+++ /dev/null
-From ac5222464465454623afe79cb1926e6f0ce077aa Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 30 Oct 2022 16:03:37 +0100
-Subject: nfc: Add KCOV annotations
-
-From: Dmitry Vyukov <dvyukov@google.com>
-
-[ Upstream commit 7e8cdc97148c6ba66671e88ad9f7d434f4df3438 ]
-
-Add remote KCOV annotations for NFC processing that is done
-in background threads. This enables efficient coverage-guided
-fuzzing of the NFC subsystem.
-
-The intention is to add annotations to background threads that
-process skb's that were allocated in syscall context
-(thus have a KCOV handle associated with the current fuzz test).
-This includes nci_recv_frame() that is called by the virtual nci
-driver in the syscall context.
-
-Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
-Cc: Bongsu Jeon <bongsu.jeon@samsung.com>
-Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
-Cc: netdev@vger.kernel.org
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Stable-dep-of: 19e35f24750d ("nfc: nci: Fix kcov check in nci_rx_work()")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/nfc/nci/core.c | 8 +++++++-
- net/nfc/nci/hci.c | 4 +++-
- net/nfc/rawsock.c | 3 +++
- 3 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
-index d8002065baaef..a5dbd0a43a186 100644
---- a/net/nfc/nci/core.c
-+++ b/net/nfc/nci/core.c
-@@ -24,6 +24,7 @@
- #include <linux/sched.h>
- #include <linux/bitops.h>
- #include <linux/skbuff.h>
-+#include <linux/kcov.h>
-
- #include "../nfc.h"
- #include <net/nfc/nci.h>
-@@ -1471,6 +1472,7 @@ static void nci_tx_work(struct work_struct *work)
- skb = skb_dequeue(&ndev->tx_q);
- if (!skb)
- return;
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- /* Check if data flow control is used */
- if (atomic_read(&conn_info->credits_cnt) !=
-@@ -1486,6 +1488,7 @@ static void nci_tx_work(struct work_struct *work)
-
- mod_timer(&ndev->data_timer,
- jiffies + msecs_to_jiffies(NCI_DATA_TIMEOUT));
-+ kcov_remote_stop();
- }
- }
-
-@@ -1496,7 +1499,8 @@ static void nci_rx_work(struct work_struct *work)
- struct nci_dev *ndev = container_of(work, struct nci_dev, rx_work);
- struct sk_buff *skb;
-
-- while ((skb = skb_dequeue(&ndev->rx_q))) {
-+ for (; (skb = skb_dequeue(&ndev->rx_q)); kcov_remote_stop()) {
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- /* Send copy to sniffer */
- nfc_send_to_raw_sock(ndev->nfc_dev, skb,
-@@ -1555,6 +1559,7 @@ static void nci_cmd_work(struct work_struct *work)
- if (!skb)
- return;
-
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
- atomic_dec(&ndev->cmd_cnt);
-
- pr_debug("NCI TX: MT=cmd, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n",
-@@ -1567,6 +1572,7 @@ static void nci_cmd_work(struct work_struct *work)
-
- mod_timer(&ndev->cmd_timer,
- jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT));
-+ kcov_remote_stop();
- }
- }
-
-diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c
-index 4fe336ff2bfa1..05546c6e035f0 100644
---- a/net/nfc/nci/hci.c
-+++ b/net/nfc/nci/hci.c
-@@ -14,6 +14,7 @@
- #include <net/nfc/nci.h>
- #include <net/nfc/nci_core.h>
- #include <linux/nfc.h>
-+#include <linux/kcov.h>
-
- struct nci_data {
- u8 conn_id;
-@@ -414,7 +415,8 @@ static void nci_hci_msg_rx_work(struct work_struct *work)
- struct nci_hcp_message *message;
- u8 pipe, type, instruction;
-
-- while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) {
-+ for (; (skb = skb_dequeue(&hdev->msg_rx_queue)); kcov_remote_stop()) {
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
- pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]);
- skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN);
- message = (struct nci_hcp_message *)skb->data;
-diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
-index 5f1d438a0a23f..8cdaebf81f20b 100644
---- a/net/nfc/rawsock.c
-+++ b/net/nfc/rawsock.c
-@@ -12,6 +12,7 @@
- #include <net/tcp_states.h>
- #include <linux/nfc.h>
- #include <linux/export.h>
-+#include <linux/kcov.h>
-
- #include "nfc.h"
-
-@@ -189,6 +190,7 @@ static void rawsock_tx_work(struct work_struct *work)
- }
-
- skb = skb_dequeue(&sk->sk_write_queue);
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- sock_hold(sk);
- rc = nfc_data_exchange(dev, target_idx, skb,
-@@ -197,6 +199,7 @@ static void rawsock_tx_work(struct work_struct *work)
- rawsock_report_error(sk, rc);
- sock_put(sk);
- }
-+ kcov_remote_stop();
- }
-
- static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
---
-2.43.0
-
+++ /dev/null
-From a2bfe7a7bf93b563e6966f23080d5df6c905649b Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 5 May 2024 19:36:49 +0900
-Subject: nfc: nci: Fix kcov check in nci_rx_work()
-
-From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-
-[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ]
-
-Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added
-kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(),
-with an assumption that kcov_remote_stop() is called upon continue of
-the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in
-nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before
-break of the for loop.
-
-Reported-by: syzbot <syzbot+0438378d6f157baae1a2@syzkaller.appspotmail.com>
-Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2
-Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
-Suggested-by: Andrey Konovalov <andreyknvl@gmail.com>
-Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
-Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp
-Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/nfc/nci/core.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
-index a5dbd0a43a186..cc40f6ebd96a6 100644
---- a/net/nfc/nci/core.c
-+++ b/net/nfc/nci/core.c
-@@ -1508,6 +1508,7 @@ static void nci_rx_work(struct work_struct *work)
-
- if (!nci_plen(skb->data)) {
- kfree_skb(skb);
-+ kcov_remote_stop();
- break;
- }
-
---
-2.43.0
-
hwmon-corsair-cpro-protect-ccp-wait_input_report-wit.patch
phonet-fix-rtm_phonet_notify-skb-allocation.patch
kcov-remove-kcov-include-from-sched.h-and-move-it-to.patch
-nfc-add-kcov-annotations.patch
-nfc-nci-fix-kcov-check-in-nci_rx_work.patch
net-bridge-fix-corrupted-ethernet-header-on-multicas.patch
ipv6-fib6_rules-avoid-possible-null-dereference-in-f.patch
net-hns3-use-appropriate-barrier-function-after-sett.patch
+++ /dev/null
-From eee1d2cff6a400ff92406ab864b2f5f156008e16 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 30 Oct 2022 16:03:37 +0100
-Subject: nfc: Add KCOV annotations
-
-From: Dmitry Vyukov <dvyukov@google.com>
-
-[ Upstream commit 7e8cdc97148c6ba66671e88ad9f7d434f4df3438 ]
-
-Add remote KCOV annotations for NFC processing that is done
-in background threads. This enables efficient coverage-guided
-fuzzing of the NFC subsystem.
-
-The intention is to add annotations to background threads that
-process skb's that were allocated in syscall context
-(thus have a KCOV handle associated with the current fuzz test).
-This includes nci_recv_frame() that is called by the virtual nci
-driver in the syscall context.
