From 4c8cc40e78d8f66639ee669b7f3ff6d59302148a Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 16 Jun 2023 19:25:04 +0200 Subject: [PATCH] kernel-4.18.0-498.el8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fri Jun 16 2023 Denys Vlasenko [4.18.0-498.el8] - Revert "softirq: Let ksoftirqd do its job" (Oleg Nesterov) [2196767] - perf: Fix check before add_event_to_groups() in perf_group_detach() (Michael Petlan) [2209645] {CVE-2023-2235} - perf/core: Call LSM hook after copying perf_event_attr (Audra Mitchell) [2172142] - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Audra Mitchell) [2172142] - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Audra Mitchell) [2172142] - cgroup: Fix race condition at rebind_subsystems() (Audra Mitchell) [2172142] - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Audra Mitchell) [2172142] - ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Audra Mitchell) [2172142] - genirq: Synchronize interrupt thread startup (Audra Mitchell) [2172142] - genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n (Audra Mitchell) [2172142] - scftorture: Fix distribution of short handler delays (Audra Mitchell) [2172142] - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (Audra Mitchell) [2172142] - ipc/sem: do not sleep with a spin lock held (Audra Mitchell) [2172142] - signal: In get_signal test for signal_group_exit every time through the loop (Audra Mitchell) [2172142] - genirq: Move prio assignment into the newly created thread (Audra Mitchell) [2172142] - sched,irq: Convert to sched_set_fifo() (Audra Mitchell) [2172142] - cgroup/cpuset: Fix violation of cpuset locking rule (Audra Mitchell) [2172142] - timers: Move clearing of base::timer_running under base:: Lock (Audra Mitchell) [2172142] - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (Audra Mitchell) [2172142] - jump_label: Fix usage in module __init (Audra Mitchell) [2172142] - padata: fix possible padata_works_lock deadlock (Audra Mitchell) [2172142] - genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq() (Audra Mitchell) [2172142] - padata: upgrade smp_mb__after_atomic to smp_mb in padata_do_serial (Audra Mitchell) [2172142] - cpu/speculation: Warn on unsupported mitigations= parameter (Audra Mitchell) [2172142] - x86/speculation: Remove redundant arch_smt_update() invocation (Audra Mitchell) [2172142] - cpu/hotplug: Non-SMP machines do not make use of booted_once (Audra Mitchell) [2172142] - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Jose Ignacio Tornos Martinez) [2156581] {CVE-2022-28388} - kernfs: Improve kernfs_notify() poll notification latency (Ian Kent) [2195844] - stmmac: fix changing mac address (Corinna Vinschen) [2177654] - net/sched: cls_tcindex: downgrade to imperfect hash (Davide Caratti) [2192308] {CVE-2023-1829} - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Ricardo Robaina) [2185961] {CVE-2023-1989} - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (Ricardo Robaina) [2192673] {CVE-2023-2483} - s390/crypto: improve retry logic in case of master key change (Tobias Huschle) [2212794] - bpf: pull before calling skb_postpull_rcsum() (Felix Maurer) [2186521] - bpf, sockmap: fix race in sock_map_free() (Felix Maurer) [2186521] - bpf, sock_map: Move cancel_work_sync() out of sock lock (Felix Maurer) [2186521] - brcmfmac: Switch to appropriate helper to load EFI variable contents (Lenny Szubowicz) [2183047] - iwlwifi: Switch to proper EFI variable store interface (Lenny Szubowicz) [2183047] - efi: Store mask of supported runtime services in struct efi (Lenny Szubowicz) [2183047] - NFS: Don't report errors from nfs_pageio_complete() more than once (Benjamin Coddington) [2213644] - NFS: Do not report flush errors in nfs_write_end() (Benjamin Coddington) [2213644] - NFS: Don't report ENOSPC write errors twice (Benjamin Coddington) [2213644] - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Benjamin Coddington) [2213644] - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Benjamin Coddington) [2213644] - net: openvswitch: release vport resources on failure (Antoine Tenart) [2190225] - net: openvswitch: Add support to count upcall packets (Antoine Tenart) [2190225] - net: openvswitch: fix race on port output (Antoine