On 04/12/20 8:16 pm, Johan Hovold wrote:
> On Mon, Nov 30, 2020 at 07:00:31AM +0530, Anant Thazhemadam wrote:
>> The newer usb_control_msg_{send|recv}() API are an improvement on the
>> existing usb_control_msg() as it ensures that a short read/write is treated
>> as an er
On 04/12/20 8:11 pm, Johan Hovold wrote:
> On Mon, Nov 30, 2020 at 06:58:47AM +0530, Anant Thazhemadam wrote:
>> The newer usb_control_msg_{send|recv}() API are an improvement on the
>> existing usb_control_msg() as it ensures that a short read/write is treated
>> as an
-off-by: Anant Thazhemadam
---
Changes in v4:
* Use netdev_notice() instead of dev_warn() and update the
logged message to show the new random MAC as well
(Suggested by Joe Perches )
* Convert set_ethernet_addr()'s return type back to void.
Since we're
On 05-10-2020 14:48, Hans de Goede wrote:
> To fully fix the memleak you also need to add a kfree_skb(h5->rx_skb);
> call to the end of h5_serdev_remove(), because in the hu->serdev case
> that is where the h5 struct will be free-ed (it is free-ed after that
> function exits).
Hi Hans,
I'm not
er
dereference.
Fixes: ce945552fde4 ("Bluetooth: hci_h5: Add support for serdev enumerated
devices")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam h5_close v4
---
Changes
if the value of key.idx after
nl80211_parse_key() is called and return -EINVAL if key.idx < 0.
Reported-by: syzbot+b1bb342d1d097516c...@syzkaller.appspotmail.com
Tested-by: syzbot+b1bb342d1d097516c...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
net/wireless/nl80211.c | 3 +++
1 f
On 02/10/20 3:52 pm, Hans de Goede wrote:
> Hi,
>
> On 10/1/20 9:43 PM, Anant Thazhemadam wrote:
>> When h5_close() gets called, the memory allocated for the hu gets
>> freed only if hu->serdev doesn't exist. This leads to a memory leak.
>> So when h5_close() is requ
On 02/10/20 7:45 am, David Miller wrote:
> From: Anant Thazhemadam
> Date: Thu, 1 Oct 2020 13:02:20 +0530
>
>> When get_registers() fails (which happens when usb_control_msg() fails)
>> in set_ethernet_addr(), the uninitialized value of node_id gets copied
>> as
On 02-10-2020 17:24, Greg KH wrote:
> On Fri, Oct 02, 2020 at 05:04:13PM +0530, Anant Thazhemadam wrote:
>> On 02/10/20 7:45 am, David Miller wrote:
>>> From: Anant Thazhemadam
>>> Date: Thu, 1 Oct 2020 13:02:20 +0530
>>>
>>>> When get_regis
On 02-10-2020 19:59, Petko Manolov wrote:
> On 20-10-02 17:35:25, Anant Thazhemadam wrote:
>> Yes, this clears things up for me. I'll see to it that this gets done in a
>> v3.
> If set_ethernet_addr() fail, don't return error, but use eth_hw_addr_random()
> instead to s
On 03-10-2020 04:08, David Miller wrote:
> From: Anant Thazhemadam
> Date: Fri, 2 Oct 2020 17:04:13 +0530
>
>> But this patch is about ensuring that an uninitialized variable's
>> value (whatever that may be) is not set as the ethernet address
>> blindly (w
On 04/10/20 1:08 am, Joe Perches wrote:
> On Thu, 2020-10-01 at 13:02 +0530, Anant Thazhemadam wrote:
>> When get_registers() fails (which happens when usb_control_msg() fails)
>> in set_ethernet_addr(), the uninitialized value of node_id gets copied
>> as the addres
-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Acked-by: Petko Manolov
Signed-off-by: Anant Thazhemadam
---
Changes in v3:
* Set a random MAC address to the device rather than making
the device not work
On 04/10/20 3:05 am, Joe Perches wrote:
> On Sun, 2020-10-04 at 02:49 +0530, Anant Thazhemadam wrote:
>> When get_registers() fails, in set_ethernet_addr(),the uninitialized
>> value of node_id gets copied as the address. This can be considered as
>> set_ethernet_
On 02/10/20 3:52 pm, Hans de Goede wrote:
> Hi,
>
> On 10/1/20 9:43 PM, Anant Thazhemadam wrote:
>> When h5_close() gets called, the memory allocated for the hu gets
>> freed only if hu->serdev doesn't exist. This leads to a memory leak.
