ream-fixes (37309f47e2f5) branch that will be going
> to Linus shortly.
Ah... I checked linux-input@ before I started working on the bug, but
it seems that Ping sent out a patch just a few hours before I did.
Sorry for the race condition,
Peilin Ye
Hi Björn,
On Thu, Dec 17, 2020 at 08:12:26AM +0100, Björn Töpel wrote:
> On 2020-12-16 19:11, Peilin Ye wrote:
> > I have tested the following diff locally against syzbot's reproducer,
> > and sent a patch to it [1] for testing. I will send a real patch here
> > tomorrow if
;{f,c}q`, causing a memory leak. Move
`xskq_destroy(pool->{f,c}q)` from xp_release_deferred() to xp_destroy().
Also, since xskq_destroy() already does null check, I think it's
unnecessary to do it again here?
Thanks,
Peilin Ye
[1]
https://syzkaller.appspot.com/bug?id=fea808dfe3c6dfdd6ba9778becbffe0b14e91294
("[media] dvbdev: Add RF connector if needed")
Reported-by: syzbot+7f09440acc069a0d3...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=9bbe4b842c98f0ed05c5eed77a226e9de33bf298
Signed-off-by: Peilin Ye
---
drivers/media/dvb-core/dvbdev.c | 1 +
1 file changed,
c9695968d7250...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=3ce164d1f22d112c0bb0ef379a2656b5ca401583
Signed-off-by: Peilin Ye
---
Hi all,
syzbot complained about another memory leak issue [1] in
rxrpc_lookup_local() while testing this patch, which I think is
irrelevant.
Than
Fix 4 typos under drivers/media/platform/rockchip/rkisp1/ found by
checkpatch, including the RKISP1_CIF_MI_{M,S}P_PINGPONG_ENABLE macro
definitions.
Signed-off-by: Peilin Ye
---
Hi Helen, Dafna,
I noticed that the RKISP1_CIF_MI_{M,S}P_PINGPONG_ENABLE macros are not
being used yet, but according
On Thu, Nov 19, 2020 at 04:10:57PM +0100, Daniel Vetter wrote:
> On Thu, Nov 19, 2020 at 9:33 AM Peilin Ye wrote:
> > setfont seems to work fine, I tried Georgian-Fixed16 (256 chars) and
> > Uni2-VGA16 (512 chars) under /usr/share/consolefonts/ in my Ubuntu box,
> > including
owever based on the other
tests above I believe vc->vc_font.charcount is set properly.
Thanks,
Peilin Ye
On Mon, Nov 16, 2020 at 11:09:49AM +0100, Daniel Vetter wrote:
> On Sat, Nov 14, 2020 at 07:47:16AM -0500, Peilin Ye wrote:
> > On Sat, Nov 14, 2020 at 01:22:22PM +0100, Greg Kroah-Hartman wrote:
> > > On Sat, Nov 14, 2020 at 01:18:06PM +0100, Greg Kroah-Hartman wrote:
> >
On Sat, Nov 14, 2020 at 01:22:22PM +0100, Greg Kroah-Hartman wrote:
> On Sat, Nov 14, 2020 at 01:18:06PM +0100, Greg Kroah-Hartman wrote:
> > On Sat, Nov 14, 2020 at 03:10:21AM -0500, Peilin Ye wrote:
> > > Thanks for reviewing! Questions about the last patch [5/5] though
> On Fri, Nov 13, 2020 at 10:16:33PM +0100, Daniel Vetter wrote:
> > On Thu, Nov 12, 2020 at 07:02:21AM -0500, Peilin Ye wrote:
> > > Peilin Ye (5):
> > > console: Delete unused con_font_copy() callback implementations
> > > console: Delete dummy con_font_s
en
negative-indexing macros and hard-coded values.
Do not include in fbcon_rotate.c and tileblit.c, since they
no longer need it.
Depends on patch "Fonts: Add charcount field to font_desc".
Suggested-by: Daniel Vetter
Signed-off-by: Peilin Ye
---
v2: https://lore.kernel.org/lkml/2020102
harcount field to font_desc".
