Report on University of Minnesota Breach-of-Trust Incident
or
"An emergency re-review of kernel commits authored by members of the
University of Minnesota, due to the Hypocrite Commits research paper."
May 5, 2021
Prepared by the Linux Foundation's Technical Advisory Board
<[email protected]>
Chris Mason (chair)
Steven Rostedt (vice-chair)
Christian Brauner
Dan Williams
Greg Kroah-Hartman
Jonathan Corbet
Kees Cook
Laura Abbott
Sasha Levin
Ted Ts'o
Introduction
On April 20, 2021, in response to the perception that a group of
University of Minnesota (UMN) researchers had resumed sending
compromised code submissions to the Linux kernel, Greg Kroah-Hartman
asked the community to stop accepting patches from UMN and began a
re-review of all submissions previously accepted from the University.
This report summarizes the events that led to this point, reviews the
"Hypocrite Commits" paper that had been submitted for publication, and
reviews all known prior kernel commits from UMN paper authors that had
been accepted into our source repository. It concludes with a few
suggestions about how the community, with UMN included, can move
forward. Contributors to this paper include members of the Linux
Foundation's Technical Advisory Board (TAB), with patch review help from
many other members of the Linux kernel developer community.
UMN worked well within the kernel community for many years, submitting
numerous bug-fixes that were merged into past kernel releases. Last
year (2020), one member of the UMN community chose to do a research
project that involved submitting patches that attempted to intentionally
introduce flaws in the kernel. The trust between the kernel community
and UMN was broken when this project was made public. The UMN
developers went quiet for seven months and then started submitting a new
handful of poor quality patches to the community. Many assumed that
trickery was afoot, engendering a reaction that caused a halt to
acceptance of UMN kernel contributions and forced us to re-review all
prior submissions.
Due diligence required an audit to identify which authors were involved
in different UMN research projects, identify the intent of any flawed
patches, and remove flawed patches regardless of intent. Reestablishing
the community's trust in researcher groups is important as well, since
this incident could have a wide-reaching impact on trust in both
directions that might chill participation by any researchers in kernel
development. The developer community should be able to trust that
researchers are sending quality patches meant to improve the kernel, and
researchers should trust the developer community will not undermine the
researchers' reputations when mistakes are made. The recommendations in
this report aim to move beyond this conflict, providing a way to help
both communities to work together better.
Timeline of events
2018:
- UMN bug-fix research on Linux kernel starts, and roughly 400 bug-fix
patches are contributed over the next two years, mainly centered
around specific research papers:
https://www-users.cs.umn.edu/~kjlu/papers/lrsan.pdf
~21 commits, mostly 2018-04 through 2018-10
https://www-users.cs.umn.edu/~kjlu/papers/cheq.pdf
~52 commits, mostly 2018-12 through 2019-01
https://www-users.cs.umn.edu/~kjlu/papers/crix.pdf
~112 commits, mostly 2018-12 through 2019-09
https://www-users.cs.umn.edu/~kjlu/papers/k-meld.pdf
~74 commits, mostly 2019-09 through 2020-01
https://www-users.cs.umn.edu/~kjlu/papers/eecatch.pdf
~23 commits, mostly 2020-11 through 2020-02
https://www-users.cs.umn.edu/~kjlu/papers/hero.pdf
~67 commits, mostly 2020-05 through 2020-06
2020 August:
- "Hypocrite Commits" patches from UMN researchers sent to kernel developers
under false identities:
- Aug 4 13:36-0500
https://lore.kernel.org/lkml/[email protected]
- Aug 9 17:14-0500
https://lore.kernel.org/lkml/[email protected]
- Aug 20 22:12-0500
https://lore.kernel.org/lkml/[email protected]
- Aug 20 22:44-0500
https://lore.kernel.org/lkml/[email protected]
- Aug 21 02:05-0500
https://lore.kernel.org/lkml/[email protected]
2020 November:
- "Hypocrite Commits" paper is published.
https://linuxreviews.org/images/d/d9/OpenSourceInsecurity.pdf
2020 November 21:
- "Hypocrite Commits" paper accepted by IEEESSP.
https://www.ieee-security.org/TC/SP2021/program-papers.html
2020 November 22:
- Sarah Jamie Lewis calls attention to paper's ethics.
https://twitter.com/SarahJamieLewis/status/1330618919376228352
2020 Dec 1:
- Sarah Jamie Lewis & others send a letter to IEEESSP.
https://hackmd.io/s/BJGs6Tfiw
https://twitter.com/SarahJamieLewis/status/1341542481280700418
2020 December ?:
- UMN IRB appears to give an exemption to the research.
2020 December 15:
- UMN issues clarification.
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
2021 April 6:
- Poor quality patches sent by UMN after 7 months of silence.
https://lore.kernel.org/lkml/[email protected]
2021 April 20:
- Greg Kroah-Hartman asks submitters to stop sending poor quality
patches under the guise of "research on maintainers".
https://lore.kernel.org/r/[email protected]
https://lore.kernel.org/r/YH5/[email protected]
- Researcher responds claiming that this new set of patches was not
part of previous research. (The mailing list dropped this email
because it was sent in HTML format, so there is no direct link to
it, but it is visible in Greg's reply below.)
- Greg replies and says that all umn.edu submissions should be
rejected until this is all figured out.
https://lore.kernel.org/lkml/YH%2FfM%[email protected]
2021 April 21:
- Greg sends the initial @umn.edu revert series, requesting review by
any willing Linux maintainers.
https://lore.kernel.org/lkml/[email protected]
- TAB starts investigation.
- UMN authors not using @umn.edu addresses are identified.
- "Hypocrite Commits" email threads are identified by community.
https://news.ycombinator.com/item?id=26895209
- Sarah Jamie Lewis follows up.
https://twitter.com/SarahJamieLewis/status/1384871385537908736
2021 April 22:
- TAB issues statement on review.
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook
2021 April 23:
- Linux Foundation sends letter to UMN.
https://drive.google.com/file/d/1bUsiJQesI4pCioE6h4ZUOghg0qHpemcb
2021 April 24:
- UMN publishes "An open letter to the Linux community"
https://lore.kernel.org/r/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com
2021 April 25:
- UMN starts collecting consent from "Hypocrite Commits" email thread
participants to allow their public emails to be called out directly
as part of the research.
2021 April 26:
- UMN retracts "Hypocrite Commits" paper.
https://www-users.cs.umn.edu/~kjlu/papers/withdrawal-letter.pdf
2021 April 27:
- UMN publishes details on "Hypocrite Commits" email threads.
https://www-users.cs.umn.edu/~kjlu/papers/full-disclosure.pdf
- UMN replies to LF
https://drive.google.com/file/d/1z3Nm2bfR4tH1nOGBpuOmLyoJVEiO9cUq/view
2021 April 28:
- Greg requests a revert of the attempted "Hypocrite" commit.
https://lore.kernel.org/linux-crypto/[email protected]
2021 April 29:
- Greg posts an update on the re-review along with some more reverts.
https://lore.kernel.org/lkml/[email protected]
2021 May 3:
- Greg posts a final set of reverts, along with correct fixes for the
reverted changes.
https://lore.kernel.org/r/[email protected]
2021 May 5:
- TAB publishes this report
Patches submitted as part of the "Hypocrite Commits" research paper
After getting consent from all participants in the public "Hypocrite
Commits" patch discussion threads, UMN published a full disclosure on
the details of their actions surrounding the paper.
https://www-users.cs.umn.edu/~kjlu/papers/full-disclosure.pdf
The authors of the paper identify five changes that were submitted to
the public Linux kernel mailing list, which matched the threads publicly
identified earlier. These changes were submitted using two fake
identities, which is against the documented requirements for how to
contribute code to the Linux kernel. The University appears to have
allowed researchers to use fake identities when agreeing to the
"Developers Certificate of Origin", a legal statement about the work
being submitted.
https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin
The patches listed below map to the patch numbers that the researchers
use in their disclosure statement. We do note that the ordering is not
chronological; the patches were sent to the community in the order of 5,
2, 1, 3, 4 with the specific times noted below (and above in the
timeline of events).
Patch 1
First email: Thu, 20 Aug 2020 22:12:08 -0500 (Fri, 21 Aug 2020 03:12:08 UTC)
First reply: Fri, 28 Aug 2020 17:19:31 +1000 (Fri, 28 Aug 2020 07:19:31 UTC)
https://lore.kernel.org/lkml/[email protected]
This change was accepted into the kernel repository, after a review by
the subsystem maintainer, and showed up in the kernel repository as:
9fcddaf2e28d crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions
This change was valid. The author's attempt to create an invalid change
failed as they did not understand how the PCI driver model worked within
the kernel. They asked for clarification about this change after the
maintainer accepted the change, and were told that it was acceptable.
Why the authors claimed in the submitted paper that this was an
incorrect change is not clear.
Because this submission was made under a false name, it was asked to be
removed from the kernel repository as the kernel community does not
accept known-anonymous contributions as documented above in the link to
the "Submitting Patches" kernel documentation. There have been
exceptions made to this rule before, but those have been done for very
specific reasons unique to the individual contributors; their true
identities are known to a subset of existing kernel maintainers.
https://lore.kernel.org/r/[email protected]
Patch 2
First email: Sun, 9 Aug 2020 17:14:52 -0500 (Sun, 09 Aug 2020 22:14:52 UTC)
First reply: Mon, 10 Aug 2020 07:16:48 +0200 (Mon, 10 Aug 2020 05:16:48 UTC)
https://lore.kernel.org/lkml/[email protected]
This patch was a copy of a previously submitted change in this very
area, trying to get acceptance of the patch by quoting the syzbot tool.
The maintainers quickly recognized that this change was invalid, and
rejected it. Ironically, the earlier bad patch had actually inspired an
entire presentation calling attention to how CVEs do not work well for
tracking kernel bugs:
https://kernel-recipes.org/en/2019/talks/cves-are-dead-long-live-the-cve/
Patch 3
First email: Thu, 20 Aug 2020 22:44:57 -0500 (Fri, 21 Aug 2020 03:44:57 UTC)
First reply: Fri, 21 Aug 2020 11:14:49 +0300 (Fri, 21 Aug 2020 08:14:49 UTC)
https://lore.kernel.org/lkml/[email protected]
This patch was quickly recognized by a reviewer to be incorrect, and the
reviewer offered up possible changes that the submitter could make in
order to turn it into a correct change. These suggestions were ignored
by the submitter and no further changes were submitted in this area.
The maintainer was attempting to mentor an obviously junior contributor,
taking time to teach the developer what the proper thing to do here
would be, and what is needed in order to have them create a
contribution that would be acceptable. The contributor knew that the
patch was bad, showing that the researchers were willing to waste the
resource that is in shortest supply in our community: the time of
reviewers and maintainers. Having this waste of an "effort of someone
trying to teach another" be created by an educational institution was
especially hurtful to the community and caused many of the bad feelings
on the community's side, further amplified by not having any idea which
patches out of the hundreds sent by UMN or from new contributors using
gmail accounts might be intentionally bad.
Patch 4
First email: Fri, 21 Aug 2020 02:05:36 -0500 (Fri, 21 Aug 2020 07:05:36 UTC)
First reply: Thu, 27 Aug 2020 14:46:00 +0200 (Thu, 27 Aug 2020 12:46:00 UTC)
https://lore.kernel.org/lkml/[email protected]
This patch was reviewed by the maintainer of the driver, found to be
incorrect, and suggestions were made as to what could be done instead to
make the change in a correct manner. The submitter did respond, saying
that their original attempt was incorrect, and apologized for bothering
the developers.
Patch 5
First email: Tue, 4 Aug 2020 13:36:49 -0500 (Tue, 04 Aug 2020 18:36:49 UTC)
https://lore.kernel.org/lkml/[email protected]
According to the researchers, this patch was submitted as an independent
patch and not part of the "Hypocrite" research, attempting a legitimate
fix. The developer had configured their system to use the fake name in
preparation for the "Hypocrite" submissions so it showed up to the world
as coming from "James Bond." This claim is supported by the fact that
the function being patched, dmi_system_event_log(), shows up in the
named bug list for the "Disordered Error Handling" research paper, and
an earlier attempt was made to make this change (with a real name).
However, the latter attempt from "James Bond" is incomplete compared to
the earlier fix attempt.
https://lore.kernel.org/lkml/[email protected]
When the "James Bond" submission was eventually reviewed by the
maintainer of this subsystem a few weeks later, this name was known by
the kernel developer community to be false (during the earlier review of
Patch 2), so the submission was just ignored.
https://lore.kernel.org/lkml/[email protected]
Summary of "Hypocrite Commits" patch attempts
All patch submissions that were invalid were caught, or ignored, by the
Linux kernel developers and maintainers. Our patch-review processes
worked as intended when confronted with these malicious patches.
Summary of review
435 commits were re-reviewed. Two sets of commit reviews were done in
public and can be seen in these email threads:
https://lore.kernel.org/r/[email protected]
https://lore.kernel.org/r/[email protected]
A third set of reviews were done by TAB members covering the commits
made by UMN authors that were using other email accounts (i.e. not
@umn.edu).
Full details of each of the changes that were reviewed can be found
below in the section "Details of Review". We can summarize the review
of these commits into the following categories with the number in each
category:
- commits found to be correct (349)
- commits found to be incorrect and in need of fixing (39)
- commits already fixed by later commits (25)
- commits that no longer matter (12)
- commits made before the research group existed (9)
- commits the author asked to have removed (1)
Commits found to be correct
The huge majority of the reviewed commits were found to be correct.
These 349 commits are marked with "c" in the "Commit Determination"
field below, with any public review URLs noted in the indented lines
following the commit reference.
Commits found to be incorrect and in need of fixing
During the re-review, a number of commits were found to have some problem
with them. These 39 commits are going to be reverted, and a replacement
commit will be submitted to resolve any remaining problems in a correct
manner before the 5.13 kernel release. They are marked with "I" or "H" in
the "Commit Determination" field below, with any public review URLs noted
in the indented lines following the commit reference.
Commits already fixed by later commits
25 commits were independently found to be incorrect after acceptance
into the kernel and were subsequently reverted or fixed by other
developers. As the end-result of these changes is now correct, the
original incorrect commits do not need to be removed. These commits are
marked with "r" or "f" in the "Commit Disposition" field below, with any
existing fixes, reverts, or public review URLs noted in the indented
lines following the commit reference.
Commits that no longer matter
Several commits no longer matter as the code they touched had been
removed from the kernel before the incident due to drivers and
subsystems having become obsolete. These 12 commits are marked with "n"
in the "Commit Determination" field below, with any public review URLs
noted in the indented lines following the commit reference.
Commits made before the research group existed
A handful of very old commits made by developers using an @umn.edu email
address were also reviewed again and were found not to be causing any
obvious problems. These 9 commits are marked with "o" in the "Commit
Determination" field below.
Commits the author asked to have removed
One incorrect commit was reverted from the source tree at the request of
the author. It is marked with "a" in the "Commit Disposition" field
below, with the thread URL noted in the indented line following the
commit reference.
Details of review
Authors of UMN papers researching the Linux kernel:
Aditya Pakki <[email protected]>
Qiushi Wu <[email protected]>
Kangjie Lu <[email protected]>
Wenwen Wang <[email protected]>
Navid Emamdoost <[email protected]>
Earliest commit date from any of above:
Tue May 3 16:32:16 2016 -0400
Hypocrite patch attempts:
George Acosta <[email protected]>
James Bond <[email protected]>
Later addresses:
Wenwen Wang <[email protected]>
Earlier addresses:
Kangjie Lu <[email protected]>
Kangjie Lu <[email protected]>
Before current incident:
Alireza Haghdoost <[email protected]>
Dave C Boutcher <[email protected]>
Commit log regular expression:
((pakki001|kjlu|wu000273|wang6495)@umn\.edu|navid\.emamdoost@gmail\.com|wenwen@cs\.uga\.edu|kjlu@gatech\.edu|(acostag\.ubuntu|jameslouisebond|kangjielu)@gmail\.com)
First column key ("Review origin"):
1 = in original re-review series
https://lore.kernel.org/lkml/[email protected]
2 = in original "needs special attention" review series
https://lore.kernel.org/lkml/YIAtwtOpy%[email protected]
3 = involves a UMN author not covered by 1 and 2 above.
(e.g. Reported-by:, or Author: not @umn.edu)
git log --pretty=format:'%h %as %>(16)%aN %s' --no-merges -E --grep "$RE"
n = commit by non-UMN author referencing an incident-related commit or author
git log --oneline --no-merges -E --grep "Fixes: (commit )?($SHA_RE)"
Second column key ("Commit Determination"):
c = apparently correct commit
I = incorrect fix (e.g. in need of revert or fix)
H = attempted hypocrite commit
n = no longer relevant (e.g. entire driver removed)
o = commit unrelated to incident
Third column key ("Commit Disposition"):
R = revert and fix after incident
f = received fixes before the incident
r = reverted before the incident
a = reverted by author
- = no further changes needed
Commits sorted by apparent research origins:
# On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
# https://linuxreviews.org/images/d/d9/OpenSourceInsecurity.pdf
# Qiushi Wu and Kangjie Lu
3HR 9fcddaf2e28d 2020-08-20 George Acosta crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions
# Understanding and Detecting Disordered Error Handling with Precise Function Pairing
# https://www-users.cs.umn.edu/~kjlu/papers/hero.pdf
# Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, Kangjie Lu
nf- 4684709bf81a 2020-12-02 Jubin Zhong PCI: Fix pci_slot_release() NULL pointer dereference
nf- b9ad3e9f5a7a 2020-11-20 Jamie Iles bonding: wait for sysfs kobject destruction before freeing struct slave
nf- a39d0d7bdf8c 2020-09-28 Jean Delvare drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
1c- 6f4432bae9f2 2020-06-14 Qiushi Wu media: sti: Fix reference count leaks
https://lore.kernel.org/r/[email protected]
1c- 7ef64ceea000 2020-06-14 Qiushi Wu media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
https://lore.kernel.org/r/[email protected]
1c- c47f7c779ef0 2020-06-14 Qiushi Wu media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
https://lore.kernel.org/r/[email protected]
1c- 64157b2cb194 2020-06-14 Qiushi Wu media: exynos4-is: Fix a reference count leak
https://lore.kernel.org/r/[email protected]
1c- 88f50a05f907 2020-06-14 Qiushi Wu media: stm32-dcmi: Fix a reference count leak
https://lore.kernel.org/r/[email protected]
1c- 78741ce98c2e 2020-06-14 Qiushi Wu media: s5p-mfc: Fix a reference count leak
https://lore.kernel.org/r/[email protected]
1c- d0675b67b42e 2020-06-14 Qiushi Wu media: camss: Fix a reference count leak.
https://lore.kernel.org/r/[email protected]
1c- 63e36a381d92 2020-06-14 Qiushi Wu media: platform: fcp: Fix a reference count leak.
https://lore.kernel.org/r/[email protected]
1c- 884d638e0853 2020-06-14 Qiushi Wu media: rockchip/rga: Fix a reference count leak.
https://lore.kernel.org/r/[email protected]
1c- 410822037cc9 2020-06-14 Qiushi Wu media: rcar-vin: Fix a reference count leak.
https://lore.kernel.org/r/[email protected]
1c- aaffa0126a11 2020-06-14 Qiushi Wu media: rcar-vin: Fix a reference count leak.
https://lore.kernel.org/r/[email protected]
1c- fe3c60684377 2020-06-13 Qiushi Wu firmware: Fix a reference count leak.
https://lore.kernel.org/r/[email protected]
1c- 659fb5f154c3 2020-06-13 Aditya Pakki drm/nouveau: fix multiple instances of reference count leaks
https://lore.kernel.org/r/[email protected]
1c- 78c2ce9bde70 2020-06-13 Aditya Pakki omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
https://lore.kernel.org/r/[email protected]
3c- f79f94765f8c 2020-06-14 Navid Emamdoost drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
1c- 6f2e8acdb48e 2020-06-13 Aditya Pakki drm/radeon: fix multiple reference count leak
https://lore.kernel.org/r/MN2PR12MB44889F62CD7F3EAC7572AEA2F7479@MN2PR12MB4488.namprd12.prod.outlook.com
1c- 20eca0123a35 2020-06-13 Qiushi Wu drm/amdkfd: Fix reference count leaks.
https://lore.kernel.org/r/[email protected]
1c- f141a422159a 2020-06-13 Qiushi Wu ASoC: rockchip: Fix a reference count leak.
https://lore.kernel.org/r/YIg7gWWkgqnj1S/[email protected]
1c- 90a239ee25fa 2020-06-13 Aditya Pakki RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq
https://lore.kernel.org/r/[email protected]
1c- 17ed808ad243 2020-05-28 Qiushi Wu EDAC: Fix reference count leaks
https://lore.kernel.org/r/[email protected]
1c- deca195383a6 2020-06-13 Qiushi Wu ASoC: tegra: Fix reference count leaks.
https://lore.kernel.org/r/[email protected]
3c- 79c43333bdd5 2020-06-04 Navid Emamdoost can: xilinx_can: handle failure cases of pm_runtime_get_sync
3c- 861254d82649 2020-06-04 Navid Emamdoost gpio: arizona: put pm_runtime in case of failure
3c- e6f390a834b5 2020-06-04 Navid Emamdoost gpio: arizona: handle pm_runtime_get_sync failure case
1c- a6379f0ad637 2020-06-12 Aditya Pakki test_objagg: Fix potential memory leak in error handling
https://lore.kernel.org/r/[email protected]
1c- 6b9fbb073636 2020-06-13 Qiushi Wu ASoC: img-parallel-out: Fix a reference count leak
https://lore.kernel.org/r/[email protected]
3c- d88de040e1df 2020-06-04 Navid Emamdoost iio: pressure: zpa2326: handle pm_runtime_get_sync failure
3c- eea123886720 2020-06-04 Navid Emamdoost sata_rcar: handle pm_runtime_get_sync failure cases
3c- ca162ce98110 2020-06-01 Navid Emamdoost pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
1c- aa8ba13cae31 2020-05-27 Qiushi Wu vfio/mdev: Fix reference count leak in add_mdev_supported_type
https://lore.kernel.org/r/[email protected]
1c- 0b8e125e2132 2020-05-27 Qiushi Wu RDMA/core: Fix several reference count leaks.
https://lore.kernel.org/r/[email protected]
1c- c343bf1ba5ef 2020-05-28 Qiushi Wu cpuidle: Fix three reference count leaks
https://lore.kernel.org/r/[email protected]
1c- 4d8be4bc94f7 2020-05-27 Qiushi Wu ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
https://lore.kernel.org/r/YIgkr/swUm/[email protected]
1c- b975abbd382f 2020-05-22 Qiushi Wu agp/intel: Fix a memory leak on module initialisation failure
https://lore.kernel.org/r/[email protected]
1c- 1d7a7128a2e9 2020-05-02 Qiushi Wu power: supply: core: fix memory leak in HWMON error path
https://lore.kernel.org/r/[email protected]
1c- 57cc666d36ad 2020-06-14 Aditya Pakki media: st-delta: Fix reference count leak in delta_run_work
https://lore.kernel.org/r/[email protected]
1c- 7dae2aaaf432 2020-06-14 Qiushi Wu media: ti-vpe: Fix a missing check and reference count leak
https://lore.kernel.org/r/[email protected]
3c- 9df0e0c18896 2020-06-14 Navid Emamdoost drm/panfrost: perfcnt: fix ref count leak in panfrost_perfcnt_enable_locked
1c- 9fb106710111 2020-06-13 Aditya Pakki drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
https://lore.kernel.org/r/MN2PR12MB4488CE1D9E2133F4110D131EF7479@MN2PR12MB4488.namprd12.prod.outlook.com
1c- 8f29432417b1 2020-06-13 Aditya Pakki drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek
https://lore.kernel.org/r/[email protected]
2c- 990a1162986e 2020-06-13 Aditya Pakki drm/nouveau: Fix reference count leak in nouveau_connector_detect
1c- a2cdf39536b0 2020-06-13 Aditya Pakki drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
https://lore.kernel.org/r/[email protected]
1c- bfad51c76333 2020-06-13 Aditya Pakki drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
https://lore.kernel.org/r/[email protected]
3c- c5d5a32ead1e 2020-06-15 Navid Emamdoost drm/etnaviv: fix ref count leak via pm_runtime_get_sync
1c- 8a94644b440e 2020-05-27 Qiushi Wu PCI: Fix pci_create_slot() reference count leak
fixed by: 4684709bf81a PCI: Fix pci_slot_release() NULL pointer dereference
https://lore.kernel.org/r/20210422044331.GA2907704@bjorn-Precision-5520
3If e008fa6fb415 2020-06-14 Navid Emamdoost drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
fixed by: a39d0d7bdf8c drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
3c- 5509ac65f2fe 2020-06-14 Navid Emamdoost drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
3c- 9ba8923cbbe1 2020-06-14 Navid Emamdoost drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
1c- aaa3cbbac326 2020-05-22 Qiushi Wu platform/chrome: cros_ec_ishtp: Fix a double-unlock issue
https://lore.kernel.org/r/[email protected]
3c- d4f5a095daf0 2020-06-15 Navid Emamdoost drm/exynos: fix ref count leak in mic_pre_enable
1c- 2655971ad4b3 2020-06-13 Aditya Pakki usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
https://lore.kernel.org/r/[email protected]
2c- 58d0c864e1a7 2020-06-12 Aditya Pakki rocker: fix incorrect error handling in dma_rings_init
https://lore.kernel.org/r/[email protected]
1c- c4c59b95b7f7 2020-06-13 Qiushi Wu ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt
https://lore.kernel.org/r/[email protected]
1c- 4ddf4739be6e 2020-05-28 Qiushi Wu efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
https://lore.kernel.org/r/CAMj1kXEYLKJX3DfzPAT78iQMMpXWmEGtBbjQDyfZzTR3pYBxMw@mail.gmail.com
1c- 0267ffce562c 2020-05-28 Qiushi Wu scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
https://lore.kernel.org/r/[email protected]
1c- 7cc31613734c 2020-05-27 Qiushi Wu iommu: Fix reference count leak in iommu_group_alloc.
