lp:~ubuntu-kernel/ubuntu/+source/linux/+git/jammy

Get this repository:
git clone https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy
Members of Ubuntu Kernel Repositories can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
hwe-6.8-next 2024-10-02 14:39:24 UTC
UBUNTU: Ubuntu-hwe-6.8-6.8.0-47.47~22.04.1

Author: Stefan Bader
Author Date: 2024-10-02 14:39:24 UTC

UBUNTU: Ubuntu-hwe-6.8-6.8.0-47.47~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-next 2024-10-01 15:01:03 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-124.134

Author: Stefan Bader
Author Date: 2024-10-01 15:01:03 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-124.134

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-prep 2024-09-27 12:49:01 UTC
UBUNTU: Ubuntu-5.15.0-125.135

Author: Stefan Bader
Author Date: 2024-09-27 12:49:01 UTC

UBUNTU: Ubuntu-5.15.0-125.135

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next 2024-09-27 12:49:01 UTC
UBUNTU: Ubuntu-5.15.0-125.135

Author: Stefan Bader
Author Date: 2024-09-27 12:49:01 UTC

UBUNTU: Ubuntu-5.15.0-125.135

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.09.02-1 2024-09-25 19:47:18 UTC
netem: fix return value if duplicate enqueue fails

Author: Stephen Hemminger
Author Date: 2024-08-19 17:56:45 UTC

netem: fix return value if duplicate enqueue fails

BugLink: https://bugs.launchpad.net/bugs/2080594

[ Upstream commit c07ff8592d57ed258afee5a5e04991a48dbaf382 ]

There is a bug in netem_enqueue() introduced by
commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")
that can lead to a use-after-free.

This commit made netem_enqueue() always return NET_XMIT_SUCCESS
when a packet is duplicated, which can cause the parent qdisc's q.qlen
to be mistakenly incremented. When this happens qlen_notify() may be
skipped on the parent during destruction, leaving a dangling pointer
for some classful qdiscs like DRR.

There are two ways for the bug happen:

- If the duplicated packet is dropped by rootq->enqueue() and then
  the original packet is also dropped.
- If rootq->enqueue() sends the duplicated packet to a different qdisc
  and the original packet is dropped.

In both cases NET_XMIT_SUCCESS is returned even though no packets
are enqueued at the netem qdisc.

The fix is to defer the enqueue of the duplicate packet until after
the original packet has been guaranteed to return NET_XMIT_SUCCESS.

Fixes: 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")
Reported-by: Budimir Markovic <markovicbudimir@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20240819175753.5151-1-stephen@networkplumber.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
CVE-2024-45016
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--2024.08.05-2--auto 2024-09-10 11:29:50 UTC
UBUNTU: Ubuntu-5.15.0-120.130

Author: Ubuntu Kernel Bot
Author Date: 2024-09-10 11:29:50 UTC

UBUNTU: Ubuntu-5.15.0-120.130

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.8-next 2024-09-03 02:51:12 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.8-6.8.0-45.45.1~22.04.1

Author: Mehmet Basaran
Author Date: 2024-09-03 02:51:12 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.8-6.8.0-45.45.1~22.04.1

Signed-off-by: Mehmet Basaran <mehmet.basaran@canonical.com>

lowlatency-next--s2024.08.05-1--auto 2024-09-03 02:44:15 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-122.132

Author: Ubuntu Kernel Bot
Author Date: 2024-09-03 02:44:15 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-122.132

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.08.05-1--auto 2024-09-02 18:49:04 UTC
UBUNTU: Ubuntu-5.15.0-122.132

Author: Ubuntu Kernel Bot
Author Date: 2024-09-02 18:49:04 UTC

UBUNTU: Ubuntu-5.15.0-122.132

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.8-next--s2024.08.05-1--auto 2024-09-02 09:28:34 UTC
UBUNTU: Ubuntu-hwe-6.8-6.8.0-45.45~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-09-02 09:28:33 UTC

