Ubuntu
linux-oem package

~canonical-kernel/ubuntu/+source/linux-oem/+git/jammy:oem-6.1-prep

Git
lp:~canonical-kernel/ubuntu/+source/linux-oem/+git/jammy
oem-6.1-prep

Last commit made on 2023-08-04

Get this branch:: git clone -b oem-6.1-prep https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-oem/+git/jammy

Members of Canonical Kernel can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:: oem-6.1-prep

Repository:: lp:~canonical-kernel/ubuntu/+source/linux-oem/+git/jammy

Recent commits

2ce5b48... by Pablo Neira Ayuso <email address hidden> on 2023-08-03

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR

On error when building the rule, the immediate expression unbinds the
chain, hence objects can be deactivated by the transaction records.

Otherwise, it is possible to trigger the following warning:

WARNING: CPU: 3 PID: 915 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
CPU: 3 PID: 915 Comm: chain-bind-err- Not tainted 6.1.39 #1
RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]

Fixes: 4bedf9eee016 ("netfilter: nf_tables: fix chain binding transaction logic")
Reported-by: Kevin Rich <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
(cherry picked from commit 0a771f7b266b02d262900c75f1e175c7fe76fec2)
CVE-2023-4015
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Timo Aaltonen <email address hidden>

23d5311... by Pablo Neira Ayuso <email address hidden> on 2023-08-03

netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID

Bail out with EOPNOTSUPP when adding rule to bound chain via
NFTA_RULE_CHAIN_ID. The following warning splat is shown when
adding a rule to a deleted bound chain:

WARNING: CPU: 2 PID: 13692 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
CPU: 2 PID: 13692 Comm: chain-bound-rul Not tainted 6.1.39 #1
RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]

Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Reported-by: Kevin Rich <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
(cherry picked from commit 0ebc1064e4874d5987722a2ddbc18f94aa53b211)
CVE-2023-3995
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Timo Aaltonen <email address hidden>

6b9bd84... by Pablo Neira Ayuso <email address hidden> on 2023-08-03

netfilter: nf_tables: skip bound chain on rule flush

Skip bound chain when flushing table rules, the rule that owns this
chain releases these objects.

Otherwise, the following warning is triggered:

  WARNING: CPU: 2 PID: 1217 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
  CPU: 2 PID: 1217 Comm: chain-flush Not tainted 6.1.39 #1
  RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]

Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Reported-by: Kevin Rich <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
(cherry picked from commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8)
CVE-2023-3777
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Timo Aaltonen <email address hidden>

99227d4... by "Borislav Petkov (AMD)" <email address hidden> on 2023-07-28

x86/cpu/amd: Move the errata checking functionality up

Avoid new and remove old forward declarations.

No functional changes.

Signed-off-by: Borislav Petkov (AMD) <email address hidden>
(backported from commit 8b6f687743dacce83dbb0c7cfacf88bab00f808a)
[cascardo: small context conflict at set_dr_addr_mask]
CVE-2023-20593
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Timo Aaltonen <email address hidden>

d5e9a8f... by Florian Westphal <email address hidden> on 2023-08-02

netfilter: nft_set_pipapo: fix improper element removal

end key should be equal to start unless NFT_SET_EXT_KEY_END is present.

Its possible to add elements that only have a start key
("{ 1.0.0.0 . 2.0.0.0 }") without an internval end.

Insertion treats this via:

if (nft_set_ext_exists(ext, NFT_SET_EXT_KEY_END))
end = (const u8 *)nft_set_ext_key_end(ext)->data;
else
end = start;

but removal side always uses nft_set_ext_key_end().
This is wrong and leads to garbage remaining in the set after removal
next lookup/insert attempt will give:

BUG: KASAN: slab-use-after-free in pipapo_get+0x8eb/0xb90
Read of size 1 at addr ffff888100d50586 by task nft-pipapo_uaf_/1399
Call Trace:
kasan_report+0x105/0x140
pipapo_get+0x8eb/0xb90
nft_pipapo_insert+0x1dc/0x1710
nf_tables_newsetelem+0x31f5/0x4e00
..

Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Reported-by: lonial con <email address hidden>
Reviewed-by: Stefano Brivio <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
(cherry picked from commit 87b5a5c209405cb6b57424cdfa226a6dbd349232)
CVE-2023-4004
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Timo Aaltonen <email address hidden>

43cefef... by Timo Aaltonen on 2023-08-03

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/2029478
Properties: no-test-build
Signed-off-by: Timo Aaltonen <email address hidden>

d5feb87... by Timo Aaltonen on 2023-08-03

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Timo Aaltonen <email address hidden>

7fecc12... by Timo Aaltonen on 2023-08-03

UBUNTU: SAUCE: Revert "libbpf: fix offsetof() and container_of() to work with CO-RE"

BugLink: https://bugs.launchpad.net/bugs/2028932

This broke the build of ubuntu_bpf tests.

This reverts commit ca6f352ba5c8ccde01289d433401f28e6c260e07.

Signed-off-by: Timo Aaltonen <email address hidden>

ff7ba04... by Hersen Wu <email address hidden> on 2023-06-26

Revert "drm/amd/display: edp do not add non-edid timings"

BugLink: https://bugs.launchpad.net/bugs/2028848

commit d6149086b45e150c170beaa4546495fd1880724c upstream.

This change causes regression when eDP and external display in mirror
mode. When external display supports low resolution than eDP, use eDP
timing to driver external display may cause corruption on external
display.

This reverts commit e749dd10e5f292061ad63d2b030194bf7d7d452c.

Cc: <email address hidden>
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2655
Signed-off-by: Hersen Wu <email address hidden>
Reviewed-by: Mario Limonciello <email address hidden>
Signed-off-by: Alex Deucher <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 1d4607f2a50c749e47a4b80030733cbf77c5570a)
Signed-off-by: Timo Aaltonen <email address hidden>

bce926a... by Timo Aaltonen on 2023-07-24

UBUNTU: Ubuntu-oem-6.1-6.1.0-1018.18

Signed-off-by: Timo Aaltonen <email address hidden>

Ubuntulinux-oem package

~canonical-kernel/ubuntu/+source/linux-oem/+git/jammy:oem-6.1-prep

Branch merges

Related source package recipes

Related snap packages

Related charm recipes

Branch information

Recent commits

Ubuntu
linux-oem package