https://lore.kernel.org/r/[email protected]
2If a068aab42258 2020-05-27 Qiushi Wu bonding: Fix reference count leak in bond_sysfs_slave_add.
fixed by: b9ad3e9f5a7a bonding: wait for sysfs kobject destruction before freeing struct slave
1c- 6e6c25283dff 2020-05-27 Qiushi Wu ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
https://lore.kernel.org/r/[email protected]
1c- 25bf943e4e7b 2020-05-25 Qiushi Wu ASoC: fix incomplete error-handling in img_i2s_in_probe.
https://lore.kernel.org/r/YIg7/[email protected]
1c- 15c973858903 2020-05-25 Qiushi Wu qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
https://lore.kernel.org/r/[email protected]
1c- db857e6ae548 2020-05-22 Qiushi Wu RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
https://lore.kernel.org/r/[email protected]
1c- 44734a594196 2020-05-22 Qiushi Wu usb: gadget: fix potential double-free in m66592_probe.
https://lore.kernel.org/r/[email protected]
1c- febfd9d3c7f7 2020-05-22 Qiushi Wu net/mlx4_core: fix a memory leak bug.
https://lore.kernel.org/r/[email protected]
1c- f45d01f4f30b 2020-05-22 Qiushi Wu rxrpc: Fix a memory leak in rxkad_verify_response()
https://lore.kernel.org/r/[email protected]
1c- 5a730153984d 2020-05-22 Qiushi Wu net: sun: fix missing release regions in cas_init_one().
https://lore.kernel.org/r/[email protected]
2c- 8816cd726a4f 2020-05-03 Qiushi Wu rtc: mc13xxx: fix a double-unlock issue
https://lore.kernel.org/r/[email protected]
1c- bd4af432cc71 2020-05-02 Qiushi Wu nfp: abm: fix a memory leak bug
https://lore.kernel.org/r/20210421090315.11cc4eaf@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com
# Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection
# https://www-users.cs.umn.edu/~kjlu/papers/eecatch.pdf
# Aditya Pakki, and Kangjie Lu
1c- 639c0a5b0503 2019-12-19 Aditya Pakki media: media/saa7146: fix incorrect assertion in saa7146_buffer_finish
https://lore.kernel.org/r/[email protected]
1IR 2c2a7552dd64 2020-02-14 Aditya Pakki ecryptfs: replace BUG_ON with error handling code
https://lore.kernel.org/r/YIBM8hiBLFO+JJr/@zeniv-ca.linux.org.uk
1c- 8d7a577d04e8 2020-01-21 Aditya Pakki clk: samsung: Remove redundant check in samsung_cmu_register_one
https://lore.kernel.org/r/[email protected]
1c- 67e2d2eb5423 2020-01-30 Aditya Pakki fs: ocfs: remove unnecessary assertion in dlm_migrate_lockres
https://lore.kernel.org/r/20210422084208.GB5316@amd
1c- b0e4cfae483f 2020-01-06 Aditya Pakki media: davinci/vpfe_capture.c: Avoid BUG_ON for register failure
https://lore.kernel.org/r/[email protected]
1c- 1ec4c6efe231 2019-12-15 Aditya Pakki media: saa7146: Avoid using BUG_ON as an assertion
https://lore.kernel.org/r/[email protected]
1c- 93a24578de72 2019-12-15 Aditya Pakki media: cx231xx: replace BUG_ON with recovery code
https://lore.kernel.org/r/[email protected]
1c- 9f48db0d4a08 2019-12-17 Aditya Pakki RDMA/srpt: Remove unnecessary assertion in srpt_queue_response
https://lore.kernel.org/r/[email protected]
1c- d7a336d67ab5 2019-12-19 Aditya Pakki staging: kpc2000: remove unnecessary assertions in kpc_dma_transfer
https://lore.kernel.org/r/YIf7h/[email protected]
1c- d6bd6cf9feb8 2019-12-17 Aditya Pakki xen/grant-table: remove multiple BUG_ON on gnttab_interface
https://lore.kernel.org/r/[email protected]
1c- 52b894393cec 2019-12-17 Aditya Pakki scsi: libfc: remove unnecessary assertion on ep variable
https://lore.kernel.org/r/[email protected]
1c- a886ca6fcfff 2019-12-17 Aditya Pakki hdlcdrv: replace unnecessary assertion in hdlcdrv_register
https://lore.kernel.org/r/[email protected]
1c- 615f22f58029 2019-12-17 Aditya Pakki nfc: s3fwrn5: replace the assertion with a WARN_ON
https://lore.kernel.org/r/[email protected]
1c- fc1b20659597 2019-12-17 Aditya Pakki nfsd: remove unnecessary assertion in nfsd4_encode_replay
https://lore.kernel.org/r/[email protected]
1c- 5bf2fc1f9c88 2019-12-19 Aditya Pakki bpf: Remove unnecessary assertion on fp_old
https://lore.kernel.org/r/CAADnVQKrsue+0tCCjU9wzGALPqWZXF2vxUH1hJuF7uJkf5x+oQ@mail.gmail.com
2c- c705f9fc6a17 2019-12-15 Aditya Pakki orinoco: avoid assertion in case of NULL pointer
https://lore.kernel.org/r/[email protected]
2c- 8b6fc114beeb 2019-12-15 Aditya Pakki drm: remove duplicate check on parent and avoid BUG_ON
1IR c5dea815834c 2019-12-15 Aditya Pakki net: caif: replace BUG_ON with recovery code
https://lore.kernel.org/r/[email protected]
1c- bbd20c939c8a 2019-12-15 Aditya Pakki fore200e: Fix incorrect checks of NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 1ee7826ab68f 2019-12-15 Aditya Pakki mac80211: Remove redundant assertion
https://lore.kernel.org/r/[email protected]
2c- 169f9acae086 2019-12-05 Aditya Pakki spi: dw: Avoid BUG_ON() in case of host failure
1c- 02a896ca8487 2019-12-05 Aditya Pakki pppoe: remove redundant BUG_ON() check in pppoe_pernet
https://lore.kernel.org/r/[email protected]
1c- 60f5c4aaae45 2019-11-17 Aditya Pakki net: atm: Reduce the severity of logging in unlink_clip_vcc
https://lore.kernel.org/r/[email protected]
# Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning
# https://www-users.cs.umn.edu/~kjlu/papers/k-meld.pdf
# Navid Emamdoost, Qiushi Wu, Kangjie Lu, Stephen McCamant
nf- 579dd91ab3a5 2020-06-29 Zheng Bin nbd: Fix memory leak in nbd_add_socket
nf- 7174dc655ef0 2020-12-07 Lukas Wunner spi: gpio: Don't leak SPI master in probe error path
nf- e163fdb3f7f8 2020-01-08 Kees Cook pstore/ram: Regularize prz label allocation lifetime
nf- cad46039e4c9 2019-12-17 Ben Hutchings net: qlogic: Fix error paths in ql_alloc_large_buffers()
3c- f6c992ca7dd4 2020-08-09 Navid Emamdoost clk: bcm2835: add missing release if devm_clk_hw_register fails
3c- e6827d1abdc9 2020-07-22 Navid Emamdoost cxgb4: add missing release on skb in uld_send()
3c- 880e21490be6 2020-07-18 Navid Emamdoost mt7601u: add missing release on skb in mt7601u_mcu_msg_send
3c- 5648d1c9cadb 2020-07-18 Navid Emamdoost mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg
3c- 1e8fd3a97f2d 2020-07-18 Navid Emamdoost nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
3c- c3df30a01da4 2019-11-10 Navid Emamdoost media: aspeed-video: Fix memory leaks in aspeed_video_probe
3c- 40efb09a7f53 2019-09-24 Navid Emamdoost drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
3c- a7c46c0c0e3d 2020-01-04 Navid Emamdoost mm/gup: fix memory leak in __gup_benchmark_ioctl
nIf 8df955a32a73 2019-12-30 Kees Cook pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
fixed by: e163fdb3f7f8 pstore/ram: Regularize prz label allocation lifetime
3c- 4282dc057d75 2019-12-14 Navid Emamdoost brcmfmac: Fix memory leak in brcmf_usbdev_qinit
3c- 5cc509aa83c6 2019-11-22 Navid Emamdoost brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev()
3c- f37f71035367 2019-12-14 Navid Emamdoost net: gemini: Fix memory leak in gmac_setup_txqs
3c- 8c386cc81787 2019-11-25 Navid Emamdoost PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
3c- 6645d42d79d3 2019-11-22 Navid Emamdoost dma-buf: Fix memory leak in sync_file_merge()
3c- b6631c6031c7 2019-11-22 Navid Emamdoost sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook
3c- d088337c38a5 2019-11-21 Navid Emamdoost Bluetooth: Fix memory leak in hci_connect_le_scan
3c- 450c3d416683 2019-10-02 Navid Emamdoost affs: fix a memory leak in affs_remount
3c- e13de8fe0d6a 2019-10-04 Navid Emamdoost of: unittest: fix memory leak in unittest_data_add
3c- 4aa7afb0ee20 2019-10-21 Navid Emamdoost ipmi: Fix memory leak in __ipmi_bmc_register
3c- 1399c59fa929 2019-10-04 Navid Emamdoost nl80211: fix memory leak in nl80211_get_ftm_responder_stats
3c- 80b15db5e1e9 2019-10-04 Navid Emamdoost staging: vt6655: Fix memory leak in vt6655_probe
3c- 5bdea6060618 2019-09-29 Navid Emamdoost Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
3c- 1104057562ec 2019-10-01 Navid Emamdoost drm/amdgpu: fix multiple memory leaks in acp_hw_init
3c- 57be09c6e874 2019-10-01 Navid Emamdoost drm/amdgpu: fix multiple memory leaks in acp_hw_init
3c- 057b8945f78f 2019-09-29 Navid Emamdoost spi: lpspi: fix memory leak in fsl_lpspi_probe
3If d3b0ffa1d75d 2019-09-30 Navid Emamdoost spi: gpio: prevent memory leak in spi_gpio_probe
fixed by: 7174dc655ef0 spi: gpio: Don't leak SPI master in probe error path
3c- ca312438cf17 2019-09-19 Navid Emamdoost staging: rtl8192u: fix multiple memory leaks on error path
3c- 0911224b6bf4 2019-09-19 Navid Emamdoost staging: rtl8192u: release memory on error path
3Ir 78beef629fd9 2019-09-26 Navid Emamdoost nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
reverted by: 1d1997db870f Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace"
3If 03bf73c315ed 2019-09-23 Navid Emamdoost nbd: prevent memory leak
fixed by: 579dd91ab3a5 nbd: Fix memory leak in nbd_add_socket
3c- fb5be6a7b486 2019-09-19 Navid Emamdoost can: gs_usb: gs_can_open(): prevent memory leak
3c- 6f3ef5c25cc7 2019-10-25 Navid Emamdoost wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
3c- 45c1380358b1 2019-10-27 Navid Emamdoost ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
3c- c0a333d842ef 2019-10-27 Navid Emamdoost ASoC: SOF: Fix memory leak in sof_dfsentry_write
3c- 9bbfceea12a8 2019-09-29 Navid Emamdoost usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
3c- 27d461333459 2019-09-25 Navid Emamdoost i40e: prevent memory leak in i40e_setup_macvlans
3c- 2289adbfa559 2019-10-09 Navid Emamdoost media: usb: fix memory leak in af9005_identify_state
3c- 29cd13cfd762 2019-10-21 Navid Emamdoost drm/v3d: Fix memory leak in v3d_submit_cl_ioctl
3c- c7ed6d0183d5 2019-09-27 Navid Emamdoost net/mlx5: fix memory leak in mlx5_fw_fatal_reporter_dump
3c- c8c2a057fdc7 2019-09-24 Navid Emamdoost net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
3c- e0b0cb938864 2019-09-30 Navid Emamdoost virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
3c- c03b04dcdba1 2019-10-04 Navid Emamdoost crypto: user - fix memory leak in crypto_reportstat
3c- ffdde5932042 2019-10-04 Navid Emamdoost crypto: user - fix memory leak in crypto_report
3c- 9c0530e898f3 2019-09-19 Navid Emamdoost iio: imu: adis16400: fix memory leak
3c- ab612b1daf41 2019-09-19 Navid Emamdoost iio: imu: adis16400: release allocated memory on failure
3c- 0f4f199443fa 2019-09-27 Navid Emamdoost iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
3c- b4b814fec1a5 2019-09-12 Navid Emamdoost iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
3c- d10dcb615c8e 2019-10-04 Navid Emamdoost mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
3c- db8fd2cde932 2019-10-04 Navid Emamdoost mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
3c- a7b2df76b42b 2019-09-25 Navid Emamdoost media: rc: prevent memory leak in cx23888_ir_probe
3c- bbe692e349e2 2019-09-16 Navid Emamdoost rpmsg: char: release allocated memory
3If 1acb8f2a7a9f 2019-10-04 Navid Emamdoost net: qlogic: Fix memory leak in ql_alloc_large_buffers
fixed by: cad46039e4c9 qlogic: Fix error paths in ql_alloc_large_buffers()
3c- fc739a058d99 2019-09-25 Navid Emamdoost misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
3c- 128c66429247 2019-09-19 Navid Emamdoost crypto: ccp - Release all allocated memory if sha type is invalid
3c- cabe144bfd0c 2019-09-16 Navid Emamdoost drm/amd/display: memory leak
3c- e7883ab63213 2019-09-24 Navid Emamdoost drm/amd/display: prevent memory leak
3c- 055e547478a1 2019-09-16 Navid Emamdoost drm/amd/display: memory leak
3c- a2cdd07488e6 2019-09-19 Navid Emamdoost rtl8xxxu: prevent leaking urb
3c- 34b3be18a04e 2019-09-25 Navid Emamdoost RDMA/hfi1: Prevent memory leak in sdma_init
3c- 3f9361695113 2019-09-24 Navid Emamdoost rtlwifi: prevent memory leak in rtl_usb_probe
3c- d563131ef23c 2019-09-13 Navid Emamdoost rsi: release skb if rsi_prepare_beacon fails
3c- 0e62395da2bd 2019-09-10 Navid Emamdoost scsi: bfa: release allocated memory in case of error
3c- 68501df92d11 2019-09-29 Navid Emamdoost net: dsa: sja1105: Prevent leaking memory
3c- 96c5c6e6a5b6 2019-09-20 Navid Emamdoost tracing: Have error path in predicate_parse() free its allocated memory
3c- 6402939ec86e 2019-09-17 Navid Emamdoost ieee802154: ca8210: prevent memory leak
3c- 8ce39eb5a67a 2019-09-25 Navid Emamdoost nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
3c- 8572cea1461a 2019-09-25 Navid Emamdoost nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
3c- a0ecd6fdbf5d 2019-09-24 Navid Emamdoost drm/komeda: prevent memory leak in komeda_wb_connector_add
3c- 104c307147ad 2019-09-24 Navid Emamdoost drm/amd/display: prevent memory leak
3c- b8d17e7d93d2 2019-09-19 Navid Emamdoost ath10k: fix memory leak
3c- 4a9d46a9fe14 2019-09-10 Navid Emamdoost RDMA: Fix goto target to release the allocated memory
3c- a21b7f0cff19 2019-09-11 Navid Emamdoost net: qrtr: fix memort leak in qrtr_tun_write_iter
3If 2507e6ab7a9a 2019-09-10 Navid Emamdoost wimax: i2400: fix memory leak
fixed by: 6f3ef5c25cc7 wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
3c- 728c1e2a05e4 2019-09-06 Navid Emamdoost ath9k: release allocated buffer if timed out
3c- 853acf7caf10 2019-09-06 Navid Emamdoost ath9k_htc: release allocated buffer if timed out
# Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences
# https://www-users.cs.umn.edu/~kjlu/papers/crix.pdf
# Kangjie Lu, Aditya Pakki, Qiushi Wu
nf- a663e0df4a37 2020-10-07 Mika Westerberg thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services()
nf- cb7dc3178a98 2020-08-06 Evgeny Novikov mtd: rawnand: vf610: disable clk on error handling path in probe
nf- 66673f96f0f9 2020-07-17 Liu Jian ieee802154: fix one possible memleak in adf7242_probe
nf- 333830aa149a 2020-04-29 Takashi Iwai gpio: exar: Fix bad handling for ida_simple_get error path
1c- 6fc232db9e8c 2019-12-15 Aditya Pakki rfkill: Fix incorrect check to avoid NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2c- 8da96730331d 2019-03-15 Kangjie Lu ath10k: fix missing checks for bmi reads and writes
3c- 8dbdee8e8acc 2019-09-11 Navid Emamdoost media: usb: null check create_singlethread_workqueue
3c- 68085f314d64 2019-09-11 Navid Emamdoost media: gspca: null check create_singlethread_workqueue
3c- 4c1fde5077dc 2019-09-11 Navid Emamdoost platform/chrome: cros_usbpd_logger: null check create_singlethread_workqueue
nc- 864b23f0169d 2019-09-06 Austin Kim x86/platform/uv: Fix kmalloc() NULL check routine
3c- d94dfd798c48 2019-08-31 Navid Emamdoost Bluetooth: bpa10x: change return value
3c- b95c732234fa 2019-07-24 Navid Emamdoost mt7601u: null check the allocation
3c- 09acf29c8246 2019-07-31 Navid Emamdoost staging: rtl8192u: null check the kzalloc
3c- afd6d4f5a52c 2019-07-24 Navid Emamdoost drm/panel: check failure cases in the probe func
3c- bb1320834b8a 2019-07-21 Navid Emamdoost allocate_flower_entry: should check for null deref
3c- ea5ab2e422de 2019-07-19 Navid Emamdoost 8250_lpss: check null return when calling pci_ioremap_bar
3c- 3008e06fdf09 2019-07-23 Navid Emamdoost st_nci_hci_connectivity_event_received: null check the allocation
3c- 9891d06836e6 2019-07-23 Navid Emamdoost st21nfca_connectivity_event_received: null check the allocation
1c- 20d437ee8f48 2019-03-08 Kangjie Lu net: ixgbevf: fix a missing check of ixgbevf_write_msg_read_ack
https://lore.kernel.org/r/[email protected]
2c- e08f0761234d 2019-03-22 Kangjie Lu media: vpss: fix a potential NULL pointer dereference
1IR 23015b22e47c 2019-05-14 Kangjie Lu rapidio: fix a NULL pointer dereference when create_workqueue() fails
https://lore.kernel.org/r/[email protected]
1IR a2be42f18d40 2019-03-14 Kangjie Lu ASoC: cs43130: fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1IR 51dd97d1df5f 2019-03-14 Kangjie Lu ASoC: rt5645: fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- d5414c2355b2 2019-03-23 Aditya Pakki rsi: Fix NULL pointer dereference in kmalloc
https://lore.kernel.org/r/[email protected]
1c- 0ed2a0053474 2019-03-12 Kangjie Lu net: cw1200: fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 22e8860cf8f7 2019-03-24 Kangjie Lu net: ieee802154: fix missing checks for regmap_update_bits
https://lore.kernel.org/r/[email protected]
1c- 611025983b79 2019-03-11 Kangjie Lu mmc_spi: add a status check for spi_sync_locked
https://lore.kernel.org/r/[email protected]
2c- d9350f21e5fe 2019-03-22 Aditya Pakki firmware: arm_scmi: replace of_match_device->data with of_device_get_match_data()
1c- 507b820009a4 2019-03-15 Kangjie Lu PCI: endpoint: Fix a potential NULL pointer dereference
https://lore.kernel.org/r/20210422093111.GA20094@lpieralisi
1IR e183d4e414b6 2019-04-11 Kangjie Lu net/smc: fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 1adc90c73957 2019-03-12 Aditya Pakki pinctrl: axp209: Fix NULL pointer dereference after allocation
https://lore.kernel.org/r/[email protected]
2If 6f0ce4dfc5a3 2019-03-18 Aditya Pakki mtd: rawnand: vf610: Avoid a potential NULL pointer dereference
fixed by: cb7dc3178a98 mtd: rawnand: vf610: disable clk on error handling path in probe
1c- 75cf4f5aa903 2019-03-14 Kangjie Lu power: charger-manager: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 536cc27deade 2019-03-16 Kangjie Lu iio: hmc5843: fix potential NULL pointer dereferences
https://lore.kernel.org/r/[email protected]
1c- 13814627c965 2019-03-08 Kangjie Lu iio: adc: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2If f0d14edd2ba4 2019-03-15 Kangjie Lu PCI: rcar: Fix a potential NULL pointer dereference
removed by: ce351636c67f PCI: rcar: Add suspend/resume
1IR 765976285a8c 2019-03-12 Kangjie Lu rtlwifi: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- e5b9b206f3f6 2019-03-12 Kangjie Lu net: mwifiex: fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2c- 46953f97224d 2019-03-15 Kangjie Lu brcmfmac: fix missing checks for kmemdup
2c- 3c77ff8f8bae 2019-03-24 Kangjie Lu drm/v3d: fix a missing check of pm_runtime_get_sync
1IR 1d84353d205a 2019-04-01 Kangjie Lu video: imsttfb: fix potential NULL pointer dereferences
https://lore.kernel.org/r/CAL_JsqKoqh=-8UHk9JkCgK1fC7bVjVLNehHUM=R_g6fDan3dHg@mail.gmail.com
1IR ec7f6aad57ad 2019-04-01 Kangjie Lu video: hgafb: fix potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 31fa6e2ae65f 2019-04-01 Aditya Pakki omapfb: Fix potential NULL pointer dereference in kmalloc
https://lore.kernel.org/r/[email protected]
2IR 0aab8e4df470 2019-03-09 Kangjie Lu leds: pca9532: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2c- 8e949363f017 2019-03-19 Aditya Pakki net: mlx5: Add a missing check on idr_find, free buf
1c- b5af36e3e5aa 2019-03-14 Kangjie Lu staging: greybus: audio_manager: fix a missing check of ida_simple_get
1c- 699ca3016268 2019-03-25 Kangjie Lu PCI: xilinx: Check for __get_free_pages() failure
https://lore.kernel.org/r/20210422104224.GB20094@lpieralisi
1c- aeb0d0f581e2 2019-03-09 Kangjie Lu media: video-mux: fix null pointer dereferences
https://lore.kernel.org/r/[email protected]
2c- fd21b79e541e 2019-03-25 Aditya Pakki thunderbolt: Fix to check the return value of kmemdup
