| Message ID | 20210204201633.GA641971@mussarela |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [SRU,focal/linux-oem-5.6,PULL] CVE updates | expand |
On 04.02.21 21:16, Thadeu Lima de Souza Cascardo wrote: > Hello. > > This pull request has clean cherry picks of fixes for Medium CVEs that are > already applied (either released or pending) in focal/linux. > > The branch has been built-tested. Sorry this has been lost somewhat to me. Just stumbled over it. Right now I am unsure whether there still will be any 5.6 oem produced or whether that has been replaced by 5.10 already. Should this still be looked at? -Stefan > > Thanks. > Cascardo. > > ----- > > The following changes since commit e61298e83b9a4321f1e1aaba0c814764a2692a7f: > > UBUNTU: [Packaging] update-version-dkms -- maintain flags fields (2021-02-01 18:49:35 -0300) > > are available in the Git repository at: > > git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git cve-5.6-next > > for you to fetch changes up to af14b042dd815fa9806b699aad5ce75e57f50940: > > jfs: Fix array index bounds check in dbAdjTree (2021-02-04 16:14:40 -0300) > > ---------------------------------------------------------------- > Alain Michaud (1): > Bluetooth: fix kernel oops in store_pending_adv_report > > Andrea Arcangeli (1): > mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() > > Dan Carpenter (1): > hdlc_ppp: add range checks in ppp_cp_parse_cr() > > Dave Kleikamp (1): > jfs: Fix array index bounds check in dbAdjTree > > Eddy Wu (1): > fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent > > Eric Sandeen (1): > ext4: fix potential negative array index in do_split() > > Ilya Dryomov (1): > rbd: require global CAP_SYS_ADMIN for mapping and unmapping > > Jann Horn (3): > tty: Fix ->pgrp locking in tiocspgrp() > tty: Fix ->session locking > romfs: fix uninitialized memory leak in romfs_dev_read() > > Jason Yan (1): > block: Fix use-after-free in blkdev_get() > > Jeffrey Mitchell (1): > nfs: Fix getxattr kernel panic and memory overflow > > Kirill A. Shutemov (1): > mm/mmap.c: close race between munmap() and expand_upwards()/downwards() > > Luiz Augusto von Dentz (2): > Bluetooth: Consolidate encryption handling in hci_encrypt_cfm > Bluetooth: Disconnect if E0 is used for Level 4 > > Ming Lei (1): > block: allow for_each_bvec to support zero len bvec > > Peilin Ye (2): > fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h > Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts > > Vitaly Kuznetsov (1): > KVM: ioapic: break infinite recursion on lazy EOI > > Willy Tarreau (1): > lib/syscall: fix syscall registers retrieval on 32-bit platforms > > Yang Yingliang (1): > serial: 8250: fix null-ptr-deref in serial8250_start_tx() > > kiyin(尹亮) (1): > perf/core: Fix a memory leak in perf_event_parse_addr_filter() > > arch/x86/kvm/ioapic.c | 5 +-- > drivers/block/rbd.c | 12 ++++++ > drivers/net/wan/hdlc_ppp.c | 16 ++++--- > drivers/tty/serial/8250/8250_core.c | 2 +- > drivers/tty/tty_io.c | 7 +++- > drivers/tty/tty_jobctrl.c | 44 ++++++++++++++------ > drivers/video/console/newport_con.c | 7 +--- > drivers/video/fbdev/core/fbcon.h | 7 ---- > drivers/video/fbdev/core/fbcon_rotate.c | 1 + > drivers/video/fbdev/core/tileblit.c | 1 + > fs/block_dev.c | 12 +++--- > fs/ext4/namei.c | 16 +++++-- > fs/jfs/jfs_dmap.h | 2 +- > fs/nfs/nfs4proc.c | 2 - > fs/nfs/nfs4xdr.c | 6 ++- > fs/romfs/storage.c | 4 +- > include/linux/bvec.h | 9 +++- > include/linux/font.h | 13 ++++++ > include/linux/tty.h | 4 ++ > include/net/bluetooth/hci_core.h | 30 ++++++++++--- > kernel/events/core.c | 12 +++--- > kernel/fork.c | 10 ++--- > lib/fonts/font_10x18.c | 9 ++-- > lib/fonts/font_6x10.c | 9 ++-- > lib/fonts/font_6x11.c | 9 ++-- > lib/fonts/font_7x14.c | 9 ++-- > lib/fonts/font_8x16.c | 9 ++-- > lib/fonts/font_8x8.c | 9 ++-- > lib/fonts/font_acorn_8x8.c | 9 ++-- > lib/fonts/font_mini_4x6.c | 8 ++-- > lib/fonts/font_pearl_8x8.c | 9 ++-- > lib/fonts/font_sun12x22.c | 9 ++-- > lib/fonts/font_sun8x16.c | 7 ++-- > lib/fonts/font_ter16x32.c | 9 ++-- > lib/syscall.c | 11 ++++- > mm/huge_memory.c | 31 ++++++++++++-- > mm/mmap.c | 16 ++++++- > net/bluetooth/hci_conn.c | 17 ++++++++ > net/bluetooth/hci_event.c | 74 +++++++++++++-------------------- > 39 files changed, 300 insertions(+), 176 deletions(-) >
On Wed, Feb 17, 2021 at 05:00:33PM +0100, Stefan Bader wrote: > On 04.02.21 21:16, Thadeu Lima de Souza Cascardo wrote: > > Hello. > > > > This pull request has clean cherry picks of fixes for Medium CVEs that are > > already applied (either released or pending) in focal/linux. > > > > The branch has been built-tested. > > Sorry this has been lost somewhat to me. Just stumbled over it. Right now I am > unsure whether there still will be any 5.6 oem produced or whether that has been > replaced by 5.10 already. > Should this still be looked at? > Yes, please. Thank you. Cascardo. > -Stefan > > > > > Thanks. > > Cascardo. > > > > ----- > > > > The following changes since commit e61298e83b9a4321f1e1aaba0c814764a2692a7f: > > > > UBUNTU: [Packaging] update-version-dkms -- maintain flags fields (2021-02-01 18:49:35 -0300) > > > > are available in the Git repository at: > > > > git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git cve-5.6-next > > > > for you to fetch changes up to af14b042dd815fa9806b699aad5ce75e57f50940: > > > > jfs: Fix array index bounds check in dbAdjTree (2021-02-04 16:14:40 -0300) > > > > ---------------------------------------------------------------- > > Alain Michaud (1): > > Bluetooth: fix kernel oops in store_pending_adv_report > > > > Andrea Arcangeli (1): > > mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() > > > > Dan Carpenter (1): > > hdlc_ppp: add range checks in ppp_cp_parse_cr() > > > > Dave Kleikamp (1): > > jfs: Fix array index bounds check in dbAdjTree > > > > Eddy Wu (1): > > fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent > > > > Eric Sandeen (1): > > ext4: fix potential negative array index in do_split() > > > > Ilya Dryomov (1): > > rbd: require global CAP_SYS_ADMIN for mapping and unmapping > > > > Jann Horn (3): > > tty: Fix ->pgrp locking in tiocspgrp() > > tty: Fix ->session locking > > romfs: fix uninitialized