Tenart) [2190225] - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (Antoine Tenart) [2190225] - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new (Antoine Tenart) [2190225] - openvswitch: Fix flow lookup to use unmasked key (Antoine Tenart) [2190225] - openvswitch: switch from WARN to pr_warn (Antoine Tenart) [2190225] - EDAC/i10nm: Add Intel Emerald Rapids server support (Aristeu Rozanski) [2165649] - EDAC/skx_common: Delete duplicated and unreachable code (Aristeu Rozanski) [2165649] - EDAC/skx_common: Enable EDAC support for the "near" memory (Aristeu Rozanski) [2165649] - EDAC/i10nm: Print an extra register set of retry_rd_err_log (Aristeu Rozanski) [2165649] - EDAC/i10nm: Retrieve and print retry_rd_err_log registers for HBM (Aristeu Rozanski) [2165649] - EDAC/skx_common: Add ChipSelect ADXL component (Aristeu Rozanski) [2165649] - EDAC/i10nm: Fix NVDIMM detection (Aristeu Rozanski) [2165649] - EDAC/skx_common: Set the memory type correctly for HBM memory (Aristeu Rozanski) [2165649] - EDAC/mc: Add new HBM2 memory type (Aristeu Rozanski) [2165649] - EDAC: Replace EDAC_DIMM_PTR() macro with edac_get_dimm() function (Aristeu Rozanski) [2165649] - tpm: disable hwrng for fTPM on some AMD designs (Štěpán Horáček) [2159583] - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address (Štěpán Horáček) [2159583] - tpm: Use managed allocation for bios event log (Štěpán Horáček) [2159583] - efi: tpm: Avoid READ_ONCE() for accessing the event log (Štěpán Horáček) [2159583] - tpm: Allow system suspend to continue when TPM suspend fails (Štěpán Horáček) [2159583] - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Štěpán Horáček) [2159583] - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Štěpán Horáček) [2159583] - tpm: acpi: Call acpi_put_table() to fix memory leak (Štěpán Horáček) [2159583] - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (Štěpán Horáček) [2159583] - tpm: Avoid function type cast of put_device() (Štěpán Horáček) [2159583] - char: tpm: Protect tpm_pm_suspend with locks (Štěpán Horáček) [2159583] - efi/tpm: Pass correct address to memblock_reserve (Štěpán Horáček) [2159583] - char: move from strlcpy with unused retval to strscpy (Štěpán Horáček) [2159583] - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (Štěpán Horáček) [2159583] - tpm: Fix buffer access in tpm2_get_tpm_pt() (Štěpán Horáček) [2159583] - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Štěpán Horáček) [2159583] - tpm: use try_get_ops() in tpm-space.c (Štěpán Horáček) [2159583] - tpm: Fix error handling in async work (Štěpán Horáček) [2159583] - tpm: vtpm_proxy: Check length to avoid compiler warning (Štěpán Horáček) [2159583] - tpm: fix NPE on probe for missing device (Štěpán Horáček) [2159583] - tpm: fix potential NULL pointer access in tpm_del_char_device (Štěpán Horáček) [2159583] - tpm_tis: Fix an error handling path in 'tpm_tis_core_init()' (Štěpán Horáček) [2159583] - tpm: add request_locality before write TPM_INT_ENABLE (Štěpán Horáček) [2159583] - tpm_tis_spi: Add missing SPI ID (Štěpán Horáček) [2159583] - tpm: fix Atmel TPM crash caused by too frequent queries (Štěpán Horáček) [2159583] - tpm: Check for integer overflow in tpm2_map_response_body() (Štěpán Horáček) [2159583] - KEYS: trusted: Fix TPM reservation for seal/unseal (Štěpán Horáček) [2135881] - KVM: x86: Add helpers to recalc physical vs. logical optimized APIC maps (John Allen) [2117761] - KVM: x86: Allow APICv APIC ID inhibit to be cleared (John Allen) [2117761] - KVM: x86: Track required APICv inhibits with variable, not callback (John Allen) [2117761] - Revert "KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu" (John Allen) [2117761] - KVM: SVM: Handle multiple logical targets in AVIC kick fastpath (John Allen) [2117761] - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (John Allen) [2117761] - KVM: SVM: Update svm->ldr_reg cache even if LDR is "bad" (John Allen) [2117761] - KVM: SVM: Always update local APIC on writes to logical dest register (John Allen) [2117761] - KVM: SVM: Inhibit AVIC if vCPUs are aliased in logical mode (John Allen) [2117761] - KVM: x86: Inhibit APICv/AVIC if the optimized physical map is disabled (John Allen) [2117761] - KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (John