import kernel-4.18.0-338.el8

This commit is contained in:
CentOS Sources 2021-08-27 14:06:06 +00:00 committed by root
parent 0e52d5e695
commit 67e89ca89f
12 changed files with 657 additions and 27 deletions

6
.gitignore vendored
View File

@ -1,5 +1,5 @@
SOURCES/kernel-abi-stablelists-4.18.0-331.tar.bz2
SOURCES/kernel-kabi-dw-4.18.0-331.tar.bz2
SOURCES/linux-4.18.0-331.el8.tar.xz
SOURCES/kernel-abi-stablelists-4.18.0-338.tar.bz2
SOURCES/kernel-kabi-dw-4.18.0-338.tar.bz2
SOURCES/linux-4.18.0-338.el8.tar.xz
SOURCES/rheldup3.x509
SOURCES/rhelkpatch1.x509

View File

@ -1,5 +1,5 @@
cdeb2dbe094413c4c8b48bf199320c30c6ee5089 SOURCES/kernel-abi-stablelists-4.18.0-331.tar.bz2
109f15ce9699bfa93bd9dc4f8e88013ce341e0e7 SOURCES/kernel-kabi-dw-4.18.0-331.tar.bz2
cc9c392ae340c91303cb8dc60aa08a347791027c SOURCES/linux-4.18.0-331.el8.tar.xz
adf5f8cf1290a84875a5b7fc0cb6dc41b670d037 SOURCES/kernel-abi-stablelists-4.18.0-338.tar.bz2
109f15ce9699bfa93bd9dc4f8e88013ce341e0e7 SOURCES/kernel-kabi-dw-4.18.0-338.tar.bz2
4e94aa5884a3e8106860d98bb586530ed29a7794 SOURCES/linux-4.18.0-338.el8.tar.xz
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509

View File

@ -2758,10 +2758,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHARGER_SMB347=m
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHROME_PLATFORMS=y
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m

View File

@ -2822,10 +2822,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHARGER_SMB347=m
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHROME_PLATFORMS=y
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m

View File

@ -2448,10 +2448,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHARGER_SMB347=m
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_ST=m

View File

@ -2511,10 +2511,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHARGER_SMB347=m
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_ST=m

View File

@ -2576,10 +2576,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHECK_STACK=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_ST=m

View File

@ -2799,10 +2799,11 @@ CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CIFS=m
CONFIG_CIFS_ACL=y
CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y

View File

@ -2638,10 +2638,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHECK_STACK=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_ST=m

View File

@ -2504,10 +2504,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHARGER_SMB347=m
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_ST=m

View File

@ -2566,10 +2566,11 @@ CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_SCHED=y
CONFIG_CHARGER_SMB347=m
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_CHELSIO_IPSEC_INLINE=y
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_CHELSIO_IPSEC_INLINE=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_TLS_DEVICE=y
CONFIG_CHELSIO_TLS_DEVICE=m
CONFIG_CHR_DEV_SCH=m
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_ST=m