memory leak in romfs_dev_read() > > > > Jason Yan (1): > > block: Fix use-after-free in blkdev_get() > > > > Jeffrey Mitchell (1): > > nfs: Fix getxattr kernel panic and memory overflow > > > > Kirill A. Shutemov (1): > > mm/mmap.c: close race between munmap() and expand_upwards()/downwards() > > > > Luiz Augusto von Dentz (2): > > Bluetooth: Consolidate encryption handling in hci_encrypt_cfm > > Bluetooth: Disconnect if E0 is used for Level 4 > > > > Ming Lei (1): > > block: allow for_each_bvec to support zero len bvec > > > > Peilin Ye (2): > > fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h > > Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts > > > > Vitaly Kuznetsov (1): > > KVM: ioapic: break infinite recursion on lazy EOI > > > > Willy Tarreau (1): > > lib/syscall: fix syscall registers retrieval on 32-bit platforms > > > > Yang Yingliang (1): > > serial: 8250: fix null-ptr-deref in serial8250_start_tx() > > > > kiyin(尹亮) (1): > > perf/core: Fix a memory leak in perf_event_parse_addr_filter() > > > > arch/x86/kvm/ioapic.c | 5 +-- > > drivers/block/rbd.c | 12 ++++++ > > drivers/net/wan/hdlc_ppp.c | 16 ++++--- > > drivers/tty/serial/8250/8250_core.c | 2 +- > > drivers/tty/tty_io.c | 7 +++- > > drivers/tty/tty_jobctrl.c | 44 ++++++++++++++------ > > drivers/video/console/newport_con.c | 7 +--- > > drivers/video/fbdev/core/fbcon.h | 7 ---- > > drivers/video/fbdev/core/fbcon_rotate.c | 1 + > > drivers/video/fbdev/core/tileblit.c | 1 + > > fs/block_dev.c | 12 +++--- > > fs/ext4/namei.c | 16 +++++-- > > fs/jfs/jfs_dmap.h | 2 +- > > fs/nfs/nfs4proc.c | 2 - > > fs/nfs/nfs4xdr.c | 6 ++- > > fs/romfs/storage.c | 4 +- > > include/linux/bvec.h | 9 +++- > > include/linux/font.h | 13 ++++++ > > include/linux/tty.h | 4 ++ > > include/net/bluetooth/hci_core.h | 30 ++++++++++--- > > kernel/events/core.c | 12 +++--- > > kernel/fork.c | 10 ++--- > > lib/fonts/font_10x18.c | 9 ++-- > > lib/fonts/font_6x10.c | 9 ++-- > > lib/fonts/font_6x11.c | 9 ++-- > > lib/fonts/font_7x14.c | 9 ++-- > > lib/fonts/font_8x16.c | 9 ++-- > > lib/fonts/font_8x8.c | 9 ++-- > > lib/fonts/font_acorn_8x8.c | 9 ++-- > > lib/fonts/font_mini_4x6.c | 8 ++-- > > lib/fonts/font_pearl_8x8.c | 9 ++-- > > lib/fonts/font_sun12x22.c | 9 ++-- > > lib/fonts/font_sun8x16.c | 7 ++-- > > lib/fonts/font_ter16x32.c | 9 ++-- > > lib/syscall.c | 11 ++++- > > mm/huge_memory.c | 31 ++++++++++++-- > > mm/mmap.c | 16 ++++++- > > net/bluetooth/hci_conn.c | 17 ++++++++ > > net/bluetooth/hci_event.c | 74 +++++++++++++-------------------- > > 39 files changed, 300 insertions(+), 176 deletions(-) > > > >
On 17.2.2021 21.12, Thadeu Lima de Souza Cascardo wrote: > On Wed, Feb 17, 2021 at 05:00:33PM +0100, Stefan Bader wrote: >> On 04.02.21 21:16, Thadeu Lima de Souza Cascardo wrote: >>> Hello. >>> >>> This pull request has clean cherry picks of fixes for Medium CVEs that are >>> already applied (either released or pending) in focal/linux. >>> >>> The branch has been built-tested. >> >> Sorry this has been lost somewhat to me. Just stumbled over it. Right now I am >> unsure whether there still will be any 