1c- 6183d5a51866 2019-03-25 Kangjie Lu thunderbolt: property: Fix a missing check of kzalloc
https://lore.kernel.org/r/[email protected]
1IR 13bd14a41ce3 2019-03-08 Kangjie Lu char: hpet: fix a missing check of ioremap
https://lore.kernel.org/r/[email protected]
1c- 486fa92df470 2019-03-25 Aditya Pakki libnvdimm/btt: Fix a kmemdup failure check
https://lore.kernel.org/r/CAPcyv4h6SrYg39NN5WzhiXyD3_FjVW4XVXsK=HUVjWOSPcBaAw@mail.gmail.com
1c- 1bbb1c318cd8 2019-03-15 Kangjie Lu tty: ipwireless: fix missing checks for ioremap
https://lore.kernel.org/r/[email protected]
https://lore.kernel.org/r/[email protected]
1c- e2a438bd7116 2019-03-15 Kangjie Lu RDMA/i40iw: Handle workqueue allocation failure
https://lore.kernel.org/r/[email protected]
2c- 41f00e6e9e55 2019-03-20 Aditya Pakki usb: usb251xb: fix to avoid potential NULL pointer dereference
1c- 3de3dbe7c132 2019-03-19 Kangjie Lu usb: u132-hcd: fix potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 1a137b47ce6b 2019-03-24 Kangjie Lu usb: sierra: fix a missing check of device_create_file
https://lore.kernel.org/r/[email protected]
1c- fba1bdd2a9a9 2019-03-14 Kangjie Lu scsi: qla4xxx: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2c- 208c6e8cff1b 2019-03-08 Kangjie Lu drm: vkms: check status of alloc_ordered_workqueue
1c- 6cf4511e9729 2019-03-24 Kangjie Lu gpio: aspeed: fix a potential NULL pointer dereference
https://lore.kernel.org/r/CAMpxmJXn9E7PfRKok7ZyTx0Y+P_q3buArg8YR7wV=+A9Sid2_Q@mail.gmail.com
1c- 55c1fc0af29a 2019-03-12 Kangjie Lu libnvdimm/namespace: Fix a potential NULL pointer dereference
https://lore.kernel.org/r/CAPcyv4jkEn0JoT7Ha36-janNC3UfV4OLGzYFc=Fxe5Gh9u_wCQ@mail.gmail.com
2If 7ecced0934e5 2019-03-08 Kangjie Lu gpio: exar: add a check for the return value of ida_simple_get fails
fixed by: 333830aa149a gpio: exar: Fix bad handling for ida_simple_get error path
2c- 48f40b96de2c 2019-03-20 Aditya Pakki thunderbolt: xdomain: Fix to check return value of kmemdup
2If 9aabb68568b4 2019-03-20 Aditya Pakki thunderbolt: Fix to check return value of ida_simple_get
fixed by: a663e0df4a37 thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services()
2c- 2cc12751cf46 2019-03-20 Aditya Pakki thunderbolt: Fix to check for kmemdup failure
2c- 534c89c22e26 2019-03-14 Kangjie Lu x86/hyperv: Prevent potential NULL pointer dereference
1c- 2e84f116afca 2019-03-18 Aditya Pakki x86/hpet: Prevent potential NULL pointer dereference
https://lore.kernel.org/r/202104211245.F5FEC8D15D@keescook
1c- 7671ce0d9293 2019-03-20 Aditya Pakki staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
https://lore.kernel.org/r/[email protected]
1c- e4dfdd5804cc 2019-03-14 Kangjie Lu thunderbolt: Fix a missing check of kmemdup
https://lore.kernel.org/r/[email protected]
1c- 106204b56f60 2019-03-12 Kangjie Lu thunderbolt: property: Fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2If d7737d425745 2019-03-18 Aditya Pakki nfc: Fix to check for kmemdup failure
fixed by: 7574fcdbdcb3 nfc: fix memory leak in llcp_sock_connect()
1IR 63a06181d7ce 2019-03-15 Kangjie Lu scsi: ufs: fix a missing check of devm_reset_control_get
https://lore.kernel.org/r/YIg/[email protected]
1c- 6734330654da 2019-03-14 Kangjie Lu tty: mxs-auart: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- c85be041065c 2019-03-15 Kangjie Lu tty: atmel_serial: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
https://lore.kernel.org/r/[email protected]
2c- 3a10e3dd52e8 2019-03-18 Aditya Pakki serial: max310x: Fix to avoid potential NULL pointer dereference
1IR 32f47179833b 2019-03-18 Aditya Pakki serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 6c44b15e1c90 2019-03-14 Kangjie Lu HID: logitech: check the return value of create_singlethread_workqueue
https://lore.kernel.org/r/[email protected]
1c- 6d65561f3d5e 2019-03-14 Kangjie Lu netfilter: ip6t_srh: fix NULL pointer dereferences
https://lore.kernel.org/r/20210422212615.GA13017@salvia
1c- f37d8e67f39e 2019-03-13 Aditya Pakki spi : spi-topcliff-pch: Fix to handle empty DMA buffers
https://lore.kernel.org/r/[email protected]
2c- d6cb77228e3a 2019-03-12 Aditya Pakki pinctrl: baytrail: Fix potential NULL pointer dereference
2c- 517ccc2aa50d 2019-03-16 Kangjie Lu net: tipc: fix a missing check for nla_nest_start
1c- 4589e28db46e 2019-03-15 Kangjie Lu net: tipc: fix a missing check of nla_nest_start
https://lore.kernel.org/r/[email protected]
2c- 07660ca679da 2019-03-15 Kangjie Lu net: ncsi: fix a missing check for nla_nest_start
2c- 0fff9bd47e13 2019-03-15 Kangjie Lu net: openvswitch: fix missing checks for nla_nest_start
1c- 6f19893b644a 2019-03-14 Kangjie Lu net: openvswitch: fix a NULL pointer dereference
https://lore.kernel.org/r/CAOftzPioU8h9b=isMPZtE8AYF=+qh_nNEp3rFEyQmb6Fi7QZ2g@mail.gmail.com
1IR dcd0feac9bab 2019-03-14 Kangjie Lu ALSA: sb8: add a check for request_region
https://lore.kernel.org/r/[email protected]
2c- 6ade657d6125 2019-03-14 Kangjie Lu ALSA: echoaudio: add a check for ioremap_nocache
1c- 228cd2dba27c 2019-03-14 Kangjie Lu net: strparser: fix a missing check for create_singlethread_workqueue
https://lore.kernel.org/r/[email protected]
1IR 5bf7295fe34a 2019-03-14 Aditya Pakki qlcnic: Avoid potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1IR a2c6433ee5a3 2019-03-04 Aditya Pakki ALSA: usx2y: Fix potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2If 2795e8c25161 2019-03-11 Kangjie Lu net: ieee802154: fix a potential NULL pointer dereference
fixed by: 66673f96f0f9 ieee802154: fix one possible memleak in adf7242_probe
2If 4ec850e5dfec 2019-03-12 Kangjie Lu net: dwmac-sun8i: fix a missing check of of_get_phy_mode
fixed by: 0c65b2b90d13 net: of_get_phy_mode: Change API to solve int/unit warnings
2If 035a14e71f27 2019-03-12 Kangjie Lu net: sh_eth: fix a missing check of of_get_phy_mode
fixed by: 0c65b2b90d13 net: of_get_phy_mode: Change API to solve int/unit warnings
1c- c7cbc3e937b8 2019-03-12 Kangjie Lu net: 8390: fix potential NULL pointer dereferences
https://lore.kernel.org/r/[email protected]
1IR 9f4d6358e11b 2019-03-12 Kangjie Lu net: fujitsu: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- eb32cfcdef23 2019-03-12 Kangjie Lu net: qlogic: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
2c- 10010493c126 2019-03-12 Kangjie Lu isdn: hfcpci: fix potential NULL pointer dereference
1c- e406f12dde1a 2019-03-04 Aditya Pakki md: Fix failed allocation of md_register_thread
https://lore.kernel.org/r/YIj2nsovH/[email protected]
1c- 5c149314d918 2019-03-11 Kangjie Lu net: rocker: fix a potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1c- 0b31d98d90f0 2019-03-11 Kangjie Lu net: thunder: fix a potential NULL pointer dereference
https://lore.kernel.org/r/20210423130006.fuh3hljkhkrpcvd3@treble
1c- 41af8b3a097c 2019-03-11 Kangjie Lu net: lio_core: fix two NULL pointer dereferences
https://lore.kernel.org/r/[email protected]
1IR fe543b2f174f 2019-03-11 Kangjie Lu net: liquidio: fix a NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1IR d721fe99f6ad 2019-03-08 Kangjie Lu isdn: mISDNinfineon: fix potential NULL pointer dereference
https://lore.kernel.org/r/[email protected]
1IR 38d22659803a 2019-03-02 Aditya Pakki isdn: mISDN: Fix potential NULL pointer dereference of kzalloc
https://lore.kernel.org/r/[email protected]
3Ir d1a0846006e4 2019-03-15 Kangjie Lu security: inode: fix a missing check for securityfs_create_file
reverted by: fe9fd2ef383c Revert "security: inode: fix a missing check for securityfs_create_file"
2n- f8ee34c3e77a 2019-03-09 Kangjie Lu media: usbvision: fix a potential NULL pointer dereference
2n- 766460852cfa 2019-03-25 Kangjie Lu x86/platform/uv: Fix missing checks of kcalloc() return values
2n- 78540a259b05 2019-03-22 Aditya Pakki ASoC: sirf-audio: Remove redundant of_match_node call
2n- 6a8ca24590a2 2019-03-20 Aditya Pakki staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
2n- d70d70aec963 2019-03-20 Aditya Pakki staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
2n- 4280b73092fe 2019-03-11 Kangjie Lu net: qlge: fix a potential NULL pointer dereference
nf- f87d8ad9233f 2019-01-05 Gustavo A. R. Silva tipc: fix memory leak in tipc_nl_compat_publ_dump
2c- 9c6260de505b 2018-12-24 Aditya Pakki infiniband/qedr: Potential null ptr dereference of qp
1c- 92ee77d148bf 2018-12-26 Kangjie Lu net: marvell: fix a missing check of acpi_match_device
https://lore.kernel.org/r/[email protected]
2n- 0a54ea9f481f 2018-12-22 Kangjie Lu staging: rtlwifi: rtl8822b: fix a missing check of alloc_skb
2c- eb8950861c1b 2018-12-21 Kangjie Lu netfilter: nf_tables: fix a missing check of nla_put_failure
2If 46273cf7e009 2018-12-26 Kangjie Lu tipc: fix a missing check of genlmsg_put
fixed by: f87d8ad9233f tipc: fix memory leak in tipc_nl_compat_publ_dump
# Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs
# Kangjie Lu, Aditya Pakki, and Qiushi Wu
# https://www-users.cs.umn.edu/~kjlu/papers/cheq.pdf
nf- 352bcae97f9b 2019-06-07 Rui Nuno Capela ALSA: ice1712: Check correct return value to snd_i2c_sendbytes (EWS/DMX 6Fire)
2c- f4f5748bfec9 2019-06-10 Aditya Pakki netfilter: ipset: fix a missing check of nla_parse
1c- 0ab34a08812a 2018-12-20 Kangjie Lu media: si2165: fix a missing check of return value
https://lore.kernel.org/r/[email protected]
2c- 06d5d6b7f994 2019-04-13 Kangjie Lu slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
nc- 6b7e5cad651a 2019-03-05 Matthew Wilcox mm: remove sysctl_extfrag_handler()
nc- 979eff22c9f4 2019-01-03 Jeff Kirsher e1000e: fix a missing check for return value
1IR 434256833d8e 2019-01-08 Kangjie Lu libertas: add checks for the return value of sysfs_create_group
https://lore.kernel.org/r/[email protected]
nf- 07bd14ccc304 2018-12-26 Wei Yongjun hwmon: (lm80) Fix missing unlock on error in set_fan_div()
1IR 51f689cc1133 2018-12-25 Kangjie Lu serial: max310x: pass return value of spi_register_driver
https://lore.kernel.org/r/[email protected]
1c- ff07d48d7bc0 2018-12-25 Kangjie Lu atl1e: checking the status of atl1e_write_phy_reg
https://lore.kernel.org/r/YIu6meOO5SSuCW/[email protected]
1c- 9a20b5e35a53 2018-12-25 Kangjie Lu rtc: hym8563: fix a missing check of block data read
https://lore.kernel.org/r/[email protected]
https://lore.kernel.org/r/[email protected]
2n- 5910fa0d0d98 2018-12-25 Kangjie Lu rtc: coh901331: fix a missing check of clk_prepare
1c- 6f12e46eebf1 2018-12-20 Kangjie Lu power: twl4030: fix a missing check of return value
https://lore.kernel.org/r/[email protected]
1c- b05ae01fdb89 2018-12-24 Aditya Pakki misc/ics932s401: Add a missing check to i2c_smbus_read_word_data
https://lore.kernel.org/r/[email protected]
2c- 40619f7dd3ef 2019-01-05 Aditya Pakki PM: clock_ops: fix missing clk_prepare() return value check
1IR 248b57015f35 2018-12-25 Kangjie Lu leds: lp5523: fix a missing check of return value of lp55xx_read
https://lore.kernel.org/r/[email protected]
1IR 467a37fba93f 2018-12-27 Aditya Pakki media: dvb: Add check on sp8870_readreg
https://lore.kernel.org/r/[email protected]
1c- 0f787c12ee7b 2018-12-27 Aditya Pakki media: dvb: add return value check on Write16
https://lore.kernel.org/r/[email protected]
1c- 9502cdf08070 2018-12-21 Kangjie Lu media: mt312: fix a missing check of mt312 reset
https://lore.kernel.org/r/[email protected]
1c- c9b7d8f252a5 2018-12-20 Kangjie Lu media: lgdt3306a: fix a missing check of return value
https://lore.kernel.org/r/[email protected]
1IR 656025850074 2018-12-28 Aditya Pakki media: gspca: mt9m111: Check write_bridge for timeout
https://lore.kernel.org/r/[email protected]
1IR a21a0eb56b4e 2018-12-28 Aditya Pakki media: gspca: Check the return value of write_bridge for timeout
https://lore.kernel.org/r/[email protected]
1IR 5b711870bec4 2018-12-25 Kangjie Lu media: usb: gspca: add a missed check for goto_low_power
https://lore.kernel.org/r/[email protected]
1c- 5ceaf5452c1b 2018-12-25 Kangjie Lu media: usb: gspca: add a missed return-value check for do_command
https://lore.kernel.org/r/YIgQi1V/[email protected]
1IR fc6a6521556c 2018-12-26 Kangjie Lu ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()
https://lore.kernel.org/r/[email protected]
1IR 42daad3343be 2018-12-25 Kangjie Lu brcmfmac: add a check for the status of usb_register
https://lore.kernel.org/r/[email protected]
1c- e85bb0beb649 2019-01-07 Aditya Pakki Input: ad7879 - add check for read errors in interrupt
https://lore.kernel.org/r/YIBa5X+5g/[email protected]
2If 44fabd8cdaaa 2018-12-25 Kangjie Lu ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
fixed by: 02298145559f ASoC: intel: atom: Use managed buffer allocation
1IR beae77170c60 2019-01-06 Aditya Pakki ALSA: sb: fix a missing check of snd_ctl_add
https://lore.kernel.org/r/[email protected]
2c- 02cc53e223d4 2019-01-06 Aditya Pakki ALSA: line6: fix check on snd_card_register
2If c99776cc4018 2019-01-06 Aditya Pakki ALSA: ice1712: fix a missing check of snd_i2c_sendbytes
fixed by: 352bcae97f9b ALSA: ice1712: Check correct return value to snd_i2c_sendbytes (EWS/DMX 6Fire)
1IR 0f25e000cb43 2018-12-25 Kangjie Lu ALSA: gus: add a check of the status of snd_ctl_add
https://lore.kernel.org/r/[email protected]
1c- c8c270240943 2019-01-05 Aditya Pakki Staging: rts5208: Fix error handling on rtsx_send_cmd
https://lore.kernel.org/r/[email protected]
1c- 73b69c01cc92 2018-12-27 Aditya Pakki staging: rts5208: Add a check for ms_read_extra_data
https://lore.kernel.org/r/YIf7yB/[email protected]
1Ir 906b40b246b0 2018-12-28 Aditya Pakki dmaengine: stm32-mdma: Add a check on read_u32_array
reverted by: 9dfec7ca0ba7 dmaengine: stm32-mdma: Revert "dmaengine: stm32-mdma: Add a check on read_u32_array"
1IR a474b3f0428d 2018-12-28 Aditya Pakki dmaengine: qcom_hidma: Check for driver register failure
https://lore.kernel.org/r/[email protected]
1c- 7c97381e7a9a 2018-12-24 Aditya Pakki dmaengine: mv_xor: Fix a missing check in mv_xor_channel_add
https://lore.kernel.org/r/YIhUlJ/06/[email protected]
2c- 7fc93f3285b1 2018-12-27 Aditya Pakki iio: adc: xilinx: check return value of xadc_write_adc_reg
1c- ae0b3773721f 2018-12-20 Kangjie Lu iio: ad9523: fix a missing check of return value
https://lore.kernel.org/r/[email protected]
2c- 6ae16dfb61bc 2018-12-24 Aditya Pakki HID: lenovo: Add checks to fix of_led_classdev_register
1c- 9e28989d41c0 2018-12-20 Kangjie Lu mfd: mc13xxx: Fix a missing check of a register-read failure
https://lore.kernel.org/r/20210423093042.GE6446@dell
1c- 94edd87a1c59 2018-12-26 Aditya Pakki infiniband: bnxt_re: qplib: Check the return value of send_message
https://lore.kernel.org/r/[email protected]
https://lore.kernel.org/r/CANjDDBhAbobpc1nQLoPABCm5onv=qVoJXLyG79RJwxS=cNnijA@mail.gmail.com
1c- e49505f7255b 2018-12-25 Kangjie Lu net: dsa: bcm_sf2: Propagate error value from mdio_write
https://lore.kernel.org/r/[email protected]
1IR f86a3b83833e 2018-12-25 Kangjie Lu net: stmicro: fix a missing check of clk_prepare
https://lore.kernel.org/r/[email protected]
1c- 2d822f2dbab7 2018-12-25 Kangjie Lu net: (cpts) fix a missing check of clk_prepare
https://lore.kernel.org/r/[email protected]
1IR 26fd962bde0b 2018-12-25 Kangjie Lu niu: fix missing checks of niu_pci_eeprom_read
https://lore.kernel.org/r/[email protected]
1c- ca19fcb6285b 2018-12-24 Aditya Pakki net: chelsio: Add a missing check on cudg_get_buffer
https://lore.kernel.org/r/[email protected]
1c- f0fb9b288d0a 2018-12-24 Aditya Pakki ipv6/route: Add a missing check on proc_dointvec
https://lore.kernel.org/r/[email protected]
1c- 0eb987c874dc 2018-12-23 Aditya Pakki net/net_namespace: Check the return value of register_pernet_subsys()
https://lore.kernel.org/r/[email protected]
2c- 89dfd0083751 2018-12-23 Aditya Pakki net/netlink_compat: Fix a missing check of nla_parse_nested
1IR 9aa3aa15f4c2 2018-12-21 Kangjie Lu hwmon: (lm80) fix a missing check of bus read in lm80 probe
https://lore.kernel.org/r/[email protected]
2If c9c63915519b 2018-12-21 Kangjie Lu hwmon: (lm80) fix a missing check of the status of SMBus read
fixed by: 07bd14ccc304 hwmon: (lm80) Fix missing unlock on error in set_fan_div()
1c- d134e486e831 2018-12-21 Kangjie Lu net: netxen: fix a missing check and an uninitialized use
https://lore.kernel.org/r/[email protected]
2c- cd07e3701fa6 2018-12-21 Kangjie Lu regulator: tps65910: fix a missing check of return value
https://lore.kernel.org/r/[email protected]
1c- 966e927bf8cc 2018-12-18 Kangjie Lu drivers/regulator: fix a missing check of return value
https://lore.kernel.org/r/[email protected]
# Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels
# https://www-users.cs.umn.edu/~kjlu/papers/lrsan.pdf
# Wenwen Wang, Kangjie Lu, Pen-Chung Yew
nc- 4a6998aff82a 2018-10-24 Martin Lau bpf, btf: fix a missing check bug in btf_parse
2c- 7172122be6a4 2018-10-18 Wenwen Wang crypto: cavium/nitrox - fix a DMA pool free failure
1c- b6168562c8ce 2018-10-18 Wenwen Wang net: socket: fix a missing-check bug
https://lore.kernel.org/r/YIhClSyv/[email protected]
1c- 800a7340ab7d 2018-10-03 Wenwen Wang dm ioctl: harden copy_params()'s copy_from_user() from malicious users
https://lore.kernel.org/r/[email protected]
2c- 47db7873136a 2018-10-06 Wenwen Wang scsi: megaraid_sas: fix a missing-check bug
2c- 58f5bbe331c5 2018-10-08 Wenwen Wang ethtool: fix a privilege escalation bug
https://lore.kernel.org/r/[email protected]
1c- 2bb3207dbbd4 2018-10-09 Wenwen Wang ethtool: fix a missing-check bug
https://lore.kernel.org/r/[email protected]
2n- 6b995f4eec34 2018-10-10 Wenwen Wang misc: mic: fix a DMA pool free failure
2c- 8af03d1ae2e1 2018-10-07 Wenwen Wang bpf: btf: Fix a missing check bug
1c- a26ac6c1bed9 2018-10-04 Wenwen Wang media: isif: fix a NULL pointer dereference bug
https://lore.kernel.org/r/YIgOxtlRDsJD/[email protected]
1c- 0781168e23a2 2018-10-05 Wenwen Wang yam: fix a missing-check bug
https://lore.kernel.org/r/[email protected]
1c- 2c05d88818ab 2018-10-05 Wenwen Wang net: cxgb3_main: fix a missing-check bug
https://lore.kernel.org/r/[email protected]
2c- f16b613ca8b3 2018-05-18 Wenwen Wang crypto: chtls - fix a missing-check bug
2n- 6009d1fe6ba3 2018-05-21 Wenwen Wang isdn: eicon: fix a missing-check bug
2c- 8e03477cb709 2018-05-05 Wenwen Wang i2c: core: smbus: fix a potential missing-check bug
1c- bd23a7269834 2018-05-08 Wenwen Wang virt: vbox: Only copy_from_user the request-header once
https://lore.kernel.org/r/[email protected]
1c- 3f12888dfae2 2018-05-05 Wenwen Wang ALSA: control: fix a redundant-copy issue
https://lore.kernel.org/r/[email protected]
1c- 9899e4d3523f 2018-05-07 Wenwen Wang scsi: 3w-xxxx: fix a missing-check bug
https://lore.kernel.org/r/[email protected]
1c- c9318a3e0218 2018-05-07 Wenwen Wang scsi: 3w-9xxx: fix a missing-check bug
https://lore.kernel.org/r/[email protected]
2n- dc487321b1e6 2018-04-30 Wenwen Wang staging: lustre: llite: fix potential missing-check bug when copying lumv
1c- d656fe49e33d 2018-04-30 Wenwen Wang ethtool: fix a potential missing-check bug
https://lore.kernel.org/r/[email protected]
