LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, "Sean Hefty" <sean.hefty@intel.com>,
	"" <syzbot+e6aba77967bd72cbc9d6@syzkaller.appspotmail.com>,
	"Leon Romanovsky" <leonro@mellanox.com>,
	"Doug Ledford" <dledford@redhat.com>
Subject: [PATCH 3.2 127/153] RDMA/ucma: Fix access to non-initialized CM_ID object
Date: Wed, 30 May 2018 11:52:42 +0100	[thread overview]
Message-ID: <lsq.1527677562.567620381@decadent.org.uk> (raw)
In-Reply-To: <lsq.1527677560.486731940@decadent.org.uk>

3.2.102-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Leon Romanovsky <leonro@mellanox.com>

commit 7688f2c3bbf55e52388e37ac5d63ca471a7712e1 upstream.

The attempt to join multicast group without ensuring that CMA device
exists will lead to the following crash reported by syzkaller.

[   64.076794] BUG: KASAN: null-ptr-deref in rdma_join_multicast+0x26e/0x12c0
[   64.076797] Read of size 8 at addr 00000000000000b0 by task join/691
[   64.076797]
[   64.076800] CPU: 1 PID: 691 Comm: join Not tainted 4.16.0-rc1-00219-gb97853b65b93 #23
[   64.076802] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-proj4
[   64.076803] Call Trace:
[   64.076809]  dump_stack+0x5c/0x77
[   64.076817]  kasan_report+0x163/0x380
[   64.085859]  ? rdma_join_multicast+0x26e/0x12c0
[   64.086634]  rdma_join_multicast+0x26e/0x12c0
[   64.087370]  ? rdma_disconnect+0xf0/0xf0
[   64.088579]  ? __radix_tree_replace+0xc3/0x110
[   64.089132]  ? node_tag_clear+0x81/0xb0
[   64.089606]  ? idr_alloc_u32+0x12e/0x1a0
[   64.090517]  ? __fprop_inc_percpu_max+0x150/0x150
[   64.091768]  ? tracing_record_taskinfo+0x10/0xc0
[   64.092340]  ? idr_alloc+0x76/0xc0
[   64.092951]  ? idr_alloc_u32+0x1a0/0x1a0
[   64.093632]  ? ucma_process_join+0x23d/0x460
[   64.094510]  ucma_process_join+0x23d/0x460
[   64.095199]  ? ucma_migrate_id+0x440/0x440
[   64.095696]  ? futex_wake+0x10b/0x2a0
[   64.096159]  ucma_join_multicast+0x88/0xe0
[   64.096660]  ? ucma_process_join+0x460/0x460
[   64.097540]  ? _copy_from_user+0x5e/0x90
[   64.098017]  ucma_write+0x174/0x1f0
[   64.098640]  ? ucma_resolve_route+0xf0/0xf0
[   64.099343]  ? rb_erase_cached+0x6c7/0x7f0
[   64.099839]  __vfs_write+0xc4/0x350
[   64.100622]  ? perf_syscall_enter+0xe4/0x5f0
[   64.101335]  ? kernel_read+0xa0/0xa0
[   64.103525]  ? perf_sched_cb_inc+0xc0/0xc0
[   64.105510]  ? syscall_exit_register+0x2a0/0x2a0
[   64.107359]  ? __switch_to+0x351/0x640
[   64.109285]  ? fsnotify+0x899/0x8f0
[   64.111610]  ? fsnotify_unmount_inodes+0x170/0x170
[   64.113876]  ? __fsnotify_update_child_dentry_flags+0x30/0x30
[   64.115813]  ? ring_buffer_record_is_on+0xd/0x20
[   64.117824]  ? __fget+0xa8/0xf0
[   64.119869]  vfs_write+0xf7/0x280
[   64.122001]  SyS_write+0xa1/0x120
[   64.124213]  ? SyS_read+0x120/0x120
[   64.126644]  ? SyS_read+0x120/0x120
[   64.128563]  do_syscall_64+0xeb/0x250
[   64.130732]  entry_SYSCALL_64_after_hwframe+0x21/0x86
[   64.132984] RIP: 0033:0x7f5c994ade99
[   64.135699] RSP: 002b:00007f5c99b97d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   64.138740] RAX: ffffffffffffffda RBX: 00000000200001e4 RCX: 00007f5c994ade99
[   64.141056] RDX: 00000000000000a0 RSI: 00000000200001c0 RDI: 0000000000000015
[   64.143536] RBP: 00007f5c99b97ec0 R08: 0000000000000000 R09: 0000000000000000
[   64.146017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c99b97fc0
[   64.148608] R13: 0000000000000000 R14: 00007fff660e1c40 R15: 00007f5c99b989c0
[   64.151060]
[   64.153703] Disabling lock debugging due to kernel taint
[   64.156032] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
[   64.159066] IP: rdma_join_multicast+0x26e/0x12c0