UBUNTU: Ubuntu-hwe-6.8-6.8.0-45.45~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.08.05-1 2024-08-28 20:06:51 UTC
cgroup/cpuset: Optimize cpuset_attach() on v2

Author: Waiman Long
Author Date: 2024-08-14 03:41:00 UTC

cgroup/cpuset: Optimize cpuset_attach() on v2

BugLink: https://bugs.launchpad.net/bugs/2076957

It was found that with the default hierarchy, enabling cpuset in the
child cgroups can trigger a cpuset_attach() call in each of the child
cgroups that have tasks with no change in effective cpus and mems. If
there are many processes in those child cgroups, it will burn quite a
lot of cpu cycles iterating all the tasks without doing useful work.

Optimizing this case by comparing between the old and new cpusets and
skip useless update if there is no change in effective cpus and mems.
Also mems_allowed are less likely to be changed than cpus_allowed. So
skip changing mm if there is no change in effective_mems and
CS_MEMORY_MIGRATE is not set.

By inserting some instrumentation code and running a simple command in
a container 200 times in a cgroup v2 system, it was found that all the
cpuset_attach() calls are skipped (401 times in total) as there was no
change in effective cpus and mems.

Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

(backported from commit 7fd4da9c1584be97ffbc40e600a19cb469fd4e78)
[mruffell: context adjustment to keep mutex_lock() instead of
 percpu_down_write()]
Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com>
Acked-by: Aaron Jauregui <aaron.jauregui@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.07.08-1 2024-08-01 14:30:16 UTC
UBUNTU: SAUCE: Revert "randomize_kstack: Improve entropy diffusion"

Author: Roxana Nicolescu
Author Date: 2024-08-01 13:45:49 UTC

UBUNTU: SAUCE: Revert "randomize_kstack: Improve entropy diffusion"

BugLink: https://bugs.launchpad.net/bugs/2073267

This reverts "randomize_kstack: Improve entropy diffusion" that changed
the kernel stack for entropy to 1KiB, limitting the thread kernel stack to
15KiB. This impacts virtualbox 6.1.50 on jammy, that is no longer
maintained upstream. The issue does not persist on version 7.0.20 due to a
code refactoring that probably resulted in less stack usage. Fixing it on
the jammy virtualbox package side is not straightfoward because the fix is
not easy to backport to 6.x and upgrading the jammy package to 7.x breaks
current users machines.
This is a temporary solution needed due to the impact, more investigation
is required.

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>

hwe-6.5-next 2024-07-23 14:57:32 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-59.59

Author: Stefan Bader
Author Date: 2024-07-23 14:56:48 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-59.59

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-6.5-next 2024-07-19 09:50:46 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-45.45.1~22.04.1

Author: Roxana Nicolescu
Author Date: 2024-07-19 09:50:46 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-45.45.1~22.04.1

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

hwe-6.5-next--s2024.06.10-1--auto 2024-07-11 21:12:38 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-45.45~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-07-11 21:12:38 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-45.45~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.06.10-1--auto 2024-07-11 15:54:16 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-117.127

Author: Ubuntu Kernel Bot
Author Date: 2024-07-11 15:54:16 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-117.127

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.07.08-1--auto 2024-07-05 19:50:19 UTC
UBUNTU: Ubuntu-5.15.0-118.128

Author: Ubuntu Kernel Bot
Author Date: 2024-07-05 19:50:19 UTC

UBUNTU: Ubuntu-5.15.0-118.128

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.07.08-1 2024-07-05 07:46:50 UTC
UBUNTU: Upstream stable to v5.15.160

Author: Manuel Diewald
Author Date: 2024-06-24 14:47:54 UTC

UBUNTU: Upstream stable to v5.15.160

BugLink: https://bugs.launchpad.net/bugs/2070292

Ignore: yes
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.06.10-1--auto 2024-07-04 21:14:26 UTC
UBUNTU: Ubuntu-5.15.0-117.127

Author: Ubuntu Kernel Bot
Author Date: 2024-07-04 21:14:25 UTC

UBUNTU: Ubuntu-5.15.0-117.127

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.06.10-1 2024-07-04 18:53:04 UTC
netfilter: nf_tables: missing iterator type in lookup walk

Author: Pablo Neira Ayuso
Author Date: 2024-07-01 17:02:00 UTC

netfilter: nf_tables: missing iterator type in lookup walk

Add missing decorator type to lookup expression and tighten WARN_ON_ONCE
check in pipapo to spot earlier that this is unset.