>> So when h5_close()
upport for serdev enumerated
devices")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes in v3:
* Free h5->rx_skb when !hu->serdev, and fix the memory leak
On 20-09-2020 01:47, Anant Thazhemadam wrote:
> On 19-09-2020 17:03, Anant Thazhemadam wrote:
>> On 19-09-2020 22:25, Al Viro wrote:
>>> On Sat, Sep 19, 2020 at 05:17:27PM +0100, Al Viro wrote:
>>>
>>>> Lovely... That would get an empty path and
e...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/net/team/team.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 8c1e02752ff6..8986f3e4 100644
--- a/drivers/net/team/team.c
+++ b/drivers/ne
com/bug?extid=6ce141c55b2f7aafd1c4
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/bluetooth/hci_h5.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
d
On 29/09/20 2:17 pm, Petko Manolov wrote:
> On 20-09-29 13:50:28, Anant Thazhemadam wrote:
>> When get_registers() fails (which happens when usb_control_msg() fails)
>> in set_ethernet_addr(), the uninitialized value of node_id gets copied
>> as the address.
>>
>&g
of members gives the following
stats.
/* size: 248, cachelines: 4, members: 25 */
/* padding: 3 */
/* paddings: 1, sum paddings: 4 */
/* last cacheline: 56 bytes */
Signed-off-by: Anant Thazhemadam
---
The complete analysis done by pahole can be found below.
Before
of the structure (virtnet_info)
* have more members stored in one cache line (as opposed to
unnecessarily crossing the cacheline boundary and spanning
different cachelines)
The analysis was performed using pahole.
These patches may be applied in any order.
Anant Thazhemadam (2):
net
post-reordering of members gives us the following
stats.
/* size: 1280, cachelines: 20, members: 11 */
/* padding: 60 */
/* paddings: 2, sum paddings: 44 */
/* forced alignments: 2 */
Signed-off-by: Anant Thazhemadam
---
The complete analysis done by pahole can
#syz fix: ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info()
On 26/09/20 12:27 pm, Greg KH wrote:
> On Sat, Sep 26, 2020 at 08:53:07AM +0200, Dmitry Vyukov via
> Linux-kernel-mentees wrote:
>> On Sat, Sep 26, 2020 at 5:25 AM syzbot
>> wrote:
>>> Hello,
>>>
>>> syzbot has tested the proposed patch and the reproducer did not trigger any
>>> issue:
>>>
On 30/09/20 9:46 pm, Dmitry Vyukov wrote:
> On Wed, Sep 30, 2020 at 5:57 PM Anant Thazhemadam
> wrote:
>> On 26/09/20 12:27 pm, Greg KH wrote:
>>> On Sat, Sep 26, 2020 at 08:53:07AM +0200, Dmitry Vyukov via
>>> Linux-kernel-mentees wrote:
>>>> On Sat,
ance and
>> free the memory allocated to the hu entirely instead.
>>
>> Fixes: https://syzkaller.appspot.com/bug?extid=6ce141c55b2f7aafd1c4
>> Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
>> Tested-by: syzbot+6ce141c55b2f7aafd...@syzk
syzbot+4c14a8f574461e1c3...@syzkaller.appspotmail.com
>> Signed-off-by: Anant Thazhemadam
>> ---
>> If there is some explicit reason why len < 4 doesn't work, and only len < 2
>> works,
>> please do let me know.
>> The commit message that
address being incorrectly set in this manner.
Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
Acked-by: Petko Manolov
---
Changes in v2:
* Modified condition checking
On 01/10/20 5:23 pm, Stephen Rothwell wrote:
> Hi all,
>
> In commit
>
> 44d59235ace5 ("Bluetooth: hci_h5: close serdev device and free hu in
> h5_close")
>
> Fixes tag
>
> Fixes: https://syzkaller.appspot.com/bug?extid=6ce141c55b2f7aafd1c4
>
> has these problem(s):
>
> - No SHA1
luetooth: hci_h5: Add support for serdev enumerated
devices")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes in v2:
* Fixed the Fixes tag
drivers/bluetooth
.
Performing validation checks and ensuring that the size of the superblock
is valid fixes this bug.
Reported-by: syzbot+af90d47a37376844e...@syzkaller.appspotmail.com
Tested-by: syzbot+af90d47a37376844e...@syzkaller.appspotmail.com
Suggested-by: Andrew Price
Signed-off-by: Anant Thazhemadam
Hi,
On 16/10/20 4:58 pm, Hans de Goede wrote:
> Hi,
>
> On 10/7/20 5:48 AM, Anant Thazhemadam wrote:
>> If h5_close is called when !hu->serdev, h5 is directly freed.
