<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/net, branch v4.4.274</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY</title>
<updated>2021-06-30T12:49:38+00:00</updated>
<author>
<name>Esben Haabendal</name>
<email>esben@geanix.com</email>
</author>
<published>2021-06-18T10:52:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d527ab8b45cbeb686da3cd75b282f5ce6144350d'/>
<id>d527ab8b45cbeb686da3cd75b282f5ce6144350d</id>
<content type='text'>
[ Upstream commit f6396341194234e9b01cd7538bc2c6ac4501ab14 ]

As documented in Documentation/networking/driver.rst, the ndo_start_xmit
method must not return NETDEV_TX_BUSY under any normal circumstances, and
as recommended, we simply stop the tx queue in advance, when there is a
risk that the next xmit would cause a NETDEV_TX_BUSY return.

Signed-off-by: Esben Haabendal &lt;esben@geanix.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit f6396341194234e9b01cd7538bc2c6ac4501ab14 ]

As documented in Documentation/networking/driver.rst, the ndo_start_xmit
method must not return NETDEV_TX_BUSY under any normal circumstances, and
as recommended, we simply stop the tx queue in advance, when there is a
risk that the next xmit would cause a NETDEV_TX_BUSY return.

Signed-off-by: Esben Haabendal &lt;esben@geanix.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>r8169: Avoid memcpy() over-reading of ETH_SS_STATS</title>
<updated>2021-06-30T12:49:38+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2021-06-16T19:53:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=da5b3a5d48ec2c2f63b7526fc989ce8736dd63b3'/>
<id>da5b3a5d48ec2c2f63b7526fc989ce8736dd63b3</id>
<content type='text'>
[ Upstream commit da5ac772cfe2a03058b0accfac03fad60c46c24d ]

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit da5ac772cfe2a03058b0accfac03fad60c46c24d ]

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS</title>
<updated>2021-06-30T12:49:38+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2021-06-16T19:53:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a457d94e0e7b01f08f36a2e1640b34cc2f773211'/>
<id>a457d94e0e7b01f08f36a2e1640b34cc2f773211</id>
<content type='text'>
[ Upstream commit 224004fbb033600715dbd626bceec10bfd9c58bc ]

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 224004fbb033600715dbd626bceec10bfd9c58bc ]

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>r8152: Avoid memcpy() over-reading of ETH_SS_STATS</title>
<updated>2021-06-30T12:49:37+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2021-06-16T19:53:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f58b46f26ed581014dcbe6cc7480fc5d4ce2544c'/>
<id>f58b46f26ed581014dcbe6cc7480fc5d4ce2544c</id>
<content type='text'>
[ Upstream commit 99718abdc00e86e4f286dd836408e2834886c16e ]

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 99718abdc00e86e4f286dd836408e2834886c16e ]

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally reading across neighboring array fields.

The memcpy() is copying the entire structure, not just the first array.
Adjust the source argument so the compiler can do appropriate bounds
checking.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: caif: fix memory leak in ldisc_open</title>
<updated>2021-06-30T12:49:37+00:00</updated>
<author>
<name>Pavel Skripkin</name>
<email>paskripkin@gmail.com</email>
</author>
<published>2021-06-12T14:51:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dede006783102f26a49e9eb33fd673b2937ed692'/>
<id>dede006783102f26a49e9eb33fd673b2937ed692</id>
<content type='text'>
[ Upstream commit 58af3d3d54e87bfc1f936e16c04ade3369d34011 ]

Syzbot reported memory leak in tty_init_dev().
The problem was in unputted tty in ldisc_open()

static int ldisc_open(struct tty_struct *tty)
{
...
	ser-&gt;tty = tty_kref_get(tty);
...
	result = register_netdevice(dev);
	if (result) {
		rtnl_unlock();
		free_netdev(dev);
		return -ENODEV;
	}
...
}

Ser pointer is netdev private_data, so after free_netdev()
this pointer goes away with unputted tty reference. So, fix
it by adding tty_kref_put() before freeing netdev.

