lp:~ubuntu-kernel/ubuntu/+source/linux/+git/mantic

Get this repository:
git clone https://git.qastaging.paddev.net/~ubuntu-kernel/ubuntu/+source/linux/+git/mantic
Members of Ubuntu Kernel Repositories can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
lowlatency-next 2024-07-18 05:33:44 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-45.45.1

Author: Hui Wang
Author Date: 2024-07-18 05:33:44 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-45.45.1

Signed-off-by: Hui Wang <hui.wang@canonical.com>

lowlatency-next--s2024.06.10-1--auto 2024-07-11 20:33:54 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-45.45.1

Author: Ubuntu Kernel Bot
Author Date: 2024-07-11 20:33:53 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-45.45.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.06.10-1--auto 2024-07-04 19:33:43 UTC
UBUNTU: Ubuntu-6.5.0-45.45

Author: Ubuntu Kernel Bot
Author Date: 2024-07-04 19:33:42 UTC

UBUNTU: Ubuntu-6.5.0-45.45

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.06.10-1 2024-07-04 18:56:16 UTC
ubi: Check for too small LEB size in VTBL code

Author: Richard Weinberger
Author Date: 2024-06-07 19:41:57 UTC

ubi: Check for too small LEB size in VTBL code

[ Upstream commit 68a24aba7c593eafa8fd00f2f76407b9b32b47a9 ]

If the LEB size is smaller than a volume table record we cannot
have volumes.
In this case abort attaching.

Cc: Chenyuan Yang <cy54@illinois.edu>
Cc: stable@vger.kernel.org
Fixes: 801c135ce73d ("UBI: Unsorted Block Images")
Reported-by: Chenyuan Yang <cy54@illinois.edu>
Closes: https://lore.kernel.org/linux-mtd/1433EB7A-FC89-47D6-8F47-23BE41B263B3@illinois.edu/
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit d1b505c988b711673d6a2de35222028be081d0d1 linux-6.6.y)
CVE-2024-25739
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com>
Acked-by: Philip Cox <philip.cox@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

lowlatency-next--2024.04.29-3--auto 2024-06-30 06:53:29 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-41.41.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-30 06:53:29 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-41.41.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.06.10-1--auto 2024-06-25 07:23:07 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-44.44.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-25 07:23:05 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-44.44.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.04.29-1--auto 2024-06-21 13:52:01 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-42.42.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 13:52:01 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-42.42.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.29-1--auto 2024-06-20 18:44:40 UTC
UBUNTU: Ubuntu-6.5.0-42.42

Author: Ubuntu Kernel Bot
Author Date: 2024-06-20 18:44:40 UTC

UBUNTU: Ubuntu-6.5.0-42.42

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next 2024-06-17 08:51:38 UTC
ALSA: Fix deadlocks with kctl removals at disconnection

Author: Takashi Iwai
Author Date: 2024-06-11 02:39:28 UTC

ALSA: Fix deadlocks with kctl removals at disconnection

BugLink: https://bugs.launchpad.net/bugs/2061091

In snd_card_disconnect(), we set card->shutdown flag at the beginning,
call callbacks and do sync for card->power_ref_sleep waiters at the
end. The callback may delete a kctl element, and this can lead to a
deadlock when the device was in the suspended state. Namely:

* A process waits for the power up at snd_power_ref_and_wait() in
  snd_ctl_info() or read/write() inside card->controls_rwsem.

* The system gets disconnected meanwhile, and the driver tries to
  delete a kctl via snd_ctl_remove*(); it tries to take
  card->controls_rwsem again, but this is already locked by the
  above. Since the sleeper isn't woken up, this deadlocks.

An easy fix is to wake up sleepers before processing the driver
disconnect callbacks but right after setting the card->shutdown flag.
Then all sleepers will abort immediately, and the code flows again.

