[PATCH 3.16 022/178] USB: serial: safe_serial: fix information leak in... | stable

[PATCH 3.16 000/178] 3.16.46-rc1 review · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 102/178] ubi/upd: Always flush after prepared for an update · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 083/178] xen/acpi: upload PM state from init-domain to Xen · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 103/178] iscsi-target: Fix TMR reference leak during session shutdown · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 053/178] nl80211: fix dumpit error path RTNL deadlocks · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 010/178] usb: dwc3: gadget: make Set Endpoint Configuration macros safe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 019/178] target: Fix VERIFY_16 handling in sbc_parse_cdb · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 039/178] USB: idmouse: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 040/178] USB: uss720: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 028/178] net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 030/178] net: bcmgenet: synchronize irq0 status between the isr and task · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 038/178] dccp/tcp: fix routing redirect race · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 037/178] net: wimax/i2400m: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 029/178] net: bcmgenet: correct MIB access of UniMAC RUNT counters · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 031/178] net: bcmgenet: Power up the internal PHY before probing the MII · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 032/178] net: bcmgenet: add begin/complete ethtool ops · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 035/178] ipv6: make ECMP route replacement less greedy · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 042/178] uwb: hwa-rc: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 034/178] NFSv4: fix a reference leak caused WARNING messages · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 036/178] isdn/gigaset: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 095/178] virtio_balloon: prevent uninitialized variable use · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 094/178] virtio_balloon: init 1st buffer in stats vq · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 092/178] netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 097/178] ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 089/178] IB/qib: fix false-postive maybe-uninitialized warning · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 098/178] ACPI: Fix incompatibility with mcount-based function graph tracing · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 080/178] net/mlx5: Increase number of max QPs in default profile · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 091/178] USB: fix linked-list corruption in rh_call_control() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 099/178] xhci: Manually give back cancelled URB if we can't queue it for cancel · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 096/178] ACPI: Do not create a platform_device for IOAPIC/IOxAPIC · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 088/178] net: phy: handle state correctly in phy_stop_machine · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 174/178] xen-blkback: don't leak stack data via response ring · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 173/178] drm/vmwgfx: Make sure backup_handle is always valid · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 093/178] powerpc: Disable HFSCR[TM] if TM is not supported · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 177/178] ALSA: timer: Fix race between read and ioctl · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 178/178] ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 001/178] xfrm: policy: init locks early · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 158/178] tracing: Allocate the snapshot buffer before enabling probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 160/178] ring-buffer: Have ring_buffer_iter_empty() return true when empty · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 165/178] net: tc35815: move free after the dereference · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 147/178] s390/mm: fix CMMA vs KSM vs others · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 169/178] team: fix memory leaks · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 143/178] l2tp: don't mask errors in pppol2tp_getsockopt() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 121/178] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd · Ben Hutchings <hidden> · 2017-07-16
Re: [PATCH 3.16 121/178] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd · Suzuki K Poulose <Suzuki.Poulose@arm.com> · 2017-07-17
Re: [PATCH 3.16 121/178] kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd · Ben Hutchings <hidden> · 2017-07-18
[PATCH 3.16 119/178] iscsi-target: Drop work-around for legacy GlobalSAN initiator · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 105/178] drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 020/178] MIPS: End spinlocks with .insn · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 018/178] target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 023/178] [media] dvb-usb: don't use stack for firmware load · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 011/178] usb: gadget: function: f_fs: pass companion descriptor along · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 014/178] libceph: don't set weight to IN when OSD is destroyed · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 022/178] USB: serial: safe_serial: fix information leak in completion handler · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 017/178] scsi: lpfc: Add shutdown method for kexec · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 016/178] powerpc/boot: Fix zImage TOC alignment · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 013/178] scsi: aacraid: Fix typo in blink status · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 012/178] USB: serial: digi_acceleport: fix OOB-event processing · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 015/178] Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000 · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 049/178] ext4: mark inode dirty after converting inline directory · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 074/178] bpf: try harder on clones when writing into skb · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 085/178] KVM: kvm_io_bus_unregister_dev() should never fail · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 135/178] CIFS: Handle mismatched open calls · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 167/178] Input: i8042 - add Clevo P650RS to the i8042 reset list · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 070/178] ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 156/178] KEYS: Change the name of the dead type to ".dead" to prevent user access · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 114/178] l2tp: take a reference on sessions used in genetlink handlers · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 006/178] tracing: Add #undef to fix compile error · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 161/178] mac80211: reject ToDS broadcast data frames · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 063/178] net: ipv6: set route type for anycast routes · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 052/178] sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 024/178] [media] dvb-usb-firmware: don't do DMA on stack · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 145/178] x86/vdso: Plug race between mapping and ELF header setup · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 142/178] l2tp: don't mask errors in pppol2tp_setsockopt() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 054/178] perf/core: Fix event inheritance on fork() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 175/178] char: lp: fix possible integer overflow in lp_setup() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 137/178] virtio_console: fix uninitialized variable use · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 033/178] x86/platform/intel-mid: Correct MSI IRQ line for watchdog device · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 153/178] ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 056/178] Input: iforce - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 075/178] sch_dsmark: fix invalid skb_cow() usage · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 046/178] mmc: sdhci-of-arasan: fix incorrect timeout clock · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 104/178] drm/vmwgfx: Type-check lookups of fence objects · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 112/178] l2tp: ensure session can't get removed during pppol2tp_session_ioctl() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 125/178] powerpc/64: Fix flush_(d|i)cache_range() called from modules · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 021/178] USB: serial: io_ti: fix NULL-deref in interrupt callback · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 122/178] powerpc: Don't try to fix up misaligned load-with-reservation instructions · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 126/178] crypto: caam - fix RNG deinstantiation error checking · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 079/178] usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 134/178] metag/usercopy: Add missing fixups · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 065/178] ACM gadget: fix endianness in notifications · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 059/178] Input: yealink - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 058/178] Input: ims-pcu - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 043/178] uwb: i1480-dfu: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 002/178] xen: do not re-use pirq number cached in pci device msi msg data · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 162/178] smsc75xx: use skb_cow_head() to deal with cloned skbs · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 139/178] scsi: sr: Sanity check returned mode data · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 146/178] CIFS: remove bad_network_name flag · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 106/178] drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 101/178] s390/uaccess: get_user() should zero on failure (again) · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 062/178] Input: sur40 - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 111/178] l2tp: fix race in l2tp_recv_common() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 027/178] udp: avoid ufo handling on IP payload compression packets · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 076/178] bna: integer overflow bug in debugfs · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 141/178] ptrace: fix PTRACE_LISTEN race corrupting task->state · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 149/178] ALSA: seq: Don't break snd_use_lock_sync() loop by timeout · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 129/178] metag/usercopy: Fix alignment error checking · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 171/178] ceph: fix recursion between ceph_set_acl() and __ceph_setattr() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 159/178] ACPI / power: Avoid maybe-uninitialized warning · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 115/178] kernel.h: make abs() work with 64-bit types · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 108/178] mmc: sdhci: Disable runtime pm when the sdio_irq is enabled · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 051/178] net: properly release sk_frag.page · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 069/178] USB: serial: qcserial: add Dell DW5811e · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 061/178] Input: kbtab - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 113/178] l2tp: fix duplicate session creation · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 071/178] scsi: libsas: fix ata xfer length · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 109/178] serial: mxs-auart: fix baud rate range · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 164/178] sr9700: use skb_cow_head() to deal with cloned skbs · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 155/178] cifs: Do not send echoes before Negotiate is complete · Ben Hutchings <hidden> · 2017-07-16
RE: [PATCH 3.16 155/178] cifs: Do not send echoes before Negotiate is complete · Pavel Shilovskiy <hidden> · 2017-07-18
[PATCH 3.16 067/178] gpio:mcp23s08 Fixed missing interrupts · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 110/178] serial: mxs-auart: Fix baudrate calculation · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 117/178] iio: core: Fix IIO_VAL_FRACTIONAL_LOG2 for negative values · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 009/178] net: phy: Do not perform software reset for Generic PHY · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 078/178] usb: gadget: uvc: Fix endianness mismatches · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 131/178] metag/usercopy: Zero rest of buffer from copy_from_user · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 140/178] scsi: sd: Fix capacity calculation with 32-bit sector_t · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 148/178] MIPS: KGDB: Use kernel context for sleeping threads · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 138/178] xen, fbfront: fix connecting to backend · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 008/178] ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 