Fixes: 29b359cf6d95 ("netfilter: nft_set_pipapo: walk over current view on netlink dump")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

CVE-2024-27017
(cherry picked from commit efefd4f00c967d00ad7abe092554ffbb70c1a793)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Kuba Pawlak <kuba.pawlak@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-6.5-next--2024.06.10-1--auto 2024-07-04 17:13:01 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-44.44.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-07-04 17:13:00 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-44.44.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.06.10-4--auto 2024-07-01 14:53:49 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-114.124

Author: Ubuntu Kernel Bot
Author Date: 2024-07-01 14:53:49 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-114.124

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.06.10-4--auto 2024-07-01 10:28:13 UTC
UBUNTU: Ubuntu-5.15.0-114.124

Author: Ubuntu Kernel Bot
Author Date: 2024-07-01 10:28:13 UTC

UBUNTU: Ubuntu-5.15.0-114.124

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--s2024.04.29-1--auto 2024-06-22 15:25:37 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-42.42.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-22 15:25:37 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-42.42.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--2024.04.29-3--auto 2024-06-22 14:03:25 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-41.41.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-22 14:03:25 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-41.41.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.06.10-1--auto 2024-06-22 04:35:11 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-114.124

Author: Ubuntu Kernel Bot
Author Date: 2024-06-22 04:35:11 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-114.124

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--2024.06.10-1--auto 2024-06-22 02:27:52 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-44.44~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-22 02:27:52 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-44.44~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--s2024.04.29-1--auto 2024-06-21 14:52:29 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-42.42~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 14:52:29 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-42.42~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.04.29-3--auto 2024-06-21 10:03:20 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-109.119

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 10:03:20 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-109.119

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--2024.04.29-3--auto 2024-06-21 09:41:58 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-41.41~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 09:41:58 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-41.41~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.06.10-1--auto 2024-06-21 03:04:45 UTC
UBUNTU: Ubuntu-5.15.0-114.124

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 03:04:45 UTC

UBUNTU: Ubuntu-5.15.0-114.124

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.29-1--auto 2024-06-21 02:36:55 UTC
UBUNTU: Ubuntu-5.15.0-113.123

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 02:36:55 UTC

UBUNTU: Ubuntu-5.15.0-113.123

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-3--auto 2024-06-21 02:26:58 UTC
UBUNTU: Ubuntu-5.15.0-109.119

Author: Ubuntu Kernel Bot
Author Date: 2024-06-21 02:26:58 UTC

UBUNTU: Ubuntu-5.15.0-109.119

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.04.29-1--auto 2024-06-12 23:12:52 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-111.121

Author: Ubuntu Kernel Bot
Author Date: 2024-06-12 23:12:52 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-111.121

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.29-1 2024-06-07 10:28:33 UTC
netfilter: nft_set_pipapo: do not free live element

Author: Florian Westphal
Author Date: 2024-05-22 22:19:15 UTC

netfilter: nft_set_pipapo: do not free live element

[ Upstream commit 3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc ]

Pablo reports a crash with large batches of elements with a
back-to-back add/remove pattern. Quoting Pablo:

  add_elem("00000000") timeout 100 ms
  ...
  add_elem("0000000X") timeout 100 ms
  del_elem("0000000X") <---------------- delete one that was just added
  ...
  add_elem("00005000") timeout 100 ms

  1) nft_pipapo_remove() removes element 0000000X
  Then, KASAN shows a splat.

Looking at the remove function there is a chance that we will drop a
rule that maps to a non-deactivated element.

Removal happens in two steps, first we do a lookup for key k and return the
to-be-removed element and mark it as inactive in the next generation.
Then, in a second step, the element gets removed from the set/map.