View File

@ -16,7 +16,7 @@
# For internal testing builds during development, it should be 0.
%global released_kernel 0
%global distro_build 331
%global distro_build 338
# Sign the x86_64 kernel for secure boot authentication
%ifarch x86_64 aarch64 s390x ppc64le
@ -42,10 +42,10 @@
# define buildid .local
%define rpmversion 4.18.0
%define pkgrelease 331.el8
%define pkgrelease 338.el8
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 331%{?dist}
%define specrelease 338%{?dist}
%define pkg_release %{specrelease}%{?buildid}
@ -2628,6 +2628,627 @@ fi
#
#
%changelog
* Thu Aug 26 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-338.el8]
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}
- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]
- drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]
- drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]
- drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]
- drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]
- drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]
- drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]
- drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]
- drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]
- drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]
- drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]
* Wed Aug 25 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-337.el8]
- net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]
- openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]
- openvswitch: fix alignment issues (Mark Gray) [1992773]
- openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]
- openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]
- KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]
- KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]
- scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]
- scsi: libfc: FDMI enhancements (Chris Leech) [1972643]
- scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]
- scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]
- scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]
- scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]
- scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]
- scsi: fc: FDMI enhancement (Chris Leech) [1972643]
- scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]
- scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]
- block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]
- x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]
- x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]
- x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]
- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]
- x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]
- selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]
- Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]
- drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]
- drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]
- drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]
- drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]
- drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]
- drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]
- drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]
- radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]
- drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]
- drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]
- drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]
- drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]
- drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]
- drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]
- drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]
- drm/amdgpu: Don't query CE and UE errors (Lyude Paul) [1944405]
- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]
- drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]
- drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]
- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]
- drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]
- drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]
- drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]
- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]
- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
- drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]
- drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]
- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]
- dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]
- drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]
- drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]
- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]
- drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]
- drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]
- drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]
- drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]
- drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]
- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]
- drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]
- drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]
- drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]
- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]
- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]
- drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]
- drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]
- drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]
- drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]
- drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]
- drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]
- drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]
- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]
- drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]
- arm64: enable tlbi range instructions (Jeremy Linton) [1861872]
- arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]
- arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]
- arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]
- arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]
- arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]
- arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]
* Tue Aug 24 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-336.el8]
- bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]
- bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]
- bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]
- bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]
- bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]
- bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]
- bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]
- bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]
- bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]
- bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]
- bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]
- xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]
- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]
- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]
- bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]
- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]
- selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]
- bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]
- ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]
- ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]
- ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]
- bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]
- bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]
- bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]
- mt76: validate rx A-MSDU subframes (Íñigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
- ath11k: Drop multicast fragments (Íñigo Huguet) [1991459] {CVE-2020-26145}
- ath11k: Clear the fragment cache during key install (Íñigo Huguet) [1991459] {CVE-2020-24587}
- ath10k: Validate first subframe of A-MSDU before processing the list (Íñigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
- ath10k: Fix TKIP Michael MIC verification for PCIe (Íñigo Huguet) [1991459] {CVE-2020-26141}
- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Íñigo Huguet) [1991459] {CVE-2020-24588}
- ath10k: drop fragments with multicast DA for SDIO (Íñigo Huguet) [1991459] {CVE-2020-26145}
- ath10k: drop fragments with multicast DA for PCIe (Íñigo Huguet) [1991459] {CVE-2020-26145}
- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Íñigo Huguet) [1991459]
- mac80211: extend protection against mixed key and fragment cache attacks (Íñigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
- mac80211: do not accept/forward invalid EAPOL frames (Íñigo Huguet) [1991459] {CVE-2020-26139}
- mac80211: prevent attacks on TKIP/WEP as well (Íñigo Huguet) [1991459] {CVE-2020-26141}
- mac80211: check defrag PN against current frame (Íñigo Huguet) [1991459]
- mac80211: add fragment cache to sta_info (Íñigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
- mac80211: drop A-MSDUs on old ciphers (Íñigo Huguet) [1991459] {CVE-2020-24588}
- cfg80211: mitigate A-MSDU aggregation attacks (Íñigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Íñigo Huguet) [1991459]
- mac80211: prevent mixed key and fragment cache attacks (Íñigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
- mac80211: assure all fragments are encrypted (Íñigo Huguet) [1991459] {CVE-2020-26147}
- tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]
- mptcp: remove tech preview warning (Florian Westphal) [1985120]
- tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]
- selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]
- selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]
- selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]
- mptcp: properly account bulk freed memory (Florian Westphal) [1985120]
- mptcp: fix 'masking a bool' warning (Florian Westphal) [1985120]
- mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]
- mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]
- mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]
- mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]
- mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]
- mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]
- mptcp: avoid race on msk state changes (Florian Westphal) [1985120]
- mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]
- mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]
- tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]
- ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]
- ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]
- ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]
- ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]
- ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]
- dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]
- dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]
- dmaengine: idxd: add engine 'struct device' missing bus type assignment (Jerry Snitselaar) [1990637]
- dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]
- dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]
- dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]
- dmagenine: idxd: Don't add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]
- ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]
- net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]
- net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]
- net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]
- net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]
- net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]
- tun: fix memory leak in error path (Andrea Claudi) [1859038]
- net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]
- net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]
- net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]
- configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]
- cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]
- ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]
- ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]
- ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]
- ch_ktls: fix device connection close (Raju Rangoju) [1961374]
- ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]
- ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]
- net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]
- ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]
- ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]
- ch_ktls: lock is not freed (Raju Rangoju) [1961374]
- ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]
- ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]
- ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]