[   64.161451] PGD 80000001d0298067 P4D 80000001d0298067 PUD 1dea39067 PMD 0
[   64.164442] Oops: 0000 [#1] SMP KASAN PTI
[   64.166817] CPU: 1 PID: 691 Comm: join Tainted: G    B 4.16.0-rc1-00219-gb97853b65b93 #23
[   64.170004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-proj4
[   64.174985] RIP: 0010:rdma_join_multicast+0x26e/0x12c0
[   64.177246] RSP: 0018:ffff8801c8207860 EFLAGS: 00010282
[   64.179901] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff94789522
[   64.183344] RDX: 1ffffffff2d50fa5 RSI: 0000000000000297 RDI: 0000000000000297
[   64.186237] RBP: ffff8801c8207a50 R08: 0000000000000000 R09: ffffed0039040ea7
[   64.189328] R10: 0000000000000001 R11: ffffed0039040ea6 R12: 0000000000000000
[   64.192634] R13: 0000000000000000 R14: ffff8801e2022800 R15: ffff8801d4ac2400
[   64.196105] FS:  00007f5c99b98700(0000) GS:ffff8801e5d00000(0000) knlGS:0000000000000000
[   64.199211] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   64.202046] CR2: 00000000000000b0 CR3: 00000001d1c48004 CR4: 00000000003606a0
[   64.205032] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   64.208221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   64.211554] Call Trace:
[   64.213464]  ? rdma_disconnect+0xf0/0xf0
[   64.216124]  ? __radix_tree_replace+0xc3/0x110
[   64.219337]  ? node_tag_clear+0x81/0xb0
[   64.222140]  ? idr_alloc_u32+0x12e/0x1a0
[   64.224422]  ? __fprop_inc_percpu_max+0x150/0x150
[   64.226588]  ? tracing_record_taskinfo+0x10/0xc0
[   64.229763]  ? idr_alloc+0x76/0xc0
[   64.232186]  ? idr_alloc_u32+0x1a0/0x1a0
[   64.234505]  ? ucma_process_join+0x23d/0x460
[   64.237024]  ucma_process_join+0x23d/0x460
[   64.240076]  ? ucma_migrate_id+0x440/0x440
[   64.243284]  ? futex_wake+0x10b/0x2a0
[   64.245302]  ucma_join_multicast+0x88/0xe0
[   64.247783]  ? ucma_process_join+0x460/0x460
[   64.250841]  ? _copy_from_user+0x5e/0x90
[   64.253878]  ucma_write+0x174/0x1f0
[   64.257008]  ? ucma_resolve_route+0xf0/0xf0
[   64.259877]  ? rb_erase_cached+0x6c7/0x7f0
[   64.262746]  __vfs_write+0xc4/0x350
[   64.265537]  ? perf_syscall_enter+0xe4/0x5f0
[   64.267792]  ? kernel_read+0xa0/0xa0
[   64.270358]  ? perf_sched_cb_inc+0xc0/0xc0
[   64.272575]  ? syscall_exit_register+0x2a0/0x2a0
[   64.275367]  ? __switch_to+0x351/0x640
[   64.277700]  ? fsnotify+0x899/0x8f0
[   64.280530]  ? fsnotify_unmount_inodes+0x170/0x170
[   64.283156]  ? __fsnotify_update_child_dentry_flags+0x30/0x30
[   64.286182]  ? ring_buffer_record_is_on+0xd/0x20
[   64.288749]  ? __fget+0xa8/0xf0
[   64.291136]  vfs_write+0xf7/0x280
[   64.292972]  SyS_write+0xa1/0x120
[   64.294965]  ? SyS_read+0x120/0x120
[   64.297474]  ? SyS_read+0x120/0x120
[   64.299751]  do_syscall_64+0xeb/0x250
[   64.301826]  entry_SYSCALL_64_after_hwframe+0x21/0x86
[   64.304352] RIP: 0033:0x7f5c994ade99
[   64.306711] RSP: 002b:00007f5c99b97d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   64.309577] RAX: ffffffffffffffda RBX: 00000000200001e4 RCX: 00007f5c994ade99
[   64.312334] RDX: 00000000000000a0 RSI: 00000000200001c0 RDI: 0000000000000015
[   64.315783] RBP: 00007f5c99b97ec0 R08: 0000000000000000 R09: 0000000000000000
[   64.318365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c99b97fc0
[   64.320980] R13: 0000000000000000 R14: 00007fff660e1c40 R15: 00007f5c99b989c0
[   64.323515] Code: e8 e8 79 08 ff 4c 89 ff 45 0f b6 a7 b8 01 00 00 e8 68 7c 08 ff 49 8b 1f 4d 89 e5 49 c1 e4 04 48 8
[   64.330753] RIP: rdma_join_multicast+0x26e/0x12c0 RSP: ffff8801c8207860
[   64.332979] CR2: 00000000000000b0
[   64.335550] ---[ end trace 0c00c17a408849c1 ]---

