group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #33547
[Bug 1851380] Re: root can lift kernel lockdown
This bug was fixed in the package linux - 5.3.0-24.26
---------------
linux (5.3.0-24.26) eoan; urgency=medium
* eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)
* Eoan update: 5.3.9 upstream stable release (LP: #1851550)
- io_uring: fix up O_NONBLOCK handling for sockets
- dm snapshot: introduce account_start_copy() and account_end_copy()
- dm snapshot: rework COW throttling to fix deadlock
- Btrfs: fix inode cache block reserve leak on failure to allocate data space
- btrfs: qgroup: Always free PREALLOC META reserve in
btrfs_delalloc_release_extents()
- iio: adc: meson_saradc: Fix memory allocation order
- iio: fix center temperature of bmc150-accel-core
- libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
- perf tests: Avoid raising SEGV using an obvious NULL dereference
- perf map: Fix overlapped map handling
- perf script brstackinsn: Fix recovery from LBR/binary mismatch
- perf jevents: Fix period for Intel fixed counters
- perf tools: Propagate get_cpuid() error
- perf annotate: Propagate perf_env__arch() error
- perf annotate: Fix the signedness of failure returns
- perf annotate: Propagate the symbol__annotate() error return
- perf annotate: Fix arch specific ->init() failure errors
- perf annotate: Return appropriate error code for allocation failures
- perf annotate: Don't return -1 for error when doing BPF disassembly
- staging: rtl8188eu: fix null dereference when kzalloc fails
- RDMA/siw: Fix serialization issue in write_space()
- RDMA/hfi1: Prevent memory leak in sdma_init
- RDMA/iw_cxgb4: fix SRQ access from dump_qp()
- RDMA/iwcm: Fix a lock inversion issue
- HID: hyperv: Use in-place iterator API in the channel callback
- kselftest: exclude failed TARGETS from runlist
- selftests/kselftest/runner.sh: Add 45 second timeout per test
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
- arm64: cpufeature: Effectively expose FRINT capability to userspace
- arm64: Fix incorrect irqflag restore for priority masking for compat
- arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
- tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
- tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()'
- serial/sifive: select SERIAL_EARLYCON
- tty: n_hdlc: fix build on SPARC
- misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
- RDMA/core: Fix an error handling path in 'res_get_common_doit()'
- RDMA/cm: Fix memory leak in cm_add/remove_one
- RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path
- RDMA/mlx5: Do not allow rereg of a ODP MR
- RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu
- RDMA/mlx5: Add missing synchronize_srcu() for MW cases
- gpio: max77620: Use correct unit for debounce times
- fs: cifs: mute -Wunused-const-variable message
- arm64: vdso32: Fix broken compat vDSO build warnings
- arm64: vdso32: Detect binutils support for dmb ishld
- serial: mctrl_gpio: Check for NULL pointer
- serial: 8250_omap: Fix gpio check for auto RTS/CTS
- arm64: Default to building compat vDSO with clang when CONFIG_CC_IS_CLANG
- arm64: vdso32: Don't use KBUILD_CPPFLAGS unconditionally
- efi/cper: Fix endianness of PCIe class code
- efi/x86: Do not clean dummy variable in kexec path
- MIPS: include: Mark __cmpxchg as __always_inline
- riscv: avoid kernel hangs when trapped in BUG()
- riscv: avoid sending a SIGTRAP to a user thread trapped in WARN()
- riscv: Correct the handling of unexpected ebreak in do_trap_break()
- x86/xen: Return from panic notifier
- ocfs2: clear zero in unaligned direct IO
- fs: ocfs2: fix possible null-pointer dereferences in
ocfs2_xa_prepare_entry()
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_write_end_nolock()
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_info_scan_inode_alloc()
- btrfs: silence maybe-uninitialized warning in clone_range
- arm64: armv8_deprecated: Checking return value for memory allocation
- sched/fair: Scale bandwidth quota and period without losing quota/period
ratio precision
- sched/vtime: Fix guest/system mis-accounting on task switch
- perf/core: Rework memory accounting in perf_mmap()
- perf/core: Fix corner case in perf_rotate_context()
- perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
- drm/amdgpu: fix memory leak
- iio: imu: adis16400: release allocated memory on failure
- iio: imu: adis16400: fix memory leak
- iio: imu: st_lsm6dsx: fix waitime for st_lsm6dsx i2c controller
- MIPS: include: Mark __xchg as __always_inline
- MIPS: fw: sni: Fix out of bounds init of o32 stack
- s390/cio: fix virtio-ccw DMA without PV
- virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
- nbd: fix possible sysfs duplicate warning