So, basically this patch moves the wait_event() call at the right
timing. While we're at it, just to be sure, call wait_event_all()
instead of wait_event(), although we don't use exclusive events on
this queue for now.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=218816
Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20240510101424.6279-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit 87988a534d8e12f2e6fc01fe63e6c1925dc5307c)
Signed-off-by: Guoqing Jiang <guoqing.jiang@canonical.com>
Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com>
Acked-by: Philip Cox <philip.cox@canonical.com>
Acked-by: Chris Chiu <chris.chiu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-prep 2024-06-07 12:59:52 UTC
UBUNTU: Ubuntu-6.5.0-44.44

Author: Stefan Bader
Author Date: 2024-06-07 12:59:52 UTC

UBUNTU: Ubuntu-6.5.0-44.44

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.04.29-1 2024-06-07 10:30:31 UTC
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

Author: Pablo Neira Ayuso
Author Date: 2024-05-29 14:56:00 UTC

netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.

nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called.

Cc: stable@vger.kernel.org
Fixes: 720344340fb9 ("netfilter: nf_tables: GC transaction race with abort path")
Reported-by: Kuan-Ting Chen <hexrabbit@devco.re>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

CVE-2024-26925
(cherry picked from commit 0d459e2ffb541841714839e8228b845458ed3b27)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.06.10-1 2024-06-07 09:55:35 UTC
UBUNTU: SAUCE: Revert "x86/efi: Drop EFI stub .bss from .data section"

Author: Roxana Nicolescu
Author Date: 2024-06-06 07:49:56 UTC

UBUNTU: SAUCE: Revert "x86/efi: Drop EFI stub .bss from .data section"

BugLink: https://bugs.launchpad.net/bugs/2061940

This reverts commit a14a4e066c4b34b98a6c92edb4990fe6c1074877.

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.04.29-3--auto 2024-06-03 16:27:26 UTC
UBUNTU: Ubuntu-6.5.0-37.37

Author: Ubuntu Kernel Bot
Author Date: 2024-06-03 16:27:26 UTC

UBUNTU: Ubuntu-6.5.0-37.37

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

intel-opt-next 2024-05-22 20:33:57 UTC
UBUNTU: Ubuntu-intel-opt-6.5.0-1007.12

Author: Thibf
Author Date: 2024-05-22 20:33:57 UTC

UBUNTU: Ubuntu-intel-opt-6.5.0-1007.12

Signed-off-by: Thibault Ferrante <thibault.ferrante@canonical.com>

lowlatency-next--2024.04.29-1--auto 2024-05-09 04:59:14 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-40.40.1

Author: Ubuntu Kernel Bot
Author Date: 2024-05-09 04:59:14 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-40.40.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.01-1--auto 2024-05-08 08:27:37 UTC
UBUNTU: Ubuntu-6.5.0-35.36

Author: Ubuntu Kernel Bot
Author Date: 2024-05-08 08:27:37 UTC

UBUNTU: Ubuntu-6.5.0-35.36

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-1--auto 2024-05-02 12:45:43 UTC
UBUNTU: Ubuntu-6.5.0-40.40

Author: Ubuntu Kernel Bot
Author Date: 2024-05-02 12:45:43 UTC

UBUNTU: Ubuntu-6.5.0-40.40

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-1 2024-05-02 09:15:10 UTC
Revert "minmax: add umin(a, b) and umax(a, b)"

Author: Stefan Bader
Author Date: 2024-04-08 09:35:47 UTC

Revert "minmax: add umin(a, b) and umax(a, b)"

BugLink: https://bugs.launchpad.net/bugs/2060446

This reverts commit 8d582aac6cd6dfdf58f2905178537a2298518c8c. Patchset
breaks compilation on armhf.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-next--s2024.04.01-1--auto 2024-05-02 01:23:34 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-35.35.1

Author: Ubuntu Kernel Bot
Author Date: 2024-05-02 01:23:34 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-35.35.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.01-1 2024-04-26 05:44:06 UTC
UBUNTU: SAUCE: Revert "cifs: fix flushing folio regression for 6.1 backport"

Author: Matthew Ruffell
Author Date: 2024-04-22 02:30:27 UTC

UBUNTU: SAUCE: Revert "cifs: fix flushing folio regression for 6.1 backport"

BugLink: https://bugs.launchpad.net/bugs/2060919

This reverts commit 21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 (ubuntu-mantic).