Reported-by: <syzbot+e6aba77967bd72cbc9d6@syzkaller.appspotmail.com>
Fixes: c8f6a362bf3e ("RDMA/cma: Add multicast communication support")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/infiniband/core/cma.c | 3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -3131,6 +3131,9 @@ int rdma_join_multicast(struct rdma_cm_i
 	struct cma_multicast *mc;
 	int ret;
 
+	if (!id->device)
+		return -EINVAL;
+
 	id_priv = container_of(id, struct rdma_id_private, id);
 	if (!cma_comp(id_priv, RDMA_CM_ADDR_BOUND) &&
 	    !cma_comp(id_priv, RDMA_CM_ADDR_RESOLVED))

  parent reply	other threads:[~2018-05-30 11:37 UTC|newest]

Thread overview: 155+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-30 10:52 [PATCH 3.2 000/153] 3.2.102-rc1 review Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 087/153] xfrm_user: uncoditionally validate esn replay attribute struct Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 124/153] ALSA: seq: Clear client entry before deleting else at closing Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 117/153] RDMA/ucma: Limit possible option size Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 026/153] perf/hwbp: Simplify the perf-hwbp code, fix documentation Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 069/153] mm: pin address_space before dereferencing it while isolating an LRU page Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 104/153] regulatory: add NUL to request alpha2 Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 041/153] crypto: af_alg - whitelist mask and type Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 119/153] x86/MCE: Save microcode revision in machine check records Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 059/153] scsi: fas216: fix sense buffer initialization Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 052/153] dm thin: fix documentation relative to low water mark threshold Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 036/153] signal/sh: Ensure si_signo is initialized in do_divide_error Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 075/153] MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 020/153] x86/MCE: Serialize sysfs changes Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 083/153] usb: dwc3: gadget: Set maxpacket size for ep0 IN Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 053/153] ubi: Fix race condition between ubi volume creation and udev Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 088/153] net: fix race on decreasing number of TX queues Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 022/153] x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 120/153] USB: usbmon: remove assignment from IS_ERR argument Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 037/153] scsi: libsas: fix error when getting phy events Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 040/153] ext4: correct documentation for grpid mount option Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 066/153] scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 006/153] ext4: fail ext4_iget for root directory if unallocated Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 089/153] netfilter: drop outermost socket lock in getsockopt() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 093/153] powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 024/153] cdrom: information leak in cdrom_ioctl_media_changed() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 002/153] mm/madvise.c: fix madvise() infinite loop under special circumstances Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 054/153] drm/ttm: Don't add swapped BOs to swap-LRU list Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 094/153] USB: OHCI: Fix race between ED unlink and URB submission Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 028/153] slip: sl_alloc(): remove unused parameter "dev_t line" Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 071/153] Btrfs: fix extent state leak from tree log Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 047/153] mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 081/153] s390/qeth: fix SETIP command handling Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 110/153] tpm_tis: fix potential buffer overruns caused by bit glitches on the bus Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 099/153] libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 043/153] crypto: cryptd - pass through absence of ->setkey() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 035/153] pktcdvd: Fix pkt_setup_dev() error path Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 013/153] ALSA: seq: Fix racy pool initializations Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 098/153] nospec: Allow index argument to have const-qualified type Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 065/153] media: cxusb, dib0700: ignore XC2028_I2C_FLUSH Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 045/153] crypto: hash - prevent using keyed hashes without setting key Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 004/153] netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 057/153] alpha: fix crash if pthread_create races with signal delivery Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 038/153] scsi: aacraid: remove redundant setting of variable c Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 015/153] ALSA: seq: correctly detect input buffer overflow Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 084/153] bridge: check brport attr show in brport_show Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 046/153] signal/openrisc: Fix do_unaligned_access to send the proper signal Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 008/153] ext4: add validity checks for bitmap block numbers Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 