-
-Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
-Cc: Bongsu Jeon <bongsu.jeon@samsung.com>
-Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
-Cc: netdev@vger.kernel.org
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Stable-dep-of: 19e35f24750d ("nfc: nci: Fix kcov check in nci_rx_work()")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/nfc/nci/core.c | 8 +++++++-
- net/nfc/nci/hci.c | 4 +++-
- net/nfc/rawsock.c | 3 +++
- 3 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
-index 2a821f2b2ffe8..20e01f20fdcb1 100644
---- a/net/nfc/nci/core.c
-+++ b/net/nfc/nci/core.c
-@@ -24,6 +24,7 @@
- #include <linux/sched.h>
- #include <linux/bitops.h>
- #include <linux/skbuff.h>
-+#include <linux/kcov.h>
-
- #include "../nfc.h"
- #include <net/nfc/nci.h>
-@@ -1485,6 +1486,7 @@ static void nci_tx_work(struct work_struct *work)
- skb = skb_dequeue(&ndev->tx_q);
- if (!skb)
- return;
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- /* Check if data flow control is used */
- if (atomic_read(&conn_info->credits_cnt) !=
-@@ -1500,6 +1502,7 @@ static void nci_tx_work(struct work_struct *work)
-
- mod_timer(&ndev->data_timer,
- jiffies + msecs_to_jiffies(NCI_DATA_TIMEOUT));
-+ kcov_remote_stop();
- }
- }
-
-@@ -1510,7 +1513,8 @@ static void nci_rx_work(struct work_struct *work)
- struct nci_dev *ndev = container_of(work, struct nci_dev, rx_work);
- struct sk_buff *skb;
-
-- while ((skb = skb_dequeue(&ndev->rx_q))) {
-+ for (; (skb = skb_dequeue(&ndev->rx_q)); kcov_remote_stop()) {
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- /* Send copy to sniffer */
- nfc_send_to_raw_sock(ndev->nfc_dev, skb,
-@@ -1569,6 +1573,7 @@ static void nci_cmd_work(struct work_struct *work)
- if (!skb)
- return;
-
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
- atomic_dec(&ndev->cmd_cnt);
-
- pr_debug("NCI TX: MT=cmd, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n",
-@@ -1581,6 +1586,7 @@ static void nci_cmd_work(struct work_struct *work)
-
- mod_timer(&ndev->cmd_timer,
- jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT));
-+ kcov_remote_stop();
- }
- }
-
-diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c
-index 85b808fdcbc3a..7ac5c03176843 100644
---- a/net/nfc/nci/hci.c
-+++ b/net/nfc/nci/hci.c
-@@ -14,6 +14,7 @@
- #include <net/nfc/nci.h>
- #include <net/nfc/nci_core.h>
- #include <linux/nfc.h>
-+#include <linux/kcov.h>
-
- struct nci_data {
- u8 conn_id;
-@@ -409,7 +410,8 @@ static void nci_hci_msg_rx_work(struct work_struct *work)
- const struct nci_hcp_message *message;
- u8 pipe, type, instruction;
-
-- while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) {
-+ for (; (skb = skb_dequeue(&hdev->msg_rx_queue)); kcov_remote_stop()) {
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
- pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]);
- skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN);
- message = (struct nci_hcp_message *)skb->data;
-diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
-index 0ca214ab5aeff..88e37a14a7e69 100644
---- a/net/nfc/rawsock.c
-+++ b/net/nfc/rawsock.c
-@@ -12,6 +12,7 @@
- #include <net/tcp_states.h>
- #include <linux/nfc.h>
- #include <linux/export.h>
-+#include <linux/kcov.h>
-
- #include "nfc.h"
-
-@@ -189,6 +190,7 @@ static void rawsock_tx_work(struct work_struct *work)
- }
-
- skb = skb_dequeue(&sk->sk_write_queue);
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- sock_hold(sk);
- rc = nfc_data_exchange(dev, target_idx, skb,
-@@ -197,6 +199,7 @@ static void rawsock_tx_work(struct work_struct *work)
- rawsock_report_error(sk, rc);
- sock_put(sk);
- }
-+ kcov_remote_stop();
- }
-
- static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
---
-2.43.0
-
+++ /dev/null
-From e943d3612f48832ca87cd787410b8e4772a43a67 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 5 May 2024 19:36:49 +0900
-Subject: nfc: nci: Fix kcov check in nci_rx_work()
-
-From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-
-[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ]
-
-Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added
-kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(),
-with an assumption that kcov_remote_stop() is called upon continue of
-the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in
-nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before
-break of the for loop.
