lp:~ubuntu-kernel/ubuntu/+source/linux/+git/focal

Author: Ubuntu Kernel Bot
Author Date: 2024-04-30 10:29:46 UTC

UBUNTU: Ubuntu-5.4.0-186.206

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Stefan Bader
Author Date: 2024-04-30 10:11:28 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-107.117~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-29 22:42:16 UTC

UBUNTU: Ubuntu-5.4.0-182.202

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Roxana Nicolescu
Author Date: 2024-04-26 12:01:17 UTC

UBUNTU: Ubuntu-5.4.0-186.206

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Roxana Nicolescu
Author Date: 2024-04-26 12:01:17 UTC

UBUNTU: Ubuntu-5.4.0-186.206

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Paulo Alcantara
Author Date: 2024-04-17 10:38:55 UTC

cifs: fix ntlmssp auth when there is no key exchange

BugLink: https://bugs.launchpad.net/bugs/2061986

Warn on the lack of key exchange during NTLMSSP authentication rather
than aborting it as there are some servers that do not set it in
CHALLENGE message.

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
(backported from commit 9de0737d5ba0425c3154d5d83da12a8fa8595c0f)
[rmalz: commit fails to cherry-pick due to changes introduced
by commit 49bd49f983b5026e4557d31c5d737d9657c4113e, which is not
relevant to the change]
Signed-off-by: Robert Malz <robert.malz@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Johannes Berg
Author Date: 2024-04-12 20:02:17 UTC

wifi: mac80211: fix potential key use-after-free

When ieee80211_key_link() is called by ieee80211_gtk_rekey_add()
but returns 0 due to KRACK protection (identical key reinstall),
ieee80211_gtk_rekey_add() will still return a pointer into the
key, in a potential use-after-free. This normally doesn't happen
since it's only called by iwlwifi in case of WoWLAN rekey offload
which has its own KRACK protection, but still better to fix, do
that by returning an error code and converting that to success on
the cfg80211 boundary only, leaving the error for bad callers of
ieee80211_gtk_rekey_add().

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: fdf7cb4185b6 ("mac80211: accept key reinstall without changing anything")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(backported from commit 31db78a4923ef5e2008f2eed321811ca79e7f71b)
[bjamison: context conflict - added KRACK protection as written in the fix
commit since the context conflict was with a neighboring line that doesn't
affect the fix commit]
CVE-2023-52530
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-24 03:31:15 UTC

UBUNTU: Ubuntu-5.4.0-181.201

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Roxana Nicolescu
Author Date: 2024-03-28 14:19:07 UTC

UBUNTU: [Packaging] drop getabis data

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-23 01:55:48 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-106.116~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-22 15:50:53 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-106.116~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-04-03 01:11:35 UTC

UBUNTU: Ubuntu-5.4.0-177.197

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-28 12:59:05 UTC

UBUNTU: Ubuntu-5.4.0-174.192

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Brian King
Author Date: 2024-03-08 12:28:00 UTC

hvcs: Synchronize hotplug remove with port free

BugLink: https://bugs.launchpad.net/bugs/2056373

Synchronizes hotplug remove with the freeing of the port.
This ensures we have freed all the memory associated with
this port and are not leaking memory.

Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Link: https://lore.kernel.org/r/20230203155802.404324-6-brking@linux.vnet.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

(cherry picked from commit 28d49f8cbe9c7966f91ee1b5ec2f997f6e55bf9f)
Signed-off-by: Frank Heimes <frank.heimes@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Cengiz Can <cengiz.can@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 15:13:50 UTC

UBUNTU: Ubuntu-5.4.0-175.194

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 10:32:43 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-102.112~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-22 02:40:15 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-101.111~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-21 21:03:24 UTC

UBUNTU: Ubuntu-5.4.0-174.192

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 13:33:17 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-97.107~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 10:58:14 UTC

UBUNTU: Ubuntu-5.4.0-172.190

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 03:59:13 UTC

UBUNTU: Ubuntu-5.4.0-173.191

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Ubuntu Kernel Bot
Author Date: 2024-03-14 00:20:28 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-100.110~20.04.1

Signed-off-by: Ubuntu Kernel Bot <ubuntu-kernel-bot@canonical.com>

Author: Roxana Nicolescu
Author Date: 2024-03-05 15:13:21 UTC

UBUNTU: [Packaging] Remove abi-check from final-checks

BugLink: https://bugs.launchpad.net/bugs/2055686

Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Author: Tuo Li
Author Date: 2024-02-22 17:45:00 UTC

