lp:~ubuntu-kernel/ubuntu/+source/linux/+git/jammy

Author: Roxana Nicolescu
Author Date: 2024-04-23 08:24:50 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-34.34.1~22.04.1

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Kai-Heng Feng
Author Date: 2024-04-08 03:33:10 UTC

platform/x86: asus-wmi: Consider device is absent when the read is ~0

BugLink: https://bugs.launchpad.net/bugs/2060422

AAEON PICO-TGU4 board doesn't have any LED but there are bogus LED
controls under /sys/class/leds:
$ ls /sys/class/leds
asus::kbd_backlight asus::lightbar platform::micmute

The reason is that the ~0 read from asus_wmi_get_devstate() is treated
as a valid state, in truth it means the device is absent.

So filter out ~0 read to prevent bogus LED controls being created.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20240308053255.224496-1-kai.heng.feng@canonical.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
(cherry picked from commit f7b7066508d69934e4545db0c709c98ce506df0c)
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 02:07:37 UTC

UBUNTU: Ubuntu-5.15.0-106.116

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 01:24:09 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-106.116

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-22 15:22:12 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-34.34~22.04.3

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-22 14:59:25 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-34.34.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Roxana Nicolescu
Author Date: 2024-04-19 11:25:50 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-34.34~22.04.2

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Stefan Bader
Author Date: 2024-04-17 15:37:53 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-106.116

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2024-04-16 14:11:14 UTC

UBUNTU: Ubuntu-5.15.0-106.116

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-16 11:49:59 UTC

UBUNTU: Ubuntu-5.15.0-103.113

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-05 15:30:58 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-28.29.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 05:26:52 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-28.29~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 04:20:52 UTC

UBUNTU: Ubuntu-5.15.0-103.113

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 10:48:40 UTC

UBUNTU: Ubuntu-5.15.0-102.112

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 09:48:05 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-102.112

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 06:51:02 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-27.28~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 06:12:48 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-27.28.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 05:32:43 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-26.26~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 04:30:21 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-26.26.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 02:59:40 UTC

UBUNTU: Ubuntu-5.15.0-101.111

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 01:25:17 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-101.111

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 16:34:53 UTC

UBUNTU: Ubuntu-5.15.0-98.108

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 15:31:24 UTC

UBUNTU: Ubuntu-5.15.0-95.105

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 15:20:23 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-21.21~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 14:28:27 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-21.21.1.1.1.1~22.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 12:58:23 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-95.105

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-13 23:32:44 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-98.108

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Stefan Bader
Author Date: 2024-03-05 15:18:11 UTC

UBUNTU: [Packaging] Drop abi checks from final-checks

BugLink: https://bugs.launchpad.net/bugs/2055686

Dropping the in-tree abi checks forgot to adjust the final-checks file.
This was done in Mantic but there the file was relocated. Following up
with similar changes in Jammy.

Fixes: 476bafa0dcd4 "UBUNTU: [Packaging] Remove in-tree abi checks"
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Tuo Li
Author Date: 2024-02-22 17:45:00 UTC

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

The variable phba->fcf.fcf_flag is often protected by the lock
phba->hbalock() when is accessed. Here is an example in
lpfc_unregister_fcf_rescan():

  spin_lock_irq(&phba->hbalock);
  phba->fcf.fcf_flag |= FCF_INIT_DISC;
  spin_unlock_irq(&phba->hbalock);

However, in the same function, phba->fcf.fcf_flag is assigned with 0
without holding the lock, and thus can cause a data race:

  phba->fcf.fcf_flag = 0;

To fix this possible data race, a lock and unlock pair is added when
accessing the variable phba->fcf.fcf_flag.

Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20230630024748.1035993-1-islituo@gmail.com
Reviewed-by: Justin Tee <justin.tee@broadcom.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

CVE-2024-24855
(cherry picked from commit 0e881c0a4b6146b7e856735226208f48251facd8)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2024-01-12 15:52:57 UTC

UBUNTU: Ubuntu-hwe-6.2-6.2.0-40.41~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-11-16 13:45:44 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-91.101

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-11-16 10:14:50 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.2-6.2.0-1018.18~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-11-16 10:14:50 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.2-6.2.0-1018.18~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-11-16 09:48:35 UTC

UBUNTU: Ubuntu-hwe-6.2-6.2.0-39.40~22.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Andrea Righi
Author Date: 2023-10-24 16:18:47 UTC

UBUNTU: Ubuntu-lowlatency-hwe-6.5-6.5.0-9.9.1~22.04.2

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: Andrea Righi
Author Date: 2023-10-11 09:52:15 UTC

UBUNTU: Ubuntu-hwe-6.5-6.5.0-9.9~22.04.2

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

Author: Sungwoo Kim
Author Date: 2023-08-28 15:56:00 UTC

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

l2cap_sock_release(sk) frees sk. However, sk's children are still alive
and point to the already free'd sk's address.
To fix this, l2cap_sock_release(sk) also cleans sk's children.

