~wgrant/ubuntu/+source/linux:master

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

db5f146... by Brad Figg on 2016-12-01

UBUNTU: Ubuntu-4.4.0-53.74

Signed-off-by: Brad Figg <email address hidden>

26cf5a6... by Philip Pettersson <email address hidden> on 2016-12-01

packet: fix race condition in packet_set_ring

CVE-2016-8655

BugLink: http://bugs.launchpad.net/bugs/1646318

When packet_set_ring creates a ring buffer it will initialize a
struct timer_list if the packet version is TPACKET_V3. This value
can then be raced by a different thread calling setsockopt to
set the version to TPACKET_V1 before packet_set_ring has finished.

This leads to a use-after-free on a function pointer in the
struct timer_list when the socket is closed as the previously
initialized timer will not be deleted.

The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
changing the packet version while also taking the lock at the start
of packet_set_ring.

Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Signed-off-by: Philip Pettersson <email address hidden>
Signed-off-by: Eric Dumazet <email address hidden>
Signed-off-by: Brad Figg <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Ben Romer <email address hidden>

e56d38f... by Brad Figg on 2016-12-01

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Brad Figg <email address hidden>

40a98f0... by Luis Henriques on 2016-11-24

UBUNTU: Ubuntu-4.4.0-51.72

Signed-off-by: Luis Henriques <email address hidden>

32a5e3a... by Luis Henriques on 2016-11-24

Revert "nvme: use the DMA_ATTR_NO_WARN attribute"

BugLink: https://bugs.launchpad.net/bugs/1644596

This reverts commit 7c50722ad76b1b90538912fb84e2c3e206fab327.

The backports that fix bug #1633128 for xenial, in particular the backport
of upstream commit a9a62c938441 ("dma-mapping: introduce the
DMA_ATTR_NO_WARN attribute"), introduce a regression.

Signed-off-by: Luis Henriques <email address hidden>

498859e... by Luis Henriques on 2016-11-24

Revert "powerpc: implement the DMA_ATTR_NO_WARN attribute"

BugLink: https://bugs.launchpad.net/bugs/1644596

This reverts commit 96530c8afe82e40f06b556584ca2822f66b66874.

The backports that fix bug #1633128 for xenial, in particular the backport
of upstream commit a9a62c938441 ("dma-mapping: introduce the
DMA_ATTR_NO_WARN attribute"), introduce a regression.

Signed-off-by: Luis Henriques <email address hidden>

a3d623d... by Luis Henriques on 2016-11-24

Revert "dma-mapping: introduce the DMA_ATTR_NO_WARN attribute"

BugLink: https://bugs.launchpad.net/bugs/1644596

This reverts commit 3fbd4bc4627ac0544298f072a6658e073d718c5b.

The backports that fix bug #1633128 for xenial, in particular the backport
of upstream commit a9a62c938441 ("dma-mapping: introduce the
DMA_ATTR_NO_WARN attribute"), introduce a regression.

Signed-off-by: Luis Henriques <email address hidden>

45582b9... by Luis Henriques on 2016-11-23

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Luis Henriques <email address hidden>

0238dfb... by Luis Henriques on 2016-11-23

UBUNTU: Ubuntu-4.4.0-50.71

Signed-off-by: Luis Henriques <email address hidden>

055fa3f... by Luis Henriques on 2016-11-23

Revert "(namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns"

BugLink: https://bugs.launchpad.net/bugs/1644165

This reverts commit 813a6f60e06178483a97e118b7820fdbfca955b5.

The kernel fix for bug #1634964 breaks LXD userspace, in particular the
following commits:

ac7f3f73cb39 (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
ca52383ad6a6 (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs

LXD 2.0.6 will include changes to support these kernel changes, but it isn't
available yet on xenial, so for now we just revert these commits.

Signed-off-by: Luis Henriques <email address hidden>