linux/drivers
Linus Torvalds 0d21e66847 aio poll fixes for 5.16-rc5
Fix three bugs in aio poll, and one issue with POLLFREE more broadly:
 
   - aio poll didn't handle POLLFREE, causing a use-after-free.
   - aio poll could block while the file is ready.
   - aio poll called eventfd_signal() when it isn't allowed.
   - POLLFREE didn't handle multiple exclusive waiters correctly.
 
 This has been tested with the libaio test suite, as well as with test
 programs I wrote that reproduce the first two bugs.  I am sending this
 pull request myself as no one seems to be maintaining this code.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQSacvsUNc7UX4ntmEPzXCl4vpKOKwUCYbObthQcZWJpZ2dlcnNA
 Z29vZ2xlLmNvbQAKCRDzXCl4vpKOK+3mAQC9W8ApzBleEPI6FXzIIo5AiQT/2jGl
 7FbO1MtkdUBU4QEAzf+VWl4Z4BJTgxl44avRdVDpXGAMnbWkd7heY+e3HwA=
 =mp+r
 -----END PGP SIGNATURE-----

Merge tag 'aio-poll-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux

Pull aio poll fixes from Eric Biggers:
 "Fix three bugs in aio poll, and one issue with POLLFREE more broadly:

   - aio poll didn't handle POLLFREE, causing a use-after-free.

   - aio poll could block while the file is ready.

   - aio poll called eventfd_signal() when it isn't allowed.

   - POLLFREE didn't handle multiple exclusive waiters correctly.

  This has been tested with the libaio test suite, as well as with test
  programs I wrote that reproduce the first two bugs. I am sending this
  pull request myself as no one seems to be maintaining this code"