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

The variable phba->fcf.fcf_flag is often protected by the lock
phba->hbalock() when is accessed. Here is an example in
lpfc_unregister_fcf_rescan():

  spin_lock_irq(&phba->hbalock);
  phba->fcf.fcf_flag |= FCF_INIT_DISC;
  spin_unlock_irq(&phba->hbalock);

However, in the same function, phba->fcf.fcf_flag is assigned with 0
without holding the lock, and thus can cause a data race:

  phba->fcf.fcf_flag = 0;

To fix this possible data race, a lock and unlock pair is added when
accessing the variable phba->fcf.fcf_flag.

Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20230630024748.1035993-1-islituo@gmail.com
Reviewed-by: Justin Tee <justin.tee@broadcom.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

CVE-2024-24855
(cherry picked from commit 0e881c0a4b6146b7e856735226208f48251facd8)
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-11-16 13:58:44 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-91.101~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-10-14 16:32:31 UTC

UBUNTU: Ubuntu-5.4.0-131.147

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Author: Stefan Bader
Author Date: 2022-10-13 12:47:29 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-52.58~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Eric Dumazet
Author Date: 2022-06-21 19:09:00 UTC

llc: only change llc->dev when bind() succeeds

commit 2d327a79ee176930dc72c131a970c891d367c1dc upstream.

My latest patch, attempting to fix the refcount leak in a minimal
way turned out to add a new bug.

Whenever the bind operation fails before we attempt to grab
a reference count on a device, we might release the device refcount
of a prior successful bind() operation.

syzbot was not happy about this [1].

Note to stable teams:

Make sure commit b37a46683739 ("netdevice: add the case if dev is NULL")
is already present in your trees.

[1]
general protection fault, probably for non-canonical address 0xdffffc0000000070: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]
CPU: 1 PID: 3590 Comm: syz-executor361 Tainted: G W 5.17.0-syzkaller-04796-g169e77764adc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:llc_ui_connect+0x400/0xcb0 net/llc/af_llc.c:500
Code: 80 3c 02 00 0f 85 fc 07 00 00 4c 8b a5 38 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a9 07 00 00 49 8b b4 24 80 03 00 00 4c 89 f2 48
RSP: 0018:ffffc900038cfcc0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880756eb600 RCX: 0000000000000000
RDX: 0000000000000070 RSI: ffffc900038cfe3e RDI: 0000000000000380
RBP: ffff888015ee5000 R08: 0000000000000001 R09: ffff888015ee5535
R10: ffffed1002bdcaa6 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc900038cfe37 R14: ffffc900038cfe38 R15: ffff888015ee5012
FS: 0000555555acd300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000280 CR3: 0000000077db6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __sys_connect_file+0x155/0x1a0 net/socket.c:1900
 __sys_connect+0x161/0x190 net/socket.c:1917
 __do_sys_connect net/socket.c:1927 [inline]
 __se_sys_connect net/socket.c:1924 [inline]
 __x64_sys_connect+0x6f/0xb0 net/socket.c:1924
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f016acb90b9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd417947f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f016acb90b9
RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 00007f016ac7d0a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f016ac7d130
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:llc_ui_connect+0x400/0xcb0 net/llc/af_llc.c:500

Fixes: 764f4eb6846f ("llc: fix netdevice reference leaks in llc_ui_bind()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: 赵子轩 <beraphin@gmail.com>
Cc: Stoyan Manolov <smanolov@suse.de>
Link: https://lore.kernel.org/r/20220325035827.360418-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2022-28356
(cherry picked from commit 163960a7de1333514c9352deb7c80c6b9fd9abf2 linux-5.10.y)
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-06-02 22:48:21 UTC

UBUNTU: Ubuntu-hwe-5.13-5.13.0-48.54~20.04.1

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Author: Stefan Bader
Author Date: 2022-05-23 13:33:01 UTC

UBUNTU: Ubuntu-hwe-5.13-5.13.0-46.51~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2022-03-09 14:54:36 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2022-03-09 14:54:36 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-01-06 23:13:46 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-46.51~20.04.1

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Author: Stefan Bader
Author Date: 2021-10-27 08:49:04 UTC

UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2021-10-27 08:49:04 UTC

UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>