- NFSv4: Fix leak of clp->cl_acceptor string
- SUNRPC: fix race to sk_err after xs_error_report
- s390/uaccess: avoid (false positive) compiler warnings
- tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
- perf annotate: Fix multiple memory and file descriptor leaks
- perf/aux: Fix tracking of auxiliary trace buffer allocation
- USB: legousbtower: fix a signedness bug in tower_probe()
- nbd: verify socket is supported during setup
- fuse: flush dirty data/metadata before non-truncate setattr
- fuse: truncate pending writes on O_TRUNC
- ALSA: bebob: Fix prototype of helper function to return negative value
- ALSA: timer: Fix mutex deadlock at releasing card
- ath10k: fix latency issue for QCA988x
- UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather
segments")
- nl80211: fix validation of mesh path nexthop
- USB: gadget: Reject endpoints with 0 maxpacket value
- usb-storage: Revert commit 747668dbc061 ("usb-storage: Set
virt_boundary_mask to avoid SG overflows")
- USB: ldusb: fix ring-buffer locking
- USB: ldusb: fix control-message timeout
- usb: xhci: fix Immediate Data Transfer endianness
- usb: xhci: fix __le32/__le64 accessors in debugfs code
- USB: serial: whiteheat: fix potential slab corruption
- USB: serial: whiteheat: fix line-speed endianness
- xhci: Fix use-after-free regression in xhci clear hub TT implementation
- scsi: qla2xxx: Fix partial flash write of MBI
- scsi: target: cxgbit: Fix cxgbit_fw4_ack()
- HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
- HID: Fix assumption that devices have inputs
- HID: fix error message in hid_open_report()
- HID: logitech-hidpp: split g920_get_config()
- HID: logitech-hidpp: rework device validation
- HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy()
- um-ubd: Entrust re-queue to the upper layers
- s390/unwind: fix mixing regs and sp
- s390/cmm: fix information leak in cmm_timeout_handler()
- s390/idle: fix cpu idle time calculation
- ARC: perf: Accommodate big-endian CPU
- IB/hfi1: Avoid excessive retry for TID RDMA READ request
- arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
- arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003
- virtio_ring: fix stalls for packed rings
- rtlwifi: rtl_pci: Fix problem of too small skb->len
- dmaengine: qcom: bam_dma: Fix resource leak
- dmaengine: tegra210-adma: fix transfer failure
- dmaengine: imx-sdma: fix size check for sdma script_number
- dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
- drm/amdgpu/gmc10: properly set BANK_SELECT and FRAGMENT_SIZE
- drm/i915: Fix PCH reference clock for FDI on HSW/BDW
- drm/amdgpu/gfx10: update gfx golden settings
- drm/amdgpu/powerplay/vega10: allow undervolting in p7
- drm/amdgpu: Fix SDMA hang when performing VKexample test
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
- io_uring: ensure we clear io_kiocb->result before each issue
- iommu/vt-d: Fix panic after kexec -p for kdump
- batman-adv: Avoid free/alloc race when handling OGM buffer
- llc: fix sk_buff leak in llc_sap_state_process()
- llc: fix sk_buff leak in llc_conn_service()
- rxrpc: Fix call ref leak
- rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
- rxrpc: Fix trace-after-put looking at the put peer record
- NFC: pn533: fix use-after-free and memleaks
- bonding: fix potential NULL deref in bond_update_slave_arr
- netfilter: conntrack: avoid possible false sharing
- net: usb: sr9800: fix uninitialized local variable
- sch_netem: fix rcu splat in netem_enqueue()
- net: sched: sch_sfb: don't call qdisc_put() while holding tree lock
- iwlwifi: exclude GEO SAR support for 3168
- sched/fair: Fix low cpu usage with high throttling by removing expiration of
cpu-local slices
- ALSA: usb-audio: DSD auto-detection for Playback Designs
- ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel
- ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface
- RDMA/mlx5: Use irq xarray locking for mkey_table
- sched/fair: Fix -Wunused-but-set-variable warnings
- powerpc/powernv: Fix CPU idle to be called with IRQs disabled
- Revert "nvme: allow 64-bit results in passthru commands"
- Revert "ALSA: hda: Flush interrupts on disabling"
- Linux 5.3.9
- [Config] Remove CONFIG_GENERIC_COMPAT_VDSO and
CONFIG_CROSS_COMPILE_COMPAT_VDSO
* Eoan update: v5.3.8 upstream stable release (LP: #1850456)
- drm: Free the writeback_job when it with an empty fb
- drm: Clear the fence pointer when writeback job signaled
- clk: ti: dra7: Fix mcasp8 clock bits
- ARM: dts: Fix wrong clocks for dra7 mcasp
- nvme-pci: Fix a race in controller removal
- scsi: ufs: skip shutdown if hba is not powered
- scsi: megaraid: disable device when probe failed after enabled device
- scsi: qla2xxx: Silence fwdump template message
- scsi: qla2xxx: Fix unbound sleep in fcport delete path.