>> However, h5->rx_skb is not freed, which causes a memory leak.
>>
>> Freeing h5->rx
ces")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes in v5:
* Set h5->rx_skb = NULL unconditionally - to improve code
readability
*
to be invalid.
Reported-by: syzbot+009f546aa1370056b...@syzkaller.appspotmail.com
Tested-by: syzbot+009f546aa1370056b...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
The error (as detected by syzbot) is generated in
vmk80xx_write_packet() (which is called in vmk80xx_reset_device
to be invalid.
Reported-by: syzbot+009f546aa1370056b...@syzkaller.appspotmail.com
Tested-by: syzbot+009f546aa1370056b...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
The error (as detected by syzbot) is generated in
vmk80xx_write_packet() (which is called in vmk80xx_reset_device
On 09/10/20 9:46 pm, Anant Thazhemadam wrote:
> While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if
> wMaxPacketSize = 0 for the endpoints found.
>
> Some devices have isochronous endpoints that have wMaxPacketSize = 0
> (as required by the USB-2 spec).
&
m MAC address when set_ethernet_addr() fails")
Signed-off-by: Anant Thazhemadam
---
drivers/net/usb/rtl8150.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
index f020401adf04..bf8a60533f3e 100644
--- a/drivers/net/usb
), and this can lead to
issues.
However, the new usb_control_msg_{send|recv}() APIs don't allow partial
reads and writes.
Using the new APIs also relaxes the return value checking that must
be done after usbnet_{read|write}_cmd() is called.
Signed-off-by: Anant Thazhemadam
---
Since not all
Hi,
On 10-10-2020 12:30, Greg Kroah-Hartman wrote:
> On Fri, Oct 09, 2020 at 09:50:29PM +0530, Anant Thazhemadam wrote:
>> While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if
>> wMaxPacketSize = 0 for the endpoints found.
>>
>> Some devices have isoc
On 10/10/20 1:39 pm, Greg Kroah-Hartman wrote:
> On Sat, Oct 10, 2020 at 07:29:13AM +0530, Anant Thazhemadam wrote:
>> Hi,
>>
>> On 10-10-2020 12:30, Greg Kroah-Hartman wrote:
>>> On Fri, Oct 09, 2020 at 09:50:29PM +0530, Anant Thazhemadam wrote:
&g
to be invalid.
Reported-by: syzbot+009f546aa1370056b...@syzkaller.appspotmail.com
Tested-by: syzbot+009f546aa1370056b...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes in v3:
* Correctly list version information
Changes in v2:
* Fix coding style issue
On 10/10/20 10:33 pm, Jakub Kicinski wrote:
> On Sat, 10 Oct 2020 12:26:23 +0530 Anant Thazhemadam wrote:
>> GPF_KERNEL
> You haven't even built this, let alone tested :/
I'm really sorry about this.
Turns out, my .config wasn't set generated by make allyesconfig, and thus
this reg
On 10/10/20 11:46 pm, Jakub Kicinski wrote:
> On Sat, 10 Oct 2020 23:34:51 +0530 Anant Thazhemadam wrote:
>> On 10/10/20 10:29 pm, Jakub Kicinski wrote:
>>> On Sat, 10 Oct 2020 12:14:59 +0530 Anant Thazhemadam wrote:
>>>> get_registers() dir
Hi,
On 10/10/20 10:29 pm, Jakub Kicinski wrote:
> On Sat, 10 Oct 2020 12:14:59 +0530 Anant Thazhemadam wrote:
>> get_registers() directly returns the return value of
>> usb_control_msg_recv() - 0 if successful, and negative error number
>> otherwise.
> Are yo
or not fixes this problem, and copies the ethernet address
appropriately.
Fixes: f45a4248ea4c ("net: usb: rtl8150: set random MAC address when
set_ethernet_addr() fails")
Signed-off-by: Anant Thazhemadam
---
Changes in v2:
* Fixed the format of the Fixes tag
* Modified the comm
Signed-off-by: Anant Thazhemadam
---
net/9p/trans_fd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index c0762a302162..8f528e783a6c 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -1023,7 +1023,7 @@ p9_fd_create_unix(struct
On 12-10-2020 13:29, Dominique Martinet wrote:
> Anant Thazhemadam wrote on Mon, Oct 12, 2020:
>> In p9_fd_create_unix, checking is performed to see if the addr (passed
>> as an argument) is NULL or not.