The _remove function does not work correctly if we have more than one
element that share the same key.

This can happen if we insert an element into a set when the set already
holds an element with same key, but the element mapping to the existing
key has timed out or is not active in the next generation.

In such case its possible that removal will unmap the wrong element.
If this happens, we will leak the non-deactivated element, it becomes
unreachable.

The element that got deactivated (and will be freed later) will
remain reachable in the set data structure, this can result in
a crash when such an element is retrieved during lookup (stale
pointer).

Add a check that the fully matching key does in fact map to the element
that we have marked as inactive in the deactivation step.
If not, we need to continue searching.

Add a bug/warn trap at the end of the function as well, the remove
function must not ever be called with an invisible/unreachable/non-existent
element.

v2: avoid uneeded temporary variable (Stefano)

Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 14b001ba221136c15f894577253e8db535b99487 linux-6.8.y)
CVE-2024-26924
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--2024.06.10-1 2024-06-05 14:07:55 UTC
UBUNTU: Upstream stable to v5.15.158

Author: Portia Stephens
Author Date: 2024-06-04 02:33:52 UTC

UBUNTU: Upstream stable to v5.15.158

BugLink: https://bugs.launchpad.net/bugs/2067974

Ignore: yes
Signed-off-by: Portia Stephens <portia.stephens@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-6.5-next--s2024.04.01-1--auto 2024-05-10 05:39:20 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-35.35~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-05-10 05:39:20 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-35.35~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.04.29-1--auto 2024-05-08 16:52:07 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-111.121

Author: Ubuntu Kernel Bot
Author Date: 2024-05-08 16:52:06 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-111.121

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--2024.04.29-1--auto 2024-05-08 14:39:46 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-40.40~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-05-08 14:39:46 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-40.40~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--s2024.04.01-1--auto 2024-05-06 15:56:30 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-35.35.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-05-06 15:56:29 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-35.35.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-1--auto 2024-05-02 08:03:54 UTC
UBUNTU: Ubuntu-5.15.0-111.121

Author: Ubuntu Kernel Bot
Author Date: 2024-05-02 08:03:54 UTC

UBUNTU: Ubuntu-5.15.0-111.121

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.04.01-1--auto 2024-05-02 05:45:18 UTC
UBUNTU: Ubuntu-5.15.0-107.117

Author: Ubuntu Kernel Bot
Author Date: 2024-05-02 05:45:18 UTC

UBUNTU: Ubuntu-5.15.0-107.117

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.04.01-1--auto 2024-05-02 05:34:57 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-107.117

Author: Ubuntu Kernel Bot
Author Date: 2024-05-02 05:34:57 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-107.117

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.29-1 2024-04-25 19:01:21 UTC
wifi: rtw89: download firmware with five times retry

Author: Chia-Yuan Li
Author Date: 2024-04-23 02:18:44 UTC

wifi: rtw89: download firmware with five times retry

BugLink: https://bugs.launchpad.net/bugs/2063096

After firmware boots, it reads keys info from efuse and checks secure
checksum, but suddenly failed to access efuse resulting in probe failure,
and driver throws messages:

  rtw89_8852be 0000:03:00.0: fw security fail
  rtw89_8852be 0000:03:00.0: download firmware fail
  rtw89_8852be 0000:03:00.0: [ERR]fwdl 0x1E0 = 0xe2
  rtw89_8852be 0000:03:00.0: [ERR]fwdl 0x83F0 = 0x210090

Retry five times to resolve rare abnormal hardware state.