- ch_ktls: don't free skb before sending FIN (Raju Rangoju) [1961374]
- ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]
- ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]
- ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]
- ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]
- cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]
- ch_ktls: Update cheksum information (Raju Rangoju) [1961374]
- ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]
- cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]
- cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]
- cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]
- ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]
- chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]
- chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]
- crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]
- crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]
- cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]
- crypto/chcr: Moving chelsio's inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]
- chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]
- crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]
- crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]
- crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]
- crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]
- crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]
- [Crypto] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961368]
- Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]
- Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]
- Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]
- Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]
- crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]
- crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]
- Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]
- Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]
- Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]
- crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]
- chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]
- crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]
- crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]
- crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]
* Mon Aug 23 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-335.el8]
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Chris von Recklinghausen) [1989485] {CVE-2021-3679}
- vmlinux.lds.h: Keep .ctors.* with .ctors (Jan Stancek) [1993208]
- spi: pxa2xx: Add support for Intel Alder Lake PCH-P (Steve Best) [1978463]
- bnxt_en: allow promiscuous mode for trusted VFs (Jonathan Toppins) [1730616]
- arm64: memory: Add missing brackets to untagged_addr() macro (Chris von Recklinghausen) [1955809]
- arm64: tags: Preserve tags for addresses translated via TTBR1 (Chris von Recklinghausen) [1955809]
- arm64: entry: Move ct_user_exit before any other exception (Chris von Recklinghausen) [1955809]
- arm64: memory: Implement __tag_set() as common function (Chris von Recklinghausen) [1955809]
- arm64: mm: Really fix sparse warning in untagged_addr() (Chris von Recklinghausen) [1955809]
- arm64: untag user pointers in access_ok and __uaccess_mask_ptr (Chris von Recklinghausen) [1955809]
- arm64/mm: fix variable 'tag' set but not used (Chris von Recklinghausen) [1955809]
- arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (Chris von Recklinghausen) [1955809]
- arm64: compat: Add separate CP15 trapping hook (Chris von Recklinghausen) [1955809]
- arm64: don't restore GPRs when context tracking (Chris von Recklinghausen) [1955809]
* Fri Aug 20 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-334.el8]
- bareudp: Fix invalid read beyond skb's linear data (Guillaume Nault) [1990938]
- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Michael Petlan) [1990695]
- net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands (Balazs Nemeth) [1956825]
- net: dcb: Validate netlink message in DCB handler (Balazs Nemeth) [1956825]
- xfrm: Fix RCU vs hash_resize_mutex lock inversion (Sabrina Dubroca) [1988405]
- Revert "xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype" (Sabrina Dubroca) [1988405]
- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (Sabrina Dubroca) [1988405]
- [s390] s390/AP: support new dynamic AP bus size limit (Claudio Imbrenda) [1974581]
- net: sched: act_mirred: Reset ct info when mirror/redirect skb (Hangbin Liu) [1980532]
- ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1982954]
- perf vendor events power10: Adds 24x7 nest metric events for power10 platform (Diego Domingos) [1946650]
- perf/core: fix backport of PERF_SAMPLE_WEIGHT_STRUCT (Diego Domingos) [1946650]
- perf/core: Add support for PERF_SAMPLE_CODE_PAGE_SIZE (Diego Domingos) [1946650]
- perf vendor events powerpc: Fix eventcode of power10 JSON events (Diego Domingos) [1946650]
- perf vendor events: Initial JSON/events list for power10 platform (Diego Domingos) [1946650]
- powerpc/perf: Fix sampled instruction type for larx/stcx (Diego Domingos) [1946650]
- powerpc/perf: Fix the threshold event selection for memory events in power10 (Diego Domingos) [1946650]
- perf sort: Display sort dimension p_stage_cyc only on supported archs (Diego Domingos) [1946650]
- perf tools: Support pipeline stage cycles for powerpc (Diego Domingos) [1946650]
- perf powerpc: Add support for PERF_SAMPLE_WEIGHT_STRUCT (Diego Domingos) [1946650]
- perf sort: Add dynamic headers for perf report columns (Diego Domingos) [1946650]
- powerpc/perf: Expose processor pipeline stage cycles using PERF_SAMPLE_WEIGHT_STRUCT (Diego Domingos) [1946650]
- Documentation/admin-guide: kernel-parameters: fix "disable_ddw" wording (Diego Domingos) [1946650]
- powerpc/perf: Support PERF_SAMPLE_DATA_PAGE_SIZE (Diego Domingos) [1946650]
- perf/core: Add PERF_SAMPLE_DATA_PAGE_SIZE (Diego Domingos) [1946650]
- powerpc/perf: Infrastructure to support checking of attr.config* (Diego Domingos) [1946650]
- powerpc/perf: Add platform specific check_attr_config (Diego Domingos) [1946650]
- ice: add support for auxiliary input/output pins (Jonathan Toppins) [1956913]
- ice: enable transmit timestamps for E810 devices (Jonathan Toppins) [1944818]
- ice: enable receive hardware timestamping (Jonathan Toppins) [1944818]
- ice: report the PTP clock index in ethtool .get_ts_info (Jonathan Toppins) [1944818]
- ice: register 1588 PTP clock device object for E810 devices (Jonathan Toppins) [1944818]