Reported-and-tested-by: syzbot+f303e045423e617d2cad@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin &lt;paskripkin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 58af3d3d54e87bfc1f936e16c04ade3369d34011 ]

Syzbot reported memory leak in tty_init_dev().
The problem was in unputted tty in ldisc_open()

static int ldisc_open(struct tty_struct *tty)
{
...
	ser-&gt;tty = tty_kref_get(tty);
...
	result = register_netdevice(dev);
	if (result) {
		rtnl_unlock();
		free_netdev(dev);
		return -ENODEV;
	}
...
}

Ser pointer is netdev private_data, so after free_netdev()
this pointer goes away with unputted tty reference. So, fix
it by adding tty_kref_put() before freeing netdev.

Reported-and-tested-by: syzbot+f303e045423e617d2cad@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin &lt;paskripkin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: fec_ptp: add clock rate zero check</title>
<updated>2021-06-30T12:49:35+00:00</updated>
<author>
<name>Fugang Duan</name>
<email>fugang.duan@nxp.com</email>
</author>
<published>2021-06-16T09:14:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d35c6cec87ae26ff982a2ffbbc34989e659cb825'/>
<id>d35c6cec87ae26ff982a2ffbbc34989e659cb825</id>
<content type='text'>
commit cb3cefe3f3f8af27c6076ef7d1f00350f502055d upstream.

Add clock rate zero check to fix coverity issue of "divide by 0".

Fixes: commit 85bd1798b24a ("net: fec: fix spin_lock dead lock")
Signed-off-by: Fugang Duan &lt;fugang.duan@nxp.com&gt;
Signed-off-by: Joakim Zhang &lt;qiangqing.zhang@nxp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit cb3cefe3f3f8af27c6076ef7d1f00350f502055d upstream.

Add clock rate zero check to fix coverity issue of "divide by 0".

Fixes: commit 85bd1798b24a ("net: fec: fix spin_lock dead lock")
Signed-off-by: Fugang Duan &lt;fugang.duan@nxp.com&gt;
Signed-off-by: Joakim Zhang &lt;qiangqing.zhang@nxp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: ethernet: fix potential use-after-free in ec_bhf_remove</title>
<updated>2021-06-30T12:49:34+00:00</updated>
<author>
<name>Pavel Skripkin</name>
<email>paskripkin@gmail.com</email>
</author>
<published>2021-06-18T13:49:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=db2bc3cfd2bc01621014d4f17cdfc74611f339c8'/>
<id>db2bc3cfd2bc01621014d4f17cdfc74611f339c8</id>
<content type='text'>
[ Upstream commit 9cca0c2d70149160407bda9a9446ce0c29b6e6c6 ]

static void ec_bhf_remove(struct pci_dev *dev)
{
...
	struct ec_bhf_priv *priv = netdev_priv(net_dev);

	unregister_netdev(net_dev);
	free_netdev(net_dev);

	pci_iounmap(dev, priv-&gt;dma_io);
	pci_iounmap(dev, priv-&gt;io);
...
}

priv is netdev private data, but it is used
after free_netdev(). It can cause use-after-free when accessing priv
pointer. So, fix it by moving free_netdev() after pci_iounmap()
calls.

Fixes: 6af55ff52b02 ("Driver for Beckhoff CX5020 EtherCAT master module.")
Signed-off-by: Pavel Skripkin &lt;paskripkin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 9cca0c2d70149160407bda9a9446ce0c29b6e6c6 ]

static void ec_bhf_remove(struct pci_dev *dev)
{
...
	struct ec_bhf_priv *priv = netdev_priv(net_dev);

	unregister_netdev(net_dev);
	free_netdev(net_dev);

	pci_iounmap(dev, priv-&gt;dma_io);
	pci_iounmap(dev, priv-&gt;io);
...
}

priv is netdev private data, but it is used
after free_netdev(). It can cause use-after-free when accessing priv
pointer. So, fix it by moving free_netdev() after pci_iounmap()
calls.

