kernel-5.14.0-555.el9

* Thu Jan 23 2025 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-555.el9]
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Xin Long) [RHEL-73625]
- sctp: fix possible UAF in sctp_v6_available() (Xin Long) [RHEL-73625] {CVE-2024-53139}
- tipc: fix NULL deref in cleanup_bearer() (Xin Long) [RHEL-72258]
- tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Xin Long) [RHEL-72258] {CVE-2024-56642}
- KVM: s390: add gen17 facilities to CPU model (Mete Durlu) [RHEL-50767]
- KVM: s390: add msa11 to cpu model (Mete Durlu) [RHEL-50767]
- KVM: s390: add concurrent-function facility to cpu model (Mete Durlu) [RHEL-50767]
- s390/uv: Provide host-key hashes in sysfs (Mete Durlu) [RHEL-50752]
- s390/uv: Refactor uv-sysfs creation (Mete Durlu) [RHEL-50752]
- s390/uvdevice: Support longer secret lists (Mete Durlu) [RHEL-50754]
- s390/uv: Retrieve UV secrets sysfs support (Mete Durlu) [RHEL-50754]
- s390/uvdevice: Increase indent in IOCTL definitions (Mete Durlu) [RHEL-50754]
- s390/uvdevice: Add Retrieve Secret IOCTL (Mete Durlu) [RHEL-50754]
- s390/uv: Retrieve UV secrets support (Mete Durlu) [RHEL-50754]
- s390/uv: Use a constant for more-data rc (Mete Durlu) [RHEL-50754]
- s390: Remove protvirt and kvm config guards for uv code (Mete Durlu) [RHEL-50754]
- geneve: do not assume mac header is set in geneve_xmit_skb() (Guillaume Nault) [RHEL-73420]
- net/ipv6: release expired exception dst cached in socket (Guillaume Nault) [RHEL-72264] {CVE-2024-56644}
- ipv6: Fix soft lockups in fib6_select_path under high next hop churn (Hangbin Liu) [RHEL-73281]
- selftests: net: really check for bg process completion (Hangbin Liu) [RHEL-73281]
- ipv6: release nexthop on device removal (Hangbin Liu) [RHEL-73281]
- selftests: vrf_route_leaking: add local test (Hangbin Liu) [RHEL-73281]
- ipv6: take care of scope when choosing the src addr (Hangbin Liu) [RHEL-73281]
- ipv6: fix source address selection with route leak (Hangbin Liu) [RHEL-73281]
- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73276]
- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73276]
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73276]
- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73276]
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73276]
- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73276]
- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73276]
- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73276]
- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73276]
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime (CKI Backport Bot) [RHEL-73275]
- ptp: Fix error message on failed pin verification (CKI Backport Bot) [RHEL-73275]
- vp_vdpa: fix id_table array not null terminated error (Jon Maloy) [RHEL-69651] {CVE-2024-53110}
- vdpa/mlx5: Fix invalid mr resource destroy (Jon Maloy) [RHEL-63223] {CVE-2024-47687}
- net: sched: fix ordering of qlen adjustment (CKI Backport Bot) [RHEL-72377 RHEL-73151] {CVE-2024-53164}
- net_sched: sch_fq: don't follow the fast path if Tx is behind now (CKI Backport Bot) [RHEL-73151]
- net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. (CKI Backport Bot) [RHEL-73151]
- net: tun: Fix use-after-free in tun_detach() (Jon Maloy) [RHEL-63736] {CVE-2022-49014}
- i40e: add ability to reset VF for Tx and Rx MDD events (Michal Schmidt) [RHEL-54223]
- xfs: ensure submit buffers on LSN boundaries in error handlers (Bill O'Donnell) [RHEL-68860]
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (Bill O'Donnell) [RHEL-68860]
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (Bill O'Donnell) [RHEL-68860]
- xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set (Bill O'Donnell) [RHEL-68860]
- xfs: attr forks require attr, not attr2 (Bill O'Donnell) [RHEL-68860]
- xfs: convert comma to semicolon (Bill O'Donnell) [RHEL-68860]
- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (Bill O'Donnell) [RHEL-68860]
- xfs: allow unlinked symlinks and dirs with zero size (Bill O'Donnell) [RHEL-68860]
- xfs: restrict when we try to align cow fork delalloc to cowextsz hints (Bill O'Donnell) [RHEL-68860]
- xfs: fix unlink vs cluster buffer instantiation race (Bill O'Donnell) [RHEL-68860]
- xfs: match lock mode in xfs_buffered_write_iomap_begin() (Bill O'Donnell) [RHEL-68860]
- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (Bill O'Donnell) [RHEL-68860]
- xfs: shrink failure needs to hold AGI buffer (Bill O'Donnell) [RHEL-68860]
- idpf: trigger SW interrupt when exiting wb_on_itr mode (Michal Schmidt) [RHEL-50916]
- idpf: add support for SW triggered interrupts (Michal Schmidt) [RHEL-50916]
- idpf: set completion tag for "empty" bufs associated with a packet (Michal Schmidt) [RHEL-50916]
- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-50916]
- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-50916]
- idpf: fix VF dynamic interrupt ctl register initialization (Michal Schmidt) [RHEL-50916]
- idpf: enable WB_ON_ITR (Michal Schmidt) [RHEL-50916]
- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-50916]
- idpf: refactor Tx completion routines (Michal Schmidt) [RHEL-50916]
- idpf: convert to libeth Tx buffer completion (Michal Schmidt) [RHEL-50916]
- idpf: remove redundant 'req_vec_chunks' NULL check (Michal Schmidt) [RHEL-50916]
- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-50916 RHEL-58452] {CVE-2024-44932}
- idpf: use libeth Rx buffer management for payload buffer (Michal Schmidt) [RHEL-50916]
- idpf: convert header split mode to libeth + napi_build_skb() (Michal Schmidt) [RHEL-50916]
- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-50916]
- idpf: reuse libeth's definitions of parsed ptype structures (Michal Schmidt) [RHEL-50916]
- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-50916]
- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-50916 RHEL-57131] {CVE-2024-44964}
- redhat/configs: set CONFIG_IDPF_SINGLEQ to disabled (Michal Schmidt) [RHEL-50916]
- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-50916]
- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-50916]
- idpf: Don't hard code napi_struct size (Michal Schmidt) [RHEL-50916]
- idpf: strictly assert cachelines of queue and queue vector structures (Michal Schmidt) [RHEL-50916]
- idpf: avoid bloating &idpf_q_vector with big %%NR_CPUS (Michal Schmidt) [RHEL-50916]
- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-50916]
- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-50916]
- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-50916]
- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-50916]
- idpf: sprinkle __counted_by{,_le}() in the virtchnl2 header (Michal Schmidt) [RHEL-50916]
- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-50916]
- selftests/powerpc: Fix build with USERCFLAGS set (Mamatha Inamdar) [RHEL-74480]
- selftests/powerpc: make sub-folders buildable on their own (Mamatha Inamdar) [RHEL-74480]
- selftests/powerpc: Add flags.mk to support pmu buildable (Mamatha Inamdar) [RHEL-74480]
- selftests/powerpc: Re-order *FLAGS to follow lib.mk (Mamatha Inamdar) [RHEL-74480]
- zram: don't free statically defined names (Ming Lei) [RHEL-63884] {CVE-2024-50064}
- zram: free secondary algorithms names (Ming Lei) [RHEL-63884] {CVE-2024-50064}
- net: Fix icmp host relookup triggering ip_rt_bug (Hangbin Liu) [RHEL-72380] {CVE-2024-56647}
- powerpc/mm/fault: Fix kfence page fault reporting (Mamatha Inamdar) [RHEL-74445]
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Benjamin Coddington) [RHEL-72352] {CVE-2024-53173}
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Benjamin Coddington) [RHEL-72398] {CVE-2024-56688}
- smb: Initialize cfid->tcon before performing network ops (Paulo Alcantara) [RHEL-72459] {CVE-2024-56729}
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-71525] {CVE-2024-50275}
- bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (Sabrina Dubroca) [RHEL-68543] {CVE-2024-53091}
- Bluetooth: hci_conn: Use disable_delayed_work_sync (CKI Backport Bot) [RHEL-72334] {CVE-2024-56591}
- perf machine: Initialize machine->env to address a segfault (Michael Petlan) [RHEL-65416]
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (CKI Backport Bot) [RHEL-72297] {CVE-2024-56590}
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (Mamatha Inamdar) [RHEL-58802]
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 (Mamatha Inamdar) [RHEL-58802]
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (Mamatha Inamdar) [RHEL-58802]
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (Mamatha Inamdar) [RHEL-58802]
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (Mamatha Inamdar) [RHEL-58802]
- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (CKI Backport Bot) [RHEL-72291] {CVE-2024-56604}
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (CKI Backport Bot) [RHEL-72255] {CVE-2024-56654}
- zram: fix NULL pointer in comp_algorithm_show() (Ming Lei) [RHEL-72367] {CVE-2024-53222}
- brd: defer automatic disk creation until module initialization succeeds (Ming Lei) [RHEL-72386] {CVE-2024-56693}
- block, bfq: fix bfqq uaf in bfq_limit_depth() (Ming Lei) [RHEL-72358] {CVE-2024-53166}
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (Mete Durlu) [RHEL-74381]
- redhat: Add python3-docutils for selftests build dependency (Julio Faracco) [RHEL-74391]
- mm/vmscan: wake up flushers conditionally to avoid cgroup OOM (Waiman Long) [RHEL-72577]
- mm/mglru: Revert 'Revert "don't sync disk for each aging cycle"' (Waiman Long) [RHEL-72577]
- SUNRPC: make sure cache entry active before cache_show (Olga Kornievskaia) [RHEL-72340] {CVE-2024-53174}
- powerpc/pseries/iommu: Don't unset window if it was never set (Mamatha Inamdar) [RHEL-74049]
- NFSD: Prevent a potential integer overflow (Olga Kornievskaia) [RHEL-72114] {CVE-2024-53146}
- nfsd: make sure exp active before svc_export_show (Olga Kornievskaia) [RHEL-72249] {CVE-2024-56558}
- tools/rtla: Use pkg-config in lib_setup of Makefile.config (Luis Claudio R. Goncalves) [RHEL-69738]
- tracing: Remove extra space at the end of hwlat_detector/mode (Luis Claudio R. Goncalves) [RHEL-69738]
- trace/hwlat: Do not wipe the contents of per-cpu thread data (Luis Claudio R. Goncalves) [RHEL-69738]
- trace/hwlat: Do not start per-cpu thread if it is already running (Luis Claudio R. Goncalves) [RHEL-69738]
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (Luis Claudio R. Goncalves) [RHEL-69738]
- tracing/hwlat: Make some internal symbols static (Luis Claudio R. Goncalves) [RHEL-69738]