==================================================================
BUG: KASAN: use-after-free in l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650
Read of size 8 at addr ffff888104617aa8 by task kworker/u3:0/276

CPU: 0 PID: 276 Comm: kworker/u3:0 Not tainted 6.2.0-00001-gef397bd4d5fb-dirty #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: hci2 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x72/0x95 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:306 [inline]
 print_report+0x175/0x478 mm/kasan/report.c:417
 kasan_report+0xb1/0x130 mm/kasan/report.c:517
 l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650
 l2cap_chan_ready+0x10e/0x1e0 net/bluetooth/l2cap_core.c:1386
 l2cap_config_req+0x753/0x9f0 net/bluetooth/l2cap_core.c:4480
 l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5739 [inline]
 l2cap_sig_channel net/bluetooth/l2cap_core.c:6509 [inline]
 l2cap_recv_frame+0xe2e/0x43c0 net/bluetooth/l2cap_core.c:7788
 l2cap_recv_acldata+0x6ed/0x7e0 net/bluetooth/l2cap_core.c:8506
 hci_acldata_packet net/bluetooth/hci_core.c:3813 [inline]
 hci_rx_work+0x66e/0xbc0 net/bluetooth/hci_core.c:4048
 process_one_work+0x4ea/0x8e0 kernel/workqueue.c:2289
 worker_thread+0x364/0x8e0 kernel/workqueue.c:2436
 kthread+0x1b9/0x200 kernel/kthread.c:376
 ret_from_fork+0x2c/0x50 arch/x86/entry/entry_64.S:308
 </TASK>

Allocated by task 288:
 kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:968 [inline]
 __kmalloc+0x5a/0x140 mm/slab_common.c:981
 kmalloc include/linux/slab.h:584 [inline]
 sk_prot_alloc+0x113/0x1f0 net/core/sock.c:2040
 sk_alloc+0x36/0x3c0 net/core/sock.c:2093
 l2cap_sock_alloc.constprop.0+0x39/0x1c0 net/bluetooth/l2cap_sock.c:1852
 l2cap_sock_create+0x10d/0x220 net/bluetooth/l2cap_sock.c:1898
 bt_sock_create+0x183/0x290 net/bluetooth/af_bluetooth.c:132
 __sock_create+0x226/0x380 net/socket.c:1518
 sock_create net/socket.c:1569 [inline]
 __sys_socket_create net/socket.c:1606 [inline]
 __sys_socket_create net/socket.c:1591 [inline]
 __sys_socket+0x112/0x200 net/socket.c:1639
 __do_sys_socket net/socket.c:1652 [inline]
 __se_sys_socket net/socket.c:1650 [inline]
 __x64_sys_socket+0x40/0x50 net/socket.c:1650
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

Freed by task 288:
 kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:523
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free mm/kasan/common.c:200 [inline]
 __kasan_slab_free+0x10a/0x190 mm/kasan/common.c:244
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook mm/slub.c:1807 [inline]
 slab_free mm/slub.c:3787 [inline]
 __kmem_cache_free+0x88/0x1f0 mm/slub.c:3800
 sk_prot_free net/core/sock.c:2076 [inline]
 __sk_destruct+0x347/0x430 net/core/sock.c:2168
 sk_destruct+0x9c/0xb0 net/core/sock.c:2183
 __sk_free+0x82/0x220 net/core/sock.c:2194
 sk_free+0x7c/0xa0 net/core/sock.c:2205
 sock_put include/net/sock.h:1991 [inline]
 l2cap_sock_kill+0x256/0x2b0 net/bluetooth/l2cap_sock.c:1257
 l2cap_sock_release+0x1a7/0x220 net/bluetooth/l2cap_sock.c:1428
 __sock_release+0x80/0x150 net/socket.c:650
 sock_close+0x19/0x30 net/socket.c:1368
 __fput+0x17a/0x5c0 fs/file_table.c:320
 task_work_run+0x132/0x1c0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x113/0x120 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x21/0x50 kernel/entry/common.c:296
 do_syscall_64+0x4c/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

The buggy address belongs to the object at ffff888104617800
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 680 bytes inside of
 1024-byte region [ffff888104617800, ffff888104617c00)

The buggy address belongs to the physical page:
page:00000000dbca6a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888104614000 pfn:0x104614
head:00000000dbca6a80 order:2 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
flags: 0x200000000010200(slab|head|node=0|zone=2)
raw: 0200000000010200 ffff888100041dc0 ffffea0004212c10 ffffea0004234b10
raw: ffff888104614000 0000000000080002 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888104617980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888104617a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> >ffff888104617a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
 ffff888104617b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888104617b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

Ack: This bug is found by FuzzBT with a modified Syzkaller. Other
contributors are Ruoyu Wu and Hui Peng.
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

CVE-2023-40283
(cherry picked from commit 1728137b33c00d5a2b5110ed7aafb42e7c32e4a1)
Signed-off-by: Cengiz Can <cengiz.can@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-07-13 09:01:04 UTC

UBUNTU: Ubuntu-lowlatency-hwe-5.19-5.19.0-1030.30

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-07-13 09:01:04 UTC

UBUNTU: Ubuntu-lowlatency-hwe-5.19-5.19.0-1030.30

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-07-04 08:31:14 UTC

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Pablo Neira Ayuso
Author Date: 2023-01-18 18:58:05 UTC

netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.

Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.

Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com>
Fixes: f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 696e1a48b1a1b01edad542a1ef293665864a4dd0 net.git)
CVE-2023-0179
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

Author: Stefan Bader
Author Date: 2023-01-20 16:25:54 UTC

UBUNTU: Ubuntu-hwe-5.17-5.17.0-15.16~22.04.8

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Paolo Pisati
Author Date: 2022-10-19 13:50:45 UTC

UBUNTU: Ubuntu-hwe-5.17-5.17.0-11.11~22.04.8

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

Author: Stefan Bader
Author Date: 2022-10-13 07:40:20 UTC

UBUNTU: Ubuntu-5.15.0-52.58

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2022-09-21 13:16:32 UTC

UBUNTU: Ubuntu-lowlatency-5.15.0-50.56

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>