- ice: add low level PTP clock access functions (Jonathan Toppins) [1944818]
- ice: add support for set/get of driver-stored firmware parameters (Jonathan Toppins) [1944818]
- ice: process 1588 PTP capabilities during initialization (Jonathan Toppins) [1944818]
- ice: add support for sideband messages (Jonathan Toppins) [1944818]
* Wed Aug 18 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-333.el8]
- bnxt_en: Fix static checker warning in bnxt_fw_reset_task() (Jonathan Toppins) [1989274]
- bnxt_en: Check abort error state in bnxt_half_open_nic() (Jonathan Toppins) [1989274]
- bnxt_en: fix error path of FW reset (Jonathan Toppins) [1989274]
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (Jonathan Toppins) [1989274]
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (Jonathan Toppins) [1989274]
- bnxt_en: reject ETS settings that will starve a TC (Jonathan Toppins) [1989274]
- bnxt_en: don't disable an already disabled PCI device (Jonathan Toppins) [1989274]
- bnxt_en: Remove the read of BNXT_FW_RESET_INPROG_REG after firmware reset. (Jonathan Toppins) [1989274]
- i40e: Fix log TC creation failure when max num of queues is exceeded (Stefan Assmann) [1920274]
- i40e: Fix queue-to-TC mapping on Tx (Stefan Assmann) [1920274]
- i40e: Add additional info to PHY type error (Stefan Assmann) [1920274]
- i40e: Fix firmware LLDP agent related warning (Stefan Assmann) [1920274]
- i40e: Fix logic of disabling queues (Stefan Assmann) [1920274]
- i40e: add support for PTP external synchronization clock (Stefan Assmann) [1920274]
- i40e: improve locking of mac_filter_hash (Stefan Assmann) [1920274]
- i40e: Fix missing rtnl locking when setting up pf switch (Stefan Assmann) [1920274]
- i40e: fix PTP on 5Gb links (Stefan Assmann) [1920274]
- i40e: Fix autoneg disabling for non-10GBaseT links (Stefan Assmann) [1920274]
- i40e: Fix error handling in i40e_vsi_open (Stefan Assmann) [1920274]
- intel: Remove rcu_read_lock() around XDP program invocation (Stefan Assmann) [1920274]
- i40e: clean up packet type lookup table (Stefan Assmann) [1920274]
- i40e: add correct exception tracing for XDP (Stefan Assmann) [1920274]
- i40e: Remove LLDP frame filters (Stefan Assmann) [1920274]
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (Stefan Assmann) [1920274]
- i40e: Fix use-after-free in i40e_client_subtask() (Stefan Assmann) [1920274]
- i40e: fix broken XDP support (Stefan Assmann) [1920274]
- i40e: refactor repeated link state reporting code (Stefan Assmann) [1920274]
- i40e: optimize for XDP_REDIRECT in xsk path (Stefan Assmann) [1920274]
- i40e: fix the panic when running bpf in xdpdrv mode (Stefan Assmann) [1920274]
- i40e: Fix sparse warning: missing error code 'err' (Stefan Assmann) [1920274]
- i40e: Fix sparse error: 'vsi->netdev' could be null (Stefan Assmann) [1920274]
- i40e: Fix sparse error: uninitialized symbol 'ring' (Stefan Assmann) [1920274]
- i40e: Fix sparse errors in i40e_txrx.c (Stefan Assmann) [1920274]
- i40e: Fix display statistics for veb_tc (Stefan Assmann) [1920274]
- i40e: fix receiving of single packets in xsk zero-copy mode (Stefan Assmann) [1920274]
- i40e: Fix inconsistent indenting (Stefan Assmann) [1920274]
- i40e: Fix oops at i40e_rebuild() (Stefan Assmann) [1920274]
- i40e: Fix kernel oops when i40e driver removes VF's (Stefan Assmann) [1920274]
- i40e: Added Asym_Pause to supported link modes (Stefan Assmann) [1920274]
- net: i40e: remove repeated words (Stefan Assmann) [1920274]
- bpf, devmap: Move drop error path to devmap for XDP_REDIRECT (Stefan Assmann) [1920274]
- intel: clean up mismatched header comments (Stefan Assmann) [1920274]
- intel: Update drivers to use ethtool_sprintf (Stefan Assmann) [1920274]
- i40e: move headroom initialization to i40e_configure_rx_ring (Stefan Assmann) [1920274]
- i40e: Fix endianness conversions (Stefan Assmann) [1920274]
- i40e: Fix add TC filter for IPv6 (Stefan Assmann) [1920274]
- i40e: Fix addition of RX filters after enabling FW LLDP agent (Stefan Assmann) [1920274]
- i40e: Fix overwriting flow control settings during driver loading (Stefan Assmann) [1920274]
- i40e: Add zero-initialization of AQ command structures (Stefan Assmann) [1920274]
- i40e: Fix memory leak in i40e_probe (Stefan Assmann) [1920274]
- i40e: Fix flow for IPv6 next header (extension header) (Stefan Assmann) [1920274]
- i40e: Fix incorrect argument in call to ipv6_addr_any() (Stefan Assmann) [1920274]
- i40e: store the result of i40e_rx_offset() onto i40e_ring (Stefan Assmann) [1920274]
- i40e: Simplify the do-while allocation loop (Stefan Assmann) [1920274]
- i40e: adjust i40e_is_non_eop (Stefan Assmann) [1920274]
- i40e: drop misleading function comments (Stefan Assmann) [1920274]
- i40e: drop redundant check when setting xdp prog (Stefan Assmann) [1920274]
- i40e: remove the useless value assignment in i40e_clean_adminq_subtask (Stefan Assmann) [1920274]
- i40e: VLAN field for flow director (Stefan Assmann) [1920274]
- i40e: Add flow director support for IPv6 (Stefan Assmann) [1920274]
- i40e: Add EEE status getting & setting implementation (Stefan Assmann) [1920274]
- i40e: Fix uninitialized variable mfs_max (Stefan Assmann) [1920274]
- i40e: Add netlink callbacks support for software based DCB (Stefan Assmann) [1920274]
- i40e: Add init and default config of software based DCB (Stefan Assmann) [1920274]
- i40e: Add hardware configuration for software based DCB (Stefan Assmann) [1920274]
- i40e: Log error for oversized MTU on device (Stefan Assmann) [1920274]
- i40e: consolidate handling of XDP program actions (Stefan Assmann) [1920274]
- i40e: remove the redundant buffer info updates (Stefan Assmann) [1920274]
- i40e: remove unnecessary cleaned_count updates (Stefan Assmann) [1920274]
- i40e: remove unnecessary memory writes of the next to clean pointer (Stefan Assmann) [1920274]
- i40e: Use batched xsk Tx interfaces to increase performance (Stefan Assmann) [1920274]
- i40e: convert to new udp_tunnel infrastructure (Stefan Assmann) [1920274]
- netfilter: nf_tables: skip module reference count bump on object updates (Fernando Fernandez Mancera) [1944487]
- netfilter: nf_tables: fix unexpected EOPNOTSUPP error (Fernando Fernandez Mancera) [1944487]
- netfilter: nf_tables: Fix an Oops in nf_tables_updobj() error handling (Fernando Fernandez Mancera) [1944487]
- netfilter: nf_tables: fix possible null-pointer dereference in object update (Fernando Fernandez Mancera) [1944487]