- tools/rtla: Improve exception handling in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
- tools/rtla: Enhance argument parsing in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
- tools/rtla: Improve code readability in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
- rtla/timerlat: Do not set params->user_workload with -U (Luis Claudio R. Goncalves) [RHEL-69738]
- tools/rtla: fix collision with glibc sched_attr/sched_set_attr (Luis Claudio R. Goncalves) [RHEL-69738]
- tools/rtla: drop __NR_sched_getattr (Luis Claudio R. Goncalves) [RHEL-69738]
- rtla: Fix consistency in getopt_long for timerlat_hist (Luis Claudio R. Goncalves) [RHEL-69738]
- rtla: use the definition for stdout fd when calling isatty() (Luis Claudio R. Goncalves) [RHEL-69738]
- rtla: Fix the help text in osnoise and timerlat top tools (Luis Claudio R. Goncalves) [RHEL-69738]
- tools/rtla: Fix installation from out-of-tree build (Luis Claudio R. Goncalves) [RHEL-69738]
- rtla/osnoise: Prevent NULL dereference in error handling (Luis Claudio R. Goncalves) [RHEL-69738] {CVE-2024-45002}
- rtla/timerlat: Make user-space threads the default (Luis Claudio R. Goncalves) [RHEL-69738]
- bpf, sockmap: Fix race between element replace and close() (Felix Maurer) [RHEL-68071 RHEL-72246] {CVE-2024-56664}
- xsk: Free skb when TX metadata options are invalid (Felix Maurer) [RHEL-40153 RHEL-68071]
- xsk: always clear DMA mapping information when unmapping the pool (Felix Maurer) [RHEL-68071]
- bpf: fix OOB devmap writes when deleting elements (Felix Maurer) [RHEL-68071]
- xsk: fix OOB map writes when deleting elements (Felix Maurer) [RHEL-68071 RHEL-72252] {CVE-2024-56614}
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Felix Maurer) [RHEL-59445 RHEL-68071] {CVE-2024-46783}
- bpf: Remove tst_run from lwt_seg6local_prog_ops. (Felix Maurer) [RHEL-59341 RHEL-68071] {CVE-2024-46754}
- ice: implement low latency PHY timer updates (Petr Oros) [RHEL-25338]
- ice: check low latency PHY timer update firmware capability (Petr Oros) [RHEL-25338]
- ice: add lock to protect low latency interface (Petr Oros) [RHEL-25338]
- ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_* (Petr Oros) [RHEL-25338]
- ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810 (Petr Oros) [RHEL-25338]
- tpm_tis_spi: Add compatible string atmel,attpm20p (Štěpán Horáček) [RHEL-52747]
- libstub,tpm: do not ignore failure case when reading final event log (Štěpán Horáček) [RHEL-52747]
- tpm: fix unsigned/signed mismatch errors related to __calc_tpm2_event_size (Štěpán Horáček) [RHEL-52747]
- tpm: do not ignore memblock_reserve return value (Štěpán Horáček) [RHEL-52747]
- tpm: fix signed/unsigned bug when checking event logs (Štěpán Horáček) [RHEL-52747]
- tpm: Lock TPM chip in tpm_pm_suspend() first (Štěpán Horáček) [RHEL-68209] {CVE-2024-53085}
- tpm: Clean up TPM space after command failure (Štěpán Horáček) [RHEL-63357] {CVE-2024-49851}
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (Štěpán Horáček) [RHEL-52747]
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Štěpán Horáček) [RHEL-52747]
- tpm_tis_spi: add missing attpm20p SPI device ID entry (Štěpán Horáček) [RHEL-52747]
- KEYS: trusted: Do not use WARN when encode fails (Štěpán Horáček) [RHEL-52747]
- KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers (Štěpán Horáček) [RHEL-52747]
- tpm: Add tpm_buf_read_{u8,u16,u32} (Štěpán Horáček) [RHEL-52747]
- tpm: TPM2B formatted buffers (Štěpán Horáček) [RHEL-52747]
- tpm: Store the length of the tpm_buf data separately. (Štěpán Horáček) [RHEL-52747]
- tpm: Update struct tpm_buf documentation comments (Štěpán Horáček) [RHEL-52747]
- tpm: Move buffer handling from static inlines to real functions (Štěpán Horáček) [RHEL-52747]
- tpm: Remove tpm_send() (Štěpán Horáček) [RHEL-52747]
- tpm: Remove unused tpm_buf_tag() (Štěpán Horáček) [RHEL-52747]
- tpm/eventlog: remove redundant assignment to variabel ret (Štěpán Horáček) [RHEL-52747]
- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-73657] {CVE-2024-54680}
- nvmet: Don't overflow subsysnqn (CKI Backport Bot) [RHEL-74081] {CVE-2024-53681}
- PCI: Wait for Link before restoring Downstream Buses (Myron Stowe) [RHEL-71363]
- PCI: Use an error code with PCIe failed link retraining (Myron Stowe) [RHEL-71363]
- PCI: Correct error reporting with PCIe failed link retraining (Myron Stowe) [RHEL-71363]
- PCI: Revert to the original speed after PCIe failed link retraining (Myron Stowe) [RHEL-71363]
- PCI: Clear the LBMS bit after a link retrain (Myron Stowe) [RHEL-71363]
- PCI: Wait for device readiness with Configuration RRS (Myron Stowe) [RHEL-71363]
- s390/pci: Add pci_msg debug view to PCI report (Mete Durlu) [RHEL-50792]
- s390/debug: Add a reverse mode for debug_dump() (Mete Durlu) [RHEL-50792]
- s390/debug: Add debug_dump() to write debug view to a string buffer (Mete Durlu) [RHEL-50792]
- s390/debug: Split private data alloc/free out of file operations (Mete Durlu) [RHEL-50792]
- s390/debug: Simplify and document debug_next_entry() logic (Mete Durlu) [RHEL-50792]
- s390/pci: Report PCI error recovery results via SCLP (Mete Durlu) [RHEL-50792]
- s390/debug: Pass in and enforce output buffer size for format handlers (Mete Durlu) [RHEL-50792]
- s390/sclp: Allow user-space to provide PCI reports for optical modules (Mete Durlu) [RHEL-71265]
- Enable peer to peer DMA for ROCm (Mika Penttilä) [RHEL-9998]
- pinmux: Use sequential access to access desc->pinmux data (David Arcari) [RHEL-73715] {CVE-2024-47141}
- block: Prevent potential deadlocks in zone write plug error recovery (Ming Lei) [RHEL-71498]
- dm: Fix dm-zoned-reclaim zone write pointer alignment (Ming Lei) [RHEL-71498]
- block: Ignore REQ_NOWAIT for zone reset and zone finish operations (Ming Lei) [RHEL-71498]
- block: Use a zone write plug BIO work for REQ_NOWAIT BIOs (Ming Lei) [RHEL-71498]
- block: Prevent potential deadlock in blk_revalidate_disk_zones() (Ming Lei) [RHEL-71498]
- block: Switch to using refcount_t for zone write plugs (Ming Lei) [RHEL-71498]
- block: Add a public bdev_zone_is_seq() helper (Ming Lei) [RHEL-71498]
- block: RCU protect disk->conv_zones_bitmap (Ming Lei) [RHEL-71498]
- MAINTAINERS: Make Kristen Accardi the IAA crypto driver maintainer (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Remove potential infinite loop in check_completion() (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Fix potential use after free bug (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Use cpumask_weight() when rebalancing (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Fix some errors in IAA documentation (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Change iaa statistics to atomic64_t (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Add global_stats file and remove individual stat files (Vladis Dronov) [RHEL-49539]
- crypto: iaa - Remove comp/decomp delay statistics (Vladis Dronov) [RHEL-49539]
- crypto: iaa - fix decomp_bytes_in stats (Vladis Dronov) [RHEL-49539]
- cppc_cpufreq: Remove HiSilicon CPPC workaround (Mark Langsdorf) [RHEL-65441]
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (Mark Langsdorf) [RHEL-65441]
- nbd: fix partial sending (Ming Lei) [RHEL-64338]
- kernel.spec: perf: fix C++ demangle support (Michael Petlan) [RHEL-69463]
- mptcp: fix TCP options overflow. (CKI Backport Bot) [RHEL-73516]
- Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x (CKI Backport Bot) [RHEL-70424]
- netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level (CKI Backport Bot) [RHEL-73350] {CVE-2024-56783}
- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (Benjamin Coddington) [RHEL-67304]
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (CKI Backport Bot) [RHEL-73708]
- netfilter: nft_set_hash: skip duplicated elements pending gc run (CKI Backport Bot) [RHEL-73708]
- netfilter: nft_inner: incorrect percpu area handling under softirq (CKI Backport Bot) [RHEL-73708]
- netfilter: x_tables: fix LED ID check in led_tg_check() (CKI Backport Bot) [RHEL-73708]
- netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-73708]
- netfilter: nf_tables: must hold rcu read lock while iterating object type list (CKI Backport Bot) [RHEL-73708]
- netfilter: nf_tables: must hold rcu read lock while iterating expression type list (CKI Backport Bot) [RHEL-73708]
- netfilter: fib: check correct rtable in vrf setups (CKI Backport Bot) [RHEL-73708]
- netfilter: allow ipv6 fragments to arrive on different devices (CKI Backport Bot) [RHEL-73708]
- netfilter: ctnetlink: support CTA_FILTER for flush (CKI Backport Bot) [RHEL-73708]
- netfilter: nfnetlink: convert kfree_skb to consume_skb (CKI Backport Bot) [RHEL-73708]
- netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery (CKI Backport Bot) [RHEL-73708]
- netfilter: nf_tables: skip transaction if update object is not implemented (CKI Backport Bot) [RHEL-73708]
- netfilter: ip6_tables: zero-initialize fragment offset (CKI Backport Bot) [RHEL-73708]
- fadump: reserve param area if below boot_mem_top (Mamatha Inamdar) [RHEL-73120]
- powerpc/fadump: allocate memory for additional parameters early (Mamatha Inamdar) [RHEL-73120]
- Bluetooth: btusb: mediatek: change the conditions for ISO interface (Bastien Nocera) [RHEL-72839]
- Bluetooth: btusb: mediatek: add intf release flow when usb disconnect (Bastien Nocera) [RHEL-72839] {CVE-2024-56757}
- Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (Bastien Nocera) [RHEL-72839]
- Bluetooth: btusb: mediatek: move Bluetooth power off command position (Bastien Nocera) [RHEL-72839]
Resolves: RHEL-25338, RHEL-40153, RHEL-49539, RHEL-50752, RHEL-50754, RHEL-50767, RHEL-50792, RHEL-50916, RHEL-52747, RHEL-54223, RHEL-57131, RHEL-58452, RHEL-58802, RHEL-59341, RHEL-59445, RHEL-63223, RHEL-63357, RHEL-63736, RHEL-63884, RHEL-64338, RHEL-65416, RHEL-65441, RHEL-67304, RHEL-68071, RHEL-68209, RHEL-68543, RHEL-68860, RHEL-69463, RHEL-69651, RHEL-69738, RHEL-70424, RHEL-71265, RHEL-71363, RHEL-71498, RHEL-71525, RHEL-72114, RHEL-72246, RHEL-72249, RHEL-72252, RHEL-72255, RHEL-72258, RHEL-72264, RHEL-72291, RHEL-72297, RHEL-72334, RHEL-72340, RHEL-72352, RHEL-72358, RHEL-72367, RHEL-72377, RHEL-72380, RHEL-72386, RHEL-72398, RHEL-72459, RHEL-72577, RHEL-72839, RHEL-73120, RHEL-73151, RHEL-73275, RHEL-73276, RHEL-73281, RHEL-73350, RHEL-73420, RHEL-73516, RHEL-73625, RHEL-73657, RHEL-73708, RHEL-73715, RHEL-74049, RHEL-74081, RHEL-74381, RHEL-74391, RHEL-74445, RHEL-74480, RHEL-9998