* tag 'aio-poll-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux:
  aio: Fix incorrect usage of eventfd_signal_allowed()
  aio: fix use-after-free due to missing POLLFREE handling
  aio: keep poll requests on waitqueue until completed
  signalfd: use wake_up_pollfree()
  binder: use wake_up_pollfree()
  wait: add wake_up_pollfree()
2021-12-10 14:15:39 -08:00
..
accessibility
acpi Merge branch 'acpi-properties' 2021-11-26 19:45:31 +01:00
amba ARM: 9119/1: amba: Properly handle device probe without IRQ domain 2021-10-19 10:30:53 +01:00
android binder: use wake_up_pollfree() 2021-12-09 10:49:56 -08:00
ata libata: add horkage for ASMedia 1092 2021-12-09 11:20:47 +09:00
atm
auxdisplay auxdisplay: cfag12864bfb: code indent should use tabs where possible 2021-10-22 00:13:16 +02:00
base arch_topology: Fix missing clear cluster_cpumask in remove_cpu_topology() 2021-11-11 13:09:33 +01:00
bcma pci-v5.16-changes 2021-11-06 14:36:12 -07:00
block block-5.16-2021-12-03 2021-12-04 08:38:25 -08:00
bluetooth TTY / Serial driver update for 5.16-rc1 2021-11-04 09:09:37 -07:00
bus - Config updates for BMIPS platform 2021-11-13 09:11:33 -08:00
cdrom for-5.16/cdrom-2021-10-29 2021-11-01 10:09:14 -07:00
char parisc architecture bug and warning fixes for kernel v5.16-rc4 2021-12-05 12:58:18 -08:00
clk Devicetree fixes for v5.16, take 1: 2021-11-14 11:11:51 -08:00
clocksource ARM: 2021-11-02 11:24:14 -07:00
comedi comedi: dt9812: fix DMA buffers on stack 2021-10-30 10:54:47 +02:00
connector
counter counter: Fix use-after-free race condition for events_queue_size write 2021-10-21 13:02:47 +02:00
cpufreq cpufreq: Fix a comment in cpufreq_policy_free 2021-12-01 20:02:11 +01:00
cpuidle ARM: SoC drivers for 5.16 2021-11-03 17:00:52 -07:00
crypto pci-v5.16-changes 2021-11-06 14:36:12 -07:00
cxl cxl for v5.16 2021-11-08 11:49:48 -08:00
dax
dca
devfreq Merge branches 'pm-opp' and 'pm-cpufreq' 2021-11-10 14:06:51 +01:00
dio
dma dmaengine updates for v5.16-rc1 2021-11-10 11:47:55 -08:00
dma-buf dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow 2021-12-01 15:30:10 +05:30
edac - amd64_edac: Add support for three-rank interleaving mode which is 2021-11-01 15:02:49 -07:00
eisa
extcon extcon: usbc-tusb320: Add support for TUSB320L 2021-10-27 14:13:39 +09:00
firewire SCSI misc on 20211105 2021-11-05 08:42:02 -07:00
firmware firmware: smccc: Fix check for ARCH_SOC_ID not implemented 2021-11-22 11:42:59 +01:00
fpga
fsi fsi: sbefifo: Use interruptible mutex locking 2021-10-22 09:54:33 +10:30
gnss
gpio gpio: rockchip: needs GENERIC_IRQ_CHIP to fix build errors 2021-11-16 09:41:44 +01:00
gpu drm fixes for 5.16-rc5 2021-12-10 11:29:53 -08:00
greybus
hid HID: Ignore battery for Elan touchscreen on Asus UX550VE 2021-12-08 18:16:07 +01:00
hsi HSI changes for the 5.16 series 2021-11-04 13:56:55 -07:00
hv Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size 2021-11-15 12:35:56 +00:00
hwmon Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
hwspinlock
hwtracing coresight: trbe: Work around write to out of range 2021-10-27 11:46:01 -06:00
i2c i2c: rk3x: Handle a spurious start completion interrupt flag 2021-11-30 22:38:15 +01:00
i3c
idle
iio chrome platform changes for 5.16 2021-11-10 11:36:43 -08:00
infiniband RDMA/irdma: Don't arm the CQ more than two times if no CE for this CQ 2021-12-07 13:53:01 -04:00
input xen: add "not_essential" flag to struct xenbus_driver 2021-11-23 13:41:29 -06:00
interconnect
iommu iommu/vt-d: Fix unmap_pages support 2021-11-26 22:54:47 +01:00
ipack
irqchip irqchip/sifive-plic: Fixup EOI failed when masked 2021-11-12 16:09:51 +00:00
isdn mISDN: Fix return values of the probe function 2021-10-19 13:09:28 +01:00
leds
macintosh Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
mailbox mailbox: imx: support i.MX8ULP S4 MU 2021-10-29 23:03:09 -05:00
mcb
md for-5.16/drivers-2021-11-09 2021-11-09 11:24:08 -08:00