Signed-off-by: Chia-Yuan Li <leo.li@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://msgid.link/20240329015251.22762-2-pkshih@realtek.com
(backported from commit a9e1b0ec5bdeedcf062416af4081aa005f8bf1e7 linux-next)
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--s2024.04.01-1 2024-04-25 17:12:58 UTC
wifi: mac80211: fix potential key use-after-free

Author: Johannes Berg
Author Date: 2024-04-12 20:02:17 UTC

wifi: mac80211: fix potential key use-after-free

When ieee80211_key_link() is called by ieee80211_gtk_rekey_add()
but returns 0 due to KRACK protection (identical key reinstall),
ieee80211_gtk_rekey_add() will still return a pointer into the
key, in a potential use-after-free. This normally doesn't happen
since it's only called by iwlwifi in case of WoWLAN rekey offload
which has its own KRACK protection, but still better to fix, do
that by returning an error code and converting that to success on
the cfg80211 boundary only, leaving the error for bad callers of
ieee80211_gtk_rekey_add().

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: fdf7cb4185b6 ("mac80211: accept key reinstall without changing anything")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(backported from commit 31db78a4923ef5e2008f2eed321811ca79e7f71b)
[bjamison: context conflict - added KRACK protection as written in the fix
commit since the context conflict was with a neighboring line that doesn't
affect the fix commit]
CVE-2023-52530
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

master-next--2024.04.01-3--auto 2024-04-24 07:05:26 UTC
UBUNTU: Ubuntu-5.15.0-106.116

Author: Ubuntu Kernel Bot
Author Date: 2024-04-24 07:05:26 UTC

UBUNTU: Ubuntu-5.15.0-106.116

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.04.01-3--auto 2024-04-24 06:19:55 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-106.116

Author: Ubuntu Kernel Bot
Author Date: 2024-04-24 06:19:55 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-106.116

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--2024.04.01-1--auto 2024-04-23 23:35:12 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-34.34~22.04.3

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 23:35:12 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-34.34~22.04.3

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--2024.04.01-1--auto 2024-04-23 23:08:51 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-34.34.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 23:08:51 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-34.34.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.04.01-3 2024-04-23 20:47:08 UTC
UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Author: Stefan Bader
Author Date: 2024-04-16 13:21:29 UTC

UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Adjusting the config to have BHI mitigations enabled (for now we do use
the auto mode, this differs from upstream).

CVE-2024-2201
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.03.04-2--auto 2024-04-16 11:49:59 UTC
UBUNTU: Ubuntu-5.15.0-103.113

Author: Ubuntu Kernel Bot
Author Date: 2024-04-16 11:49:59 UTC

UBUNTU: Ubuntu-5.15.0-103.113

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--s2024.03.04-1--auto 2024-04-05 15:30:58 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-28.29.1.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-05 15:30:58 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-28.29.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--s2024.03.04-1--auto 2024-04-03 05:26:53 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-28.29~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 05:26:52 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-28.29~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.03.04-1--auto 2024-04-03 04:20:52 UTC
UBUNTU: Ubuntu-5.15.0-103.113

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 04:20:52 UTC

UBUNTU: Ubuntu-5.15.0-103.113

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.03.04-1--auto 2024-03-22 10:48:40 UTC
UBUNTU: Ubuntu-5.15.0-102.112

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 10:48:40 UTC

UBUNTU: Ubuntu-5.15.0-102.112

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.03.04-1--auto 2024-03-22 09:48:05 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-102.112

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 09:48:05 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-102.112

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--2024.03.04-1--auto 2024-03-22 06:51:02 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-27.28~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 06:51:02 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-27.28~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--2024.03.04-1--auto 2024-03-22 06:12:49 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-27.28.1.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 06:12:48 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-27.28.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--s2024.02.05-1--auto 2024-03-22 05:32:43 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-26.26~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 05:32:43 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-26.26~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--s2024.02.05-1--auto 2024-03-22 04:30:21 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-26.26.1.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 04:30:21 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-26.26.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.02.05-1--auto 2024-03-22 02:59:40 UTC
UBUNTU: Ubuntu-5.15.0-101.111

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 02:59:40 UTC

UBUNTU: Ubuntu-5.15.0-101.111

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.02.05-1--auto 2024-03-22 01:25:17 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-101.111

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 01:25:17 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-101.111

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.02.05-2--auto 2024-03-14 16:34:53 UTC
UBUNTU: Ubuntu-5.15.0-98.108