-
-Reported-by: syzbot <syzbot+0438378d6f157baae1a2@syzkaller.appspotmail.com>
-Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2
-Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
-Suggested-by: Andrey Konovalov <andreyknvl@gmail.com>
-Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
-Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp
-Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/nfc/nci/core.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
-index 20e01f20fdcb1..d26c21df0d283 100644
---- a/net/nfc/nci/core.c
-+++ b/net/nfc/nci/core.c
-@@ -1522,6 +1522,7 @@ static void nci_rx_work(struct work_struct *work)
-
- if (!nci_plen(skb->data)) {
- kfree_skb(skb);
-+ kcov_remote_stop();
- break;
- }
-
---
-2.43.0
-
hwmon-corsair-cpro-use-complete_all-instead-of-compl.patch
hwmon-corsair-cpro-protect-ccp-wait_input_report-wit.patch
phonet-fix-rtm_phonet_notify-skb-allocation.patch
-nfc-add-kcov-annotations.patch
-nfc-nci-fix-kcov-check-in-nci_rx_work.patch
net-bridge-fix-corrupted-ethernet-header-on-multicas.patch
ipv6-fib6_rules-avoid-possible-null-dereference-in-f.patch
net-hns3-pf-support-get-unicast-mac-address-space-as.patch
+++ /dev/null
-From 74ef6029843ddb909bd934c35f130e885761ce5c Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 30 Oct 2022 16:03:37 +0100
-Subject: nfc: Add KCOV annotations
-
-From: Dmitry Vyukov <dvyukov@google.com>
-
-[ Upstream commit 7e8cdc97148c6ba66671e88ad9f7d434f4df3438 ]
-
-Add remote KCOV annotations for NFC processing that is done
-in background threads. This enables efficient coverage-guided
-fuzzing of the NFC subsystem.
-
-The intention is to add annotations to background threads that
-process skb's that were allocated in syscall context
-(thus have a KCOV handle associated with the current fuzz test).
-This includes nci_recv_frame() that is called by the virtual nci
-driver in the syscall context.
-
-Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
-Cc: Bongsu Jeon <bongsu.jeon@samsung.com>
-Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
-Cc: netdev@vger.kernel.org
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Stable-dep-of: 19e35f24750d ("nfc: nci: Fix kcov check in nci_rx_work()")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/nfc/nci/core.c | 8 +++++++-
- net/nfc/nci/hci.c | 4 +++-
- net/nfc/rawsock.c | 3 +++
- 3 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
-index f76a2d8060340..772ddb5824d9e 100644
---- a/net/nfc/nci/core.c
-+++ b/net/nfc/nci/core.c
-@@ -24,6 +24,7 @@
- #include <linux/sched.h>
- #include <linux/bitops.h>
- #include <linux/skbuff.h>
-+#include <linux/kcov.h>
-
- #include "../nfc.h"
- #include <net/nfc/nci.h>
-@@ -1481,6 +1482,7 @@ static void nci_tx_work(struct work_struct *work)
- skb = skb_dequeue(&ndev->tx_q);
- if (!skb)
- return;
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- /* Check if data flow control is used */
- if (atomic_read(&conn_info->credits_cnt) !=
-@@ -1496,6 +1498,7 @@ static void nci_tx_work(struct work_struct *work)
-
- mod_timer(&ndev->data_timer,
- jiffies + msecs_to_jiffies(NCI_DATA_TIMEOUT));
-+ kcov_remote_stop();
- }
- }
-
-@@ -1506,7 +1509,8 @@ static void nci_rx_work(struct work_struct *work)
- struct nci_dev *ndev = container_of(work, struct nci_dev, rx_work);
- struct sk_buff *skb;
-
-- while ((skb = skb_dequeue(&ndev->rx_q))) {
-+ for (; (skb = skb_dequeue(&ndev->rx_q)); kcov_remote_stop()) {
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- /* Send copy to sniffer */
- nfc_send_to_raw_sock(ndev->nfc_dev, skb,
-@@ -1565,6 +1569,7 @@ static void nci_cmd_work(struct work_struct *work)
- if (!skb)
- return;
-
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
- atomic_dec(&ndev->cmd_cnt);
-