- scsi: qla2xxx: Fix stale mem access on driver unload
- scsi: qla2xxx: Fix N2N link reset
- scsi: qla2xxx: Fix N2N link up fail
- ARM: dts: Fix gpio0 flags for am335x-icev2
- ARM: OMAP2+: Fix missing reset done flag for am3 and am43
- ARM: OMAP2+: Add missing LCDC midlemode for am335x
- ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
- nvme-tcp: fix wrong stop condition in io_work
- nvme-pci: Save PCI state before putting drive into deepest state
- nvme: fix an error code in nvme_init_subsystem()
- nvme-rdma: Fix max_hw_sectors calculation
- Added QUIRKs for ADATA XPG SX8200 Pro 512GB
- nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T
- nvme: allow 64-bit results in passthru commands
- drm/komeda: prevent memory leak in komeda_wb_connector_add
- nvme-rdma: fix possible use-after-free in connect timeout
- blk-mq: honor IO scheduler for multiqueue devices
- ieee802154: ca8210: prevent memory leak
- ARM: dts: am4372: Set memory bandwidth limit for DISPC
- net: dsa: qca8k: Use up to 7 ports for all operations
- MIPS: dts: ar9331: fix interrupt-controller size
- xen/efi: Set nonblocking callbacks
- loop: change queue block size to match when using DIO
- nl80211: fix null pointer dereference
- mac80211: fix txq null pointer dereference
- netfilter: nft_connlimit: disable bh on garbage collection
- net: mscc: ocelot: add missing of_node_put after calling
of_get_child_by_name
- net: dsa: rtl8366rb: add missing of_node_put after calling
of_get_child_by_name
- net: stmmac: xgmac: Not all Unicast addresses may be available
- net: stmmac: dwmac4: Always update the MAC Hash Filter
- net: stmmac: Correctly take timestamp for PTPv2
- net: stmmac: Do not stop PHY if WoL is enabled
- net: ag71xx: fix mdio subnode support
- RISC-V: Clear load reservations while restoring hart contexts
- riscv: Fix memblock reservation for device tree blob
- drm/amdgpu: fix multiple memory leaks in acp_hw_init
- drm/amd/display: memory leak
- mips: Loongson: Fix the link time qualifier of 'serial_exit()'
- net: hisilicon: Fix usage of uninitialized variable in function
mdio_sc_cfg_reg_write()
- net: stmmac: Avoid deadlock on suspend/resume
- selftests: kvm: Fix libkvm build error
- lib: textsearch: fix escapes in example code
- s390/mm: fix -Wunused-but-set-variable warnings
- net: phy: allow for reset line to be tied to a sleepy GPIO controller
- net: phy: fix write to mii-ctrl1000 register
- namespace: fix namespace.pl script to support relative paths
- Convert filldir[64]() from __put_user() to unsafe_put_user()
- elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings
- Make filldir[64]() verify the directory entry filename is valid
- uaccess: implement a proper unsafe_copy_to_user() and switch filldir over to
it
- filldir[64]: remove WARN_ON_ONCE() for bad directory entries
- net_sched: fix backward compatibility for TCA_KIND
- net_sched: fix backward compatibility for TCA_ACT_KIND
- libata/ahci: Fix PCS quirk application
- Revert "drm/radeon: Fix EEH during kexec"
- ocfs2: fix panic due to ocfs2_wq is null
- nvme-pci: Set the prp2 correctly when using more than 4k page
- ipv4: fix race condition between route lookup and invalidation
- ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
- net: avoid potential infinite loop in tc_ctl_action()
- net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
- net: bcmgenet: Set phydev->dev_flags only for internal PHYs
- net: i82596: fix dma_alloc_attr for sni_82596
- net/ibmvnic: Fix EOI when running in XIVE mode.