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 16:34:53 UTC

UBUNTU: Ubuntu-5.15.0-98.108

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--s2024.01.08-2--auto 2024-03-14 15:31:24 UTC
UBUNTU: Ubuntu-5.15.0-95.105

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 15:31:24 UTC

UBUNTU: Ubuntu-5.15.0-95.105

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

hwe-6.5-next--s2024.01.08-1--auto 2024-03-14 15:20:23 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-21.21~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 15:20:23 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-21.21~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-hwe-6.5-next--s2024.01.08-1--auto 2024-03-14 14:28:27 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-21.21.1.1.1.1~22.04.1

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 14:28:27 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-21.21.1.1.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--s2024.01.08-1--auto 2024-03-14 12:58:23 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-95.105

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 12:58:23 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-95.105

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

lowlatency-next--2024.02.05-1--auto 2024-03-13 23:32:44 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-98.108

Author: Ubuntu Kernel Bot
Author Date: 2024-03-13 23:32:44 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-98.108

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

master-next--2024.03.04-1 2024-03-06 10:10:26 UTC
UBUNTU: [Packaging] Drop abi checks from final-checks

Author: Stefan Bader
Author Date: 2024-03-05 15:18:11 UTC

UBUNTU: [Packaging] Drop abi checks from final-checks

BugLink: https://bugs.launchpad.net/bugs/2055686

Dropping the in-tree abi checks forgot to adjust the final-checks file.
This was done in Mantic but there the file was relocated. Following up
with similar changes in Jammy.

Fixes: 476bafa0dcd4 "UBUNTU: [Packaging] Remove in-tree abi checks"
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

master-next--s2024.02.05-1 2024-03-05 17:57:02 UTC
scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

Author: Tuo Li
Author Date: 2024-02-22 17:45:00 UTC

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

The variable phba->fcf.fcf_flag is often protected by the lock
phba->hbalock() when is accessed. Here is an example in
lpfc_unregister_fcf_rescan():

  spin_lock_irq(&phba->hbalock);
  phba->fcf.fcf_flag |= FCF_INIT_DISC;
  spin_unlock_irq(&phba->hbalock);

However, in the same function, phba->fcf.fcf_flag is assigned with 0
without holding the lock, and thus can cause a data race:

  phba->fcf.fcf_flag = 0;

To fix this possible data race, a lock and unlock pair is added when
accessing the variable phba->fcf.fcf_flag.

Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20230630024748.1035993-1-islituo@gmail.com
Reviewed-by: Justin Tee <justin.tee@broadcom.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

CVE-2024-24855
(cherry picked from commit 0e881c0a4b6146b7e856735226208f48251facd8)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-6.2-next 2024-01-12 15:52:57 UTC
UBUNTU: Ubuntu-hwe-6.2-6.2.0-40.41~22.04.1

Author: Stefan Bader
Author Date: 2024-01-12 15:52:57 UTC

UBUNTU: Ubuntu-hwe-6.2-6.2.0-40.41~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-prep 2023-11-16 13:45:44 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-91.101

Author: Stefan Bader
Author Date: 2023-11-16 13:45:44 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-91.101

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-6.2-next 2023-11-16 10:14:50 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.2-6.2.0-1018.18~22.04.1

Author: Stefan Bader
Author Date: 2023-11-16 10:14:50 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.2-6.2.0-1018.18~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-6.2-prep 2023-11-16 10:14:50 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.2-6.2.0-1018.18~22.04.1

Author: Stefan Bader
Author Date: 2023-11-16 10:14:50 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.2-6.2.0-1018.18~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-6.2-prep 2023-11-16 09:48:35 UTC
UBUNTU: Ubuntu-hwe-6.2-6.2.0-39.40~22.04.1

Author: Stefan Bader
Author Date: 2023-11-16 09:48:35 UTC

UBUNTU: Ubuntu-hwe-6.2-6.2.0-39.40~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-6.5-prep 2023-10-26 07:04:42 UTC
UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-9.9.1~22.04.2

Author: Andrea Righi
Author Date: 2023-10-24 16:18:47 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-9.9.1~22.04.2

