Ubuntu
linux package

~timg-tpi/ubuntu/+source/linux/+git/focal:hwe-5.8-prep

Git
lp:~timg-tpi/ubuntu/+source/linux/+git/focal
hwe-5.8-prep

Last commit made on 2021-10-05

Get this branch:: git clone -b hwe-5.8-prep https://git.launchpad.net/~timg-tpi/ubuntu/+source/linux/+git/focal

Only Tim Gardner can upload to this branch. If you are Tim Gardner please log in for upload directions.

Branch merges

Branch information

Name:: hwe-5.8-prep

Repository:: lp:~timg-tpi/ubuntu/+source/linux/+git/focal

Recent commits

1e8e663... by Stefan Bader on 2021-10-05

UBUNTU: Ubuntu-hwe-5.8-5.8.0-66.74

Signed-off-by: Stefan Bader <email address hidden>

39ab9b8... by Stefan Bader on 2021-10-04

UBUNTU: debian/dkms-versions -- update from kernel-versions (main/2021.09.27)

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Stefan Bader <email address hidden>

83b1186... by Stefan Bader on 2021-10-04

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/1944903
Properties: no-test-build
Signed-off-by: Stefan Bader <email address hidden>

6360cad... by Qu Wenruo <email address hidden> on 2021-10-04

btrfs: fix NULL pointer dereference when deleting device by invalid id

BugLink: https://bugs.launchpad.net/bugs/1945987

[BUG]
It's easy to trigger NULL pointer dereference, just by removing a
non-existing device id:

# mkfs.btrfs -f -m single -d single /dev/test/scratch1 \
/dev/test/scratch2
# mount /dev/test/scratch1 /mnt/btrfs
# btrfs device remove 3 /mnt/btrfs

Then we have the following kernel NULL pointer dereference:

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 9 PID: 649 Comm: btrfs Not tainted 5.14.0-rc3-custom+ #35
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
RIP: 0010:btrfs_rm_device+0x4de/0x6b0 [btrfs]
  btrfs_ioctl+0x18bb/0x3190 [btrfs]
  ? lock_is_held_type+0xa5/0x120
  ? find_held_lock.constprop.0+0x2b/0x80
  ? do_user_addr_fault+0x201/0x6a0
  ? lock_release+0xd2/0x2d0
  ? __x64_sys_ioctl+0x83/0xb0
  __x64_sys_ioctl+0x83/0xb0
  do_syscall_64+0x3b/0x90
  entry_SYSCALL_64_after_hwframe+0x44/0xae

[CAUSE]
Commit a27a94c2b0c7 ("btrfs: Make btrfs_find_device_by_devspec return
btrfs_device directly") moves the "missing" device path check into
btrfs_rm_device().

But btrfs_rm_device() itself can have case where it only receives
@devid, with NULL as @device_path.

In that case, calling strcmp() on NULL will trigger the NULL pointer
dereference.

Before that commit, we handle the "missing" case inside
btrfs_find_device_by_devspec(), which will not check @device_path at all
if @devid is provided, thus no way to trigger the bug.

[FIX]
Before calling strcmp(), also make sure @device_path is not NULL.

Fixes: a27a94c2b0c7 ("btrfs: Make btrfs_find_device_by_devspec return btrfs_device directly")
CC: <email address hidden> # 5.4+
Reported-by: butt3rflyh4ck <email address hidden>
Reviewed-by: Anand Jain <email address hidden>
Signed-off-by: Qu Wenruo <email address hidden>
Reviewed-by: David Sterba <email address hidden>
Signed-off-by: David Sterba <email address hidden>

(cherry picked from commit e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091)
Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Colin King <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

ce1631d... by Trond Myklebust <email address hidden> on 2021-09-27

NFSv4: Initialise connection to the server in nfs4_alloc_client()

Set up the connection to the NFSv4 server in nfs4_alloc_client(), before
we've added the struct nfs_client to the net-namespace's nfs_client_list
so that a downed server won't cause other mounts to hang in the trunking
detection code.

Reported-by: Michael Wakabayashi <email address hidden>
Fixes: 5c6e5b60aae4 ("NFS: Fix an Oops in the pNFS files and flexfiles connection setup to the DS")
Signed-off-by: Trond Myklebust <email address hidden>
(cherry picked from commit dd99e9f98fbf423ff6d365b37a98e8879170f17c)
CVE-2021-38199
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

8fb787b... by Adrian Bunk on 2021-10-01

bnx2x: Fix enabling network interfaces without VFs

BugLink: https://bugs.launchpad.net/bugs/1945707

This function is called to enable SR-IOV when available,
not enabling interfaces without VFs was a regression.

Fixes: 65161c35554f ("bnx2x: Fix missing error code in bnx2x_iov_init_one()")
Signed-off-by: Adrian Bunk <email address hidden>
Reported-by: YunQiang Su <email address hidden>
Tested-by: YunQiang Su <email address hidden>
Cc: <email address hidden>
Acked-by: Shai Malin <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit 52ce14c134a003fee03d8fc57442c05a55b53715)
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

80533ca... by Vasily Averin on 2021-09-28

memcg: enable accounting of ipc resources

When user creates IPC objects it forces kernel to allocate memory for
these long-living objects.