# Later contributions from Wenwen Wang after UMN.
nf- a75ca9303175 2020-06-01 yu kuai block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
3c- f311ade3a7ad 2020-02-01 Wenwen Wang btrfs: ref-verify: fix memory leaks
3c- 123c23c6a7b7 2020-02-03 Wenwen Wang NFS: Fix memory leaks
3c- fa865ba183d6 2020-01-25 Wenwen Wang firestream: fix memory leaks
3c- 8472ba621540 2019-08-12 Wenwen Wang e1000: fix memory leaks
3Ir 334f5b61a6f2 2019-08-15 Wenwen Wang ath10k: add cleanup in ath10k_sta_state()
f4fe2e53349f ath10k: Revert "ath10k: add cleanup in ath10k_sta_state()"
3c- 137e92fd1495 2019-08-18 Wenwen Wang mtd: sm_ftl: Fix memory leak in sm_init_zone() error path
3c- 6a379f67454a 2019-08-19 Wenwen Wang jffs2: Fix memory leak in jffs2_scan_eraseblock() error path
3Ir 9163e0184bd7 2019-08-19 Wenwen Wang ubifs: Fix memory leak bug in alloc_ubifs_info() error path
reverted by: 91cbf01178c3 Revert "ubifs: Fix memory leak bug in alloc_ubifs_info() error path"
3c- 7992e00469c4 2019-08-19 Wenwen Wang ubifs: Fix memory leak in __ubifs_node_verify_hmac error path
3c- ce4d8b16e64d 2019-08-19 Wenwen Wang ubifs: Fix memory leak in read_znode() error path
3c- 22d11eacc32c 2019-08-11 Wenwen Wang ixgbe: fix memory leaks
3c- 145a32fe57e3 2019-08-15 Wenwen Wang airo: fix memory leaks
3c- 29b49958cf73 2019-08-20 Wenwen Wang ACPI / PCI: fix acpi_pci_irq_enable() memory leak
3IR 03d1571d9513 2019-08-16 Wenwen Wang ACPI: custom_method: fix memory leaks
3c- e027a2dea5fd 2019-08-19 Wenwen Wang hwmon (coretemp) Fix a memory leak bug
3c- 6ca5989e44d3 2019-08-18 Wenwen Wang media: ti-vpe: Add cleanup in vpdma_list_cleanup()
3c- 51d47e578a74 2019-08-18 Wenwen Wang media: fdp1: Fix a memory leak bug
3c- 42e64117d3b4 2019-08-18 Wenwen Wang media: saa7146: add cleanup in hexium_attach()
3c- 725a28290a53 2019-08-17 Wenwen Wang media: usb: cx231xx-417: fix a memory leak bug
3c- 1c770f0f52dc 2019-08-17 Wenwen Wang media: cpia2_usb: fix memory leaks
3c- 86aa04f4c221 2019-08-18 Wenwen Wang mtd: rawnand: Fix a memory leak bug
3c- d83aef09aaa5 2019-08-18 Wenwen Wang mtd: onenand_base: Fix a memory leak bug
3c- de0e4fd2f07c 2019-08-20 Wenwen Wang qed: Add cleanup in qed_slowpath_start()
3c- fcd5ce4b3936 2019-08-18 Wenwen Wang media: dvb-core: fix a memory leak bug
3c- 2f6451ed8b52 2019-08-17 Wenwen Wang media: dvb-frontends: fix a memory leak bug
3c- 8c3d3cdbd5dd 2019-08-17 Wenwen Wang media: dvb-frontends: fix memory leaks
3c- 1e672e364494 2019-08-20 Wenwen Wang NFSv4: Fix a memory leak bug
3c- dc1a3e8e0cc6 2019-08-18 Wenwen Wang dm raid: add missing cleanup in raid_ctr()
3c- 313aca5a9c78 2019-08-19 Wenwen Wang mtd: spi-nor: fix a memory leak bug
3c- 60e2dde1e91a 2019-08-19 Wenwen Wang led: triggers: Fix a memory leak bug
3c- 2323d7baab2b 2019-08-18 Wenwen Wang infiniband: hfi1: fix memory leaks
3c- b08afa064c32 2019-08-18 Wenwen Wang infiniband: hfi1: fix a memory leak bug
3c- 5c1baaa82cea 2019-08-18 Wenwen Wang IB/mlx4: Fix memory leaks
3c- 962411b05a6d 2019-08-16 Wenwen Wang dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
3c- 2c231c0c1dec 2019-08-16 Wenwen Wang dmaengine: ti: dma-crossbar: Fix a memory leak bug
3c- cfddf9f4c9f0 2019-08-19 Wenwen Wang locks: fix a memory leak bug in __break_lease()
3c- b4a81b87a4cf 2019-08-20 Wenwen Wang ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
3c- fe2e082f5da5 2019-08-20 Wenwen Wang ecryptfs: fix a memory leak bug in parse_tag_1_packet()
3c- 44ef3a032528 2019-08-15 Wenwen Wang wimax/i2400m: fix a memory leak bug
3c- f1472cb09f11 2019-08-14 Wenwen Wang net: kalmia: fix memory leaks
3c- 1eca92eef187 2019-08-14 Wenwen Wang cx82310_eth: fix a memory leak bug
3c- b9cbf8a64865 2019-08-14 Wenwen Wang lan78xx: Fix memory leaks
3c- 20fb7c7a39b5 2019-08-14 Wenwen Wang net: myri10ge: fix memory leaks
3c- 6f967f8b1be7 2019-08-14 Wenwen Wang liquidio: add cleanup in octeon_setup_iq()
3c- c554336efa9b 2019-08-13 Wenwen Wang cxgb4: fix a memory leak bug
3c- 48ec7014c56e 2019-08-12 Wenwen Wang net/mlx4_en: fix a memory leak bug
3c- ae78ca3cf3d9 2019-08-11 Wenwen Wang xen/blkback: fix memory leaks
3c- 7afe9a4e5665 2019-08-11 Wenwen Wang i3c: master: fix a memory leak bug
3c- cfef67f016e4 2019-08-09 Wenwen Wang ALSA: hda - Fix a memory leak bug
3c- 1be3c1fae6c1 2019-08-08 Wenwen Wang ALSA: firewire: fix a memory leak bug
3c- c7cd7c748a32 2019-08-08 Wenwen Wang sound: fix a memory leak bug
3c- 3d92aa45fbfd 2019-08-07 Wenwen Wang ALSA: hiface: fix multiple memory leak bugs
3c- a67060201b74 2019-08-06 Wenwen Wang ALSA: usb-audio: fix a memory leak bug
3c- d4fddac5a51c 2019-07-14 Wenwen Wang test_firmware: fix a memory leak bug
3c- 45004d66f2a2 2019-07-22 Wenwen Wang ASoC: dapm: fix a memory leak bug
3c- 15a78ba1844a 2019-07-20 Wenwen Wang netfilter: ebtables: fix a memory leak bug in compat
3If e7bf90e5afe3 2019-07-11 Wenwen Wang block/bio-integrity: fix a memory leak bug
fixed by: a75ca9303175 "block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed"
# Earlier contributions from Kangjie Lu before UMN.
nf- 55e77a3e8297 2016-07-01 Richard Alpe tipc: fix nl compat regression for link statistics
3c- 4116def23379 2016-06-02 Kangjie Lu rds: fix an infoleak in rds_inc_info_copy
3If 5d2be1422e02 2016-06-02 Kangjie Lu tipc: fix an infoleak in tipc_nl_compat_link_dump
fixed by: 55e77a3e8297 tipc: fix nl compat regression for link statistics
3c- 79e48650320e 2016-05-08 Kangjie Lu net: fix a kernel infoleak in x25 module
3c- e4ec8cc8039a 2016-05-03 Kangjie Lu ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
3c- 9a47e9cff994 2016-05-03 Kangjie Lu ALSA: timer: Fix leak in events via snd_timer_user_ccallback
3c- cec8f96e49d9 2016-05-03 Kangjie Lu ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
3c- 5f8e44741f9f 2016-05-03 Kangjie Lu net: fix infoleak in rtnetlink
3c- b8670c09f37b 2016-05-03 Kangjie Lu net: fix infoleak in llc
3c- d13829686bba 2016-05-03 Kangjie Lu staging: wilc1000: fix infoleak in wilc_wfi_cfgoperations
# UAF fixes seemingly not associated with known UMN papers.
1Ia 0c85a7e87465 2021-04-06 Aditya Pakki net/rds: Avoid potential use after free in rds_send_remove_from_sock
reverted by: 799bac551218 Revert "net/rds: Avoid potential use after free in rds_send_remove_from_sock"
3c- c54d481d71c6 2019-10-21 Navid Emamdoost apparmor: Fix use-after-free in aa_audit_rule_init
# Memory disclosure fixes seemingly not associated with other UMN papers.
1IR d39083234c60 2019-10-18 Kangjie Lu media: rcar_drif: fix a memory disclosure
https://lore.kernel.org/r/[email protected]
1c- ec3b7b6eb8c9 2019-10-17 Kangjie Lu drm/gma500: fix memory disclosures due to uninitialized bytes
https://lore.kernel.org/r/20210429202301.GI31692@amd
1c- 57a25a5f754c 2019-10-17 Kangjie Lu gma/gma500: fix a memory disclosure bug due to uninitialized bytes
https://lore.kernel.org/r/CAKMK7uF6sWeKX0DAaXoT9=xkD9eAAjHtkE0gn+v9YxmYAd3vdg@mail.gmail.com
# Memory leak fixes seemingly not associated with k-meld nor hero.
nc- fe6c6a4af2be 2020-08-25 Dinghao Liu video: fbdev: radeon: Fix memleak in radeonfb_pci_register
1c- cbb88db76a15 2019-04-29 Wenwen Wang ALSA: usx2y: fix a double free bug
https://lore.kernel.org/r/[email protected]
2c- cb5173594d50 2019-04-27 Wenwen Wang ALSA: usb-audio: Fix a memory leak bug
1c- 91862cc7867b 2019-04-19 Wenwen Wang tracing: Fix a memory leak by early error exit in trace_pid_write()
https://lore.kernel.org/r/[email protected]
1c- 70c4cf17e445 2019-04-19 Wenwen Wang audit: fix a memory leak bug
https://lore.kernel.org/r/CAHC9VhTvKeNFPsJadVK_i1+qaQBRSVfdWd+HC_EsgZx3coM8oA@mail.gmail.com
1c- ea094d53580f 2019-04-17 Wenwen Wang x86/PCI: Fix PCI IRQ routing table memory leak
https://lore.kernel.org/r/20210422050919.GA2913711@bjorn-Precision-5520
1c- 39416c5872db 2019-04-15 Wenwen Wang udf: fix an uninitialized read bug and remove dead code
https://lore.kernel.org/r/[email protected]
1IR 093c48213ee3 2018-12-26 Wenwen Wang gdrom: fix a memory leak bug
https://lore.kernel.org/r/[email protected]
2n- 15b3048aeed8 2018-12-04 Wenwen Wang misc: mic: fix a DMA pool free failure
# "touched it last" CC of UMN author.
no- c96da175ba88 2020-11-28 Sam Ravnborg video: fbdev: omapfb: Fix set but not used warnings in dsi
# Much older UMN commits unrelated to the UMN research group.
3o- 23779fbc9930 2013-10-23 Alireza Haghdoost block: Enable sysfs nomerge control for I/O requests in the plug list
3o- ae0fda0cdf00 2006-07-06 Dave C Boutcher [SCSI] ibmvscsi: handle inactive SCSI target during probe
3o- 6c51fe10475e 2006-07-06 Dave C Boutcher [SCSI] ibmvscsi: allocate lpevents for ibmvscsi on iseries
3o- cefbda2d6cd9 2006-06-12 Dave C Boutcher [SCSI] ibmvscsi: treat busy and error conditions separately
3o- 368a6ba5d188 2006-06-12 Dave C Boutcher [POWERPC] check firmware state before suspending
3o- 9b833e428ad2 2006-03-23 Dave C Boutcher [SCSI] ibmvscsi: prevent scsi commands being sent in invalid state
3o- b4fd884a037c 2006-02-03 Dave C Boutcher [PATCH] powerpc: remove useless call to touch_softlockup_watchdog
3o- 82a4df74628a 2006-02-03 Dave C Boutcher [PATCH] powerpc: prod all processors after ibm,suspend-me
3o- c4cb8ecca66e 2006-02-03 Dave C Boutcher [PATCH] powerpc: return correct rtas status from ibm,suspend-me
Moving forward
The Linux kernel was started by a university student, and there have
been strong ties between the kernel and academic communities ever since.
This collaboration is beneficial both to Linux, which gains from the work
and ideas of researchers, and to the research community, which is able to
work with a heavily used kernel and see its ideas deployed in practice.
This collaboration is worth preserving -- and, indeed deepening. The
incident described in this paper is seen by some developers in both camps
as a threat to that collaboration, but it need not turn out that way.
We have two specific recommendations designed to ensure that the kernel
project and UMN can continue to work together successfully in the future:
- UMN must improve the quality of the changes that are proposed for
inclusion into the kernel, and
- The TAB, working with researchers, will create a document explaining
best practices for all research groups to follow when working with the
kernel (and open-source projects in general).
The combination of these two changes, we hope, will help the kernel and
research communities to work together fruitfully and prevent incidents
like this from occurring again.
Development process changes
In the past, the kernel community has often had to deal with a pattern
of low-quality patches originating from a single company or group.
These patches consume scarce maintainer time and, over time, lead to tense
relations between the two groups. In such cases, the kernel community
has worked with the companies involved to set up internal procedures to
make the patch creation and submission process work better. When set
up properly, such a process can reduce the mentoring load on kernel
maintainers and enable contributors to be more successful in their work.
A common practice in many companies is to designate a set of experienced
internal developers to review and provide feedback on proposed kernel
changes before those changes are submitted publicly. This review catches
obvious mistakes and relieves the community of the need to repeatedly
remind developers of elementary practices like adherence to coding
standards and thorough testing of patches. It results in a higher-quality
patch stream that will encounter fewer problems in the kernel community.
We believe that UMN could benefit from a review process of this type, and
recommend that UMN find at least one experienced developer to fill this
role. Having such a reviewer in place could have prevented the submission
of many of the flawed patches described here. Working with an experienced
developer can also help UMN researchers toward better interactions with
the kernel community and would, hopefully, prevent concepts like the
"Hypocrite Commits" project from getting beyond the idea stage.
Until such a review process is put into place, it will be difficult to
re-establish the trust between UMN and the kernel community, and patches
from UMN will continue to find a chilly reception. If UMN needs help
to find such a developer or to set up an internal review process, the
TAB will be glad to assist. This is a role the TAB has played with many
groups in the past.
Best practices for research institutions
This incident has highlighted the differences in the motivations behind
the kernel development and research communities. While both groups
are interested in making a better kernel for the massive user community,
kernel developers tended to be focused on engineering processes, reviewing
contributions, and mentoring new contributors, while researchers tend
to be focused on exploring new ideas and methodologies, developing new
tools, and furthering their understanding of how development communities
interact. There is a lot of value created by both groups, but they can
also occasionally lead to conflict.
The kernel community welcomes the help and participation of the research
community; we know it makes us stronger and more effective. But this
work must also help with the community's goal of creating a robust kernel
for production use. When interactions with researchers are seen to only
benefit the research side while imposing costs on the kernel community,
friction can result. Examples include posting patches from tools that are
not ready for a production code base or deliberately trying to subvert the
patch-review process.
To avoid this friction, to prevent incidents like the one described here
from happening again, and to encourage better interaction between the two
communities in general, the TAB will be working with researchers (to be
named soon) to develop a document describing a set of best practices
for researchers to follow when working with the kernel community. This
will be a living document, maintained in the kernel documentation tree
and evolved over time as needed. Any researchers who would like to
participate in this effort are encouraged to contact the TAB to express
their interest.
Thanks
The TAB would like to thank the following kernel developers for helping
with this unexpected re-review of the prior UMN kernel commits. They
were gracious to give their time to do this work to for the kernel
community:
Al Viro
Alaa Emad
Alex Williamson
Alexander Deucher
Alexandre Belloni
Alexei Starovoitov
Anirudh Rayabharam
Ard Biesheuvel
Atul Gopinathan
Bart Van Assche
Bartosz Golaszewski
Bjorn Helgaas
Borislav Petkov
Bryan Brattlof
Daniel Borkmann
Daniel Vetter
David Howells
David Sterba
Devesh Sharma
Dmitry Torokhov
Dominik Brodowski
Doug Ledford
Du Cheng
Enric Balletbo
Fabrizio Castro
Fatih Yildirim
Felipe Balbi
Felix Kuehling
Florian Fainelli
Geert Uytterhoeven
Guenter Roeck
Hans Verkuil
Hans de Goede
J. Bruce Fields
Jakub Kicinski
James Morris
Jan Kara
Jason Gunthorpe
Jens Axboe
Jiri Kosina
Jiri Slaby
Joe Stringer
Joerg Roedel
Johannes Berg
Jonathan Cameron
Josh Poimboeuf
Juergen Gross
Julia Lawall
Kalle Valo
Kirill Tkhai
Krzysztof Kozlowski
Kurt Manucredo
Laurent Pinchart
Lee Jones
Linus Walleij
Lorenzo Pieralisi
Matteo Croce
Mauro Carvalho Chehab
Mika Westerberg
Pablo Neira Ayuso
Paul Moore
Pavel Machek
Peter Rosin
Phillip Potter
Rafael J. Wysocki
Richard Genoud
Richard Guy Briggs
Rob Herring
Robert Foss
Roland Dreier
Russell King
Sebastian Reichel
Shuah Khan
Sinan Kaya
Song Liu
Stefan Schmidt
Takashi Iwai
Tariq Toukan
Tavis Ormandy
Thomas Gleixner
Tom Seewald
Tyler Hicks
Ulf Hansson
Viresh Kumar
Willy Tarreau
Hi!
> Report on University of Minnesota Breach-of-Trust Incident
>
> or
>
> "An emergency re-review of kernel commits authored by members of the
> University of Minnesota, due to the Hypocrite Commits research paper."
>
> May 5, 2021
Thanks for doing this. I believe short summary is that there was some
deception from UMN researches in 2020:
> 2020 August:
> - "Hypocrite Commits" patches from UMN researchers sent to kernel developers
> under false identities:
> - Aug 4 13:36-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 9 17:14-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 20 22:12-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 20 22:44-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 21 02:05-0500
> https://lore.kernel.org/lkml/[email protected]
But there was no deception from UMN in 2021. Yet, we were
spreading... let's say inaccurate information as late as this:
> 2021 April 29:
> - Greg posts an update on the re-review along with some more reverts.
> https://lore.kernel.org/lkml/[email protected]
# Commits from @umn.edu addresses have been found to be submitted in "bad
# faith" to try to test the kernel community's ability to review "known
# malicious" changes.
UMN apologized. Our reaction to their apology was:
https://lore.kernel.org/lkml/[email protected]/#t
Do we owe them apology, too?
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
On Thu, May 06, 2021 at 10:26:16AM +0200, Pavel Machek wrote:
> Hi!
>
> > Report on University of Minnesota Breach-of-Trust Incident
> >
> > or
> >
> > "An emergency re-review of kernel commits authored by members of the
> > University of Minnesota, due to the Hypocrite Commits research paper."
> >
> > May 5, 2021
>
> Thanks for doing this. I believe short summary is that there was some
> deception from UMN researches in 2020:
>
> > 2020 August:
> > - "Hypocrite Commits" patches from UMN researchers sent to kernel developers
> > under false identities:
> > - Aug 4 13:36-0500
> > https://lore.kernel.org/lkml/[email protected]
> > - Aug 9 17:14-0500
> > https://lore.kernel.org/lkml/[email protected]
> > - Aug 20 22:12-0500
> > https://lore.kernel.org/lkml/[email protected]
> > - Aug 20 22:44-0500
> > https://lore.kernel.org/lkml/[email protected]
> > - Aug 21 02:05-0500
> > https://lore.kernel.org/lkml/[email protected]
>
> But there was no deception from UMN in 2021. Yet, we were
> spreading... let's say inaccurate information as late as this:
>
> > 2021 April 29:
> > - Greg posts an update on the re-review along with some more reverts.
> > https://lore.kernel.org/lkml/[email protected]
>
> # Commits from @umn.edu addresses have been found to be submitted in "bad
> # faith" to try to test the kernel community's ability to review "known
> # malicious" changes.
I would agree that the phrasing here is sub-optimal in that it could
more clearly separate a few related things (e.g. "malicious change" vs
"valid fix"). If I were writing this, I would have said something along
the lines of:
Commits from UMN authors have been found to be submitted with intentional
flaws to try to test the kernel community's ability to review "known
malicious" changes. ...
During review of all submissions, some patches were found to be
unintentionally flawed. ...
Out of an abundance of caution all submissions from this group must be
reverted from the tree and will need to be re-review again. ...
I would also note that in that thread Greg reviewed all the mentioned
patches, clearing all but two of them (which were duplicates to earlier
review).
> UMN apologized. Our reaction to their apology was:
>
> https://lore.kernel.org/lkml/[email protected]/#t
>
> Do we owe them apology, too?
I will defer to Greg on what he thinks his duties are there, but in
trying to figure out who "we" is, I'll just point out that I attempted
to clarify the incorrect assumptions about the intent of historical UMN
patches, and spoke for the entire TAB (Greg included) here:
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
The report repeated this in several places, and we explained our need
for due diligence.
-Kees
--
Kees Cook
On Thu, 2021-05-06 at 11:40 -0700, Kees Cook wrote:
> On Thu, May 06, 2021 at 10:26:16AM +0200, Pavel Machek wrote:
> > Hi!
> >
> > > Report on University of Minnesota Breach-of-Trust Incident
> > >
> > > or
> > >
> > > "An emergency re-review of kernel commits authored by members of
> > > the
> > > University of Minnesota, due to the Hypocrite Commits research
> > > paper."
> > >
> > > May 5, 2021
> >
> > Thanks for doing this. I believe short summary is that there was
> > some
> > deception from UMN researches in 2020:
> >
> > > 2020 August:
> > > - "Hypocrite Commits" patches from UMN researchers sent to
> > > kernel developers
> > > under false identities:
> > > - Aug 4 13:36-0500
> > > https://lore.kernel.org/lkml/[email protected]
> > > - Aug 9 17:14-0500
> > > https://lore.kernel.org/lkml/[email protected]
> > > - Aug 20 22:12-0500
> > > https://lore.kernel.org/lkml/[email protected]
> > > - Aug 20 22:44-0500
> > > https://lore.kernel.org/lkml/[email protected]
> > > - Aug 21 02:05-0500
> > > https://lore.kernel.org/lkml/[email protected]
> >
> > But there was no deception from UMN in 2021. Yet, we were
> > spreading... let's say inaccurate information as late as this:
> >
> > > 2021 April 29:
> > > - Greg posts an update on the re-review along with some more
> > > reverts.
> > > https://lore.kernel.org/lkml/[email protected]
> >
> > # Commits from @umn.edu addresses have been found to be submitted
> > in "bad
> > # faith" to try to test the kernel community's ability to review
> > "known
> > # malicious" changes.
>
> I would agree that the phrasing here is sub-optimal in that it could
> more clearly separate a few related things (e.g. "malicious change"
> vs
> "valid fix"). If I were writing this, I would have said something
> along
> the lines of:
>
> Commits from UMN authors have been found to be submitted with
> intentional
> flaws to try to test the kernel community's ability to review
> "known
> malicious" changes. ...
> During review of all submissions, some patches were found to be
> unintentionally flawed. ...
> Out of an abundance of caution all submissions from this group must
> be
> reverted from the tree and will need to be re-review again. ...
>
> I would also note that in that thread Greg reviewed all the mentioned
> patches, clearing all but two of them (which were duplicates to
> earlier
> review).
>
> > UMN apologized. Our reaction to their apology was:
> >
> > https://lore.kernel.org/lkml/[email protected]/#t
> >
> > Do we owe them apology, too?
>
> I will defer to Greg on what he thinks his duties are there, but in
> trying to figure out who "we" is, I'll just point out that I
> attempted
> to clarify the incorrect assumptions about the intent of historical
> UMN
> patches, and spoke for the entire TAB (Greg included) here:
> https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
> The report repeated this in several places, and we explained our need
> for due diligence.
>
> -Kees
>
This has aged well:
"Linux has a problem, which is that with success it is attracting
people with more skill than what it started with, and it is not doing a
very good job of handling that. In fact, it downright stinks at it,
behaving in the worst way it could choose for handling that. [Linux]
have lost quite a number of FS developers who just don't want to deal
with people who know less than they do but are obnoxious and
disrespectful to submissions because they enjoy powertripping...
*[Linux] should develop a culture in which acceptance is more based on
whose code measurably performs well [,i.e, meritocracy, rather] than on
who is friends with whom.*~
< https://lkml.org/lkml/2006/7/21/109 >
Yet when self-believing 'badass' Linux developers engage in what is
essentially masturbation by 'fixing' obsolete security issues[1]
< https://lkml.org/lkml/2020/8/17/174 >
rather than reviewing how 'friend' contributors' patches fit within the
overall kernel development structure, it is to be expected to end up
with a *sabotaged* kernel.
[1] https://www.theregister.com/2020/10/25/linux_5_10_rc1/
Best Professional Regards.
--
--
Jose R R
http://metztli.it
-----------------------------------------------------------------------
----------------------
Download Metztli Reiser4: Debian Buster w/ Linux 5.10.26 AMD64
-----------------------------------------------------------------------
----------------------
feats ZSTD compression https://sf.net/projects/metztli-reiser4/
-----------------------------------------------------------------------
----------------------
or SFRN 5.1.3, Metztli Reiser5 https://sf.net/projects/debian-reiser4/
-----------------------------------------------------------------------
--------------------
Official current Reiser4 resources: https://reiser4.wiki.kernel.org/
Hi!
> > # Commits from @umn.edu addresses have been found to be submitted in "bad
> > # faith" to try to test the kernel community's ability to review "known
> > # malicious" changes.
>
> I would agree that the phrasing here is sub-optimal in that it could
> more clearly separate a few related things (e.g. "malicious change" vs
> "valid fix"). If I were writing this, I would have said something along
> the lines of:
>
> Commits from UMN authors have been found to be submitted with intentional
> flaws to try to test the kernel community's ability to review "known
> malicious" changes. ...
> During review of all submissions, some patches were found to be
> unintentionally flawed. ...
> Out of an abundance of caution all submissions from this group must be
> reverted from the tree and will need to be re-review again. ...
Thank you.
> > UMN apologized. Our reaction to their apology was:
> >
> > https://lore.kernel.org/lkml/[email protected]/#t
> >
> > Do we owe them apology, too?
>
> I will defer to Greg on what he thinks his duties are there, but in
> trying to figure out who "we" is, I'll just point out that I attempted
> to clarify the incorrect assumptions about the intent of historical UMN
> patches, and spoke for the entire TAB (Greg included) here:
> https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
> The report repeated this in several places, and we explained our need
> for due diligence.
Well, in https://lore.kernel.org/lkml/[email protected]/#t
Greg says:
"Until those actions are taken, we do not have anything further to
discuss about this issue."
I'm not sure on behalf of whom he is speaking in the email (and I
believe he is unneccessarily harsh with them).
I could reply to that saying "hey, Greg is probably speaking only for
himself there, he certainly can't speak for whole linux community",
but I believe it would be better if TAB did that.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
Statement from UMN Computer Science & Engineering: Confirming Linux
Technical Advisory Board Findings
We again extend our apologies to the Linux Kernel Community for the
concerns and extra work caused by our inappropriately designed
"hypocrite commits" project. We also want to express our appreciation
for the thoughtful report released by the Linux Technical Advisory
Board (TAB) on May 5, 2021
(https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/ ), and
the willingness of the Linux Foundation to meet with us on May 6,
2021.