5.6 oem produced or whether that has been >> replaced by 5.10 already. >> Should this still be looked at? >> > > Yes, please. > > Thank you. > Cascardo. I'll crank it tomorrow. >>> ----- >>> >>> The following changes since commit e61298e83b9a4321f1e1aaba0c814764a2692a7f: >>> >>> UBUNTU: [Packaging] update-version-dkms -- maintain flags fields (2021-02-01 18:49:35 -0300) >>> >>> are available in the Git repository at: >>> >>> git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git cve-5.6-next >>> >>> for you to fetch changes up to af14b042dd815fa9806b699aad5ce75e57f50940: >>> >>> jfs: Fix array index bounds check in dbAdjTree (2021-02-04 16:14:40 -0300) >>> >>> ---------------------------------------------------------------- >>> Alain Michaud (1): >>> Bluetooth: fix kernel oops in store_pending_adv_report >>> >>> Andrea Arcangeli (1): >>> mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() >>> >>> Dan Carpenter (1): >>> hdlc_ppp: add range checks in ppp_cp_parse_cr() >>> >>> Dave Kleikamp (1): >>> jfs: Fix array index bounds check in dbAdjTree >>> >>> Eddy Wu (1): >>> fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent >>> >>> Eric Sandeen (1): >>> ext4: fix potential negative array index in do_split() >>> >>> Ilya Dryomov (1): >>> rbd: require global CAP_SYS_ADMIN for mapping and unmapping >>> >>> Jann Horn (3): >>> tty: Fix ->pgrp locking in tiocspgrp() >>> tty: Fix ->session locking >>> romfs: fix uninitialized memory leak in romfs_dev_read() >>> >>> Jason Yan (1): >>> block: Fix use-after-free in blkdev_get() >>> >>> Jeffrey Mitchell (1): >>> nfs: Fix getxattr kernel panic and memory overflow >>> >>> Kirill A. Shutemov (1): >>> mm/mmap.c: close race between munmap() and expand_upwards()/downwards() >>> >>> Luiz Augusto von Dentz (2): >>> Bluetooth: Consolidate encryption handling in hci_encrypt_cfm >>> Bluetooth: Disconnect if E0 is used for Level 4 >>> >>> Ming Lei (1): >>> block: allow for_each_bvec to support zero len bvec >>> >>> Peilin Ye (2): >>> fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h >>> Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts >>> >>> Vitaly Kuznetsov (1): >>> KVM: ioapic: break infinite recursion on lazy EOI >>> >>> Willy Tarreau (1): >>> lib/syscall: fix syscall registers retrieval on 32-bit platforms >>> >>> Yang Yingliang (1): >>> serial: 8250: fix null-ptr-deref in serial8250_start_tx() >>> >>> kiyin(尹亮) (1): >>> perf/core: Fix a memory leak in perf_event_parse_addr_filter() >>> >>> arch/x86/kvm/ioapic.c | 5 +-- >>> drivers/block/rbd.c | 12 ++++++ >>> drivers/net/wan/hdlc_ppp.c | 16 ++++--- >>> drivers/tty/serial/8250/8250_core.c | 2 +- >>> drivers/tty/tty_io.c | 7 +++- >>> drivers/tty/tty_jobctrl.c | 44 ++++++++++++++------ >>> drivers/video/console/newport_con.c | 7 +--- >>> drivers/video/fbdev/core/fbcon.h | 7 ---- >>> drivers/video/fbdev/core/fbcon_rotate.c | 1 + >>> drivers/video/fbdev/core/tileblit.c | 1 + >>> fs/block_dev.c | 12 +++--- >>> fs/ext4/namei.c | 16 +++++-- >>> fs/jfs/jfs_dmap.h | 2 +- >>> fs/nfs/nfs4proc.c | 2 - >>> fs/nfs/nfs4xdr.c | 6 ++- >>> fs/romfs/storage.c | 4 +- >>> include/linux/bvec.h | 9 +++- >>> include/linux/font.h | 13 ++++++ >>> include/linux/tty.h | 4 ++ >>> include/net/bluetooth/hci_core.h | 30 ++++++++++--- >>> kernel/events/core.c | 12 +++--- >>> kernel/fork.c | 10 ++--- >>> lib/fonts/font_10x18.c | 9 ++-- >>> lib/fonts/font_6x10.c | 9 ++-- >>> lib/fonts/font_6x11.c | 9 ++-- >>> lib/fonts/font_7x14.c | 9 ++-- >>> lib/fonts/font_8x16.c | 9 ++-- >>> lib/fonts/font_8x8.c | 9 ++-- >>> lib/fonts/font_acorn_8x8.c | 9 ++-- >>> lib/fonts/font_mini_4x6.c | 8 ++-- >>> lib/fonts/font_pearl_8x8.c | 9 ++-- >>> lib/fonts/font_sun12x22.c | 9 ++-- >>> lib/fonts/font_sun8x16.c | 7 ++-- >>> lib/fonts/font_ter16x32.c | 9 ++-- >>> lib/syscall.c | 11 ++++- >>> mm/huge_memory.c | 31 ++++++++++++-- >>> mm/mmap.c | 16 ++++++- >>> net/bluetooth/hci_conn.c | 17 ++++++++ >>> net/bluetooth/hci_event.c | 74 +++++++++++++-------------------- >>> 39 files changed, 300 insertions(+), 176 deletions(-) >>> >> >> > > >
On 04.02.21 21:16, Thadeu Lima de Souza Cascardo wrote: > Hello. > > This pull request has clean cherry picks of fixes for Medium CVEs that are > already applied (either released or pending) in focal/linux. > > The branch has been built-tested. > > Thanks. > Cascardo. > > ----- > > The following changes since commit e61298e83b9a4321f1e1aaba0c814764a2692a7f: > > UBUNTU: [Packaging] update-version-dkms -- maintain flags fields (2021-02-01 18:49:35 -0300) > > are available in the Git repository at: > > git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git cve-5.6-next > > for you to fetch changes up to af14b042dd815fa9806b699aad5ce75e57f50940: > > jfs: Fix array index bounds check in dbAdjTree (2021-02-04 16:14:40 -0300) > > ---------------------------------------------------------------- > Alain Michaud (1): > Bluetooth: fix kernel oops in store_pending_adv_report > > Andrea Arcangeli (1): > mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() > > Dan Carpenter (1): > hdlc_ppp: add range checks in ppp_cp_parse_cr() > > Dave Kleikamp (1): > jfs: Fix array index bounds check in dbAdjTree > > Eddy Wu (1): > fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent > > Eric Sandeen (1): > ext4: fix potential negative array index in do_split() > > Ilya Dryomov (1): > rbd: require global CAP_SYS_ADMIN for mapping and unmapping > > Jann Horn (3): > tty: Fix ->pgrp locking in tiocspgrp() > tty: Fix ->session locking > romfs: fix uninitialized memory leak in romfs_dev_read() > > Jason Yan (1): > block: Fix use-after-free in blkdev_get() > > Jeffrey Mitchell (1): > nfs: Fix getxattr kernel panic and memory overflow > > Kirill A. Shutemov (1): > mm/mmap.c: close race between munmap() and expand_upwards()/downwards() > > Luiz Augusto von Dentz (2): > Bluetooth: Consolidate encryption handling in hci_encrypt_cfm > Bluetooth: Disconnect if E0 is used for Level 4 > > Ming Lei (1): > block: allow for_each_bvec to support zero len bvec > > Peilin Ye (2): > fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h > Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts > > Vitaly Kuznetsov (1): > KVM: ioapic: break infinite