125/153] netfilter: bridge: ebt_among: add missing match size checks Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 011/153] sctp: verify size of a new chunk in _sctp_make_chunk() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 073/153] firmware: dmi_scan: Fix handling of empty DMI strings Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 108/153] l2tp: don't use inet_shutdown on ppp session destroy Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 025/153] perf/hwpb: Invoke __perf_event_disable() if interrupts are already disabled Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 001/153] sctp: Fix mangled IPv4 addresses on a IPv6 listening socket Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 079/153] netlink: avoid a double skb free in genlmsg_mcast() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 051/153] USB: cdc-acm: Do not log urb submission errors on disconnect Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 049/153] ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 086/153] libata: remove WARN() for DMA or PIO command without data Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 101/153] x86/mm: Fix {pmd,pud}_{set,clear}_flags() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 121/153] usb: usbmon: Read text within supplied buffer size Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 050/153] hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 017/153] hugetlbfs: fix offset overflow in hugetlbfs mmap Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 074/153] MIPS: TXX9: use IS_ENABLED() macro Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 078/153] netlink: ensure to loop over all netns in genlmsg_multicast_allns() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 122/153] xhci: Fix front USB ports on ASUS PRIME B350M-A Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 014/153] ALSA: seq: Don't allow resizing pool in use Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 055/153] MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 018/153] hugetlbfs: check for pgoff value overflow Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 076/153] netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 030/153] USB: serial: io_edgeport: fix possible sleep-in-atomic Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 100/153] netfilter: IDLETIMER: be syzkaller friendly Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 005/153] netfilter: ebtables: fix erroneous reject of last rule Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 096/153] Add delay-init quirk for Corsair K70 RGB keyboards Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 042/153] crypto: hash - introduce crypto_hash_alg_has_setkey() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 056/153] alpha: fix reboot on Avanti platform Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 112/153] serial: sh-sci: prevent lockup on full TTY buffers Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 102/153] libata: disable LPM for Crucial BX100 SSD 500GB drive Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 033/153] l2tp: fix missing print session offset info Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 123/153] ALSA: seq: Fix possible UAF in snd_seq_check_queue() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 114/153] e1000e: Fix check_for_link return value with autoneg off Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 058/153] CDC-ACM: apply quirk for card reader Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 095/153] usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 010/153] dccp: check sk for closed state in dccp_sendmsg() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 070/153] net: igmp: add a missing rcu locking section Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 067/153] netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 085/153] libata: fix length validation of ATAPI-relayed SCSI commands Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 077/153] powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 106/153] ALSA: usb-audio: Add a quirck for B&W PX headphones Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 097/153] dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 092/153] netfilter: nat: cope with negative port range Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 031/153] media: bt8xx: Fix err 'bt878_probe()' Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 116/153] l2tp: do not accept arbitrary sockets Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 032/153] ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 082/153] Input: matrix_keypad - fix race when disabling interrupts Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 064/153] jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 007/153] ext4: fix block bitmap validation when bigalloc, ^flex_bg Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 019/153] scsi: libsas: fix memory leak in sas_smp_get_phy_events() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 027/153] media: cpia2: Fix a couple off by one bugs Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 062/153] cifs: Fix missing put_xid in cifs_file_strict_mmap Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 126/153] netfilter: bridge: ebt_among: add more missing match size checks Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 039/153] ext4: save error to disk in __ext4_grp_locked_error() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 080/153] 9p/trans_virtio: discard zero-length reply Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 103/153] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 090/153] netfilter: ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 063/153] USB: serial: pl2303: new device id