From: Sasha Levin Date: Sat, 11 May 2024 13:04:59 +0000 (-0400) Subject: Drop nfc patches from older trees X-Git-Tag: v4.19.314~90 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=392a942211a0e4fabc5ef26c1e84a0001e36dc45;p=thirdparty%2Fkernel%2Fstable-queue.git Drop nfc patches from older trees --- diff --git a/queue-5.10/nfc-add-kcov-annotations.patch b/queue-5.10/nfc-add-kcov-annotations.patch deleted file mode 100644 index c8db9a4f1b7..00000000000 --- a/queue-5.10/nfc-add-kcov-annotations.patch +++ /dev/null @@ -1,139 +0,0 @@ -From ac5222464465454623afe79cb1926e6f0ce077aa Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 30 Oct 2022 16:03:37 +0100 -Subject: nfc: Add KCOV annotations - -From: Dmitry Vyukov - -[ Upstream commit 7e8cdc97148c6ba66671e88ad9f7d434f4df3438 ] - -Add remote KCOV annotations for NFC processing that is done -in background threads. This enables efficient coverage-guided -fuzzing of the NFC subsystem. - -The intention is to add annotations to background threads that -process skb's that were allocated in syscall context -(thus have a KCOV handle associated with the current fuzz test). -This includes nci_recv_frame() that is called by the virtual nci -driver in the syscall context. - -Signed-off-by: Dmitry Vyukov -Cc: Bongsu Jeon -Cc: Krzysztof Kozlowski -Cc: netdev@vger.kernel.org -Signed-off-by: David S. Miller -Stable-dep-of: 19e35f24750d ("nfc: nci: Fix kcov check in nci_rx_work()") -Signed-off-by: Sasha Levin ---- - net/nfc/nci/core.c | 8 +++++++- - net/nfc/nci/hci.c | 4 +++- - net/nfc/rawsock.c | 3 +++ - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c -index d8002065baaef..a5dbd0a43a186 100644 ---- a/net/nfc/nci/core.c -+++ b/net/nfc/nci/core.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #include "../nfc.h" - #include -@@ -1471,6 +1472,7 @@ static void nci_tx_work(struct work_struct *work) - skb = skb_dequeue(&ndev->tx_q); - if (!skb) - return; -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - /* Check if data flow control is used */ - if (atomic_read(&conn_info->credits_cnt) != -@@ -1486,6 +1488,7 @@ static void nci_tx_work(struct work_struct *work) - - mod_timer(&ndev->data_timer, - jiffies + msecs_to_jiffies(NCI_DATA_TIMEOUT)); -+ kcov_remote_stop(); - } - } - -@@ -1496,7 +1499,8 @@ static void nci_rx_work(struct work_struct *work) - struct nci_dev *ndev = container_of(work, struct nci_dev, rx_work); - struct sk_buff *skb; - -- while ((skb = skb_dequeue(&ndev->rx_q))) { -+ for (; (skb = skb_dequeue(&ndev->rx_q)); kcov_remote_stop()) { -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - /* Send copy to sniffer */ - nfc_send_to_raw_sock(ndev->nfc_dev, skb, -@@ -1555,6 +1559,7 @@ static void nci_cmd_work(struct work_struct *work) - if (!skb) - return; - -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - atomic_dec(&ndev->cmd_cnt); - - pr_debug("NCI TX: MT=cmd, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n", -@@ -1567,6 +1572,7 @@ static void nci_cmd_work(struct work_struct *work) - - mod_timer(&ndev->cmd_timer, - jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT)); -+ kcov_remote_stop(); - } - } - -diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c -index 4fe336ff2bfa1..05546c6e035f0 100644 ---- a/net/nfc/nci/hci.c -+++ b/net/nfc/nci/hci.c -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - - struct nci_data { - u8 conn_id; -@@ -414,7 +415,8 @@ static void nci_hci_msg_rx_work(struct work_struct *work) - struct nci_hcp_message *message; - u8 pipe, type, instruction; - -- while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) { -+ for (; (skb = skb_dequeue(&hdev->msg_rx_queue)); kcov_remote_stop()) { -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]); - skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN); - message = (struct nci_hcp_message *)skb->data; -diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c -index 5f1d438a0a23f..8cdaebf81f20b 100644 ---- a/net/nfc/rawsock.c -+++ b/net/nfc/rawsock.