stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, Denis Kirjanov <kda@linux-powerpc.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	"Eric Dumazet" <edumazet@google.com>,
	"David S. Miller" <davem@davemloft.net>,
	"syzbot" <syzkaller@googlegroups.com>
Subject: [PATCH 3.16 116/157] ipv6/flowlabel: wait rcu grace period before put_pid()
Date: Sat, 10 Aug 2019 21:40:07 +0100	[thread overview]
Message-ID: <lsq.1565469607.485122702@decadent.org.uk> (raw)
In-Reply-To: <lsq.1565469607.188083258@decadent.org.uk>

3.16.72-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

commit 6c0afef5fb0c27758f4d52b2210c61b6bd8b4470 upstream.

syzbot was able to catch a use-after-free read in pid_nr_ns() [1]

ip6fl_seq_show() seems to use RCU protection, dereferencing fl->owner.pid
but fl_free() releases fl->owner.pid before rcu grace period is started.

[1]

BUG: KASAN: use-after-free in pid_nr_ns+0x128/0x140 kernel/pid.c:407
Read of size 4 at addr ffff888094012a04 by task syz-executor.0/18087

CPU: 0 PID: 18087 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #89
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187
 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:131
 pid_nr_ns+0x128/0x140 kernel/pid.c:407
 ip6fl_seq_show+0x2f8/0x4f0 net/ipv6/ip6_flowlabel.c:794
 seq_read+0xad3/0x1130 fs/seq_file.c:268
 proc_reg_read+0x1fe/0x2c0 fs/proc/inode.c:227
 do_loop_readv_writev fs/read_write.c:701 [inline]
 do_loop_readv_writev fs/read_write.c:688 [inline]
 do_iter_read+0x4a9/0x660 fs/read_write.c:922
 vfs_readv+0xf0/0x160 fs/read_write.c:984
 kernel_readv fs/splice.c:358 [inline]
 default_file_splice_read+0x475/0x890 fs/splice.c:413
 do_splice_to+0x12a/0x190 fs/splice.c:876
 splice_direct_to_actor+0x2d2/0x970 fs/splice.c:953
 do_splice_direct+0x1da/0x2a0 fs/splice.c:1062
 do_sendfile+0x597/0xd00 fs/read_write.c:1443
 __do_sys_sendfile64 fs/read_write.c:1498 [inline]
 __se_sys_sendfile64 fs/read_write.c:1490 [inline]
 __x64_sys_sendfile64+0x15a/0x220 fs/read_write.c:1490
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f300d24bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 0000000000000007
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000005a R11: 0000000000000246 R12: 00007f300d24c6d4
R13: 00000000004c5fa3 R14: 00000000004da748 R15: 00000000ffffffff

Allocated by task 17543:
 save_stack+0x45/0xd0 mm/kasan/common.c:75
 set_track mm/kasan/common.c:87 [inline]
 __kasan_kmalloc mm/kasan/common.c:497 [inline]
 __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:470
 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:505
 slab_post_alloc_hook mm/slab.h:437 [inline]
 slab_alloc mm/slab.c:3393 [inline]
 kmem_cache_alloc+0x11a/0x6f0 mm/slab.c:3555
 alloc_pid+0x55/0x8f0 kernel/pid.c:168
 copy_process.part.0+0x3b08/0x7980 kernel/fork.c:1932
 copy_process kernel/fork.c:1709 [inline]
 _do_fork+0x257/0xfd0 kernel/fork.c:2226
 __do_sys_clone kernel/fork.c:2333 [inline]
 __se_sys_clone kernel/fork.c:2327 [inline]
 __x64_sys_clone+0xbf/0x150 kernel/fork.c:2327
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 7789:
 save_stack+0x45/0xd0 mm/kasan/common.c:75
 set_track mm/kasan/common.c:87 [inline]
 __kasan_slab_free+0x102/0x150 mm/kasan/common.c:459
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:467
 __cache_free mm/slab.c:3499 [inline]
 kmem_cache_free+0x86/0x260 mm/slab.c:3765
 put_pid.part.0+0x111/0x150 kernel/pid.c:111
 put_pid+0x20/0x30 kernel/pid.c:105
 fl_free+0xbe/0xe0 net/ipv6/ip6_flowlabel.c:102
 ip6_fl_gc+0x295/0x3e0 net/ipv6/ip6_flowlabel.c:152
 call_timer_fn+0x190/0x720 kernel/time/timer.c:1325
 expire_timers kernel/time/timer.c:1362 [inline]
 __run_timers kernel/time/timer.c:1681 [inline]
 __run_timers kernel/time/timer.c:1649 [inline]
 run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694
 __do_softirq+0x266/0x95a kernel/softirq.c:293