- net: ipv6: fix listify ip6_rcv_finish in case of forwarding
- net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
- rxrpc: Fix possible NULL pointer access in ICMP handling
- sched: etf: Fix ordering of packets with same txtime
- sctp: change sctp_prot .no_autobind with true
- net: aquantia: temperature retrieval fix
- net: aquantia: when cleaning hw cache it should be toggled
- net: aquantia: do not pass lro session with invalid tcp checksum
- net: aquantia: correctly handle macvlan and multicast coexistence
- net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs
- net: phy: micrel: Update KSZ87xx PHY name
- net: avoid errors when trying to pop MLPS header on non-MPLS packets
- net/sched: fix corrupted L2 header with MPLS 'push' and 'pop' actions
- netdevsim: Fix error handling in nsim_fib_init and nsim_fib_exit
- net: ethernet: broadcom: have drivers select DIMLIB as needed
- net: phy: Fix "link partner" information disappear issue
- rxrpc: use rcu protection while reading sk->sk_user_data
- io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD
- io_uring: Fix corrupted user_data
- USB: legousbtower: fix memleak on disconnect
- ALSA: hda/realtek - Add support for ALC711
- ALSA: hda/realtek - Enable headset mic on Asus MJ401TA
- ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers
- ALSA: hda - Force runtime PM on Nvidia HDMI codecs
- usb: udc: lpc32xx: fix bad bit shift operation
- USB: serial: ti_usb_3410_5052: fix port-close races
- USB: ldusb: fix memleak on disconnect
- USB: usblp: fix use-after-free on disconnect
- USB: ldusb: fix read info leaks
- binder: Don't modify VMA bounds in ->mmap handler
- MIPS: tlbex: Fix build_restore_pagemask KScratch restore
- staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
- scsi: zfcp: fix reaction on bit error threshold notification
- scsi: sd: Ignore a failure to sync cache due to lack of authorization
- scsi: core: save/restore command resid for error handling
- scsi: core: try to get module before removing device
- scsi: ch: Make it possible to open a ch device multiple times again
- Revert "Input: elantech - enable SMBus on new (2018+) systems"
- Input: da9063 - fix capability and drop KEY_SLEEP
- Input: synaptics-rmi4 - avoid processing unknown IRQs
- Input: st1232 - fix reporting multitouch coordinates
- ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
- ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit()
- ACPI: NFIT: Fix unlock on error in scrub_show()
- iwlwifi: pcie: change qu with jf devices to use qu configuration
- cfg80211: wext: avoid copying malformed SSIDs
- mac80211: Reject malformed SSID elements
- drm/ttm: Restore ttm prefaulting
- drm/panfrost: Handle resetting on timeout better
- drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
- drm/amdgpu/sdma5: fix mask value of POLL_REGMEM packet for pipe sync
- drm/i915/userptr: Never allow userptr into the mappable GGTT
- drm/i915: Favor last VBT child device with conflicting AUX ch/DDC pin
- drm/amdgpu/vce: fix allocation size in enc ring test
- drm/amdgpu/vcn: fix allocation size in enc ring test
- drm/amdgpu/uvd6: fix allocation size in enc ring test (v2)
- drm/amdgpu/uvd7: fix allocation size in enc ring test (v2)
- drm/amdgpu: user pages array memory leak fix
- drivers/base/memory.c: don't access uninitialized memmaps in
soft_offline_page_store()
- fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
- io_uring: Fix broken links with offloading
- io_uring: Fix race for sqes with userspace
- io_uring: used cached copies of sq->dropped and cq->overflow
- mmc: mxs: fix flags passed to dmaengine_prep_slave_sg
- mmc: cqhci: Commit descriptors before setting the doorbell
- mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C
- mm/memory-failure.c: don't access uninitialized memmaps in memory_failure()
- mm/slub: fix a deadlock in show_slab_objects()
- mm/page_owner: don't access uninitialized memmaps when reading
/proc/pagetypeinfo
- mm/memunmap: don't access uninitialized memmap in memunmap_pages()
- mm: memcg/slab: fix panic in __free_slab() caused by premature memcg pointer
release
- mm, compaction: fix wrong pfn handling in __reset_isolation_pfn()
- mm: memcg: get number of pages on the LRU list in memcgroup base on
lru_zone_size
- mm: memblock: do not enforce current limit for memblock_phys* family
- hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
- mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped
more than once
- zram: fix race between backing_dev_show and backing_dev_store
- xtensa: drop EXPORT_SYMBOL for outs*/ins*
- xtensa: fix change_bit in exclusive access option
- s390/zcrypt: fix memleak at release
- s390/kaslr: add support for R_390_GLOB_DAT relocation type