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - #include "nfc.h" - -@@ -189,6 +190,7 @@ static void rawsock_tx_work(struct work_struct *work) - } - - skb = skb_dequeue(&sk->sk_write_queue); -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - sock_hold(sk); - rc = nfc_data_exchange(dev, target_idx, skb, -@@ -197,6 +199,7 @@ static void rawsock_tx_work(struct work_struct *work) - rawsock_report_error(sk, rc); - sock_put(sk); - } -+ kcov_remote_stop(); - } - - static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) --- -2.43.0 - diff --git a/queue-5.10/nfc-nci-fix-kcov-check-in-nci_rx_work.patch b/queue-5.10/nfc-nci-fix-kcov-check-in-nci_rx_work.patch deleted file mode 100644 index 64f09b38ab2..00000000000 --- a/queue-5.10/nfc-nci-fix-kcov-check-in-nci_rx_work.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a2bfe7a7bf93b563e6966f23080d5df6c905649b Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 5 May 2024 19:36:49 +0900 -Subject: nfc: nci: Fix kcov check in nci_rx_work() - -From: Tetsuo Handa - -[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ] - -Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added -kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(), -with an assumption that kcov_remote_stop() is called upon continue of -the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in -nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before -break of the for loop. - -Reported-by: syzbot -Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 -Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") -Suggested-by: Andrey Konovalov -Signed-off-by: Tetsuo Handa -Reviewed-by: Krzysztof Kozlowski -Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp -Signed-off-by: Jakub Kicinski -Signed-off-by: Sasha Levin ---- - net/nfc/nci/core.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c -index a5dbd0a43a186..cc40f6ebd96a6 100644 ---- a/net/nfc/nci/core.c -+++ b/net/nfc/nci/core.c -@@ -1508,6 +1508,7 @@ static void nci_rx_work(struct work_struct *work) - - if (!nci_plen(skb->data)) { - kfree_skb(skb); -+ kcov_remote_stop(); - break; - } - --- -2.43.0 - diff --git a/queue-5.10/series b/queue-5.10/series index 440b41fdad9..fda11fc3eec 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -85,8 +85,6 @@ hwmon-corsair-cpro-use-complete_all-instead-of-compl.patch hwmon-corsair-cpro-protect-ccp-wait_input_report-wit.patch phonet-fix-rtm_phonet_notify-skb-allocation.patch kcov-remove-kcov-include-from-sched.h-and-move-it-to.patch -nfc-add-kcov-annotations.patch -nfc-nci-fix-kcov-check-in-nci_rx_work.patch net-bridge-fix-corrupted-ethernet-header-on-multicas.patch ipv6-fib6_rules-avoid-possible-null-dereference-in-f.patch net-hns3-use-appropriate-barrier-function-after-sett.patch diff --git a/queue-5.15/nfc-add-kcov-annotations.patch b/queue-5.15/nfc-add-kcov-annotations.patch deleted file mode 100644 index 659ed1454b9..00000000000 --- a/queue-5.15/nfc-add-kcov-annotations.patch +++ /dev/null @@ -1,139 +0,0 @@ -From eee1d2cff6a400ff92406ab864b2f5f156008e16 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 30 Oct 2022 16:03:37 +0100 -Subject: nfc: Add KCOV annotations - -From: Dmitry Vyukov - -[ Upstream commit 7e8cdc97148c6ba66671e88ad9f7d434f4df3438 ] - -Add remote KCOV annotations for NFC processing that is done -in background threads. This enables efficient coverage-guided -fuzzing of the NFC subsystem. - -The intention is to add annotations to background threads that -process skb's that were allocated in syscall context -(thus have a KCOV handle associated with the current fuzz test). -This includes nci_recv_frame() that is called by the virtual nci -driver in the syscall context. - -Signed-off-by: Dmitry Vyukov -Cc: Bongsu Jeon -Cc: Krzysztof Kozlowski -Cc: netdev@vger.kernel.org -Signed-off-by: David S. Miller -Stable-dep-of: 19e35f24750d ("nfc: nci: Fix kcov check in nci_rx_work()") -Signed-off-by: Sasha Levin ---- - net/nfc/nci/core.c | 8 +++++++- - net/nfc/nci/hci.c | 4 +++- - net/nfc/rawsock.c | 3 +++ - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c -index 2a821f2b2ffe8..20e01f20fdcb1 100644 ---- a/net/nfc/nci/core.c -+++ b/net/nfc/nci/core.