>> However, no check is performed to see if addr is a valid address
On 16/09/20 11:49 am, Petko Manolov wrote:
> On 20-09-16 10:35:40, Anant Thazhemadam wrote:
>> get_registers() copies whatever memory is written by the
>> usb_control_msg() call even if the underlying urb call ends up failing.
> Not true, memcpy() is only called if "ret&q
On 16/09/20 11:52 am, Greg KH wrote:
> On Wed, Sep 16, 2020 at 10:35:40AM +0530, Anant Thazhemadam wrote:
>> get_registers() copies whatever memory is written by the
>> usb_control_msg() call even if the underlying urb call ends up failing.
>>
>> If get_registers()
Signed-off-by: Anant Thazhemadam
---
.../media/atomisp/pci/isp/kernels/vf/vf_1.0/ia_css_vf.host.c| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/drivers/staging/media/atomisp/pci/isp/kernels/vf/vf_1.0/ia_css_vf.host.c
b/drivers/staging/media/atomisp/pci/isp/kernels
in qrtr_ns_worker
Reported-by: syzbot+0f84f6eed90503da7...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
As I understand it, QRTR was initially dependent upon ARCH_QCOM, but was
removed since not all modems using IPC Router protocol required the
support provided for Qualcomm
On 09/09/20 5:03 am, Anant Thazhemadam wrote:
> Removing ARCH_QCOM, as a dependency for QRTR begins to give rise to
> issues with respect to maintaining reference count integrity and
> suspicious rcu usage.
>
> The bugs resolved by making QRTR dependent on ARCH_QCOM include
On 11-09-2020 15:20, Dmitry Vyukov wrote:
> On Sat, Aug 8, 2020 at 8:56 AM syzbot
> wrote:
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit:d6efb3ac Merge tag 'tty-5.9-rc1' of git://git.kernel.org/p..
>> git tree: upstream
>> console output:
Updated the usage of a struct variable directly, in bpf_link_get_info_by_fd
to using a pointer of the same type instead, which points to a memory
location allocated using kzalloc.
Signed-off-by: Anant Thazhemadam
---
I saw this bug (https://syzkaller.appspot.com/bug?extid=976d5ecfab0c7eb43ac3
On 12/09/20 5:17 pm, Greg KH wrote:
> Note, your "To:" line seemed corrupted, and why not cc: the bpf mailing
> list as well?
Oh, I'm sorry about that. I pulled the emails of all the people to whom
this mail was sent off from the header in lkml mail, and just cc-ed
everyone.
> You leaked memory
On 12/09/20 8:25 pm, Greg KH wrote:
> On Sat, Sep 12, 2020 at 05:43:38PM +0530, Anant Thazhemadam wrote:
>> On 12/09/20 5:17 pm, Greg KH wrote:
>>> Note, your "To:" line seemed corrupted, and why not cc: the bpf mailing
>>> list as well?
>> Oh, I'm s
by passing an array of 0's as
a parameter while making the initial system call.
Reported-by: syzbot+09a5d591c1f98cf5e...@syzkaller.appspotmail.com
Tested-by: syzbot+09a5d591c1f98cf5e...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
net/socket.c | 1 +
1 file changed, 1 insertion
On 13/09/20 11:43 am, Greg KH wrote:
> On Sun, Sep 13, 2020 at 11:26:39AM +0530, Anant Thazhemadam wrote:
>> The crash report showed that there was a local variable;
>>
>> iovstack.i@__sys_sendmmsg created at:
>> ___sys_sendmsg net/socket.c:2388 [inline]
>>
-by: syzbot+09a5d591c1f98cf5e...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes from v1:
* Fixed the build warning that v1 had introduced
net/socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/socket.c b/net/socket.c
index 0c0144604f81..1e6f9b54982c
I can assure you that when I said "I think", I meant it in an assertive manner,
and not an assumptive one, but I can understand how that could easily get lost
in translation.