047/178] futex: Fix potential use-after-free in FUTEX_REQUEUE_PI · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 057/178] Input: cm109 - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 082/178] libceph: force GFP_NOIO for socket allocations · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 133/178] metag/usercopy: Fix src fixup in from user rapf loops · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 124/178] powerpc/kernel: Use kprobe blacklist for asm functions · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 118/178] iio: hid-sensor-attributes: Fix sensor property setting failure. · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 120/178] af_key: Add lock to key dump · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 005/178] KVM: s390: Fix guest migration for huge guests resulting in panic · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 130/178] metag/usercopy: Add early abort to copy_to_user · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 003/178] scsi: libiscsi: add lock around task lists to fix list corruption regression · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 045/178] USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 068/178] perf symbols: Fix symbols__fixup_end heuristic for corner cases · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 157/178] Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 128/178] metag/usercopy: Drop unused macros · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 163/178] cx82310_eth: use skb_cow_head() to deal with cloned skbs · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 081/178] mmc: sdhci: Do not disable interrupts while waiting for clock · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 152/178] perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 154/178] p9_client_readdir() fix · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 026/178] md/raid1/10: fix potential deadlock · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 132/178] metag/usercopy: Set flags before ADDZ · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 007/178] batman-adv: Keep fragments equally sized · Ben Hutchings <hidden> · 2017-07-16
Re: [PATCH 3.16 000/178] 3.16.46-rc1 review · Guenter Roeck <linux@roeck-us.net> · 2017-07-16
Re: [PATCH 3.16 000/178] 3.16.46-rc1 review · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 072/178] ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 172/178] mm: Tighten x86 /dev/mem with zeroing reads · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 151/178] zram: do not use copy_page with non-page aligned address · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 168/178] macvlan: Fix device ref leak when purging bc_queue · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 090/178] ext4: lock the xattr block before checksuming it · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 060/178] Input: hanwang - validate number of endpoints before using them · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 064/178] USB: usbtmc: add missing endpoint sanity check · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 123/178] l2tp: take reference on sessions being dumped · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 073/178] net: unix: properly re-increment inflight counter of GC discarded candidates · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 100/178] l2tp: purge socket queues in the .destruct() callback · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 144/178] x86/vdso: Ensure vdso32_enabled gets set to valid values only · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 048/178] futex: Add missing error handling to FUTEX_REQUEUE_PI · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 107/178] drm/vmwgfx: Remove getparam error message · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 084/178] KVM: x86: clear bus pointer when destroyed · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 077/178] s390/decompressor: fix initrd corruption caused by bss clear · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 055/178] mmc: ushc: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 136/178] Reset TreeId to zero on SMB2 TREE_CONNECT · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 041/178] USB: wusbcore: fix NULL-deref at probe · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 025/178] USB: iowarrior: fix NULL-deref in write · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 127/178] ring-buffer: Fix return value check in test_ringbuffer() · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 004/178] kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 176/178] fs/exec.c: account for argv/envp pointers · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 044/178] usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 116/178] include/linux/kernel.h: change abs() macro so it uses consistent return type · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 150/178] cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 170/178] ipv6: move stub initialization after ipv6 setup completion · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 166/178] net: ipv6: send unsolicited NA if enabled for all interfaces · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 066/178] usb: hub: Fix crash after failure to read BOS descriptor · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 086/178] hwmon: (asus_atk0110) fix uninitialized data access · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 087/178] ALSA: seq: Fix race during FIFO resize · Ben Hutchings <hidden> · 2017-07-16
[PATCH 3.16 050/178] iio: adc: ti_am335x_adc: fix fifo overrun recovery · Ben Hutchings <hidden> · 2017-07-16
Re: [PATCH 3.16 000/178] 3.16.46-rc1 review · Ben Hutchings <hidden> · 2017-07-16

STALE3256d

[PATCH 3.16 022/178] USB: serial: safe_serial: fix information leak in completion handler

From: Ben Hutchings <hidden>
Date: 2017-07-16 14:10:55
Also in: lkml

3.16.46-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Johan Hovold <johan@kernel.org>

commit 8c76d7cd520ebffc1ea9ea0850d87a224a50c7f2 upstream.

Add missing sanity check to the bulk-in completion handler to avoid an
integer underflow that could be triggered by a malicious device.

This avoids leaking up to 56 bytes from after the URB transfer buffer to
user space.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Ben Hutchings <redacted>
---
 drivers/usb/serial/safe_serial.c | 5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/usb/serial/safe_serial.c
+++ b/drivers/usb/serial/safe_serial.c

@@ -205,6 +205,11 @@ static void safe_process_read_urb(struct
 	if (!safe)
 		goto out;
 
+	if (length < 2) {
+		dev_err(&port->dev, "malformed packet\n");
+		return;
+	}
+
 	fcs = fcs_compute10(data, length, CRC10_INITFCS);
 	if (fcs) {
 		dev_err(&port->dev, "%s - bad CRC %x\n", __func__, fcs);

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help