value of key.idx after
nl80211_parse_key() is called and return -EINVAL if key.idx < 0.
Reported-by: syzbot+b1bb342d1d097516c...@syzkaller.appspotmail.com
Tested-by: syzbot+b1bb342d1d097516c...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
net/wireless/nl80211.c | 3 +++
1 f
er
dereference.
Fixes: ce945552fde4 ("Bluetooth: hci_h5: Add support for serdev enumerated
devices")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam h5_close v4
---
Changes
On 05-10-2020 14:48, Hans de Goede wrote:
> To fully fix the memleak you also need to add a kfree_skb(h5->rx_skb);
> call to the end of h5_serdev_remove(), because in the hu->serdev case
> that is where the h5 struct will be free-ed (it is free-ed after that
> function exits).
Hi Hans,
I'm not en
-off-by: Anant Thazhemadam
---
Changes in v4:
* Use netdev_notice() instead of dev_warn() and update the
logged message to show the new random MAC as well
(Suggested by Joe Perches )
* Convert set_ethernet_addr()'s return type back to void.
Since
ec30de...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/net/team/team.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 8c1e02752ff6..8986f3e4 100644
--- a/drivers/net/team/team.c
+++ b/drive
On 20-09-2020 01:47, Anant Thazhemadam wrote:
> On 19-09-2020 17:03, Anant Thazhemadam wrote:
>> On 19-09-2020 22:25, Al Viro wrote:
>>> On Sat, Sep 19, 2020 at 05:17:27PM +0100, Al Viro wrote:
>>>
>>>> Lovely... That would get an empty path and non-dire
upport for serdev enumerated
devices")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes in v3:
* Free h5->rx_skb when !hu->serdev, and fix the memory leak
On 02/10/20 3:52 pm, Hans de Goede wrote:
> Hi,
>
> On 10/1/20 9:43 PM, Anant Thazhemadam wrote:
>> When h5_close() gets called, the memory allocated for the hu gets
>> freed only if hu->serdev doesn't exist. This leads to a memory leak.
>> So when h5_clo
On 04/10/20 3:05 am, Joe Perches wrote:
> On Sun, 2020-10-04 at 02:49 +0530, Anant Thazhemadam wrote:
>> When get_registers() fails, in set_ethernet_addr(),the uninitialized
>> value of node_id gets copied as the address. This can be considered as
>> set_ethernet_
-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Acked-by: Petko Manolov
Signed-off-by: Anant Thazhemadam
---
Changes in v3:
* Set a random MAC address to the device rather than making
the device not work
On 04/10/20 1:08 am, Joe Perches wrote:
> On Thu, 2020-10-01 at 13:02 +0530, Anant Thazhemadam wrote:
>> When get_registers() fails (which happens when usb_control_msg() fails)
>> in set_ethernet_addr(), the uninitialized value of node_id gets copied
>> as the addres
On 03-10-2020 04:08, David Miller wrote:
> From: Anant Thazhemadam
> Date: Fri, 2 Oct 2020 17:04:13 +0530
>
>> But this patch is about ensuring that an uninitialized variable's
>> value (whatever that may be) is not set as the ethernet address
>> blindly
On 02-10-2020 19:59, Petko Manolov wrote:
> On 20-10-02 17:35:25, Anant Thazhemadam wrote:
>> Yes, this clears things up for me. I'll see to it that this gets done in a
>> v3.
> If set_ethernet_addr() fail, don't return error, but use eth_hw_addr_random()
> in
On 02-10-2020 17:24, Greg KH wrote:
> On Fri, Oct 02, 2020 at 05:04:13PM +0530, Anant Thazhemadam wrote:
>> On 02/10/20 7:45 am, David Miller wrote:
>>> From: Anant Thazhemadam
>>> Date: Thu, 1 Oct 2020 13:02:20 +0530
>>>
>>>> When get_regis
On 02/10/20 7:45 am, David Miller wrote:
> From: Anant Thazhemadam
> Date: Thu, 1 Oct 2020 13:02:20 +0530
>
>> When get_registers() fails (which happens when usb_control_msg() fails)
>> in set_ethernet_addr(), the uninitialized value of node_id gets copied
>> as the
On 02/10/20 3:52 pm, Hans de Goede wrote:
> Hi,
>
> On 10/1/20 9:43 PM, Anant Thazhemadam wrote:
>> When h5_close() gets called, the memory allocated for the hu gets
>> freed only if hu->serdev doesn't exist. This leads to a memory leak.