- netfilter: nft_quota: add quota object update support (Fernando Fernandez Mancera) [1944487]
- netfilter: nf_tables: Introduce stateful object update operation (Fernando Fernandez Mancera) [1944487]
- cifs: retry lookup and readdir when EAGAIN is returned. (Ronnie Sahlberg) [1972411]
- netfilter: nf_tables: Fix dereference of null pointer flow (Florian Westphal) [1985087]
- netfilter: nf_tables: memleak in hw offload abort path (Florian Westphal) [1985087]
- netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols (Florian Westphal) [1985087]
- netfilter: synproxy: Fix out of bounds when parsing TCP options (Florian Westphal) [1985087]
- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Florian Westphal) [1985087]
- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Florian Westphal) [1985087]
- netfilter: nftables: avoid overflows in nft_hash_buckets() (Florian Westphal) [1985087]
- netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check (Florian Westphal) [1985087]
- netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC in VLAN transfer logic (Florian Westphal) [1985087]
- netfilter: nftables_offload: special ethertype handling for VLAN (Florian Westphal) [1985087]
- netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector (Florian Westphal) [1985087]
- netfilter: nft_payload: fix C-VLAN offload support (Florian Westphal) [1985087]
- ipvs: allow connection reuse for unconfirmed conntrack (Florian Westphal) [1985087]
- net: fix GRO skb truesize update (Paolo Abeni) [1987391]
- sk_buff: avoid potentially clearing 'slow_gro' field (Paolo Abeni) [1987391]
- veth: use skb_prepare_for_gro() (Paolo Abeni) [1987391]
- skbuff: allow 'slow_gro' for skb carring sock reference (Paolo Abeni) [1987391]
- net: optimize GRO for the common case. (Paolo Abeni) [1987391]
- sk_buff: track extension status in slow_gro (Paolo Abeni) [1987391]
- sk_buff: track dst status in slow_gro (Paolo Abeni) [1987391]
- sk_buff: introduce 'slow_gro' flags (Paolo Abeni) [1987391]
- skbuff: Fix build with SKB extensions disabled (Paolo Abeni) [1987391]
- skbuff: Release nfct refcount on napi stolen or re-used skbs (Paolo Abeni) [1987391]
- selftests: net: veth: add tests for set_channel (Paolo Abeni) [1987391]
- veth: create by default nr_possible_cpus queues (Paolo Abeni) [1987391]
- veth: implement support for set_channel ethtool op (Paolo Abeni) [1987391]
- veth: factor out initialization helper (Paolo Abeni) [1987391]
- veth: always report zero combined channels (Paolo Abeni) [1987391]
- veth: Implement ethtool's get_channelis() callback (Paolo Abeni) [1987391]
- net: add GSO UDP L4 and GSO fraglists to the list of software-backed types (Paolo Abeni) [1987391]
- ice: Support RSS configure removal for AVF (Jonathan Toppins) [1946726]
- ice: Enable RSS configure for AVF (Jonathan Toppins) [1946726]
- ice: Add helper function to get the VF's VSI (Jonathan Toppins) [1946726]
- ice: remove redundant assignment to pointer vsi (Jonathan Toppins) [1946726]
- ice: Advertise virtchnl UDP segmentation offload capability (Jonathan Toppins) [1946726]
- ice: Allow ignoring opcodes on specific VF (Jonathan Toppins) [1946726]
- ice: warn about potentially malicious VFs (Jonathan Toppins) [1946726]
- ice: Consolidate VSI state and flags (Jonathan Toppins) [1946726]
- ice: Refactor ice_set/get_rss into LUT and key specific functions (Jonathan Toppins) [1946726]
- ice: Refactor get/set RSS LUT to use struct parameter (Jonathan Toppins) [1946726]
- ice: Change ice_vsi_setup_q_map() to not depend on RSS (Jonathan Toppins) [1946726]
- ice: Check FDIR program status for AVF (Jonathan Toppins) [1946726]
- ice: Add more FDIR filter type for AVF (Jonathan Toppins) [1946726]
- ice: Add GTPU FDIR filter for AVF (Jonathan Toppins) [1946726]
- ice: Add non-IP Layer2 protocol FDIR filter for AVF (Jonathan Toppins) [1946726]
- ice: Add new actions support for VF FDIR (Jonathan Toppins) [1946726]
- ice: Add FDIR pattern action parser for VF (Jonathan Toppins) [1946726]
- ice: Enable FDIR Configure for AVF (Jonathan Toppins) [1946726]
- ice: Add support for per VF ctrl VSI enabling (Jonathan Toppins) [1946726]
- ice: Enhanced IPv4 and IPv6 flow filter (Jonathan Toppins) [1946726]
- ice: Support to separate GTP-U uplink and downlink (Jonathan Toppins) [1946726]
- ice: Add more advanced protocol support in flow filter (Jonathan Toppins) [1946726]
- ice: Support non word aligned input set field (Jonathan Toppins) [1946726]
- ice: Add more basic protocol support for flow filter (Jonathan Toppins) [1946726]
- sctp: move the active_key update after sh_keys is added (Xin Long) [1986966]
- sctp: fix return value check in __sctp_rcv_asconf_lookup (Xin Long) [1986966]
- sctp: delete addr based on sin6_scope_id (Xin Long) [1986966]
- sctp: update active_key for asoc when old key is being replaced (Xin Long) [1986966]
- sctp: move 198 addresses from unusable to private scope (Xin Long) [1986966]
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (Xin Long) [1986966]
- sctp: validate chunk size in __rcv_asconf_lookup (Xin Long) [1986966]
- sctp: add size validation when walking chunks (Xin Long) [1986966]
- sctp: validate from_addr_param return (Xin Long) [1986966]
- sctp: fix the proc_handler for sysctl encap_port (Xin Long) [1986966]
- sctp: add the missing setting for asoc encap_port (Xin Long) [1986966]
- sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b (Xin Long) [1986966]
- sctp: Fix out-of-bounds warning in sctp_process_asconf_param() (Xin Long) [1986966]
- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Xin Long) [1986966]
- bonding: allow nesting of bonding device (Antoine Tenart) [1989099]
- bonding: avoid adding slave device with IFF_MASTER flag (Antoine Tenart) [1989099]
- ice: don't remove netdev->dev_addr from uc sync list (Ken Cox) [1873969 1961018]
- ice: Stop processing VF messages during teardown (Ken Cox) [1986451]
- ice: Prevent probing virtual functions (Ken Cox) [1952810]
- ima: extend boot_aggregate with kernel measurements (Bruno Meneguele) [1977422]
- selftest/bpf: Verifier tests for var-off access (Jiri Olsa) [1960944] {CVE-2021-29155}
- selftest/bpf: Adjust expected verifier errors (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: No need to simulate speculative domain for immediates (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Fix mask direction swap upon off reg sign change (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Wrap aux data inside bpf_sanitize_info container (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Fix pointer arithmetic mask tightening under state pruning (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Fix leakage of uninitialized bpf stack under speculation (Jiri Olsa) [1960944 1958070] {CVE-2021-29155 CVE-2021-31829}
