Ubuntu
linux package

~henrix/ubuntu/+source/linux/+git/xenial:master-next

  1. Git
  2. lp:~henrix/ubuntu/+source/linux/+git/xenial
  3. master-next
Last commit made on 2016-11-11
Get this branch:
git clone -b master-next https://git.launchpad.net/~henrix/ubuntu/+source/linux/+git/xenial
Only Luis Henriques can upload to this branch. If you are Luis Henriques please log in for upload directions.

Branch merges

Branch information

Name:
master-next
Repository:
lp:~henrix/ubuntu/+source/linux/+git/xenial

Recent commits

7c10ff9... by Luis Henriques

UBUNTU: Ubuntu-4.4.0-49.70

Signed-off-by: Luis Henriques <email address hidden>

5baf929... by Tim Gardner

UBUNTU: [Config] Add hv_network_direct.ko to generic inclusion list

BugLink: http://bugs.launchpad.net/bugs/1639380

Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Brad Figg <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>

4371dba... by Tim Gardner

UBUNTU: [Config] CONFIG_HYPERV_INFINIBAND_ND=m for amd64

BugLink: http://bugs.launchpad.net/bugs/1639380

Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Brad Figg <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>

dbabbf7... by Ubuntu <email address hidden>

UBUNTU: SAUCE: Makefile RDMA infiniband driver for Windows Azure

BugLink: http://bugs.launchpad.net/bugs/1639380

Committer: Long Li <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Brad Figg <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>

40b40d3... by Long Li

UBUNTU: SAUCE: RDMA Infiniband for Windows Azure

BugLink: http://bugs.launchpad.net/bugs/1639380

Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Brad Figg <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>

4a206cc... by Luis Henriques

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Luis Henriques <email address hidden>

880f6bb... by Luis Henriques

UBUNTU: Ubuntu-4.4.0-48.69

Signed-off-by: Luis Henriques <email address hidden>

de8a1b6... by Eric W. Biederman

(upstream) mm: Add a user_ns owner to mm_struct and fix ptrace permission checks

BugLink: https://bugs.launchpad.net/bugs/1639345

During exec dumpable is cleared if the file that is being executed is
not readable by the user executing the file. A bug in
ptrace_may_access allows reading the file if the executable happens to
enter into a subordinate user namespace (aka clone(CLONE_NEWUSER),
unshare(CLONE_NEWUSER), or setns(fd, CLONE_NEWUSER).

This problem is fixed with only necessary userspace breakage by adding
a user namespace owner to mm_struct, captured at the time of exec, so
it is clear in which user namespace CAP_SYS_PTRACE must be present in
to be able to safely give read permission to the executable.

The function ptrace_may_access is modified to verify that the ptracer
has CAP_SYS_ADMIN in task->mm->user_ns instead of task->cred->user_ns.
This ensures that if the task changes it's cred into a subordinate
user namespace it does not become ptraceable.

The function ptrace_attach is modified to only set PT_PTRACE_CAP when
CAP_SYS_PTRACE is held over task->mm->user_ns. The intent of
PT_PTRACE_CAP is to be a flag to note that whatever permission changes
the task might go through the tracer has sufficient permissions for
it not to be an issue. task->cred->user_ns is always the same
as or descendent of mm->user_ns. Which guarantees that having
CAP_SYS_PTRACE over mm->user_ns is the worst case for the tasks
credentials.

To prevent regressions mm->dumpable and mm->user_ns are not considered
when a task has no mm. As simply failing ptrace_may_attach causes
regressions in privileged applications attempting to read things
such as /proc/<pid>/stat

Cc: <email address hidden>
Acked-by: Kees Cook <email address hidden>
Tested-by: Cyrill Gorcunov <email address hidden>
Fixes: 8409cca70561 ("userns: allow ptrace from non-init user namespaces")
Signed-off-by: "Eric W. Biederman" <email address hidden>
(cherry picked from commit 2e41414828bb0b066bde2f156cfa848c38531edf linux-next)
CVE-2015-8709
Signed-off-by: Seth Forshee <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>

e3f2460... by Seth Forshee

Revert "UBUNTU: SAUCE: (noup) ptrace: being capable wrt a process requires mapped uids/gids"

BugLink: https://bugs.launchpad.net/bugs/1639345

This reverts commit a76b8ce7ad1f65a96638f161ff83075de04ec9cc to
apply a more complete fix from linux-next.

CVE-2015-8709
Signed-off-by: Seth Forshee <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>

8b098d1... by Douglas Miller

powerpc/xmon: Add xmon command to dump process/task similar to ps(1)

BugLink: http://bugs.launchpad.net/bugs/1637978

Add 'P' command with optional task_struct address to dump all/one task's
information: task pointer, kernel stack pointer, PID, PPID, state
(interpreted), CPU where (last) running, and command.

Signed-off-by: Douglas Miller <email address hidden>
Signed-off-by: Michael Ellerman <email address hidden>
(cherry picked from commit 6dfb54049f9a99b24fe5d5cd2d3af19eadc8f31f)
Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Acked-by: Brad Figg <email address hidden>
Signed-off-by: Luis Henriques <email address hidden>