Signed-off-by: Peilin Ye
Reviewed-by: Daniel Vetter
---
v2:
https://lore.kernel.org/lkml/c38042bbf5c9777c84900d56c09f3c156b32af48.1603788512.git.yepeilin...@gmail.com/
Changes since v1:
- Slightly improved commit message.
- Rebased onto linux-next.
Subsystems are hard-coding the number of characters of our built-in fonts
as 256. Include that information in our kernel font descriptor, `struct
font_desc`.
Signed-off-by: Peilin Ye
Reviewed-by: Daniel Vetter
---
v2: https://lore.kernel.org/lkml/20201028060533.1206307-1-yepeilin...@gmail.com
Vetter
Signed-off-by: Peilin Ye
Reviewed-by: Greg Kroah-Hartman
---
v2:
https://lore.kernel.org/lkml/c5563eeea36aae7bd72ea2e985bc610d585ece40.1604306433.git.yepeilin...@gmail.com/
Strictly speaking this is different from v2 (see changelog), but it really
shouldn't matter, so I'm keeping Greg's
one for PPPIOCDETACH in commit af8d3c7c001a ("ppp: remove
the PPPIOCDETACH ioctl").
Signed-off-by: Peilin Ye
---
drivers/usb/misc/sisusbvga/sisusb_con.c | 6 --
drivers/video/console/dummycon.c| 6 --
drivers/video/fbdev/core/fbcon.c| 11 ---
include/linux/
rnel.org/lkml/c38042bbf5c9777c84900d56c09f3c156b32af48.1603788512.git.yepeilin...@gmail.com/
5/5:
https://lore.kernel.org/lkml/20201028155139.1220549-1-yepeilin...@gmail.com/
Peilin Ye (5):
console: Delete unused con_font_copy() callback implementations
console: Delete dummy con_font_set() and con_font_default() callback
implementa
> > Cc: sta...@vger.kernel.org
> > Fixes: 2f010b55884e ("Bluetooth: Add support for handling LE Direct
> > Advertising Report events")
> > Reported-and-tested-by:
> > syzbot+24ebd650e20bd263c...@syzkaller.appspotmail.com
> > Link: https://syzka
On Tue, Nov 10, 2020 at 02:46:20PM +0100, Daniel Vetter wrote:
> On Tue, Nov 10, 2020 at 2:24 PM Peilin Ye wrote:
> > Oh, are we doing an -rc3 backmerge soon? At the moment I can base these
> > patches on neither drm-misc (due to the font_copy removal), nor mainline
> > (
py
garbage-collecting) in a v3 series after the backmerge. Thanks,
Peilin Ye
fc0 Fonts: Replace discarded const
qualifier
Thank you,
Peilin Ye
and sorry again for the trouble,
Peilin Ye
8 as
const ensures it is still available after linking. Do the same for the
other 12 built-in fonts as well, for consistency purposes.
Cc:
Cc: Russell King
Fixes: 6735b4632def ("Fonts: Support FONT_EXTRA_WORDS macros for built-in
fonts")
Signed-off-by: Lee Jones
Co-developed-by: P
On Mon, Nov 02, 2020 at 04:24:47PM +, Lee Jones wrote:
> On Mon, 02 Nov 2020, Peilin Ye wrote:
>
> > On Mon, Nov 02, 2020 at 03:50:49PM +0100, Daniel Vetter wrote:
> > > Maybe Peilin is going to include the full re-cosntification in a
> > > cleanup series, d
On Mon, Nov 02, 2020 at 03:50:49PM +0100, Daniel Vetter wrote:
> Maybe Peilin is going to include the full re-cosntification in a
> cleanup series, dunno.
Sure, I will do it in a separate patch.
Thank you,
Peilin Ye
s this "extra"
> member get written to somewhere?
No, I will try to come up with a solution without these fields being
writable.
> So, sorry, no idea. This looks to me like a very unsatisfactory
> commit, and probably something that got a very poor review.
I hope this helps explain it.
Again, I apologize for all the troubles. I will do more thorough testing
and practice writing a commit message. Thank you!
Sincerely,
Peilin Ye
On Mon, Nov 02, 2020 at 11:10:44AM +0100, Daniel Vetter wrote:
> I'm not sure switching from int to unsigned just here makes much sense.