Signed-off-by: Rado Vrbovsky <rvrbovsk@redhat.com>

Makefile.rhelver

@@ -12,7 +12,7 @@ RHEL_MINOR = 6
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 554
+RHEL_RELEASE = 555
 
 #
 # ZSTREAM

kernel-aarch64-64k-debug-rhel.config

@@ -2274,7 +2274,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HPFS_FS is not set
 CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2435,6 +2435,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-aarch64-64k-rhel.config

@@ -2258,7 +2258,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HPFS_FS is not set
 CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2419,6 +2419,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-aarch64-debug-rhel.config

@@ -2272,7 +2272,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HPFS_FS is not set
 CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2433,6 +2433,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-aarch64-rhel.config

@@ -2256,7 +2256,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HPFS_FS is not set
 CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2417,6 +2417,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-aarch64-rt-debug-rhel.config

@@ -2326,7 +2326,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HPFS_FS is not set
 CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2487,6 +2487,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-aarch64-rt-rhel.config

@@ -2310,7 +2310,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HPFS_FS is not set
 CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2471,6 +2471,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-ppc64le-debug-rhel.config

@@ -2003,7 +2003,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HP206C is not set
 # CONFIG_HPFS_FS is not set
 # CONFIG_HP_ILO is not set
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2156,6 +2156,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-ppc64le-rhel.config

@@ -1987,7 +1987,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HP206C is not set
 # CONFIG_HPFS_FS is not set
 # CONFIG_HP_ILO is not set
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2140,6 +2140,7 @@ CONFIG_ICPLUS_PHY=m
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-s390x-debug-rhel.config

@@ -2000,7 +2000,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HP206C is not set
 # CONFIG_HPFS_FS is not set
 # CONFIG_HP_ILO is not set
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2142,6 +2142,7 @@ CONFIG_ICE_SWITCHDEV=y
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-s390x-rhel.config

@@ -1984,7 +1984,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HP206C is not set
 # CONFIG_HPFS_FS is not set
 # CONFIG_HP_ILO is not set
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2126,6 +2126,7 @@ CONFIG_ICE_SWITCHDEV=y
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-s390x-zfcpdump-rhel.config

