[PATCH] rtl8723ae: Make rtl8723e_dm_refresh_rate_adaptive_mask static

From: YueHaibing Fix sparse warning: drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c:666:6: warning: symbol 'rtl8723e_dm_refresh_rate_adaptive_mask' was not declared. Should it be static? Signed-off-by: YueHaibing --- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c | 2 +- 1 file ch

[PATCH] can: af_can: Fix possible NULL pointer dereference in can_exit

From: YueHaibing Syzkaller report this: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1] SMP KASAN PTI CPU: 0 PID: 9400 Comm: syz-executor.0 Tainted: G C5.0.0-rc8+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS

[PATCH v2] appletalk: Correctly check return value of register_snap_client

From: YueHaibing register_snap_client may return NULL, all the callers check it, but only print a warning. This will result in NULL pointer dereference in unregister_snap_client and other places. It has always been used like this since v2.6 Reported-by: Dan Carpenter Signed-off-by: YueHaibing

[PATCH] ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit

From: YueHaibing Syzkaller report this: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1] SMP KASAN PTI CPU: 0 PID: 4492 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH] ray_cs: use remove_proc_subtree to simplify procfs code

From: YueHaibing Use remove_proc_subtree to remove the whole subtree Signed-off-by: YueHaibing --- drivers/net/wireless/ray_cs.c | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c index d561659..ee4d810 100644

[PATCH] ray_cs: Check return value of pcmcia_register_driver

From: YueHaibing init_ray_cs does not check value of pcmcia_register_driver, if it fails, there maybe cause a NULL pointer dereference in exit_ray_cs. Signed-off-by: YueHaibing --- drivers/net/wireless/ray_cs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/ray_cs.c

[PATCH] appletalk: Correctly handle return value of register_snap_client

From: YueHaibing register_snap_client may return NULL, all the callers check it, but only print a warning. This will result in NULL pointer dereference in unregister_snap_client and other places. It has always been used like this since v2.6 Reported-by: Dan Carpenter Signed-off-by: YueHaibing

[PATCH] proc/sysctl: Fix NULL pointer dereference in put_links

From: YueHaibing Syzkaller report this: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1] SMP KASAN PTI CPU: 1 PID: 5373 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1

[PATCH] net-sysfs: Fix mem leak in netdev_register_kobject

From: YueHaibing syzkaller report this: BUG: memory leak unreferenced object 0x88837a71a500 (size 256): comm "syz-executor.2", pid 9770, jiffies 4297825125 (age 17.843s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .N.. ff ff ff ff ff ff

[PATCH net-next] drivers: net: Remove unnecessary semicolon

From: YueHaibing drivers/net/dsa/mt7530.c:649:3-4: Unneeded semicolon drivers/net/ethernet/cisco/enic/enic_clsf.c:35:2-3: Unneeded semicolon drivers/net/ethernet/faraday/ftgmac100.c:1640:2-3: Unneeded semicolon drivers/net/ethernet/mediatek/mtk_eth_soc.c:229:2-3: Unneeded semicolon drivers/net/us

[PATCH v2 2/2] appletalk: Fix use-after-free in atalk_proc_exit

From: YueHaibing KASAN report this: BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806 CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX,

[PATCH v2 1/2] appletalk: use remove_proc_subtree to simplify procfs code

From: YueHaibing Use remove_proc_subtree to remove the whole subtree on cleanup.Also do some cleanup. Signed-off-by: YueHaibing --- net/appletalk/atalk_proc.c | 56 ++ 1 file changed, 17 insertions(+), 39 deletions(-) diff --git a/net/appletalk/atal

[PATCH v2 0/2] appletalk: small cleanup and bugfix

From: YueHaibing v2: - Add cover letter log This patch series mainly fix a use-after-free bug in atalk_proc_exit. patch 1 use remove_proc_subtree helper to simplify atalk_proc fs code, also some other cleanup. patch 2 add proper error cleanup path in atalk_init to fix the issue, which based on t

[PATCH 2/2] appletalk: Fix use-after-free in atalk_proc_exit

From: YueHaibing KASAN report this: BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806 CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX,

[PATCH 1/2] appletalk: use remove_proc_subtree to simplify procfs code

From: YueHaibing Use remove_proc_subtree to remove the whole subtree on cleanup.Also do some cleanup. Signed-off-by: YueHaibing --- net/appletalk/atalk_proc.c | 56 ++ 1 file changed, 17 insertions(+), 39 deletions(-) diff --git a/net/appletalk/atal

[PATCH 0/2] appletalk: A cleanup and bugfix

From: YueHaibing YueHaibing (2): appletalk: use remove_proc_subtree to simplify procfs code appletalk: Fix use-after-free in atalk_proc_exit include/linux/atalk.h| 2 +- net/appletalk/atalk_proc.c | 58 +--- net/appletalk/ddp.c