> All the console code is still using int con to index all the various
> arrays (I just checked fbcon.c code), and using int to index arrays is
> pretty
On Mon, Nov 02, 2020 at 11:13:47AM +0100, Daniel Vetter wrote:
> On Mon, Nov 02, 2020 at 10:47:55AM +0100, Jiri Slaby wrote:
> > On 02. 11. 20, 10:36, Peilin Ye wrote:
> > > `struct console_font` is a UAPI structure, thus ideally should not be
> > > used for kernel i
s".
Suggested-by: Daniel Vetter
Signed-off-by: Peilin Ye
---
con_font_set(), con_font_get() and con_font_default() also pass an entire
`console_font_op`.
con_font_get() and con_font_default() actually update the structure (later
copied to userspace), so let them be.
con_font_set() does not u
`struct console_font` is a UAPI structure, thus ideally should not be
used for kernel internal abstraction. Remove some dummy .con_font_set,
.con_font_default and .con_font_copy `struct consw` callback
implementations, to make it cleaner.
Suggested-by: Daniel Vetter
Signed-off-by: Peilin Ye
On Sun, Nov 01, 2020 at 04:41:13PM +0100, Greg Kroah-Hartman wrote:
> On Sun, Nov 01, 2020 at 09:49:04AM -0500, Peilin Ye wrote:
> > Replace printk() with pr_err(), pr_warn() and pr_info(). Do not split long
> > strings, for easier grepping. Use `__func__` when
Sam Ravnborg
Signed-off-by: Peilin Ye
---
drivers/video/fbdev/core/fbcon.c | 42 +---
1 file changed, 17 insertions(+), 25 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index cef437817b0d..a3e87ab0e523 100644
--- a/driv
r.kernel.org
Signed-off-by: Peilin Ye
---
drivers/tty/vt/vt.c | 6 +++---
drivers/video/fbdev/core/fbcon.c | 8 ++--
include/linux/console.h | 2 +-
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 9506a76f3ab6..
read in fbcon_copy_font()"
depends on this patch, so Cc: stable.
Cc: sta...@vger.kernel.org
Suggested-by: Daniel Vetter
Signed-off-by: Peilin Ye
---
Context:
https://lore.kernel.org/lkml/CAKMK7uFY2zv0adjKJ_ORVFT7Zzwn075MaU0rEU7_FuqENLR=u...@mail.gmail.com/
drivers/usb/misc/sisusbvga/sisusb_
ot/compressed/ll_char_wr.S. I'm sorry for the
trouble. The patch is,
> Cc:
> Cc: Russell King
> Signed-off-by: Lee Jones
Tested-by: Peilin Ye
Thank you,
Peilin Ye
On Tue, Oct 27, 2020 at 07:50:58PM +0100, Daniel Vetter wrote:
> On Tue, Oct 27, 2020 at 12:33:05PM -0400, Peilin Ye wrote:
> > It is improper to define `width` and `height` as signed in `struct
> > font_desc`. Make them unsigned. Also, change the corresponding printk()
> > fo
On Tue, Oct 27, 2020 at 07:36:54PM +0100, Daniel Vetter wrote:
> On Tue, Oct 27, 2020 at 5:50 PM Peilin Ye wrote:
> > ...you mentioned code search, where & what should we look at, in order
> > to confirm it's safe to remove them?
>
> Way back there was go
Subsystems are assuming the number of characters of our built-in fonts.
Include that information in our kernel font descriptor, `struct
font_desc`.
Signed-off-by: Peilin Ye
Reviewed-by: Daniel Vetter
---
Change in v2:
- Rebase onto 5.10-rc1.
include/linux/font.h | 1 +
lib/fonts
On Tue, Oct 27, 2020 at 07:59:35PM +0100, Daniel Vetter wrote:
> On Tue, Oct 27, 2020 at 12:34:26PM -0400, Peilin Ye wrote:
> > Subsystems are assuming the number of characters of our built-in fonts.