- lib/vdso: Make clock_getres() POSIX compliant again
- parisc: Fix vmap memory leak in ioremap()/iounmap()
- EDAC/ghes: Fix Use after free in ghes_edac remove path
- arm64: KVM: Trap VM ops when ARM64_WORKAROUND_CAVIUM_TX2_219_TVM is set
- arm64: Avoid Cavium TX2 erratum 219 when switching TTBR
- arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT
- arm64: Allow CAVIUM_TX2_ERRATUM_219 to be selected
- CIFS: avoid using MID 0xFFFF
- cifs: Fix missed free operations
- CIFS: Fix use after free of file info structures
- perf/aux: Fix AUX output stopping
- tracing: Fix race in perf_trace_buf initialization
- fs/dax: Fix pmd vs pte conflict detection
- dm cache: fix bugs when a GFP_NOWAIT allocation fails
- irqchip/sifive-plic: Switch to fasteoi flow
- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
- x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu
- x86/hyperv: Make vapic support x2apic mode
- pinctrl: cherryview: restore Strago DMI workaround for all versions
- pinctrl: armada-37xx: fix control of pins 32 and up
- pinctrl: armada-37xx: swap polarity on LED group
- btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
- Btrfs: add missing extents release on file extent cluster relocation error
- btrfs: don't needlessly create extent-refs kernel thread
- Btrfs: fix qgroup double free after failure to reserve metadata for delalloc
- Btrfs: check for the full sync flag while holding the inode lock during
fsync
- btrfs: tracepoints: Fix wrong parameter order for qgroup events
- btrfs: tracepoints: Fix bad entry members of qgroup events
- KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use
- memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
- cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
- ceph: just skip unrecognized info in ceph_reply_info_extra
- xen/netback: fix error path of xenvif_connect_data()
- PCI: PM: Fix pci_power_up()
- opp: of: drop incorrect lockdep_assert_held()
- of: reserved_mem: add missing of_node_put() for proper ref-counting
- blk-rq-qos: fix first node deletion of rq_qos_del()
- RDMA/cxgb4: Do not dma memory off of the stack
- Linux 5.3.8
- [Config] CONFIG_CAVIUM_TX2_ERRATUM_219=y
* Eoan update: 5.3.10 upstream stable release (LP: #1852111)
- regulator: of: fix suspend-min/max-voltage parsing
- ASoC: samsung: arndale: Add missing OF node dereferencing
- ASoC: wm8994: Do not register inapplicable controls for WM1811
- regulator: da9062: fix suspend_enable/disable preparation
- ASoC: topology: Fix a signedness bug in soc_tplg_dapm_widget_create()
- arm64: dts: allwinner: a64: pine64-plus: Add PHY regulator delay
- arm64: dts: allwinner: a64: Drop PMU node
- arm64: dts: allwinner: a64: sopine-baseboard: Add PHY regulator delay
- arm64: dts: Fix gpio to pinmux mapping
- regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
- pinctrl: intel: Allocate IRQ chip dynamic
- ASoC: SOF: loader: fix kernel oops on firmware boot failure
- ASoC: SOF: topology: fix parse fail issue for byte/bool tuple types
- ASoC: SOF: Intel: hda: fix warnings during FW load
- ASoC: SOF: Intel: initialise and verify FW crash dump data.
- ASoC: SOF: Intel: hda: Disable DMI L1 entry during capture
- ASoC: rt5682: add NULL handler to set_jack function
- ASoC: intel: sof_rt5682: add remove function to disable jack
- ASoC: intel: bytcr_rt5651: add null check to support_button_press
- regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
could be uninitialized
- ASoC: wm_adsp: Don't generate kcontrols without READ flags
- ASoc: rockchip: i2s: Fix RPM imbalance
- arm64: dts: rockchip: fix Rockpro64 RK808 interrupt line
- ARM: dts: logicpd-torpedo-som: Remove twl_keypad
- arm64: dts: rockchip: fix RockPro64 vdd-log regulator settings
- arm64: dts: rockchip: fix RockPro64 sdhci settings
- pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable()
- pinctrl: stmfx: fix null pointer on remove
- arm64: dts: zii-ultra: fix ARM regulator states
- ARM: dts: am3874-iceboard: Fix 'i2c-mux-idle-disconnect' usage
- ASoC: msm8916-wcd-digital: add missing MIX2 path for RX1/2
- ASoC: simple_card_utils.h: Fix potential multiple redefinition error
- ARM: dts: Use level interrupt for omap4 & 5 wlcore
- ARM: mm: fix alignment handler faults under memory pressure
- scsi: qla2xxx: fix a potential NULL pointer dereference
- scsi: scsi_dh_alua: handle RTPG sense code correctly during state
transitions
- scsi: sni_53c710: fix compilation error
- scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
- ARM: 8908/1: add __always_inline to functions called from __get_user_check()
- ARM: 8914/1: NOMMU: Fix exc_ret for XIP
- arm64: dts: rockchip: fix RockPro64 sdmmc settings