I wouldn't have sent in the patch if I had caught the build warning, and once
again, my apologies for not fixing it
On 13/09/20 4:33 pm, Anant Thazhemadam wrote:
> The crash report indicated that there was a local variable;
> iovstack.i@__sys_sendmmsg created at:
> ___sys_sendmsg net/socket.c:2388 [inline]
> __sys_sendmmsg+0x6db/0xc90 net/socket.c:2480
>
> that was left uninitialized
On 19-09-2020 22:25, Al Viro wrote:
> On Sat, Sep 19, 2020 at 05:17:27PM +0100, Al Viro wrote:
>
>> Lovely... That would get an empty path and non-directory for a starting
>> point, but it should end up with LAST_ROOT in nd->last_type. Which should
>> not be able to reach the readers of those
On 19-09-2020 17:03, Anant Thazhemadam wrote:
> On 19-09-2020 22:25, Al Viro wrote:
>> On Sat, Sep 19, 2020 at 05:17:27PM +0100, Al Viro wrote:
>>
>>> Lovely... That would get an empty path and non-directory for a starting
>>> point, but it should end up with L
=abbc768b560c84d92fd3
Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/net/usb/rtl8150.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers
://syzkaller.appspot.com/bug?extid=4191a44ad556eacc1a7a
Reported-by: syzbot+4191a44ad556eacc1...@syzkaller.appspotmail.com
Tested-by: syzbot+4191a44ad556eacc1...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On 16/09/20 10:25 am, Dmitry Vyukov wrote:
> On Tue, Sep 15, 2020 at 8:34 PM Anant Thazhemadam
> wrote:
>> On Monday, October 14, 2019 at 2:25:08 AM UTC+5:30 syzbot wrote:
>>> Hello,
>>>
>>> syzbot found the following crash on:
>>>
>>> H
On 09/12/20 2:37 pm, Jan Kara wrote:
> On Wed 09-12-20 01:13:38, Anant Thazhemadam wrote:
>> When dquot_resume() was last updated, the argument that got passed
>> to vfs_cleanup_quota_inode was incorrectly set.
>>
>> If type = -1 and dquot_load_quota_sb
st be = 4096 for a
valid block size, le32_to_cpu(raw_super->log_blocksize) must equal 12.
Replacing the existing check with the more direct sanity check
resolves this bug.
Reported-by: syzbot+ca9a785f8ac472085...@syzkaller.appspotmail.com
Tested-by: syzbot+ca9a785f8ac472085...@syzkaller.appspotma
On 10/12/20 7:16 am, Chao Yu wrote:
> Hi Anant,
>
> I've posted a patch a little earlier. :P
>
> https://lore.kernel.org/linux-f2fs-devel/20201209084936.31711-1-yuch...@huawei.com/T/#u
>
Ah well, that's alright, especially considering that your patch looks better.
Glad that bug has been fixed
On 10/12/20 7:40 am, Chao Yu wrote:
> On 2020/12/10 10:00, Anant Thazhemadam wrote:
>>
>> On 10/12/20 7:16 am, Chao Yu wrote:
>>> Hi Anant,
>>>
>>> I've posted a patch a little earlier. :P
>>>
>>> https://lore.kernel.org/linux-f2fs-de
-by: Anant Thazhemadam
---
drivers/misc/vmw_vmci/vmci_context.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/vmw_vmci/vmci_context.c
b/drivers/misc/vmw_vmci/vmci_context.c
index 16695366ec92..26ff49fdf0f7 100644
--- a/drivers/misc/vmw_vmci/vmci_context.c
+++ b
-off-by: Anant Thazhemadam
---
net/mac80211/cfg.c | 24 +---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 7276e66ae435..d349e33134e6 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -516,12 +516,30
in 2 places -
nl80211_del_key(), and cfg80211_validate_key_settings().
Reported-by: syzbot+49d4cab497c2142ee...@syzkaller.appspotmail.com
Tested-by: syzbot+49d4cab497c2142ee...@syzkaller.appspotmail.com
Suggested-by: Johannes Berg
Signed-off-by: Anant Thazhemadam
---
For the bug that was getting
...@syzkaller.appspotmail.com
Tested-by: syzbot+e27b4fd589762b0b9...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/media/usb/dvb-usb/dibusb-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb/dibusb-common.c
b/drivers/media
On 01/12/20 3:30 pm, Johannes Berg wrote:
> On Tue, 2020-12-01 at 15:26 +0530, Anant Thazhemadam wrote:
>> Currently, it is assumed that key_idx values that are passed to
>> ieee80211_del_key() are all valid indexes as is, and no sanity checks
>> are performed for it.
>&g
On 01/12/20 5:36 pm, Johannes Berg wrote:
> On Tue, 2020-12-01 at 17:26 +0530, Anant Thazhemadam wrote:
>> On 01/12/20 3:30 pm, Johannes Berg wrote:
>>> On Tue, 2020-12-01 at 15:26 +0530, Anant Thazhemadam wrote:
>>>> Currently, it is assumed that
logically incorrect, a patch with a fix
can be sent in as well.
