1. 23 Aug, 2023 4 commits
  2. 22 Aug, 2023 2 commits
  3. 21 Aug, 2023 2 commits
    • Linus Torvalds's avatar
      Merge tag 'v6.5-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · f7757129
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "Fix a regression in the caam driver and af_alg"
      
      * tag 'v6.5-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: fix uninit-value in af_alg_free_resources
        Revert "crypto: caam - adjust RNG timing to support more devices"
      f7757129
    • Linus Torvalds's avatar
      mm: avoid 'might_sleep()' in get_mmap_lock_carefully() · 4542057e
      Linus Torvalds authored
      This might_sleep() goes back a long time: it was originally introduced
      way back when by commit 01006074 ("x86: add might_sleep() to
      do_page_fault()"), and made it into the generic VM code when the x86
      fault path got re-organized and generalized in commit c2508ec5 ("mm:
      introduce new 'lock_mm_and_find_vma()' page fault helper").
      
      However, it turns out that the placement of that might_sleep() has
      always been rather questionable simply because it's not only a debug
      statement to warn about sleeping in contexts that shouldn't sleep (which
      was the original reason for adding it), but it also implies a voluntary
      scheduling point.
      
      That, in turn, is less than desirable for two reasons:
      
       (a) it ends up being done after we successfully got the mmap_lock, so
           just as we got the lock we will now eagerly schedule away and
           increase lock contention
      
      and
      
       (b) this is all very possibly part of the "oops, things went horribly
           wrong" path and we just haven't figured that out yet
      
      After all, the whole _reason_ for having that get_mmap_lock_carefully()
      rather than just doing the obvious mmap_read_lock() is because this code
      wants to deal somewhat gracefully with potential kernel wild pointer
      bugs.
      
      So then a voluntary scheduling point here is simply not a good idea.
      
      We could certainly turn the 'might_sleep()' into a '__might_sleep()' and
      make it be just the debug check that it was originally intended to be.
      
      But even that seems questionable in the wild kernel pointer case - which
      again is part of the whole point of this code.  The problem wouldn't be
      about the _sleeping_ part of the page fault, but about a bad kernel
      access.  The fact that that bad kernel access might happen in a section
      that you shouldn't sleep in is secondary.
      
      So it really ends up being the case that this is simply entirely the
      wrong place to do this debug check and related scheduling point at all.
      
      So let's just remove the check entirely.  It's been around for over a
      decade, it has served its purpose.
      
      The re-schedule will happen at return to user space anyway for the
      normal case, and the warning - if we even need it - might be better off
      done as a special case for "page fault from kernel mode" once we've
      dealt with any potential kernel oopses where the oops is the relevant
      thing, not some artificial "scheduling while atomic" test.
      Reported-by: default avatarMateusz Guzik <mjguzik@gmail.com>
      Link: https://lore.kernel.org/lkml/20230820104303.2083444-1-mjguzik@gmail.com/
      Cc: Matthew Wilcox <willy@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4542057e
  4. 20 Aug, 2023 3 commits
    • Linus Torvalds's avatar
      Linux 6.5-rc7 · 706a7415
      Linus Torvalds authored
      706a7415
    • Linus Torvalds's avatar
      Merge tag 'tty-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · b320441c
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some small tty and serial core fixes for 6.5-rc7 that resolve
        a lot of reported issues.
      
        Primarily in here are the fixes for the serial bus code from Tony that
        came in -rc1, as it hit wider testing with the huge number of
        different types of systems and serial ports. All of the reported
        issues with duplicate names and other issues with this code are now
        resolved.
      