@@ -1993,7 +1993,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HP206C is not set
 # CONFIG_HPFS_FS is not set
 # CONFIG_HP_ILO is not set
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2136,6 +2136,7 @@ CONFIG_ICE_SWITCHDEV=y
 # CONFIG_IDLE_INJECT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set
 # CONFIG_IEEE802154_AT86RF230 is not set

kernel-x86_64-debug-rhel.config

@@ -2139,7 +2139,7 @@ CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
 CONFIG_HPWDT_NMI_DECODING=y
 CONFIG_HP_WMI=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2291,6 +2291,7 @@ CONFIG_IDEAPAD_LAPTOP=m
 CONFIG_IDLE_INJECT=y
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 # CONFIG_IE6XX_WDT is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set

kernel-x86_64-rhel.config

@@ -2123,7 +2123,7 @@ CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
 CONFIG_HPWDT_NMI_DECODING=y
 CONFIG_HP_WMI=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2275,6 +2275,7 @@ CONFIG_IDEAPAD_LAPTOP=m
 CONFIG_IDLE_INJECT=y
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 # CONFIG_IE6XX_WDT is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set

kernel-x86_64-rt-debug-rhel.config

@@ -2193,7 +2193,7 @@ CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
 CONFIG_HPWDT_NMI_DECODING=y
 CONFIG_HP_WMI=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2345,6 +2345,7 @@ CONFIG_IDEAPAD_LAPTOP=m
 CONFIG_IDLE_INJECT=y
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 # CONFIG_IE6XX_WDT is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set

kernel-x86_64-rt-rhel.config

@@ -2177,7 +2177,7 @@ CONFIG_HP_ILO=m
 CONFIG_HP_WATCHDOG=m
 CONFIG_HPWDT_NMI_DECODING=y
 CONFIG_HP_WMI=m
-# CONFIG_HSA_AMD_P2P is not set
+CONFIG_HSA_AMD_P2P=y
 CONFIG_HSA_AMD_SVM=y
 CONFIG_HSA_AMD=y
 # CONFIG_HSI is not set
@@ -2329,6 +2329,7 @@ CONFIG_IDEAPAD_LAPTOP=m
 CONFIG_IDLE_INJECT=y
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IDPF=m
+# CONFIG_IDPF_SINGLEQ is not set
 # CONFIG_IE6XX_WDT is not set
 CONFIG_IEEE802154_6LOWPAN=m
 # CONFIG_IEEE802154_ADF7242 is not set