Allen) [2117761] - Documentation: KVM: Add SPDX-License-Identifier tag (John Allen) [2117761] - Documentation: KVM: add virtual CPU errata documentation (John Allen) [2117761] - KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (John Allen) [2117761] - KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (John Allen) [2117761] - KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (John Allen) [2117761] - KVM: x86: Explicitly track all possibilities for APIC map's logical modes (John Allen) [2117761] - KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (John Allen) [2117761] - KVM: SVM: Add helper to perform final AVIC "kick" of single vCPU (John Allen) [2117761] - KVM: SVM: Document that vCPU ID == APIC ID in AVIC kick fastpatch (John Allen) [2117761] - Revert "KVM: SVM: Use target APIC ID to complete x2AVIC IRQs when possible" (John Allen) [2117761] - KVM: SVM: Replace "avic_mode" enum with "x2avic_enabled" boolean (John Allen) [2117761] - KVM: x86: Inhibit APIC memslot if x2APIC and AVIC are enabled (John Allen) [2117761] - KVM: x86: Handle APICv updates for APIC "mode" changes via request (John Allen) [2117761] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (John Allen) [2117761] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled (John Allen) [2117761] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (John Allen) [2117761] - KVM: SVM: Flush the "current" TLB when activating AVIC (John Allen) [2117761] - KVM: x86: Purge "highest ISR" cache when updating APICv state (John Allen) [2117761] - KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps (John Allen) [2117761] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a "bad" reg (John Allen) [2117761] - KVM: x86: Do not block APIC write for non ICR registers (John Allen) [2117761] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (John Allen) [2117761] - KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself (John Allen) [2117761] - KVM: SEV: fix misplaced closing parenthesis (John Allen) [2117761] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (John Allen) [2117761] - KVM: SVM: Fix x2APIC MSRs interception (John Allen) [2117761] - KVM: x86: nSVM: optimize svm_set_x2apic_msr_interception (John Allen) [2117761] - KVM: SVM: Add AVIC doorbell tracepoint (John Allen) [2117761] - KVM: SVM: Use target APIC ID to complete x2AVIC IRQs when possible (John Allen) [2117761] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (John Allen) [2117761] - KVM: x86: Move APIC access page helper to common x86 code (John Allen) [2117761] - KVM: SVM: Introduce hybrid-AVIC mode (John Allen) [2117761] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (John Allen) [2117761] - KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs (John Allen) [2117761] - KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask (John Allen) [2117761] - KVM: SVM: Ignore writes to Remote Read Data on AVIC write traps (John Allen) [2117761] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (John Allen) [2117761] - KVM: x86: nSVM: always intercept x2apic msrs (John Allen) [2117761] - KVM: SVM: Don't put/load AVIC when setting virtual APIC mode (John Allen) [2117761] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (John Allen) [2117761] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (John Allen) [2117761] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (John Allen) [2117761] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (John Allen) [2117761] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (John Allen) [2117761] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (John Allen) [2117761] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (John Allen) [2117761] - KVM: svm/avic: Drop "struct kvm_x86_ops" for avic_hardware_setup() (John Allen) [2117761] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (John Allen) [2117761] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (John Allen) [2117761] - x86/cpufeatures: Introduce x2AVIC CPUID bit (John Allen) [2117761] - KVM: x86: SVM: fix nested PAUSE filtering when L0 intercepts PAUSE (John Allen) [2117761] - KVM: x86: nSVM: support PAUSE filtering when L0 doesn't intercept PAUSE (John Allen) [2117761] - KVM: x86: SVM: drop preempt-safe wrappers for avic_vcpu_load/put (John Allen) [2117761] - KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (John Allen) [2117761] - KVM: x86: disable preemption while updating apicv inhibition (John Allen) [2117761] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (John Allen) [2117761] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (John Allen) [2117761] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (John Allen) [2117761] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (John Allen) [2117761] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (John Allen) [2117761] - KVM: x86: document AVIC/APICv inhibit reasons (John Allen) [2117761] - KVM: x86: SVM: allow AVIC to co-exist with a nested guest running (John Allen) [2117761] - KVM: x86: allow per cpu apicv inhibit reasons (John Allen) [2117761] - KVM: x86: SVM: allow to force AVIC to be enabled (John Allen) [2117761] Resolves: rhbz#2117761, rhbz#2135881, rhbz#2156581, rhbz#2159583, rhbz#2165649, rhbz#2172142, rhbz#2177654, rhbz#2183047, rhbz#2185961, rhbz#2186521, rhbz#2190225, rhbz#2192308, rhbz#2192673, rhbz#2195844, rhbz#2196767, rhbz#2209645, rhbz#2212794, rhbz#2213644 Signed-off-by: Denys Vlasenko --- kernel.spec | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++- sources | 6 +- 2 files changed, 171 insertions(+), 6 deletions(-) diff --git a/kernel.spec b/kernel.spec index b67b97086..d071a11d5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -12,7 +12,7 @@ # change below to w4T.xzdio): %define _binary_payload w3T.xzdio -%global distro_build 497 +%global distro_build 498 # Sign the x86_64 kernel for secure boot authentication %ifarch x86_64 aarch64 s390x ppc64le @@ -38,10 +38,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 497.el8 +%define pkgrelease 498.el8 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 497%{?dist} +%define specrelease 498%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2695,6 +2695,171 @@ fi # # %changelog +* Fri Jun 16 2023 Denys Vlasenko [4.18.0-498.el8] +- Revert "softirq: Let ksoftirqd do its job" (Oleg Nesterov) [2196767] +- perf: Fix check before add_event_to_groups() in perf_group_detach() (Michael Petlan) [2209645] {CVE-2023-2235} +- perf/core: Call LSM hook after copying perf_event_attr (Audra Mitchell) [2172142] +- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Audra Mitchell) [2172142] +- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Audra Mitchell) [2172142] +- cgroup: Fix race condition at rebind_subsystems() (Audra Mitchell) [2172142] +- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Audra Mitchell) [2172142] +- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Audra Mitchell) [2172142] +- genirq: Synchronize interrupt thread startup (Audra Mitchell) [2172142] +- genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n (Audra Mitchell) [2172142] +- scftorture: Fix distribution of short handler delays (Audra Mitchell) [2172142] +- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (Audra Mitchell) [2172142] +- ipc/sem: do not sleep with a spin lock held (Audra Mitchell) [2172142] +- signal: In get_signal test for signal_group_exit every time through the loop (Audra Mitchell) [2172142] +- genirq: Move prio assignment into the newly created thread (Audra Mitchell) [2172142] +- sched,irq: Convert to sched_set_fifo() (Audra Mitchell) [2172142] +- cgroup/cpuset: Fix violation of cpuset locking rule (Audra Mitchell) [2172142] +- timers: Move clearing of base::timer_running under base:: Lock (Audra Mitchell) [2172142] +- cgroup1: fix leaked context root causing sporadic NULL deref in LTP (Audra Mitchell) [2172142] +- jump_label: Fix usage in module __init (Audra Mitchell) [2172142] +- padata: fix possible padata_works_lock deadlock (Audra Mitchell) [2172142] +- genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq() (Audra Mitchell) [2172142] +- padata: upgrade smp_mb__after_atomic to smp_mb in padata_do_serial (Audra Mitchell) [2172142] +- cpu/speculation: Warn on unsupported mitigations= parameter (Audra Mitchell) [2172142] +- x86/speculation: Remove redundant arch_smt_update() invocation (Audra Mitchell) [2172142] +- cpu/hotplug: Non-SMP machines do not make use of booted_once (Audra Mitchell) [2172142] +- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Jose