> > Include that information in our kernel font descriptor, `struc
On Wed, Oct 28, 2020 at 09:18:44AM +0100, Daniel Vetter wrote:
> On Wed, Oct 28, 2020 at 01:43:07AM -0400, Peilin Ye wrote:
> > On Tue, Oct 27, 2020 at 07:50:58PM +0100, Daniel Vetter wrote:
> > > On Tue, Oct 27, 2020 at 12:33:05PM -0400, Peilin Ye wrote:
> > > > I
FNTCHARCNT() and 256.
This patch depends on patch "Fonts: Add charcount field to font_desc".
Signed-off-by: Peilin Ye
---
FNTCHARCNT() now disappeared from drivers/video/fbdev/core/. There is one
more in drivers/video/console/newport_con.c, but I think that file needs
to be handled sepa
On Tue, Oct 27, 2020 at 08:13:53PM +0100, Daniel Vetter wrote:
> On Tue, Oct 27, 2020 at 12:37:29PM -0400, Peilin Ye wrote:
> > fbcon_startup() and fbcon_init() are hard-coding the number of characters
> > of our built-in fonts as 256. Recently, we included that information in
>
`width` and `height` are defined as unsigned in our UAPI font descriptor
`struct console_font`. Make them unsigned in our kernel font descriptor
`struct font_desc`, too.
Also, change the corresponding printk() format identifiers from `%d` to
`%u`, in sti_select_fbfont().
Signed-off-by: Peilin Ye
ink it's all about a few hard problems in fbcon.c.
I'll keep trying and see how it goes.
Thank you,
Peilin Ye
nts: Add charcount field to font_desc".
Signed-off-by: Peilin Ye
---
drivers/video/fbdev/core/fbcon.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index cef437817b0d..e563847991b7 100644
--- a/drivers/vid
nts: Add charcount field to font_desc".
Signed-off-by: Peilin Ye
---
$ # Build-tested (Ubuntu 20.04)
$ sudo apt-get install binutils-hppa64-linux-gnu gcc-7-hppa64-linux-gnu
$ cp arch/parisc/configs/generic-64bit_defconfig .config
$ make -j`nproc` ARCH=parisc CROSS_COMPILE=hppa64-linux-gnu-
Subsystems are assuming the number of characters of our built-in fonts.
Include that information in our kernel font descriptor, `struct
font_desc`.
Signed-off-by: Peilin Ye
---
include/linux/font.h | 1 +
lib/fonts/font_10x18.c | 1 +
lib/fonts/font_6x10.c | 1 +
lib/fonts
It is improper to define `width` and `height` as signed in `struct
font_desc`. Make them unsigned. Also, change the corresponding printk()
format identifiers from `%d` to `%u`, in sti_select_fbfont().
Signed-off-by: Peilin Ye
---
Build-tested.
drivers/video/console/sticore.c | 2 +-
include
Remove 6 unused extern variables to reduce confusion. It is worth
mentioning that lib/fonts/font_8x8.c and lib/fonts/font_8x16.c also
declare `fontdata_8x8` and `fontdata_8x16` respectively, and this file
has nothing to do with them.
Signed-off-by: Peilin Ye
---
$ # Build-tested (Ubuntu 20.04
Hi Daniel, Hi Greg, Hi all,
We are planning to use `font_desc` instead of `console_font` in `vc_data`,
and this is just some prep work for it. It doesn't do much, but at least
it removes two "FIXME"s in fbcon.c :)
Peilin Ye (5):
[1/5] fbdev/atafb: Remove unused extern variables
On Sun, Oct 18, 2020 at 11:51:19PM +0200, Daniel Vetter wrote:
> On Sun, Oct 18, 2020 at 10:45 PM Peilin Ye wrote:
> > I'm confused, I see it on LKML in the link above. Sure I'll resend soon.
>
> My brain didn't work, sorry about the confusion.
>
> I'll pick up the patch
Recently we added a new 6x8 font in commit e2028c8e6bf9 ("lib/fonts: add
font 6x8 for OLED display"). Add its name to the "compiled-in fonts"
list.
Signed-off-by: Peilin Ye
---
Resending +Cc: dri-devel, sorry if I spammed.