[PATCH] xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink

From: YueHaibing UBSAN report this: UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24 index 6 is out of range for type 'unsigned int [6]' CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH v3] xfrm: policy: Fix possible user after free in __xfrm_policy_unlink

From: YueHaibing UBSAN report this: UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24 index 6 is out of range for type 'unsigned int [6]' CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH v2] xfrm: policy: Fix possible user after free in __xfrm_policy_unlink

From: YueHaibing UBSAN report this: UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24 index 6 is out of range for type 'unsigned int [6]' CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH] xfrm: policy: Fix possible user after free in __xfrm_policy_unlink

From: YueHaibing UBSAN report this: UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24 index 6 is out of range for type 'unsigned int [6]' CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH v2] appletalk: Fix use-after-free in atalk_proc_exit

From: YueHaibing KASAN report this: BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806 CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX,

[PATCH v2 -next] appletalk: use remove_proc_subtree to simplify procfs code

From: YueHaibing Use remove_proc_subtree to remove the whole subtree on cleanup.Also do some cleanup. Signed-off-by: YueHaibing --- net/appletalk/atalk_proc.c | 56 ++ 1 file changed, 17 insertions(+), 39 deletions(-) diff --git a/net/appletalk/atal

[PATCH -next] appletalk: use remove_proc_subtree to simplify procfs code

From: YueHaibing Use remove_proc_subtree to remove the whole subtree on cleanup.Also do some cleanup. Signed-off-by: YueHaibing --- net/appletalk/atalk_proc.c | 56 ++ 1 file changed, 17 insertions(+), 39 deletions(-) diff --git a/net/appletalk/atal

[PATCH] appletalk: Fix use-after-free in atalk_proc_exit

From: YueHaibing KASAN report this: BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 Read of size 8 at addr 8881f41fe5b0 by task syz-executor.0/2806 CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX,

[PATCH v2] xfrm: correctly check policy index in verify_newpolicy_info

From: YueHaibing UBSAN report this: UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24 index 6 is out of range for type 'unsigned int [6]' CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH] xfrm: correctly check policy index in verify_newpolicy_info

From: YueHaibing UBSAN report this: UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24 index 6 is out of range for type 'unsigned int [6]' CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu

[PATCH] cfg80211: reg: Fix use-after-free in call_crda

From: YueHaibing KASAN report this: BUG: KASAN: use-after-free in kobject_uevent_env+0xedb/0xf20 lib/kobject_uevent.c:474 Read of size 8 at addr 8881e52d5dc0 by task kworker/0:2/1066 CPU: 0 PID: 1066 Comm: kworker/0:2 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PII

[PATCH] net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails

From: YueHaibing KASAN report this: BUG: KASAN: null-ptr-deref in nfc_llcp_build_gb+0x37f/0x540 [nfc] Read of size 3 at addr by task syz-executor.0/5401 CPU: 0 PID: 5401 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS

[PATCH net-next] kcm: Remove unnecessary SLAB_PANIC for kmem_cache_create() in kcm_init

From: YueHaibing There has check NULL on kmem_cache_create on failure in kcm_init, no need use SLAB_PANIC to panic the system. Signed-off-by: YueHaibing --- net/kcm/kcmsock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index 571

[PATCH] mdio_bus: Fix use-after-free on device_register fails

From: YueHaibing KASAN has found use-after-free in fixed_mdio_bus_init, commit 0c692d07842a ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") call put_device() while device_register() fails,give up the last reference to the device and allow mdiobus_release to be execute

[PATCH] rds: tcp: remove duplicated include from tcp.c

Remove duplicated include. Signed-off-by: Yue Haibing --- net/rds/tcp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/rds/tcp.c b/net/rds/tcp.c index 2c7b7c3..b9bbcf3 100644 --- a/net/rds/tcp.c +++ b/net/rds/tcp.c @@ -37,7 +37,6 @@ #include #include #include -#include #include

[PATCH] sch_cake: Remove unused including

Remove including that don't need it. Signed-off-by: Yue Haibing --- net/sched/sch_cake.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c index 35fc725..4d26b08 100644 --- a/net/sched/sch_cake.c +++ b/net/sched/sch_cake.c @@ -64,7

[PATCH] rhashtable: remove duplicated include from rhashtable.c

Remove duplicated include. Signed-off-by: Yue Haibing --- lib/rhashtable.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/rhashtable.c b/lib/rhashtable.c index ae4223e..672eecd 100644 --- a/lib/rhashtable.c +++ b/lib/rhashtable.c @@ -28,7 +28,6 @@ #include #include #include

[PATCH net-next] lan743x: lan743x: Remove duplicated include from lan743x_ptp.c

Remove duplicated include. Signed-off-by: Yue Haibing --- drivers/net/ethernet/microchip/lan743x_ptp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/ethernet/microchip/lan743x_ptp.c b/drivers/net/ethernet/microchip/lan743x_ptp.c index 42064fd..029a2af 100644 --- a/drivers/net