recursion on lazy EOI > > Willy Tarreau (1): > lib/syscall: fix syscall registers retrieval on 32-bit platforms > > Yang Yingliang (1): > serial: 8250: fix null-ptr-deref in serial8250_start_tx() > > kiyin(尹亮) (1): > perf/core: Fix a memory leak in perf_event_parse_addr_filter() > > arch/x86/kvm/ioapic.c | 5 +-- > drivers/block/rbd.c | 12 ++++++ > drivers/net/wan/hdlc_ppp.c | 16 ++++--- > drivers/tty/serial/8250/8250_core.c | 2 +- > drivers/tty/tty_io.c | 7 +++- > drivers/tty/tty_jobctrl.c | 44 ++++++++++++++------ > drivers/video/console/newport_con.c | 7 +--- > drivers/video/fbdev/core/fbcon.h | 7 ---- > drivers/video/fbdev/core/fbcon_rotate.c | 1 + > drivers/video/fbdev/core/tileblit.c | 1 + > fs/block_dev.c | 12 +++--- > fs/ext4/namei.c | 16 +++++-- > fs/jfs/jfs_dmap.h | 2 +- > fs/nfs/nfs4proc.c | 2 - > fs/nfs/nfs4xdr.c | 6 ++- > fs/romfs/storage.c | 4 +- > include/linux/bvec.h | 9 +++- > include/linux/font.h | 13 ++++++ > include/linux/tty.h | 4 ++ > include/net/bluetooth/hci_core.h | 30 ++++++++++--- > kernel/events/core.c | 12 +++--- > kernel/fork.c | 10 ++--- > lib/fonts/font_10x18.c | 9 ++-- > lib/fonts/font_6x10.c | 9 ++-- > lib/fonts/font_6x11.c | 9 ++-- > lib/fonts/font_7x14.c | 9 ++-- > lib/fonts/font_8x16.c | 9 ++-- > lib/fonts/font_8x8.c | 9 ++-- > lib/fonts/font_acorn_8x8.c | 9 ++-- > lib/fonts/font_mini_4x6.c | 8 ++-- > lib/fonts/font_pearl_8x8.c | 9 ++-- > lib/fonts/font_sun12x22.c | 9 ++-- > lib/fonts/font_sun8x16.c | 7 ++-- > lib/fonts/font_ter16x32.c | 9 ++-- > lib/syscall.c | 11 ++++- > mm/huge_memory.c | 31 ++++++++++++-- > mm/mmap.c | 16 ++++++- > net/bluetooth/hci_conn.c | 17 ++++++++ > net/bluetooth/hci_event.c | 74 +++++++++++++-------------------- > 39 files changed, 300 insertions(+), 176 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 4.2.2021 22.16, Thadeu Lima de Souza Cascardo wrote: > Hello. > > This pull request has clean cherry picks of fixes for Medium CVEs that are > already applied (either released or pending) in focal/linux. > > The branch has been built-tested. > > Thanks. > Cascardo. > > ----- > > The following changes since commit e61298e83b9a4321f1e1aaba0c814764a2692a7f: > > UBUNTU: [Packaging] update-version-dkms -- maintain flags fields (2021-02-01 18:49:35 -0300) > > are available in the Git repository at: > > git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git cve-5.6-next > > for you to fetch changes up to af14b042dd815fa9806b699aad5ce75e57f50940: > > jfs: Fix array index bounds check in dbAdjTree (2021-02-04 16:14:40 -0300) > > ---------------------------------------------------------------- > Alain Michaud (1): > Bluetooth: fix kernel oops in store_pending_adv_report > > Andrea Arcangeli (1): > mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() > > Dan Carpenter (1): > hdlc_ppp: add range checks in ppp_cp_parse_cr() > > Dave Kleikamp (1): > jfs: Fix array index bounds check in dbAdjTree > > Eddy Wu (1): > fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent > > Eric Sandeen (1): > ext4: fix potential negative array index in do_split() > > Ilya Dryomov (1): > rbd: require