From: YueHaibing
Like commit 518a2f1925c3 ("dma-mapping: zero memory returned
from dma_alloc_*"), if we want to map memory from the DMA
allocator to userspace it must be zeroed at allocation time
to prevent stale data leaks. On arm platform, if the allocator
is pool_allocator in __dma_alloc, the
From: YueHaibing
register_snap_client may return NULL, all the callers
check it, but only print a warning. This will result in
NULL pointer dereference in unregister_snap_client and other
places.
It has always been used like this since v2.6
Reported-by: Dan Carpenter
Signed-off-by: YueHaibing
From: YueHaibing
Add the missing kfree() in ttc_setup_clockevent() to free the
mem before error return.
Fixes: 70504f311d4b ("clocksource/drivers/cadence_ttc: Convert init function to
return error")
Signed-off-by: YueHaibing
---
drivers/clocksource/timer-cadence-ttc.c | 1 +
1 file changed, 1
From: YueHaibing
Syzkaller report this:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: [#1] SMP KASAN PTI
CPU: 0 PID: 9400 Comm: syz-executor.0 Tainted: G C5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
From: YueHaibing
register_snap_client may return NULL, all the callers
check it, but only print a warning. This will result in
NULL pointer dereference in unregister_snap_client and other
places.
It has always been used like this since v2.6
Reported-by: Dan Carpenter
Signed-off-by: YueHaibing
From: YueHaibing
Syzkaller report this:
BUG: KASAN: use-after-free in sysfs_remove_file_ns+0x5f/0x70 fs/sysfs/file.c:468
Read of size 8 at addr 8881f59a6b70 by task syz-executor.0/8363
CPU: 0 PID: 8363 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX +
From: YueHaibing
Syzkaller report this:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: [#1] SMP KASAN PTI
CPU: 0 PID: 4492 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
Use remove_proc_subtree to remove the whole subtree
Signed-off-by: YueHaibing
---
drivers/net/wireless/ray_cs.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
index d561659..ee4d810 100644
From: YueHaibing
init_ray_cs does not check value of pcmcia_register_driver,
if it fails, there maybe cause a NULL pointer dereference in
exit_ray_cs.
Signed-off-by: YueHaibing
---
drivers/net/wireless/ray_cs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/ray_cs.c
From: YueHaibing
register_snap_client may return NULL, all the callers
check it, but only print a warning. This will result in
NULL pointer dereference in unregister_snap_client and other
places.
It has always been used like this since v2.6
Reported-by: Dan Carpenter
Signed-off-by: YueHaibing
From: YueHaibing
Syzkaller report this:
BUG: KASAN: use-after-free in sysfs_remove_file_ns+0x5f/0x70 fs/sysfs/file.c:468
Read of size 8 at addr 8881dc7ae030 by task syz-executor.0/6249
CPU: 1 PID: 6249 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX +
From: YueHaibing
Syzkaller report this:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: [#1] SMP KASAN PTI
CPU: 1 PID: 5373 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1
From: YueHaibing
In commit 0425e3e6e0c7, hns_roce_v2_modify_qp called inside
spinlock which using GFP_KERNEL, it may sleep with holding
the spinlock, so we should use GFP_ATOMIC instead.
Fixes: 0425e3e6e0c7 ("RDMA/hns: Support flush cqe for hip08 in kernel space")
Signed-off-by: YueHaibing
---
From: YueHaibing
syzkaller report this:
BUG: memory leak
unreferenced object 0x88837a71a500 (size 256):
comm "syz-executor.2", pid 9770, jiffies 4297825125 (age 17.843s)
hex dump (first 32 bytes):
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .N..
ff ff ff ff ff ff
From: YueHaibing
drivers/net/dsa/mt7530.c:649:3-4: Unneeded semicolon
drivers/net/ethernet/cisco/enic/enic_clsf.c:35:2-3: Unneeded semicolon
drivers/net/ethernet/faraday/ftgmac100.c:1640:2-3: Unneeded semicolon
drivers/net/ethernet/mediatek/mtk_eth_soc.c:229:2-3: Unneeded semicolon
drivers/net/us
From: YueHaibing
KASAN report this:
BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71
Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806
CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX,
From: YueHaibing
Use remove_proc_subtree to remove the whole subtree
on cleanup.Also do some cleanup.
Signed-off-by: YueHaibing
---
net/appletalk/atalk_proc.c | 56 ++
1 file changed, 17 insertions(+), 39 deletions(-)
diff --git a/net/appletalk/atal
From: YueHaibing
v2:
- Add cover letter log
This patch series mainly fix a use-after-free bug in atalk_proc_exit.
patch 1 use remove_proc_subtree helper to simplify atalk_proc fs code,
also some other cleanup.
patch 2 add proper error cleanup path in atalk_init to fix the issue, which
based on t
From: YueHaibing
After commit 60d2fa0dad06 ("fbdev: omap2: no need to check
return value of debugfs_create functions"), there are corner
code need to be cleaned.