The buggy address belongs to the object at ffff888094012a00
 which belongs to the cache pid_2 of size 88
The buggy address is located 4 bytes inside of
 88-byte region [ffff888094012a00, ffff888094012a58)
The buggy address belongs to the page:
page:ffffea0002500480 count:1 mapcount:0 mapping:ffff88809a483080 index:0xffff888094012980
flags: 0x1fffc0000000200(slab)
raw: 01fffc0000000200 ffffea00018a3508 ffffea0002524a88 ffff88809a483080
raw: ffff888094012980 ffff888094012000 000000010000001b 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888094012900: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
 ffff888094012980: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
>ffff888094012a00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
                   ^
 ffff888094012a80: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
 ffff888094012b00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc

Fixes: 4f82f45730c6 ("net ip6 flowlabel: Make owner a union of struct pid * and kuid_t")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.16: Move the release_net() call too, not that it does
 anything.]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -94,16 +94,22 @@ static struct ip6_flowlabel *fl_lookup(s
 	return fl;
 }
 
+static void fl_free_rcu(struct rcu_head *head)
+{
+	struct ip6_flowlabel *fl = container_of(head, struct ip6_flowlabel, rcu);
+
+	if (fl->share == IPV6_FL_S_PROCESS)
+		put_pid(fl->owner.pid);
+	release_net(fl->fl_net);
+	kfree(fl->opt);
+	kfree(fl);
+}
+
 
 static void fl_free(struct ip6_flowlabel *fl)
 {
-	if (fl) {
-		if (fl->share == IPV6_FL_S_PROCESS)
-			put_pid(fl->owner.pid);
-		release_net(fl->fl_net);
-		kfree(fl->opt);
-		kfree_rcu(fl, rcu);
-	}
+	if (fl)
+		call_rcu(&fl->rcu, fl_free_rcu);
 }
 
 static void fl_release(struct ip6_flowlabel *fl)


  parent reply	other threads:[~2019-08-10 20:47 UTC|newest]