- bpf: Fix masking negation logic upon negative dst register (Jiri Olsa) [1960944 1958070] {CVE-2021-29155 CVE-2021-31829}
- bpf: verifier: Allocate idmap scratch in verifier env (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Tighten speculative pointer arithmetic mask (Jiri Olsa) [1960944 1972496] {CVE-2021-29155 CVE-2021-33200}
- bpf: Move sanitize_val_alu out of op switch (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Refactor and streamline bounds check into helper (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Allow variable-offset stack access (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Improve verifier error messages for users (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Rework ptr_limit into alu_limit and add common error path (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Ensure off_reg has no mixed signed bounds for all types (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Move off_reg into sanitize_ptr_alu (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Use correct permission flag for mixed signed bounds arithmetic (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Add sanity check for upper ptr_limit (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Simplify alu_limit masking for pointer arithmetic (Jiri Olsa) [1960944] {CVE-2021-29155}
- bpf: Fix off-by-one for area size in creating mask to left (Jiri Olsa) [1960944] {CVE-2021-29155}
- Documentation/x86: Add ratelimit in buslock.rst (Prarit Bhargava) [1948048]
- Documentation/admin-guide: Add bus lock ratelimit (Prarit Bhargava) [1948048]
- x86/bus_lock: Set rate limit for bus lock (Prarit Bhargava) [1948048]
- Documentation/x86: Add buslock.rst (Prarit Bhargava) [1948048]
- [s390] net/smc: Ensure correct state of the socket in send path (Claudio Imbrenda) [1731026]
- [s390] net/smc: Fix ENODATA tests in smc_nl_get_fback_stats() (Claudio Imbrenda) [1731026]
- [s390] net/smc: Make SMC statistics network namespace aware (Claudio Imbrenda) [1731026]
- [s390] net/smc: Add netlink support for SMC fallback statistics (Claudio Imbrenda) [1731026]
- [s390] net/smc: Add netlink support for SMC statistics (Claudio Imbrenda) [1731026]
- [s390] net/smc: Add SMC statistics support (Claudio Imbrenda) [1731026]
- [s390] s390/ap: Fix hanging ioctl caused by wrong msg counter (Claudio Imbrenda) [1984762]
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Jon Maloy) [1988226] {CVE-2021-37576}
- NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT (Benjamin Coddington) [1983793]
- selftests/powerpc: EBB selftest for MMCR0 control for PMU SPRs in ISA v3.1 (Desnes A. Nunes do Rosario) [1991753]
- selftests/powerpc: Fix "no_handler" EBB selftest (Desnes A. Nunes do Rosario) [1991753]
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (Desnes A. Nunes do Rosario) [1991753]
- powerpc/pmu: Make the generic compat PMU use the architected events (Desnes A. Nunes do Rosario) [1991753]
- perf script python: Fix buffer size to report iregs in perf script (Desnes A. Nunes do Rosario) [1991753]
- ceph: reduce contention in ceph_check_delayed_caps() (Jeff Layton) [1953430]
* Mon Aug 16 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-332.el8]
- net: mac802154: Fix general protection fault (Chris von Recklinghausen) [1984571] {CVE-2021-3659}
- Bluetooth: fix the erroneous flush_work() order (Chris von Recklinghausen) [1964559] {CVE-2021-3564}
- Bluetooth: use correct lock to prevent UAF of hdev object (Chris von Recklinghausen) [1968214] {CVE-2021-3573}
- usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI (Torez Smith) [1972139]
- usb: ehci: do not initialise static variables (Torez Smith) [1972139]
- usb: host: move EH SINGLE_STEP_SET_FEATURE implementation to core (Torez Smith) [1972139]
- USB: ehci: drop workaround for forced irq threading (Torez Smith) [1972139]
- usb: ehci: add spurious flag to disable overcurrent checking (Torez Smith) [1972139]
- perf test: Handle fd gaps in test__dso_data_reopen (Michael Petlan) [1871785]
- tty: vt: always invoke vc->vc_sw->con_resize callback (Maxim Levitsky) [1957611]
- iavf: fix locking of critical sections (Stefan Assmann) [1975245]
- iavf: do not override the adapter state in the watchdog task (Stefan Assmann) [1975245]
- ixgbe: Fix packet corruption due to missing DMA sync (Ken Cox) [1920269]
- ixgbe: Fix an error handling path in 'ixgbe_probe()' (Ken Cox) [1920269]
- intel: Remove rcu_read_lock() around XDP program invocation (Ken Cox) [1920269]
- ixgbe: add correct exception tracing for XDP (Ken Cox) [1920269]
- ixgbe: Fix out-bounds warning in ixgbe_host_interface_command() (Ken Cox) [1920269]
- ixgbe: reduce checker warnings (Ken Cox) [1920269]
- ixgbe: use checker safe conversions (Ken Cox) [1920269]
- ixgbe: fix large MTU request from VF (Ken Cox) [1920269]
- net: ethernet: intel: Fix a typo in the file ixgbe_dcb_nl.c (Ken Cox) [1920269]
- net: intel: Remove unused function pointer typedef ixgbe_mc_addr_itr (Ken Cox) [1920269]
- ixgbe: Support external GBE SerDes PHY BCM54616s (Ken Cox) [1920269]
- ixgbe: fix unbalanced device enable/disable in suspend/resume (Ken Cox) [1920269]
- ixgbe: Fix NULL pointer dereference in ethtool loopback test (Ken Cox) [1920269]
- ixgbe: Fix fall-through warnings for Clang (Ken Cox) [1920269]
- intel: clean up mismatched header comments (Ken Cox) [1920269]
- bpf, devmap: Move drop error path to devmap for XDP_REDIRECT (Ken Cox) [1920269]
- intel: Update drivers to use ethtool_sprintf (Ken Cox) [1920269]
- ixgbe: optimize for XDP_REDIRECT in xsk path (Ken Cox) [1920269]
- ixgbe: move headroom initialization to ixgbe_configure_rx_ring (Ken Cox) [1920269]
- ixgbe: Fix memleak in ixgbe_configure_clsu32 (Ken Cox) [1920269]
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (Ken Cox) [1920269]
- ixgbe: store the result of ixgbe_rx_offset() onto ixgbe_ring (Ken Cox) [1920269]
- net: ixgbe: use skb_csum_is_sctp instead of protocol check (Ken Cox) [1920269]
- ixgbe: avoid premature Rx buffer reuse (Ken Cox) [1920269]
- net: remove unneeded break (Ken Cox) [1920269]
- ixgbe: add pause frame stats (Ken Cox) [1920269]
- iavf: Set RSS LUT and key in reset handle path (Ken Cox) [1910853]