- arm64: dts: rockchip: Fix usb-c on Hugsun X99 TV Box
- arm64: dts: lx2160a: Correct CPU core idle state name
- ARM: dts: imx6q-logicpd: Re-Enable SNVS power key
- ARM: dts: vf610-zii-scu4-aib: Specify 'i2c-mux-idle-disconnect'
- ARM: dts: imx7s: Correct GPT's ipg clock source
- arm64: dts: imx8mq: Use correct clock for usdhc's ipg clk
- arm64: dts: imx8mm: Use correct clock for usdhc's ipg clk
- perf tools: Fix resource leak of closedir() on the error paths
- perf c2c: Fix memory leak in build_cl_output()
- 8250-men-mcb: fix error checking when get_num_ports returns -ENODEV
- perf kmem: Fix memory leak in compact_gfp_flags()
- ARM: davinci: dm365: Fix McBSP dma_slave_map entry
- drm/amdgpu: fix potential VM faults
- drm/amdgpu: fix error handling in amdgpu_bo_list_create
- scsi: target: core: Do not overwrite CDB byte 1
- scsi: hpsa: add missing hunks in reset-patch
- ASoC: Intel: sof-rt5682: add a check for devm_clk_get
- ASoC: SOF: control: return true when kcontrol values change
- tracing: Fix "gfp_t" format for synthetic events
- ARM: dts: bcm2837-rpi-cm3: Avoid leds-gpio probing issue
- i2c: aspeed: fix master pending state handling
- drm/komeda: Don't flush inactive pipes
- ARM: 8926/1: v7m: remove register save to stack before svc
- selftests: kvm: vmx_set_nested_state_test: don't check for VMX support twice
- selftests: kvm: fix sync_regs_test with newer gccs
- ALSA: hda: Add Tigerlake/Jasperlake PCI ID
- of: unittest: fix memory leak in unittest_data_add
- MIPS: bmips: mark exception vectors as char arrays
- irqchip/gic-v3-its: Use the exact ITSList for VMOVP
- i2c: mt65xx: fix NULL ptr dereference
- i2c: stm32f7: fix first byte to send in slave mode
- i2c: stm32f7: fix a race in slave mode with arbitration loss irq
- i2c: stm32f7: remove warning when compiling with W=1
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
- irqchip/sifive-plic: Skip contexts except supervisor in plic_init()
- nbd: protect cmd->status with cmd->lock
- nbd: handle racing with error'ed out commands
- cxgb4: fix panic when attaching to ULD fail
- cxgb4: request the TX CIDX updates to status page
- dccp: do not leak jiffies on the wire
- erspan: fix the tun_info options_len check for erspan
- inet: stop leaking jiffies on the wire
- net: annotate accesses to sk->sk_incoming_cpu
- net: annotate lockless accesses to sk->sk_napi_id
- net: dsa: bcm_sf2: Fix IMP setup for port different than 8
- net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum
- net: fix sk_page_frag() recursion from memory reclaim
- net: hisilicon: Fix ping latency when deal with high throughput
- net/mlx4_core: Dynamically set guaranteed amount of counters per VF
- netns: fix GFP flags in rtnl_net_notifyid()
- net: rtnetlink: fix a typo fbd -> fdb
- net: usb: lan78xx: Disable interrupts before calling generic_handle_irq()
- SAUCE: Revert "UBUNTU: SAUCE: (no-up) net: Zeroing the structure
ethtool_wolinfo in ethtool_get_wol()"
- net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
- selftests: net: reuseport_dualstack: fix uninitalized parameter
- udp: fix data-race in udp_set_dev_scratch()
- vxlan: check tun_info options_len properly
- net: add skb_queue_empty_lockless()
- udp: use skb_queue_empty_lockless()
- net: use skb_queue_empty_lockless() in poll() handlers
- net: use skb_queue_empty_lockless() in busy poll contexts
- net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
- ipv4: fix route update on metric change.
- selftests: fib_tests: add more tests for metric update
- net/smc: fix closing of fallback SMC sockets
- net/smc: keep vlan_id for SMC-R in smc_listen_work()
- keys: Fix memory leak in copy_net_ns
- net: phylink: Fix phylink_dbg() macro
- rxrpc: Fix handling of last subpacket of jumbo packet
- net/mlx5e: Determine source port properly for vlan push action
- net/mlx5e: Remove incorrect match criteria assignment line
- net/mlx5e: Initialize on stack link modes bitmap
- net/mlx5: Fix flow counter list auto bits struct
- net/smc: fix refcounting for non-blocking connect()
- net/mlx5: Fix rtable reference leak
- mlxsw: core: Unpublish devlink parameters during reload
- r8169: fix wrong PHY ID issue with RTL8168dp
- net/mlx5e: Fix ethtool self test: link speed
- net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget
- ipv4: fix IPSKB_FRAG_PMTU handling with fragmentation
- net: bcmgenet: don't set phydev->link from MAC
- net: dsa: b53: Do not clear existing mirrored port mask
- net: dsa: fix switch tree list
- net: ensure correct skb->tstamp in various fragmenters
- net: hns3: fix mis-counting IRQ vector numbers issue
- net: netem: fix error path for corrupted GSO frames
- net: reorder 'struct net' fields to avoid false sharing