Ignacio Tornos Martinez) [2156581] {CVE-2022-28388} +- kernfs: Improve kernfs_notify() poll notification latency (Ian Kent) [2195844] +- stmmac: fix changing mac address (Corinna Vinschen) [2177654] +- net/sched: cls_tcindex: downgrade to imperfect hash (Davide Caratti) [2192308] {CVE-2023-1829} +- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Ricardo Robaina) [2185961] {CVE-2023-1989} +- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (Ricardo Robaina) [2192673] {CVE-2023-2483} +- s390/crypto: improve retry logic in case of master key change (Tobias Huschle) [2212794] +- bpf: pull before calling skb_postpull_rcsum() (Felix Maurer) [2186521] +- bpf, sockmap: fix race in sock_map_free() (Felix Maurer) [2186521] +- bpf, sock_map: Move cancel_work_sync() out of sock lock (Felix Maurer) [2186521] +- brcmfmac: Switch to appropriate helper to load EFI variable contents (Lenny Szubowicz) [2183047] +- iwlwifi: Switch to proper EFI variable store interface (Lenny Szubowicz) [2183047] +- efi: Store mask of supported runtime services in struct efi (Lenny Szubowicz) [2183047] +- NFS: Don't report errors from nfs_pageio_complete() more than once (Benjamin Coddington) [2213644] +- NFS: Do not report flush errors in nfs_write_end() (Benjamin Coddington) [2213644] +- NFS: Don't report ENOSPC write errors twice (Benjamin Coddington) [2213644] +- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Benjamin Coddington) [2213644] +- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Benjamin Coddington) [2213644] +- net: openvswitch: release vport resources on failure (Antoine Tenart) [2190225] +- net: openvswitch: Add support to count upcall packets (Antoine Tenart) [2190225] +- net: openvswitch: fix race on port output (Antoine Tenart) [2190225] +- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (Antoine Tenart) [2190225] +- net: openvswitch: fix flow memory leak in ovs_flow_cmd_new (Antoine Tenart) [2190225] +- openvswitch: Fix flow lookup to use unmasked key (Antoine Tenart) [2190225] +- openvswitch: switch from WARN to pr_warn (Antoine Tenart) [2190225] +- EDAC/i10nm: Add Intel Emerald Rapids server support (Aristeu Rozanski) [2165649] +- EDAC/skx_common: Delete duplicated and unreachable code (Aristeu Rozanski) [2165649] +- EDAC/skx_common: Enable EDAC support for the "near" memory (Aristeu Rozanski) [2165649] +- EDAC/i10nm: Print an extra register set of retry_rd_err_log (Aristeu Rozanski) [2165649] +- EDAC/i10nm: Retrieve and print retry_rd_err_log registers for HBM (Aristeu Rozanski) [2165649] +- EDAC/skx_common: Add ChipSelect ADXL component (Aristeu Rozanski) [2165649] +- EDAC/i10nm: Fix NVDIMM detection (Aristeu Rozanski) [2165649] +- EDAC/skx_common: Set the memory type correctly for HBM memory (Aristeu Rozanski) [2165649] +- EDAC/mc: Add new HBM2 memory type (Aristeu Rozanski) [2165649] +- EDAC: Replace EDAC_DIMM_PTR() macro with edac_get_dimm() function (Aristeu Rozanski) [2165649] +- tpm: disable hwrng for fTPM on some AMD designs (Štěpán Horáček) [2159583] +- tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address (Štěpán Horáček) [2159583] +- tpm: Use managed allocation for bios event log (Štěpán Horáček) [2159583] +- efi: tpm: Avoid READ_ONCE() for accessing the event log (Štěpán Horáček) [2159583] +- tpm: Allow system suspend to continue when TPM suspend fails (Štěpán Horáček) [2159583] +- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Štěpán Horáček) [2159583] +- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Štěpán Horáček) [2159583] +- tpm: acpi: Call acpi_put_table() to fix memory leak (Štěpán Horáček) [2159583] +- tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (Štěpán Horáček) [2159583] +- tpm: Avoid function type cast of put_device() (Štěpán Horáček) [2159583] +- char: tpm: Protect tpm_pm_suspend with locks (Štěpán Horáček) [2159583] +- efi/tpm: Pass correct address to memblock_reserve (Štěpán Horáček) [2159583] +- char: move from strlcpy with unused retval to strscpy (Štěpán Horáček) [2159583] +- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (Štěpán Horáček) [2159583] +- tpm: Fix buffer access in tpm2_get_tpm_pt() (Štěpán Horáček) [2159583] +- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Štěpán