global CAP_SYS_ADMIN for mapping and unmapping > > Jann Horn (3): > tty: Fix ->pgrp locking in tiocspgrp() > tty: Fix ->session locking > romfs: fix uninitialized memory leak in romfs_dev_read() > > Jason Yan (1): > block: Fix use-after-free in blkdev_get() > > Jeffrey Mitchell (1): > nfs: Fix getxattr kernel panic and memory overflow > > Kirill A. Shutemov (1): > mm/mmap.c: close race between munmap() and expand_upwards()/downwards() > > Luiz Augusto von Dentz (2): > Bluetooth: Consolidate encryption handling in hci_encrypt_cfm > Bluetooth: Disconnect if E0 is used for Level 4 > > Ming Lei (1): > block: allow for_each_bvec to support zero len bvec > > Peilin Ye (2): > fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h > Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts > > Vitaly Kuznetsov (1): > KVM: ioapic: break infinite recursion on lazy EOI > > Willy Tarreau (1): > lib/syscall: fix syscall registers retrieval on 32-bit platforms > > Yang Yingliang (1): > serial: 8250: fix null-ptr-deref in serial8250_start_tx() > > kiyin(尹亮) (1): > perf/core: Fix a memory leak in perf_event_parse_addr_filter() > > arch/x86/kvm/ioapic.c | 5 +-- > drivers/block/rbd.c | 12 ++++++ > drivers/net/wan/hdlc_ppp.c | 16 ++++--- > drivers/tty/serial/8250/8250_core.c | 2 +- > drivers/tty/tty_io.c | 7 +++- > drivers/tty/tty_jobctrl.c | 44 ++++++++++++++------ > drivers/video/console/newport_con.c | 7 +--- > drivers/video/fbdev/core/fbcon.h | 7 ---- > drivers/video/fbdev/core/fbcon_rotate.c | 1 + > drivers/video/fbdev/core/tileblit.c | 1 + > fs/block_dev.c | 12 +++--- > fs/ext4/namei.c | 16 +++++-- > fs/jfs/jfs_dmap.h | 2 +- > fs/nfs/nfs4proc.c | 2 - > fs/nfs/nfs4xdr.c | 6 ++- > fs/romfs/storage.c | 4 +- > include/linux/bvec.h | 9 +++- > include/linux/font.h | 13 ++++++ > include/linux/tty.h | 4 ++ > include/net/bluetooth/hci_core.h | 30 ++++++++++--- > kernel/events/core.c | 12 +++--- > kernel/fork.c | 10 ++--- > lib/fonts/font_10x18.c | 9 ++-- > lib/fonts/font_6x10.c | 9 ++-- > lib/fonts/font_6x11.c | 9 ++-- > lib/fonts/font_7x14.c | 9 ++-- > lib/fonts/font_8x16.c | 9 ++-- > lib/fonts/font_8x8.c | 9 ++-- > lib/fonts/font_acorn_8x8.c | 9 ++-- > lib/fonts/font_mini_4x6.c | 8 ++-- > lib/fonts/font_pearl_8x8.c | 9 ++-- > lib/fonts/font_sun12x22.c | 9 ++-- > lib/fonts/font_sun8x16.c | 7 ++-- > lib/fonts/font_ter16x32.c | 9 ++-- > lib/syscall.c | 11 ++++- > mm/huge_memory.c | 31 ++++++++++++-- > mm/mmap.c | 16 ++++++- > net/bluetooth/hci_conn.c | 17 ++++++++ > net/bluetooth/hci_event.c | 74 +++++++++++++-------------------- > 39 files changed, 300 insertions(+), 176 deletions(-) > now finally applied to oem-5.6, thanks