Documentation/fb/fbcon.rst | 2 +-
1 file change
On Sun, Oct 18, 2020 at 10:33:11PM +0200, Daniel Vetter wrote:
> On Sun, Oct 18, 2020 at 10:18 PM Peilin Ye wrote:
> > 2/2 is just updating the fb documentation:
> >
> > [PATCH 2/2] docs: fb: Add font_6x8 to available built-in fonts
> > h
On Sun, Oct 18, 2020 at 10:09:06PM +0200, Daniel Vetter wrote:
> Adding dri-devel too, not sure anyone is still listening on linux-fbdev.
I see, thanks!
> On Sun, Oct 18, 2020 at 8:13 PM Peilin Ye wrote:
> >
> > Recently, in commit 6735b4632def ("Fonts: Support
Recently we added a new 6x8 font in commit e2028c8e6bf9 ("lib/fonts: add
font 6x8 for OLED display"). Add its name to the "compiled-in fonts"
list.
Signed-off-by: Peilin Ye
---
Documentation/fb/fbcon.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --gi
macros.
Signed-off-by: Peilin Ye
---
lib/fonts/font_6x8.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/fonts/font_6x8.c b/lib/fonts/font_6x8.c
index e06447788418..700039a9ceae 100644
--- a/lib/fonts/font_6x8.c
+++ b/lib/fonts/font_6x8.c
@@ -3,8 +3,8 @@
#define FONTDA
On Thu, Oct 15, 2020 at 10:53:28AM -0400, Alex Deucher wrote:
> On Thu, Oct 15, 2020 at 9:59 AM Peilin Ye wrote:
> > It has been applied to linux-next twice, for unknown reasons. Thank you!
>
> The patch was already in drm-next, but since it was a bug fix it was
> applied it t
Hi all,
On Thu, Oct 15, 2020 at 11:33:08AM +1000, Dave Airlie wrote:
> Peilin Ye (1):
> drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
This patch is already in mainline:
commit 543e8669ed9bfb30545fd52bc0e047ca4df7fb31
Author: Peilin Ye
Date: Tue Jul 28 15:29:24 2020
move CDROM_SEND_PACKET handling into scsi")
Suggested-by: Dan Carpenter
Suggested-by: Arnd Bergmann
Reported-by: syzbot+85433a479a646a064...@syzkaller.appspotmail.com
Signed-off-by: Peilin Ye
---
v3: https://lore.kernel.org/lkml/20200909095057.1214104-1-yepeilin...@gmail.com/
Changes in v4:
d[3]; /*29 3 */
compat_int_t quiet;/*32 4 */
compat_int_t timeout; /*36 4 */
compat_caddr_t reserved[1]; /*40 4 */
/* size: 44, cachelines: 1, members: 10 */
/* last cacheline: 44 bytes */
};
$ _
Thank you,
Peilin Ye
On Wed, Sep 30, 2020 at 01:52:11PM +0200, Greg Kroah-Hartman wrote:
> On Wed, Sep 30, 2020 at 01:25:14PM +0200, Daniel Vetter wrote:
> > On Wed, Sep 30, 2020 at 12:56 PM Peilin Ye wrote:
> > > Yes, and built-in fonts don't use refcount. Or maybe we can let
> > > find_
On Wed, Sep 30, 2020 at 11:53:17AM +0200, Daniel Vetter wrote:
> On Wed, Sep 30, 2020 at 03:11:51AM -0400, Peilin Ye wrote:
> > On Tue, Sep 29, 2020 at 04:38:49PM +0200, Daniel Vetter wrote:
> > > On Tue, Sep 29, 2020 at 2:34 PM Peilin Ye wrote:
> > > > Ah, and s
On Wed, Sep 30, 2020 at 07:26:52AM +0200, Jiri Slaby wrote:
> On 29. 09. 20, 14:34, Peilin Ye wrote:
> > the work in general? I couldn't think of how do we clean up subsystems
> > one by one, while keeping a `console_font` in `struct vc_data`.
>
> Hi,
>
> feel free
On Tue, Sep 29, 2020 at 04:38:49PM +0200, Daniel Vetter wrote:
> On Tue, Sep 29, 2020 at 2:34 PM Peilin Ye wrote:
> > It seems that users don't use `console_font` directly, they use
> > `console_font_op`. Then, in TTY:
>
> Wow, this is a maze :-/
>
> > (drivers/tt
have more than 256 characters. This
seems really nice, so I'd like to spend some time working on it.