- net: usb: lan78xx: Connect PHY before registering MAC
- r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2
- net: netem: correct the parent's backlog when corrupted packet was dropped
- net: phy: bcm7xxx: define soft_reset for 40nm EPHY
- net: bcmgenet: reset 40nm EPHY on energy detect
- net/flow_dissector: switch to siphash
- platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI
table
- CIFS: Fix retry mid list corruption on reconnects
- selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue
- selftests/powerpc: Fix compile error on tlbie_test due to newer gcc
- ASoC: pcm3168a: The codec does not support S32_LE
- arm64: dts: ti: k3-am65-main: Fix gic-its node unit-address
- usb: gadget: udc: core: Fix segfault if udc_bind_to_driver() for pending
driver fails
- Linux 5.3.10
- [Config] SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1=n
* Some EFI systems fail to boot in efi_init() when booted via maas
(LP: #1851810)
- efi: efi_get_memory_map -- increase map headroom
* dkms artifacts may expire from the pool (LP: #1850958)
- [Packaging] dkms -- try launchpad librarian for pool downloads
- [Packaging] dkms -- dkms-build quieten wget verbiage
* update ENA driver to version 2.1.0 (LP: #1850175)
- net: ena: don't wake up tx queue when down
- net: ena: clean up indentation issue
* drm/i915: Add support for another CMP-H PCH (LP: #1848491)
- drm/i915/cml: Add second PCH ID for CMP
* Add Intel Comet Lake ethernet support (LP: #1848555)
- SAUCE: e1000e: Add support for Comet Lake
* seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test (LP: #1849281)
- SAUCE: seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE
- SAUCE: seccomp: avoid overflow in implicit constant conversion
- SAUCE: seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test
* tsc marked unstable after entered PC10 on Intel CoffeeLake (LP: #1840239)
- SAUCE: x86/intel: Disable HPET on Intel Coffe Lake platforms
- SAUCE: x86/intel: Disable HPET on Intel Ice Lake platforms
* cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled
cloud (LP: #1848481)
- [Packaging] include iavf/i40evf in generic
* High power consumption using 5.0.0-25-generic (LP: #1840835)
- PCI: Add a helper to check Power Resource Requirements _PR3 existence
- ALSA: hda: Allow HDA to be runtime suspended when dGPU is not bound to a
driver
- PCI: Fix missing inline for pci_pr3_present()
* CML CPUIDs (LP: #1843794)
- x86/cpu: Add Comet Lake to the Intel CPU models header
* shiftfs: prevent exceeding project quotas (LP: #1849483)
- SAUCE: shiftfs: drop CAP_SYS_RESOURCE from effective capabilities
* shiftfs: fix fallocate() (LP: #1849482)
- SAUCE: shiftfs: setup correct s_maxbytes limit
* Bluetooth: hidp: Fix assumptions on the return value of hidp_send_message
(LP: #1850443)
- Bluetooth: hidp: Fix assumptions on the return value of hidp_send_message
* [SRU][B/OEM-B/OEM-OSP1/D/E] UBUNTU: SAUCE: add rtl623 codec support and fix
mic issues (LP: #1850599)
- SAUCE: ALSA: hda/realtek - Add support for ALC623
- SAUCE: ALSA: hda/realtek - Fix 2 front mics of codec 0x623
* Suppress "hid_field_extract() called with n (192) > 32!" message floods
(LP: #1850600)
- HID: core: reformat and reduce hid_printk macros
- HID: core: Add printk_once variants to hid_warn() etc
- HID: core: fix dmesg flooding if report field larger than 32bit
* ubuntu-aufs-modified mmap_region() breaks refcounting in overlayfs/shiftfs
error path (LP: #1850994) // CVE-2019-15794
- SAUCE: shiftfs: Restore vm_file value when lower fs mmap fails
- SAUCE: ovl: Restore vm_file value when lower fs mmap fails
* s_iflags overlap prevents unprivileged overlayfs mounts (LP: #1851677)
- SAUCE: fs: Move SB_I_NOSUID to the top of s_iflags
* root can lift kernel lockdown (LP: #1851380)
- SAUCE: (efi-lockdown) Really don't allow lifting lockdown from userspace
* Colour banding in Lenovo G50-80 laptop display (i915) (LP: #1819968) // Eoan
update: v5.3.8 upstream stable release (LP: #1850456)
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
-- Connor Kuehl <connor.kuehl@xxxxxxxxxxxxx> Wed, 13 Nov 2019 14:41:52
-0800
** Changed in: linux (Ubuntu Eoan)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1851380
Title:
root can lift kernel lockdown
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Invalid
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Disco:
Fix Released
Status in linux source package in Eoan:
Fix Released
Status in linux source package in Focal:
In Progress
Bug description:
SRU Justification
Impact: The kernel lockdown support adds a sysrq to allow a physically
present user to disable lockdown from the keyboard. A bug in the
implementation makes it possible to also lift lockdown by writing to
/proc/sysrq-trigger.
