diff mbox series

[6.0,116/862] ksmbd: Fix user namespace mapping

Message ID	20221019083255.053626341@linuxfoundation.org
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Hyunchul Lee <hyc.lee@gmail.com>, Steve French <smfrench@gmail.com>, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>, "Christian Brauner (Microsoft)" <brauner@kernel.org>, Namjae Jeon <linkinjeon@kernel.org>, Steve French <stfrench@microsoft.com> Subject: [PATCH 6.0 116/862] ksmbd: Fix user namespace mapping Date: Wed, 19 Oct 2022 10:23:23 +0200 Message-Id: <20221019083255.053626341@linuxfoundation.org> In-Reply-To: <20221019083249.951566199@linuxfoundation.org> References: <20221019083249.951566199@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| [6.0,002/862] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() [6.0,003/862] ALSA: usb-audio: Fix potential memory leaks [6.0,004/862] ALSA: usb-audio: Fix NULL dererence at error path [6.0,005/862] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 [6.0,006/862] ALSA: hda/realtek: Correct pin configs for ASUS G533Z [6.0,007/862] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop [6.0,008/862] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys [6.0,009/862] mtd: rawnand: atmel: Unmap streaming DMA mappings [6.0,010/862] io_uring: add custom opcode hooks on fail [6.0,011/862] io_uring/rw: dont lose partial IO result on fail [6.0,012/862] io_uring/net: dont lose partial send/recv on fail [6.0,013/862] io_uring/rw: fix unexpected link breakage [6.0,014/862] io_uring/rw: dont lose short results on io_setup_async_rw() [6.0,015/862] io_uring/net: fix fast_iov assignment in io_setup_async_msg() [6.0,016/862] io_uring/net: dont update msg_name if not provided [6.0,017/862] io_uring: limit registration w/ SINGLE_ISSUER [6.0,018/862] io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT [6.0,019/862] io_uring/af_unix: defer registered files gc to io_uring release [6.0,020/862] io_uring: correct pinned_vm accounting [6.0,021/862] hv_netvsc: Fix race between VF offering and VF association message from host [6.0,022/862] cifs: destage dirty pages before re-reading them for cache=none [6.0,023/862] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message [6.0,024/862] iio: dac: ad5593r: Fix i2c read protocol requirements [6.0,025/862] iio: ltc2497: Fix reading conversion results [6.0,026/862] iio: adc: ad7923: fix channel readings for some variants [6.0,027/862] iio: pressure: dps310: Refactor startup procedure [6.0,028/862] iio: pressure: dps310: Reset chip after timeout [6.0,029/862] xhci: dbc: Fix memory leak in xhci_alloc_dbc() [6.0,030/862] usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video() [6.0,031/862] usb: add quirks for Lenovo OneLink+ Dock [6.0,032/862] mmc: core: Add SD card quirk for broken discard [6.0,033/862] can: kvaser_usb: Fix use of uninitialized completion [6.0,034/862] can: kvaser_usb_leaf: Fix overread with an invalid command [6.0,035/862] can: kvaser_usb_leaf: Fix TX queue out of sync after restart [6.0,036/862] can: kvaser_usb_leaf: Fix CAN state after restart [6.0,037/862] mmc: renesas_sdhi: Fix rounding errors [6.0,038/862] mmc: sdhci-tegra: Use actual clock rate for SW tuning correction [6.0,039/862] mmc: sdhci-sprd: Fix minimum clock limit [6.0,040/862] i2c: designware: Fix handling of real but unexpected device interrupts [6.0,041/862] fs: dlm: fix race between test_bit() and queue_work() [6.0,042/862] fs: dlm: handle -EBUSY first in lock arg validation [6.0,043/862] fs: dlm: fix invalid derefence of sb_lvbptr [6.0,044/862] btf: Export bpf_dynptr definition [6.0,045/862] mbcache: Avoid nesting of cache->c_list_lock under bit locks [6.0,046/862] HID: multitouch: Add memory barriers [6.0,047/862] quota: Check next/prev free block number after reading from quota file [6.0,048/862] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure [6.0,049/862] arm64: dts: qcom: sdm845-mtp: correct ADC settle time [6.0,050/862] ASoC: wcd9335: fix order of Slimbus unprepare/disable [6.0,051/862] ASoC: wcd934x: fix order of Slimbus unprepare/disable [6.0,052/862] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API [6.0,053/862] net: thunderbolt: Enable DMA paths only after rings are enabled [6.0,054/862] regulator: qcom_rpm: Fix circular deferral regression [6.0,055/862] arm64: topology: move store_cpu_topology() to shared code [6.0,056/862] riscv: topology: fix default topology reporting [6.0,057/862] RISC-V: Re-enable counter access from userspace [6.0,058/862] RISC-V: Make port I/O string accessors actually work [6.0,059/862] parisc: fbdev/stifb: Align graphics memory size to 4MB [6.0,060/862] parisc: Fix userspace graphics card breakage due to pgtable special bit [6.0,061/862] riscv: vdso: fix NULL deference in vdso_join_timens() when vfork [6.0,062/862] riscv: Allow PROT_WRITE-only mmap() [6.0,063/862] riscv: Make VM_WRITE imply VM_READ [6.0,064/862] riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb [6.0,065/862] riscv: Pass -mno-relax only on lld < 15.0.0 [6.0,066/862] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK [6.0,067/862] nvmem: core: Fix memleak in nvmem_register() [6.0,068/862] nvme-multipath: fix possible hang in live ns resize with ANA access [6.0,069/862] Revert "drm/amdgpu: use dirty framebuffer helper" [6.0,070/862] dm: verity-loadpin: Only trust verity targets with enforcement [6.0,071/862] dmaengine: mxs: use platform_driver_register [6.0,072/862] dmaengine: qcom-adm: fix wrong sizeof config in slave_config [6.0,073/862] dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg [6.0,074/862] drm/virtio: Check whether transferred 2D BO is shmem [6.0,075/862] drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error [6.0,076/862] drm/virtio: Unlock reservations on dma_resv_reserve_fences() error [6.0,077/862] drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() [6.0,078/862] drm/udl: Restore display mode on resume [6.0,079/862] arm64: mte: move register initialization to C [6.0,080/862] arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored [6.0,081/862] arm64: errata: Add Cortex-A55 to the repeat tlbi list [6.0,082/862] clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value [6.0,083/862] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page [6.0,084/862] mm/damon: validate if the pmd entry is present before accessing [6.0,085/862] mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in [6.0,086/862] mm/mmap: undo ->mmap() when arch_validate_flags() fails [6.0,087/862] xen/gntdev: Prevent leaking grants [6.0,088/862] xen/gntdev: Accommodate VMA splitting [6.0,089/862] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge [6.0,090/862] serial: cpm_uart: Dont request IRQ too early for console port [6.0,091/862] serial: stm32: Deassert Transmit Enable on ->rs485_config() [6.0,092/862] serial: Deassert Transmit Enable on probe in driver-specific way [6.0,093/862] serial: ar933x: Deassert Transmit Enable on ->rs485_config() [6.0,094/862] serial: 8250: Let drivers request full 16550A feature probing [6.0,095/862] serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices [6.0,096/862] NFSD: Protect against send buffer overflow in NFSv3 READDIR [6.0,097/862] NFSD: Protect against send buffer overflow in NFSv2 READ [6.0,098/862] NFSD: Protect against send buffer overflow in NFSv3 READ [6.0,099/862] cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning [6.0,100/862] LoadPin: Fix Kconfig doc about format of file with verity digests [6.0,101/862] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain [6.0,102/862] powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE [6.0,103/862] powerpc/boot: Explicitly disable