>> So when h5_close() is
uot;Bluetooth: hci_h5: Add support for serdev enumerated
devices")
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes in v2:
* Fixed the Fixes tag
drivers/blue
On 01/10/20 5:23 pm, Stephen Rothwell wrote:
> Hi all,
>
> In commit
>
> 44d59235ace5 ("Bluetooth: hci_h5: close serdev device and free hu in
> h5_close")
>
> Fixes tag
>
> Fixes: https://syzkaller.appspot.com/bug?extid=6ce141c55b2f7aafd1c4
>
> has these problem(s):
>
> - No SHA1 recognise
address being incorrectly set in this manner.
Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
Acked-by: Petko Manolov
---
Changes in v2:
* Modified condition checking
syzbot+4c14a8f574461e1c3...@syzkaller.appspotmail.com
>> Signed-off-by: Anant Thazhemadam
>> ---
>> If there is some explicit reason why len < 4 doesn't work, and only len < 2
>> works,
>> please do let me know.
>> The commit message that introd
instance and
>> free the memory allocated to the hu entirely instead.
>>
>> Fixes: https://syzkaller.appspot.com/bug?extid=6ce141c55b2f7aafd1c4
>> Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
>> Tested-by: syzbot+6ce141c55b2f7aafd...
On 30/09/20 9:46 pm, Dmitry Vyukov wrote:
> On Wed, Sep 30, 2020 at 5:57 PM Anant Thazhemadam
> wrote:
>> On 26/09/20 12:27 pm, Greg KH wrote:
>>> On Sat, Sep 26, 2020 at 08:53:07AM +0200, Dmitry Vyukov via
>>> Linux-kernel-mentees wrote:
>>>> On Sat,
On 26/09/20 12:27 pm, Greg KH wrote:
> On Sat, Sep 26, 2020 at 08:53:07AM +0200, Dmitry Vyukov via
> Linux-kernel-mentees wrote:
>> On Sat, Sep 26, 2020 at 5:25 AM syzbot
>> wrote:
>>> Hello,
>>>
>>> syzbot has tested the proposed patch and the reproducer did not trigger any
>>> issue:
>>>
>>>
#syz fix: ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info()
post-reordering of members gives us the following
stats.
/* size: 1280, cachelines: 20, members: 11 */
/* padding: 60 */
/* paddings: 2, sum paddings: 44 */
/* forced alignments: 2 */
Signed-off-by: Anant Thazhemadam
---
The complete analysis done by pahole can be
of the structure (virtnet_info)
* have more members stored in one cache line (as opposed to
unnecessarily crossing the cacheline boundary and spanning
different cachelines)
The analysis was performed using pahole.
These patches may be applied in any order.
Anant Thazhemadam (2):
net
members gives the following
stats.
/* size: 248, cachelines: 4, members: 25 */
/* padding: 3 */
/* paddings: 1, sum paddings: 4 */
/* last cacheline: 56 bytes */
Signed-off-by: Anant Thazhemadam
---
The complete analysis done by pahole can be found below.
Before the
On 29/09/20 2:17 pm, Petko Manolov wrote:
> On 20-09-29 13:50:28, Anant Thazhemadam wrote:
>> When get_registers() fails (which happens when usb_control_msg() fails)
>> in set_ethernet_addr(), the uninitialized value of node_id gets copied
>> as the address.
>>
>&g
spot.com/bug?extid=6ce141c55b2f7aafd1c4
Reported-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/bluetooth/hci_h5.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(
A sample crash report can be found here.
https://syzkaller.appspot.com/text?tag=CrashReport&x=1748691190
The line where the bug seems to get triggered is,
if (!batadv_compare_eth(hard_iface->net_dev->dev_addr,
net_dev->dev_addr))
Looks like it goes through the list of
address being incorrectly set in this manner.
Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/net/usb/rtl8150.c | 24
1 file changed, 16
On 26/09/20 12:23 pm, Dmitry Vyukov wrote:
> On Sat, Sep 26, 2020 at 5:25 AM syzbot
> wrote:
>> Hello,
>>
>> syzbot has tested the proposed patch and the reproducer did not trigger any
>> issue:
>>
>> Reported-and-tested-by: syzbot+35c80b2190255a410...@syzkaller.appspotmail.com
>>
>> Tested on:
On 05/09/20 7:34 am, Anant Thazhemadam wrote:
> When the amount of data stored in the location corresponding to
> iov_iter *from is less then 4, some data seems to go uninitialized.