Anant Thazhemadam (15):
usb: misc: appledisplay: update to use the
usb_control_msg_{send|recv}() API
usb: misc: cypress_cy7c63: update to use usb_control_msg_recv()
usb: misc: cytherm: update to use usb_control_msg_recv()
usb
of usb_control_msg() has been replaced with
usb_control_msg_recv().
The return value checking enforced by callers of the updated function have
also been appropriately updated.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/cytherm.c | 42 +++---
1 file changed, 21
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}(), and all return value checking
conditions have also been modified appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/appledisplay.c | 46 ++---
1 file changed, 19 insertions(+), 27 deletions
of usb_control_msg() has been replaced with
usb_control_msg_recv().
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/cypress_cy7c63.c | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/misc/cypress_cy7c63.c
b/drivers/usb/misc/cypress_cy7c63.c
index 14faec51d7a5
of usb_control_msg() has been replaced with
usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/emi26.c | 14 ++
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/usb/misc/emi26.c b/drivers/usb/misc/emi26.c
index 24d841850e05
of usb_control_msg() have been replaced with
usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/usbsevseg.c | 52 +++-
1 file changed, 16 insertions(+), 36 deletions(-)
diff --git a/drivers/usb/misc/usbsevseg.c b/drivers/usb/misc
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/iowarrior.c | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc
of usb_control_msg() have been replaced with
usb_control_msg_send(), and return value checking has also been
appropriately enforced.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/isight_firmware.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/usb
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}() and the return value checking conditions have
also been modified appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/lvstest.c | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/ehset.c | 70 ++--
1 file changed, 31 insertions(+), 39 deletions(-)
diff --git a/drivers/usb/misc/ehset.c b/drivers/usb/misc
of usb_control_msg_send() has been replaced
with usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/ldusb.c | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/misc/ldusb.c b/drivers/usb/misc/ldusb.c
index 670e4d91e9ca..259ead4edecb
of usb_control_msg() has been replaced with
usb_control_msg_send() and the return value checking condition has also
been modified appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/trancevibrator.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/misc
of usb_control_msg() has been replaced with
usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/idmouse.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/misc/idmouse.c b/drivers/usb/misc/idmouse.c
index e9437a176518..52126441a633
of usb_control_msg() has been replaced with
usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/ezusb.c | 16 ++--
1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/drivers/usb/misc/ezusb.c b/drivers/usb/misc/ezusb.c
index f058d8029761
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}() and the return value checking conditions have
also been modified appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/usbtest.c | 63 +++---
1 file changed, 31 insertions(+), 32 deletions
of usb_control_msg() has been replaced with
usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/emi62.c | 14 ++
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/usb/misc/emi62.c b/drivers/usb/misc/emi62.c
index 3eea60437f56
On 29/11/20 9:46 pm, Greg Kroah-Hartman wrote:
> There's no more need to dynamically allocate the buffer variable here
> now, right? It can be on the stack as the change you made above allows
> that to work properly, no need to allocate the buffer twice in a row
> (once here and once in the USB
logically incorrect, a patch with a fix
can be sent in as well.
Changes in v2:
* Buffer variables that were previously dynamically allocated are no
longer dynamically allocated unless they have a variable length
(since that threw a warning).
Anant Thazhemadam (15):
usb: misc:
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}(), and all return value checking
conditions have also been modified appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/appledisplay.c | 46 ++---
1 file changed, 19 insertions(+), 27 deletions
of usb_control_msg() has been replaced with
usb_control_msg_recv().
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/cypress_cy7c63.c | 21 +
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/drivers/usb/misc/cypress_cy7c63.c
b/drivers/usb/misc/cypress_cy7c63.c
index
of usb_control_msg() have been replaced with
usb_control_msg_{recv|send}() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/ehset.c | 76 +---
1 file changed, 32 insertions(+), 44 deletions(-)
diff --git a/drivers/usb/misc/ehset.c b/drivers/usb/misc
of usb_control_msg() has been replaced with
usb_control_msg_recv().
The return value checking enforced by callers of the updated function have
also been appropriately updated.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/cytherm.c | 128 +
1 file changed, 43
of usb_control_msg() has been replaced with
usb_control_msg_send() appropriately.
Signed-off-by: Anant Thazhemadam
---
drivers/usb/misc/ezusb.c | 16 ++--
1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/drivers/usb/misc/ezusb.c b/drivers/usb/misc/ezusb.c
index f058d8029761
1 - 100 of 161 matches
Mail list logo