Fixes: 6af55ff52b02 ("Driver for Beckhoff CX5020 EtherCAT master module.")
Signed-off-by: Pavel Skripkin &lt;paskripkin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: cdc_eem: fix tx fixup skb leak</title>
<updated>2021-06-30T12:49:34+00:00</updated>
<author>
<name>Linyu Yuan</name>
<email>linyyuan@codeaurora.org</email>
</author>
<published>2021-06-16T23:32:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f12554b0ff639e74612cc01b3b4a049e098d2d65'/>
<id>f12554b0ff639e74612cc01b3b4a049e098d2d65</id>
<content type='text'>
[ Upstream commit c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7 ]

when usbnet transmit a skb, eem fixup it in eem_tx_fixup(),
if skb_copy_expand() failed, it return NULL,
usbnet_start_xmit() will have no chance to free original skb.

fix it by free orginal skb in eem_tx_fixup() first,
then check skb clone status, if failed, return NULL to usbnet.

Fixes: 9f722c0978b0 ("usbnet: CDC EEM support (v5)")
Signed-off-by: Linyu Yuan &lt;linyyuan@codeaurora.org&gt;
Reviewed-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7 ]

when usbnet transmit a skb, eem fixup it in eem_tx_fixup(),
if skb_copy_expand() failed, it return NULL,
usbnet_start_xmit() will have no chance to free original skb.

fix it by free orginal skb in eem_tx_fixup() first,
then check skb clone status, if failed, return NULL to usbnet.

Fixes: 9f722c0978b0 ("usbnet: CDC EEM support (v5)")
Signed-off-by: Linyu Yuan &lt;linyyuan@codeaurora.org&gt;
Reviewed-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: hamradio: fix memory leak in mkiss_close</title>
<updated>2021-06-30T12:49:34+00:00</updated>
<author>
<name>Pavel Skripkin</name>
<email>paskripkin@gmail.com</email>
</author>
<published>2021-06-16T19:09:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c634ba0b4159838ff45a60d3a0ace3b4118077a5'/>
<id>c634ba0b4159838ff45a60d3a0ace3b4118077a5</id>
<content type='text'>
[ Upstream commit 7edcc682301492380fbdd604b4516af5ae667a13 ]

My local syzbot instance hit memory leak in
mkiss_open()[1]. The problem was in missing
free_netdev() in mkiss_close().

In mkiss_open() netdevice is allocated and then
registered, but in mkiss_close() netdevice was
only unregistered, but not freed.

Fail log:

BUG: memory leak
unreferenced object 0xffff8880281ba000 (size 4096):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00  ax0.............
    00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00  .'.*............
  backtrace:
    [&lt;ffffffff81a27201&gt;] kvmalloc_node+0x61/0xf0
    [&lt;ffffffff8706e7e8&gt;] alloc_netdev_mqs+0x98/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8880141a9a00 (size 96):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff  ...(.......(....
    98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00  .....@..........
  backtrace:
    [&lt;ffffffff8709f68b&gt;] __hw_addr_create_ex+0x5b/0x310
    [&lt;ffffffff8709fb38&gt;] __hw_addr_add_ex+0x1f8/0x2b0
    [&lt;ffffffff870a0c7b&gt;] dev_addr_init+0x10b/0x1f0
    [&lt;ffffffff8706e88b&gt;] alloc_netdev_mqs+0x13b/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8880219bfc00 (size 512):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff  ...(............
    80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff81a27201&gt;] kvmalloc_node+0x61/0xf0
    [&lt;ffffffff8706eec7&gt;] alloc_netdev_mqs+0x777/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888029b2b200 (size 256):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff81a27201&gt;] kvmalloc_node+0x61/0xf0
    [&lt;ffffffff8706f062&gt;] alloc_netdev_mqs+0x912/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 815f62bf7427 ("[PATCH] SMP rewrite of mkiss")
Signed-off-by: Pavel Skripkin &lt;paskripkin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 7edcc682301492380fbdd604b4516af5ae667a13 ]

My local syzbot instance hit memory leak in
mkiss_open()[1]. The problem was in missing
free_netdev() in mkiss_close().