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

hwe-6.5 2023-10-11 17:03:57 UTC
UBUNTU: Ubuntu-hwe-6.5-6.5.0-9.9~22.04.2

Author: Andrea Righi
Author Date: 2023-10-11 09:52:15 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-9.9~22.04.2

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

hwe-5.19-next 2023-08-31 08:52:48 UTC
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

Author: Sungwoo Kim
Author Date: 2023-08-28 15:56:00 UTC

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

l2cap_sock_release(sk) frees sk. However, sk's children are still alive
and point to the already free'd sk's address.
To fix this, l2cap_sock_release(sk) also cleans sk's children.

==================================================================
BUG: KASAN: use-after-free in l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650
Read of size 8 at addr ffff888104617aa8 by task kworker/u3:0/276

CPU: 0 PID: 276 Comm: kworker/u3:0 Not tainted 6.2.0-00001-gef397bd4d5fb-dirty #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: hci2 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x72/0x95 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:306 [inline]
 print_report+0x175/0x478 mm/kasan/report.c:417
 kasan_report+0xb1/0x130 mm/kasan/report.c:517
 l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650
 l2cap_chan_ready+0x10e/0x1e0 net/bluetooth/l2cap_core.c:1386
 l2cap_config_req+0x753/0x9f0 net/bluetooth/l2cap_core.c:4480
 l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5739 [inline]
 l2cap_sig_channel net/bluetooth/l2cap_core.c:6509 [inline]
 l2cap_recv_frame+0xe2e/0x43c0 net/bluetooth/l2cap_core.c:7788
 l2cap_recv_acldata+0x6ed/0x7e0 net/bluetooth/l2cap_core.c:8506
 hci_acldata_packet net/bluetooth/hci_core.c:3813 [inline]
 hci_rx_work+0x66e/0xbc0 net/bluetooth/hci_core.c:4048
 process_one_work+0x4ea/0x8e0 kernel/workqueue.c:2289
 worker_thread+0x364/0x8e0 kernel/workqueue.c:2436
 kthread+0x1b9/0x200 kernel/kthread.c:376
 ret_from_fork+0x2c/0x50 arch/x86/entry/entry_64.S:308
 </TASK>

Allocated by task 288:
 kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:968 [inline]
 __kmalloc+0x5a/0x140 mm/slab_common.c:981
 kmalloc include/linux/slab.h:584 [inline]
 sk_prot_alloc+0x113/0x1f0 net/core/sock.c:2040
 sk_alloc+0x36/0x3c0 net/core/sock.c:2093
 l2cap_sock_alloc.constprop.0+0x39/0x1c0 net/bluetooth/l2cap_sock.c:1852
 l2cap_sock_create+0x10d/0x220 net/bluetooth/l2cap_sock.c:1898
 bt_sock_create+0x183/0x290 net/bluetooth/af_bluetooth.c:132
 __sock_create+0x226/0x380 net/socket.c:1518
 sock_create net/socket.c:1569 [inline]
 __sys_socket_create net/socket.c:1606 [inline]
 __sys_socket_create net/socket.c:1591 [inline]
 __sys_socket+0x112/0x200 net/socket.c:1639
 __do_sys_socket net/socket.c:1652 [inline]
 __se_sys_socket net/socket.c:1650 [inline]
 __x64_sys_socket+0x40/0x50 net/socket.c:1650
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

Freed by task 288:
 kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:523
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free mm/kasan/common.c:200 [inline]
 __kasan_slab_free+0x10a/0x190 mm/kasan/common.c:244
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook mm/slub.c:1807 [inline]
 slab_free mm/slub.c:3787 [inline]
 __kmem_cache_free+0x88/0x1f0 mm/slub.c:3800
 sk_prot_free net/core/sock.c:2076 [inline]
 __sk_destruct+0x347/0x430 net/core/sock.c:2168
 sk_destruct+0x9c/0xb0 net/core/sock.c:2183
 __sk_free+0x82/0x220 net/core/sock.c:2194
 sk_free+0x7c/0xa0 net/core/sock.c:2205
 sock_put include/net/sock.h:1991 [inline]
 l2cap_sock_kill+0x256/0x2b0 net/bluetooth/l2cap_sock.c:1257
 l2cap_sock_release+0x1a7/0x220 net/bluetooth/l2cap_sock.c:1428
 __sock_release+0x80/0x150 net/socket.c:650
 sock_close+0x19/0x30 net/socket.c:1368
 __fput+0x17a/0x5c0 fs/file_table.c:320
 task_work_run+0x132/0x1c0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x113/0x120 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x21/0x50 kernel/entry/common.c:296
 do_syscall_64+0x4c/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