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #include "../nfc.h" - #include -@@ -1485,6 +1486,7 @@ static void nci_tx_work(struct work_struct *work) - skb = skb_dequeue(&ndev->tx_q); - if (!skb) - return; -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - /* Check if data flow control is used */ - if (atomic_read(&conn_info->credits_cnt) != -@@ -1500,6 +1502,7 @@ static void nci_tx_work(struct work_struct *work) - - mod_timer(&ndev->data_timer, - jiffies + msecs_to_jiffies(NCI_DATA_TIMEOUT)); -+ kcov_remote_stop(); - } - } - -@@ -1510,7 +1513,8 @@ static void nci_rx_work(struct work_struct *work) - struct nci_dev *ndev = container_of(work, struct nci_dev, rx_work); - struct sk_buff *skb; - -- while ((skb = skb_dequeue(&ndev->rx_q))) { -+ for (; (skb = skb_dequeue(&ndev->rx_q)); kcov_remote_stop()) { -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - /* Send copy to sniffer */ - nfc_send_to_raw_sock(ndev->nfc_dev, skb, -@@ -1569,6 +1573,7 @@ static void nci_cmd_work(struct work_struct *work) - if (!skb) - return; - -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - atomic_dec(&ndev->cmd_cnt); - - pr_debug("NCI TX: MT=cmd, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n", -@@ -1581,6 +1586,7 @@ static void nci_cmd_work(struct work_struct *work) - - mod_timer(&ndev->cmd_timer, - jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT)); -+ kcov_remote_stop(); - } - } - -diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c -index 85b808fdcbc3a..7ac5c03176843 100644 ---- a/net/nfc/nci/hci.c -+++ b/net/nfc/nci/hci.c -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - - struct nci_data { - u8 conn_id; -@@ -409,7 +410,8 @@ static void nci_hci_msg_rx_work(struct work_struct *work) - const struct nci_hcp_message *message; - u8 pipe, type, instruction; - -- while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) { -+ for (; (skb = skb_dequeue(&hdev->msg_rx_queue)); kcov_remote_stop()) { -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]); - skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN); - message = (struct nci_hcp_message *)skb->data; -diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c -index 0ca214ab5aeff..88e37a14a7e69 100644 ---- a/net/nfc/rawsock.c -+++ b/net/nfc/rawsock.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - #include "nfc.h" - -@@ -189,6 +190,7 @@ static void rawsock_tx_work(struct work_struct *work) - } - - skb = skb_dequeue(&sk->sk_write_queue); -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - sock_hold(sk); - rc = nfc_data_exchange(dev, target_idx, skb, -@@ -197,6 +199,7 @@ static void rawsock_tx_work(struct work_struct *work) - rawsock_report_error(sk, rc); - sock_put(sk); - } -+ kcov_remote_stop(); - } - - static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) --- -2.43.0 - diff --git a/queue-5.15/nfc-nci-fix-kcov-check-in-nci_rx_work.patch b/queue-5.15/nfc-nci-fix-kcov-check-in-nci_rx_work.patch deleted file mode 100644 index 97e77f88e61..00000000000 --- a/queue-5.15/nfc-nci-fix-kcov-check-in-nci_rx_work.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e943d3612f48832ca87cd787410b8e4772a43a67 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 5 May 2024 19:36:49 +0900 -Subject: nfc: nci: Fix kcov check in nci_rx_work() - -From: Tetsuo Handa - -[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ] - -Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added -kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(), -with an assumption that kcov_remote_stop() is called upon continue of -the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in -nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before -break of the for loop. - -Reported-by: syzbot -Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 -Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") -Suggested-by: Andrey Konovalov -Signed-off-by: Tetsuo Handa -Reviewed-by: Krzysztof Kozlowski -Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp -Signed-off-by: Jakub Kicinski -Signed-off-by: Sasha Levin ---- - net/nfc/nci/core.