kernel.changelog

@@ -1,3 +1,239 @@
+* Thu Jan 23 2025 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-555.el9]
+- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Xin Long) [RHEL-73625]
+- sctp: fix possible UAF in sctp_v6_available() (Xin Long) [RHEL-73625] {CVE-2024-53139}
+- tipc: fix NULL deref in cleanup_bearer() (Xin Long) [RHEL-72258]
+- tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Xin Long) [RHEL-72258] {CVE-2024-56642}
+- KVM: s390: add gen17 facilities to CPU model (Mete Durlu) [RHEL-50767]
+- KVM: s390: add msa11 to cpu model (Mete Durlu) [RHEL-50767]
+- KVM: s390: add concurrent-function facility to cpu model (Mete Durlu) [RHEL-50767]
+- s390/uv: Provide host-key hashes in sysfs (Mete Durlu) [RHEL-50752]
+- s390/uv: Refactor uv-sysfs creation (Mete Durlu) [RHEL-50752]
+- s390/uvdevice: Support longer secret lists (Mete Durlu) [RHEL-50754]
+- s390/uv: Retrieve UV secrets sysfs support (Mete Durlu) [RHEL-50754]
+- s390/uvdevice: Increase indent in IOCTL definitions (Mete Durlu) [RHEL-50754]
+- s390/uvdevice: Add Retrieve Secret IOCTL (Mete Durlu) [RHEL-50754]
+- s390/uv: Retrieve UV secrets support (Mete Durlu) [RHEL-50754]
+- s390/uv: Use a constant for more-data rc (Mete Durlu) [RHEL-50754]
+- s390: Remove protvirt and kvm config guards for uv code (Mete Durlu) [RHEL-50754]
+- geneve: do not assume mac header is set in geneve_xmit_skb() (Guillaume Nault) [RHEL-73420]
+- net/ipv6: release expired exception dst cached in socket (Guillaume Nault) [RHEL-72264] {CVE-2024-56644}
+- ipv6: Fix soft lockups in fib6_select_path under high next hop churn (Hangbin Liu) [RHEL-73281]
+- selftests: net: really check for bg process completion (Hangbin Liu) [RHEL-73281]
+- ipv6: release nexthop on device removal (Hangbin Liu) [RHEL-73281]
+- selftests: vrf_route_leaking: add local test (Hangbin Liu) [RHEL-73281]
+- ipv6: take care of scope when choosing the src addr (Hangbin Liu) [RHEL-73281]
+- ipv6: fix source address selection with route leak (Hangbin Liu) [RHEL-73281]
+- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73276]
+- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73276]
+- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73276]
+- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73276]
+- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73276]
+- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73276]
+- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73276]
+- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73276]
+- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73276]
+- ptp: Add error handling for adjfine callback in ptp_clock_adjtime (CKI Backport Bot) [RHEL-73275]
+- ptp: Fix error message on failed pin verification (CKI Backport Bot) [RHEL-73275]
+- vp_vdpa: fix id_table array not null terminated error (Jon Maloy) [RHEL-69651] {CVE-2024-53110}
+- vdpa/mlx5: Fix invalid mr resource destroy (Jon Maloy) [RHEL-63223] {CVE-2024-47687}
+- net: sched: fix ordering of qlen adjustment (CKI Backport Bot) [RHEL-72377 RHEL-73151] {CVE-2024-53164}
+- net_sched: sch_fq: don't follow the fast path if Tx is behind now (CKI Backport Bot) [RHEL-73151]
+- net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. (CKI Backport Bot) [RHEL-73151]
+- net: tun: Fix use-after-free in tun_detach() (Jon Maloy) [RHEL-63736] {CVE-2022-49014}
+- i40e: add ability to reset VF for Tx and Rx MDD events (Michal Schmidt) [RHEL-54223]
+- xfs: ensure submit buffers on LSN boundaries in error handlers (Bill O'Donnell) [RHEL-68860]
+- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (Bill O'Donnell) [RHEL-68860]
+- xfs: Fix the owner setting issue for rmap query in xfs fsmap (Bill O'Donnell) [RHEL-68860]
+- xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set (Bill O'Donnell) [RHEL-68860]
+- xfs: attr forks require attr, not attr2 (Bill O'Donnell) [RHEL-68860]
+- xfs: convert comma to semicolon (Bill O'Donnell) [RHEL-68860]
+- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (Bill O'Donnell) [RHEL-68860]
+- xfs: allow unlinked symlinks and dirs with zero size (Bill O'Donnell) [RHEL-68860]
+- xfs: restrict when we try to align cow fork delalloc to cowextsz hints (Bill O'Donnell) [RHEL-68860]
+- xfs: fix unlink vs cluster buffer instantiation race (Bill O'Donnell) [RHEL-68860]
+- xfs: match lock mode in xfs_buffered_write_iomap_begin() (Bill O'Donnell) [RHEL-68860]
+- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (Bill O'Donnell) [RHEL-68860]
+- xfs: shrink failure needs to hold AGI buffer (Bill O'Donnell) [RHEL-68860]
+- idpf: trigger SW interrupt when exiting wb_on_itr mode (Michal Schmidt) [RHEL-50916]
+- idpf: add support for SW triggered interrupts (Michal Schmidt) [RHEL-50916]
+- idpf: set completion tag for "empty" bufs associated with a packet (Michal Schmidt) [RHEL-50916]
+- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-50916]
+- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-50916]
+- idpf: fix VF dynamic interrupt ctl register initialization (Michal Schmidt) [RHEL-50916]
+- idpf: enable WB_ON_ITR (Michal Schmidt) [RHEL-50916]
+- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-50916]
+- idpf: refactor Tx completion routines (Michal Schmidt) [RHEL-50916]
+- idpf: convert to libeth Tx buffer completion (Michal Schmidt) [RHEL-50916]
+- idpf: remove redundant 'req_vec_chunks' NULL check (Michal Schmidt) [RHEL-50916]
+- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-50916 RHEL-58452] {CVE-2024-44932}
+- idpf: use libeth Rx buffer management for payload buffer (Michal Schmidt) [RHEL-50916]
+- idpf: convert header split mode to libeth + napi_build_skb() (Michal Schmidt) [RHEL-50916]
+- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-50916]
+- idpf: reuse libeth's definitions of parsed ptype structures (Michal Schmidt) [RHEL-50916]
+- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-50916]
+- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-50916 RHEL-57131] {CVE-2024-44964}
+- redhat/configs: set CONFIG_IDPF_SINGLEQ to disabled (Michal Schmidt) [RHEL-50916]
+- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-50916]
+- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-50916]
+- idpf: Don't hard code napi_struct size (Michal Schmidt) [RHEL-50916]
+- idpf: strictly assert cachelines of queue and queue vector structures (Michal Schmidt) [RHEL-50916]
+- idpf: avoid bloating &idpf_q_vector with big %%NR_CPUS (Michal Schmidt) [RHEL-50916]
+- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-50916]
+- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-50916]
+- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-50916]
+- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-50916]
+- idpf: sprinkle __counted_by{,_le}() in the virtchnl2 header (Michal Schmidt) [RHEL-50916]
+- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-50916]
+- selftests/powerpc: Fix build with USERCFLAGS set (Mamatha Inamdar) [RHEL-74480]
+- selftests/powerpc: make sub-folders buildable on their own (Mamatha Inamdar) [RHEL-74480]
+- selftests/powerpc: Add flags.mk to support pmu buildable (Mamatha Inamdar) [RHEL-74480]
+- selftests/powerpc: Re-order *FLAGS to follow lib.mk (Mamatha Inamdar) [RHEL-74480]
+- zram: don't free statically defined names (Ming Lei) [RHEL-63884] {CVE-2024-50064}
+- zram: free secondary algorithms names (Ming Lei) [RHEL-63884] {CVE-2024-50064}
+- net: Fix icmp host relookup triggering ip_rt_bug (Hangbin Liu) [RHEL-72380] {CVE-2024-56647}
+- powerpc/mm/fault: Fix kfence page fault reporting (Mamatha Inamdar) [RHEL-74445]
+- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Benjamin Coddington) [RHEL-72352] {CVE-2024-53173}
+- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Benjamin Coddington) [RHEL-72398] {CVE-2024-56688}
+- smb: Initialize cfid->tcon before performing network ops (Paulo Alcantara) [RHEL-72459] {CVE-2024-56729}
+- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-71525] {CVE-2024-50275}
+- bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (Sabrina Dubroca) [RHEL-68543] {CVE-2024-53091}
+- Bluetooth: hci_conn: Use disable_delayed_work_sync (CKI Backport Bot) [RHEL-72334] {CVE-2024-56591}
+- perf machine: Initialize machine->env to address a segfault (Michael Petlan) [RHEL-65416]
+- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (CKI Backport Bot) [RHEL-72297] {CVE-2024-56590}
+- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (Mamatha Inamdar) [RHEL-58802]
+- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (CKI Backport Bot) [RHEL-72291] {CVE-2024-56604}
+- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (CKI Backport Bot) [RHEL-72255] {CVE-2024-56654}
+- zram: fix NULL pointer in comp_algorithm_show() (Ming Lei) [RHEL-72367] {CVE-2024-53222}
+- brd: defer automatic disk creation until module initialization succeeds (Ming Lei) [RHEL-72386] {CVE-2024-56693}
+- block, bfq: fix bfqq uaf in bfq_limit_depth() (Ming Lei) [RHEL-72358] {CVE-2024-53166}
+- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (Mete Durlu) [RHEL-74381]
+- redhat: Add python3-docutils for selftests build dependency (Julio Faracco) [RHEL-74391]
+- mm/vmscan: wake up flushers conditionally to avoid cgroup OOM (Waiman Long) [RHEL-72577]
+- mm/mglru: Revert 'Revert "don't sync disk for each aging cycle"' (Waiman Long) [RHEL-72577]
+- SUNRPC: make sure cache entry active before cache_show (Olga Kornievskaia) [RHEL-72340] {CVE-2024-53174}
+- powerpc/pseries/iommu: Don't unset window if it was never set (Mamatha Inamdar) [RHEL-74049]
+- NFSD: Prevent a potential integer overflow (Olga Kornievskaia) [RHEL-72114] {CVE-2024-53146}
+- nfsd: make sure exp active before svc_export_show (Olga Kornievskaia) [RHEL-72249] {CVE-2024-56558}
+- tools/rtla: Use pkg-config in lib_setup of Makefile.config (Luis Claudio R. Goncalves) [RHEL-69738]
+- tracing: Remove extra space at the end of hwlat_detector/mode (Luis Claudio R. Goncalves) [RHEL-69738]
+- trace/hwlat: Do not wipe the contents of per-cpu thread data (Luis Claudio R. Goncalves) [RHEL-69738]
+- trace/hwlat: Do not start per-cpu thread if it is already running (Luis Claudio R. Goncalves) [RHEL-69738]
+- trace/hwlat: make use of the helper function kthread_run_on_cpu() (Luis Claudio R. Goncalves) [RHEL-69738]
