kernel-4.18.0-513.el8

* Fri Aug 25 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-513.el8]
- redhat/configs: enable CONFIG_INET_DIAG_DESTROY (Andrea Claudi) [2230213]
- net/sched: cls_u32: Fix reference counter leak leading to overflow (Davide Caratti) [2225202] {CVE-2023-3609}
- cifs: fix bogus cifs_mount error handling in RHEL8 (Jeffrey Layton) [2215018]
- KVM: nVMX: add missing consistency checks for CR0 and CR4 (Ricardo Robaina) [2190257] {CVE-2023-30456}
- netfilter: snat: evict closing tcp entries on reply tuple collision (Florian Westphal) [2196717]
- tun: avoid double free in tun_free_netdev (Jon Maloy) [2156366 2156371] {CVE-2022-4744}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (Davide Caratti) [2225103] {CVE-2023-3776}
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Davide Caratti) [2225196] {CVE-2023-3611}
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (Davide Caratti) [2225196]
- net/sched: sch_qfq: refactor parsing of netlink parameters (Davide Caratti) [2225196]
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225512] {CVE-2023-4128}
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225512] {CVE-2023-4128}
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225512] {CVE-2023-4128}
- scsi: lpfc: Remove reftag check in DIF paths (Paul Ely) [2229152]
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (Paul Ely) [2229152]
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (Paul Ely) [2229152]
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (Paul Ely) [2229152]
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (Paul Ely) [2229152]
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (Paul Ely) [2229152]
- gfs2: Fix freeze consistency check in gfs2_trans_add_meta (Andreas Gruenbacher) [2095340]
- gfs2: gfs2_freeze_lock_shared cleanup (Andreas Gruenbacher) [2095340]
- gfs2: Replace sd_freeze_state with SDF_FROZEN flag (Andreas Gruenbacher) [2095340]
- gfs2: Rework freeze / thaw logic (Andreas Gruenbacher) [2095340]
- gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} (Andreas Gruenbacher) [2095340]
- gfs2: Reconfiguring frozen filesystem already rejected (Andreas Gruenbacher) [2095340]
- gfs2: Rename gfs2_freeze_lock{ => _shared } (Andreas Gruenbacher) [2095340]
- gfs2: Rename the {freeze,thaw}_super callbacks (Andreas Gruenbacher) [2095340]
- gfs2: Rename remaining "transaction" glock references (Andreas Gruenbacher) [2095340]
- gfs2: init system threads before freeze lock (Bob Peterson) [2095340]
- net: mana: Use the correct WQE count for ringing RQ doorbell (Bandan Das) [2222573]
- net: mana: Batch ringing RX queue doorbell on receiving packets (Bandan Das) [2222573]
- net: mana: Add support for vlan tagging (Bandan Das) [2222573]
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (Bandan Das) [2222573]
- net: mana: Check if netdev/napi_alloc_frag returns single page (Bandan Das) [2222573]
- net: mana: Rename mana_refill_rxoob and remove some empty lines (Bandan Das) [2222573]
- net: mana: Add support for jumbo frame (Bandan Das) [2222573]
- net: mana: Enable RX path to handle various MTU sizes (Bandan Das) [2222573]
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (Bandan Das) [2222573]
- net: mana: Use napi_build_skb in RX path (Bandan Das) [2222573]
- net: mana: Remove redundant pci_clear_master (Bandan Das) [2222573]
- net: mana: Add new MANA VF performance counters for easier troubleshooting (Bandan Das) [2222573]
- ice: Fix NULL pointer deref during VF reset (Petr Oros) [2227743]
- x86/kasan: Populate shadow for shared chunk of the CPU entry area (Rafael Aquini) [2232451]
- x86/kasan: Add helpers to align shadow addresses up and down (Rafael Aquini) [2232451]
- x86/kasan: Rename local CPU_ENTRY_AREA variables to shorten names (Rafael Aquini) [2232451]
- x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area (Rafael Aquini) [2232451]
- x86/mm: Recompute physical address for every page of per-CPU CEA mapping (Rafael Aquini) [2232451]
Resolves: rhbz#2095340, rhbz#2156366, rhbz#2156371, rhbz#2190257, rhbz#2196717, rhbz#2215018, rhbz#2222573, rhbz#2225103, rhbz#2225196, rhbz#2225202, rhbz#2225512, rhbz#2227743, rhbz#2229152, rhbz#2230213, rhbz#2232451