>
> Updating this condition accordingly, makes sense both intuitively and
> logically as well,
On 19-09-2020 17:03, Anant Thazhemadam wrote:
> On 19-09-2020 22:25, Al Viro wrote:
>> On Sat, Sep 19, 2020 at 05:17:27PM +0100, Al Viro wrote:
>>
>>> Lovely... That would get an empty path and non-directory for a starting
>>> point, but it should end up with L
On 19-09-2020 22:25, Al Viro wrote:
> On Sat, Sep 19, 2020 at 05:17:27PM +0100, Al Viro wrote:
>
>> Lovely... That would get an empty path and non-directory for a starting
>> point, but it should end up with LAST_ROOT in nd->last_type. Which should
>> not be able to reach the readers of those f
On 16/09/20 11:52 am, Greg KH wrote:
> On Wed, Sep 16, 2020 at 10:35:40AM +0530, Anant Thazhemadam wrote:
>> get_registers() copies whatever memory is written by the
>> usb_control_msg() call even if the underlying urb call ends up failing.
>>
>> If get_registers()
On 16/09/20 11:49 am, Petko Manolov wrote:
> On 20-09-16 10:35:40, Anant Thazhemadam wrote:
>> get_registers() copies whatever memory is written by the
>> usb_control_msg() call even if the underlying urb call ends up failing.
> Not true, memcpy() is only called if "ret&q
On 16/09/20 10:25 am, Dmitry Vyukov wrote:
> On Tue, Sep 15, 2020 at 8:34 PM Anant Thazhemadam
> wrote:
>> On Monday, October 14, 2019 at 2:25:08 AM UTC+5:30 syzbot wrote:
>>> Hello,
>>>
>>> syzbot found the following crash on:
>>>
>>> H
https://syzkaller.appspot.com/bug?extid=4191a44ad556eacc1a7a
Reported-by: syzbot+4191a44ad556eacc1...@syzkaller.appspotmail.com
Tested-by: syzbot+4191a44ad556eacc1...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --
extid=abbc768b560c84d92fd3
Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
drivers/net/usb/rtl8150.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/dr
On 13/09/20 4:33 pm, Anant Thazhemadam wrote:
> The crash report indicated that there was a local variable;
> iovstack.i@__sys_sendmmsg created at:
> ___sys_sendmsg net/socket.c:2388 [inline]
> __sys_sendmmsg+0x6db/0xc90 net/socket.c:2480
>
> that was left uninitialized
I can assure you that when I said "I think", I meant it in an assertive manner,
and not an assumptive one, but I can understand how that could easily get lost
in translation.
I wouldn't have sent in the patch if I had caught the build warning, and once
again, my apologies for not fixing it sooner
ested-by: syzbot+09a5d591c1f98cf5e...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
Changes from v1:
* Fixed the build warning that v1 had introduced
net/socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/socket.c b/net/socket.c
index 0c0144604f81..1e6f9b5
On 13/09/20 11:43 am, Greg KH wrote:
> On Sun, Sep 13, 2020 at 11:26:39AM +0530, Anant Thazhemadam wrote:
>> The crash report showed that there was a local variable;
>>
>> iovstack.i@__sys_sendmmsg created at:
>> ___sys_sendmsg net/socket.c:2388 [inline]
>>
by passing an array of 0's as
a parameter while making the initial system call.
Reported-by: syzbot+09a5d591c1f98cf5e...@syzkaller.appspotmail.com
Tested-by: syzbot+09a5d591c1f98cf5e...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
net/socket.c | 1 +
1 file changed, 1 inse
On 12/09/20 8:25 pm, Greg KH wrote:
> On Sat, Sep 12, 2020 at 05:43:38PM +0530, Anant Thazhemadam wrote:
>> On 12/09/20 5:17 pm, Greg KH wrote:
>>> Note, your "To:" line seemed corrupted, and why not cc: the bpf mailing
>>> list as well?
>> Oh, I
On 12/09/20 5:17 pm, Greg KH wrote:
> Note, your "To:" line seemed corrupted, and why not cc: the bpf mailing
> list as well?