- pr_debug("NCI TX: MT=cmd, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n",
-@@ -1577,6 +1582,7 @@ static void nci_cmd_work(struct work_struct *work)
-
- mod_timer(&ndev->cmd_timer,
- jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT));
-+ kcov_remote_stop();
- }
- }
-
-diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c
-index 78c4b6addf15a..de175318a3a0f 100644
---- a/net/nfc/nci/hci.c
-+++ b/net/nfc/nci/hci.c
-@@ -14,6 +14,7 @@
- #include <net/nfc/nci.h>
- #include <net/nfc/nci_core.h>
- #include <linux/nfc.h>
-+#include <linux/kcov.h>
-
- struct nci_data {
- u8 conn_id;
-@@ -409,7 +410,8 @@ static void nci_hci_msg_rx_work(struct work_struct *work)
- const struct nci_hcp_message *message;
- u8 pipe, type, instruction;
-
-- while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) {
-+ for (; (skb = skb_dequeue(&hdev->msg_rx_queue)); kcov_remote_stop()) {
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
- pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]);
- skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN);
- message = (struct nci_hcp_message *)skb->data;
-diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
-index 8dd569765f96e..5125392bb68eb 100644
---- a/net/nfc/rawsock.c
-+++ b/net/nfc/rawsock.c
-@@ -12,6 +12,7 @@
- #include <net/tcp_states.h>
- #include <linux/nfc.h>
- #include <linux/export.h>
-+#include <linux/kcov.h>
-
- #include "nfc.h"
-
-@@ -189,6 +190,7 @@ static void rawsock_tx_work(struct work_struct *work)
- }
-
- skb = skb_dequeue(&sk->sk_write_queue);
-+ kcov_remote_start_common(skb_get_kcov_handle(skb));
-
- sock_hold(sk);
- rc = nfc_data_exchange(dev, target_idx, skb,
-@@ -197,6 +199,7 @@ static void rawsock_tx_work(struct work_struct *work)
- rawsock_report_error(sk, rc);
- sock_put(sk);
- }
-+ kcov_remote_stop();
- }
-
- static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
---
-2.43.0
-
+++ /dev/null
-From d7576a1fdc4a012705580b9db7c13de392458393 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 5 May 2024 19:36:49 +0900
-Subject: nfc: nci: Fix kcov check in nci_rx_work()
-
-From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-
-[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ]
-
-Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added
-kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(),
-with an assumption that kcov_remote_stop() is called upon continue of
-the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in
-nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before
-break of the for loop.
-
-Reported-by: syzbot <syzbot+0438378d6f157baae1a2@syzkaller.appspotmail.com>
-Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2
-Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
-Suggested-by: Andrey Konovalov <andreyknvl@gmail.com>
-Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
-Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
-Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp
-Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/nfc/nci/core.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
-index 772ddb5824d9e..5d708af0fcfd3 100644
---- a/net/nfc/nci/core.c
-+++ b/net/nfc/nci/core.c
-@@ -1518,6 +1518,7 @@ static void nci_rx_work(struct work_struct *work)
-
- if (!nci_plen(skb->data)) {
- kfree_skb(skb);
-+ kcov_remote_stop();
- break;
- }
-
---
-2.43.0
-
hwmon-corsair-cpro-use-complete_all-instead-of-compl.patch
hwmon-corsair-cpro-protect-ccp-wait_input_report-wit.patch
phonet-fix-rtm_phonet_notify-skb-allocation.patch
-nfc-add-kcov-annotations.patch
-nfc-nci-fix-kcov-check-in-nci_rx_work.patch
net-bridge-fix-corrupted-ethernet-header-on-multicas.patch
ipv6-fib6_rules-avoid-possible-null-dereference-in-f.patch
timers-get-rid-of-del_singleshot_timer_sync.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