The University of Minnesota team has reviewed the TAB findings and
want to confirm that the findings are comprehensive with an exception
discussed below.
One email address missing is a visiting student in the team who used
the account “Wenjia Zhao <[email protected]>” to send four
patches for bugs found by a tool:
https://lore.kernel.org/patchwork/project/lkml/list/?series=&submitter=29945&state=*&q=&archive=both&delegate=.
None of those patches were accepted or merged.
All Minnesota patches submitted before August 9, 2020 were part of
previous bug-finding research projects and submitted in good faith and
intended to address bugs in the Linux Kernel. The four patches
submitted between August 9, 2020 and August 21, 2020 were part of our
ill-conceived “hypocrite commit” case-study. They are the only patches
of this nature ever submitted from Minnesota and they were stopped
before making it past the review stage. The five patches submitted on
April 6, 2021 were part of a subsequent project and also submitted in
good faith (although superfluous and considered to be of poor
quality).
Furthermore, we want to state unequivocally that no other Linux
components or any other open software systems were affected by the
'hypocrite commits' case study or by any of our other research
projects. Our “hypocrite commit” work was limited to the Linux Kernel
only and consisted of only the four patches (one is valid) submitted
between August 9, 2020 and August 21, 2020.
We reiterate our apology, and we rededicate ourselves to educating our
faculty and students in conducting research that is not only of the
highest technical quality, but also follows the highest ethical
standards.
On Wed, May 5, 2021 at 12:08 PM Kees Cook <[email protected]> wrote:
>
> Report on University of Minnesota Breach-of-Trust Incident
>
> or
>
> "An emergency re-review of kernel commits authored by members of the
> University of Minnesota, due to the Hypocrite Commits research paper."
>
> May 5, 2021
>
> Prepared by the Linux Foundation's Technical Advisory Board
> <[email protected]>
> Chris Mason (chair)
> Steven Rostedt (vice-chair)
> Christian Brauner
> Dan Williams
> Greg Kroah-Hartman
> Jonathan Corbet
> Kees Cook
> Laura Abbott
> Sasha Levin
> Ted Ts'o
>
>
> Introduction
>
> On April 20, 2021, in response to the perception that a group of
> University of Minnesota (UMN) researchers had resumed sending
> compromised code submissions to the Linux kernel, Greg Kroah-Hartman
> asked the community to stop accepting patches from UMN and began a
> re-review of all submissions previously accepted from the University.
> This report summarizes the events that led to this point, reviews the
> "Hypocrite Commits" paper that had been submitted for publication, and
> reviews all known prior kernel commits from UMN paper authors that had
> been accepted into our source repository. It concludes with a few
> suggestions about how the community, with UMN included, can move
> forward. Contributors to this paper include members of the Linux
> Foundation's Technical Advisory Board (TAB), with patch review help from
> many other members of the Linux kernel developer community.
>
> UMN worked well within the kernel community for many years, submitting
> numerous bug-fixes that were merged into past kernel releases. Last
> year (2020), one member of the UMN community chose to do a research
> project that involved submitting patches that attempted to intentionally
> introduce flaws in the kernel. The trust between the kernel community
> and UMN was broken when this project was made public. The UMN
> developers went quiet for seven months and then started submitting a new
> handful of poor quality patches to the community. Many assumed that
> trickery was afoot, engendering a reaction that caused a halt to
> acceptance of UMN kernel contributions and forced us to re-review all
> prior submissions.
>
> Due diligence required an audit to identify which authors were involved
> in different UMN research projects, identify the intent of any flawed
> patches, and remove flawed patches regardless of intent. Reestablishing
> the community's trust in researcher groups is important as well, since
> this incident could have a wide-reaching impact on trust in both
> directions that might chill participation by any researchers in kernel
> development. The developer community should be able to trust that
> researchers are sending quality patches meant to improve the kernel, and
> researchers should trust the developer community will not undermine the
> researchers' reputations when mistakes are made. The recommendations in
> this report aim to move beyond this conflict, providing a way to help
> both communities to work together better.
>
>
> Timeline of events
>
> 2018:
> - UMN bug-fix research on Linux kernel starts, and roughly 400 bug-fix
> patches are contributed over the next two years, mainly centered
> around specific research papers:
> https://www-users.cs.umn.edu/~kjlu/papers/lrsan.pdf
> ~21 commits, mostly 2018-04 through 2018-10
> https://www-users.cs.umn.edu/~kjlu/papers/cheq.pdf
> ~52 commits, mostly 2018-12 through 2019-01
> https://www-users.cs.umn.edu/~kjlu/papers/crix.pdf
> ~112 commits, mostly 2018-12 through 2019-09
> https://www-users.cs.umn.edu/~kjlu/papers/k-meld.pdf
> ~74 commits, mostly 2019-09 through 2020-01
> https://www-users.cs.umn.edu/~kjlu/papers/eecatch.pdf
> ~23 commits, mostly 2020-11 through 2020-02
> https://www-users.cs.umn.edu/~kjlu/papers/hero.pdf
> ~67 commits, mostly 2020-05 through 2020-06
>
> 2020 August:
> - "Hypocrite Commits" patches from UMN researchers sent to kernel developers
> under false identities:
> - Aug 4 13:36-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 9 17:14-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 20 22:12-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 20 22:44-0500
> https://lore.kernel.org/lkml/[email protected]
> - Aug 21 02:05-0500
> https://lore.kernel.org/lkml/[email protected]
>
> 2020 November:
> - "Hypocrite Commits" paper is published.
> https://linuxreviews.org/images/d/d9/OpenSourceInsecurity.pdf
>
> 2020 November 21:
> - "Hypocrite Commits" paper accepted by IEEESSP.
> https://www.ieee-security.org/TC/SP2021/program-papers.html
>
> 2020 November 22:
> - Sarah Jamie Lewis calls attention to paper's ethics.
> https://twitter.com/SarahJamieLewis/status/1330618919376228352
>
> 2020 Dec 1:
> - Sarah Jamie Lewis & others send a letter to IEEESSP.
> https://hackmd.io/s/BJGs6Tfiw
> https://twitter.com/SarahJamieLewis/status/1341542481280700418
>
> 2020 December ?:
> - UMN IRB appears to give an exemption to the research.
>
> 2020 December 15:
> - UMN issues clarification.
> https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
>
> 2021 April 6:
> - Poor quality patches sent by UMN after 7 months of silence.
> https://lore.kernel.org/lkml/[email protected]
>
> 2021 April 20:
> - Greg Kroah-Hartman asks submitters to stop sending poor quality
> patches under the guise of "research on maintainers".
> https://lore.kernel.org/r/[email protected]
> https://lore.kernel.org/r/YH5/[email protected]
> - Researcher responds claiming that this new set of patches was not
> part of previous research. (The mailing list dropped this email
> because it was sent in HTML format, so there is no direct link to
> it, but it is visible in Greg's reply below.)
> - Greg replies and says that all umn.edu submissions should be
> rejected until this is all figured out.
> https://lore.kernel.org/lkml/YH%2FfM%[email protected]
>
> 2021 April 21:
> - Greg sends the initial @umn.edu revert series, requesting review by
> any willing Linux maintainers.
> https://lore.kernel.org/lkml/[email protected]
> - TAB starts investigation.
> - UMN authors not using @umn.edu addresses are identified.
> - "Hypocrite Commits" email threads are identified by community.
> https://news.ycombinator.com/item?id=26895209
> - Sarah Jamie Lewis follows up.
> https://twitter.com/SarahJamieLewis/status/1384871385537908736
>
> 2021 April 22:
> - TAB issues statement on review.
> https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook
>
> 2021 April 23:
> - Linux Foundation sends letter to UMN.
> https://drive.google.com/file/d/1bUsiJQesI4pCioE6h4ZUOghg0qHpemcb
>
> 2021 April 24:
> - UMN publishes "An open letter to the Linux community"
> https://lore.kernel.org/r/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com
>
> 2021 April 25:
> - UMN starts collecting consent from "Hypocrite Commits" email thread
> participants to allow their public emails to be called out directly
> as part of the research.
>
> 2021 April 26:
> - UMN retracts "Hypocrite Commits" paper.
> https://www-users.cs.umn.edu/~kjlu/papers/withdrawal-letter.pdf
>
> 2021 April 27:
> - UMN publishes details on "Hypocrite Commits" email threads.
> https://www-users.cs.umn.edu/~kjlu/papers/full-disclosure.pdf
> - UMN replies to LF
> https://drive.google.com/file/d/1z3Nm2bfR4tH1nOGBpuOmLyoJVEiO9cUq/view
>
> 2021 April 28:
> - Greg requests a revert of the attempted "Hypocrite" commit.
> https://lore.kernel.org/linux-crypto/[email protected]
>
> 2021 April 29:
> - Greg posts an update on the re-review along with some more reverts.
> https://lore.kernel.org/lkml/[email protected]
>
> 2021 May 3:
> - Greg posts a final set of reverts, along with correct fixes for the
> reverted changes.
> https://lore.kernel.org/r/[email protected]
>
> 2021 May 5:
> - TAB publishes this report
>
>
> Patches submitted as part of the "Hypocrite Commits" research paper
>
> After getting consent from all participants in the public "Hypocrite
> Commits" patch discussion threads, UMN published a full disclosure on
> the details of their actions surrounding the paper.
> https://www-users.cs.umn.edu/~kjlu/papers/full-disclosure.pdf
>
> The authors of the paper identify five changes that were submitted to
> the public Linux kernel mailing list, which matched the threads publicly
> identified earlier. These changes were submitted using two fake
> identities, which is against the documented requirements for how to
> contribute code to the Linux kernel. The University appears to have
> allowed researchers to use fake identities when agreeing to the
> "Developers Certificate of Origin", a legal statement about the work
> being submitted.
> https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin
>
> The patches listed below map to the patch numbers that the researchers
> use in their disclosure statement. We do note that the ordering is not
> chronological; the patches were sent to the community in the order of 5,
> 2, 1, 3, 4 with the specific times noted below (and above in the
> timeline of events).
>
> Patch 1
>
> First email: Thu, 20 Aug 2020 22:12:08 -0500 (Fri, 21 Aug 2020 03:12:08 UTC)
> First reply: Fri, 28 Aug 2020 17:19:31 +1000 (Fri, 28 Aug 2020 07:19:31 UTC)
> https://lore.kernel.org/lkml/[email protected]
>
> This change was accepted into the kernel repository, after a review by
> the subsystem maintainer, and showed up in the kernel repository as:
> 9fcddaf2e28d crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions
>
> This change was valid. The author's attempt to create an invalid change
> failed as they did not understand how the PCI driver model worked within
> the kernel. They asked for clarification about this change after the
> maintainer accepted the change, and were told that it was acceptable.
> Why the authors claimed in the submitted paper that this was an
> incorrect change is not clear.
>
> Because this submission was made under a false name, it was asked to be
> removed from the kernel repository as the kernel community does not
> accept known-anonymous contributions as documented above in the link to
> the "Submitting Patches" kernel documentation. There have been
> exceptions made to this rule before, but those have been done for very
> specific reasons unique to the individual contributors; their true
> identities are known to a subset of existing kernel maintainers.
> https://lore.kernel.org/r/[email protected]
>
> Patch 2
>
> First email: Sun, 9 Aug 2020 17:14:52 -0500 (Sun, 09 Aug 2020 22:14:52 UTC)
> First reply: Mon, 10 Aug 2020 07:16:48 +0200 (Mon, 10 Aug 2020 05:16:48 UTC)
> https://lore.kernel.org/lkml/[email protected]
>
> This patch was a copy of a previously submitted change in this very
> area, trying to get acceptance of the patch by quoting the syzbot tool.
> The maintainers quickly recognized that this change was invalid, and
> rejected it. Ironically, the earlier bad patch had actually inspired an
> entire presentation calling attention to how CVEs do not work well for
> tracking kernel bugs:
> https://kernel-recipes.org/en/2019/talks/cves-are-dead-long-live-the-cve/
>
> Patch 3
>
> First email: Thu, 20 Aug 2020 22:44:57 -0500 (Fri, 21 Aug 2020 03:44:57 UTC)
> First reply: Fri, 21 Aug 2020 11:14:49 +0300 (Fri, 21 Aug 2020 08:14:49 UTC)
> https://lore.kernel.org/lkml/[email protected]
>
> This patch was quickly recognized by a reviewer to be incorrect, and the
> reviewer offered up possible changes that the submitter could make in
> order to turn it into a correct change. These suggestions were ignored
> by the submitter and no further changes were submitted in this area.
>
> The maintainer was attempting to mentor an obviously junior contributor,
> taking time to teach the developer what the proper thing to do here
> would be, and what is needed in order to have them create a
> contribution that would be acceptable. The contributor knew that the
> patch was bad, showing that the researchers were willing to waste the
> resource that is in shortest supply in our community: the time of
> reviewers and maintainers. Having this waste of an "effort of someone
> trying to teach another" be created by an educational institution was
> especially hurtful to the community and caused many of the bad feelings
> on the community's side, further amplified by not having any idea which
> patches out of the hundreds sent by UMN or from new contributors using
> gmail accounts might be intentionally bad.
>
> Patch 4
>
> First email: Fri, 21 Aug 2020 02:05:36 -0500 (Fri, 21 Aug 2020 07:05:36 UTC)
> First reply: Thu, 27 Aug 2020 14:46:00 +0200 (Thu, 27 Aug 2020 12:46:00 UTC)
> https://lore.kernel.org/lkml/[email protected]
>
> This patch was reviewed by the maintainer of the driver, found to be
> incorrect, and suggestions were made as to what could be done instead to
> make the change in a correct manner. The submitter did respond, saying
> that their original attempt was incorrect, and apologized for bothering
> the developers.
>
> Patch 5
>
> First email: Tue, 4 Aug 2020 13:36:49 -0500 (Tue, 04 Aug 2020 18:36:49 UTC)
> https://lore.kernel.org/lkml/[email protected]
>
> According to the researchers, this patch was submitted as an independent
> patch and not part of the "Hypocrite" research, attempting a legitimate
> fix. The developer had configured their system to use the fake name in
> preparation for the "Hypocrite" submissions so it showed up to the world
> as coming from "James Bond." This claim is supported by the fact that
> the function being patched, dmi_system_event_log(), shows up in the
> named bug list for the "Disordered Error Handling" research paper, and
> an earlier attempt was made to make this change (with a real name).
> However, the latter attempt from "James Bond" is incomplete compared to
> the earlier fix attempt.
> https://lore.kernel.org/lkml/[email protected]
>
> When the "James Bond" submission was eventually reviewed by the
> maintainer of this subsystem a few weeks later, this name was known by
> the kernel developer community to be false (during the earlier review of
> Patch 2), so the submission was just ignored.
> https://lore.kernel.org/lkml/[email protected]
>
> Summary of "Hypocrite Commits" patch attempts
>
> All patch submissions that were invalid were caught, or ignored, by the
> Linux kernel developers and maintainers. Our patch-review processes
> worked as intended when confronted with these malicious patches.
>
>
> Summary of review
>
> 435 commits were re-reviewed. Two sets of commit reviews were done in
> public and can be seen in these email threads:
> https://lore.kernel.org/r/[email protected]
> https://lore.kernel.org/r/[email protected]
>
> A third set of reviews were done by TAB members covering the commits
> made by UMN authors that were using other email accounts (i.e. not
> @umn.edu).
>
> Full details of each of the changes that were reviewed can be found
> below in the section "Details of Review". We can summarize the review
> of these commits into the following categories with the number in each
> category:
> - commits found to be correct (349)
> - commits found to be incorrect and in need of fixing (39)
> - commits already fixed by later commits (25)
> - commits that no longer matter (12)
> - commits made before the research group existed (9)
> - commits the author asked to have removed (1)
>
> Commits found to be correct
>
> The huge majority of the reviewed commits were found to be correct.
> These 349 commits are marked with "c" in the "Commit Determination"
> field below, with any public review URLs noted in the indented lines
> following the commit reference.
>
> Commits found to be incorrect and in need of fixing
>
> During the re-review, a number of commits were found to have some problem
> with them. These 39 commits are going to be reverted, and a replacement
> commit will be submitted to resolve any remaining problems in a correct
> manner before the 5.13 kernel release. They are marked with "I" or "H" in
> the "Commit Determination" field below, with any public review URLs noted
> in the indented lines following the commit reference.
>
> Commits already fixed by later commits
>
> 25 commits were independently found to be incorrect after acceptance
> into the kernel and were subsequently reverted or fixed by other
> developers. As the end-result of these changes is now correct, the
> original incorrect commits do not need to be removed. These commits are
> marked with "r" or "f" in the "Commit Disposition" field below, with any
> existing fixes, reverts, or public review URLs noted in the indented
> lines following the commit reference.
>
> Commits that no longer matter
>
> Several commits no longer matter as the code they touched had been
> removed from the kernel before the incident due to drivers and
> subsystems having become obsolete. These 12 commits are marked with "n"
> in the "Commit Determination" field below, with any public review URLs
> noted in the indented lines following the commit reference.
>
> Commits made before the research group existed
>
> A handful of very old commits made by developers using an @umn.edu email
> address were also reviewed again and were found not to be causing any
> obvious problems. These 9 commits are marked with "o" in the "Commit
> Determination" field below.
>
> Commits the author asked to have removed
>
> One incorrect commit was reverted from the source tree at the request of
> the author. It is marked with "a" in the "Commit Disposition" field
> below, with the thread URL noted in the indented line following the
> commit reference.
>
>
> Details of review
>
> Authors of UMN papers researching the Linux kernel:
> Aditya Pakki <[email protected]>
> Qiushi Wu <[email protected]>
> Kangjie Lu <[email protected]>
> Wenwen Wang <[email protected]>
> Navid Emamdoost <[email protected]>
>
> Earliest commit date from any of above:
> Tue May 3 16:32:16 2016 -0400
>
> Hypocrite patch attempts:
> George Acosta <[email protected]>
> James Bond <[email protected]>
>
> Later addresses:
> Wenwen Wang <[email protected]>
>
> Earlier addresses:
> Kangjie Lu <[email protected]>
> Kangjie Lu <[email protected]>
>
> Before current incident:
> Alireza Haghdoost <[email protected]>
> Dave C Boutcher <[email protected]>
>
> Commit log regular expression:
> ((pakki001|kjlu|wu000273|wang6495)@umn\.edu|navid\.emamdoost@gmail\.com|wenwen@cs\.uga\.edu|kjlu@gatech\.edu|(acostag\.ubuntu|jameslouisebond|kangjielu)@gmail\.com)
>
> First column key ("Review origin"):
> 1 = in original re-review series
> https://lore.kernel.org/lkml/[email protected]
> 2 = in original "needs special attention" review series
> https://lore.kernel.org/lkml/YIAtwtOpy%[email protected]
> 3 = involves a UMN author not covered by 1 and 2 above.
> (e.g. Reported-by:, or Author: not @umn.edu)
> git log --pretty=format:'%h %as %>(16)%aN %s' --no-merges -E --grep "$RE"
> n = commit by non-UMN author referencing an incident-related commit or author
> git log --oneline --no-merges -E --grep "Fixes: (commit )?($SHA_RE)"
>
> Second column key ("Commit Determination"):
> c = apparently correct commit
> I = incorrect fix (e.g. in need of revert or fix)
> H = attempted hypocrite commit
> n = no longer relevant (e.g. entire driver removed)
> o = commit unrelated to incident
>
> Third column key ("Commit Disposition"):
> R = revert and fix after incident
> f = received fixes before the incident
> r = reverted before the incident
> a = reverted by author
> - = no further changes needed
>
> Commits sorted by apparent research origins:
>
> # On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
> # https://linuxreviews.org/images/d/d9/OpenSourceInsecurity.pdf
> # Qiushi Wu and Kangjie Lu
> 3HR 9fcddaf2e28d 2020-08-20 George Acosta crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions
>
> # Understanding and Detecting Disordered Error Handling with Precise Function Pairing
> # https://www-users.cs.umn.edu/~kjlu/papers/hero.pdf
> # Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, Kangjie Lu
> nf- 4684709bf81a 2020-12-02 Jubin Zhong PCI: Fix pci_slot_release() NULL pointer dereference
> nf- b9ad3e9f5a7a 2020-11-20 Jamie Iles bonding: wait for sysfs kobject destruction before freeing struct slave
> nf- a39d0d7bdf8c 2020-09-28 Jean Delvare drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
> 1c- 6f4432bae9f2 2020-06-14 Qiushi Wu media: sti: Fix reference count leaks
> https://lore.kernel.org/r/[email protected]
> 1c- 7ef64ceea000 2020-06-14 Qiushi Wu media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
> https://lore.kernel.org/r/[email protected]
> 1c- c47f7c779ef0 2020-06-14 Qiushi Wu media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
> https://lore.kernel.org/r/[email protected]
> 1c- 64157b2cb194 2020-06-14 Qiushi Wu media: exynos4-is: Fix a reference count leak
> https://lore.kernel.org/r/[email protected]
> 1c- 88f50a05f907 2020-06-14 Qiushi Wu media: stm32-dcmi: Fix a reference count leak
> https://lore.kernel.org/r/[email protected]
> 1c- 78741ce98c2e 2020-06-14 Qiushi Wu media: s5p-mfc: Fix a reference count leak
> https://lore.kernel.org/r/[email protected]
> 1c- d0675b67b42e 2020-06-14 Qiushi Wu media: camss: Fix a reference count leak.
> https://lore.kernel.org/r/[email protected]
> 1c- 63e36a381d92 2020-06-14 Qiushi Wu media: platform: fcp: Fix a reference count leak.
> https://lore.kernel.org/r/[email protected]
> 1c- 884d638e0853 2020-06-14 Qiushi Wu media: rockchip/rga: Fix a reference count leak.
> https://lore.kernel.org/r/[email protected]
> 1c- 410822037cc9 2020-06-14 Qiushi Wu media: rcar-vin: Fix a reference count leak.
> https://lore.kernel.org/r/[email protected]
> 1c- aaffa0126a11 2020-06-14 Qiushi Wu media: rcar-vin: Fix a reference count leak.
> https://lore.kernel.org/r/[email protected]
> 1c- fe3c60684377 2020-06-13 Qiushi Wu firmware: Fix a reference count leak.
> https://lore.kernel.org/r/[email protected]
> 1c- 659fb5f154c3 2020-06-13 Aditya Pakki drm/nouveau: fix multiple instances of reference count leaks
> https://lore.kernel.org/r/[email protected]
> 1c- 78c2ce9bde70 2020-06-13 Aditya Pakki omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
> https://lore.kernel.org/r/[email protected]
> 3c- f79f94765f8c 2020-06-14 Navid Emamdoost drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
> 1c- 6f2e8acdb48e 2020-06-13 Aditya Pakki drm/radeon: fix multiple reference count leak
> https://lore.kernel.org/r/MN2PR12MB44889F62CD7F3EAC7572AEA2F7479@MN2PR12MB4488.namprd12.prod.outlook.com
> 1c- 20eca0123a35 2020-06-13 Qiushi Wu drm/amdkfd: Fix reference count leaks.
> https://lore.kernel.org/r/[email protected]
> 1c- f141a422159a 2020-06-13 Qiushi Wu ASoC: rockchip: Fix a reference count leak.
> https://lore.kernel.org/r/YIg7gWWkgqnj1S/[email protected]
> 1c- 90a239ee25fa 2020-06-13 Aditya Pakki RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq
> https://lore.kernel.org/r/[email protected]
> 1c- 17ed808ad243 2020-05-28 Qiushi Wu EDAC: Fix reference count leaks
> https://lore.kernel.org/r/[email protected]
> 1c- deca195383a6 2020-06-13 Qiushi Wu ASoC: tegra: Fix reference count leaks.
> https://lore.kernel.org/r/[email protected]
> 3c- 79c43333bdd5 2020-06-04 Navid Emamdoost can: xilinx_can: handle failure cases of pm_runtime_get_sync
> 3c- 861254d82649 2020-06-04 Navid Emamdoost gpio: arizona: put pm_runtime in case of failure
> 3c- e6f390a834b5 2020-06-04 Navid Emamdoost gpio: arizona: handle pm_runtime_get_sync failure case
> 1c- a6379f0ad637 2020-06-12 Aditya Pakki test_objagg: Fix potential memory leak in error handling
> https://lore.kernel.org/r/[email protected]
> 1c- 6b9fbb073636 2020-06-13 Qiushi Wu ASoC: img-parallel-out: Fix a reference count leak
> https://lore.kernel.org/r/[email protected]
> 3c- d88de040e1df 2020-06-04 Navid Emamdoost iio: pressure: zpa2326: handle pm_runtime_get_sync failure
> 3c- eea123886720 2020-06-04 Navid Emamdoost sata_rcar: handle pm_runtime_get_sync failure cases
> 3c- ca162ce98110 2020-06-01 Navid Emamdoost pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
> 1c- aa8ba13cae31 2020-05-27 Qiushi Wu vfio/mdev: Fix reference count leak in add_mdev_supported_type
> https://lore.kernel.org/r/[email protected]
> 1c- 0b8e125e2132 2020-05-27 Qiushi Wu RDMA/core: Fix several reference count leaks.