Thread overview: 164+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-10 20:40 [PATCH 3.16 000/157] 3.16.72-rc1 review Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 121/157] x86: cpufeatures: Renumber feature word 7 Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 150/157] ipv6: call ipv6_proxy_select_ident instead of ipv6_select_ident in udp6_ufo_fragment Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 071/157] ALSA: seq: Fix OOB-reads from strlcpy Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 148/157] ipv6: Fix fragment id assignment on LE arches Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 083/157] locking/lockdep: Add IRQs disabled/enabled assertion APIs: lockdep_assert_irqs_enabled()/disabled() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 105/157] cifs: do not attempt cifs operation on smb2+ rename error Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 008/157] ext4: fix data corruption caused by unaligned direct AIO Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 030/157] tcp: do not use ipv6 header for ipv4 flow Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 123/157] x86/entry/64: Really create an error-entry-from-usermode code path Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 015/157] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 130/157] vhost_net: use packet weight for rx handler, too Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 156/157] netfilter: ctnetlink: don't use conntrack/expect object addresses as id Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 029/157] net-sysfs: call dev_hold if kobject_init_and_add success Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 147/157] Revert "drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets" Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 131/157] vhost_net: introduce vhost_exceeds_weight() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 149/157] ipv6: Make __ipv6_select_ident static Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 099/157] mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 018/157] mac8390: Fix mmio access size probe Ben Hutchings
2019-08-10 20:40 ` Ben Hutchings [this message]
2019-08-10 20:40 ` [PATCH 3.16 152/157] ipv4: ip_tunnel: use net namespace from rtable not socket Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 023/157] serial: max310x: Fix to avoid potential NULL pointer dereference Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 028/157] perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 085/157] MIPS: scall64-o32: Fix indirect syscall number load Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 137/157] powerpc/tm: Fix oops on sigreturn on systems without TM Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 025/157] tty: mxs-auart: fix a potential NULL pointer dereference Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 019/157] sctp: get sctphdr by offset in sctp_compute_cksum Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 011/157] iio: dac: mcp4725: add missing powerdown bits in store eeprom Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 094/157] ALSA: core: Fix card races between register and disconnect Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 048/157] ALSA: pcm: Don't suspend stream in unrecoverable PCM state Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 079/157] net: bridge: multicast: use rcu to access port list from br_multicast_start_querier Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 058/157] iio: core: fix a possible circular locking dependency Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 095/157] tipc: set sysctl_tipc_rmem and named_timeout right range Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 078/157] block: do not leak memory in bio_copy_user_iov() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 056/157] KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 134/157] vhost: scsi: add weight support Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 081/157] rt2x00: do not increment sequence number while re-transmitting Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 154/157] siphash: add cryptographically secure PRF Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 100/157] USB: core: Fix bug caused by duplicate interface PM usage counter Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 003/157] Staging: iio: meter: fixed typo Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 070/157] xen: Prevent buffer overflow in privcmd ioctl Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 009/157] ext4: add missing brelse() in add_new_gdb_meta_bg() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 109/157] usb: usbip: fix isoc packet num validation in get_pipe Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 074/157] lib/string.c: implement a basic bcmp Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 050/157] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 157/157] scsi: libsas: fix a race condition when smp task timeout Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 024/157] tty: atmel_serial: fix a potential NULL pointer dereference Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 064/157] sched/fair: Do not re-read ->h_load_next during hierarchical load calculation Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 103/157] mac80211: don't attempt to rename ERR_PTR() debugfs dirs Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 104/157] ceph: ensure d_name stability in ceph_dentry_hash() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 144/157] xen: let alloc_xenballooned_pages() fail if not enough memory free Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 002/157] xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 021/157] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 115/157] ipv6: invert flowlabel sharing check in process and user mode Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 102/157] netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 051/157] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 073/157] sunrpc: don't mark uninitialised items as VALID Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 026/157] serial: sh-sci: Fix setting SCSCR_TIE while transferring data Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 069/157] mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 082/157] vxge: fix return of a free'd memblock on a failed dma mapping Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 062/157] xfrm4: Reload skb header pointers after calling pskb_may_pull Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 080/157] iommu/amd: Set exclusion range correctly Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 128/157] x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 139/157] floppy: fix out-of-bounds read in next_valid_format Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 119/157] packet: validate msg_namelen in send directly Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 091/157] cifs: fix handle leak in smb2_query_symlink() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 142/157] proc: meminfo: estimate available memory more conservatively Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 027/157] device_cgroup: fix RCU imbalance in error case Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 034/157] USB: serial: mos7720: fix mos_parport refcount imbalance on error path Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 042/157] xhci: Don't let USB3 ports stuck in polling state prevent suspend Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 063/157] xfrm4: Fix uninitialized memory read in _decode_session4 Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 031/157] dccp: do not use ipv6 header for ipv4 flow Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 145/157] Revert "inet: update the IP ID generation algorithm to higher standards." Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 132/157] vhost: introduce vhost_exceeds_weight() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 136/157] Input: gtco - bounds check collection indent level Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 114/157] slip: make slhc_free() silently accept an error pointer Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 001/157] ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 076/157] powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 036/157] ALSA: rawmidi: Fix potential Spectre v1 vulnerability Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 155/157] inet: switch IP ID generator to siphash Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 127/157] x86/entry/64: Use JMP instead of JMPQ Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 061/157] xfrm4: Fix header checks in _decode_session4 Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 086/157] USB: core: Fix unterminated string returned by usb_string() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 111/157] l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 075/157] xsysace: Fix error handling in ace_setup Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 140/157] floppy: fix invalid pointer dereference in drive_name Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 072/157] PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 065/157] btrfs: prop: fix vanished compression property after failed set Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 097/157] kprobes: Mark ftrace mcount handler functions nokprobe Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 012/157] IB/mlx4: Fix race condition between catas error reset and aliasguid flows Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 053/157] afs: Fix StoreData op marshalling Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 120/157] ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 038/157] iommu/vt-d: Check capability before disabling protected memory Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 135/157] Bluetooth: hci_uart: check for missing tty operations Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 087/157] staging: comedi: vmk80xx: Fix use of uninitialized semaphore Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 153/157] ipv6: hash net ptr into fragmentation bucket selection Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 124/157] x86/entry/64: Fix context tracking state warning when load_gs_index fails Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 016/157] udf: Fix crash on IO error during truncate Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 045/157] batman-adv: Reduce claim hash refcnt only for removed entry Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 133/157] vhost_net: fix possible infinite loop Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 113/157] fs/proc/proc_sysctl.c: Fix a NULL pointer dereference Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 108/157] USB: w1 ds2490: Fix bug caused by improper use of altsetting array Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 112/157] trace: Fix preempt_enable_no_resched() abuse Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 138/157] floppy: fix div-by-zero in setup_format_params Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 092/157] CIFS: keep FileInfo handle live during oplock break Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 017/157] net: mac8390: Use standard memcpy_{from,to}io() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 007/157] perf/core: Restore mmap record type correctly Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 151/157] ipv4: hash net ptr into fragmentation bucket selection Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 125/157] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 032/157] 3c515: fix integer overflow warning Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 010/157] xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 006/157] iio: adc: at91: disable adc channel interrupt in timeout case Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 117/157] l2ip: fix possible use-after-free Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 093/157] sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 054/157] KVM: Reject device ioctls from processes other than the VM's creator Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 040/157] ALSA: pcm: Fix possible OOB access in PCM oss plugins Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 088/157] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 013/157] staging: speakup_soft: Fix alternate speech with other synths Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 090/157] tools lib traceevent: Fix missing equality check for strcmp Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 107/157] USB: yurex: Fix protection fault after device removal Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 014/157] powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 055/157] kvm: x86: IA32_ARCH_CAPABILITIES is always supported Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 046/157] batman-adv: Reduce tt_local hash refcnt only for removed entry Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 059/157] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 004/157] iio: Use kmalloc_array() in iio_scan_mask_set() Ben Hutchings
2019-08-10 21:02   ` Joe Perches
2019-08-11 12:28     ` Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 049/157] net: phy: don't clear BMCR in genphy_soft_reset Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 084/157] x86/speculation: Prevent deadlock on ssb_state::lock Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 118/157] packet: in recvmsg msg_name return at least sizeof sockaddr_ll Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 077/157] ACPICA: Namespace: remove address node from global list after method termination Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 037/157] ALSA: seq: oss: Fix Spectre v1 vulnerability Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 110/157] sched/numa: Fix a possible divide-by-zero Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 033/157] ARM: dts: pfla02: increase phy reset duration Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 098/157] x86/kprobes: Avoid kretprobe recursion bug Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 041/157] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 035/157] staging: rtl8712: uninitialized memory in read_bbreg_hdl() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 022/157] USB: serial: ftdi_sio: add additional NovaTech products Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 060/157] dccp: Fix memleak in __feat_register_sp Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 126/157] x86/speculation: Enable Spectre v1 swapgs mitigations Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 068/157] dm: disable DISCARD if the underlying storage no longer supports it Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 044/157] iio: ad_sigma_delta: select channel when reading register Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 096/157] x86/kprobes: Verify stack frame on kretprobe Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 101/157] team: fix possible recursive locking when add slaves Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 052/157] USB: serial: cp210x: add new device id Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 122/157] x86/asm/entry/64: Disentangle error_entry/exit gsbase/ebx/usermode code Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 129/157] vhost-net: set packet weight of tx polling to 2 * vq size Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 066/157] btrfs: correctly validate compression type Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 089/157] kvm: mmu: Fix overflow on kvm mmu page limit calculation Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 106/157] net/rose: fix unbound loop in rose_loopback_timer() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 020/157] NFS: fix mount/umount race in nlmclnt Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 146/157] ipv6: Select fragment id during UFO segmentation if not set Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 043/157] ext4: brelse all indirect buffer in ext4_ind_remove_space() Ben Hutchings
2019-08-13  4:06   ` [PATCH 3.16 043/157] ext4: brelse all indirect buffer inext4_ind_remove_space() Jari Ruusu
2019-08-13 11:37     ` Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 057/157] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 143/157] mm/page_alloc.c: calculate 'available' memory in a separate function Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 005/157] iio: Fix scan mask selection Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 047/157] batman-adv: Reduce tt_global hash refcnt only for removed entry Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 141/157] floppy: fix out-of-bounds read in copy_buffer Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 039/157] futex: Ensure that futex address is aligned in handle_futex_death() Ben Hutchings
2019-08-10 20:40 ` [PATCH 3.16 067/157] xtensa: fix return_address Ben Hutchings
2019-08-11 14:05 ` [PATCH 3.16 000/157] 3.16.72-rc1 review Guenter Roeck
2019-08-11 15:25   ` Ben Hutchings

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=lsq.1565469607.485122702@decadent.org.uk \
    --to=ben@decadent.org.uk \
    --cc=akpm@linux-foundation.org \
    --cc=davem@davemloft.net \
    --cc=ebiederm@xmission.com \
    --cc=edumazet@google.com \
    --cc=kda@linux-powerpc.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).