usage of SPE instructions [6.0,104/862] slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure [6.0,105/862] slimbus: qcom-ngd: cleanup in probe error path [6.0,106/862] scsi: lpfc: Rework MIB Rx Monitor debug info logic [6.0,107/862] scsi: qedf: Populate sysfs attributes for vport [6.0,108/862] gpio: rockchip: request GPIO mux to pinctrl when setting direction [6.0,109/862] pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback [6.0,110/862] fbdev: smscufx: Fix use-after-free in ufx_ops_open() [6.0,111/862] hwrng: core - let sleep be interrupted when unregistering hwrng [6.0,112/862] smb3: do not log confusing message when server returns no network interfaces [6.0,113/862] ksmbd: fix incorrect handling of iterate_dir [6.0,114/862] ksmbd: fix endless loop when encryption for response fails [6.0,115/862] ksmbd: Fix wrong return value and message length check in smb2_ioctl() [6.0,116/862] ksmbd: Fix user namespace mapping [6.0,117/862] fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE [6.0,118/862] btrfs: fix alignment of VMA for memory mapped files on THP [6.0,119/862] btrfs: enhance unsupported compat RO flags handling [6.0,120/862] btrfs: fix race between quota enable and quota rescan ioctl [6.0,121/862] btrfs: fix missed extent on fsync after dropping extent maps [6.0,122/862] btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer [6.0,123/862] f2fs: fix wrong continue condition in GC [6.0,124/862] f2fs: complete checkpoints during remount [6.0,125/862] f2fs: flush pending checkpoints when freezing super [6.0,126/862] f2fs: increase the limit for reserve_root [6.0,127/862] f2fs: fix to do sanity check on destination blkaddr during recovery [6.0,128/862] f2fs: fix to do sanity check on summary info [6.0,129/862] f2fs: allow direct read for zoned device [6.0,130/862] jbd2: wake up journal waiters in FIFO order, not LIFO [6.0,131/862] jbd2: fix potential buffer head reference count leak [6.0,132/862] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs [6.0,133/862] jbd2: add miss release buffer head in fc_do_one_pass() [6.0,134/862] ext2: Add sanity checks for group and filesystem size [6.0,135/862] ext4: avoid crash when inline data creation follows DIO write [6.0,136/862] ext4: fix null-ptr-deref in ext4_write_info [6.0,137/862] ext4: make ext4_lazyinit_thread freezable [6.0,138/862] ext4: fix check for block being out of directory size [6.0,139/862] ext4: dont increase iversion counter for ea_inodes [6.0,140/862] ext4: unconditionally enable the i_version counter [6.0,141/862] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate [6.0,142/862] ext4: place buffer head allocation before handle start [6.0,143/862] ext4: fix i_version handling in ext4 [6.0,144/862] ext4: fix dir corruption when ext4_dx_add_entry() fails [6.0,145/862] ext4: fix miss release buffer head in ext4_fc_write_inode [6.0,146/862] ext4: fix potential memory leak in ext4_fc_record_modified_inode() [6.0,147/862] ext4: fix potential memory leak in ext4_fc_record_regions() [6.0,148/862] ext4: update state->fc_regions_size after successful memory allocation [6.0,149/862] livepatch: fix race between fork and KLP transition [6.0,150/862] ftrace: Properly unset FTRACE_HASH_FL_MOD [6.0,151/862] ftrace: Still disable enabled records marked as disabled [6.0,152/862] ring-buffer: Allow splice to read previous partially read pages [6.0,153/862] ring-buffer: Have the shortest_full queue be the shortest not longest [6.0,154/862] ring-buffer: Check pending waiters when doing wake ups as well [6.0,155/862] ring-buffer: Add ring_buffer_wake_waiters() [6.0,156/862] ring-buffer: Fix race between reset page and reading page [6.0,157/862] tracing/eprobe: Fix alloc event dir failed when event name no set [6.0,158/862] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t [6.0,159/862] tracing: Wake up ring buffer waiters on closing of the file [6.0,160/862] tracing: Wake up waiters when tracing is disabled [6.0,161/862] tracing: Add ioctl() to force ring buffer waiters to wake up [6.0,162/862] tracing: Do not free snapshot if tracer is on cmdline [6.0,163/862] tracing: Move duplicate code of trace_kprobe/eprobe.c into header [6.0,164/862] tracing: Add "(fault)" name injection to kernel probes [6.0,165/862] tracing: Fix reading strings from synthetic events [6.0,166/862] rpmsg: char: Avoid double destroy of default endpoint [6.0,167/862] thunderbolt: Explicitly enable lane adapter hotplug events at startup [6.0,168/862] efi: libstub: drop pointless get_memory_map() call [6.0,169/862] media: cedrus: Fix watchdog race condition [6.0,170/862] media: cedrus: Set the platform driver data earlier [6.0,171/862] media: cedrus: Fix endless loop in cedrus_h265_skip_bits() [6.0,172/862] blk-throttle: fix that io throttle can only work for single bio [6.0,173/862] blk-wbt: call rq_qos_add() after wb_normal is initialized [6.0,174/862] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility [6.0,175/862] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" [6.0,176/862] KVM: nVMX: Dont propagate vmcs12s PERF_GLOBAL_CTRL settings to vmcs02 [6.0,177/862] KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) [6.0,178/862] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS [6.0,179/862] staging: greybus: audio_helper: remove unused and wrong debugfs usage [6.0,180/862] drm/nouveau/kms/nv140-: Disable interlacing [6.0,181/862] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() [6.0,182/862] drm/i915/gt: Use i915_vm_put on ppgtt_create error paths [6.0,183/862] drm/i915/guc: Fix revocation of non-persistent contexts [6.0,184/862] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier [6.0,185/862] drm/i915: Fix watermark calculations for gen12+ MC CCS modifier [6.0,186/862] drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier [6.0,187/862] drm/i915: Fix watermark calculations for DG2 CCS modifiers [6.0,188/862] drm/i915: Fix watermark calculations for DG2 CCS+CC modifier [6.0,189/862] drm/i915: Fix display problems after resume [6.0,190/862] drm/amd/display: Fix watermark calculation [6.0,191/862] drm/amd/display: Update PMFW z-state interface for DCN314 [6.0,192/862] drm/amd/display: zeromem mypipe heap struct before using it [6.0,193/862] drm/amd/display: Validate DSC After Enable All New CRTCs [6.0,194/862] drm/amd/display: Enable dpia support for dcn314 [6.0,195/862] drm/amd/display: Enable 2 to 1 ODM policy if supported [6.0,196/862] drm/amd/display: Fix vblank refcount in vrr transition [6.0,197/862] drm/amd/display: Add HUBP surface flip interrupt handler [6.0,198/862] drm/amd/display: explicitly disable psr_feature_enable appropriately [6.0,199/862] drm/amdgpu: Enable VCN PG on GC11_0_1 [6.0,200/862] drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd [6.0,201/862] smb3: must initialize two ACL struct fields to zero [6.0,202/862] selinux: use "grep -E" instead of "egrep" [6.0,203/862] ima: fix blocking of security.ima xattrs of unsupported algorithms [6.0,204/862] userfaultfd: open userfaultfds with O_RDONLY [6.0,205/862] ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers [6.0,206/862] acl: return EOPNOTSUPP in posix_acl_fix_xattr_common() [6.0,207/862] thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() [6.0,208/862] cpufreq: amd-pstate: Fix initial highest_perf value [6.0,209/862] sh: machvec: Use char[] for section boundaries [6.0,210/862] MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create() [6.0,211/862] MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() [6.0,212/862] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size [6.0,213/862] erofs: use kill_anon_super() to kill super in fscache mode [6.0,214/862] ARM: 9243/1: riscpc: Unbreak the build [6.0,215/862] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() [6.0,216/862] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE [6.0,217/862] ACPI: PCC: Release resources on address space setup failure path [6.0,218/862] ACPI: PCC: replace wait_for_completion() [6.0,219/862] ACPI: PCC: Fix Tx acknowledge in the PCC address space handler [6.0,220/862] objtool: Preserve special st_shndx indexes in elf_update_symbol [6.0,221/862] nfsd: Fix a memory leak in an error handling path [6.0,222/862] SUNRPC: Fix svcxdr_init_decodes end-of-buffer calculation [6.0,223/862] SUNRPC: Fix svcxdr_init_encodes buflen calculation [6.0,224/862] NFSD: Protect against send buffer overflow in NFSv2 READDIR [6.0,225/862] NFSD: Fix handling of oversized NFSv4 COMPOUND requests [6.0,226/862] x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled [6.0,227/862] m68k: Process bootinfo records before saving them [6.0,228/862] libbpf: Initialize err in probe_map_create [6.0,229/862] wifi: rtlwifi: 8192de: correct checking of IQK reload [6.0,230/862] wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices [6.0,231/862] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() [6.0,232/862] bpf: Cleanup check_refcount_ok [6.0,233/862] bpf: Fix ref_obj_id for dynptr data slices in verifier [6.0,234/862] leds: lm3601x: Dont use mutex after it was destroyed [6.0,235/862] tsnep: Fix TSNEP_INFO_TX_TIME register define [6.0,236/862] net: prestera: cache port state for non-phylink ports too [6.0,237/862] bpf: Fix reference state management for synchronous callbacks [6.0,238/862] wifi: mac80211: properly set old_links when removing a link [6.0,239/862] wifi: cfg80211: get correct AP link chandef [6.0,240/862] wifi: mac80211: fix use-after-free [6.0,241/862] wifi: mac80211: mlme: dont add empty EML capabilities [6.0,242/862] wifi: mac80211_hwsim: fix link change handling [6.0,243/862] wifi: mac80211: allow bw change during channel switch in mesh [6.0,244/862] bpftool: Fix a wrong type cast in btf_dumper_int [6.0,245/862] ice: set tx_tstamps when creating new Tx rings via ethtool [6.0,246/862] audit: explicitly check audit_context->context enum value [6.0,247/862] audit: free audit_proctitle only on task exit [6.0,248/862] esp: choose the correct inner protocol for GSO on inter address family tunnels [6.0,249/862] spi: mt7621: Fix an error message in mt7621_spi_probe() [6.0,250/862] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch regi… [6.0,251/862] xsk: Fix backpressure mechanism on Tx [6.0,252/862] selftests/xsk: Add missing close() on netns fd [6.0,253/862] bpf: Disable preemption when increasing per-cpu map_locked [6.0,254/862] bpf: Propagate error from htab_lock_bucket() to userspace [6.0,255/862] wifi: ath11k: Fix incorrect QMI message ID mappings [6.0,256/862] bpf: Use this_cpu_{inc\|dec\|inc_return} for bpf_task_storage_busy [6.0,257/862] bpf: Use this_cpu_{inc_return\|dec} for prog->active [6.0,258/862] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend [6.0,259/862] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on [6.0,260/862] wifi: rtw89: pci: fix interrupt stuck after leaving low power mode [6.0,261/862] wifi: rtw89: pci: correct TX resource checking in low power mode [6.0,262/862] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() [6.0,263/862] wifi: wfx: prevent underflow in wfx_send_pds() [6.0,264/862] wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() [6.0,265/862] selftests/xsk: Avoid use-after-free on ctx [6.0,266/862] wifi: mac80211: mlme: assign link address correctly [6.0,267/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() [6.0,268/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() [6.0,269/862] wifi: rtl8xxxu: Fix skb misuse in TX queue selection [6.0,270/862] spi: meson-spicc: do not rely on busy flag in pow2 clk ops [6.0,271/862] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve [6.0,272/862] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration [6.0,273/862] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask [6.0,274/862] Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() [6.0,275/862] wifi: mt76: mt7921e: fix race issue between reset and suspend/resume [6.0,276/862] wifi: mt76: mt7921s: fix race issue between reset and suspend/resume [6.0,277/862] wifi: mt76: mt7921u: fix race issue between reset and suspend/resume [6.0,278/862] wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work [6.0,279/862] wifi: mt76: sdio: poll sta stat when device transmits data [6.0,280/862] wifi: mt76: mt7915: fix an uninitialized variable bug [6.0,281/862] wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() [6.0,282/862] wifi: mt76: sdio: fix transmitting packet hangs [6.0,283/862] wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload [6.0,284/862] wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup [6.0,285/862] wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv [6.0,286/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap [6.0,287/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload [6.0,288/862] wifi: mt76: mt7921: fix the firmware version report [6.0,289/862] wifi: mt76: mt7915: fix mcs value in ht mode [6.0,290/862] wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx [6.0,291/862] wifi: mt76: mt7915: do not check state before configuring implicit beamform [6.0,292/862] wifi: mt76: mt7921e: fix rmmod crash in driver reload test [6.0,293/862] Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release [6.0,294/862] net: fs_enet: Fix wrong check in do_pd_setup [6.0,295/862] bpf: Ensure correct locking around vulnerable function find_vpid() [6.0,296/862] libbpf: Fix crash if SEC("freplace") programs dont have attach_prog_fd set [6.0,297/862] wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default [6.0,298/862] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure [6.0,299/862] libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data [6.0,300/862] netfilter: conntrack: fix the gc rescheduling delay [6.0,301/862] netfilter: conntrack: revisit the gc initial rescheduling bias [6.0,302/862] bpf, cgroup: Reject prog_attach_flags array when effective query [6.0,303/862] bpftool: Fix wrong cgroup attach flags being assigned to effective progs [6.0,304/862] selftests/bpf: Adapt cgroup effective query uapi change [6.0,305/862] flow_dissector: Do not count vlan tags inside tunnel payload [6.0,306/862] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv [6.0,307/862] wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected [6.0,308/862] wifi: ath11k: fix number of VHT beamformee spatial streams [6.0,309/862] mips: dts: ralink: mt7621: fix external phy on GB-PC2 [6.0,310/862] x86/microcode/AMD: Track patch allocation size explicitly [6.0,311/862] libbpf: restore memory layout of bpf_object_open_opts [6.0,312/862] wifi: ath11k: fix peer addition/deletion error on sta band migration [6.0,313/862] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype [6.0,314/862] spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe [6.0,315/862] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe [6.0,316/862] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe [6.0,317/862] skmsg: Schedule psock work if the cached skb exists on the psock [6.0,318/862] cw1200: fix incorrect check to determine if no element is found in list [6.0,319/862] libbpf: Dont require full struct enum64 in UAPI headers [6.0,320/862] i2c: mlxbf: support lock mechanism [6.0,321/862] Bluetooth: hci_core: Fix not handling link timeouts propertly [6.0,322/862] xfrm: Reinject transport-mode packets through workqueue [6.0,323/862] netfilter: nft_fib: Fix for rpath check with VRF