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c -index 20e01f20fdcb1..d26c21df0d283 100644 ---- a/net/nfc/nci/core.c -+++ b/net/nfc/nci/core.c -@@ -1522,6 +1522,7 @@ static void nci_rx_work(struct work_struct *work) - - if (!nci_plen(skb->data)) { - kfree_skb(skb); -+ kcov_remote_stop(); - break; - } - --- -2.43.0 - diff --git a/queue-5.15/series b/queue-5.15/series index dde9e0f171c..4d8b4b628f8 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -117,8 +117,6 @@ hwmon-corsair-cpro-use-a-separate-buffer-for-sending.patch hwmon-corsair-cpro-use-complete_all-instead-of-compl.patch hwmon-corsair-cpro-protect-ccp-wait_input_report-wit.patch phonet-fix-rtm_phonet_notify-skb-allocation.patch -nfc-add-kcov-annotations.patch -nfc-nci-fix-kcov-check-in-nci_rx_work.patch net-bridge-fix-corrupted-ethernet-header-on-multicas.patch ipv6-fib6_rules-avoid-possible-null-dereference-in-f.patch net-hns3-pf-support-get-unicast-mac-address-space-as.patch diff --git a/queue-6.1/nfc-add-kcov-annotations.patch b/queue-6.1/nfc-add-kcov-annotations.patch deleted file mode 100644 index 79b88e15614..00000000000 --- a/queue-6.1/nfc-add-kcov-annotations.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 74ef6029843ddb909bd934c35f130e885761ce5c Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 30 Oct 2022 16:03:37 +0100 -Subject: nfc: Add KCOV annotations - -From: Dmitry Vyukov - -[ Upstream commit 7e8cdc97148c6ba66671e88ad9f7d434f4df3438 ] - -Add remote KCOV annotations for NFC processing that is done -in background threads. This enables efficient coverage-guided -fuzzing of the NFC subsystem. - -The intention is to add annotations to background threads that -process skb's that were allocated in syscall context -(thus have a KCOV handle associated with the current fuzz test). -This includes nci_recv_frame() that is called by the virtual nci -driver in the syscall context. - -Signed-off-by: Dmitry Vyukov -Cc: Bongsu Jeon -Cc: Krzysztof Kozlowski -Cc: netdev@vger.kernel.org -Signed-off-by: David S. Miller -Stable-dep-of: 19e35f24750d ("nfc: nci: Fix kcov check in nci_rx_work()") -Signed-off-by: Sasha Levin ---- - net/nfc/nci/core.c | 8 +++++++- - net/nfc/nci/hci.c | 4 +++- - net/nfc/rawsock.c | 3 +++ - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c -index f76a2d8060340..772ddb5824d9e 100644 ---- a/net/nfc/nci/core.c -+++ b/net/nfc/nci/core.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #include "../nfc.h" - #include -@@ -1481,6 +1482,7 @@ static void nci_tx_work(struct work_struct *work) - skb = skb_dequeue(&ndev->tx_q); - if (!skb) - return; -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - /* Check if data flow control is used */ - if (atomic_read(&conn_info->credits_cnt) != -@@ -1496,6 +1498,7 @@ static void nci_tx_work(struct work_struct *work) - - mod_timer(&ndev->data_timer, - jiffies + msecs_to_jiffies(NCI_DATA_TIMEOUT)); -+ kcov_remote_stop(); - } - } - -@@ -1506,7 +1509,8 @@ static void nci_rx_work(struct work_struct *work) - struct nci_dev *ndev = container_of(work, struct nci_dev, rx_work); - struct sk_buff *skb; - -- while ((skb = skb_dequeue(&ndev->rx_q))) { -+ for (; (skb = skb_dequeue(&ndev->rx_q)); kcov_remote_stop()) { -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - /* Send copy to sniffer */ - nfc_send_to_raw_sock(ndev->nfc_dev, skb, -@@ -1565,6 +1569,7 @@ static void nci_cmd_work(struct work_struct *work) - if (!skb) - return; - -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - atomic_dec(&ndev->cmd_cnt); - - pr_debug("NCI