__filemap_get_folio() works differently in 6.1.y where the patch was initially
sourced from, to mantic's 6.5 kernel. In 6.1.y, it returns a folio or NULL,
and in 6.5, it returns a folio or negative error code.

With this applied to mantic's 6.5, users would see page faults when attempting
to copy or write to a file from the same directory as the source.

BUG: unable to handle page fault for address: fffffffffffffffe
...
RIP: 0010:cifs_flush_folio+0x41/0xf0 [cifs]
...
Call Trace:
<TASK>
? show_regs+0x6d/0x80
? __die+0x24/0x80
? page_fault_oops+0x99/0x1b0
? kernelmode_fixup_or_oops+0xb2/0x140
? __bad_area_nosemaphore+0x1a5/0x2c0
? bad_area_nosemaphore+0x16/0x30
? do_kern_addr_fault+0x7b/0xa0
? exc_page_fault+0x1a4/0x1b0
? asm_exc_page_fault+0x27/0x30
? cifs_flush_folio+0x41/0xf0 [cifs]
? cifs_flush_folio+0x37/0xf0 [cifs]
cifs_remap_file_range+0x172/0x660 [cifs]
do_clone_file_range+0x101/0x2d0
vfs_clone_file_range+0x3f/0x150
ioctl_file_clone+0x52/0xc0
do_vfs_ioctl+0x68f/0x910
...

"cifs: fix flushing folio regression for 6.1 backport" should have never been
applied to mantic's tree, thus we revert it as a SAUCE patch.

Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--2024.04.01-3--auto 2024-04-24 03:35:42 UTC
UBUNTU: Ubuntu-6.5.0-34.34

Author: Ubuntu Kernel Bot
Author Date: 2024-04-24 03:35:42 UTC

UBUNTU: Ubuntu-6.5.0-34.34

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.04.01-1--auto 2024-04-23 23:11:57 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-34.34.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 23:11:57 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-34.34.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.01-3 2024-04-23 16:03:05 UTC
UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Author: Yuxuan Luo
Author Date: 2024-04-12 19:23:00 UTC

UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Adjusting the config to have BHI mitigations enabled (for now we do use
the auto mode, this differs from upstream).

CVE-2024-2201
Signed-off-by: Yuxuan Luo <yuxuan.luo@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.04.01-2--auto 2024-04-23 13:06:40 UTC
UBUNTU: Ubuntu-6.5.0-29.30

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 13:06:40 UTC

UBUNTU: Ubuntu-6.5.0-29.30

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.01-2 2024-04-23 11:55:08 UTC
UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Author: Yuxuan Luo
Author Date: 2024-04-12 19:23:00 UTC

UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Adjusting the config to have BHI mitigations enabled (for now we do use
the auto mode, this differs from upstream).

CVE-2024-2201
Signed-off-by: Yuxuan Luo <yuxuan.luo@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.03.04-1--auto 2024-04-03 05:42:24 UTC
UBUNTU: Ubuntu-6.5.0-28.29

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 05:42:24 UTC

UBUNTU: Ubuntu-6.5.0-28.29

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.03.04-1--auto 2024-04-03 04:59:41 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-28.29.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 04:59:41 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-28.29.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.03.04-1 2024-03-28 12:33:38 UTC
jfs: fix uaf in jfs_evict_inode

Author: Edward Adam Davis
Author Date: 2024-03-22 17:10:00 UTC

jfs: fix uaf in jfs_evict_inode

When the execution of diMount(ipimap) fails, the object ipimap that has been
released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs
when rcu_core() calls jfs_free_node().

Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as
ipimap.