The buggy address belongs to the object at ffff888104617800
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 680 bytes inside of
 1024-byte region [ffff888104617800, ffff888104617c00)

The buggy address belongs to the physical page:
page:00000000dbca6a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888104614000 pfn:0x104614
head:00000000dbca6a80 order:2 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
flags: 0x200000000010200(slab|head|node=0|zone=2)
raw: 0200000000010200 ffff888100041dc0 ffffea0004212c10 ffffea0004234b10
raw: ffff888104614000 0000000000080002 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888104617980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888104617a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> >ffff888104617a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
 ffff888104617b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888104617b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

Ack: This bug is found by FuzzBT with a modified Syzkaller. Other
contributors are Ruoyu Wu and Hui Peng.
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

CVE-2023-40283
(cherry picked from commit 1728137b33c00d5a2b5110ed7aafb42e7c32e4a1)
Signed-off-by: Cengiz Can <cengiz.can@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-5.19-next 2023-07-13 09:01:04 UTC
UBUNTU: Ubuntu-lowlatency-hwe-5.19-5.19.0-1030.30

Author: Stefan Bader
Author Date: 2023-07-13 09:01:04 UTC

UBUNTU: Ubuntu-lowlatency-hwe-5.19-5.19.0-1030.30

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency-hwe-5.19-prep 2023-07-13 09:01:04 UTC
UBUNTU: Ubuntu-lowlatency-hwe-5.19-5.19.0-1030.30

Author: Stefan Bader
Author Date: 2023-07-13 09:01:04 UTC

UBUNTU: Ubuntu-lowlatency-hwe-5.19-5.19.0-1030.30

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.19-prep 2023-07-05 09:21:48 UTC
UBUNTU: Start new release

Author: Stefan Bader
Author Date: 2023-07-04 08:31:14 UTC

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.17-next 2023-01-27 19:51:19 UTC
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

Author: Pablo Neira Ayuso
Author Date: 2023-01-18 18:58:05 UTC

netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.

Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.

Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com>
Fixes: f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 696e1a48b1a1b01edad542a1ef293665864a4dd0 net.git)
CVE-2023-0179
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

hwe-5.17-prep 2023-01-20 16:25:54 UTC
UBUNTU: Ubuntu-hwe-5.17-5.17.0-15.16~22.04.8

Author: Stefan Bader
Author Date: 2023-01-20 16:25:54 UTC

UBUNTU: Ubuntu-hwe-5.17-5.17.0-15.16~22.04.8

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

hwe-5.17 2022-10-19 13:50:45 UTC
UBUNTU: Ubuntu-hwe-5.17-5.17.0-11.11~22.04.8

Author: Paolo Pisati
Author Date: 2022-10-19 13:50:45 UTC

UBUNTU: Ubuntu-hwe-5.17-5.17.0-11.11~22.04.8

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

master 2022-10-13 07:40:20 UTC
UBUNTU: Ubuntu-5.15.0-52.58

Author: Stefan Bader
Author Date: 2022-10-13 07:40:20 UTC

UBUNTU: Ubuntu-5.15.0-52.58

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

lowlatency 2022-09-21 13:16:32 UTC
UBUNTU: Ubuntu-lowlatency-5.15.0-50.56

Author: Stefan Bader
Author Date: 2022-09-21 13:16:32 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-50.56

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

186 of 86 results
This repository contains Public information 
Everyone can see this information.