TX: MT=cmd, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n", -@@ -1577,6 +1582,7 @@ static void nci_cmd_work(struct work_struct *work) - - mod_timer(&ndev->cmd_timer, - jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT)); -+ kcov_remote_stop(); - } - } - -diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c -index 78c4b6addf15a..de175318a3a0f 100644 ---- a/net/nfc/nci/hci.c -+++ b/net/nfc/nci/hci.c -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - - struct nci_data { - u8 conn_id; -@@ -409,7 +410,8 @@ static void nci_hci_msg_rx_work(struct work_struct *work) - const struct nci_hcp_message *message; - u8 pipe, type, instruction; - -- while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) { -+ for (; (skb = skb_dequeue(&hdev->msg_rx_queue)); kcov_remote_stop()) { -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]); - skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN); - message = (struct nci_hcp_message *)skb->data; -diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c -index 8dd569765f96e..5125392bb68eb 100644 ---- a/net/nfc/rawsock.c -+++ b/net/nfc/rawsock.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - #include "nfc.h" - -@@ -189,6 +190,7 @@ static void rawsock_tx_work(struct work_struct *work) - } - - skb = skb_dequeue(&sk->sk_write_queue); -+ kcov_remote_start_common(skb_get_kcov_handle(skb)); - - sock_hold(sk); - rc = nfc_data_exchange(dev, target_idx, skb, -@@ -197,6 +199,7 @@ static void rawsock_tx_work(struct work_struct *work) - rawsock_report_error(sk, rc); - sock_put(sk); - } -+ kcov_remote_stop(); - } - - static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) --- -2.43.0 - diff --git a/queue-6.1/nfc-nci-fix-kcov-check-in-nci_rx_work.patch b/queue-6.1/nfc-nci-fix-kcov-check-in-nci_rx_work.patch deleted file mode 100644 index 61edf5b6c7f..00000000000 --- a/queue-6.1/nfc-nci-fix-kcov-check-in-nci_rx_work.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d7576a1fdc4a012705580b9db7c13de392458393 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sun, 5 May 2024 19:36:49 +0900 -Subject: nfc: nci: Fix kcov check in nci_rx_work() - -From: Tetsuo Handa - -[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ] - -Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added -kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(), -with an assumption that kcov_remote_stop() is called upon continue of -the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in -nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before -break of the for loop. - -Reported-by: syzbot -Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 -Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") -Suggested-by: Andrey Konovalov -Signed-off-by: Tetsuo Handa -Reviewed-by: Krzysztof Kozlowski -Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp -Signed-off-by: Jakub Kicinski -Signed-off-by: Sasha Levin ---- - net/nfc/nci/core.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c -index 772ddb5824d9e..5d708af0fcfd3 100644 ---- a/net/nfc/nci/core.c -+++ b/net/nfc/nci/core.c -@@ -1518,6 +1518,7 @@ static void nci_rx_work(struct work_struct *work) - - if (!nci_plen(skb->data)) { - kfree_skb(skb); -+ kcov_remote_stop(); - break; - } - --- -2.43.0 - diff --git a/queue-6.1/series b/queue-6.1/series index 4834621e10b..23ff0ba4fc3 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -158,8 +158,6 @@ hwmon-corsair-cpro-use-a-separate-buffer-for-sending.patch hwmon-corsair-cpro-use-complete_all-instead-of-compl.patch hwmon-corsair-cpro-protect-ccp-wait_input_report-wit.patch phonet-fix-rtm_phonet_notify-skb-allocation.patch -nfc-add-kcov-annotations.patch -nfc-nci-fix-kcov-check-in-nci_rx_work.patch net-bridge-fix-corrupted-ethernet-header-on-multicas.patch ipv6-fib6_rules-avoid-possible-null-dereference-in-f.patch timers-get-rid-of-del_singleshot_timer_sync.patch