devices [6.0,324/862] spi: s3c64xx: Fix large transfers with DMA [6.0,325/862] Bluetooth: Prevent double register of suspend [6.0,326/862] wifi: rtl8xxxu: gen2: Enable 40 MHz channel width [6.0,327/862] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA__PARAM [6.0,328/862] vhost/vsock: Use kvmalloc/kvfree for larger packets. [6.0,329/862] eth: alx: take rtnl_lock on resume [6.0,330/862] mISDN: fix use-after-free bugs in l1oip timer handlers [6.0,331/862] sctp: handle the error returned from sctp_auth_asoc_init_active_key [6.0,332/862] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited [6.0,333/862] spi: Ensure that sg_table wont be used after being freed [6.0,334/862] Bluetooth: hci_sync: Fix not indicating power state [6.0,335/862] hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller [6.0,336/862] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() [6.0,337/862] af_unix: Fix memory leaks of the whole sk due to OOB skb. [6.0,338/862] net: prestera: acl: Add check for kmemdup [6.0,339/862] eth: lan743x: reject extts for non-pci11x1x devices [6.0,340/862] bnx2x: fix potential memory leak in bnx2x_tpa_stop() [6.0,341/862] eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address [6.0,342/862] net: wwan: iosm: Call mutex_init before locking it [6.0,343/862] net/ieee802154: reject zero-sized raw_sendmsg() [6.0,344/862] once: add DO_ONCE_SLOW() for sleepable contexts [6.0,345/862] net: mvpp2: fix mvpp2 debugfs leak [6.0,346/862] drm: bridge: adv7511: fix CEC power down control register offset [6.0,347/862] drm: bridge: adv7511: unregister cec i2c device after cec adapter [6.0,348/862] drm/bridge: Avoid uninitialized variable warning [6.0,349/862] drm/mipi-dsi: Detach devices when removing the host [6.0,350/862] drm/vc4: drv: Call component_unbind_all() [6.0,351/862] drm/bridge: it6505: Power on downstream device in .atomic_enable [6.0,352/862] video/aperture: Disable and unregister sysfb devices via aperture helpers [6.0,353/862] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling [6.0,354/862] drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() [6.0,355/862] drm/bridge: tc358767: Add of_node_put() when breaking out of loop [6.0,356/862] drm/bridge: parade-ps8640: Fix regulator supply order [6.0,357/862] drm/format-helper: Fix test on big endian architectures [6.0,358/862] drm/dp_mst: fix drm_dp_dpcd_read return value checks [6.0,359/862] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() [6.0,360/862] ASoC: mt6359: fix tests for platform_get_irq() failure [6.0,361/862] ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe() [6.0,362/862] drm/msm: Make .remove and .shutdown HW shutdown consistent [6.0,363/862] platform/chrome: fix double-free in chromeos_laptop_prepare() [6.0,364/862] platform/chrome: fix memory corruption in ioctl [6.0,365/862] drm/i915/dg2: Bump up CDCLK for DG2 [6.0,366/862] drm/virtio: Fix same-context optimization [6.0,367/862] ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() [6.0,368/862] ASoC: tas2764: Allow mono streams [6.0,369/862] ASoC: tas2764: Drop conflicting set_bias_level power setting [6.0,370/862] ASoC: tas2764: Fix mute/unmute [6.0,371/862] platform/x86: msi-laptop: Fix old-ec check for backlight registering [6.0,372/862] platform/x86: msi-laptop: Fix resource cleanup [6.0,373/862] drm/panel: use select for Ili9341 panel driver helpers [6.0,374/862] drm: fix drm_mipi_dbi build errors [6.0,375/862] platform/chrome: cros_ec_typec: Add bit offset for DP VDO [6.0,376/862] platform/chrome: cros_ec_typec: Correct alt mode index [6.0,377/862] drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() [6.0,378/862] drm/bridge: megachips: Fix a null pointer dereference bug [6.0,379/862] drm/bridge: it6505: Fix the order of DP_SET_POWER commands [6.0,380/862] ASoC: rsnd: Add check for rsnd_mod_power_on [6.0,381/862] ASoC: wm_adsp: Handle optional legacy support [6.0,382/862] ALSA: hda: beep: Simplify keep-power-at-enable behavior [6.0,383/862] drm/virtio: set fb_modifiers_not_supported [6.0,384/862] drm/bochs: fix blanking [6.0,385/862] ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF [6.0,386/862] ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON [6.0,387/862] drm/omap: dss: Fix refcount leak bugs [6.0,388/862] drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() [6.0,389/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR [6.0,390/862] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() [6.0,391/862] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API [6.0,392/862] drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices [6.0,393/862] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx [6.0,394/862] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() [6.0,395/862] ALSA: hda/hdmi: change type for the assigned variable [6.0,396/862] ALSA: hda/hdmi: Fix the converter allocation for the silent stream [6.0,397/862] ALSA: usb-audio: Properly refcounting clock rate [6.0,398/862] ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup() [6.0,399/862] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() [6.0,400/862] virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create() [6.0,401/862] ASoC: codecs: tx-macro: fix kcontrol put [6.0,402/862] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() [6.0,403/862] ALSA: dmaengine: increment buffer pointer atomically [6.0,404/862] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() [6.0,405/862] ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe [6.0,406/862] ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe [6.0,407/862] ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe [6.0,408/862] ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()" [6.0,409/862] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe [6.0,410/862] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe [6.0,411/862] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe [6.0,412/862] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe [6.0,413/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR [6.0,414/862] ALSA: hda/hdmi: Dont skip notification handling during PM operation [6.0,415/862] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() [6.0,416/862] memory: of: Fix refcount leak bug in of_get_ddr_timings() [6.0,417/862] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() [6.0,418/862] locks: fix TOCTOU race when granting write lease [6.0,419/862] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() [6.0,420/862] soc: qcom: smem_state: Add refcounting for the state->of_node [6.0,421/862] ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus [6.0,422/862] arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types [6.0,423/862] arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types [6.0,424/862] arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types [6.0,425/862] dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1 [6.0,426/862] arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl [6.0,427/862] arm64: dts: qcom: sc7280: Cleanup the lpasscc node [6.0,428/862] arm64: dts: qcom: sc7280: Update lpasscore node [6.0,429/862] arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches [6.0,430/862] arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow regulator mode switches [6.0,431/862] arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches [6.0,432/862] arm64: dts: qcom: pm8350c: Drop PWM reg declaration [6.0,433/862] arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ [6.0,434/862] ARM: dts: turris-omnia: Fix mpp26 pin name and comment [6.0,435/862] ARM: dts: kirkwood: lsxl: fix serial line [6.0,436/862] ARM: dts: kirkwood: lsxl: remove first ethernet port [6.0,437/862] arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios [6.0,438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc828… [6.0,439/862] ia64: export memory_add_physaddr_to_nid to fix cxl build error [6.0,440/862] arm64: dts: qcom: sm8350-sagami: correct TS pin property [6.0,441/862] soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse() [6.0,442/862] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA [6.0,443/862] arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size [6.0,444/862] arm64: dts: qcom: sm8450: fix UFS PHY serdes size [6.0,445/862] arm64: dts: ti: k3-j7200: fix main pinmux range [6.0,446/862] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family [6.0,447/862] ARM: Drop CMDLINE_ dependency on ATAGS [6.0,448/862] ext4: continue to expand file system when the target size doesnt reach [6.0,449/862] ext4: dont run ext4lazyinit for read-only filesystems [6.0,450/862] arm64: ftrace: fix module PLTs with mcount [6.0,451/862] arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2 [6.0,452/862] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen [6.0,453/862] iomap: iomap: fix memory corruption when recording errors during writeback [6.0,454/862] selftests/cpu-hotplug: Use return instead of exit [6.0,455/862] selftests/cpu-hotplug: Delete fault injection related code [6.0,456/862] selftests/cpu-hotplug: Reserve one cpu online at least [6.0,457/862] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX [6.0,458/862] iio: adc: at91-sama5d2_adc: check return status for pressure and touch [6.0,459/862] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq [6.0,460/862] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume [6.0,461/862] iio: inkern: only release the device node when done with it [6.0,462/862] iio: inkern: fix return value in devm_of_iio_channel_get_by_name() [6.0,463/862] iio: ABI: Fix wrong format of differential capacitance channel ABI. [6.0,464/862] iio: magnetometer: yas530: Change data type of hard_offsets to signed [6.0,465/862] RDMA/mlx5: Dont compare mkey tags in DEVX indirect mkey [6.0,466/862] usb: common: usb-conn-gpio: Simplify some error message [6.0,467/862] usb: common: debug: Check non-standard control requests [6.0,468/862] clk: meson: Hold reference returned by of_get_parent() [6.0,469/862] clk: st: Hold reference returned by of_get_parent() [6.0,470/862] clk: oxnas: Hold reference returned by of_get_parent() [6.0,471/862] clk: qoriq: Hold reference returned by of_get_parent() [6.0,472/862] clk: berlin: Add of_node_put() for of_get_parent() [6.0,473/862] clk: sprd: Hold reference returned by of_get_parent() [6.0,474/862] coresight: docs: Fix a broken reference [6.0,475/862] clk: tegra: Fix refcount leak in tegra210_clock_init [6.0,476/862] clk: tegra: Fix refcount leak in tegra114_clock_init [6.0,477/862] clk: tegra20: Fix refcount leak in tegra20_clock_init [6.0,478/862] clk: samsung: exynosautov9: correct register offsets of peric0/c1 [6.0,479/862] sbitmap: fix possible io hung due to lost wakeup [6.0,480/862] HID: uclogic: Add missing suffix for digitalizers [6.0,481/862] HID: uclogic: Fix warning in uclogic_rdesc_template_apply [6.0,482/862] HSI: omap_ssi: Fix refcount leak in ssi_probe [6.0,483/862] HSI: omap_ssi_port: Fix dma_map_sg error check [6.0,484/862] clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock [6.0,485/862] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop [6.0,486/862] media: airspy: fix memory leak in airspy probe [6.0,487/862] tty: xilinx_uartps: Check clk_enable return value [6.0,488/862] tty: xilinx_uartps: Fix the ignore_status [6.0,489/862] media: mediatek: vcodec: Skip non CBR bitrate mode [6.0,490/862] media: amphion: insert picture startcode after seek for vc1g format [6.0,491/862] media: amphion: adjust the encoders value range of gop size [6.0,492/862] media: amphion: dont change the colorspace reported by decoder. [6.0,493/862] media: amphion: fix a bug that vpu core may not resume after suspend [6.0,494/862] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() [6.0,495/862] media: uvcvideo: Fix memory leak in uvc_gpio_parse [6.0,496/862] media: uvcvideo: Use entity get_cur in uvc_ctrl_set [6.0,497/862] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init [6.0,498/862] RDMA/rxe: Fix "kernel NULL pointer dereference" error [6.0,499/862] RDMA/rxe: Fix the error caused by qp->sk [6.0,500/862] clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intfs parent [6.0,501/862] clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintfs parent [6.0,502/862] clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical [6.0,503/862] misc: ocxl: fix possible refcount leak in afu_ioctl() [6.0,504/862] fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards [6.0,505/862] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() [6.0,506/862] phy: rockchip-inno-usb2: Return zero after otg sync [6.0,507/862] dmaengine: idxd: avoid deadlock in process_misc_interrupts() [6.0,508/862] dmaengine: hisilicon: Disable channels when unregister hisi_dma [6.0,509/862] dmaengine: hisilicon: Fix CQ head update [6.0,510/862] dmaengine: hisilicon: Add multi-thread support for a DMA channel [6.0,511/862] iio: Use per-device lockdep class for mlock [6.0,512/862] usb: gadget: f_fs: stricter integer overflow checks [6.0,513/862] dyndbg: fix static_branch manipulation [6.0,514/862] dyndbg: fix module.dyndbg handling [6.0,515/862] dyndbg: let query-modname override actual module name [6.0,516/862] dyndbg: drop EXPORTed dynamic_debug_exec_queries [6.0,517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() [6.0,518/862] clk: qcom: sm6115: Select QCOM_GDSC [6.0,519/862] scsi: lpfc: Fix various issues reported by tools [6.0,520/862] mtd: devices: docg3: check the return value of devm_ioremap() in the probe [6.0,521/862] remoteproc: Harden rproc_handle_vdev() against integer overflow [6.0,522/862] phy: qcom-qmp-usb: disable runtime PM on unbind [6.0,523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check [6.0,524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral [6.0,525/862] phy: qcom-qmp-pcie-msm8996: fix memleak on probe deferral [6.0,526/862] phy: qcom-qmp-combo: fix memleak on probe deferral [6.0,527/862] phy: qcom-qmp-ufs: fix memleak on probe deferral [6.0,528/862] phy: qcom-qmp-usb: fix memleak on probe deferral [6.0,529/862] phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_paren… [6.0,530/862] phy: phy-mtk-tphy: fix the phy type setting issue [6.0,531/862] mtd: rawnand: intel: Read the chip-select line from the correct OF node [6.0,532/862] mtd: rawnand: intel: Remove undocumented compatible string [6.0,533/862] mtd: rawnand: fsl_elbc: Fix none ECC mode [6.0,534/862] RDMA/irdma: Align AE id codes to correct flush code and event [6.0,535/862] RDMA/irdma: Validate udata inlen and outlen [6.0,536/862] RDMA/srp: Fix srp_abort() [6.0,537/862] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. [6.0,538/862] RDMA/siw: Fix QP destroy to wait for all references dropped. [6.0,539/862] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() [6.0,540/862] ata: fix ata_id_has_devslp() [6.0,541/862] ata: fix ata_id_has_ncq_autosense() [6.0,542/862] ata: fix ata_id_has_dipm() [6.0,543/862] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() [6.0,544/862] block: Fix the enum blk_eh_timer_return documentation [6.0,545/862] eventfd: guard wake_up in eventfd fs calls as well [6.0,546/862] io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 [6.0,547/862] md: Replace snprintf with scnprintf [6.0,548/862] md/raid5: Ensure stripe_fill happens on non-read IO with journal [6.0,549/862] md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() [6.0,550/862] md: Remove extra mddev_get() in md_seq_start() [6.0,551/862] RDMA/cm: Use SLID in the work completion as the DLID in responder side [6.0,552/862] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers [6.0,553/862] xhci: Dont show warning for reinit on known broken suspend [6.0,554/862] usb: gadget: function: fix dangling pnp_string in f_printer.c [6.0,555/862] usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name() [6.0,556/862] usb: dwc3: core: fix some leaks in probe [6.0,557/862] drivers: serial: jsm: fix some leaks in probe [6.0,558/862] serial: 8250: Toggle IER bits on only after irq has been set up [6.0,559/862] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown [6.0,560/862] phy: qualcomm: call clk_disable_unprepare in the error handling [6.0,561/862] staging: vt6655: fix some erroneous memory clean-up loops [6.0,562/862] slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register [6.0,563/862] firmware: google: Test spinlock on panic path to avoid lockups [6.0,564/862] serial: 8250: Fix restoring termios speed after suspend [6.0,565/862] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() [6.0,566/862] scsi: pm8001: Fix running_req for internal abort commands [6.0,567/862] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() [6.0,568/862] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical [6.0,569/862] clk: qcom: gcc-sm6115: Override default Alpha PLL regs [6.0,570/862] nvmet-auth: dont try to cancel a non-initialized work_struct [6.0,571/862] RDMA/rxe: Set pd early in mr alloc routines [6.0,572/862] RDMA/rxe: Fix resize_finish() in rxe_queue.c [6.0,573/862] fsi: core: Check error number after calling ida_simple_get [6.0,574/862] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() [6.0,575/862] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() [6.0,576/862] mfd: lp8788: Fix an error handling path in lp8788_probe() [6.0,577/862] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() [6.0,578/862] mfd: fsl-imx25: Fix check for platform_get_irq() errors [6.0,579/862] mfd: sm501: Add check for platform_driver_register() [6.0,580/862] mfd: da9061: Fix Failed to set Two-Wire Bus Mode. [6.0,581/862] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent [6.0,582/862] clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes [6.0,583/862] clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup [6.0,584/862] clk: mediatek: Migrate remaining clk_unregister_() to clk_hw_unregister_() [6.0,585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY [6.0,586/862] io_uring/rw: defer fsnotify calls to task context [6.0,587/862] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() [6.0,588/862] HID: amd_sfh: Handle condition of "no sensors" for SFH1.1 [6.0,589/862] usb: mtu3: fix failed runtime suspend in host only mode [6.0,590/862] spmi: pmic-arb: correct duplicate APID to PPID mapping logic [6.0,591/862] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD [6.0,592/862] clk: baikal-t1: Fix invalid xGMAC PTP clock divider [6.0,593/862] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent [6.0,594/862] clk: baikal-t1: Add SATA internal ref clock buffer [6.0,595/862] clk: bcm2835: Make peripheral PLLC critical [6.0,596/862] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration [6.0,597/862] clk: imx8mp: tune the order of enet_qos_root_clk [6.0,598/862] clk: imx: scu: fix memleak on platform_device_add() fails [6.0,599/862] clk: ti: Balance of_node_get() calls for of_find_node_by_name() [6.0,600/862] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe [6.0,601/862] clk: ast2600: BCLK comes from EPLL [6.0,602/862] mailbox: imx: fix RST channel support [6.0,603/862] mailbox: mpfs: fix handling of the reg property [6.0,604/862] mailbox: mpfs: account for mbox offsets while sending [6.0,605/862] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg [6.0,606/862] ipc: mqueue: fix possible memory leak in init_mqueue_fs() [6.0,607/862] powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig [6.0,608/862] powerpc/math_emu/efp: Include module.h [6.0,609/862] powerpc/sysdev/fsl_msi: Add missing of_node_put() [6.0,610/862] powerpc/pci_dn: Add missing of_node_put() [6.0,611/862] powerpc/powernv: add missing of_node_put() in opal_export_attrs() [6.0,612/862] cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage [6.0,613/862] powerpc: dts: turris1x.dts: Fix NOR partitions labels [6.0,614/862] powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes [6.0,615/862] powerpc: Fix fallocate and fadvise64_64 compat parameter combination [6.0,616/862] x86/hyperv: Fix struct hv_enlightened_vmcs definition [6.0,617/862] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 [6.0,618/862] powerpc/64/interrupt: Fix false warning in context tracking due to idle state [6.0,619/862] powerpc/64: mark irqs hard disabled in boot paca [6.0,620/862] powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending [6.0,621/862] powerpc: Fix SPE Power ISA properties for e500v1 platforms [6.0,622/862] powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() [6.0,623/862] powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL [6.0,624/862] crypto: sahara - dont sleep when in softirq [6.0,625/862] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr [6.0,626/862] hwrng: arm-smccc-trng - fix NO_ENTROPY handling [6.0,627/862] crypto: ccp - Fail the PSP initialization when writing psp data file failed [6.0,628/862] cgroup: Honor callers cgroup NS when resolving path [6.0,629/862] hwrng: imx-rngc - use devm_clk_get_enabled [6.0,630/862] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() [6.0,631/862] crypto: qat - fix default value of WDT timer [6.0,632/862] crypto: hisilicon/qm - fix missing put dfx access [6.0,633/862] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset [6.0,634/862] iommu/omap: Fix buffer overflow in debugfs [6.0,635/862] crypto: akcipher - default implementation for setting a private key [6.0,636/862] crypto: ccp - Release dma channels before dmaengine unrgister [6.0,637/862] crypto: inside-secure - Change swab to swab32 [6.0,638/862] crypto: qat - fix DMA transfer direction [6.0,639/862] clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 [6.0,640/862] clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe [6.0,641/862] cifs: return correct error in ->calc_signature() [6.0,642/862] iommu/iova: Fix module config properly [6.0,643/862] tracing: kprobe: Fix kprobe event gen test module on exit [6.0,644/862] tracing: kprobe: Make gen test module work in arm and riscv [6.0,645/862] tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads [6.0,646/862] ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller [6.0,647/862] kbuild: remove the target in signal traps when interrupted [6.0,648/862] linux/export: use inline assembler to populate symbol CRCs [6.0,649/862] kbuild: rpm-pkg: fix breakage when V=1 is used [6.0,650/862] crypto: marvell/octeontx - prevent integer overflows [6.0,651/862] crypto: cavium - prevent integer overflow loading firmware [6.0,652/862] random: schedule jitter credit for next jiffy, not in two jiffies [6.0,653/862] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id [6.0,654/862] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak [6.0,655/862] f2fs: fix race condition on setting FI_NO_EXTENT flag [6.0,656/862] f2fs: fix to account FS_CP_DATA_IO correctly [6.0,657/862] tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain [6.0,658/862] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle [6.0,659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20w… [6.0,660/862] module: tracking: Keep a record of tainted unloaded modules only [6.0,661/862] fs: dlm: fix race in lowcomms [6.0,662/862] rcu: Avoid triggering strict-GP irq-work when RCU is idle [6.0,663/862] rcu: Back off upon fill_page_cache_func() allocation failure [6.0,664/862] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() [6.0,665/862] rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states [6.0,666/862] cpufreq: amd_pstate: fix wrong lowest perf fetch [6.0,667/862] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk [6.0,668/862] fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL [6.0,669/862] ACPI: tables: FPDT: Dont call acpi_os_map_memory() on invalid phys address [6.0,670/862] cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode [6.0,671/862] MIPS: BCM47XX: Cast memcmp() of function to (void ) [6.0,672/862] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue [6.0,673/862] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash [6.0,674/862] ARM: decompressor: Include .data.rel.ro.local [6.0,675/862] ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable [6.0,676/862] x86/entry: Work around Clang __bdos() bug [6.0,677/862] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data [6.0,678/862] NFSD: fix use-after-free on source server when doing inter-server copy [6.0,679/862] libbpf: Ensure functions with always_inline attribute are inline [6.0,680/862] libbpf: Do not require executable permission for shared libraries [6.0,681/862] wifi: rtw88: phy: fix warning of possible buffer overflow [6.0,682/862] wifi: brcmfmac: fix invalid address access when enabling SCAN log level [6.0,683/862] bpftool: Clear errno after libcaps checks [6.0,684/862] net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 [6.0,685/862] openvswitch: Fix double reporting of drops in dropwatch [6.0,686/862] openvswitch: Fix overreporting of drops in dropwatch [6.0,687/862] tcp: annotate data-race around tcp_md5sig_pool_populated [6.0,688/862] micrel: ksz8851: fixes struct pointer issue [6.0,689/862] wifi: mac80211: accept STA changes without link changes [6.0,690/862] x86/mce: Retrieve poison range from hardware [6.0,691/862] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() [6.0,692/862] thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround [6.0,693/862] x86/apic: Dont disable x2APIC if locked [6.0,694/862] net: axienet: Switch to 64-bit RX/TX statistics [6.0,695/862] net-next: Fix IP_UNICAST_IF option behavior for connected sockets [6.0,696/862] xfrm: Update ipcomp_scratches with NULL when freed [6.0,697/862] wifi: ath11k: Register shutdown handler for WCN6750 [6.0,698/862] rtw89: ser: leave lps with mutex [6.0,699/862] net: ftmac100: fix endianness-related issues from sparse [6.0,700/862] iavf: Fix race between iavf_close and iavf_reset_task [6.0,701/862] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() [6.0,702/862] Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk [6.0,703/862] regulator: core: Prevent integer underflow [6.0,704/862] wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() [6.0,705/862] wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value [6.0,706/862] wifi: rtw89: free unused skb to prevent memory leak [6.0,707/862] wifi: rtw89: fix rx filter after scan [6.0,708/862] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() [6.0,709/862] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times [6.0,710/862] Bluetooth: hci_event: Make sure ISO events dont affect non-ISO connections [6.0,711/862] bnxt_en: replace reset with config timestamps [6.0,712/862] selftests/bpf: Free the allocated resources after test case succeeds [6.0,713/862] can: bcm: check the result of can_send() in bcm_can_tx() [6.0,714/862] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 [6.0,715/862] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 [6.0,716/862] wifi: rt2x00: set VGC gain for both chains of MT7620 [6.0,717/862] wifi: rt2x00: set SoC wmac clock register [6.0,718/862] wifi: rt2x00: correctly set BBP register 86 for MT7620 [6.0,719/862] hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms [6.0,720/862] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory [6.0,721/862] bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT [6.0,722/862] bpf: use bpf_prog_pack for bpf_dispatcher [6.0,723/862] Bluetooth: L2CAP: Fix user-after-free [6.0,724/862] net: sched: cls_u32: Avoid memcpy() false-positive warning [6.0,725/862] libbpf: Fix overrun in netlink attribute iteration [6.0,726/862] i2c: designware-pci: Group AMD NAVI quirk parts together [6.0,727/862] r8152: Rate limit overflow messages [6.0,728/862] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() [6.0,729/862] drm: Use size_t type for len variable in drm_copy_field() [6.0,730/862] drm: Prevent drm_copy_field() to attempt copying a NULL pointer [6.0,731/862] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook [6.0,732/862] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() [6.0,733/862] drm/amd/display: fix overflow on MIN_I64 definition [6.0,734/862] ALSA: hda: Fix page fault in snd_hda_codec_shutdown() [6.0,735/862] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support [6.0,736/862] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails [6.0,737/862] platform/x86: pmc_atom: Improve quirk message to be less cryptic [6.0,738/862] drm/amd: fix potential memory leak [6.0,739/862] drm: bridge: dw_hdmi: only trigger hotplug event on link change [6.0,740/862] drm/amd/display: Fix variable dereferenced before check [6.0,741/862] drm/amdgpu: Skip the program of MMMC_VM_AGP_ in SRIOV on MMHUB v3_0_0 [6.0,742/862] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF [6.0,743/862] ALSA: usb-audio: Register card at the last interface [6.0,744/862] drm/vc4: vec: Fix timings for VEC modes [6.0,745/862] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 [6.0,746/862] drm: panel-orientation-quirks: Add quirk for Aya Neo Air [6.0,747/862] platform/chrome: cros_ec: Notify the PM of wake events during resume [6.0,748/862] platform/x86: hp-wmi: Setting thermal profile fails with 0x06 [6.0,749/862] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading [6.0,750/862] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS [6.0,751/862] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms [6.0,752/862] ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component [6.0,753/862] ASoC: SOF: add quirk to override topology mclk_id [6.0,754/862] drm/amdgpu: SDMA update use unlocked iterator [6.0,755/862] drm/amd/display: Fix urgent latency override for DCN32/DCN321 [6.0,756/862] drm/amd/display: correct hostvm flag [6.0,757/862] drm/amdgpu: fix initial connector audio value [6.0,758/862] ASoC: amd: yc: Add ASUS UM5302TA into DMI table [6.0,759/862] ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table [6.0,760/862] drm/meson: reorder driver deinit sequence to fix use-after-free bug [6.0,761/862] drm/meson: explicitly remove aggregate driver at module unload time [6.0,762/862] drm/meson: remove drm bridges at aggregate driver unbind time [6.0,763/862] mmc: sdhci-msm: add compatible string check for sdm670 [6.0,764/862] drm/dp: Dont rewrite link config when setting phy test pattern [6.0,765/862] drm/amd/display: Remove interface for periodic interrupt 1 [6.0,766/862] drm/amd/display: polling vid stream status in hpo dp blank [6.0,767/862] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning [6.0,768/862] ARM: dts: imx6: delete interrupts property if interrupts-extended is set [6.0,769/862] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 [6.0,770/862] arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address [6.0,771/862] ARM: dts: imx6q: add missing properties for sram [6.0,772/862] ARM: dts: imx6dl: add missing properties for sram [6.0,773/862] ARM: dts: imx6qp: add missing properties for sram [6.0,774/862] ARM: dts: imx6sl: add missing properties for sram [6.0,775/862] ARM: dts: imx6sll: add missing properties for sram [6.0,776/862] ARM: dts: imx6sx: add missing properties for sram [6.0,777/862] ARM: dts: imx6sl: use tabs for code indent [6.0,778/862] ARM: dts: imx6sx-udoo-neo: dont use multiple blank lines [6.0,779/862] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT [6.0,780/862] arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage [6.0,781/862] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply [6.0,782/862] ARM: orion: fix include path [6.0,783/862] btrfs: dump extra info if one free space cache has more bitmaps than it should [6.0,784/862] btrfs: scrub: properly report super block errors in system log [6.0,785/862] btrfs: scrub: try to fix super block errors [6.0,786/862] btrfs: dont print information about space cache or tree every remount [6.0,787/862] btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure [6.0,788/862] arm64: dts: uniphier: Add USB-device support for PXs3 reference board [6.0,789/862] ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() [6.0,790/862] ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value [6.0,791/862] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n [6.0,792/862] clk: zynqmp: Fix stack-out-of-bounds in strncpy` [6.0,793/862] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() [6.0,794/862] media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc [6.0,795/862] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate [6.0,796/862] RDMA/rxe: Delete error messages triggered by incoming Read requests [6.0,797/862] usb: host: xhci-plat: suspend and resume clocks [6.0,798/862] usb: host: xhci-plat: suspend/resume clks for brcm [6.0,799/862] scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID [6.0,800/862] dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow [6.0,801/862] scsi: 3w-9xxx: Avoid disabling device if failing to enable it [6.0,802/862] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() [6.0,803/862] iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity [6.0,804/862] usb: gadget: uvc: increase worker prio to WQ_HIGHPRI [6.0,805/862] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() [6.0,806/862] staging: vt6655: fix potential memory leak [6.0,807/862] blk-throttle: prevent overflow while calculating wait time [6.0,808/862] ata: libahci_platform: Sanity check the DT child nodes number [6.0,809/862] bcache: fix set_at_max_writeback_rate() for multiple attached devices [6.0,810/862] soundwire: cadence: Dont overwrite msg->buf during write commands [6.0,811/862] soundwire: intel: fix error handling on dai registration issues [6.0,812/862] hid: topre: Add driver fixing report descriptor [6.0,813/862] HID: roccat: Fix use-after-free in roccat_read() [6.0,814/862] HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() [6.0,815/862] HID: nintendo: check analog user calibration for plausibility [6.0,816/862] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d [6.0,817/862] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() [6.0,818/862] usb: musb: Fix musb_gadget.c rxstate overflow bug [6.0,819/862] usb: dwc3: core: add gfladj_refclk_lpm_sel quirk [6.0,820/862] arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes [6.0,821/862] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug [6.0,822/862] Revert "usb: storage: Add quirk for Samsung Fit flash" [6.0,823/862] io_uring: fix CQE reordering [6.0,824/862] staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() [6.0,825/862] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() [6.0,826/862] scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled [6.0,827/862] ext2: Use kvmalloc() for group descriptor array [6.0,828/862] nvme: handle effects after freeing the request [6.0,829/862] nvme: copy firmware_rev on each init [6.0,830/862] nvmet-tcp: add bounds check on Transfer Tag [6.0,831/862] usb: idmouse: fix an uninit-value in idmouse_open [6.0,832/862] blk-mq: use quiesced elevator switch when reinitializing queues [6.0,833/862] hwmon (occ): Retry for checksum failure [6.0,834/862] fsi: occ: Prevent use after free [6.0,835/862] fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe [6.0,836/862] dmaengine: dw-edma: Remove runtime PM support [6.0,837/862] usb: typec: ucsi: Dont warn on probe deferral [6.0,838/862] clk: bcm2835: Round UART input clock up [6.0,839/862] perf: Skip and warn on unknown format configN attrs [6.0,840/862] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc [6.0,841/862] perf intel-pt: Fix system_wide dummy event for hybrid [6.0,842/862] io_uring/net: refactor io_sr_msg types [6.0,843/862] io_uring/net: use io_sr_msg for sendzc [6.0,844/862] io_uring/net: dont lose partial send_zc on fail [6.0,845/862] io_uring/net: rename io_sendzc() [6.0,846/862] io_uring/net: dont skip notifs for failed requests [6.0,847/862] io_uring/net: fix notif cqe reordering [6.0,848/862] mm: hugetlb: fix UAF in hugetlb_handle_userfault [6.0,849/862] net: ieee802154: return -EINVAL for unknown addr type [6.0,850/862] ALSA: usb-audio: Fix last interface check for registration [6.0,851/862] blk-wbt: fix that rwb->wc is always set to 1 in wbt_init() [6.0,852/862] net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses [6.0,853/862] Revert "drm/amd/display: correct hostvm flag" [6.0,854/862] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" [6.0,855/862] net/ieee802154: dont warn zero-sized raw_sendmsg() [6.0,856/862] powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context [6.0,857/862] drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n [6.0,858/862] io_uring: fix fdinfo sqe offsets calculation [6.0,859/862] io_uring/rw: ensure kiocb_end_write() is always called [6.0,860/862] Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 [6.0,861/862] Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT [6.0,862/862] lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5

Commit Message

Greg KH Oct. 19, 2022, 8:23 a.m. UTC

  From: Mickaël Salaün <mic@digikod.net>

commit 7c88c1e0ab1704bacb751341ee6431c3be34b834 upstream.

A kernel daemon should not rely on the current thread, which is unknown
and might be malicious.  Before this security fix,
ksmbd_override_fsids() didn't correctly override FS UID/GID which means
that arbitrary user space threads could trick the kernel to impersonate
arbitrary users or groups for file system access checks, leading to
file system access bypass.

This was found while investigating truncate support for Landlock:
https://lore.kernel.org/r/CAKYAXd8fpMJ7guizOjHgxEyyjoUwPsx3jLOPZP=wPYcbhkVXqA@mail.gmail.com

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: Hyunchul Lee <hyc.lee@gmail.com>
Cc: Steve French <smfrench@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20220929100447.108468-1-mic@digikod.net
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ksmbd/smb_common.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff mbox series

Patch

--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -4,6 +4,8 @@ 
  *   Copyright (C) 2018 Namjae Jeon <linkinjeon@kernel.org>
  */
 
+#include <linux/user_namespace.h>
+
 #include "smb_common.h"
 #include "server.h"
 #include "misc.h"
@@ -625,8 +627,8 @@  int ksmbd_override_fsids(struct ksmbd_wo
 	if (!cred)
 		return -ENOMEM;
 
-	cred->fsuid = make_kuid(current_user_ns(), uid);
-	cred->fsgid = make_kgid(current_user_ns(), gid);
+	cred->fsuid = make_kuid(&init_user_ns, uid);
+	cred->fsgid = make_kgid(&init_user_ns, gid);
 
 	gi = groups_alloc(0);
 	if (!gi) {