lp:~lukenow/ubuntu/+source/linux/+git/focal

Author: Luke Nowakowski-Krijger
Author Date: 2023-06-29 16:45:10 UTC

UBUNTU: Upstream stable to v5.4.243

BugLink: https://bugs.launchpad.net/bugs/2025387

Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

Author: Kamal Mostafa
Author Date: 2023-05-22 22:04:16 UTC

UBUNTU: Upstream stable to v5.4.236

BugLink: https://bugs.launchpad.net/bugs/2020390

Ignore: yes
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

Author: Luke Nowakowski-Krijger
Author Date: 2023-04-11 18:33:19 UTC

UBUNTU: Upstream stable to v5.4.233

BugLink: https://bugs.launchpad.net/bugs/2015909

Ignore: yes
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

Author: Stefan Bader
Author Date: 2023-02-03 14:30:55 UTC

UBUNTU: Ubuntu-5.4.0-144.161

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-01-25 09:27:42 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-60.66~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2023-01-25 09:27:42 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-60.66~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-10-14 16:32:31 UTC

UBUNTU: Ubuntu-5.4.0-131.147

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Author: Stefan Bader
Author Date: 2022-10-13 12:47:29 UTC

UBUNTU: Ubuntu-hwe-5.15-5.15.0-52.58~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Eric Dumazet
Author Date: 2022-06-21 19:09:00 UTC

llc: only change llc->dev when bind() succeeds

commit 2d327a79ee176930dc72c131a970c891d367c1dc upstream.

My latest patch, attempting to fix the refcount leak in a minimal
way turned out to add a new bug.

Whenever the bind operation fails before we attempt to grab
a reference count on a device, we might release the device refcount
of a prior successful bind() operation.

syzbot was not happy about this [1].

Note to stable teams:

Make sure commit b37a46683739 ("netdevice: add the case if dev is NULL")
is already present in your trees.

[1]
general protection fault, probably for non-canonical address 0xdffffc0000000070: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]
CPU: 1 PID: 3590 Comm: syz-executor361 Tainted: G W 5.17.0-syzkaller-04796-g169e77764adc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:llc_ui_connect+0x400/0xcb0 net/llc/af_llc.c:500
Code: 80 3c 02 00 0f 85 fc 07 00 00 4c 8b a5 38 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a9 07 00 00 49 8b b4 24 80 03 00 00 4c 89 f2 48
RSP: 0018:ffffc900038cfcc0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880756eb600 RCX: 0000000000000000
RDX: 0000000000000070 RSI: ffffc900038cfe3e RDI: 0000000000000380
RBP: ffff888015ee5000 R08: 0000000000000001 R09: ffff888015ee5535
R10: ffffed1002bdcaa6 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc900038cfe37 R14: ffffc900038cfe38 R15: ffff888015ee5012
FS: 0000555555acd300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000280 CR3: 0000000077db6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __sys_connect_file+0x155/0x1a0 net/socket.c:1900
 __sys_connect+0x161/0x190 net/socket.c:1917
 __do_sys_connect net/socket.c:1927 [inline]
 __se_sys_connect net/socket.c:1924 [inline]
 __x64_sys_connect+0x6f/0xb0 net/socket.c:1924
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f016acb90b9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd417947f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f016acb90b9
RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 00007f016ac7d0a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f016ac7d130
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:llc_ui_connect+0x400/0xcb0 net/llc/af_llc.c:500

Fixes: 764f4eb6846f ("llc: fix netdevice reference leaks in llc_ui_bind()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: 赵子轩 <beraphin@gmail.com>
Cc: Stoyan Manolov <smanolov@suse.de>
Link: https://lore.kernel.org/r/20220325035827.360418-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2022-28356
(cherry picked from commit 163960a7de1333514c9352deb7c80c6b9fd9abf2 linux-5.10.y)
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-06-02 22:48:21 UTC

UBUNTU: Ubuntu-hwe-5.13-5.13.0-48.54~20.04.1

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Author: Stefan Bader
Author Date: 2022-05-23 13:33:01 UTC

UBUNTU: Ubuntu-hwe-5.13-5.13.0-46.51~20.04.1

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2022-03-09 14:54:36 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2022-03-09 14:54:36 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-61.61

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Thadeu Lima de Souza Cascardo
Author Date: 2022-01-06 23:13:46 UTC

UBUNTU: Ubuntu-hwe-5.11-5.11.0-46.51~20.04.1

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

Author: Stefan Bader
Author Date: 2021-10-27 08:49:04 UTC

UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Author: Stefan Bader
Author Date: 2021-10-27 08:49:04 UTC

UBUNTU: Ubuntu-hwe-5.8-5.8.0-67.75

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>