+- tracing/hwlat: Make some internal symbols static (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Improve exception handling in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Enhance argument parsing in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Improve code readability in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla/timerlat: Do not set params->user_workload with -U (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: fix collision with glibc sched_attr/sched_set_attr (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: drop __NR_sched_getattr (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla: Fix consistency in getopt_long for timerlat_hist (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla: use the definition for stdout fd when calling isatty() (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla: Fix the help text in osnoise and timerlat top tools (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Fix installation from out-of-tree build (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla/osnoise: Prevent NULL dereference in error handling (Luis Claudio R. Goncalves) [RHEL-69738] {CVE-2024-45002}
+- rtla/timerlat: Make user-space threads the default (Luis Claudio R. Goncalves) [RHEL-69738]
+- bpf, sockmap: Fix race between element replace and close() (Felix Maurer) [RHEL-68071 RHEL-72246] {CVE-2024-56664}
+- xsk: Free skb when TX metadata options are invalid (Felix Maurer) [RHEL-40153 RHEL-68071]
+- xsk: always clear DMA mapping information when unmapping the pool (Felix Maurer) [RHEL-68071]
+- bpf: fix OOB devmap writes when deleting elements (Felix Maurer) [RHEL-68071]
+- xsk: fix OOB map writes when deleting elements (Felix Maurer) [RHEL-68071 RHEL-72252] {CVE-2024-56614}
+- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Felix Maurer) [RHEL-59445 RHEL-68071] {CVE-2024-46783}
+- bpf: Remove tst_run from lwt_seg6local_prog_ops. (Felix Maurer) [RHEL-59341 RHEL-68071] {CVE-2024-46754}
+- ice: implement low latency PHY timer updates (Petr Oros) [RHEL-25338]
+- ice: check low latency PHY timer update firmware capability (Petr Oros) [RHEL-25338]
+- ice: add lock to protect low latency interface (Petr Oros) [RHEL-25338]
+- ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_* (Petr Oros) [RHEL-25338]
+- ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810 (Petr Oros) [RHEL-25338]
+- tpm_tis_spi: Add compatible string atmel,attpm20p (Štěpán Horáček) [RHEL-52747]
+- libstub,tpm: do not ignore failure case when reading final event log (Štěpán Horáček) [RHEL-52747]
+- tpm: fix unsigned/signed mismatch errors related to __calc_tpm2_event_size (Štěpán Horáček) [RHEL-52747]
+- tpm: do not ignore memblock_reserve return value (Štěpán Horáček) [RHEL-52747]
+- tpm: fix signed/unsigned bug when checking event logs (Štěpán Horáček) [RHEL-52747]
+- tpm: Lock TPM chip in tpm_pm_suspend() first (Štěpán Horáček) [RHEL-68209] {CVE-2024-53085}
+- tpm: Clean up TPM space after command failure (Štěpán Horáček) [RHEL-63357] {CVE-2024-49851}
+- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (Štěpán Horáček) [RHEL-52747]
+- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Štěpán Horáček) [RHEL-52747]
+- tpm_tis_spi: add missing attpm20p SPI device ID entry (Štěpán Horáček) [RHEL-52747]
+- KEYS: trusted: Do not use WARN when encode fails (Štěpán Horáček) [RHEL-52747]
+- KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers (Štěpán Horáček) [RHEL-52747]
+- tpm: Add tpm_buf_read_{u8,u16,u32} (Štěpán Horáček) [RHEL-52747]
+- tpm: TPM2B formatted buffers (Štěpán Horáček) [RHEL-52747]
+- tpm: Store the length of the tpm_buf data separately. (Štěpán Horáček) [RHEL-52747]
+- tpm: Update struct tpm_buf documentation comments (Štěpán Horáček) [RHEL-52747]
+- tpm: Move buffer handling from static inlines to real functions (Štěpán Horáček) [RHEL-52747]
+- tpm: Remove tpm_send() (Štěpán Horáček) [RHEL-52747]
+- tpm: Remove unused tpm_buf_tag() (Štěpán Horáček) [RHEL-52747]
+- tpm/eventlog: remove redundant assignment to variabel ret (Štěpán Horáček) [RHEL-52747]
+- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-73657] {CVE-2024-54680}
+- nvmet: Don't overflow subsysnqn (CKI Backport Bot) [RHEL-74081] {CVE-2024-53681}
+- PCI: Wait for Link before restoring Downstream Buses (Myron Stowe) [RHEL-71363]
+- PCI: Use an error code with PCIe failed link retraining (Myron Stowe) [RHEL-71363]
+- PCI: Correct error reporting with PCIe failed link retraining (Myron Stowe) [RHEL-71363]
+- PCI: Revert to the original speed after PCIe failed link retraining (Myron Stowe) [RHEL-71363]
+- PCI: Clear the LBMS bit after a link retrain (Myron Stowe) [RHEL-71363]
+- PCI: Wait for device readiness with Configuration RRS (Myron Stowe) [RHEL-71363]
+- s390/pci: Add pci_msg debug view to PCI report (Mete Durlu) [RHEL-50792]
+- s390/debug: Add a reverse mode for debug_dump() (Mete Durlu) [RHEL-50792]
+- s390/debug: Add debug_dump() to write debug view to a string buffer (Mete Durlu) [RHEL-50792]
+- s390/debug: Split private data alloc/free out of file operations (Mete Durlu) [RHEL-50792]
+- s390/debug: Simplify and document debug_next_entry() logic (Mete Durlu) [RHEL-50792]
+- s390/pci: Report PCI error recovery results via SCLP (Mete Durlu) [RHEL-50792]
+- s390/debug: Pass in and enforce output buffer size for format handlers (Mete Durlu) [RHEL-50792]
+- s390/sclp: Allow user-space to provide PCI reports for optical modules (Mete Durlu) [RHEL-71265]
+- Enable peer to peer DMA for ROCm (Mika Penttilä) [RHEL-9998]
+- pinmux: Use sequential access to access desc->pinmux data (David Arcari) [RHEL-73715] {CVE-2024-47141}
+- block: Prevent potential deadlocks in zone write plug error recovery (Ming Lei) [RHEL-71498]
+- dm: Fix dm-zoned-reclaim zone write pointer alignment (Ming Lei) [RHEL-71498]
+- block: Ignore REQ_NOWAIT for zone reset and zone finish operations (Ming Lei) [RHEL-71498]
+- block: Use a zone write plug BIO work for REQ_NOWAIT BIOs (Ming Lei) [RHEL-71498]
+- block: Prevent potential deadlock in blk_revalidate_disk_zones() (Ming Lei) [RHEL-71498]
+- block: Switch to using refcount_t for zone write plugs (Ming Lei) [RHEL-71498]
+- block: Add a public bdev_zone_is_seq() helper (Ming Lei) [RHEL-71498]
+- block: RCU protect disk->conv_zones_bitmap (Ming Lei) [RHEL-71498]
+- MAINTAINERS: Make Kristen Accardi the IAA crypto driver maintainer (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Remove potential infinite loop in check_completion() (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Fix potential use after free bug (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Use cpumask_weight() when rebalancing (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Fix some errors in IAA documentation (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Change iaa statistics to atomic64_t (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Add global_stats file and remove individual stat files (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Remove comp/decomp delay statistics (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - fix decomp_bytes_in stats (Vladis Dronov) [RHEL-49539]
+- cppc_cpufreq: Remove HiSilicon CPPC workaround (Mark Langsdorf) [RHEL-65441]
+- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (Mark Langsdorf) [RHEL-65441]
+- nbd: fix partial sending (Ming Lei) [RHEL-64338]
+- kernel.spec: perf: fix C++ demangle support (Michael Petlan) [RHEL-69463]
+- mptcp: fix TCP options overflow. (CKI Backport Bot) [RHEL-73516]
+- Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x (CKI Backport Bot) [RHEL-70424]
+- netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level (CKI Backport Bot) [RHEL-73350] {CVE-2024-56783}
+- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (Benjamin Coddington) [RHEL-67304]
+- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (CKI Backport Bot) [RHEL-73708]
+- netfilter: nft_set_hash: skip duplicated elements pending gc run (CKI Backport Bot) [RHEL-73708]
+- netfilter: nft_inner: incorrect percpu area handling under softirq (CKI Backport Bot) [RHEL-73708]
+- netfilter: x_tables: fix LED ID check in led_tg_check() (CKI Backport Bot) [RHEL-73708]
+- netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-73708]
+- netfilter: nf_tables: must hold rcu read lock while iterating object type list (CKI Backport Bot) [RHEL-73708]
+- netfilter: nf_tables: must hold rcu read lock while iterating expression type list (CKI Backport Bot) [RHEL-73708]
+- netfilter: fib: check correct rtable in vrf setups (CKI Backport Bot) [RHEL-73708]
+- netfilter: allow ipv6 fragments to arrive on different devices (CKI Backport Bot) [RHEL-73708]
+- netfilter: ctnetlink: support CTA_FILTER for flush (CKI Backport Bot) [RHEL-73708]
+- netfilter: nfnetlink: convert kfree_skb to consume_skb (CKI Backport Bot) [RHEL-73708]
+- netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery (CKI Backport Bot) [RHEL-73708]
+- netfilter: nf_tables: skip transaction if update object is not implemented (CKI Backport Bot) [RHEL-73708]
+- netfilter: ip6_tables: zero-initialize fragment offset (CKI Backport Bot) [RHEL-73708]
+- fadump: reserve param area if below boot_mem_top (Mamatha Inamdar) [RHEL-73120]
+- powerpc/fadump: allocate memory for additional parameters early (Mamatha Inamdar) [RHEL-73120]
+- Bluetooth: btusb: mediatek: change the conditions for ISO interface (Bastien Nocera) [RHEL-72839]
+- Bluetooth: btusb: mediatek: add intf release flow when usb disconnect (Bastien Nocera) [RHEL-72839] {CVE-2024-56757}
+- Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (Bastien Nocera) [RHEL-72839]
+- Bluetooth: btusb: mediatek: move Bluetooth power off command position (Bastien Nocera) [RHEL-72839]
+Resolves: RHEL-25338, RHEL-40153, RHEL-49539, RHEL-50752, RHEL-50754, RHEL-50767, RHEL-50792, RHEL-50916, RHEL-52747, RHEL-54223, RHEL-57131, RHEL-58452, RHEL-58802, RHEL-59341, RHEL-59445, RHEL-63223, RHEL-63357, RHEL-63736, RHEL-63884, RHEL-64338, RHEL-65416, RHEL-65441, RHEL-67304, RHEL-68071, RHEL-68209, RHEL-68543, RHEL-68860, RHEL-69463, RHEL-69651, RHEL-69738, RHEL-70424, RHEL-71265, RHEL-71363, RHEL-71498, RHEL-71525, RHEL-72114, RHEL-72246, RHEL-72249, RHEL-72252, RHEL-72255, RHEL-72258, RHEL-72264, RHEL-72291, RHEL-72297, RHEL-72334, RHEL-72340, RHEL-72352, RHEL-72358, RHEL-72367, RHEL-72377, RHEL-72380, RHEL-72386, RHEL-72398, RHEL-72459, RHEL-72577, RHEL-72839, RHEL-73120, RHEL-73151, RHEL-73275, RHEL-73276, RHEL-73281, RHEL-73350, RHEL-73420, RHEL-73516, RHEL-73625, RHEL-73657, RHEL-73708, RHEL-73715, RHEL-74049, RHEL-74081, RHEL-74381, RHEL-74391, RHEL-74445, RHEL-74480, RHEL-9998
+
 * Wed Jan 22 2025 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-554.el9]
 - ALSA: configuration update for 9.6 (Jaroslav Kysela) [RHEL-60915]
 - pinctrl: cs42l43: use new pinctrl_gpio_direction_input and pinctrl_gpio_direction_output fcns (Jaroslav Kysela) [RHEL-60915]