media media fixes for v5.16-rc3 2021-11-22 14:58:57 -08:00
memory memory: mtk-smi: Fix a null dereference for the ostd 2021-11-25 14:46:00 +01:00
memstick memstick: r592: Fix a UAF bug when removing the driver 2021-10-19 13:04:42 +02:00
message pci-v5.16-changes 2021-11-06 14:36:12 -07:00
mfd chrome platform changes for 5.16 2021-11-10 11:36:43 -08:00
misc More ACPI updates for 5.16-rc1 2021-11-10 11:52:40 -08:00
mmc mmc: mediatek: free the ext_csd when mmc_get_ext_csd success 2021-12-09 10:30:11 +01:00
most most: fix control-message timeouts 2021-10-26 19:12:01 +02:00
mtd mtd: dataflash: Add device-tree SPI IDs 2021-12-03 14:33:59 +01:00
mux mux: add support for delay after muxing 2021-10-21 20:02:42 +01:00
net net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports 2021-12-09 08:48:40 -08:00
nfc nfc: virtual_ncidev: change default device permissions 2021-11-26 11:14:31 -08:00
ntb
nubus
nvdimm libnvdimm for v5.16 2021-11-10 10:56:02 -08:00
nvme nvmet: use IOCB_NOWAIT only if the filesystem supports it 2021-11-25 15:02:40 +01:00
nvmem
of Devicetree fixes for v5.16, take 1: 2021-11-14 11:11:51 -08:00
opp
parisc
parport
pci pci-v5.16-fixes-2 2021-12-10 11:56:05 -08:00
pcmcia Core: 2021-11-02 06:20:58 -07:00
perf ACPI updates for 5.16-rc1 2021-11-02 15:58:39 -07:00
phy Char/Misc driver update for 5.16-rc1 2021-11-04 08:21:47 -07:00
pinctrl pinctrl: qcom: sm8350: Correct UFS and SDC offsets 2021-11-16 02:19:15 +01:00
platform platform-drivers-x86 for v5.16-3 2021-12-07 10:10:20 -08:00
pnp
power power: supply: bq25890: Fix initial setting of the F_CONV_RATE field 2021-11-02 16:48:47 +01:00
powercap powercap: DTPM: Drop unused local variable from init_dtpm() 2021-12-03 17:51:59 +01:00
pps
ps3
ptp ptp: ocp: Fix a couple NULL vs IS_ERR() checks 2021-11-18 12:12:55 +00:00
pwm pwm: vt8500: Rename pwm_busy_wait() to make it obviously driver-specific 2021-11-05 11:57:13 +01:00
rapidio rapidio: avoid bogus __alloc_size warning 2021-11-06 13:30:33 -07:00
ras
regulator - Remove Drivers 2021-11-08 12:07:52 -08:00
remoteproc
reset ARM: SoC drivers for 5.16 2021-11-03 17:00:52 -07:00
rpmsg remoteproc updates for v5.16 2021-11-10 09:07:26 -08:00
rtc RTC for 5.16 2021-11-12 11:44:31 -08:00
s390 s390: replace snprintf in show functions with sysfs_emit 2021-11-16 12:29:19 +01:00
sbus
scsi SCSI fixes on 20211204 2021-12-04 08:28:42 -08:00
sh
siox
slimbus
soc Merge branch 'exit-cleanups-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2021-11-10 16:15:54 -08:00
soundwire soundwire: qcom: add debugfs entry for soundwire register dump 2021-10-20 20:54:59 +05:30
spi spi: Fixes for v5.16 2021-11-18 14:35:41 -08:00
spmi
ssb
staging staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() 2021-11-17 14:08:57 +01:00
target scsi: target: configfs: Delete unnecessary checks for NULL 2021-11-18 23:07:02 -05:00
tc
tee optee: fix kfree NULL pointer 2021-11-16 14:41:23 +01:00
thermal Merge branch 'thermal-int340x' 2021-11-18 20:40:28 +01:00
thunderbolt thunderbolt: Changes for v5.16 merge window 2021-10-25 13:17:29 +02:00
tty TTY/Serial fixes for 5.16-rc4 2021-12-05 09:13:20 -08:00
uio Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM 2021-10-28 11:22:23 +00:00
usb Networking fixes for 5.16-rc5, including fixes from bpf, can and netfilter. 2021-12-09 11:26:44 -08:00
vdpa vdpa_sim: avoid putting an uninitialized iova_domain 2021-11-24 19:00:29 -05:00
vfio vfio/pci: Fix OpRegion read 2021-11-30 11:41:49 -07:00
vhost vhost-vdpa: clean irqs before reseting vdpa device 2021-11-24 19:00:28 -05:00
video TTY/Serial fixes for 5.16-rc4 2021-12-05 09:13:20 -08:00
virt
virtio Revert "virtio_ring: validate used buffer length" 2021-11-24 18:47:27 -05:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.16-rc1 tag 2021-11-10 09:41:22 -08:00
xen xen: detect uninitialized xenbus in xenbus_init 2021-11-24 08:55:15 -06:00
zorro
Kconfig
Makefile