lp:~ubuntu-kernel/ubuntu/+source/linux/+git/focal

Get this repository:
git clone https://git.qastaging.paddev.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
Members of Ubuntu Kernel Repositories can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
master-next 2024-08-09 15:26:52 UTC
rxrpc: Fix delayed ACKs to not set the reference serial number

Author: David Howells
Author Date: 2024-08-06 15:01:40 UTC

rxrpc: Fix delayed ACKs to not set the reference serial number

Fix the construction of delayed ACKs to not set the reference serial number
as they can't be used as an RTT reference.

Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
(backported from e7870cf13d20f56bfc19f9c3e89707c69cf104ef)
[mpellizzer: removed the "ackr_serial" field from
the struct "rxrpc_call" and adjusted the code accordingly]
CVE-2024-26677
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

hwe-5.15-next 2024-08-07 12:51:24 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-119.129~20.04.1

Author: Stefan Bader
Author Date: 2024-08-07 12:51:24 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-119.129~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-prep 2024-08-02 18:11:02 UTC
UBUNTU: Ubuntu-5.4.0-195.215

Author: Roxana Nicolescu
Author Date: 2024-08-02 18:11:02 UTC

UBUNTU: Ubuntu-5.4.0-195.215

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--s2024.07.08-1 2024-07-30 15:58:57 UTC
inet: inet_defrag: prevent sk release while still in use

Author: Florian Westphal
Author Date: 2024-07-29 23:51:45 UTC

inet: inet_defrag: prevent sk release while still in use

ip_local_out() and other functions can pass skb->sk as function argument.

If the skb is a fragment and reassembly happens before such function call
returns, the sk must not be released.

This affects skb fragments reassembled via netfilter or similar
modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline.

Eric Dumazet made an initial analysis of this bug. Quoting Eric:
  Calling ip_defrag() in output path is also implying skb_orphan(),
  which is buggy because output path relies on sk not disappearing.

  A relevant old patch about the issue was :
  8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()")

  [..]

  net/ipv4/ip_output.c depends on skb->sk being set, and probably to an
  inet socket, not an arbitrary one.

  If we orphan the packet in ipvlan, then downstream things like FQ
  packet scheduler will not work properly.

  We need to change ip_defrag() to only use skb_orphan() when really
  needed, ie whenever frag_list is going to be used.

Eric suggested to stash sk in fragment queue and made an initial patch.
However there is a problem with this:

If skb is refragmented again right after, ip_do_fragment() will copy
head->sk to the new fragments, and sets up destructor to sock_wfree.
IOW, we have no choice but to fix up sk_wmem accouting to reflect the
fully reassembled skb, else wmem will underflow.

This change moves the orphan down into the core, to last possible moment.
As ip_defrag_offset is aliased with sk_buff->sk member, we must move the
offset into the FRAG_CB, else skb->sk gets clobbered.

This allows to delay the orphaning long enough to learn if the skb has
to be queued or if the skb is completing the reasm queue.

In the former case, things work as before, skb is orphaned. This is
safe because skb gets queued/stolen and won't continue past reasm engine.

In the latter case, we will steal the skb->sk reference, reattach it to
the head skb, and fix up wmem accouting when inet_frag inflates truesize.

Fixes: 7026b1ddb6b8 ("netfilter: Pass socket pointer down through okfn().")
Diagnosed-by: Eric Dumazet <edumazet@google.com>
Reported-by: xingwei lee <xrivendell7@gmail.com>
Reported-by: yue sun <samsun1006219@gmail.com>
Reported-by: syzbot+e5167d7144a62715044c@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20240326101845.30836-1-fw@strlen.de
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
(backported from commit 18685451fc4e546fc0e718580d32df3c0e5c8272)
[vpeixoto: missing commits 2e47eece158a ("ipv4: remove unnecessary
type castings") and 8672406eb5d7 ("net: ip: Handle delivery_time in ip
defrag") introduce context conflicts but are irrelevant to the fix,
so a manual backport is appropriate.]
CVE-2024-26921
Signed-off-by: Vinicius Peixoto <vinicius.peixoto@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Kevin Becker <kevin.becker@canonical.com>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>

hwe-5.15-next--s2024.06.10-1--auto 2024-07-11 17:09:13 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-117.127~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-07-11 17:09:13 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-117.127~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.07.08-1--auto 2024-07-05 20:01:14 UTC
UBUNTU: Ubuntu-5.4.0-191.211