Signed-off-by: YueHaibing
---
drivers/video/fbdev/omap2/omapfb/dss/core.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/driv
From: YueHaibing
KASAN report this:
BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71
Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806
CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX,
From: YueHaibing
Use remove_proc_subtree to remove the whole subtree
on cleanup.Also do some cleanup.
Signed-off-by: YueHaibing
---
net/appletalk/atalk_proc.c | 56 ++
1 file changed, 17 insertions(+), 39 deletions(-)
diff --git a/net/appletalk/atal
From: YueHaibing
YueHaibing (2):
appletalk: use remove_proc_subtree to simplify procfs code
appletalk: Fix use-after-free in atalk_proc_exit
include/linux/atalk.h| 2 +-
net/appletalk/atalk_proc.c | 58 +---
net/appletalk/ddp.c
From: YueHaibing
pm_runtime_get_sync returns negative on failure.
Fixes: eaeb9010bb4b ("drm/nouveau/debugfs: Wake up GPU before doing any
reclocking")
Signed-off-by: YueHaibing
---
drivers/gpu/drm/nouveau/nouveau_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dr
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
KASAN report this:
BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71
Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806
CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX,
From: YueHaibing
Use remove_proc_subtree to remove the whole subtree
on cleanup.Also do some cleanup.
Signed-off-by: YueHaibing
---
net/appletalk/atalk_proc.c | 56 ++
1 file changed, 17 insertions(+), 39 deletions(-)
diff --git a/net/appletalk/atal
From: YueHaibing
Use remove_proc_subtree to remove the whole subtree
on cleanup.Also do some cleanup.
Signed-off-by: YueHaibing
---
net/appletalk/atalk_proc.c | 56 ++
1 file changed, 17 insertions(+), 39 deletions(-)
diff --git a/net/appletalk/atal
From: YueHaibing
KASAN report this:
BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71
Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806
CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX,
From: YueHaibing
Fixes the following sparse warnings:
drivers/misc/habanalabs/goya/goya.c:1233:5: warning: symbol
'goya_init_cpu_queues' was not declared. Should it be static?
drivers/misc/habanalabs/goya/goya.c:2914:5: warning: symbol 'goya_suspend' was
not declared. Should it be static?
driv
From: YueHaibing
Remove duplicated include.
Signed-off-by: YueHaibing
---
drivers/staging/media/rockchip/vpu/rockchip_vpu_drv.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/staging/media/rockchip/vpu/rockchip_vpu_drv.c
b/drivers/staging/media/rockchip/vpu/rockchip_vpu_drv.c
inde
From: YueHaibing
Remove duplicated include.
Signed-off-by: YueHaibing
---
drivers/staging/rtl8723bs/include/drv_types.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/staging/rtl8723bs/include/drv_types.h
b/drivers/staging/rtl8723bs/include/drv_types.h
index 062fda9..bafb2c3 10064
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
From: YueHaibing
KASAN report this:
BUG: KASAN: use-after-free in kobject_uevent_env+0xedb/0xf20
lib/kobject_uevent.c:474
Read of size 8 at addr 8881e52d5dc0 by task kworker/0:2/1066
CPU: 0 PID: 1066 Comm: kworker/0:2 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PII
From: YueHaibing
KASAN report this:
BUG: KASAN: null-ptr-deref in nfc_llcp_build_gb+0x37f/0x540 [nfc]
Read of size 3 at addr by task syz-executor.0/5401
CPU: 0 PID: 5401 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
From: YueHaibing
There has check NULL on kmem_cache_create on failure in kcm_init,
no need use SLAB_PANIC to panic the system.
Signed-off-by: YueHaibing
---
net/kcm/kcmsock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 571
From: YueHaibing
KASAN report this:
BUG: KASAN: global-out-of-bounds in qedi_dbg_err+0xda/0x330 [qedi]
Read of size 31 at addr c12b0ae0 by task syz-executor.0/2429
CPU: 0 PID: 2429 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO
From: YueHaibing
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/scsi/megaraid/megaraid_sas_fusion.c: In function 'wait_and_poll':
drivers/scsi/megaraid/megaraid_sas_fusion.c:936:25: warning:
variable 'fusion' set but not used [-Wunused-but-set-variable]
drivers/scsi/megaraid/megaraid_s
From: YueHaibing
KASAN has found use-after-free in fixed_mdio_bus_init,
commit 0c692d07842a ("drivers/net/phy/mdio_bus.c: call
put_device on device_register() failure") call put_device()
while device_register() fails,give up the last reference
to the device and allow mdiobus_release to be execute
calc_tpm2_event_size() has an invalid signature because
it returns a 'size_t' where as its signature says that
it returns 'int'.
Cc:
Fixes: 4d23cc323cdb ("tpm: add securityfs support for TPM 2.0 firmware event
log")
Suggested-by: Jarkko Sakkinen
Signed-off-by: Yu
Fixes gcc '-Wunused-but-set-variable' warning:
fs/ufs/super.c: In function 'ufs_statfs':
fs/ufs/super.c:1409:32: warning:
variable 'usb3' set but not used [-Wunused-but-set-variable]
struct ufs_super_block_third *usb3;
^
Signed-of
101 - 144 of 144 matches
Mail list logo