        Other than that included in here is:
      
         - n_gsm fix for a previous fix
      
         - 8250 lockdep annotation fix
      
         - fsl_lpuart serial driver fix
      
         - TIOCSTI documentation update for previous CAP_SYS_ADMIN change
      
        All of these have been in linux-next for a while with no reported
        problems"
      
      * tag 'tty-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: core: Fix serial core port id, including multiport devices
        serial: 8250: drop lockdep annotation from serial8250_clear_IER()
        tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
        serial: core: Revert port_id use
        TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig
        serial: 8250: Fix oops for port->pm on uart_change_pm()
        serial: 8250: Reinit port_id when adding back serial8250_isa_devs
        serial: core: Fix kmemleak issue for serial core device remove
        MAINTAINERS: Merge TTY layer and serial drivers
        serial: core: Fix serial_base_match() after fixing controller port name
        serial: core: Fix serial core controller port name to show controller id
        serial: core: Fix serial core port id to not use port->line
        serial: core: Controller id cannot be negative
        tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms
      b320441c
    • Linus Torvalds's avatar
      Merge tag 'rust-fixes-6.5-rc7' of https://github.com/Rust-for-Linux/linux · ec27a636
      Linus Torvalds authored
      Pull rust fix from Miguel Ojeda:
      
       - Macros: fix 'HAS_*' redefinition by the '#[vtable]' macro
         under conditional compilation
      
      * tag 'rust-fixes-6.5-rc7' of https://github.com/Rust-for-Linux/linux:
        rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`)
      ec27a636
  5. 19 Aug, 2023 12 commits
  6. 18 Aug, 2023 17 commits
    • Sweet Tea Dorminy's avatar
      blk-crypto: dynamically allocate fallback profile · c984ff14
      Sweet Tea Dorminy authored
      blk_crypto_profile_init() calls lockdep_register_key(), which warns and
      does not register if the provided memory is a static object.
      blk-crypto-fallback currently has a static blk_crypto_profile and calls
      blk_crypto_profile_init() thereupon, resulting in the warning and
      failure to register.
      
      Fortunately it is simple enough to use a dynamically allocated profile
      and make lockdep function correctly.
      
      Fixes: 2fb48d88 ("blk-crypto: use dynamic lock class for blk_crypto_profile::lock")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarSweet Tea Dorminy <sweettea-kernel@dorminy.me>
      Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
      Link: https://lore.kernel.org/r/20230817141615.15387-1-sweettea-kernel@dorminy.meSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      c984ff14
    • Ming Lei's avatar
      blk-cgroup: hold queue_lock when removing blkg->q_node · c164c7bc
      Ming Lei authored
      When blkg is removed from q->blkg_list from blkg_free_workfn(), queue_lock
      has to be held, otherwise, all kinds of bugs(list corruption, hard lockup,
      ..) can be triggered from blkg_destroy_all().
      
      Fixes: f1c006f1 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()")
      Cc: Yu Kuai <yukuai3@huawei.com>
      Cc: xiaoli feng <xifeng@redhat.com>
      Cc: Chunyu Hu <chuhu@redhat.com>
      Cc: Mike Snitzer <snitzer@kernel.org>
      Cc: Tejun Heo <tj@kernel.org>
      Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Link: https://lore.kernel.org/r/20230817141751.1128970-1-ming.lei@redhat.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      c164c7bc
    • Li Zhijian's avatar
      drivers/rnbd: restore sysfs interface to rnbd-client · 6548fce0
      Li Zhijian authored
      Commit 137380c0 renamed 'rnbd-client' to 'rnbd_client', this changed
      sysfs interface to /sys/devices/virtual/rnbd_client/ctl/map_device
      from /sys/devices/virtual/rnbd-client/ctl/map_device.
      
      CC: Ivan Orlov <ivan.orlov0322@gmail.com>
      CC: "Md. Haris Iqbal" <haris.iqbal@ionos.com>
      CC: Jack Wang <jinpu.wang@ionos.com>
      Fixes: 137380c0 ("block/rnbd: make all 'class' structures const")
      Signed-off-by: default avatarLi Zhijian <lizhijian@fujitsu.com>
      Acked-by: default avatarJack Wang <jinpu.wang@ionos.com>
      Link: https://lore.kernel.org/r/20230816022210.2501228-1-lizhijian@fujitsu.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      6548fce0
    • Christian Göttsche's avatar
      selinux: set next pointer before attaching to list · 70d91dc9
      Christian Göttsche authored
      Set the next pointer in filename_trans_read_helper() before attaching
      the new node under construction to the list, otherwise garbage would be
      dereferenced on subsequent failure during cleanup in the out goto label.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 43005902 ("selinux: implement new format of filename transitions")
      Signed-off-by: default avatarChristian Göttsche <cgzones@googlemail.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      70d91dc9
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · d4ddefee
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
       "Two more SME fixes related to ptrace(): ensure that the SME is
        properly set up for the target thread and that the thread sees
        the ZT registers set via ptrace"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/ptrace: Ensure that the task sees ZT writes on first use
        arm64/ptrace: Ensure that SME is set up for target when writing SSVE state
      d4ddefee
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 3e13eee1
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - fix a regression in the sysfs interface
      