for Chilitag Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 060/153] s390: fix handling of -1 in set{,fs}[gu]id16 syscalls Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 034/153] scsi: aacraid: Fix udev inquiry race condition Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 003/153] ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 091/153] netfilter: x_tables: fix missing timer initialization in xt_LED Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 061/153] HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 107/153] batman-adv: fix packet checksum in receive path Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 016/153] ALSA: seq: More protection for concurrent write and ioctl races Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 048/153] console/dummy: leave .con_font_get set to NULL Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 009/153] ext4: fix bitmap position validation Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 105/153] drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 044/153] crypto: hash - annotate algorithms taking optional key Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 072/153] firmware/dmi_scan: constify strings Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 068/153] netfilter: on sockopt() acquire sock lock only in the required scope Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 023/153] x86/entry/64: Don't use IST entry for #BP stack Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 109/153] l2tp: fix race in pppol2tp_release with session object destroy Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 113/153] ahci: Add PCI-id for the Highpoint Rocketraid 644L card Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 118/153] RDMA/ucma: Check that user doesn't overflow QP state Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 115/153] usb: quirks: add control message delay for 1b1c:1b20 Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 111/153] tty: make n_tty_read() always abort if hangup is in progress Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 029/153] ASoC: nuc900: Fix a loop timeout test Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 012/153] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 129/153] drm/radeon: Don't turn off DP sink when disconnected Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 150/153] net/mlx4_en: Fix mixed PFC and Global pause user control requests Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 130/153] fs: Teach path_connected to handle nfs filesystems with multiple roots Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 145/153] netlink: make sure nladdr has correct size in netlink_connect() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 151/153] RDMA/ucma: Check that device is connected prior to access it Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 138/153] ALSA: aloop: Sync stale timer before release Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 140/153] posix-timers: Protect posix clock array access against speculation Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 133/153] libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 141/153] s390/qeth: free netdevice when removing a card Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 153/153] mtd: jedec_probe: Fix crash in jedec_read_mfr() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 148/153] ALSA: pcm: potential uninitialized return values Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 144/153] tty: vt: fix up tabstops properly Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 143/153] tracing: probeevent: Fix to support minus offset from symbol Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 142/153] mm/mempolicy.c: avoid use uninitialized preferred_node Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 132/153] libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 137/153] RDMA/ucma: Correct option size check using optlen Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 147/153] bonding: process the err returned by dev_set_allmulti properly in bond_enslave Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 139/153] ALSA: aloop: Fix access to not-yet-ready substream via cable Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 146/153] ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 149/153] net/mlx4_en: do not ignore autoneg in mlx4_en_set_pauseparam() Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 136/153] RDMA/ucma: Ensure that CM_ID exists prior to access it Ben Hutchings
2018-05-30 10:52 ` Ben Hutchings [this message]
2018-05-30 10:52 ` [PATCH 3.2 135/153] RDMA/ucma: Fix use-after-free access in ucma_close Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 131/153] skbuff: Fix not waking applications when errors are enqueued Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 128/153] mmc: block: fix updating ext_csd caches on ioctl call Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 134/153] ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Ben Hutchings
2018-05-30 10:52 ` [PATCH 3.2 152/153] RDMA/ucma: Check that device exists prior to accessing it Ben Hutchings
2018-05-30 16:31 ` [PATCH 3.2 000/153] 3.2.102-rc1 review Guenter Roeck
2018-05-30 22:14   ` Ben Hutchings

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=lsq.1527677562.567620381@decadent.org.uk \
    --to=ben@decadent.org.uk \
    --cc=akpm@linux-foundation.org \
    --cc=dledford@redhat.com \
    --cc=leonro@mellanox.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sean.hefty@intel.com \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+e6aba77967bd72cbc9d6@syzkaller.appspotmail.com \
    --subject='Re: [PATCH 3.2 127/153] RDMA/ucma: Fix access to non-initialized CM_ID object' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).