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>

kernel-aarch64-debug.config

@@ -811,7 +811,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
 # CONFIG_INFINIBAND_HFI1 is not set
 # CONFIG_INFINIBAND_HNS is not set
@@ -3598,6 +3597,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-aarch64.config

@@ -864,7 +864,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
 # CONFIG_INFINIBAND_HFI1 is not set
 # CONFIG_INFINIBAND_HNS is not set
@@ -3614,6 +3613,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-ppc64le-debug.config

@@ -726,7 +726,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_EFA is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
 # CONFIG_INFINIBAND_HFI1 is not set
@@ -3245,6 +3244,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-ppc64le.config

@@ -782,7 +782,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_EFA is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
 # CONFIG_INFINIBAND_HFI1 is not set
@@ -3258,6 +3257,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-s390x-debug.config

@@ -765,7 +765,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_BNXT_RE is not set
 # CONFIG_INFINIBAND_EFA is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
@@ -3308,6 +3307,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-s390x-zfcpdump.config

@@ -890,7 +890,6 @@
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
 # CONFIG_INET is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_BNXT_RE is not set
 # CONFIG_INFINIBAND_EFA is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
@@ -3450,6 +3449,7 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m
 CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-s390x.config

@@ -820,7 +820,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_BNXT_RE is not set
 # CONFIG_INFINIBAND_EFA is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
@@ -3323,6 +3322,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-x86_64-debug.config

@@ -727,7 +727,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
 # CONFIG_INFINIBAND_HNS is not set
 # CONFIG_INFINIBAND_HNS_HIP08 is not set
@@ -3408,6 +3407,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel-x86_64.config

@@ -781,7 +781,6 @@
 # CONFIG_IMA_NG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_INA2XX_ADC is not set
-# CONFIG_INET_DIAG_DESTROY is not set
 # CONFIG_INFINIBAND_EXP_LEGACY_VERBS_NEW_UAPI is not set
 # CONFIG_INFINIBAND_HNS is not set
 # CONFIG_INFINIBAND_HNS_HIP08 is not set
@@ -3423,6 +3422,7 @@ CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET=y
 CONFIG_INET_AH=m
 CONFIG_INET_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y
 CONFIG_INET_ESP=m
 CONFIG_INET_ESPINTCP=y
 CONFIG_INET_ESP_OFFLOAD=m

kernel.spec

@@ -12,7 +12,7 @@
 # change below to w4T.xzdio):
 %define _binary_payload w3T.xzdio
 