Author: Ubuntu Kernel Bot
Author Date: 2024-07-05 20:01:14 UTC

UBUNTU: Ubuntu-5.4.0-191.211

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.07.08-1 2024-07-05 07:48:25 UTC
UBUNTU: Upstream stable to v5.4.278

Author: Portia Stephens
Author Date: 2024-07-02 01:28:10 UTC

UBUNTU: Upstream stable to v5.4.278

BugLink: https://bugs.launchpad.net/bugs/2071668

Ignore: yes
Signed-off-by: Portia Stephens <portia.stephens@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.06.10-1--auto 2024-07-04 21:19:53 UTC
UBUNTU: Ubuntu-5.4.0-190.210

Author: Ubuntu Kernel Bot
Author Date: 2024-07-04 21:19:53 UTC

UBUNTU: Ubuntu-5.4.0-190.210

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.06.10-1 2024-07-04 15:22:30 UTC
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

Author: Daniel Starke
Author Date: 2024-06-21 21:18:00 UTC

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

commit 47388e807f85948eefc403a8a5fdc5b406a65d5a upstream.

Assuming the following:
- side A configures the n_gsm in basic option mode
- side B sends the header of a basic option mode frame with data length 1
- side A switches to advanced option mode
- side B sends 2 data bytes which exceeds gsm->len
  Reason: gsm->len is not used in advanced option mode.
- side A switches to basic option mode
- side B keeps sending until gsm0_receive() writes past gsm->buf
  Reason: Neither gsm->state nor gsm->len have been reset after
  reconfiguration.

Fix this by changing gsm->count to gsm->len comparison from equal to less
than. Also add upper limit checks against the constant MAX_MRU in
gsm0_receive() and gsm1_receive() to harden against memory corruption of
gsm->len and gsm->mru.

All other checks remain as we still need to limit the data according to the
user configuration and actual payload size.

Reported-by: j51569436@gmail.com
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708
Tested-by: j51569436@gmail.com
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2024-36016
(cherry picked from commit 0fb736c9931e02dbc7d9a75044c8e1c039e50f04 linux-5.10.y)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.15-next--2024.06.10-4--auto 2024-07-01 17:06:47 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-116.126~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-07-01 17:06:47 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-116.126~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--s2024.04.29-1--auto 2024-06-21 20:46:39 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-113.123~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 20:46:39 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-113.123~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--2024.04.29-3--auto 2024-06-21 10:13:51 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-112.122~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 10:13:51 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-112.122~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.29-1--auto 2024-06-21 02:42:25 UTC
UBUNTU: Ubuntu-5.4.0-187.207

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 02:42:25 UTC

UBUNTU: Ubuntu-5.4.0-187.207

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-1--auto 2024-06-21 02:10:36 UTC
UBUNTU: Ubuntu-5.4.0-186.206

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 02:10:36 UTC

UBUNTU: Ubuntu-5.4.0-186.206

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--2024.06.10-1--auto 2024-06-13 10:30:43 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-115.125~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-13 10:30:42 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-115.125~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.29-1 2024-06-07 10:30:31 UTC
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

Author: Pablo Neira Ayuso
Author Date: 2024-05-29 14:57:00 UTC

netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.

nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called.

