121/190] Revert "serial: mvebu-uart: Fix to avoid " Greg Kroah-Hartman
2021-04-22  5:25   ` Jiri Slaby
2021-04-21 13:00 ` [PATCH 134/190] Revert "md: Fix failed allocation of md_register_thread" Greg Kroah-Hartman
2021-04-28  5:46   ` Greg Kroah-Hartman
2021-04-30  6:10     ` Song Liu
2021-04-30  6:34       ` Greg Kroah-Hartman
2021-04-21 13:00 ` [PATCH 181/190] Revert "dm ioctl: harden copy_params()'s copy_from_user() from malicious users" Greg Kroah-Hartman
2021-04-27 16:58   ` Greg Kroah-Hartman
2021-04-21 13:01 ` [PATCH 187/190] Revert "ALSA: control: fix a redundant-copy issue" Greg Kroah-Hartman
2021-04-21 16:30   ` Takashi Iwai
2021-04-27 13:57     ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).