~vicamo/+git/ubuntu-kernel:bug-1886269/add-to-i8042-nopnp-list/bionic

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

33691e4... by You-Sheng Yang on 2020-07-13

Bug 1886269: Input: i8042 - add Intel Desktop Board DG41RQ to nopnp list

d12ba0c... by You-Sheng Yang on 2020-07-13

Input: i8042 - add Intel Desktop Board DG41RQ to nopnp list

Add DMI matches for Intel Desktop Board DG41RQ that needs 'i8042.nopnp'
to detect PS/2 mouse reliably reported by Jatinderpal Singh.

BugLink: https://bugs.launchpad.net/bugs/1886269
Signed-off-by: You-Sheng Yang <email address hidden>

495149d... by Khaled El Mously on 2020-07-09

UBUNTU: Ubuntu-4.15.0-112.113

Signed-off-by: Khalid Elmously <email address hidden>

0feb505... by Khaled El Mously on 2020-07-09

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/1887048
Properties: no-test-build
Signed-off-by: Khalid Elmously <email address hidden>

d88391f... by Khaled El Mously on 2020-07-09

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Khalid Elmously <email address hidden>

7ff3bf1... by Kleber Sacilotto de Souza on 2020-07-03

UBUNTU: update dkms package versions

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

291d96d... by J. R. Okajima on 2020-06-29

UBUNTU: SAUCE: aufs: bugfix, IMA i_readcount

By the recent commit
 21913077f9918 2020-06-17 aufs: do not call i_readcount_inc()
a very old bug was fixed, which is inblance counter.
But still aufs needs to call i_readcount_inc() when the branch
permission is chaned from RW to RO. Otherwise the counter reaches 0
and BUG() in i_readcount_dec() will be activated.

Signed-off-by: J. R. Okajima <email address hidden>
(cherry picked from commit f10aea57d39d6cd311312e9e7746804f7059b5c8 aufs4-linux.git)
CVE-2020-11935
Signed-off-by: Mauricio Faria de Oliveira <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

ecd7648... by Mauricio Faria de Oliveira on 2020-06-29

UBUNTU: SAUCE: aufs: do not call i_readcount_inc()

The 'struct inode.i_readcount' field is maintained at the VFS, and
should not be modified by filesystems. But aufs does in one place,
which causes it to be unbalanced.

This started with Linux v2.6.39 commit 890275b5eb79 ("IMA: maintain
i_readcount in the VFS layer"), which moved the i_readcount updates
from IMA into the VFS (at the same places IMA was called previously)
and introduced 'mutex_lock(i_mutex)' in the ima_file_check() path.

The former change is functionally equivalent, thus no changes are
needed in response to it.

The latter change, on the other hand, is _not_; and is reported to
cause a deadlock in aufs (see below), thus it dropped the call to
ima_file_check().

However, when dropping the ima_file_check() call, aufs introduced
the i_readcount_inc() call as well, which according to the commit
changes is not necessary.

This can be observed in aufs2-standalone.git commit 1dbd1c864e455
("aufs2.1 standalone version for linux-2.6."), announced to the
aufs-users mailing list on 2011-04-04 [1].

    diff --git a/ChangeLog b/ChangeLog
    ...
    +commit 17eac367b03334e57a93e8051eb712add24d2534
    +Author: J. R. Okajima <email address hidden>
    +Date: Fri Apr 1 16:31:22 2011 +0900
    +
    + aufs: for 2.6.39, limit the support for IMA
    +
    + Since it acquires i_mutex and causes a deadlock, replace a
    + ima_file_check() call by i_readcount_inc().
    +
    + Signed-off-by: J. R. Okajima <email address hidden>
    ...
    diff --git a/fs/aufs/vfsub.c b/fs/aufs/vfsub.c
    ...
    struct file *vfsub_dentry_open(struct path *path, int flags)
    ...
    + if (!IS_ERR_OR_NULL(file)
    + && (file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
    + i_readcount_inc(path->dentry->d_inode);

    - err = ima_file_check(file, au_conv_oflags(flags));
    ...

Apparently, this might have been a misunderstanding of one hunk in
the 2.6.39 commit, that deletes the lines to increment i_readcount,
and adds the lines to acquire i_mutex.

It reuses code from the removed function ima_counts_get() to create
ima_rdwr_violation_check(), and another hunk calls the new function
from ima_file_check(). But note that the i_readcount increment was
_not_ called from ima_file_check() previously, via ima_counts_get():

    -void ima_counts_get(struct file *file)
    +static void ima_rdwr_violation_check(struct file *file)
     {
    ...
    + mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */
    ...
    - atomic_inc(&inode->i_readcount);

    #@@ -318,6 +308,7 @@ int ima_file_check(struct file *file, int mask)
    ...
    + ima_rdwr_violation_check(file);

So, in order to avoid the unbalance caused to i_readcount, drop the
i_readcount_inc() call.

Note the issue is not the lack of a corresponding i_readcount_dec()
call; it's the mere usage of these functions outside of VFS layer,
where i_readcount is maintained.

Links:

[1] https://sourceforge.net/p/aufs/mailman/message/27304125/
    snippet:

    """
    aufs2 Monday GIT release
    From: <sfjro@us...> - 2011-04-04 04:59:18

    o news
    - begin supporting linux-2.6.39-rcN.
    ...
    - aufs2-2.6.git#aufs2.1 branch
    ...
          aufs: for 2.6.39, limit the support for IMA
    ...
    """

Signed-off-by: Mauricio Faria de Oliveira <email address hidden>
(cherry picked from commit 515a586eeef31e0717d5dea21e2c11a965340b3c aufs4-linux.git)
CVE-2020-11935
Signed-off-by: Mauricio Faria de Oliveira <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

3f9aeb0... by Fan Yang on 2020-06-10

mm: Fix mremap not considering huge pmd devmap

The original code in mm/mremap.c checks huge pmd by:

  if (is_swap_pmd(*old_pmd) || pmd_trans_huge(*old_pmd)) {

However, a DAX mapped nvdimm is mapped as huge page (by default) but it
is not transparent huge page (_PAGE_PSE | PAGE_DEVMAP). This commit
changes the condition to include the case.

This addresses CVE-2020-10757.

Fixes: 5c7fb56e5e3f ("mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd")
Cc: <email address hidden>
Reported-by: Fan Yang <email address hidden>
Signed-off-by: Fan Yang <email address hidden>
Tested-by: Fan Yang <email address hidden>
Tested-by: Dan Williams <email address hidden>
Reviewed-by: Dan Williams <email address hidden>
Acked-by: Kirill A. Shutemov <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
(cherry picked from commit 5bfea2d9b17f1034a68147a8b03b9789af5700f9)
CVE-2020-10757
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Sultan Alsawaf <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

6615e49... by Jason A. Donenfeld on 2020-06-19

UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down

BugLink: https://bugs.launchpad.net/bugs/1884159

Like other vectors already patched, this one here allows the root user
to load ACPI tables, which enables arbitrary physical address writes,
which in turn makes it possible to disable lockdown. This patch prevents
this by checking the lockdown status before allowing a new ACPI table to be
installed. The link in the trailer shows a PoC of how this might be
used.

Signed-off-by: Jason A. Donenfeld <email address hidden>
Cc: <email address hidden>
Link: https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Link: https://<email address hidden>/
[ saf: Backport to older lockdown implementation ]
Signed-off-by: Seth Forshee <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Andrea Righi <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>