~ubuntu-kernel/ubuntu/+source/linux/+git/bionic:hwe

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

07f55fe... by Thadeu Lima de Souza Cascardo on 2021-07-15

UBUNTU: Ubuntu-hwe-5.3.0-76.72

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

88273fe... by sandeen on 2021-07-07

UBUNTU: SAUCE: seq_file: Disallow extremely large seq buffer allocations

There is no reasonable need for a buffer larger than this,
and it avoids int overflow pitfalls.

Suggested-by: Al Viro <email address hidden>
Signed-off-by: Eric Sandeen <email address hidden>

CVE-2021-33909
Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Juerg Haefliger <email address hidden>
Acked-by: Benjamin M Romer <email address hidden>

39ec7d4... by Thadeu Lima de Souza Cascardo on 2021-07-15

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

02ad9b5... by Thadeu Lima de Souza Cascardo on 2021-06-21

UBUNTU: Ubuntu-hwe-5.3.0-75.71

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

7ea47b9... by Thadeu Lima de Souza Cascardo on 2021-06-11

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

BugLink: https://bugs.launchpad.net/bugs/1931855 (UAF on CAN BCM bcm_rx_handler (LP: #1931855))

can_rx_register callbacks may be called concurrently to the call to
can_rx_unregister. The callbacks and callback data, though, are protected by
RCU and the struct sock reference count.

So the callback data is really attached to the life of sk, meaning that it
should be released on sk_destruct. However, bcm_remove_op calls tasklet_kill,
and RCU callbacks may be called under RCU softirq, so that cannot be used on
kernels before the introduction of HRTIMER_MODE_SOFT.

However, bcm_rx_handler is called under RCU protection, so after calling
can_rx_unregister, we may call synchronize_rcu in order to wait for any RCU
read-side critical sections to finish. That is, bcm_rx_handler won't be called
anymore for those ops. So, we only free them, after we do that synchronize_rcu.

Reported-by: <email address hidden>
Reported-by: Norbert Slusarek <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Benjamin M Romer <email address hidden>
Acked-by: Ian May <email address hidden>

6e5b723... by Thadeu Lima de Souza Cascardo on 2021-06-21

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

d2a98dd... by Stefan Bader on 2021-04-16

UBUNTU: Ubuntu-hwe-5.3.0-74.70

Signed-off-by: Stefan Bader <email address hidden>

97d95cf... by Stefan Bader on 2021-04-16

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/1924647
Properties: no-test-build
Signed-off-by: Stefan Bader <email address hidden>

31870ed... by Thadeu Lima de Souza Cascardo on 2021-04-15

UBUNTU: SAUCE: vfs_setxattr: free converted value if xattr_permission returns error

BugLink: https://bugs.launchpad.net/bugs/1924611

The backport of commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call
into vfs_setxattr()") did not consider that vfs_setxattr had other exit
paths that would require a converted value to be freed.

If xattr_permission returns a failure, it would cause a memory leak. In the
case of security.capability attribute, which is the only that can allocate
a new value, xattr_permission will return a failure in case of
HAS_UNMAPPED_ID(inode), which would already be caught by cap_convert_nscap,
at !capable_wrt_inode_uidgid(inode, CAP_SETFCAP).

However, if the file IS_IMMUTABLE or IS_APPEND, the failure will be
returned and the leak will happen.

Though setting a file as immutable or append is restricted to
CAP_FILE_IMMUTABLE, the leak was still shown to happen when trying to
setcap on an immutable file after doing a mount unshare.

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Krzysztof Kozlowski <email address hidden>
Acked-by: Andy Whitcroft <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

40bc21a... by Stefan Bader on 2021-04-16

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>