It makes sense to account them to restrict the host's memory consumption
from inside the memcg-limited container.

This patch enables accounting for IPC shared memory segments, messages
semaphores and semaphore's undo lists.

Link: https://<email address hidden>
Signed-off-by: Vasily Averin <email address hidden>
Reviewed-by: Shakeel Butt <email address hidden>
Cc: Alexander Viro <email address hidden>
Cc: Alexey Dobriyan <email address hidden>
Cc: Andrei Vagin <email address hidden>
Cc: Borislav Petkov <email address hidden>
Cc: Borislav Petkov <email address hidden>
Cc: Christian Brauner <email address hidden>
Cc: Dmitry Safonov <email address hidden>
Cc: "Eric W. Biederman" <email address hidden>
Cc: Greg Kroah-Hartman <email address hidden>
Cc: "H. Peter Anvin" <email address hidden>
Cc: Ingo Molnar <email address hidden>
Cc: "J. Bruce Fields" <email address hidden>
Cc: Jeff Layton <email address hidden>
Cc: Jens Axboe <email address hidden>
Cc: Jiri Slaby <email address hidden>
Cc: Johannes Weiner <email address hidden>
Cc: Kirill Tkhai <email address hidden>
Cc: Michal Hocko <email address hidden>
Cc: Oleg Nesterov <email address hidden>
Cc: Roman Gushchin <email address hidden>
Cc: Serge Hallyn <email address hidden>
Cc: Tejun Heo <email address hidden>
Cc: Thomas Gleixner <email address hidden>
Cc: Vladimir Davydov <email address hidden>
Cc: Yutian Yang <email address hidden>
Cc: Zefan Li <email address hidden>
Signed-off-by: Andrew Morton <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
(backported from commit 18319498fdd4cdf8c1c2c48cd432863b1f915d6f)
[cascardo: some kvmalloc were replaced by kmalloc]
CVE-2021-3759
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

7cc56d3... by Chao Yu <email address hidden> on 2021-09-29

f2fs: fix to do sanity check on segment/section count

As syzbot reported:

BUG: KASAN: slab-out-of-bounds in init_min_max_mtime fs/f2fs/segment.c:4710 [inline]
BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0x9302/0xa6d0 fs/f2fs/segment.c:4792
Read of size 8 at addr ffff8880a1b934a8 by task syz-executor682/6878

CPU: 1 PID: 6878 Comm: syz-executor682 Not tainted 5.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xae/0x497 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
init_min_max_mtime fs/f2fs/segment.c:4710 [inline]
f2fs_build_segment_manager+0x9302/0xa6d0 fs/f2fs/segment.c:4792
f2fs_fill_super+0x381a/0x6e80 fs/f2fs/super.c:3633
mount_bdev+0x32e/0x3f0 fs/super.c:1417
legacy_get_tree+0x105/0x220 fs/fs_context.c:592
vfs_get_tree+0x89/0x2f0 fs/super.c:1547
do_new_mount fs/namespace.c:2875 [inline]
path_mount+0x1387/0x20a0 fs/namespace.c:3192
do_mount fs/namespace.c:3205 [inline]
__do_sys_mount fs/namespace.c:3413 [inline]
__se_sys_mount fs/namespace.c:3390 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3390
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9

The root cause is: if segs_per_sec is larger than one, and segment count
in last section is less than segs_per_sec, we will suffer out-of-boundary
memory access on sit_i->sentries[] in init_min_max_mtime().

Fix this by adding sanity check among segment count, section count and
segs_per_sec value in sanity_check_raw_super().

Reported-by: <email address hidden>
Signed-off-by: Chao Yu <email address hidden>
Signed-off-by: Jaegeuk Kim <email address hidden>
(cherry-picked from commit 3a22e9ac71585bcb7667e44641f1bbb25295f0ce)
CVE-2019-19449
Signed-off-by: Luke Nowakowski-Krijger <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

413e997... by Wang Xiaojun <email address hidden> on 2021-09-29

f2fs: fix wrong total_sections check and fsmeta check

Meta area is not included in section_count computation.
So the minimum number of total_sections is 1 meanwhile it cannot be
greater than segment_count_main.

The minimum number of meta segments is 8 (SB + 2 (CP + SIT + NAT) + SSA).

Signed-off-by: Wang Xiaojun <email address hidden>
Reviewed-by: Chao Yu <email address hidden>
Signed-off-by: Jaegeuk Kim <email address hidden>
(cherry-picked from commit f99ba9add67ce63eca3fe68a3d5e9996cd2c33b5)
CVE-2019-19449
Signed-off-by: Luke Nowakowski-Krijger <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

8aa0a7c... by Dimitri John Ledkov on 2021-06-15

UBUNTU: [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

BugLink: https://bugs.launchpad.net/bugs/1932029
Signed-off-by: Dimitri John Ledkov <email address hidden>
Signed-off-by: Andrea Righi <email address hidden>
(cherry picked from commit 741f622c4dbc162b82f8c9045f9c6c6446f57eb5 impish:linux)
Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

Ubuntulinux package

~timg-tpi/ubuntu/+source/linux/+git/focal:hwe-5.8-prep

Branch merges

Related source package recipes

Related snap packages

Related charm recipes

Branch information

Recent commits

Ubuntu
linux package