-%global distro_build 512
+%global distro_build 513
 
 # Sign the x86_64 kernel for secure boot authentication
 %ifarch x86_64 aarch64 s390x ppc64le
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 512.el8
+%define pkgrelease 513.el8
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 512%{?dist}
+%define specrelease 513%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2695,6 +2695,55 @@ fi
 #
 #
 %changelog
+* Fri Aug 25 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-513.el8]
+- redhat/configs: enable CONFIG_INET_DIAG_DESTROY (Andrea Claudi) [2230213]
+- net/sched: cls_u32: Fix reference counter leak leading to overflow (Davide Caratti) [2225202] {CVE-2023-3609}
+- cifs: fix bogus cifs_mount error handling in RHEL8 (Jeffrey Layton) [2215018]
+- KVM: nVMX: add missing consistency checks for CR0 and CR4 (Ricardo Robaina) [2190257] {CVE-2023-30456}
+- netfilter: snat: evict closing tcp entries on reply tuple collision (Florian Westphal) [2196717]
+- tun: avoid double free in tun_free_netdev (Jon Maloy) [2156366 2156371] {CVE-2022-4744}
+- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (Davide Caratti) [2225103] {CVE-2023-3776}
+- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Davide Caratti) [2225196] {CVE-2023-3611}
+- net/sched: sch_qfq: reintroduce lmax bound check for MTU (Davide Caratti) [2225196]
+- net/sched: sch_qfq: refactor parsing of netlink parameters (Davide Caratti) [2225196]
+- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225512] {CVE-2023-4128}
+- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225512] {CVE-2023-4128}
+- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225512] {CVE-2023-4128}
+- scsi: lpfc: Remove reftag check in DIF paths (Paul Ely) [2229152]
+- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (Paul Ely) [2229152]
+- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (Paul Ely) [2229152]
+- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (Paul Ely) [2229152]
+- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (Paul Ely) [2229152]
+- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (Paul Ely) [2229152]
+- gfs2: Fix freeze consistency check in gfs2_trans_add_meta (Andreas Gruenbacher) [2095340]
+- gfs2: gfs2_freeze_lock_shared cleanup (Andreas Gruenbacher) [2095340]
+- gfs2: Replace sd_freeze_state with SDF_FROZEN flag (Andreas Gruenbacher) [2095340]
+- gfs2: Rework freeze / thaw logic (Andreas Gruenbacher) [2095340]
+- gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} (Andreas Gruenbacher) [2095340]
+- gfs2: Reconfiguring frozen filesystem already rejected (Andreas Gruenbacher) [2095340]
+- gfs2: Rename gfs2_freeze_lock{ => _shared } (Andreas Gruenbacher) [2095340]
+- gfs2: Rename the {freeze,thaw}_super callbacks (Andreas Gruenbacher) [2095340]
+- gfs2: Rename remaining "transaction" glock references (Andreas Gruenbacher) [2095340]
+- gfs2: init system threads before freeze lock (Bob Peterson) [2095340]
+- net: mana: Use the correct WQE count for ringing RQ doorbell (Bandan Das) [2222573]
+- net: mana: Batch ringing RX queue doorbell on receiving packets (Bandan Das) [2222573]
+- net: mana: Add support for vlan tagging (Bandan Das) [2222573]
+- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (Bandan Das) [2222573]
+- net: mana: Check if netdev/napi_alloc_frag returns single page (Bandan Das) [2222573]
+- net: mana: Rename mana_refill_rxoob and remove some empty lines (Bandan Das) [2222573]
+- net: mana: Add support for jumbo frame (Bandan Das) [2222573]
+- net: mana: Enable RX path to handle various MTU sizes (Bandan Das) [2222573]
+- net: mana: Refactor RX buffer allocation code to prepare for various MTU (Bandan Das) [2222573]
+- net: mana: Use napi_build_skb in RX path (Bandan Das) [2222573]
+- net: mana: Remove redundant pci_clear_master (Bandan Das) [2222573]
+- net: mana: Add new MANA VF performance counters for easier troubleshooting (Bandan Das) [2222573]
+- ice: Fix NULL pointer deref during VF reset (Petr Oros) [2227743]
+- x86/kasan: Populate shadow for shared chunk of the CPU entry area (Rafael Aquini) [2232451]
+- x86/kasan: Add helpers to align shadow addresses up and down (Rafael Aquini) [2232451]
+- x86/kasan: Rename local CPU_ENTRY_AREA variables to shorten names (Rafael Aquini) [2232451]
+- x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area (Rafael Aquini) [2232451]
+- x86/mm: Recompute physical address for every page of per-CPU CEA mapping (Rafael Aquini) [2232451]
+
 * Tue Aug 22 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-512.el8]
 - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (Benjamin Marzinski) [2227951]
 - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Florian Westphal) [2221046] {CVE-2023-35001}

sources

@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-512.el8.tar.xz) = 8a8e193013d0e6e477941763e9ca58580261252ae5dee3689dac1af8ac09ecbf0558112cfc8ff51bb5d1d77e2032aeee76663c65c409db5d7f5c5076aa183b2a
-SHA512 (kernel-abi-stablelists-4.18.0-512.tar.bz2) = 7f0b97ec51b40cc4c4ba12cbe48ddc208a6eab744829d7938e068c468e7ea665816e439f9c2588b9403213efc6b5e7e2b2c2b24ffd4a904145b319500bae0db7
-SHA512 (kernel-kabi-dw-4.18.0-512.tar.bz2) = f7bbf94096acc33486535d9eece268c543c6a05d93ee262d64dc22b220f1cb3ff49b4cf091a5c748811c4229fdf674be4c816174575161b0ca5e457726595b32
+SHA512 (linux-4.18.0-513.el8.tar.xz) = 957a2fab4cffd445cdf2dc67715b3a2675cb534d506b352bdace0f53afe028e0c829a713fc0ff2677b695600efbb33172e26f0cc9a259fe59de66ea1a4b62446
+SHA512 (kernel-abi-stablelists-4.18.0-513.tar.bz2) = 7a6bf72854edb8b92da1397616e3564b2e7ef85c4e0be33b5ace8834c51957b2487a3b9085d7f13d1200b81cbfb635f8555a267b8e362b814b48280897469c3b
+SHA512 (kernel-kabi-dw-4.18.0-513.tar.bz2) = f7bbf94096acc33486535d9eece268c543c6a05d93ee262d64dc22b220f1cb3ff49b4cf091a5c748811c4229fdf674be4c816174575161b0ca5e457726595b32