       - fix a reference counting bug that's been around for years
      
       - MAINTAINERS update
      
      * tag 'gpio-fixes-for-v6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpiolib: fix reference leaks when removing GPIO chips still in use
        gpiolib: sysfs: Do unexport GPIO when user asks for it
        MAINTAINERS: add content regex for gpio-regmap
      3e13eee1
    • Linus Torvalds's avatar
      Merge tag '6.5-rc6-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6 · 8abd7287
      Linus Torvalds authored
      Pull smb client fix from Steve French:
       "A small SMB mount option fix, also for stable"
      
      * tag '6.5-rc6-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6:
        smb: client: fix null auth
      8abd7287
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · cd479d9c
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - avoid excessive rejections from seccomp RET_ERRNO rules
      
       - compressed jal/jalr decoding fix
      
       - fixes for independent irq/softirq stacks on kernels built with
         CONFIG_FRAME_POINTER=n
      
       - avoid a hang handling uaccess fixups
      
       - another build fix for toolchain ISA strings, this time for Zicsr and
         Zifenci on old GNU toolchains
      
      * tag 'riscv-for-linus-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Handle zicsr/zifencei issue between gcc and binutils
        riscv: uaccess: Return the number of bytes effectively not copied
        riscv: stack: Fixup independent softirq stack for CONFIG_FRAME_POINTER=n
        riscv: stack: Fixup independent irq stack for CONFIG_FRAME_POINTER=n
        riscv: correct riscv_insn_is_c_jr() and riscv_insn_is_c_jalr()
        riscv: entry: set a0 = -ENOSYS only when syscall != -1
      cd479d9c
    • Linus Torvalds's avatar
      Merge tag 'sound-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · ce03e180
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Slightly bigger than I wished, but here we go, a collection of fixes
        for 6.5.
      
        The only change in the core side is the ease for repeated ASoC error
        messages, and the rest are all pretty device-specific small fixes
        (including regression fixes) for ASoC Intel and HD-audio / USB-audio
        quirks"
      
      * tag 'sound-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda/realtek - Remodified 3k pull low procedure
        ASoC: rt1308-sdw: fix random louder sound
        ALSA: hda/cs8409: Support new Dell Dolphin Variants
        ALSA: hda/realtek: Switch Dell Oasis models to use SPI
        ALSA: hda/realtek: Add quirks for HP G11 Laptops
        ASoC: meson: axg-tdm-formatter: fix channel slot allocation
        ASoC: SOF: ipc4-topology: Update the basecfg for copier earlier
        ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop
        ASoC: Intel: sof-sdw-cs42142: fix for codec button mapping
        ASoC: Intel: sof-sdw: update jack detection quirk for LunarLake RVP
        ASoC: SOF: Fix incorrect use of sizeof in sof_ipc3_do_rx_work()
        ASoC: lower "no backend DAIs enabled for ... Port" log severity
        ASoC: rt5665: add missed regulator_bulk_disable
        ASoC: max98363: don't return on success reading revision ID
        ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
        ASoC: fsl: micfil: Use dual license micfil code
      ce03e180
    • Linus Torvalds's avatar
      Merge tag 'mmc-v6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 88d4a164
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Fix in_flight[issue_type] value error to properly manage requests
      
        MMC host:
         - wbsd: Fix double free in the probe error path
         - sunplus: Fix error path in probe
         - sdhci_f_sdh30: Fix order of function calls in sdhci_f_sdh30_remove"
      