However before I start working on real patches, do you have suggestions
about which console driver I should start with, or how should I split up
the work in general? I couldn't think of how do we clean up subsystems
one by one, while keeping a `console_font` in `struct vc_data`.
Thank you!
Peilin Ye
rom
> Greg's inbox :-)
Ah, I've been checking lore.kernel.org/dri-devel/ once a while. Sure!
I'll subscribe right now :)
Peilin Ye
===
> [ 227.084729] BUG: KASAN: slab-out-of-bounds in soft_cursor+0x34e/0x4a0
> [ 227.084748] Read of size 9 at addr ffff8880c98d5930 by task a.out/1662
Very interesting, I remember seeing this on the syzbot dashboard...
Yes, I guess it is this one:
KASAN: slab-out-of-bounds Read in soft_cursor
https://syzkaller.appspot.com/bug?id=6b8355d27b2b94fb5cedf4655e3a59162d9e48e3
There is a `0x560aul` ioctl() in the reproducer, which is `VT_RESIZEX`.
Thank you,
Peilin Ye
check in bit_putcs(), or bit_putcs_aligned().
...but yeah, that `VT_RESIZEX` ioctl looks really buggy, and is already
causing more issues:
KASAN: global-out-of-bounds Read in fbcon_get_font
Link:
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
This was also caused by `VT_RESIZEX`...
Thank you,
Peilin Ye
nner, but I
will try to do what I can do.
Thank you,
Peilin Ye
ts, so I wanted a single solution for both of
them. I think we can't really introduce `kernel_console_font` while
keeping these macros, that would make the error handling logics etc.
very messy.
I'm not very sure what to do now. Should I give it another try cleaning
up all the macros?
And thank you for reviewing this!
Peilin Ye
y/vt/vt.c| con_init | (struct
> console_font)->height | 0
> drivers/tty/vt/vt.c| con_font_set | (struct
> console_font)->height | 1-32
> drivers/tty/vt/vt.c| con_font_default | (struct
> console_font)->height | 0-u32max
> drivers/tty/vt/selection.c | paste_selection| (struct
> console_font)->height | ignore
I will go through the list starting from these "0-u32max" cases. Thanks
again!
Peilin Ye
Hi!
On Thu, Sep 24, 2020 at 02:42:18PM +, David Laight wrote:
> > On Thu, Sep 24, 2020 at 09:38:22AM -0400, Peilin Ye wrote:
> > > Hi all,
> > >
> > > syzbot has reported [1] a global out-of-bounds read issue in
> > > fbcon_get_font(). A malicious u
On Thu, Sep 24, 2020 at 04:09:37PM +0200, Greg Kroah-Hartman wrote:
> On Thu, Sep 24, 2020 at 09:38:22AM -0400, Peilin Ye wrote:
> > Peilin Ye (3):
> > fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
> > Fonts: Support FONT_EXTRA_WORDS macros for built
d-and-tested-by: syzbot+29d4ed7f3bdedf2aa...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
Signed-off-by: Peilin Ye
---
drivers/video/fbdev/core/fbcon.c | 12
1 file changed, 12 insertions(+)
diff --git a/drivers/video/fbdev/core/
l.org
Link:
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
Signed-off-by: Peilin Ye
---
include/linux/font.h | 5 +
lib/fonts/font_10x18.c | 9 -
lib/fonts/font_6x10.c | 9 +
lib/fonts/font_6x11.c | 9 -
lib/fonts/f
Signed-off-by: Peilin Ye
---
drivers/video/console/newport_con.c | 7 +--
drivers/video/fbdev/core/fbcon.h| 7 ---
drivers/video/fbdev/core/fbcon_rotate.c | 1 +
drivers/video/fbdev/core/tileblit.c | 1 +
include/linux/font.h| 8
5 files changed
word in
newport_set_font() properly.
Many thanks to Greg Kroah-Hartman , who
reviewed and improved this series!
