~canonical-kernel/ubuntu/+source/linux-oem-osp1/+git/bionic:oem-next

Last commit made on 2020-10-22
Get this branch:
git clone -b oem-next https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-oem-osp1/+git/bionic
Members of Canonical Kernel can upload to this branch. Log in for directions.

Branch merges

Branch information

Recent commits

3732598... by Stefan Bader

UBUNTU: Ubuntu-oem-osp1-5.0.0-1071.77

Signed-off-by: Stefan Bader <email address hidden>

76a1806... by Stefan Bader

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

f554381... by Stefan Bader

UBUNTU: [Packaging] Fix path of master branch

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

fea03ed... by Stefan Bader

UBUNTU: Ubuntu-oem-osp1-5.0.0-1070.76

Signed-off-by: Stefan Bader <email address hidden>

8ba891d... by Stefan Bader

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/1899961
Properties: no-test-build
Signed-off-by: Stefan Bader <email address hidden>

887ed62... by Stefan Bader

UBUNTU: [Config] oem-osp1: Disable BlueZ highspeed support

The Intel BlueZ project recommends in [1] to disable highspeed support
as part of the fixes for the security issues. This does the required
changes.

[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html

CVE-2020-24490
CVE-2020-12351
CVE-2020-12352
Signed-off-by: Stefan Bader <email address hidden>

a212a55... by Alain Michaud <email address hidden>

Bluetooth: fix kernel oops in store_pending_adv_report

BugLink: https://bugs.launchpad.net/bugs/1891063

[ Upstream commit a2ec905d1e160a33b2e210e45ad30445ef26ce0e ]

Fix kernel oops observed when an ext adv data is larger than 31 bytes.

This can be reproduced by setting up an advertiser with advertisement
larger than 31 bytes. The issue is not sensitive to the advertisement
content. In particular, this was reproduced with an advertisement of
229 bytes filled with 'A'. See stack trace below.

This is fixed by not catching ext_adv as legacy adv are only cached to
be able to concatenate a scanable adv with its scan response before
sending it up through mgmt.

With ext_adv, this is no longer necessary.

  general protection fault: 0000 [#1] SMP PTI
  CPU: 6 PID: 205 Comm: kworker/u17:0 Not tainted 5.4.0-37-generic #41-Ubuntu
  Hardware name: Dell Inc. XPS 15 7590/0CF6RR, BIOS 1.7.0 05/11/2020
  Workqueue: hci0 hci_rx_work [bluetooth]
  RIP: 0010:hci_bdaddr_list_lookup+0x1e/0x40 [bluetooth]
  Code: ff ff e9 26 ff ff ff 0f 1f 44 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 48 39 c7 75 0a eb 24 48 8b 00 48 39 f8 74 1c 44 8b 06 <44> 39 40 10 75 ef 44 0f b7 4e 04 66 44 39 48 14 75 e3 38 50 16 75
  RSP: 0018:ffffbc6a40493c70 EFLAGS: 00010286
  RAX: 4141414141414141 RBX: 000000000000001b RCX: 0000000000000000
  RDX: 0000000000000000 RSI: ffff9903e76c100f RDI: ffff9904289d4b28
  RBP: ffffbc6a40493c70 R08: 0000000093570362 R09: 0000000000000000
  R10: 0000000000000000 R11: ffff9904344eae38 R12: ffff9904289d4000
  R13: 0000000000000000 R14: 00000000ffffffa3 R15: ffff9903e76c100f
  FS: 0000000000000000(0000) GS:ffff990434580000(0000) knlGS:0000000000000000
  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007feed125a000 CR3: 00000001b860a003 CR4: 00000000003606e0
  Call Trace:
    process_adv_report+0x12e/0x560 [bluetooth]
    hci_le_meta_evt+0x7b2/0xba0 [bluetooth]
    hci_event_packet+0x1c29/0x2a90 [bluetooth]
    hci_rx_work+0x19b/0x360 [bluetooth]
    process_one_work+0x1eb/0x3b0
    worker_thread+0x4d/0x400
    kthread+0x104/0x140

Fixes: c215e9397b00 ("Bluetooth: Process extended ADV report event")
Reported-by: Andy Nguyen <email address hidden>
Reported-by: Linus Torvalds <email address hidden>
Reported-by: Balakrishna Godavarthi <email address hidden>
Signed-off-by: Alain Michaud <email address hidden>
Tested-by: Sonny Sasaka <email address hidden>
Acked-by: Marcel Holtmann <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Ian May <email address hidden>
Signed-off-by: Kelsey Skunberg <email address hidden>

CVE-2020-24490
(cherry picked from commit ea037cc40cc323c08eae0058cf8fa011f4c76173 Focal)
Signed-off-by: Stefan Bader <email address hidden>

1c12ae1... by Stefan Bader

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

2b6b540... by Thadeu Lima de Souza Cascardo

UBUNTU: Ubuntu-oem-osp1-5.0.0-1069.75

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

0286a8e... by Thadeu Lima de Souza Cascardo

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>