      * tag 'mmc-v6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove
        mmc: sunplus: Fix error handling in spmmc_drv_probe()
        mmc: sunplus: fix return value check of mmc_add_host()
        mmc: wbsd: fix double mmc_free_host() in wbsd_init()
        mmc: block: Fix in_flight[issue_type] value error
      88d4a164
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · f33fd7eb
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "Fixes two issues with the Qualcomm SA8775P platform:
      
         - Some minor device tree binding flunky that is nice to iron out but
           more importantly:
      
         - Support the increased interrupt targets mask from 3 to 4 bits,
           making interrupts with higher (hardware) numbers work"
      
      * tag 'pinctrl-v6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: qcom: Add intr_target_width field to support increased number of interrupt targets
        dt-bindings: pinctrl: qcom,sa8775p-tlmm: add gpio function constant
      f33fd7eb
    • Linus Torvalds's avatar
      Merge tag 'soc-fixes-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 80706f55
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "As usual, mostly DT fixes for the major Arm platforms from Qualcomm
        and NXP, plus a bit for Rockchips and others:
      
        The qualcomm fixes mainly deal with their higher-end arm64 devices
        trees, fixing issues in L3 interconnect, crypto, thermal, UFS and a
        regression for the DSI phy.
      
        NXP i.MX has two correctness fixes for the 64-bit chips, dealing with
        the imx93 "anatop" module and the CSI interface. On the 32-bit side,
        there are functional fixes for RTC, display and SD card intefaces.
      
        Rockchip fixes are for wifi support on certain boards, a eMMC
        stability and DT build warnings.
      
        On TI OMAP, a regulator is described in DT to avoid problems with the
        ethernet phy initialization.
      
        The code changes include a missing MMIO serialization on OMAP, plus a
        few minor fixes on ASpeed and AMD/Zynq chips"
      
      * tag 'soc-fixes-6.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits)
        ARM: dts: am335x-bone-common: Add vcc-supply for on-board eeprom
        ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board
        soc: aspeed: socinfo: Add kfree for kstrdup
        soc: aspeed: uart-routing: Use __sysfs_match_string
        ARM: dts: integrator: fix PCI bus dtc warnings
        arm64: dts: imx93: Fix anatop node size
        arm64: dts: qcom: sc7180: Fix DSI0_PHY reg-names
        ARM: dts: imx: Set default tuning step for imx6sx usdhc
        arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration
        arm64: dts: imx8mn: Drop CSI1 PHY reference clock configuration
        ARM: dts: imx: Set default tuning step for imx7d usdhc
        ARM: dts: imx6: phytec: fix RTC interrupt level
        ARM: dts: imx6sx: Remove LDB endpoint
        arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards
        ARM: zynq: Explicitly include correct DT includes
        arm64: dts: qcom: sa8775p-ride: Update L4C parameters
        arm64: dts: rockchip: minor whitespace cleanup around '='
        arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+
        arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
        arm64: dts: rockchip: add missing space before { on indiedroid nova
        ...
      80706f55
    • Linus Torvalds's avatar
      Merge tag 'asm-generic-fix-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic · eabeef90
      Linus Torvalds authored
      Pull asm-generic regression fix from Arnd Bergmann:
       "Just one partial revert for a commit from the merge window that caused
        annoying behavior when building old kernels on arm64 hosts"
      
      * tag 'asm-generic-fix-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
        asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch"
      eabeef90
    • Josef Bacik's avatar
      btrfs: fix incorrect splitting in btrfs_drop_extent_map_range · c962098c
      Josef Bacik authored
      In production we were seeing a variety of WARN_ON()'s in the extent_map
      code, specifically in btrfs_drop_extent_map_range() when we have to call
      add_extent_mapping() for our second split.
      