Oh, I'm sorry about that. I pulled the emails of all the people to whom
this mail was sent off from the header in lkml mail, and just cc-ed
everyone.
> You leaked memory
Updated the usage of a struct variable directly, in bpf_link_get_info_by_fd
to using a pointer of the same type instead, which points to a memory
location allocated using kzalloc.
Signed-off-by: Anant Thazhemadam
---
I saw this bug (https://syzkaller.appspot.com/bug?extid=976d5ecfab0c7eb43ac3
On 11-09-2020 15:20, Dmitry Vyukov wrote:
> On Sat, Aug 8, 2020 at 8:56 AM syzbot
> wrote:
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit:d6efb3ac Merge tag 'tty-5.9-rc1' of git://git.kernel.org/p..
>> git tree: upstream
>> console output: https://syzkaller.apps
On 09/09/20 5:03 am, Anant Thazhemadam wrote:
> Removing ARCH_QCOM, as a dependency for QRTR begins to give rise to
> issues with respect to maintaining reference count integrity and
> suspicious rcu usage.
>
> The bugs resolved by making QRTR dependent on ARCH_QCOM include
qrtr_ns_worker
Reported-by: syzbot+0f84f6eed90503da7...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
As I understand it, QRTR was initially dependent upon ARCH_QCOM, but was
removed since not all modems using IPC Router protocol required the
support provided for Qualcomm
container_of_safe resolves this issue, with no obvious tradeoffs
and without considerable expense.
Reported-by: syzbot+b8639c8dcb5ec4483...@syzkaller.appspotmail.com
Tested-by: syzbot+b8639c8dcb5ec4483...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
include/linux/device.h | 2 +-
1 file
> HCI_MAX_FRAME_SIZE, which is HCI_MAX_ACL_SIZE (which is 1024) + 4;
which itself gives some idea about what must be the ideal mininum size.
Reported-and-tested by: syzbot+4c14a8f574461e1c3...@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam
---
If there is some explicit reason why len < 4 doesn&
indly ignore and discard this patch.
My sincere apologies.
Thanks,
Anant
On Fri, Sep 4, 2020 at 6:04 AM Anant Thazhemadam
wrote:
>
> A few unused variables that were defined were found and removed.
>
> Signed-off-by: Anant Thazhemadam
> ---
> drivers/staging/comedi/drivers/dt
A few unused variables that were defined were found and removed.
Signed-off-by: Anant Thazhemadam
---
drivers/staging/comedi/drivers/dt2814.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/staging/comedi/drivers/dt2814.c
b/drivers/staging/comedi/drivers/dt2814.c
index
about time this was updated too
Signed-off-by: Anant Thazhemadam
---
arch/ia64/kernel/perfmon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c
index 0dc3611e7971..91349e38b9be 100644
--- a/arch/ia64/kernel/perfmon.c
ning.
Signed-off-by: Anant Thazhemadam
---
.../media/atomisp/pci/isp/kernels/vf/vf_1.0/ia_css_vf.host.c| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/drivers/staging/media/atomisp/pci/isp/kernels/vf/vf_1.0/ia_css_vf.host.c
b/drivers/staging/media/atomisp/pci/i
Upon running sparse, "warning: dubious: !x | !y" is brought to notice
for this file. This patch fixes that warning.
If there's a specific reason that this change is considered undesirable,
please do let me know why.
Thanks.
Signed-off-by: Anant Thazhemadam
---
.../media/
Running the checkpatch.pl script on the file for which patch was created, the
following error was found to exist.
ERROR: space required after that ',' (ctx:VxV)
Fixed the above error which was found on line #721 by inserting a blank
space at the appropriate position.
Signed-off
The coding style issue that raised an error (upon checking against
checkpatch.pl) has been fixed.
Exactly one coding style issue has been fixed; as required by Task 10
of the Eudyptula Challenge.
Signed-off-by: Anant Thazhemadam
---
drivers/staging/rtl8188eu/core/rtw_security.c | 4 +++-
1 file
Coding style issues found were rectified
Signed-off-by: Anant Thazhemadam
---
drivers/staging/rtl8188eu/core/rtw_security.c | 92 ++-
1 file changed, 47 insertions(+), 45 deletions(-)
diff --git a/drivers/staging/rtl8188eu/core/rtw_security.c
b/drivers/staging/rtl8188eu/core
101 - 161 of 161 matches
Mail list logo