Hello. This pull request has clean cherry picks of fixes for Medium CVEs that are already applied (either released or pending) in focal/linux. The branch has been built-tested. Thanks. Cascardo. ----- The following changes since commit e61298e83b9a4321f1e1aaba0c814764a2692a7f: UBUNTU: [Packaging] update-version-dkms -- maintain flags fields (2021-02-01 18:49:35 -0300) are available in the Git repository at: git://kernel.ubuntu.com/ubuntu-stable/ubuntu-stable-focal.git cve-5.6-next for you to fetch changes up to af14b042dd815fa9806b699aad5ce75e57f50940: jfs: Fix array index bounds check in dbAdjTree (2021-02-04 16:14:40 -0300) ---------------------------------------------------------------- Alain Michaud (1): Bluetooth: fix kernel oops in store_pending_adv_report Andrea Arcangeli (1): mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() Dan Carpenter (1): hdlc_ppp: add range checks in ppp_cp_parse_cr() Dave Kleikamp (1): jfs: Fix array index bounds check in dbAdjTree Eddy Wu (1): fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent Eric Sandeen (1): ext4: fix potential negative array index in do_split() Ilya Dryomov (1): rbd: require global CAP_SYS_ADMIN for mapping and unmapping Jann Horn (3): tty: Fix ->pgrp locking in tiocspgrp() tty: Fix ->session locking romfs: fix uninitialized memory leak in romfs_dev_read() Jason Yan (1): block: Fix use-after-free in blkdev_get() Jeffrey Mitchell (1): nfs: Fix getxattr kernel panic and memory overflow Kirill A. Shutemov (1): mm/mmap.c: close race between munmap() and expand_upwards()/downwards() Luiz Augusto von Dentz (2): Bluetooth: Consolidate encryption handling in hci_encrypt_cfm Bluetooth: Disconnect if E0 is used for Level 4 Ming Lei (1): block: allow for_each_bvec to support zero len bvec Peilin Ye (2): fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts Vitaly Kuznetsov (1): KVM: ioapic: break infinite recursion on lazy EOI Willy Tarreau (1): lib/syscall: fix syscall registers retrieval on 32-bit platforms Yang Yingliang (1): serial: 8250: fix null-ptr-deref in serial8250_start_tx() kiyin(尹亮) (1): perf/core: Fix a memory leak in perf_event_parse_addr_filter() arch/x86/kvm/ioapic.c | 5 +-- drivers/block/rbd.c | 12 ++++++ drivers/net/wan/hdlc_ppp.c | 16 ++++--- drivers/tty/serial/8250/8250_core.c | 2 +- drivers/tty/tty_io.c | 7 +++- drivers/tty/tty_jobctrl.c | 44 ++++++++++++++------ drivers/video/console/newport_con.c | 7 +--- drivers/video/fbdev/core/fbcon.h | 7 ---- drivers/video/fbdev/core/fbcon_rotate.c | 1 + drivers/video/fbdev/core/tileblit.c | 1 + fs/block_dev.c | 12 +++--- fs/ext4/namei.c | 16 +++++-- fs/jfs/jfs_dmap.h | 2 +- fs/nfs/nfs4proc.c | 2 - fs/nfs/nfs4xdr.c | 6 ++- fs/romfs/storage.c | 4 +- include/linux/bvec.h | 9 +++- include/linux/font.h | 13 ++++++ include/linux/tty.h | 4 ++ include/net/bluetooth/hci_core.h | 30 ++++++++++--- kernel/events/core.c | 12 +++--- kernel/fork.c | 10 ++--- lib/fonts/font_10x18.c | 9 ++-- lib/fonts/font_6x10.c | 9 ++-- lib/fonts/font_6x11.c | 9 ++-- lib/fonts/font_7x14.c | 9 ++-- lib/fonts/font_8x16.c | 9 ++-- lib/fonts/font_8x8.c | 9 ++-- lib/fonts/font_acorn_8x8.c | 9 ++-- lib/fonts/font_mini_4x6.c | 8 ++-- lib/fonts/font_pearl_8x8.c | 9 ++-- lib/fonts/font_sun12x22.c | 9 ++-- lib/fonts/font_sun8x16.c | 7 ++-- lib/fonts/font_ter16x32.c | 9 ++-- lib/syscall.c | 11 ++++- mm/huge_memory.c | 31 ++++++++++++-- mm/mmap.c | 16 ++++++- net/bluetooth/hci_conn.c | 17 ++++++++ net/bluetooth/hci_event.c | 74 +++++++++++++-------------------- 39 files changed, 300 insertions(+), 176 deletions(-)