[1]: KASAN: global-out-of-bounds Read in fbcon_get_font
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd
Peilin Ye (3):
fbdev, newport_con: Move FONT_E
Hi,
On Wed, Sep 23, 2020 at 12:04:05PM +0200, Jan Kara wrote:
> On Tue 22-09-20 11:45:31, Peilin Ye wrote:
> > udf_process_sequence() is leaking memory. Free `data.part_descs_loc`
> > before returning.
> >
> > Cc: sta...@vger.kernel.org
> > Fixes: 7b78fd02fb19
ppspot.com/bug?id=c5ec4e6f5d818f3c4afd4d59342468eec08a38da
Signed-off-by: Peilin Ye
---
fs/udf/super.c | 20 +---
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/fs/udf/super.c b/fs/udf/super.c
index 1c42f544096d..b0d862ab3024 100644
--- a/fs/udf/super.c
+++ b/fs/u
oduce communication groups")
Reported-and-tested-by: syzbot+f95d90c454864b3b5...@syzkaller.appspotmail.com
Cc: Hillf Danton
Link:
https://syzkaller.appspot.com/bug?id=048390604fe1b60df34150265479202f10e13aff
Signed-off-by: Peilin Ye
---
Change in v2:
- let tipc_group_add_to_tree() ret
On Sat, Sep 12, 2020 at 06:23:36PM -0700, David Miller wrote:
> From: Peilin Ye
> Date: Sat, 12 Sep 2020 06:22:30 -0400
>
> > @@ -291,10 +291,11 @@ static void tipc_group_add_to_tree(struct tipc_group
> > *grp,
> > else if (key > nkey)
> >
oduce communication groups")
Reported-and-tested-by: syzbot+f95d90c454864b3b5...@syzkaller.appspotmail.com
Cc: Hillf Danton
Link:
https://syzkaller.appspot.com/bug?id=048390604fe1b60df34150265479202f10e13aff
Signed-off-by: Peilin Ye
---
Decoded syzbot reproducer in pseudo-C:
fd
("compat_ioctl: move CDROM_SEND_PACKET handling into scsi")
Suggested-by: Dan Carpenter
Suggested-by: Arnd Bergmann
Signed-off-by: Peilin Ye
---
Change in v3:
- Improve commit message. scsi_put_cdrom_generic_arg() does not
*always* leak kernel information. It is compiler
/bug?extid=f7f6e564f4202d8601c6
Signed-off-by: Peilin Ye
---
I forgot the "Link:" tag yesterday. Sorry about that.
Change in v2:
- add a proper "Link:" tag.
net/bluetooth/mgmt.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/mgmt.
vents")
Reported-and-tested-by: syzbot+24ebd650e20bd263c...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=24ebd650e20bd263ca01
Signed-off-by: Peilin Ye
---
Change in v2:
- add "Cc: stable@" tag.
net/bluetooth/hci_event.c | 12 +---
1 file changed
read_adv_mon_features() is leaking memory. Free `rp` before returning.
Fixes: e5e1e7fd470c ("Bluetooth: Add handler of
MGMT_OP_READ_ADV_MONITOR_FEATURES")
Reported-and-tested-by: syzbot+f7f6e564f4202d860...@syzkaller.appspotmail.com
Signed-off-by: Peilin Ye
---
net/bluetooth/m
On Thu, Sep 03, 2020 at 08:59:50AM +0200, Christoph Hellwig wrote:
> On Thu, Sep 03, 2020 at 02:55:34AM -0400, Peilin Ye wrote:
> > In bdev_del_partition(), `part` is being looked up outside the critical
> > section. This is causing bdev_del_partition() to delete the same partitio
and-tested-by: syzbot+6448f3c229bc52b82...@syzkaller.appspotmail.com
Cc: sta...@vger.kernel.org
Cc: Hillf Danton
Link:
https://syzkaller.appspot.com/bug?id=09fc5ec437ea150f28e8a19f5011c08ee73381af
Signed-off-by: Peilin Ye
---
block/blk.h | 2 +-
block/genhd.c | 2 +-
block/
Hi all,
I have sent a patch which reverts cddae808aeb7 ("block: pass a
hd_struct to delete_partition") to syzbot, and it is now pending for
testing:
Link: https://groups.google.com/g/syzkaller-bugs/c/fnk0t9aqhDw/m/FO46-S8XAgAJ
Thank you,
Peilin Ye
On Tue, Aug 25, 2020 at 06:59:35PM +0200, Greg KH wrote:
> On Tue, Aug 25, 2020 at 12:48:04PM -0400, Peilin Ye wrote:
> > Hi all,
> >
> > Link:
> > https://syzkaller.appspot.com/bug?id=f332576321998d36cd07d09c9c1268cfed1895c9
> >
> > As reported b
IZE;
- filled = count - pos;
- }
Decreasing `count` by `min(HEADER_SIZE - pos, count)` bypasses this check.