In mkiss_open() netdevice is allocated and then
registered, but in mkiss_close() netdevice was
only unregistered, but not freed.

Fail log:

BUG: memory leak
unreferenced object 0xffff8880281ba000 (size 4096):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00  ax0.............
    00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00  .'.*............
  backtrace:
    [&lt;ffffffff81a27201&gt;] kvmalloc_node+0x61/0xf0
    [&lt;ffffffff8706e7e8&gt;] alloc_netdev_mqs+0x98/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8880141a9a00 (size 96):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff  ...(.......(....
    98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00  .....@..........
  backtrace:
    [&lt;ffffffff8709f68b&gt;] __hw_addr_create_ex+0x5b/0x310
    [&lt;ffffffff8709fb38&gt;] __hw_addr_add_ex+0x1f8/0x2b0
    [&lt;ffffffff870a0c7b&gt;] dev_addr_init+0x10b/0x1f0
    [&lt;ffffffff8706e88b&gt;] alloc_netdev_mqs+0x13b/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8880219bfc00 (size 512):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff  ...(............
    80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff81a27201&gt;] kvmalloc_node+0x61/0xf0
    [&lt;ffffffff8706eec7&gt;] alloc_netdev_mqs+0x777/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888029b2b200 (size 256):
  comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff81a27201&gt;] kvmalloc_node+0x61/0xf0
    [&lt;ffffffff8706f062&gt;] alloc_netdev_mqs+0x912/0xe80
    [&lt;ffffffff84e64192&gt;] mkiss_open+0xb2/0x6f0 [1]
    [&lt;ffffffff842355db&gt;] tty_ldisc_open+0x9b/0x110
    [&lt;ffffffff84236488&gt;] tty_set_ldisc+0x2e8/0x670
    [&lt;ffffffff8421f7f3&gt;] tty_ioctl+0xda3/0x1440
    [&lt;ffffffff81c9f273&gt;] __x64_sys_ioctl+0x193/0x200
    [&lt;ffffffff8911263a&gt;] do_syscall_64+0x3a/0xb0
    [&lt;ffffffff89200068&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 815f62bf7427 ("[PATCH] SMP rewrite of mkiss")
Signed-off-by: Pavel Skripkin &lt;paskripkin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>be2net: Fix an error handling path in 'be_probe()'</title>
<updated>2021-06-30T12:49:33+00:00</updated>
<author>
<name>Christophe JAILLET</name>
<email>christophe.jaillet@wanadoo.fr</email>
</author>
<published>2021-06-16T18:43:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2a36a6153f1fd392e0f49e5b9451c4965f9e0daa'/>
<id>2a36a6153f1fd392e0f49e5b9451c4965f9e0daa</id>
<content type='text'>
[ Upstream commit c19c8c0e666f9259e2fc4d2fa4b9ff8e3b40ee5d ]

If an error occurs after a 'pci_enable_pcie_error_reporting()' call, it
must be undone by a corresponding 'pci_disable_pcie_error_reporting()'
call, as already done in the remove function.

Fixes: d6b6d9877878 ("be2net: use PCIe AER capability")
Signed-off-by: Christophe JAILLET &lt;christophe.jaillet@wanadoo.fr&gt;
Acked-by: Somnath Kotur &lt;somnath.kotur@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c19c8c0e666f9259e2fc4d2fa4b9ff8e3b40ee5d ]

If an error occurs after a 'pci_enable_pcie_error_reporting()' call, it
must be undone by a corresponding 'pci_disable_pcie_error_reporting()'
call, as already done in the remove function.

Fixes: d6b6d9877878 ("be2net: use PCIe AER capability")
Signed-off-by: Christophe JAILLET &lt;christophe.jaillet@wanadoo.fr&gt;
Acked-by: Somnath Kotur &lt;somnath.kotur@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