      Consider the following extent map layout
      
      	PINNED
      	[0 16K)  [32K, 48K)
      
      and then we call btrfs_drop_extent_map_range for [0, 36K), with
      skip_pinned == true.  The initial loop will have
      
      	start = 0
      	end = 36K
      	len = 36K
      
      we will find the [0, 16k) extent, but since we are pinned we will skip
      it, which has this code
      
      	start = em_end;
      	if (end != (u64)-1)
      		len = start + len - em_end;
      
      em_end here is 16K, so now the values are
      
      	start = 16K
      	len = 16K + 36K - 16K = 36K
      
      len should instead be 20K.  This is a problem when we find the next
      extent at [32K, 48K), we need to split this extent to leave [36K, 48k),
      however the code for the split looks like this
      
      	split->start = start + len;
      	split->len = em_end - (start + len);
      
      In this case we have
      
      	em_end = 48K
      	split->start = 16K + 36K       // this should be 16K + 20K
      	split->len = 48K - (16K + 36K) // this overflows as 16K + 36K is 52K
      
      and now we have an invalid extent_map in the tree that potentially
      overlaps other entries in the extent map.  Even in the non-overlapping
      case we will have split->start set improperly, which will cause problems
      with any block related calculations.
      
      We don't actually need len in this loop, we can simply use end as our
      end point, and only adjust start up when we find a pinned extent we need
      to skip.
      
      Adjust the logic to do this, which keeps us from inserting an invalid
      extent map.
      
      We only skip_pinned in the relocation case, so this is relatively rare,
      except in the case where you are running relocation a lot, which can
      happen with auto relocation on.
      
      Fixes: 55ef6899 ("Btrfs: Fix btrfs_drop_extent_cache for skip pinned case")
      CC: stable@vger.kernel.org # 4.14+
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      c962098c
    • Borislav Petkov (AMD)'s avatar
      x86/srso: Correct the mitigation status when SMT is disabled · 6405b72e
      Borislav Petkov (AMD) authored
      Specify how is SRSO mitigated when SMT is disabled. Also, correct the
      SMT check for that.
      
      Fixes: e9fbc47b ("x86/srso: Disable the mitigation on unaffected configurations")
      Suggested-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Acked-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
      Link: https://lore.kernel.org/r/20230814200813.p5czl47zssuej7nv@treble
      6405b72e
    • Pavel Skripkin's avatar
      crypto: fix uninit-value in af_alg_free_resources · 080aa61e
      Pavel Skripkin authored
      Syzbot was able to trigger use of uninitialized memory in
      af_alg_free_resources.
      
      Bug is caused by missing initialization of rsgl->sgl.need_unpin before
      adding to rsgl_list. Then in case of extract_iter_to_sg() failure, rsgl
      is left with uninitialized need_unpin which is read during clean up
      
      BUG: KMSAN: uninit-value in af_alg_free_sg crypto/af_alg.c:545 [inline]
      BUG: KMSAN: uninit-value in af_alg_free_areq_sgls crypto/af_alg.c:778 [inline]
      BUG: KMSAN: uninit-value in af_alg_free_resources+0x3d1/0xf60 crypto/af_alg.c:1117
       af_alg_free_sg crypto/af_alg.c:545 [inline]
       af_alg_free_areq_sgls crypto/af_alg.c:778 [inline]
       af_alg_free_resources+0x3d1/0xf60 crypto/af_alg.c:1117
       _skcipher_recvmsg crypto/algif_skcipher.c:144 [inline]
      ...
      
      Uninit was created at:
       slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
       slab_alloc_node mm/slub.c:3470 [inline]
       __kmem_cache_alloc_node+0x536/0x8d0 mm/slub.c:3509
       __do_kmalloc_node mm/slab_common.c:984 [inline]
       __kmalloc+0x121/0x3c0 mm/slab_common.c:998
       kmalloc include/linux/slab.h:586 [inline]
       sock_kmalloc+0x128/0x1c0 net/core/sock.c:2683
       af_alg_alloc_areq+0x41/0x2a0 crypto/af_alg.c:1188
       _skcipher_recvmsg crypto/algif_skcipher.c:71 [inline]
      
      Fixes: c1abe6f5 ("crypto: af_alg: Use extract_iter_to_sg() to create scatterlists")
      Reported-and-tested-by: syzbot+cba21d50095623218389@syzkaller.appspotmail.com
      Closes: https://syzkaller.appspot.com/bug?extid=cba21d50095623218389Signed-off-by: default avatarPavel Skripkin <paskripkin@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      080aa61e
    • Herbert Xu's avatar