- [netdrv] chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1955208]
- cxgb4: avoid collecting SGE_QBASE regs during traffic (Raju Rangoju) [1955208]
- cxgb4: collect serial config version from register (Raju Rangoju) [1955208]
- cxgb4: remove unused vpd_cap_addr (Raju Rangoju) [1955208]
- cxgb4: remove bogus CHELSIO_VPD_UNIQUE_ID constant (Raju Rangoju) [1955208]
- cxgb4: Assign boolean values to a bool variable (Raju Rangoju) [1955208]
- cxgb4: enable interrupt based Tx completions for T5 (Raju Rangoju) [1955208]
- cxgb4: fix the panic caused by non smac rewrite (Raju Rangoju) [1955208]
- cxgb4: Fix the -Wmisleading-indentation warning (Raju Rangoju) [1955208]
- cxgb4: set up filter action after rewrites (Raju Rangoju) [1955208]
- cxgb4: handle 4-tuple PEDIT to NAT mode translation (Raju Rangoju) [1955208]
- [netdrv] net: rename flow_action_hw_stats_types* -> flow_action_hw_stats* (Raju Rangoju) [1955208]
- net: cxbg4: Remove pointless in_interrupt() check (Raju Rangoju) [1955208]
- cxgb4: Avoid log flood (Raju Rangoju) [1955208]
- cxgb4: fix memory leak during module unload (Raju Rangoju) [1955208]
- cxgb4: Fix offset when clearing filter byte counters (Raju Rangoju) [1955208]
- cxgb4: add error handlers to LE intr_handler (Raju Rangoju) [1955208]
- cxgb4: insert IPv6 filter rules in next free region (Raju Rangoju) [1955208]
- cxgb4: Fix race between loopback and normal Tx path (Raju Rangoju) [1955208]
- cxgb4: Fix work request size calculation for loopback test (Raju Rangoju) [1955208]
- cxgb4: add TC-MATCHALL IPv6 support (Raju Rangoju) [1955208]
- cxgb4: fix extracting IP addresses in TC-FLOWER rules (Raju Rangoju) [1955208]
- cxgb4: fix check for running offline ethtool selftest (Raju Rangoju) [1955208]
- cxgb4: add loopback ethtool self-test (Raju Rangoju) [1955208]
- net: cxgb4: reject unsupported coalescing params (Raju Rangoju) [1955208]
- cxgb4: use eth_zero_addr() to clear mac address (Raju Rangoju) [1955208]
- cxgb4: add missing release on skb in uld_send() (Raju Rangoju) [1955208]
- cxgb4: convert to new udp_tunnel_nic infra (Raju Rangoju) [1955208]
- cxgb4: fix all-mask IP address comparison (Raju Rangoju) [1955208]
- cxgb4: add main VI to mirror VI config replication (Raju Rangoju) [1955208]
- cxgb4: add support for mirror Rxqs (Raju Rangoju) [1955208]
- cxgb4: add mirror action to TC-MATCHALL offload (Raju Rangoju) [1955208]
- net: cxgb4: fix return error value in t4_prep_fw (Raju Rangoju) [1955208]
- cxgb4: move device dump arrays in header to C file (Raju Rangoju) [1955208]
- cxgb4: always sync access when flashing PHY firmware (Raju Rangoju) [1955208]
- cxgb4: update kernel-doc line comments (Raju Rangoju) [1955208]
- cxgb4: fix set but unused variable when DCB is disabled (Raju Rangoju) [1955208]
- cxgb4: move DCB version extern to header file (Raju Rangoju) [1955208]
- cxgb4: remove cast when saving IPv4 partial checksum (Raju Rangoju) [1955208]
- cxgb4: fix SGE queue dump destination buffer context (Raju Rangoju) [1955208]
- cxgb4: use correct type for all-mask IP address comparison (Raju Rangoju) [1955208]
- cxgb4: fix endian conversions for L4 ports in filters (Raju Rangoju) [1955208]
- cxgb4: parse TC-U32 key values and masks natively (Raju Rangoju) [1955208]
- cxgb4: use unaligned conversion for fetching timestamp (Raju Rangoju) [1955208]
- cxgb4: move PTP lock and unlock to caller in Tx path (Raju Rangoju) [1955208]
- cxgb4: move handling L2T ARP failures to caller (Raju Rangoju) [1955208]
- cxgb4: Use struct_size() helper (Raju Rangoju) [1955208]
- cxgb4: add action to steer flows to specific Rxq (Raju Rangoju) [1955208]
- cxgb4: add support to fetch ethtool n-tuple filters (Raju Rangoju) [1955208]
- cxgb4: add ethtool n-tuple filter deletion (Raju Rangoju) [1955208]
- cxgb4: add ethtool n-tuple filter insertion (Raju Rangoju) [1955208]
- [netdrv] flow_offload: check for basic action hw stats type (Raju Rangoju) [1955208]
- cxgb4: add skeleton for ethtool n-tuple filters (Raju Rangoju) [1955208]
- cxgb4: add support to read serial flash (Raju Rangoju) [1955208]
- cxgb4: add support to flash boot cfg image (Raju Rangoju) [1955208]
- cxgb4: add support to flash boot image (Raju Rangoju) [1955208]
- cxgb4: add support to flash PHY image (Raju Rangoju) [1955208]
- cxgb4: update set_flash to flash different images (Raju Rangoju) [1955208]
- cxgb4: Use kfree() instead kvfree() where appropriate (Raju Rangoju) [1955208]
- cxgb4: Use pM format specifier for MAC addresses (Raju Rangoju) [1955208]
- net: sock: fix in-kernel mark setting (Alexander Aring) [1509204]
- sock: Reset dst when changing sk_mark via setsockopt (Alexander Aring) [1509204]
- fs: dlm: fix mark setting deadlock (Alexander Aring) [1509204]
- fs: dlm: fix mark per nodeid setting (Alexander Aring) [1509204]
- fs: dlm: remove lock dependency warning (Alexander Aring) [1509204]
- fs: dlm: set skb mark per peer socket (Alexander Aring) [1509204]
- fs: dlm: set skb mark for listen socket (Alexander Aring) [1509204]
- net: sock: add sock_set_mark (Alexander Aring) [1509204]
- Bluetooth: btusb: Add support for GarfieldPeak controller (Gopal Tiwari) [1959110]
- can: gw: synchronize rcu operations before removing gw job entry (Balazs Nemeth) [1986334]
- can: bcm: fix infoleak in struct bcm_msg_head (Balazs Nemeth) [1986334]
- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (Balazs Nemeth) [1956730]
- can: af_can: prevent potential access of uninitialized member in can_rcv() (Balazs Nemeth) [1956730]
- can: proc: can_remove_proc(): silence remove_proc_entry warning (Balazs Nemeth) [1956730]
- cifs: add missing parsing of backupuid (Ronnie Sahlberg) [1987126]
- cifs: use helpers when parsing uid/gid mount options and validate them (Ronnie Sahlberg) [1987126]
- kernfs: dont call d_splice_alias() under kernfs node lock (Ian Kent) [1939133]
- kernfs: use i_lock to protect concurrent inode updates (Ian Kent) [1939133]
- kernfs: switch kernfs to use an rwsem (Ian Kent) [1939133]
- kernfs: use VFS negative dentry caching (Ian Kent) [1939133]
- kernfs: add a revision to identify directory node changes (Ian Kent) [1939133]
- kernfs: move revalidate to be near lookup (Ian Kent) [1939133]
* Thu Aug 12 2021 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-331.el8]
- mlxsw: spectrum_mr: Update egress RIF list before route's action (Ivan Vecera) [1941938]
- selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test (Ivan Vecera) [1941938]