> https://lore.kernel.org/r/[email protected]
> 1c- c343bf1ba5ef 2020-05-28 Qiushi Wu cpuidle: Fix three reference count leaks
> https://lore.kernel.org/r/[email protected]
> 1c- 4d8be4bc94f7 2020-05-27 Qiushi Wu ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
> https://lore.kernel.org/r/YIgkr/swUm/[email protected]
> 1c- b975abbd382f 2020-05-22 Qiushi Wu agp/intel: Fix a memory leak on module initialisation failure
> https://lore.kernel.org/r/[email protected]
> 1c- 1d7a7128a2e9 2020-05-02 Qiushi Wu power: supply: core: fix memory leak in HWMON error path
> https://lore.kernel.org/r/[email protected]
> 1c- 57cc666d36ad 2020-06-14 Aditya Pakki media: st-delta: Fix reference count leak in delta_run_work
> https://lore.kernel.org/r/[email protected]
> 1c- 7dae2aaaf432 2020-06-14 Qiushi Wu media: ti-vpe: Fix a missing check and reference count leak
> https://lore.kernel.org/r/[email protected]
> 3c- 9df0e0c18896 2020-06-14 Navid Emamdoost drm/panfrost: perfcnt: fix ref count leak in panfrost_perfcnt_enable_locked
> 1c- 9fb106710111 2020-06-13 Aditya Pakki drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
> https://lore.kernel.org/r/MN2PR12MB4488CE1D9E2133F4110D131EF7479@MN2PR12MB4488.namprd12.prod.outlook.com
> 1c- 8f29432417b1 2020-06-13 Aditya Pakki drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek
> https://lore.kernel.org/r/[email protected]
> 2c- 990a1162986e 2020-06-13 Aditya Pakki drm/nouveau: Fix reference count leak in nouveau_connector_detect
> 1c- a2cdf39536b0 2020-06-13 Aditya Pakki drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
> https://lore.kernel.org/r/[email protected]
> 1c- bfad51c76333 2020-06-13 Aditya Pakki drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
> https://lore.kernel.org/r/[email protected]
> 3c- c5d5a32ead1e 2020-06-15 Navid Emamdoost drm/etnaviv: fix ref count leak via pm_runtime_get_sync
> 1c- 8a94644b440e 2020-05-27 Qiushi Wu PCI: Fix pci_create_slot() reference count leak
> fixed by: 4684709bf81a PCI: Fix pci_slot_release() NULL pointer dereference
> https://lore.kernel.org/r/20210422044331.GA2907704@bjorn-Precision-5520
> 3If e008fa6fb415 2020-06-14 Navid Emamdoost drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
> fixed by: a39d0d7bdf8c drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
> 3c- 5509ac65f2fe 2020-06-14 Navid Emamdoost drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
> 3c- 9ba8923cbbe1 2020-06-14 Navid Emamdoost drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
> 1c- aaa3cbbac326 2020-05-22 Qiushi Wu platform/chrome: cros_ec_ishtp: Fix a double-unlock issue
> https://lore.kernel.org/r/[email protected]
> 3c- d4f5a095daf0 2020-06-15 Navid Emamdoost drm/exynos: fix ref count leak in mic_pre_enable
> 1c- 2655971ad4b3 2020-06-13 Aditya Pakki usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
> https://lore.kernel.org/r/[email protected]
> 2c- 58d0c864e1a7 2020-06-12 Aditya Pakki rocker: fix incorrect error handling in dma_rings_init
> https://lore.kernel.org/r/[email protected]
> 1c- c4c59b95b7f7 2020-06-13 Qiushi Wu ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt
> https://lore.kernel.org/r/[email protected]
> 1c- 4ddf4739be6e 2020-05-28 Qiushi Wu efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
> https://lore.kernel.org/r/CAMj1kXEYLKJX3DfzPAT78iQMMpXWmEGtBbjQDyfZzTR3pYBxMw@mail.gmail.com
> 1c- 0267ffce562c 2020-05-28 Qiushi Wu scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
> https://lore.kernel.org/r/[email protected]
> 1c- 7cc31613734c 2020-05-27 Qiushi Wu iommu: Fix reference count leak in iommu_group_alloc.
> https://lore.kernel.org/r/[email protected]
> 2If a068aab42258 2020-05-27 Qiushi Wu bonding: Fix reference count leak in bond_sysfs_slave_add.
> fixed by: b9ad3e9f5a7a bonding: wait for sysfs kobject destruction before freeing struct slave
> 1c- 6e6c25283dff 2020-05-27 Qiushi Wu ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
> https://lore.kernel.org/r/[email protected]
> 1c- 25bf943e4e7b 2020-05-25 Qiushi Wu ASoC: fix incomplete error-handling in img_i2s_in_probe.
> https://lore.kernel.org/r/YIg7/[email protected]
> 1c- 15c973858903 2020-05-25 Qiushi Wu qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
> https://lore.kernel.org/r/[email protected]
> 1c- db857e6ae548 2020-05-22 Qiushi Wu RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
> https://lore.kernel.org/r/[email protected]
> 1c- 44734a594196 2020-05-22 Qiushi Wu usb: gadget: fix potential double-free in m66592_probe.
> https://lore.kernel.org/r/[email protected]
> 1c- febfd9d3c7f7 2020-05-22 Qiushi Wu net/mlx4_core: fix a memory leak bug.
> https://lore.kernel.org/r/[email protected]
> 1c- f45d01f4f30b 2020-05-22 Qiushi Wu rxrpc: Fix a memory leak in rxkad_verify_response()
> https://lore.kernel.org/r/[email protected]
> 1c- 5a730153984d 2020-05-22 Qiushi Wu net: sun: fix missing release regions in cas_init_one().
> https://lore.kernel.org/r/[email protected]
> 2c- 8816cd726a4f 2020-05-03 Qiushi Wu rtc: mc13xxx: fix a double-unlock issue
> https://lore.kernel.org/r/[email protected]
> 1c- bd4af432cc71 2020-05-02 Qiushi Wu nfp: abm: fix a memory leak bug
> https://lore.kernel.org/r/20210421090315.11cc4eaf@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com
>
> # Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection
> # https://www-users.cs.umn.edu/~kjlu/papers/eecatch.pdf
> # Aditya Pakki, and Kangjie Lu
> 1c- 639c0a5b0503 2019-12-19 Aditya Pakki media: media/saa7146: fix incorrect assertion in saa7146_buffer_finish
> https://lore.kernel.org/r/[email protected]
> 1IR 2c2a7552dd64 2020-02-14 Aditya Pakki ecryptfs: replace BUG_ON with error handling code
> https://lore.kernel.org/r/YIBM8hiBLFO+JJr/@zeniv-ca.linux.org.uk
> 1c- 8d7a577d04e8 2020-01-21 Aditya Pakki clk: samsung: Remove redundant check in samsung_cmu_register_one
> https://lore.kernel.org/r/[email protected]
> 1c- 67e2d2eb5423 2020-01-30 Aditya Pakki fs: ocfs: remove unnecessary assertion in dlm_migrate_lockres
> https://lore.kernel.org/r/20210422084208.GB5316@amd
> 1c- b0e4cfae483f 2020-01-06 Aditya Pakki media: davinci/vpfe_capture.c: Avoid BUG_ON for register failure
> https://lore.kernel.org/r/[email protected]
> 1c- 1ec4c6efe231 2019-12-15 Aditya Pakki media: saa7146: Avoid using BUG_ON as an assertion
> https://lore.kernel.org/r/[email protected]
> 1c- 93a24578de72 2019-12-15 Aditya Pakki media: cx231xx: replace BUG_ON with recovery code
> https://lore.kernel.org/r/[email protected]
> 1c- 9f48db0d4a08 2019-12-17 Aditya Pakki RDMA/srpt: Remove unnecessary assertion in srpt_queue_response
> https://lore.kernel.org/r/[email protected]
> 1c- d7a336d67ab5 2019-12-19 Aditya Pakki staging: kpc2000: remove unnecessary assertions in kpc_dma_transfer
> https://lore.kernel.org/r/YIf7h/[email protected]
> 1c- d6bd6cf9feb8 2019-12-17 Aditya Pakki xen/grant-table: remove multiple BUG_ON on gnttab_interface
> https://lore.kernel.org/r/[email protected]
> 1c- 52b894393cec 2019-12-17 Aditya Pakki scsi: libfc: remove unnecessary assertion on ep variable
> https://lore.kernel.org/r/[email protected]
> 1c- a886ca6fcfff 2019-12-17 Aditya Pakki hdlcdrv: replace unnecessary assertion in hdlcdrv_register
> https://lore.kernel.org/r/[email protected]
> 1c- 615f22f58029 2019-12-17 Aditya Pakki nfc: s3fwrn5: replace the assertion with a WARN_ON
> https://lore.kernel.org/r/[email protected]
> 1c- fc1b20659597 2019-12-17 Aditya Pakki nfsd: remove unnecessary assertion in nfsd4_encode_replay
> https://lore.kernel.org/r/[email protected]
> 1c- 5bf2fc1f9c88 2019-12-19 Aditya Pakki bpf: Remove unnecessary assertion on fp_old
> https://lore.kernel.org/r/CAADnVQKrsue+0tCCjU9wzGALPqWZXF2vxUH1hJuF7uJkf5x+oQ@mail.gmail.com
> 2c- c705f9fc6a17 2019-12-15 Aditya Pakki orinoco: avoid assertion in case of NULL pointer
> https://lore.kernel.org/r/[email protected]
> 2c- 8b6fc114beeb 2019-12-15 Aditya Pakki drm: remove duplicate check on parent and avoid BUG_ON
> 1IR c5dea815834c 2019-12-15 Aditya Pakki net: caif: replace BUG_ON with recovery code
> https://lore.kernel.org/r/[email protected]
> 1c- bbd20c939c8a 2019-12-15 Aditya Pakki fore200e: Fix incorrect checks of NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 1ee7826ab68f 2019-12-15 Aditya Pakki mac80211: Remove redundant assertion
> https://lore.kernel.org/r/[email protected]
> 2c- 169f9acae086 2019-12-05 Aditya Pakki spi: dw: Avoid BUG_ON() in case of host failure
> 1c- 02a896ca8487 2019-12-05 Aditya Pakki pppoe: remove redundant BUG_ON() check in pppoe_pernet
> https://lore.kernel.org/r/[email protected]
> 1c- 60f5c4aaae45 2019-11-17 Aditya Pakki net: atm: Reduce the severity of logging in unlink_clip_vcc
> https://lore.kernel.org/r/[email protected]
>
> # Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning
> # https://www-users.cs.umn.edu/~kjlu/papers/k-meld.pdf
> # Navid Emamdoost, Qiushi Wu, Kangjie Lu, Stephen McCamant
> nf- 579dd91ab3a5 2020-06-29 Zheng Bin nbd: Fix memory leak in nbd_add_socket
> nf- 7174dc655ef0 2020-12-07 Lukas Wunner spi: gpio: Don't leak SPI master in probe error path
> nf- e163fdb3f7f8 2020-01-08 Kees Cook pstore/ram: Regularize prz label allocation lifetime
> nf- cad46039e4c9 2019-12-17 Ben Hutchings net: qlogic: Fix error paths in ql_alloc_large_buffers()
> 3c- f6c992ca7dd4 2020-08-09 Navid Emamdoost clk: bcm2835: add missing release if devm_clk_hw_register fails
> 3c- e6827d1abdc9 2020-07-22 Navid Emamdoost cxgb4: add missing release on skb in uld_send()
> 3c- 880e21490be6 2020-07-18 Navid Emamdoost mt7601u: add missing release on skb in mt7601u_mcu_msg_send
> 3c- 5648d1c9cadb 2020-07-18 Navid Emamdoost mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg
> 3c- 1e8fd3a97f2d 2020-07-18 Navid Emamdoost nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
> 3c- c3df30a01da4 2019-11-10 Navid Emamdoost media: aspeed-video: Fix memory leaks in aspeed_video_probe
> 3c- 40efb09a7f53 2019-09-24 Navid Emamdoost drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
> 3c- a7c46c0c0e3d 2020-01-04 Navid Emamdoost mm/gup: fix memory leak in __gup_benchmark_ioctl
> nIf 8df955a32a73 2019-12-30 Kees Cook pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
> fixed by: e163fdb3f7f8 pstore/ram: Regularize prz label allocation lifetime
> 3c- 4282dc057d75 2019-12-14 Navid Emamdoost brcmfmac: Fix memory leak in brcmf_usbdev_qinit
> 3c- 5cc509aa83c6 2019-11-22 Navid Emamdoost brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev()
> 3c- f37f71035367 2019-12-14 Navid Emamdoost net: gemini: Fix memory leak in gmac_setup_txqs
> 3c- 8c386cc81787 2019-11-25 Navid Emamdoost PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
> 3c- 6645d42d79d3 2019-11-22 Navid Emamdoost dma-buf: Fix memory leak in sync_file_merge()
> 3c- b6631c6031c7 2019-11-22 Navid Emamdoost sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook
> 3c- d088337c38a5 2019-11-21 Navid Emamdoost Bluetooth: Fix memory leak in hci_connect_le_scan
> 3c- 450c3d416683 2019-10-02 Navid Emamdoost affs: fix a memory leak in affs_remount
> 3c- e13de8fe0d6a 2019-10-04 Navid Emamdoost of: unittest: fix memory leak in unittest_data_add
> 3c- 4aa7afb0ee20 2019-10-21 Navid Emamdoost ipmi: Fix memory leak in __ipmi_bmc_register
> 3c- 1399c59fa929 2019-10-04 Navid Emamdoost nl80211: fix memory leak in nl80211_get_ftm_responder_stats
> 3c- 80b15db5e1e9 2019-10-04 Navid Emamdoost staging: vt6655: Fix memory leak in vt6655_probe
> 3c- 5bdea6060618 2019-09-29 Navid Emamdoost Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
> 3c- 1104057562ec 2019-10-01 Navid Emamdoost drm/amdgpu: fix multiple memory leaks in acp_hw_init
> 3c- 57be09c6e874 2019-10-01 Navid Emamdoost drm/amdgpu: fix multiple memory leaks in acp_hw_init
> 3c- 057b8945f78f 2019-09-29 Navid Emamdoost spi: lpspi: fix memory leak in fsl_lpspi_probe
> 3If d3b0ffa1d75d 2019-09-30 Navid Emamdoost spi: gpio: prevent memory leak in spi_gpio_probe
> fixed by: 7174dc655ef0 spi: gpio: Don't leak SPI master in probe error path
> 3c- ca312438cf17 2019-09-19 Navid Emamdoost staging: rtl8192u: fix multiple memory leaks on error path
> 3c- 0911224b6bf4 2019-09-19 Navid Emamdoost staging: rtl8192u: release memory on error path
> 3Ir 78beef629fd9 2019-09-26 Navid Emamdoost nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
> reverted by: 1d1997db870f Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace"
> 3If 03bf73c315ed 2019-09-23 Navid Emamdoost nbd: prevent memory leak
> fixed by: 579dd91ab3a5 nbd: Fix memory leak in nbd_add_socket
> 3c- fb5be6a7b486 2019-09-19 Navid Emamdoost can: gs_usb: gs_can_open(): prevent memory leak
> 3c- 6f3ef5c25cc7 2019-10-25 Navid Emamdoost wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
> 3c- 45c1380358b1 2019-10-27 Navid Emamdoost ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
> 3c- c0a333d842ef 2019-10-27 Navid Emamdoost ASoC: SOF: Fix memory leak in sof_dfsentry_write
> 3c- 9bbfceea12a8 2019-09-29 Navid Emamdoost usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
> 3c- 27d461333459 2019-09-25 Navid Emamdoost i40e: prevent memory leak in i40e_setup_macvlans
> 3c- 2289adbfa559 2019-10-09 Navid Emamdoost media: usb: fix memory leak in af9005_identify_state
> 3c- 29cd13cfd762 2019-10-21 Navid Emamdoost drm/v3d: Fix memory leak in v3d_submit_cl_ioctl
> 3c- c7ed6d0183d5 2019-09-27 Navid Emamdoost net/mlx5: fix memory leak in mlx5_fw_fatal_reporter_dump
> 3c- c8c2a057fdc7 2019-09-24 Navid Emamdoost net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
> 3c- e0b0cb938864 2019-09-30 Navid Emamdoost virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
> 3c- c03b04dcdba1 2019-10-04 Navid Emamdoost crypto: user - fix memory leak in crypto_reportstat
> 3c- ffdde5932042 2019-10-04 Navid Emamdoost crypto: user - fix memory leak in crypto_report
> 3c- 9c0530e898f3 2019-09-19 Navid Emamdoost iio: imu: adis16400: fix memory leak
> 3c- ab612b1daf41 2019-09-19 Navid Emamdoost iio: imu: adis16400: release allocated memory on failure
> 3c- 0f4f199443fa 2019-09-27 Navid Emamdoost iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
> 3c- b4b814fec1a5 2019-09-12 Navid Emamdoost iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
> 3c- d10dcb615c8e 2019-10-04 Navid Emamdoost mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
> 3c- db8fd2cde932 2019-10-04 Navid Emamdoost mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
> 3c- a7b2df76b42b 2019-09-25 Navid Emamdoost media: rc: prevent memory leak in cx23888_ir_probe
> 3c- bbe692e349e2 2019-09-16 Navid Emamdoost rpmsg: char: release allocated memory
> 3If 1acb8f2a7a9f 2019-10-04 Navid Emamdoost net: qlogic: Fix memory leak in ql_alloc_large_buffers
> fixed by: cad46039e4c9 qlogic: Fix error paths in ql_alloc_large_buffers()
> 3c- fc739a058d99 2019-09-25 Navid Emamdoost misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
> 3c- 128c66429247 2019-09-19 Navid Emamdoost crypto: ccp - Release all allocated memory if sha type is invalid
> 3c- cabe144bfd0c 2019-09-16 Navid Emamdoost drm/amd/display: memory leak
> 3c- e7883ab63213 2019-09-24 Navid Emamdoost drm/amd/display: prevent memory leak
> 3c- 055e547478a1 2019-09-16 Navid Emamdoost drm/amd/display: memory leak
> 3c- a2cdd07488e6 2019-09-19 Navid Emamdoost rtl8xxxu: prevent leaking urb
> 3c- 34b3be18a04e 2019-09-25 Navid Emamdoost RDMA/hfi1: Prevent memory leak in sdma_init
> 3c- 3f9361695113 2019-09-24 Navid Emamdoost rtlwifi: prevent memory leak in rtl_usb_probe
> 3c- d563131ef23c 2019-09-13 Navid Emamdoost rsi: release skb if rsi_prepare_beacon fails
> 3c- 0e62395da2bd 2019-09-10 Navid Emamdoost scsi: bfa: release allocated memory in case of error
> 3c- 68501df92d11 2019-09-29 Navid Emamdoost net: dsa: sja1105: Prevent leaking memory
> 3c- 96c5c6e6a5b6 2019-09-20 Navid Emamdoost tracing: Have error path in predicate_parse() free its allocated memory
> 3c- 6402939ec86e 2019-09-17 Navid Emamdoost ieee802154: ca8210: prevent memory leak
> 3c- 8ce39eb5a67a 2019-09-25 Navid Emamdoost nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
> 3c- 8572cea1461a 2019-09-25 Navid Emamdoost nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
> 3c- a0ecd6fdbf5d 2019-09-24 Navid Emamdoost drm/komeda: prevent memory leak in komeda_wb_connector_add
> 3c- 104c307147ad 2019-09-24 Navid Emamdoost drm/amd/display: prevent memory leak
> 3c- b8d17e7d93d2 2019-09-19 Navid Emamdoost ath10k: fix memory leak
> 3c- 4a9d46a9fe14 2019-09-10 Navid Emamdoost RDMA: Fix goto target to release the allocated memory
> 3c- a21b7f0cff19 2019-09-11 Navid Emamdoost net: qrtr: fix memort leak in qrtr_tun_write_iter
> 3If 2507e6ab7a9a 2019-09-10 Navid Emamdoost wimax: i2400: fix memory leak
> fixed by: 6f3ef5c25cc7 wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
> 3c- 728c1e2a05e4 2019-09-06 Navid Emamdoost ath9k: release allocated buffer if timed out
> 3c- 853acf7caf10 2019-09-06 Navid Emamdoost ath9k_htc: release allocated buffer if timed out
>
> # Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences
> # https://www-users.cs.umn.edu/~kjlu/papers/crix.pdf
> # Kangjie Lu, Aditya Pakki, Qiushi Wu
> nf- a663e0df4a37 2020-10-07 Mika Westerberg thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services()
> nf- cb7dc3178a98 2020-08-06 Evgeny Novikov mtd: rawnand: vf610: disable clk on error handling path in probe
> nf- 66673f96f0f9 2020-07-17 Liu Jian ieee802154: fix one possible memleak in adf7242_probe
> nf- 333830aa149a 2020-04-29 Takashi Iwai gpio: exar: Fix bad handling for ida_simple_get error path
> 1c- 6fc232db9e8c 2019-12-15 Aditya Pakki rfkill: Fix incorrect check to avoid NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2c- 8da96730331d 2019-03-15 Kangjie Lu ath10k: fix missing checks for bmi reads and writes
> 3c- 8dbdee8e8acc 2019-09-11 Navid Emamdoost media: usb: null check create_singlethread_workqueue
> 3c- 68085f314d64 2019-09-11 Navid Emamdoost media: gspca: null check create_singlethread_workqueue
> 3c- 4c1fde5077dc 2019-09-11 Navid Emamdoost platform/chrome: cros_usbpd_logger: null check create_singlethread_workqueue
> nc- 864b23f0169d 2019-09-06 Austin Kim x86/platform/uv: Fix kmalloc() NULL check routine
> 3c- d94dfd798c48 2019-08-31 Navid Emamdoost Bluetooth: bpa10x: change return value
> 3c- b95c732234fa 2019-07-24 Navid Emamdoost mt7601u: null check the allocation
> 3c- 09acf29c8246 2019-07-31 Navid Emamdoost staging: rtl8192u: null check the kzalloc
> 3c- afd6d4f5a52c 2019-07-24 Navid Emamdoost drm/panel: check failure cases in the probe func
> 3c- bb1320834b8a 2019-07-21 Navid Emamdoost allocate_flower_entry: should check for null deref
> 3c- ea5ab2e422de 2019-07-19 Navid Emamdoost 8250_lpss: check null return when calling pci_ioremap_bar
> 3c- 3008e06fdf09 2019-07-23 Navid Emamdoost st_nci_hci_connectivity_event_received: null check the allocation
> 3c- 9891d06836e6 2019-07-23 Navid Emamdoost st21nfca_connectivity_event_received: null check the allocation
> 1c- 20d437ee8f48 2019-03-08 Kangjie Lu net: ixgbevf: fix a missing check of ixgbevf_write_msg_read_ack
> https://lore.kernel.org/r/[email protected]
> 2c- e08f0761234d 2019-03-22 Kangjie Lu media: vpss: fix a potential NULL pointer dereference
> 1IR 23015b22e47c 2019-05-14 Kangjie Lu rapidio: fix a NULL pointer dereference when create_workqueue() fails
> https://lore.kernel.org/r/[email protected]
> 1IR a2be42f18d40 2019-03-14 Kangjie Lu ASoC: cs43130: fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1IR 51dd97d1df5f 2019-03-14 Kangjie Lu ASoC: rt5645: fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- d5414c2355b2 2019-03-23 Aditya Pakki rsi: Fix NULL pointer dereference in kmalloc
> https://lore.kernel.org/r/[email protected]
> 1c- 0ed2a0053474 2019-03-12 Kangjie Lu net: cw1200: fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 22e8860cf8f7 2019-03-24 Kangjie Lu net: ieee802154: fix missing checks for regmap_update_bits
> https://lore.kernel.org/r/[email protected]
> 1c- 611025983b79 2019-03-11 Kangjie Lu mmc_spi: add a status check for spi_sync_locked
> https://lore.kernel.org/r/[email protected]
> 2c- d9350f21e5fe 2019-03-22 Aditya Pakki firmware: arm_scmi: replace of_match_device->data with of_device_get_match_data()
> 1c- 507b820009a4 2019-03-15 Kangjie Lu PCI: endpoint: Fix a potential NULL pointer dereference
> https://lore.kernel.org/r/20210422093111.GA20094@lpieralisi
> 1IR e183d4e414b6 2019-04-11 Kangjie Lu net/smc: fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 1adc90c73957 2019-03-12 Aditya Pakki pinctrl: axp209: Fix NULL pointer dereference after allocation
> https://lore.kernel.org/r/[email protected]
> 2If 6f0ce4dfc5a3 2019-03-18 Aditya Pakki mtd: rawnand: vf610: Avoid a potential NULL pointer dereference
> fixed by: cb7dc3178a98 mtd: rawnand: vf610: disable clk on error handling path in probe
> 1c- 75cf4f5aa903 2019-03-14 Kangjie Lu power: charger-manager: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 536cc27deade 2019-03-16 Kangjie Lu iio: hmc5843: fix potential NULL pointer dereferences
> https://lore.kernel.org/r/[email protected]