Horáček) [2159583] +- tpm: use try_get_ops() in tpm-space.c (Štěpán Horáček) [2159583] +- tpm: Fix error handling in async work (Štěpán Horáček) [2159583] +- tpm: vtpm_proxy: Check length to avoid compiler warning (Štěpán Horáček) [2159583] +- tpm: fix NPE on probe for missing device (Štěpán Horáček) [2159583] +- tpm: fix potential NULL pointer access in tpm_del_char_device (Štěpán Horáček) [2159583] +- tpm_tis: Fix an error handling path in 'tpm_tis_core_init()' (Štěpán Horáček) [2159583] +- tpm: add request_locality before write TPM_INT_ENABLE (Štěpán Horáček) [2159583] +- tpm_tis_spi: Add missing SPI ID (Štěpán Horáček) [2159583] +- tpm: fix Atmel TPM crash caused by too frequent queries (Štěpán Horáček) [2159583] +- tpm: Check for integer overflow in tpm2_map_response_body() (Štěpán Horáček) [2159583] +- KEYS: trusted: Fix TPM reservation for seal/unseal (Štěpán Horáček) [2135881] +- KVM: x86: Add helpers to recalc physical vs. logical optimized APIC maps (John Allen) [2117761] +- KVM: x86: Allow APICv APIC ID inhibit to be cleared (John Allen) [2117761] +- KVM: x86: Track required APICv inhibits with variable, not callback (John Allen) [2117761] +- Revert "KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu" (John Allen) [2117761] +- KVM: SVM: Handle multiple logical targets in AVIC kick fastpath (John Allen) [2117761] +- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (John Allen) [2117761] +- KVM: SVM: Update svm->ldr_reg cache even if LDR is "bad" (John Allen) [2117761] +- KVM: SVM: Always update local APIC on writes to logical dest register (John Allen) [2117761] +- KVM: SVM: Inhibit AVIC if vCPUs are aliased in logical mode (John Allen) [2117761] +- KVM: x86: Inhibit APICv/AVIC if the optimized physical map is disabled (John Allen) [2117761] +- KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (John Allen) [2117761] +- Documentation: KVM: Add SPDX-License-Identifier tag (John Allen) [2117761] +- Documentation: KVM: add virtual CPU errata documentation (John Allen) [2117761] +- KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (John Allen) [2117761] +- KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (John Allen) [2117761] +- KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (John Allen) [2117761] +- KVM: x86: Explicitly track all possibilities for APIC map's logical modes (John Allen) [2117761] +- KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (John Allen) [2117761] +- KVM: SVM: Add helper to perform final AVIC "kick" of single vCPU (John Allen) [2117761] +- KVM: SVM: Document that vCPU ID == APIC ID in AVIC kick fastpatch (John Allen) [2117761] +- Revert "KVM: SVM: Use target APIC ID to complete x2AVIC IRQs when possible" (John Allen) [2117761] +- KVM: SVM: Replace "avic_mode" enum with "x2avic_enabled" boolean (John Allen) [2117761] +- KVM: x86: Inhibit APIC memslot if x2APIC and AVIC are enabled (John Allen) [2117761] +- KVM: x86: Handle APICv updates for APIC "mode" changes via request (John Allen) [2117761] +- KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (John Allen) [2117761] +- KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled (John Allen) [2117761] +- KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (John Allen) [2117761] +- KVM: SVM: Flush the "current" TLB when activating AVIC (John Allen) [2117761] +- KVM: x86: Purge "highest ISR" cache when updating APICv state (John Allen) [2117761] +- KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps (John Allen) [2117761] +- KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a "bad" reg (John Allen) [2117761] +- KVM: x86: Do not block APIC write for non ICR registers (John Allen) [2117761] +- KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (John Allen) [2117761] +- KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself (John Allen) [2117761] +- KVM: SEV: fix misplaced closing parenthesis (John Allen) [2117761] +- KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (John Allen) [2117761] +- KVM: SVM: Fix x2APIC MSRs interception (John Allen) [2117761] +- KVM: x86: nSVM: optimize svm_set_x2apic_msr_interception (John Allen) [2117761] +- KVM: SVM: Add AVIC doorbell tracepoint (John Allen) [2117761] +- KVM: SVM: Use target APIC ID to complete x2AVIC IRQs when