Cc: stable@vger.kernel.org
Fixes: 720344340fb9 ("netfilter: nf_tables: GC transaction race with abort path")
Reported-by: Kuan-Ting Chen <hexrabbit@devco.re>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

CVE-2024-26925
(cherry picked from commit 0d459e2ffb541841714839e8228b845458ed3b27)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.06.10-1 2024-06-06 09:53:01 UTC
UBUNTU: Upstream stable to v5.4.275

Author: Portia Stephens
Author Date: 2024-06-03 06:55:17 UTC

UBUNTU: Upstream stable to v5.4.275

BugLink: https://bugs.launchpad.net/bugs/2067865

Ignore: yes
Signed-off-by: Portia Stephens <portia.stephens@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.15-next--s2024.04.01-1--auto 2024-06-03 12:49:52 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-108.118~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-03 12:49:52 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-108.118~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--2024.04.29-1--auto 2024-05-08 17:46:25 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-111.121~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-05-08 17:46:24 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-111.121~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.01-1--auto 2024-05-02 07:34:39 UTC
UBUNTU: Ubuntu-5.4.0-182.202

Author: Ubuntu Kernel Bot
Author Date: 2024-05-02 07:34:39 UTC

UBUNTU: Ubuntu-5.4.0-182.202

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-1 2024-04-25 18:51:36 UTC
cifs: fix ntlmssp auth when there is no key exchange

Author: Paulo Alcantara
Author Date: 2024-04-17 10:38:55 UTC

cifs: fix ntlmssp auth when there is no key exchange

BugLink: https://bugs.launchpad.net/bugs/2061986

Warn on the lack of key exchange during NTLMSSP authentication rather
than aborting it as there are some servers that do not set it in
CHALLENGE message.

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
(backported from commit 9de0737d5ba0425c3154d5d83da12a8fa8595c0f)
[rmalz: commit fails to cherry-pick due to changes introduced
by commit 49bd49f983b5026e4557d31c5d737d9657c4113e, which is not
relevant to the change]
Signed-off-by: Robert Malz <robert.malz@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--s2024.04.01-1 2024-04-25 17:13:42 UTC
wifi: mac80211: fix potential key use-after-free

Author: Johannes Berg
Author Date: 2024-04-12 20:02:17 UTC

wifi: mac80211: fix potential key use-after-free

When ieee80211_key_link() is called by ieee80211_gtk_rekey_add()
but returns 0 due to KRACK protection (identical key reinstall),
ieee80211_gtk_rekey_add() will still return a pointer into the
key, in a potential use-after-free. This normally doesn't happen
since it's only called by iwlwifi in case of WoWLAN rekey offload
which has its own KRACK protection, but still better to fix, do
that by returning an error code and converting that to success on
the cfg80211 boundary only, leaving the error for bad callers of
ieee80211_gtk_rekey_add().

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: fdf7cb4185b6 ("mac80211: accept key reinstall without changing anything")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(backported from commit 31db78a4923ef5e2008f2eed321811ca79e7f71b)
[bjamison: context conflict - added KRACK protection as written in the fix
commit since the context conflict was with a neighboring line that doesn't
affect the fix commit]
CVE-2023-52530
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--2024.04.01-1--auto 2024-04-24 03:31:15 UTC
UBUNTU: Ubuntu-5.4.0-181.201

Author: Ubuntu Kernel Bot
Author Date: 2024-04-24 03:31:15 UTC

UBUNTU: Ubuntu-5.4.0-181.201

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.01-1 2024-04-23 21:01:55 UTC
UBUNTU: [Packaging] drop getabis data

Author: Roxana Nicolescu
Author Date: 2024-03-28 14:19:07 UTC

UBUNTU: [Packaging] drop getabis data

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

hwe-5.15-next--2024.04.01-3--auto 2024-04-23 01:55:48 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-106.116~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 01:55:48 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-106.116~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--2024.04.01-1--auto 2024-04-22 15:50:53 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-106.116~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-22 15:50:53 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-106.116~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.03.04-1--auto 2024-04-03 01:11:35 UTC
UBUNTU: Ubuntu-5.4.0-177.197

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 01:11:35 UTC

UBUNTU: Ubuntu-5.4.0-177.197

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.03.04-2--auto 2024-03-28 12:59:05 UTC
UBUNTU: Ubuntu-5.4.0-174.192

Author: Ubuntu Kernel Bot
Author Date: 2024-03-28 12:59:05 UTC

UBUNTU: Ubuntu-5.4.0-174.192

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.03.04-2 2024-03-28 12:28:10 UTC
hvcs: Synchronize hotplug remove with port free

Author: Brian King
Author Date: 2024-03-08 12:28:00 UTC

hvcs: Synchronize hotplug remove with port free

BugLink: https://bugs.launchpad.net/bugs/2056373

Synchronizes hotplug remove with the freeing of the port.
This ensures we have freed all the memory associated with
this port and are not leaking memory.

Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Link: https://lore.kernel.org/r/20230203155802.404324-6-brking@linux.vnet.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

(cherry picked from commit 28d49f8cbe9c7966f91ee1b5ec2f997f6e55bf9f)
Signed-off-by: Frank Heimes <frank.heimes@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Cengiz Can <cengiz.can@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.03.04-1--auto 2024-03-22 15:13:50 UTC
UBUNTU: Ubuntu-5.4.0-175.194

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 15:13:50 UTC

UBUNTU: Ubuntu-5.4.0-175.194

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--2024.03.04-1--auto 2024-03-22 10:32:43 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-102.112~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 10:32:43 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-102.112~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--s2024.02.05-1--auto 2024-03-22 02:40:15 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-101.111~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 02:40:15 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-101.111~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.02.05-1--auto 2024-03-21 21:03:24 UTC
UBUNTU: Ubuntu-5.4.0-174.192

Author: Ubuntu Kernel Bot
Author Date: 2024-03-21 21:03:24 UTC

UBUNTU: Ubuntu-5.4.0-174.192

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--s2024.01.08-1--auto 2024-03-14 13:33:17 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-97.107~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 13:33:17 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-97.107~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.01.08-1--auto 2024-03-14 10:58:14 UTC
UBUNTU: Ubuntu-5.4.0-172.190

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 10:58:14 UTC

UBUNTU: Ubuntu-5.4.0-172.190

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.02.05-1--auto 2024-03-14 03:59:13 UTC
UBUNTU: Ubuntu-5.4.0-173.191

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 03:59:13 UTC

UBUNTU: Ubuntu-5.4.0-173.191

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-5.15-next--2024.02.05-1--auto 2024-03-14 00:20:28 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-100.110~20.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 00:20:28 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-100.110~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.03.04-1 2024-03-06 09:35:45 UTC
UBUNTU: [Packaging] Remove abi-check from final-checks

Author: Roxana Nicolescu
Author Date: 2024-03-05 15:13:21 UTC

UBUNTU: [Packaging] Remove abi-check from final-checks

BugLink: https://bugs.launchpad.net/bugs/2055686

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--s2024.02.05-1 2024-03-05 17:48:14 UTC
scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

Author: Tuo Li
Author Date: 2024-02-22 17:45:00 UTC

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

The variable phba->fcf.fcf_flag is often protected by the lock
phba->hbalock() when is accessed. Here is an example in
lpfc_unregister_fcf_rescan():

  spin_lock_irq(&phba->hbalock);
  phba->fcf.fcf_flag |= FCF_INIT_DISC;
  spin_unlock_irq(&phba->hbalock);

However, in the same function, phba->fcf.fcf_flag is assigned with 0
without holding the lock, and thus can cause a data race:

  phba->fcf.fcf_flag = 0;

To fix this possible data race, a lock and unlock pair is added when
accessing the variable phba->fcf.fcf_flag.

Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20230630024748.1035993-1-islituo@gmail.com
Reviewed-by: Justin Tee <justin.tee@broadcom.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

CVE-2024-24855
(cherry picked from commit 0e881c0a4b6146b7e856735226208f48251facd8)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.15-prep 2023-11-16 13:58:44 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-91.101~20.04.1

Author: Stefan Bader
Author Date: 2023-11-16 13:58:44 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-91.101~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master 2022-10-14 16:32:31 UTC
UBUNTU: Ubuntu-5.4.0-131.147

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-10-14 16:32:31 UTC

UBUNTU: Ubuntu-5.4.0-131.147

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

hwe-5.15 2022-10-13 12:47:29 UTC
UBUNTU: Ubuntu-hwe-5.15-5.15.0-52.58~20.04.1

Author: Stefan Bader
Author Date: 2022-10-13 12:47:29 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-52.58~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.13-next 2022-07-08 13:16:31 UTC
llc: only change llc->dev when bind() succeeds

Author: Eric Dumazet
Author Date: 2022-06-21 19:09:00 UTC

llc: only change llc->dev when bind() succeeds

commit 2d327a79ee176930dc72c131a970c891d367c1dc upstream.