> 1c- 13814627c965 2019-03-08 Kangjie Lu iio: adc: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2If f0d14edd2ba4 2019-03-15 Kangjie Lu PCI: rcar: Fix a potential NULL pointer dereference
> removed by: ce351636c67f PCI: rcar: Add suspend/resume
> 1IR 765976285a8c 2019-03-12 Kangjie Lu rtlwifi: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- e5b9b206f3f6 2019-03-12 Kangjie Lu net: mwifiex: fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2c- 46953f97224d 2019-03-15 Kangjie Lu brcmfmac: fix missing checks for kmemdup
> 2c- 3c77ff8f8bae 2019-03-24 Kangjie Lu drm/v3d: fix a missing check of pm_runtime_get_sync
> 1IR 1d84353d205a 2019-04-01 Kangjie Lu video: imsttfb: fix potential NULL pointer dereferences
> https://lore.kernel.org/r/CAL_JsqKoqh=-8UHk9JkCgK1fC7bVjVLNehHUM=R_g6fDan3dHg@mail.gmail.com
> 1IR ec7f6aad57ad 2019-04-01 Kangjie Lu video: hgafb: fix potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 31fa6e2ae65f 2019-04-01 Aditya Pakki omapfb: Fix potential NULL pointer dereference in kmalloc
> https://lore.kernel.org/r/[email protected]
> 2IR 0aab8e4df470 2019-03-09 Kangjie Lu leds: pca9532: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2c- 8e949363f017 2019-03-19 Aditya Pakki net: mlx5: Add a missing check on idr_find, free buf
> 1c- b5af36e3e5aa 2019-03-14 Kangjie Lu staging: greybus: audio_manager: fix a missing check of ida_simple_get
> 1c- 699ca3016268 2019-03-25 Kangjie Lu PCI: xilinx: Check for __get_free_pages() failure
> https://lore.kernel.org/r/20210422104224.GB20094@lpieralisi
> 1c- aeb0d0f581e2 2019-03-09 Kangjie Lu media: video-mux: fix null pointer dereferences
> https://lore.kernel.org/r/[email protected]
> 2c- fd21b79e541e 2019-03-25 Aditya Pakki thunderbolt: Fix to check the return value of kmemdup
> 1c- 6183d5a51866 2019-03-25 Kangjie Lu thunderbolt: property: Fix a missing check of kzalloc
> https://lore.kernel.org/r/[email protected]
> 1IR 13bd14a41ce3 2019-03-08 Kangjie Lu char: hpet: fix a missing check of ioremap
> https://lore.kernel.org/r/[email protected]
> 1c- 486fa92df470 2019-03-25 Aditya Pakki libnvdimm/btt: Fix a kmemdup failure check
> https://lore.kernel.org/r/CAPcyv4h6SrYg39NN5WzhiXyD3_FjVW4XVXsK=HUVjWOSPcBaAw@mail.gmail.com
> 1c- 1bbb1c318cd8 2019-03-15 Kangjie Lu tty: ipwireless: fix missing checks for ioremap
> https://lore.kernel.org/r/[email protected]
> https://lore.kernel.org/r/[email protected]
> 1c- e2a438bd7116 2019-03-15 Kangjie Lu RDMA/i40iw: Handle workqueue allocation failure
> https://lore.kernel.org/r/[email protected]
> 2c- 41f00e6e9e55 2019-03-20 Aditya Pakki usb: usb251xb: fix to avoid potential NULL pointer dereference
> 1c- 3de3dbe7c132 2019-03-19 Kangjie Lu usb: u132-hcd: fix potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 1a137b47ce6b 2019-03-24 Kangjie Lu usb: sierra: fix a missing check of device_create_file
> https://lore.kernel.org/r/[email protected]
> 1c- fba1bdd2a9a9 2019-03-14 Kangjie Lu scsi: qla4xxx: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2c- 208c6e8cff1b 2019-03-08 Kangjie Lu drm: vkms: check status of alloc_ordered_workqueue
> 1c- 6cf4511e9729 2019-03-24 Kangjie Lu gpio: aspeed: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/CAMpxmJXn9E7PfRKok7ZyTx0Y+P_q3buArg8YR7wV=+A9Sid2_Q@mail.gmail.com
> 1c- 55c1fc0af29a 2019-03-12 Kangjie Lu libnvdimm/namespace: Fix a potential NULL pointer dereference
> https://lore.kernel.org/r/CAPcyv4jkEn0JoT7Ha36-janNC3UfV4OLGzYFc=Fxe5Gh9u_wCQ@mail.gmail.com
> 2If 7ecced0934e5 2019-03-08 Kangjie Lu gpio: exar: add a check for the return value of ida_simple_get fails
> fixed by: 333830aa149a gpio: exar: Fix bad handling for ida_simple_get error path
> 2c- 48f40b96de2c 2019-03-20 Aditya Pakki thunderbolt: xdomain: Fix to check return value of kmemdup
> 2If 9aabb68568b4 2019-03-20 Aditya Pakki thunderbolt: Fix to check return value of ida_simple_get
> fixed by: a663e0df4a37 thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services()
> 2c- 2cc12751cf46 2019-03-20 Aditya Pakki thunderbolt: Fix to check for kmemdup failure
> 2c- 534c89c22e26 2019-03-14 Kangjie Lu x86/hyperv: Prevent potential NULL pointer dereference
> 1c- 2e84f116afca 2019-03-18 Aditya Pakki x86/hpet: Prevent potential NULL pointer dereference
> https://lore.kernel.org/r/202104211245.F5FEC8D15D@keescook
> 1c- 7671ce0d9293 2019-03-20 Aditya Pakki staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
> https://lore.kernel.org/r/[email protected]
> 1c- e4dfdd5804cc 2019-03-14 Kangjie Lu thunderbolt: Fix a missing check of kmemdup
> https://lore.kernel.org/r/[email protected]
> 1c- 106204b56f60 2019-03-12 Kangjie Lu thunderbolt: property: Fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2If d7737d425745 2019-03-18 Aditya Pakki nfc: Fix to check for kmemdup failure
> fixed by: 7574fcdbdcb3 nfc: fix memory leak in llcp_sock_connect()
> 1IR 63a06181d7ce 2019-03-15 Kangjie Lu scsi: ufs: fix a missing check of devm_reset_control_get
> https://lore.kernel.org/r/YIg/[email protected]
> 1c- 6734330654da 2019-03-14 Kangjie Lu tty: mxs-auart: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- c85be041065c 2019-03-15 Kangjie Lu tty: atmel_serial: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> https://lore.kernel.org/r/[email protected]
> 2c- 3a10e3dd52e8 2019-03-18 Aditya Pakki serial: max310x: Fix to avoid potential NULL pointer dereference
> 1IR 32f47179833b 2019-03-18 Aditya Pakki serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 6c44b15e1c90 2019-03-14 Kangjie Lu HID: logitech: check the return value of create_singlethread_workqueue
> https://lore.kernel.org/r/[email protected]
> 1c- 6d65561f3d5e 2019-03-14 Kangjie Lu netfilter: ip6t_srh: fix NULL pointer dereferences
> https://lore.kernel.org/r/20210422212615.GA13017@salvia
> 1c- f37d8e67f39e 2019-03-13 Aditya Pakki spi : spi-topcliff-pch: Fix to handle empty DMA buffers
> https://lore.kernel.org/r/[email protected]
> 2c- d6cb77228e3a 2019-03-12 Aditya Pakki pinctrl: baytrail: Fix potential NULL pointer dereference
> 2c- 517ccc2aa50d 2019-03-16 Kangjie Lu net: tipc: fix a missing check for nla_nest_start
> 1c- 4589e28db46e 2019-03-15 Kangjie Lu net: tipc: fix a missing check of nla_nest_start
> https://lore.kernel.org/r/[email protected]
> 2c- 07660ca679da 2019-03-15 Kangjie Lu net: ncsi: fix a missing check for nla_nest_start
> 2c- 0fff9bd47e13 2019-03-15 Kangjie Lu net: openvswitch: fix missing checks for nla_nest_start
> 1c- 6f19893b644a 2019-03-14 Kangjie Lu net: openvswitch: fix a NULL pointer dereference
> https://lore.kernel.org/r/CAOftzPioU8h9b=isMPZtE8AYF=+qh_nNEp3rFEyQmb6Fi7QZ2g@mail.gmail.com
> 1IR dcd0feac9bab 2019-03-14 Kangjie Lu ALSA: sb8: add a check for request_region
> https://lore.kernel.org/r/[email protected]
> 2c- 6ade657d6125 2019-03-14 Kangjie Lu ALSA: echoaudio: add a check for ioremap_nocache
> 1c- 228cd2dba27c 2019-03-14 Kangjie Lu net: strparser: fix a missing check for create_singlethread_workqueue
> https://lore.kernel.org/r/[email protected]
> 1IR 5bf7295fe34a 2019-03-14 Aditya Pakki qlcnic: Avoid potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1IR a2c6433ee5a3 2019-03-04 Aditya Pakki ALSA: usx2y: Fix potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2If 2795e8c25161 2019-03-11 Kangjie Lu net: ieee802154: fix a potential NULL pointer dereference
> fixed by: 66673f96f0f9 ieee802154: fix one possible memleak in adf7242_probe
> 2If 4ec850e5dfec 2019-03-12 Kangjie Lu net: dwmac-sun8i: fix a missing check of of_get_phy_mode
> fixed by: 0c65b2b90d13 net: of_get_phy_mode: Change API to solve int/unit warnings
> 2If 035a14e71f27 2019-03-12 Kangjie Lu net: sh_eth: fix a missing check of of_get_phy_mode
> fixed by: 0c65b2b90d13 net: of_get_phy_mode: Change API to solve int/unit warnings
> 1c- c7cbc3e937b8 2019-03-12 Kangjie Lu net: 8390: fix potential NULL pointer dereferences
> https://lore.kernel.org/r/[email protected]
> 1IR 9f4d6358e11b 2019-03-12 Kangjie Lu net: fujitsu: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- eb32cfcdef23 2019-03-12 Kangjie Lu net: qlogic: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 2c- 10010493c126 2019-03-12 Kangjie Lu isdn: hfcpci: fix potential NULL pointer dereference
> 1c- e406f12dde1a 2019-03-04 Aditya Pakki md: Fix failed allocation of md_register_thread
> https://lore.kernel.org/r/YIj2nsovH/[email protected]
> 1c- 5c149314d918 2019-03-11 Kangjie Lu net: rocker: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1c- 0b31d98d90f0 2019-03-11 Kangjie Lu net: thunder: fix a potential NULL pointer dereference
> https://lore.kernel.org/r/20210423130006.fuh3hljkhkrpcvd3@treble
> 1c- 41af8b3a097c 2019-03-11 Kangjie Lu net: lio_core: fix two NULL pointer dereferences
> https://lore.kernel.org/r/[email protected]
> 1IR fe543b2f174f 2019-03-11 Kangjie Lu net: liquidio: fix a NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1IR d721fe99f6ad 2019-03-08 Kangjie Lu isdn: mISDNinfineon: fix potential NULL pointer dereference
> https://lore.kernel.org/r/[email protected]
> 1IR 38d22659803a 2019-03-02 Aditya Pakki isdn: mISDN: Fix potential NULL pointer dereference of kzalloc
> https://lore.kernel.org/r/[email protected]
> 3Ir d1a0846006e4 2019-03-15 Kangjie Lu security: inode: fix a missing check for securityfs_create_file
> reverted by: fe9fd2ef383c Revert "security: inode: fix a missing check for securityfs_create_file"
> 2n- f8ee34c3e77a 2019-03-09 Kangjie Lu media: usbvision: fix a potential NULL pointer dereference
> 2n- 766460852cfa 2019-03-25 Kangjie Lu x86/platform/uv: Fix missing checks of kcalloc() return values
> 2n- 78540a259b05 2019-03-22 Aditya Pakki ASoC: sirf-audio: Remove redundant of_match_node call
> 2n- 6a8ca24590a2 2019-03-20 Aditya Pakki staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
> 2n- d70d70aec963 2019-03-20 Aditya Pakki staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
> 2n- 4280b73092fe 2019-03-11 Kangjie Lu net: qlge: fix a potential NULL pointer dereference
> nf- f87d8ad9233f 2019-01-05 Gustavo A. R. Silva tipc: fix memory leak in tipc_nl_compat_publ_dump
> 2c- 9c6260de505b 2018-12-24 Aditya Pakki infiniband/qedr: Potential null ptr dereference of qp
> 1c- 92ee77d148bf 2018-12-26 Kangjie Lu net: marvell: fix a missing check of acpi_match_device
> https://lore.kernel.org/r/[email protected]
> 2n- 0a54ea9f481f 2018-12-22 Kangjie Lu staging: rtlwifi: rtl8822b: fix a missing check of alloc_skb
> 2c- eb8950861c1b 2018-12-21 Kangjie Lu netfilter: nf_tables: fix a missing check of nla_put_failure
> 2If 46273cf7e009 2018-12-26 Kangjie Lu tipc: fix a missing check of genlmsg_put
> fixed by: f87d8ad9233f tipc: fix memory leak in tipc_nl_compat_publ_dump
>
> # Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs
> # Kangjie Lu, Aditya Pakki, and Qiushi Wu
> # https://www-users.cs.umn.edu/~kjlu/papers/cheq.pdf
> nf- 352bcae97f9b 2019-06-07 Rui Nuno Capela ALSA: ice1712: Check correct return value to snd_i2c_sendbytes (EWS/DMX 6Fire)
> 2c- f4f5748bfec9 2019-06-10 Aditya Pakki netfilter: ipset: fix a missing check of nla_parse
> 1c- 0ab34a08812a 2018-12-20 Kangjie Lu media: si2165: fix a missing check of return value
> https://lore.kernel.org/r/[email protected]
> 2c- 06d5d6b7f994 2019-04-13 Kangjie Lu slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
> nc- 6b7e5cad651a 2019-03-05 Matthew Wilcox mm: remove sysctl_extfrag_handler()
> nc- 979eff22c9f4 2019-01-03 Jeff Kirsher e1000e: fix a missing check for return value
> 1IR 434256833d8e 2019-01-08 Kangjie Lu libertas: add checks for the return value of sysfs_create_group
> https://lore.kernel.org/r/[email protected]
> nf- 07bd14ccc304 2018-12-26 Wei Yongjun hwmon: (lm80) Fix missing unlock on error in set_fan_div()
> 1IR 51f689cc1133 2018-12-25 Kangjie Lu serial: max310x: pass return value of spi_register_driver
> https://lore.kernel.org/r/[email protected]
> 1c- ff07d48d7bc0 2018-12-25 Kangjie Lu atl1e: checking the status of atl1e_write_phy_reg
> https://lore.kernel.org/r/YIu6meOO5SSuCW/[email protected]
> 1c- 9a20b5e35a53 2018-12-25 Kangjie Lu rtc: hym8563: fix a missing check of block data read
> https://lore.kernel.org/r/[email protected]
> https://lore.kernel.org/r/[email protected]
> 2n- 5910fa0d0d98 2018-12-25 Kangjie Lu rtc: coh901331: fix a missing check of clk_prepare
> 1c- 6f12e46eebf1 2018-12-20 Kangjie Lu power: twl4030: fix a missing check of return value
> https://lore.kernel.org/r/[email protected]
> 1c- b05ae01fdb89 2018-12-24 Aditya Pakki misc/ics932s401: Add a missing check to i2c_smbus_read_word_data
> https://lore.kernel.org/r/[email protected]
> 2c- 40619f7dd3ef 2019-01-05 Aditya Pakki PM: clock_ops: fix missing clk_prepare() return value check
> 1IR 248b57015f35 2018-12-25 Kangjie Lu leds: lp5523: fix a missing check of return value of lp55xx_read
> https://lore.kernel.org/r/[email protected]
> 1IR 467a37fba93f 2018-12-27 Aditya Pakki media: dvb: Add check on sp8870_readreg
> https://lore.kernel.org/r/[email protected]
> 1c- 0f787c12ee7b 2018-12-27 Aditya Pakki media: dvb: add return value check on Write16
> https://lore.kernel.org/r/[email protected]
> 1c- 9502cdf08070 2018-12-21 Kangjie Lu media: mt312: fix a missing check of mt312 reset
> https://lore.kernel.org/r/[email protected]
> 1c- c9b7d8f252a5 2018-12-20 Kangjie Lu media: lgdt3306a: fix a missing check of return value
> https://lore.kernel.org/r/[email protected]
> 1IR 656025850074 2018-12-28 Aditya Pakki media: gspca: mt9m111: Check write_bridge for timeout
> https://lore.kernel.org/r/[email protected]
> 1IR a21a0eb56b4e 2018-12-28 Aditya Pakki media: gspca: Check the return value of write_bridge for timeout
> https://lore.kernel.org/r/[email protected]
> 1IR 5b711870bec4 2018-12-25 Kangjie Lu media: usb: gspca: add a missed check for goto_low_power
> https://lore.kernel.org/r/[email protected]
> 1c- 5ceaf5452c1b 2018-12-25 Kangjie Lu media: usb: gspca: add a missed return-value check for do_command
> https://lore.kernel.org/r/YIgQi1V/[email protected]
> 1IR fc6a6521556c 2018-12-26 Kangjie Lu ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()
> https://lore.kernel.org/r/[email protected]
> 1IR 42daad3343be 2018-12-25 Kangjie Lu brcmfmac: add a check for the status of usb_register
> https://lore.kernel.org/r/[email protected]
> 1c- e85bb0beb649 2019-01-07 Aditya Pakki Input: ad7879 - add check for read errors in interrupt
> https://lore.kernel.org/r/YIBa5X+5g/[email protected]
> 2If 44fabd8cdaaa 2018-12-25 Kangjie Lu ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
> fixed by: 02298145559f ASoC: intel: atom: Use managed buffer allocation
> 1IR beae77170c60 2019-01-06 Aditya Pakki ALSA: sb: fix a missing check of snd_ctl_add
> https://lore.kernel.org/r/[email protected]
> 2c- 02cc53e223d4 2019-01-06 Aditya Pakki ALSA: line6: fix check on snd_card_register
> 2If c99776cc4018 2019-01-06 Aditya Pakki ALSA: ice1712: fix a missing check of snd_i2c_sendbytes
> fixed by: 352bcae97f9b ALSA: ice1712: Check correct return value to snd_i2c_sendbytes (EWS/DMX 6Fire)
> 1IR 0f25e000cb43 2018-12-25 Kangjie Lu ALSA: gus: add a check of the status of snd_ctl_add
> https://lore.kernel.org/r/[email protected]
> 1c- c8c270240943 2019-01-05 Aditya Pakki Staging: rts5208: Fix error handling on rtsx_send_cmd
> https://lore.kernel.org/r/[email protected]
> 1c- 73b69c01cc92 2018-12-27 Aditya Pakki staging: rts5208: Add a check for ms_read_extra_data
> https://lore.kernel.org/r/YIf7yB/[email protected]
> 1Ir 906b40b246b0 2018-12-28 Aditya Pakki dmaengine: stm32-mdma: Add a check on read_u32_array
> reverted by: 9dfec7ca0ba7 dmaengine: stm32-mdma: Revert "dmaengine: stm32-mdma: Add a check on read_u32_array"
> 1IR a474b3f0428d 2018-12-28 Aditya Pakki dmaengine: qcom_hidma: Check for driver register failure
> https://lore.kernel.org/r/[email protected]
> 1c- 7c97381e7a9a 2018-12-24 Aditya Pakki dmaengine: mv_xor: Fix a missing check in mv_xor_channel_add
> https://lore.kernel.org/r/YIhUlJ/06/[email protected]
> 2c- 7fc93f3285b1 2018-12-27 Aditya Pakki iio: adc: xilinx: check return value of xadc_write_adc_reg
> 1c- ae0b3773721f 2018-12-20 Kangjie Lu iio: ad9523: fix a missing check of return value
> https://lore.kernel.org/r/[email protected]
> 2c- 6ae16dfb61bc 2018-12-24 Aditya Pakki HID: lenovo: Add checks to fix of_led_classdev_register
> 1c- 9e28989d41c0 2018-12-20 Kangjie Lu mfd: mc13xxx: Fix a missing check of a register-read failure
> https://lore.kernel.org/r/20210423093042.GE6446@dell
> 1c- 94edd87a1c59 2018-12-26 Aditya Pakki infiniband: bnxt_re: qplib: Check the return value of send_message
> https://lore.kernel.org/r/[email protected]
> https://lore.kernel.org/r/CANjDDBhAbobpc1nQLoPABCm5onv=qVoJXLyG79RJwxS=cNnijA@mail.gmail.com
> 1c- e49505f7255b 2018-12-25 Kangjie Lu net: dsa: bcm_sf2: Propagate error value from mdio_write
> https://lore.kernel.org/r/[email protected]
> 1IR f86a3b83833e 2018-12-25 Kangjie Lu net: stmicro: fix a missing check of clk_prepare
> https://lore.kernel.org/r/[email protected]
> 1c- 2d822f2dbab7 2018-12-25 Kangjie Lu net: (cpts) fix a missing check of clk_prepare
> https://lore.kernel.org/r/[email protected]
> 1IR 26fd962bde0b 2018-12-25 Kangjie Lu niu: fix missing checks of niu_pci_eeprom_read
> https://lore.kernel.org/r/[email protected]
> 1c- ca19fcb6285b 2018-12-24 Aditya Pakki net: chelsio: Add a missing check on cudg_get_buffer
> https://lore.kernel.org/r/[email protected]
> 1c- f0fb9b288d0a 2018-12-24 Aditya Pakki ipv6/route: Add a missing check on proc_dointvec
> https://lore.kernel.org/r/[email protected]
> 1c- 0eb987c874dc 2018-12-23 Aditya Pakki net/net_namespace: Check the return value of register_pernet_subsys()
> https://lore.kernel.org/r/[email protected]
> 2c- 89dfd0083751 2018-12-23 Aditya Pakki net/netlink_compat: Fix a missing check of nla_parse_nested
> 1IR 9aa3aa15f4c2 2018-12-21 Kangjie Lu hwmon: (lm80) fix a missing check of bus read in lm80 probe
> https://lore.kernel.org/r/[email protected]
> 2If c9c63915519b 2018-12-21 Kangjie Lu hwmon: (lm80) fix a missing check of the status of SMBus read
> fixed by: 07bd14ccc304 hwmon: (lm80) Fix missing unlock on error in set_fan_div()
> 1c- d134e486e831 2018-12-21 Kangjie Lu net: netxen: fix a missing check and an uninitialized use
> https://lore.kernel.org/r/[email protected]
> 2c- cd07e3701fa6 2018-12-21 Kangjie Lu regulator: tps65910: fix a missing check of return value
> https://lore.kernel.org/r/[email protected]
> 1c- 966e927bf8cc 2018-12-18 Kangjie Lu drivers/regulator: fix a missing check of return value
> https://lore.kernel.org/r/[email protected]
>
> # Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels
> # https://www-users.cs.umn.edu/~kjlu/papers/lrsan.pdf
> # Wenwen Wang, Kangjie Lu, Pen-Chung Yew
> nc- 4a6998aff82a 2018-10-24 Martin Lau bpf, btf: fix a missing check bug in btf_parse
> 2c- 7172122be6a4 2018-10-18 Wenwen Wang crypto: cavium/nitrox - fix a DMA pool free failure
> 1c- b6168562c8ce 2018-10-18 Wenwen Wang net: socket: fix a missing-check bug
> https://lore.kernel.org/r/YIhClSyv/[email protected]
> 1c- 800a7340ab7d 2018-10-03 Wenwen Wang dm ioctl: harden copy_params()'s copy_from_user() from malicious users
> https://lore.kernel.org/r/[email protected]
> 2c- 47db7873136a 2018-10-06 Wenwen Wang scsi: megaraid_sas: fix a missing-check bug
> 2c- 58f5bbe331c5 2018-10-08 Wenwen Wang ethtool: fix a privilege escalation bug
> https://lore.kernel.org/r/[email protected]
> 1c- 2bb3207dbbd4 2018-10-09 Wenwen Wang ethtool: fix a missing-check bug
> https://lore.kernel.org/r/[email protected]
> 2n- 6b995f4eec34 2018-10-10 Wenwen Wang misc: mic: fix a DMA pool free failure
> 2c- 8af03d1ae2e1 2018-10-07 Wenwen Wang bpf: btf: Fix a missing check bug
> 1c- a26ac6c1bed9 2018-10-04 Wenwen Wang media: isif: fix a NULL pointer dereference bug
> https://lore.kernel.org/r/YIgOxtlRDsJD/[email protected]
> 1c- 0781168e23a2 2018-10-05 Wenwen Wang yam: fix a missing-check bug
> https://lore.kernel.org/r/[email protected]
> 1c- 2c05d88818ab 2018-10-05 Wenwen Wang net: cxgb3_main: fix a missing-check bug
> https://lore.kernel.org/r/[email protected]
> 2c- f16b613ca8b3 2018-05-18 Wenwen Wang crypto: chtls - fix a missing-check bug
> 2n- 6009d1fe6ba3 2018-05-21 Wenwen Wang isdn: eicon: fix a missing-check bug
> 2c- 8e03477cb709 2018-05-05 Wenwen Wang i2c: core: smbus: fix a potential missing-check bug
> 1c- bd23a7269834 2018-05-08 Wenwen Wang virt: vbox: Only copy_from_user the request-header once
> https://lore.kernel.org/r/[email protected]
> 1c- 3f12888dfae2 2018-05-05 Wenwen Wang ALSA: control: fix a redundant-copy issue
> https://lore.kernel.org/r/[email protected]
> 1c- 9899e4d3523f 2018-05-07 Wenwen Wang scsi: 3w-xxxx: fix a missing-check bug
> https://lore.kernel.org/r/[email protected]
> 1c- c9318a3e0218 2018-05-07 Wenwen Wang scsi: 3w-9xxx: fix a missing-check bug
> https://lore.kernel.org/r/[email protected]
> 2n- dc487321b1e6 2018-04-30 Wenwen Wang staging: lustre: llite: fix potential missing-check bug when copying lumv
> 1c- d656fe49e33d 2018-04-30 Wenwen Wang ethtool: fix a potential missing-check bug
> https://lore.kernel.org/r/[email protected]
>
> # Later contributions from Wenwen Wang after UMN.