Additionally, this patch also removed updates to `skip` and `filled`.
What should we do in order to fix it?
Thank you,
Peilin Ye
Setting `hue` by calling tpg_s_hue() directly is risky, since it does not
perform range check. Clamp `hue` to the valid range in tpg_s_hue().
Suggested-by: Hans Verkuil
Signed-off-by: Peilin Ye
---
include/media/tpg/v4l2-tpg.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/media
c43104cd70
Suggested-by: Hans Verkuil
Signed-off-by: Peilin Ye
---
I'm not very sure how to name this patch since we are fixing a bug in
v4l2-tpg by modifying vivid.
Change in v2:
- Solve the root of the problem instead of adding more boundary checks
in precalculate_color(). (Suggested by Ha
On Fri, Aug 21, 2020 at 12:12:28PM +0200, Hans Verkuil wrote:
> Arrgh! I know what this is. /dev/video6 corresponds to the Metadata output
> device of vivid, and that metadata format sets brightness, contrast,
> saturation and hue:
>
> struct vivid_meta_out_buf {
> u16 brightness;
>
Hi Mr. Verkuil,
On Wed, Aug 19, 2020 at 04:26:28PM +0200, Hans Verkuil wrote:
> Hi Peilin,
>
> On 10/08/2020 07:05, Peilin Ye wrote:
> > precalculate_color() is reading out of `sin` since `tpg->hue` is not being
> > properly checked. Fix it. `cos` is safe, as long as `tpg-
Hi Mr. Verkuil,
On Wed, Aug 19, 2020 at 04:26:28PM +0200, Hans Verkuil wrote:
> Hi Peilin,
>
> On 10/08/2020 07:05, Peilin Ye wrote:
> > precalculate_color() is reading out of `sin` since `tpg->hue` is not being
> > properly checked. Fix it. `cos` is safe, as long
On Mon, Aug 17, 2020 at 12:21:41PM +0200, Jiri Kosina wrote:
> On Wed, 29 Jul 2020, Peilin Ye wrote:
>
> > `uref->usage_index` is not always being properly checked, causing
> > hiddev_ioctl_usage() to go out of bounds under some cases. Fix it.
> >
> > Repo
es = hfs_find_init(HFS_SB(inode->i_sb)->ext_tree, );
>
Thank you for pointing this out! I will try to come up with a better way
to fix it.
Peilin Ye
> So we need ->ext_tree to be non-NULL before we can set ->ext_tree to be
> non-NULL... :/
>
On Wed, Aug 12, 2020 at 10:18:52AM +0200, Greg Kroah-Hartman wrote:
> On Wed, Aug 12, 2020 at 03:13:06AM -0400, Peilin Ye wrote:
> > On Wed, Aug 12, 2020 at 09:08:27AM +0200, Greg Kroah-Hartman wrote:
> > > On Wed, Aug 12, 2020 at 02:55:56AM -0400, Peilin Ye wrote:
> > &
On Wed, Aug 12, 2020 at 09:08:27AM +0200, Greg Kroah-Hartman wrote:
> On Wed, Aug 12, 2020 at 02:55:56AM -0400, Peilin Ye wrote:
> > Prevent hfs_find_init() from dereferencing `tree` as NULL.
> >
> > Reported-and-tested-by:
> > syzbot+7ca256d0da4af073b...@syzkaller.app
1 - 100 of 176 matches
Mail list logo