Fix: Correct the logic to disallow disabling lockdown via /proc/sysrq-
trigger.
Test Case: Write "x" to /proc/sysrq-trigger. When working properly
there should be no messages in dmesg about lifting lockdown, and
lockdown restrictions (e.g. loading unsigned modules) should remain in
effect.
Regression Potential: Anyone using /proc/sysrq-trigger to disable
lockdown will no longer be able to do so. Implementation bugs could
prevent use of the sysrq from the keyboard from disabling lockdown,
but this has been confrimed to still work with the fix in place.
---
Echoing "x" into /proc/sysrq-trigger disables kernel lockdown, even
though it shouldn't.
If I'm not mistaken, kernel lockdown is meant to create a barrier
between root and the kernel that can only be broken with physical
access to the system. It is automatically enabled when the system is
booted with UEFI Secure Boot, which is the case for me.
This should show the bug:
# echo "x" > /proc/sysrq-trigger
Nov 05 14:58:15 panzersperre kernel: sysrq: SysRq :
Nov 05 14:58:15 panzersperre kernel: This sysrq operation is disabled from userspace.
Nov 05 14:58:15 panzersperre kernel: Disabling Secure Boot restrictions
Nov 05 14:58:15 panzersperre kernel: Lifting lockdown
Note that it first says that the operation is disabled and then performs this operation.
This should only be possible by physically pressing sysrq+x on an attached keyboard.
I'm doing this on 4.15.0-68-generic on Ubuntu 18.04.3 LTS.
I have kernel.sysrq set to 1 - this is important to be able to trigger this bug. (But I don't think it disqualifies this issue as non-security relevant because root can trivially execute `sysctl kernel.sysrq=1`.)
I first learned about this by reading a blog post
(https://gehrcke.de/2019/09/running-an-ebpf-program-may-require-
lifting-the-kernel-lockdown/), so I'm not the first to notice this
behavior (even though this post doesn't say it's a bug).
Looking through drivers/tty/sysrq.c, I guess the problem is caused by
this if condition in __handle_sysrq:
554 │ /* Ban synthetic events from some sysrq functionality */
555 │ if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
556 │ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE)
557 │ printk("This sysrq operation is disabled from userspace.\n");
558 │ /*
559 │ * Should we check for enabled operations (/proc/sysrq-trigger
560 │ * should not) and is the invoked operation enabled?
561 │ */
562 │ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
563 │ pr_cont("%s\n", op_p->action_msg);
564 │ console_loglevel = orig_log_level;
565 │ op_p->handler(key);
566 │ } else {
567 │ pr_cont("This sysrq operation is disabled.\n");
568 │ }
Note that `op_p->enable_mask & SYSRQ_DISABLE_USERSPACE` just causes a
printk and no change of behavior.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-68-generic 4.15.0-68.77
ProcVersionSignature: Ubuntu 4.15.0-68.77-generic 4.15.18
Uname: Linux 4.15.0-68-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.8
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: niklas 2442 F.... pulseaudio
/dev/snd/controlC0: niklas 2442 F.... pulseaudio
CurrentDesktop: KDE
Date: Tue Nov 5 14:58:33 2019
InstallationDate: Installed on 2015-12-11 (1424 days ago)
InstallationMedia: Kubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
MachineType: LENOVO 20E8S00600
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-4.15.0-68-generic root=UUID=67485aa6-c665-4c53-bf41-328307d0cbf0 ro rootflags=subvol=@ quiet splash kaslr i915.alpha_support=1 vt.handoff=1
RelatedPackageVersions:
linux-restricted-modules-4.15.0-68-generic N/A
linux-backports-modules-4.15.0-68-generic N/A
linux-firmware 1.173.11
SourcePackage: linux
UpgradeStatus: Upgraded to bionic on 2018-07-05 (487 days ago)
dmi.bios.date: 09/26/2018
dmi.bios.vendor: LENOVO
dmi.bios.version: JHET69WW (1.69 )
dmi.board.asset.tag: Not Available
dmi.board.name: Intel powered classmate PC
dmi.board.vendor: LENOVO
dmi.board.version: SDK0E50510 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.modalias: dmi:bvnLENOVO:bvrJHET69WW(1.69):bd09/26/2018:svnLENOVO:pn20E8S00600:pvrThinkPad11e:rvnLENOVO:rnIntelpoweredclassmatePC:rvrSDK0E50510WIN:cvnLENOVO:ct10:cvrNone:
dmi.product.family: ThinkPad 11e
dmi.product.name: 20E8S00600
dmi.product.version: ThinkPad 11e
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851380/+subscriptions