> nf- a75ca9303175 2020-06-01 yu kuai block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
> 3c- f311ade3a7ad 2020-02-01 Wenwen Wang btrfs: ref-verify: fix memory leaks
> 3c- 123c23c6a7b7 2020-02-03 Wenwen Wang NFS: Fix memory leaks
> 3c- fa865ba183d6 2020-01-25 Wenwen Wang firestream: fix memory leaks
> 3c- 8472ba621540 2019-08-12 Wenwen Wang e1000: fix memory leaks
> 3Ir 334f5b61a6f2 2019-08-15 Wenwen Wang ath10k: add cleanup in ath10k_sta_state()
> f4fe2e53349f ath10k: Revert "ath10k: add cleanup in ath10k_sta_state()"
> 3c- 137e92fd1495 2019-08-18 Wenwen Wang mtd: sm_ftl: Fix memory leak in sm_init_zone() error path
> 3c- 6a379f67454a 2019-08-19 Wenwen Wang jffs2: Fix memory leak in jffs2_scan_eraseblock() error path
> 3Ir 9163e0184bd7 2019-08-19 Wenwen Wang ubifs: Fix memory leak bug in alloc_ubifs_info() error path
> reverted by: 91cbf01178c3 Revert "ubifs: Fix memory leak bug in alloc_ubifs_info() error path"
> 3c- 7992e00469c4 2019-08-19 Wenwen Wang ubifs: Fix memory leak in __ubifs_node_verify_hmac error path
> 3c- ce4d8b16e64d 2019-08-19 Wenwen Wang ubifs: Fix memory leak in read_znode() error path
> 3c- 22d11eacc32c 2019-08-11 Wenwen Wang ixgbe: fix memory leaks
> 3c- 145a32fe57e3 2019-08-15 Wenwen Wang airo: fix memory leaks
> 3c- 29b49958cf73 2019-08-20 Wenwen Wang ACPI / PCI: fix acpi_pci_irq_enable() memory leak
> 3IR 03d1571d9513 2019-08-16 Wenwen Wang ACPI: custom_method: fix memory leaks
> 3c- e027a2dea5fd 2019-08-19 Wenwen Wang hwmon (coretemp) Fix a memory leak bug
> 3c- 6ca5989e44d3 2019-08-18 Wenwen Wang media: ti-vpe: Add cleanup in vpdma_list_cleanup()
> 3c- 51d47e578a74 2019-08-18 Wenwen Wang media: fdp1: Fix a memory leak bug
> 3c- 42e64117d3b4 2019-08-18 Wenwen Wang media: saa7146: add cleanup in hexium_attach()
> 3c- 725a28290a53 2019-08-17 Wenwen Wang media: usb: cx231xx-417: fix a memory leak bug
> 3c- 1c770f0f52dc 2019-08-17 Wenwen Wang media: cpia2_usb: fix memory leaks
> 3c- 86aa04f4c221 2019-08-18 Wenwen Wang mtd: rawnand: Fix a memory leak bug
> 3c- d83aef09aaa5 2019-08-18 Wenwen Wang mtd: onenand_base: Fix a memory leak bug
> 3c- de0e4fd2f07c 2019-08-20 Wenwen Wang qed: Add cleanup in qed_slowpath_start()
> 3c- fcd5ce4b3936 2019-08-18 Wenwen Wang media: dvb-core: fix a memory leak bug
> 3c- 2f6451ed8b52 2019-08-17 Wenwen Wang media: dvb-frontends: fix a memory leak bug
> 3c- 8c3d3cdbd5dd 2019-08-17 Wenwen Wang media: dvb-frontends: fix memory leaks
> 3c- 1e672e364494 2019-08-20 Wenwen Wang NFSv4: Fix a memory leak bug
> 3c- dc1a3e8e0cc6 2019-08-18 Wenwen Wang dm raid: add missing cleanup in raid_ctr()
> 3c- 313aca5a9c78 2019-08-19 Wenwen Wang mtd: spi-nor: fix a memory leak bug
> 3c- 60e2dde1e91a 2019-08-19 Wenwen Wang led: triggers: Fix a memory leak bug
> 3c- 2323d7baab2b 2019-08-18 Wenwen Wang infiniband: hfi1: fix memory leaks
> 3c- b08afa064c32 2019-08-18 Wenwen Wang infiniband: hfi1: fix a memory leak bug
> 3c- 5c1baaa82cea 2019-08-18 Wenwen Wang IB/mlx4: Fix memory leaks
> 3c- 962411b05a6d 2019-08-16 Wenwen Wang dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
> 3c- 2c231c0c1dec 2019-08-16 Wenwen Wang dmaengine: ti: dma-crossbar: Fix a memory leak bug
> 3c- cfddf9f4c9f0 2019-08-19 Wenwen Wang locks: fix a memory leak bug in __break_lease()
> 3c- b4a81b87a4cf 2019-08-20 Wenwen Wang ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
> 3c- fe2e082f5da5 2019-08-20 Wenwen Wang ecryptfs: fix a memory leak bug in parse_tag_1_packet()
> 3c- 44ef3a032528 2019-08-15 Wenwen Wang wimax/i2400m: fix a memory leak bug
> 3c- f1472cb09f11 2019-08-14 Wenwen Wang net: kalmia: fix memory leaks
> 3c- 1eca92eef187 2019-08-14 Wenwen Wang cx82310_eth: fix a memory leak bug
> 3c- b9cbf8a64865 2019-08-14 Wenwen Wang lan78xx: Fix memory leaks
> 3c- 20fb7c7a39b5 2019-08-14 Wenwen Wang net: myri10ge: fix memory leaks
> 3c- 6f967f8b1be7 2019-08-14 Wenwen Wang liquidio: add cleanup in octeon_setup_iq()
> 3c- c554336efa9b 2019-08-13 Wenwen Wang cxgb4: fix a memory leak bug
> 3c- 48ec7014c56e 2019-08-12 Wenwen Wang net/mlx4_en: fix a memory leak bug
> 3c- ae78ca3cf3d9 2019-08-11 Wenwen Wang xen/blkback: fix memory leaks
> 3c- 7afe9a4e5665 2019-08-11 Wenwen Wang i3c: master: fix a memory leak bug
> 3c- cfef67f016e4 2019-08-09 Wenwen Wang ALSA: hda - Fix a memory leak bug
> 3c- 1be3c1fae6c1 2019-08-08 Wenwen Wang ALSA: firewire: fix a memory leak bug
> 3c- c7cd7c748a32 2019-08-08 Wenwen Wang sound: fix a memory leak bug
> 3c- 3d92aa45fbfd 2019-08-07 Wenwen Wang ALSA: hiface: fix multiple memory leak bugs
> 3c- a67060201b74 2019-08-06 Wenwen Wang ALSA: usb-audio: fix a memory leak bug
> 3c- d4fddac5a51c 2019-07-14 Wenwen Wang test_firmware: fix a memory leak bug
> 3c- 45004d66f2a2 2019-07-22 Wenwen Wang ASoC: dapm: fix a memory leak bug
> 3c- 15a78ba1844a 2019-07-20 Wenwen Wang netfilter: ebtables: fix a memory leak bug in compat
> 3If e7bf90e5afe3 2019-07-11 Wenwen Wang block/bio-integrity: fix a memory leak bug
> fixed by: a75ca9303175 "block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed"
>
> # Earlier contributions from Kangjie Lu before UMN.
> nf- 55e77a3e8297 2016-07-01 Richard Alpe tipc: fix nl compat regression for link statistics
> 3c- 4116def23379 2016-06-02 Kangjie Lu rds: fix an infoleak in rds_inc_info_copy
> 3If 5d2be1422e02 2016-06-02 Kangjie Lu tipc: fix an infoleak in tipc_nl_compat_link_dump
> fixed by: 55e77a3e8297 tipc: fix nl compat regression for link statistics
> 3c- 79e48650320e 2016-05-08 Kangjie Lu net: fix a kernel infoleak in x25 module
> 3c- e4ec8cc8039a 2016-05-03 Kangjie Lu ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
> 3c- 9a47e9cff994 2016-05-03 Kangjie Lu ALSA: timer: Fix leak in events via snd_timer_user_ccallback
> 3c- cec8f96e49d9 2016-05-03 Kangjie Lu ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
> 3c- 5f8e44741f9f 2016-05-03 Kangjie Lu net: fix infoleak in rtnetlink
> 3c- b8670c09f37b 2016-05-03 Kangjie Lu net: fix infoleak in llc
> 3c- d13829686bba 2016-05-03 Kangjie Lu staging: wilc1000: fix infoleak in wilc_wfi_cfgoperations
>
> # UAF fixes seemingly not associated with known UMN papers.
> 1Ia 0c85a7e87465 2021-04-06 Aditya Pakki net/rds: Avoid potential use after free in rds_send_remove_from_sock
> reverted by: 799bac551218 Revert "net/rds: Avoid potential use after free in rds_send_remove_from_sock"
> 3c- c54d481d71c6 2019-10-21 Navid Emamdoost apparmor: Fix use-after-free in aa_audit_rule_init
>
> # Memory disclosure fixes seemingly not associated with other UMN papers.
> 1IR d39083234c60 2019-10-18 Kangjie Lu media: rcar_drif: fix a memory disclosure
> https://lore.kernel.org/r/[email protected]
> 1c- ec3b7b6eb8c9 2019-10-17 Kangjie Lu drm/gma500: fix memory disclosures due to uninitialized bytes
> https://lore.kernel.org/r/20210429202301.GI31692@amd
> 1c- 57a25a5f754c 2019-10-17 Kangjie Lu gma/gma500: fix a memory disclosure bug due to uninitialized bytes
> https://lore.kernel.org/r/CAKMK7uF6sWeKX0DAaXoT9=xkD9eAAjHtkE0gn+v9YxmYAd3vdg@mail.gmail.com
>
> # Memory leak fixes seemingly not associated with k-meld nor hero.
> nc- fe6c6a4af2be 2020-08-25 Dinghao Liu video: fbdev: radeon: Fix memleak in radeonfb_pci_register
> 1c- cbb88db76a15 2019-04-29 Wenwen Wang ALSA: usx2y: fix a double free bug
> https://lore.kernel.org/r/[email protected]
> 2c- cb5173594d50 2019-04-27 Wenwen Wang ALSA: usb-audio: Fix a memory leak bug
> 1c- 91862cc7867b 2019-04-19 Wenwen Wang tracing: Fix a memory leak by early error exit in trace_pid_write()
> https://lore.kernel.org/r/[email protected]
> 1c- 70c4cf17e445 2019-04-19 Wenwen Wang audit: fix a memory leak bug
> https://lore.kernel.org/r/CAHC9VhTvKeNFPsJadVK_i1+qaQBRSVfdWd+HC_EsgZx3coM8oA@mail.gmail.com
> 1c- ea094d53580f 2019-04-17 Wenwen Wang x86/PCI: Fix PCI IRQ routing table memory leak
> https://lore.kernel.org/r/20210422050919.GA2913711@bjorn-Precision-5520
> 1c- 39416c5872db 2019-04-15 Wenwen Wang udf: fix an uninitialized read bug and remove dead code
> https://lore.kernel.org/r/[email protected]
> 1IR 093c48213ee3 2018-12-26 Wenwen Wang gdrom: fix a memory leak bug
> https://lore.kernel.org/r/[email protected]
> 2n- 15b3048aeed8 2018-12-04 Wenwen Wang misc: mic: fix a DMA pool free failure
>
> # "touched it last" CC of UMN author.
> no- c96da175ba88 2020-11-28 Sam Ravnborg video: fbdev: omapfb: Fix set but not used warnings in dsi
>
> # Much older UMN commits unrelated to the UMN research group.
> 3o- 23779fbc9930 2013-10-23 Alireza Haghdoost block: Enable sysfs nomerge control for I/O requests in the plug list
> 3o- ae0fda0cdf00 2006-07-06 Dave C Boutcher [SCSI] ibmvscsi: handle inactive SCSI target during probe
> 3o- 6c51fe10475e 2006-07-06 Dave C Boutcher [SCSI] ibmvscsi: allocate lpevents for ibmvscsi on iseries
> 3o- cefbda2d6cd9 2006-06-12 Dave C Boutcher [SCSI] ibmvscsi: treat busy and error conditions separately
> 3o- 368a6ba5d188 2006-06-12 Dave C Boutcher [POWERPC] check firmware state before suspending
> 3o- 9b833e428ad2 2006-03-23 Dave C Boutcher [SCSI] ibmvscsi: prevent scsi commands being sent in invalid state
> 3o- b4fd884a037c 2006-02-03 Dave C Boutcher [PATCH] powerpc: remove useless call to touch_softlockup_watchdog
> 3o- 82a4df74628a 2006-02-03 Dave C Boutcher [PATCH] powerpc: prod all processors after ibm,suspend-me
> 3o- c4cb8ecca66e 2006-02-03 Dave C Boutcher [PATCH] powerpc: return correct rtas status from ibm,suspend-me
>
>
> Moving forward
>
> The Linux kernel was started by a university student, and there have
> been strong ties between the kernel and academic communities ever since.
> This collaboration is beneficial both to Linux, which gains from the work
> and ideas of researchers, and to the research community, which is able to
> work with a heavily used kernel and see its ideas deployed in practice.
> This collaboration is worth preserving -- and, indeed deepening. The
> incident described in this paper is seen by some developers in both camps
> as a threat to that collaboration, but it need not turn out that way.
>
> We have two specific recommendations designed to ensure that the kernel
> project and UMN can continue to work together successfully in the future:
>
> - UMN must improve the quality of the changes that are proposed for
> inclusion into the kernel, and
>
> - The TAB, working with researchers, will create a document explaining
> best practices for all research groups to follow when working with the
> kernel (and open-source projects in general).
>
> The combination of these two changes, we hope, will help the kernel and
> research communities to work together fruitfully and prevent incidents
> like this from occurring again.
>
> Development process changes
>
> In the past, the kernel community has often had to deal with a pattern
> of low-quality patches originating from a single company or group.
> These patches consume scarce maintainer time and, over time, lead to tense
> relations between the two groups. In such cases, the kernel community
> has worked with the companies involved to set up internal procedures to
> make the patch creation and submission process work better. When set
> up properly, such a process can reduce the mentoring load on kernel
> maintainers and enable contributors to be more successful in their work.
>
> A common practice in many companies is to designate a set of experienced
> internal developers to review and provide feedback on proposed kernel
> changes before those changes are submitted publicly. This review catches
> obvious mistakes and relieves the community of the need to repeatedly
> remind developers of elementary practices like adherence to coding
> standards and thorough testing of patches. It results in a higher-quality
> patch stream that will encounter fewer problems in the kernel community.
>
> We believe that UMN could benefit from a review process of this type, and
> recommend that UMN find at least one experienced developer to fill this
> role. Having such a reviewer in place could have prevented the submission
> of many of the flawed patches described here. Working with an experienced
> developer can also help UMN researchers toward better interactions with
> the kernel community and would, hopefully, prevent concepts like the
> "Hypocrite Commits" project from getting beyond the idea stage.
>
> Until such a review process is put into place, it will be difficult to
> re-establish the trust between UMN and the kernel community, and patches
> from UMN will continue to find a chilly reception. If UMN needs help
> to find such a developer or to set up an internal review process, the
> TAB will be glad to assist. This is a role the TAB has played with many
> groups in the past.
>
> Best practices for research institutions
>
> This incident has highlighted the differences in the motivations behind
> the kernel development and research communities. While both groups
> are interested in making a better kernel for the massive user community,
> kernel developers tended to be focused on engineering processes, reviewing
> contributions, and mentoring new contributors, while researchers tend
> to be focused on exploring new ideas and methodologies, developing new
> tools, and furthering their understanding of how development communities
> interact. There is a lot of value created by both groups, but they can
> also occasionally lead to conflict.
>
> The kernel community welcomes the help and participation of the research
> community; we know it makes us stronger and more effective. But this
> work must also help with the community's goal of creating a robust kernel
> for production use. When interactions with researchers are seen to only
> benefit the research side while imposing costs on the kernel community,
> friction can result. Examples include posting patches from tools that are
> not ready for a production code base or deliberately trying to subvert the
> patch-review process.
>
> To avoid this friction, to prevent incidents like the one described here
> from happening again, and to encourage better interaction between the two
> communities in general, the TAB will be working with researchers (to be
> named soon) to develop a document describing a set of best practices
> for researchers to follow when working with the kernel community. This
> will be a living document, maintained in the kernel documentation tree
> and evolved over time as needed. Any researchers who would like to
> participate in this effort are encouraged to contact the TAB to express
> their interest.
>
>
> Thanks
>
> The TAB would like to thank the following kernel developers for helping
> with this unexpected re-review of the prior UMN kernel commits. They
> were gracious to give their time to do this work to for the kernel
> community:
> Al Viro
> Alaa Emad
> Alex Williamson
> Alexander Deucher
> Alexandre Belloni
> Alexei Starovoitov
> Anirudh Rayabharam
> Ard Biesheuvel
> Atul Gopinathan
> Bart Van Assche
> Bartosz Golaszewski
> Bjorn Helgaas
> Borislav Petkov
> Bryan Brattlof
> Daniel Borkmann
> Daniel Vetter
> David Howells
> David Sterba
> Devesh Sharma
> Dmitry Torokhov
> Dominik Brodowski
> Doug Ledford
> Du Cheng
> Enric Balletbo
> Fabrizio Castro
> Fatih Yildirim
> Felipe Balbi
> Felix Kuehling
> Florian Fainelli
> Geert Uytterhoeven
> Guenter Roeck
> Hans Verkuil
> Hans de Goede
> J. Bruce Fields
> Jakub Kicinski
> James Morris
> Jan Kara
> Jason Gunthorpe
> Jens Axboe
> Jiri Kosina
> Jiri Slaby
> Joe Stringer
> Joerg Roedel
> Johannes Berg
> Jonathan Cameron
> Josh Poimboeuf
> Juergen Gross
> Julia Lawall
> Kalle Valo
> Kirill Tkhai
> Krzysztof Kozlowski
> Kurt Manucredo
> Laurent Pinchart
> Lee Jones
> Linus Walleij
> Lorenzo Pieralisi
> Matteo Croce
> Mauro Carvalho Chehab
> Mika Westerberg
> Pablo Neira Ayuso
> Paul Moore
> Pavel Machek
> Peter Rosin
> Phillip Potter
> Rafael J. Wysocki
> Richard Genoud
> Richard Guy Briggs
> Rob Herring
> Robert Foss
> Roland Dreier
> Russell King
> Sebastian Reichel
> Shuah Khan
> Sinan Kaya
> Song Liu
> Stefan Schmidt
> Takashi Iwai
> Tariq Toukan
> Tavis Ormandy
> Thomas Gleixner
> Tom Seewald
> Tyler Hicks
> Ulf Hansson
> Viresh Kumar
> Willy Tarreau
--
Kangjie Lu
Assistant Professor
Department of Computer Science and Engineering
University of Minnesota
https://www-users.cs.umn.edu/~kjlu
On Fri, May 07, 2021 at 08:30:21PM -0500, Kangjie Lu wrote:
> We again extend our apologies to the Linux Kernel Community for the
> concerns and extra work caused by our inappropriately designed
> "hypocrite commits" project. We also want to express our appreciation
> for the thoughtful report released by the Linux Technical Advisory
> Board (TAB) on May 5, 2021
> (https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/ ), and
> the willingness of the Linux Foundation to meet with us on May 6,
> 2021.
Awesome; thank you for the apology, and thanks for working with us on
sorting this all out.
> The University of Minnesota team has reviewed the TAB findings and
> want to confirm that the findings are comprehensive with an exception
> discussed below.
>
> One email address missing is a visiting student in the team who used
> the account “Wenjia Zhao <[email protected]>” to send four
> patches for bugs found by a tool:
> https://lore.kernel.org/patchwork/project/lkml/list/?series=&submitter=29945&state=*&q=&archive=both&delegate=.
> None of those patches were accepted or merged.
Ah-ha; thanks for pointing this out!
For my own reference, here's the public-inbox search:
https://lore.kernel.org/lkml/?q=f%3A%22Wenjia+Zhao%22
> All Minnesota patches submitted before August 9, 2020 were part of
> previous bug-finding research projects and submitted in good faith and
> intended to address bugs in the Linux Kernel. The four patches
Yes, and speaking for myself and the larger community: thank you for
this work! There are a lot of bugs, and while exploring new ways to
find bugs is certainly useful, it's the _fixing_ of them that is the
most important thing for Linux. (Best, of course, is discovering and
removing entire bug _classes_, of course.)
There is a lot of research done on the Linux code base, but only a
small set of researchers actually take the extra time and effort to
send patches. So, thank you (and them) for doing that.
It sounds like we're now all on the same page about creating spaces
to further support mentoring (both internally within your group and
externally in public for all interested researchers) to help with both
patch submission process and technical improvements. This will be an
ongoing process, and as plans solidify on our side in the coming weeks
we'll keep you in the loop.
> Furthermore, we want to state unequivocally that no other Linux
> components or any other open software systems were affected by the
> 'hypocrite commits' case study or by any of our other research
> projects. Our “hypocrite commit” work was limited to the Linux Kernel
> only and consisted of only the four patches (one is valid) submitted
> between August 9, 2020 and August 21, 2020.
Thanks for this clarification, too. We had fielded several questions
about this, and I'm sure they weren't the only folks wondering. :)
> We reiterate our apology, and we rededicate ourselves to educating our
> faculty and students in conducting research that is not only of the
> highest technical quality, but also follows the highest ethical
> standards.
Thank you again. I think we all have a good opportunity here to make
the best of the situation and come out the other side for the better.
-Kees
--
Kees Cook
On 2021-05-06 14:02, Metztli Information Technology wrote:
> On Thu, 2021-05-06 at 11:40 -0700, Kees Cook wrote:
> > On Thu, May 06, 2021 at 10:26:16AM +0200, Pavel Machek wrote:
> This has aged well:
>
> "Linux has a problem, which is that with success it is attracting
> people with more skill than what it started with, and it is not doing a
> very good job of handling that. In fact, it downright stinks at it,
> behaving in the worst way it could choose for handling that. [Linux]
> have lost quite a number of FS developers who just don't want to deal
> with people who know less than they do but are obnoxious and
> disrespectful to submissions because they enjoy powertripping...
> *[Linux] should develop a culture in which acceptance is more based on
> whose code measurably performs well [,i.e, meritocracy, rather] than on
> who is friends with whom.*~
>
> < https://lkml.org/lkml/2006/7/21/109 >
This sounds very Objectivist to me. It doesn't appear you read the rest
of the thread. The very first reply to that thread resonates:
https://lkml.org/lkml/2006/7/21/135
This is one of the reasons I gravitated to Linux just over 29 years ago
after a couple of years of exprience in other open source communities.
> Best Professional Regards.
> Jose R R
slainte mhath, RGB
--
Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca>
<http://www.TriColour.ca> -- \___ o \@ @ Ride yer bike!
Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\%
Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________