My latest patch, attempting to fix the refcount leak in a minimal
way turned out to add a new bug.

Whenever the bind operation fails before we attempt to grab
a reference count on a device, we might release the device refcount
of a prior successful bind() operation.

syzbot was not happy about this [1].

Note to stable teams:

Make sure commit b37a46683739 ("netdevice: add the case if dev is NULL")
is already present in your trees.

[1]
general protection fault, probably for non-canonical address 0xdffffc0000000070: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]
CPU: 1 PID: 3590 Comm: syz-executor361 Tainted: G W 5.17.0-syzkaller-04796-g169e77764adc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:llc_ui_connect+0x400/0xcb0 net/llc/af_llc.c:500
Code: 80 3c 02 00 0f 85 fc 07 00 00 4c 8b a5 38 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a9 07 00 00 49 8b b4 24 80 03 00 00 4c 89 f2 48
RSP: 0018:ffffc900038cfcc0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880756eb600 RCX: 0000000000000000
RDX: 0000000000000070 RSI: ffffc900038cfe3e RDI: 0000000000000380
RBP: ffff888015ee5000 R08: 0000000000000001 R09: ffff888015ee5535
R10: ffffed1002bdcaa6 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc900038cfe37 R14: ffffc900038cfe38 R15: ffff888015ee5012
FS: 0000555555acd300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000280 CR3: 0000000077db6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __sys_connect_file+0x155/0x1a0 net/socket.c:1900
 __sys_connect+0x161/0x190 net/socket.c:1917
 __do_sys_connect net/socket.c:1927 [inline]
 __se_sys_connect net/socket.c:1924 [inline]
 __x64_sys_connect+0x6f/0xb0 net/socket.c:1924
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f016acb90b9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd417947f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f016acb90b9
RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 00007f016ac7d0a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f016ac7d130
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:llc_ui_connect+0x400/0xcb0 net/llc/af_llc.c:500

Fixes: 764f4eb6846f ("llc: fix netdevice reference leaks in llc_ui_bind()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: 赵子轩 <beraphin@gmail.com>
Cc: Stoyan Manolov <smanolov@suse.de>
Link: https://lore.kernel.org/r/20220325035827.360418-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2022-28356
(cherry picked from commit 163960a7de1333514c9352deb7c80c6b9fd9abf2 linux-5.10.y)
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.13 2022-06-02 22:48:21 UTC
UBUNTU: Ubuntu-hwe-5.13-5.13.0-48.54~20.04.1

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-06-02 22:48:21 UTC

UBUNTU: Ubuntu-hwe-5.13-5.13.0-48.54~20.04.1

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

hwe-5.13-prep 2022-05-23 13:33:01 UTC
UBUNTU: Ubuntu-hwe-5.13-5.13.0-46.51~20.04.1

Author: Stefan Bader
Author Date: 2022-05-23 13:33:01 UTC

UBUNTU: Ubuntu-hwe-5.13-5.13.0-46.51~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.11-next 2022-03-09 14:54:36 UTC
UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Author: Stefan Bader
Author Date: 2022-03-09 14:54:36 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.11-prep 2022-03-09 14:54:36 UTC
UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Author: Stefan Bader
Author Date: 2022-03-09 14:54:36 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.11 2022-01-06 23:13:46 UTC
UBUNTU: Ubuntu-hwe-5.11-5.11.0-46.51~20.04.1

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-01-06 23:13:46 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-46.51~20.04.1

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

hwe-5.8 2021-10-27 08:49:04 UTC
UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Author: Stefan Bader
Author Date: 2021-10-27 08:49:04 UTC

UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.8-prep 2021-10-27 08:49:04 UTC
UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Author: Stefan Bader
Author Date: 2021-10-27 08:49:04 UTC

UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

150 of 50 results
This repository contains Public information 
Everyone can see this information.