possible (John Allen) [2117761] +- KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (John Allen) [2117761] +- KVM: x86: Move APIC access page helper to common x86 code (John Allen) [2117761] +- KVM: SVM: Introduce hybrid-AVIC mode (John Allen) [2117761] +- KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (John Allen) [2117761] +- KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs (John Allen) [2117761] +- KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask (John Allen) [2117761] +- KVM: SVM: Ignore writes to Remote Read Data on AVIC write traps (John Allen) [2117761] +- KVM: SVM: Introduce logic to (de)activate x2AVIC mode (John Allen) [2117761] +- KVM: x86: nSVM: always intercept x2apic msrs (John Allen) [2117761] +- KVM: SVM: Don't put/load AVIC when setting virtual APIC mode (John Allen) [2117761] +- KVM: SVM: Refresh AVIC configuration when changing APIC mode (John Allen) [2117761] +- KVM: x86: Deactivate APICv on vCPU with APIC disabled (John Allen) [2117761] +- KVM: SVM: Adding support for configuring x2APIC MSRs interception (John Allen) [2117761] +- KVM: SVM: Do not support updating APIC ID when in x2APIC mode (John Allen) [2117761] +- KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (John Allen) [2117761] +- KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (John Allen) [2117761] +- KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (John Allen) [2117761] +- KVM: svm/avic: Drop "struct kvm_x86_ops" for avic_hardware_setup() (John Allen) [2117761] +- KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (John Allen) [2117761] +- KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (John Allen) [2117761] +- x86/cpufeatures: Introduce x2AVIC CPUID bit (John Allen) [2117761] +- KVM: x86: SVM: fix nested PAUSE filtering when L0 intercepts PAUSE (John Allen) [2117761] +- KVM: x86: nSVM: support PAUSE filtering when L0 doesn't intercept PAUSE (John Allen) [2117761] +- KVM: x86: SVM: drop preempt-safe wrappers for avic_vcpu_load/put (John Allen) [2117761] +- KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (John Allen) [2117761] +- KVM: x86: disable preemption while updating apicv inhibition (John Allen) [2117761] +- KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (John Allen) [2117761] +- KVM: x86: SVM: fix avic_kick_target_vcpus_fast (John Allen) [2117761] +- KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (John Allen) [2117761] +- KVM: x86: SVM: remove avic's broken code that updated APIC ID (John Allen) [2117761] +- KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (John Allen) [2117761] +- KVM: x86: document AVIC/APICv inhibit reasons (John Allen) [2117761] +- KVM: x86: SVM: allow AVIC to co-exist with a nested guest running (John Allen) [2117761] +- KVM: x86: allow per cpu apicv inhibit reasons (John Allen) [2117761] +- KVM: x86: SVM: allow to force AVIC to be enabled (John Allen) [2117761] + * Fri Jun 09 2023 Denys Vlasenko [4.18.0-497.el8] - sctp: fix a potential overflow in sctp_ifwdtsn_skip (Xin Long) [2189324] - sctp: check send stream number after wait_for_sndbuf (Xin Long) [2189324] diff --git a/sources b/sources index 29511b6e2..36286c463 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-4.18.0-497.el8.tar.xz) = f0b11e9b3137a18ca18faab7242f4c10e5439ebd7fd8e2000ba770c547da2cbf5446d84b8ea70388745240218f24cdb9e033f5715528ca674a60ac81d802bb13 -SHA512 (kernel-abi-stablelists-4.18.0-497.tar.bz2) = 3efe1b90909eef9846e2663b09012cea3d2b0219f33842219f38359590f99bd5d8b6712c8a084eb7b0114cbd0aa8f87033ee39817b61d51cb77e59fad0bda113 -SHA512 (kernel-kabi-dw-4.18.0-497.tar.bz2) = f7bbf94096acc33486535d9eece268c543c6a05d93ee262d64dc22b220f1cb3ff49b4cf091a5c748811c4229fdf674be4c816174575161b0ca5e457726595b32 +SHA512 (linux-4.18.0-498.el8.tar.xz) = 094ef2814b00994942eeb20ecd4d8399f4c266ea6c017e5dcb2322537e8864d1534875d3c6451c7819a296e565673d4deb29035e107846d10c0f1f2d7e550902 +SHA512 (kernel-abi-stablelists-4.18.0-498.tar.bz2) = 24a93aa7b5dc1c7013ced6387c0f6641aeb8403e3094064a5d79035f632c9645ffcb73affac6ecbd7943ee135580a518b63728c129d26f1b8fcbe6288ee08b5b +SHA512 (kernel-kabi-dw-4.18.0-498.tar.bz2) = f7bbf94096acc33486535d9eece268c543c6a05d93ee262d64dc22b220f1cb3ff49b4cf091a5c748811c4229fdf674be4c816174575161b0ca5e457726595b32