Reported-and-tested-by: syzbot+01cf2dbcbe2022454388@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>

CVE-2023-52600
(cherry picked from commit e0e1958f4c365e380b17ccb35617345b31ef7bf3)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.03.04-1--auto 2024-03-22 06:59:20 UTC
UBUNTU: Ubuntu-6.5.0-27.27

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 06:59:20 UTC

UBUNTU: Ubuntu-6.5.0-27.27

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.03.04-1--auto 2024-03-22 06:16:25 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-27.28.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 06:16:25 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-27.28.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.02.05-1--auto 2024-03-22 05:42:11 UTC
UBUNTU: Ubuntu-6.5.0-26.26

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 05:42:11 UTC

UBUNTU: Ubuntu-6.5.0-26.26

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.02.05-1--auto 2024-03-22 04:39:06 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-26.26.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 04:39:06 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-26.26.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.02.05-2--auto 2024-03-14 16:28:42 UTC
UBUNTU: Ubuntu-6.5.0-22.22

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 16:28:42 UTC

UBUNTU: Ubuntu-6.5.0-22.22

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.01.08-2--auto 2024-03-14 15:37:25 UTC
UBUNTU: Ubuntu-6.5.0-18.18

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 15:37:25 UTC

UBUNTU: Ubuntu-6.5.0-18.18

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.01.08-1--auto 2024-03-14 14:34:22 UTC
UBUNTU: Ubuntu-lowlatency-6.5.0-21.21.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 14:34:22 UTC

UBUNTU: Ubuntu-lowlatency-6.5.0-21.21.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.02.05-1 2024-03-05 18:03:42 UTC
pwm: Fix out-of-bounds access in of_pwm_single_xlate()

Author: =?utf-8?q?Uwe_Kleine-K=C3=B6nig?=
Author Date: 2024-03-04 20:37:18 UTC

pwm: Fix out-of-bounds access in of_pwm_single_xlate()

With args->args_count == 2 args->args[2] is not defined. Actually the
flags are contained in args->args[1].

Fixes: 3ab7b6ac5d82 ("pwm: Introduce single-PWM of_xlate function")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/243908750d306e018a3d4bf2eb745d53ab50f663.1704835845.git.u.kleine-koenig@pengutronix.de
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
(cherry picked from commit a297d07b9a1e4fb8cda25a4a2363a507d294b7c9)
CVE-2024-26599
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Kevin Becker <kevin.becker@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--2024.03.04-1 2024-03-05 15:33:12 UTC
net: qualcomm: rmnet: fix global oob in rmnet_policy

Author: Lin Ma
Author Date: 2024-03-04 21:52:47 UTC

net: qualcomm: rmnet: fix global oob in rmnet_policy

The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:

==================================================================
BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207

CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:284 [inline]
 print_report+0x172/0x475 mm/kasan/report.c:395
 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495
 validate_nla lib/nlattr.c:386 [inline]
 __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
 __nla_parse+0x3e/0x50 lib/nlattr.c:697
 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]
 __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485
 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594
 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091
 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0x154/0x190 net/socket.c:734
 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482
 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536
 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
 </TASK>

The buggy address belongs to the variable:
 rmnet_policy+0x30/0xe0

The buggy address belongs to the physical page:
page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243
flags: 0x200000000001000(reserved|node=0|zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
                                                 ^
 ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9

According to the comment of `nla_parse_nested_deprecated`, the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.

Fixes: 14452ca3b5ce ("net: qualcomm: rmnet: Export mux_id and flags to netlink")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Subash Abhinov Kasiviswanathan <quic_subashab@quicinc.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://lore.kernel.org/r/20240110061400.3356108-1-linma@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit b33fb5b801c6db408b774a68e7c8722796b59ecc)
CVE-2024-26597
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

lowlatency 2023-03-15 12:03:00 UTC
UBUNTU: Ubuntu-lowlatency-6.2.0-1001.1

Author: Paolo Pisati
Author Date: 2023-03-15 12:03:00 UTC

UBUNTU: Ubuntu-lowlatency-6.2.0-1001.1

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

master 2023-02-24 22:35:34 UTC
UBUNTU: [Config] update annotations to split configs with/without notes

Author: Andrea Righi
Author Date: 2023-02-24 22:35:34 UTC

UBUNTU: [Config] update annotations to split configs with/without notes

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

139 of 39 results
This repository contains Public information 
Everyone can see this information.

Subscribers