kernel.spec

@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 554
+%define pkgrelease 555
 %define kversion 5
-%define tarfile_release 5.14.0-554.el9
+%define tarfile_release 5.14.0-555.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 554%{?buildid}%{?dist}
+%define specrelease 555%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-554.el9
+%define kabiversion 5.14.0-555.el9
 
 #
 # End of genspec.sh variables
@@ -690,7 +690,7 @@ BuildRequires: libnl3-devel
 BuildRequires: openssl-devel
 %endif
 %if %{with_selftests}
-BuildRequires: clang llvm fuse-devel zlib-devel binutils-devel
+BuildRequires: clang llvm fuse-devel zlib-devel binutils-devel python3-docutils
 %ifarch x86_64
 BuildRequires: lld
 %endif
@@ -2651,7 +2651,7 @@ InitBuildVars
 %global perf_build_extra_opts CORESIGHT=1
 %endif
 %global perf_make \
-  %{__make} %{?make_opts} EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags} -Wl,-E" %{?cross_opts} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 LIBBPF_DYNAMIC=1 LIBTRACEEVENT_DYNAMIC=1 %{?perf_build_extra_opts} prefix=%{_prefix} PYTHON=%{__python3}
+  %{__make} %{?make_opts} EXTRA_CFLAGS="${RPM_OPT_FLAGS}" EXTRA_CXXFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags} -Wl,-E" %{?cross_opts} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 LIBBPF_DYNAMIC=1 LIBTRACEEVENT_DYNAMIC=1 %{?perf_build_extra_opts} prefix=%{_prefix} PYTHON=%{__python3}
 %if %{with_perf}
 # perf
 # make sure check-headers.sh is executable
@@ -3729,6 +3729,241 @@ fi
 #
 #
 %changelog
+* Thu Jan 23 2025 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-555.el9]
+- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Xin Long) [RHEL-73625]
+- sctp: fix possible UAF in sctp_v6_available() (Xin Long) [RHEL-73625] {CVE-2024-53139}
+- tipc: fix NULL deref in cleanup_bearer() (Xin Long) [RHEL-72258]
+- tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Xin Long) [RHEL-72258] {CVE-2024-56642}
+- KVM: s390: add gen17 facilities to CPU model (Mete Durlu) [RHEL-50767]
+- KVM: s390: add msa11 to cpu model (Mete Durlu) [RHEL-50767]
+- KVM: s390: add concurrent-function facility to cpu model (Mete Durlu) [RHEL-50767]
+- s390/uv: Provide host-key hashes in sysfs (Mete Durlu) [RHEL-50752]
+- s390/uv: Refactor uv-sysfs creation (Mete Durlu) [RHEL-50752]
+- s390/uvdevice: Support longer secret lists (Mete Durlu) [RHEL-50754]
+- s390/uv: Retrieve UV secrets sysfs support (Mete Durlu) [RHEL-50754]
+- s390/uvdevice: Increase indent in IOCTL definitions (Mete Durlu) [RHEL-50754]
+- s390/uvdevice: Add Retrieve Secret IOCTL (Mete Durlu) [RHEL-50754]
+- s390/uv: Retrieve UV secrets support (Mete Durlu) [RHEL-50754]
+- s390/uv: Use a constant for more-data rc (Mete Durlu) [RHEL-50754]
+- s390: Remove protvirt and kvm config guards for uv code (Mete Durlu) [RHEL-50754]
+- geneve: do not assume mac header is set in geneve_xmit_skb() (Guillaume Nault) [RHEL-73420]
+- net/ipv6: release expired exception dst cached in socket (Guillaume Nault) [RHEL-72264] {CVE-2024-56644}
+- ipv6: Fix soft lockups in fib6_select_path under high next hop churn (Hangbin Liu) [RHEL-73281]
+- selftests: net: really check for bg process completion (Hangbin Liu) [RHEL-73281]
+- ipv6: release nexthop on device removal (Hangbin Liu) [RHEL-73281]
+- selftests: vrf_route_leaking: add local test (Hangbin Liu) [RHEL-73281]
+- ipv6: take care of scope when choosing the src addr (Hangbin Liu) [RHEL-73281]
+- ipv6: fix source address selection with route leak (Hangbin Liu) [RHEL-73281]
+- team: prevent adding a device which is already a team device lower (Hangbin Liu) [RHEL-73276]
+- team: Fix feature exposure when no ports are present (Hangbin Liu) [RHEL-73276]
+- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73276]
+- team: Fix initial vlan_feature set in __team_compute_features (Hangbin Liu) [RHEL-73276]
+- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL (Hangbin Liu) [RHEL-73276]
+- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features (Hangbin Liu) [RHEL-73276]
+- net, team, bonding: Add netdev_base_features helper (Hangbin Liu) [RHEL-73276]
+- bonding: add ESP offload features when slaves support (Hangbin Liu) [RHEL-73276]
+- net: team: rename team to team_core for linking (Hangbin Liu) [RHEL-73276]
+- ptp: Add error handling for adjfine callback in ptp_clock_adjtime (CKI Backport Bot) [RHEL-73275]
+- ptp: Fix error message on failed pin verification (CKI Backport Bot) [RHEL-73275]
+- vp_vdpa: fix id_table array not null terminated error (Jon Maloy) [RHEL-69651] {CVE-2024-53110}
+- vdpa/mlx5: Fix invalid mr resource destroy (Jon Maloy) [RHEL-63223] {CVE-2024-47687}
+- net: sched: fix ordering of qlen adjustment (CKI Backport Bot) [RHEL-72377 RHEL-73151] {CVE-2024-53164}
+- net_sched: sch_fq: don't follow the fast path if Tx is behind now (CKI Backport Bot) [RHEL-73151]
+- net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. (CKI Backport Bot) [RHEL-73151]
+- net: tun: Fix use-after-free in tun_detach() (Jon Maloy) [RHEL-63736] {CVE-2022-49014}
+- i40e: add ability to reset VF for Tx and Rx MDD events (Michal Schmidt) [RHEL-54223]
+- xfs: ensure submit buffers on LSN boundaries in error handlers (Bill O'Donnell) [RHEL-68860]
+- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (Bill O'Donnell) [RHEL-68860]
+- xfs: Fix the owner setting issue for rmap query in xfs fsmap (Bill O'Donnell) [RHEL-68860]
+- xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set (Bill O'Donnell) [RHEL-68860]
+- xfs: attr forks require attr, not attr2 (Bill O'Donnell) [RHEL-68860]
+- xfs: convert comma to semicolon (Bill O'Donnell) [RHEL-68860]
+- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (Bill O'Donnell) [RHEL-68860]
+- xfs: allow unlinked symlinks and dirs with zero size (Bill O'Donnell) [RHEL-68860]
+- xfs: restrict when we try to align cow fork delalloc to cowextsz hints (Bill O'Donnell) [RHEL-68860]
+- xfs: fix unlink vs cluster buffer instantiation race (Bill O'Donnell) [RHEL-68860]
+- xfs: match lock mode in xfs_buffered_write_iomap_begin() (Bill O'Donnell) [RHEL-68860]
+- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (Bill O'Donnell) [RHEL-68860]
+- xfs: shrink failure needs to hold AGI buffer (Bill O'Donnell) [RHEL-68860]
+- idpf: trigger SW interrupt when exiting wb_on_itr mode (Michal Schmidt) [RHEL-50916]
+- idpf: add support for SW triggered interrupts (Michal Schmidt) [RHEL-50916]
+- idpf: set completion tag for "empty" bufs associated with a packet (Michal Schmidt) [RHEL-50916]
+- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-50916]
+- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-50916]
+- idpf: fix VF dynamic interrupt ctl register initialization (Michal Schmidt) [RHEL-50916]
+- idpf: enable WB_ON_ITR (Michal Schmidt) [RHEL-50916]
+- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-50916]
+- idpf: refactor Tx completion routines (Michal Schmidt) [RHEL-50916]
+- idpf: convert to libeth Tx buffer completion (Michal Schmidt) [RHEL-50916]
+- idpf: remove redundant 'req_vec_chunks' NULL check (Michal Schmidt) [RHEL-50916]
+- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-50916 RHEL-58452] {CVE-2024-44932}
+- idpf: use libeth Rx buffer management for payload buffer (Michal Schmidt) [RHEL-50916]
+- idpf: convert header split mode to libeth + napi_build_skb() (Michal Schmidt) [RHEL-50916]
+- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-50916]
+- idpf: reuse libeth's definitions of parsed ptype structures (Michal Schmidt) [RHEL-50916]
+- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-50916]
+- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-50916 RHEL-57131] {CVE-2024-44964}
+- redhat/configs: set CONFIG_IDPF_SINGLEQ to disabled (Michal Schmidt) [RHEL-50916]
+- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-50916]
+- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-50916]
+- idpf: Don't hard code napi_struct size (Michal Schmidt) [RHEL-50916]
+- idpf: strictly assert cachelines of queue and queue vector structures (Michal Schmidt) [RHEL-50916]
+- idpf: avoid bloating &idpf_q_vector with big %%NR_CPUS (Michal Schmidt) [RHEL-50916]
+- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-50916]
+- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-50916]
+- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-50916]
+- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-50916]
+- idpf: sprinkle __counted_by{,_le}() in the virtchnl2 header (Michal Schmidt) [RHEL-50916]
+- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-50916]
+- selftests/powerpc: Fix build with USERCFLAGS set (Mamatha Inamdar) [RHEL-74480]
+- selftests/powerpc: make sub-folders buildable on their own (Mamatha Inamdar) [RHEL-74480]
+- selftests/powerpc: Add flags.mk to support pmu buildable (Mamatha Inamdar) [RHEL-74480]
+- selftests/powerpc: Re-order *FLAGS to follow lib.mk (Mamatha Inamdar) [RHEL-74480]
+- zram: don't free statically defined names (Ming Lei) [RHEL-63884] {CVE-2024-50064}
+- zram: free secondary algorithms names (Ming Lei) [RHEL-63884] {CVE-2024-50064}
+- net: Fix icmp host relookup triggering ip_rt_bug (Hangbin Liu) [RHEL-72380] {CVE-2024-56647}
+- powerpc/mm/fault: Fix kfence page fault reporting (Mamatha Inamdar) [RHEL-74445]
+- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Benjamin Coddington) [RHEL-72352] {CVE-2024-53173}
+- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Benjamin Coddington) [RHEL-72398] {CVE-2024-56688}
+- smb: Initialize cfid->tcon before performing network ops (Paulo Alcantara) [RHEL-72459] {CVE-2024-56729}
+- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-71525] {CVE-2024-50275}
+- bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (Sabrina Dubroca) [RHEL-68543] {CVE-2024-53091}
+- Bluetooth: hci_conn: Use disable_delayed_work_sync (CKI Backport Bot) [RHEL-72334] {CVE-2024-56591}
+- perf machine: Initialize machine->env to address a segfault (Michael Petlan) [RHEL-65416]
+- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (CKI Backport Bot) [RHEL-72297] {CVE-2024-56590}
+- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (Mamatha Inamdar) [RHEL-58802]
+- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (Mamatha Inamdar) [RHEL-58802]
+- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (CKI Backport Bot) [RHEL-72291] {CVE-2024-56604}
+- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (CKI Backport Bot) [RHEL-72255] {CVE-2024-56654}
+- zram: fix NULL pointer in comp_algorithm_show() (Ming Lei) [RHEL-72367] {CVE-2024-53222}
+- brd: defer automatic disk creation until module initialization succeeds (Ming Lei) [RHEL-72386] {CVE-2024-56693}
+- block, bfq: fix bfqq uaf in bfq_limit_depth() (Ming Lei) [RHEL-72358] {CVE-2024-53166}
+- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (Mete Durlu) [RHEL-74381]
+- redhat: Add python3-docutils for selftests build dependency (Julio Faracco) [RHEL-74391]
+- mm/vmscan: wake up flushers conditionally to avoid cgroup OOM (Waiman Long) [RHEL-72577]
+- mm/mglru: Revert 'Revert "don't sync disk for each aging cycle"' (Waiman Long) [RHEL-72577]
+- SUNRPC: make sure cache entry active before cache_show (Olga Kornievskaia) [RHEL-72340] {CVE-2024-53174}
+- powerpc/pseries/iommu: Don't unset window if it was never set (Mamatha Inamdar) [RHEL-74049]
+- NFSD: Prevent a potential integer overflow (Olga Kornievskaia) [RHEL-72114] {CVE-2024-53146}
+- nfsd: make sure exp active before svc_export_show (Olga Kornievskaia) [RHEL-72249] {CVE-2024-56558}
+- tools/rtla: Use pkg-config in lib_setup of Makefile.config (Luis Claudio R. Goncalves) [RHEL-69738]
+- tracing: Remove extra space at the end of hwlat_detector/mode (Luis Claudio R. Goncalves) [RHEL-69738]
+- trace/hwlat: Do not wipe the contents of per-cpu thread data (Luis Claudio R. Goncalves) [RHEL-69738]
+- trace/hwlat: Do not start per-cpu thread if it is already running (Luis Claudio R. Goncalves) [RHEL-69738]
+- trace/hwlat: make use of the helper function kthread_run_on_cpu() (Luis Claudio R. Goncalves) [RHEL-69738]
+- tracing/hwlat: Make some internal symbols static (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Improve exception handling in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Enhance argument parsing in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Improve code readability in timerlat_load.py (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla/timerlat: Do not set params->user_workload with -U (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: fix collision with glibc sched_attr/sched_set_attr (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: drop __NR_sched_getattr (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla: Fix consistency in getopt_long for timerlat_hist (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla: use the definition for stdout fd when calling isatty() (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla: Fix the help text in osnoise and timerlat top tools (Luis Claudio R. Goncalves) [RHEL-69738]
+- tools/rtla: Fix installation from out-of-tree build (Luis Claudio R. Goncalves) [RHEL-69738]
+- rtla/osnoise: Prevent NULL dereference in error handling (Luis Claudio R. Goncalves) [RHEL-69738] {CVE-2024-45002}
+- rtla/timerlat: Make user-space threads the default (Luis Claudio R. Goncalves) [RHEL-69738]
+- bpf, sockmap: Fix race between element replace and close() (Felix Maurer) [RHEL-68071 RHEL-72246] {CVE-2024-56664}
+- xsk: Free skb when TX metadata options are invalid (Felix Maurer) [RHEL-40153 RHEL-68071]
+- xsk: always clear DMA mapping information when unmapping the pool (Felix Maurer) [RHEL-68071]
+- bpf: fix OOB devmap writes when deleting elements (Felix Maurer) [RHEL-68071]
+- xsk: fix OOB map writes when deleting elements (Felix Maurer) [RHEL-68071 RHEL-72252] {CVE-2024-56614}
+- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Felix Maurer) [RHEL-59445 RHEL-68071] {CVE-2024-46783}
+- bpf: Remove tst_run from lwt_seg6local_prog_ops. (Felix Maurer) [RHEL-59341 RHEL-68071] {CVE-2024-46754}
+- ice: implement low latency PHY timer updates (Petr Oros) [RHEL-25338]
+- ice: check low latency PHY timer update firmware capability (Petr Oros) [RHEL-25338]
+- ice: add lock to protect low latency interface (Petr Oros) [RHEL-25338]
+- ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_* (Petr Oros) [RHEL-25338]
+- ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810 (Petr Oros) [RHEL-25338]
+- tpm_tis_spi: Add compatible string atmel,attpm20p (Štěpán Horáček) [RHEL-52747]
+- libstub,tpm: do not ignore failure case when reading final event log (Štěpán Horáček) [RHEL-52747]
+- tpm: fix unsigned/signed mismatch errors related to __calc_tpm2_event_size (Štěpán Horáček) [RHEL-52747]
+- tpm: do not ignore memblock_reserve return value (Štěpán Horáček) [RHEL-52747]
+- tpm: fix signed/unsigned bug when checking event logs (Štěpán Horáček) [RHEL-52747]
+- tpm: Lock TPM chip in tpm_pm_suspend() first (Štěpán Horáček) [RHEL-68209] {CVE-2024-53085}
+- tpm: Clean up TPM space after command failure (Štěpán Horáček) [RHEL-63357] {CVE-2024-49851}
+- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (Štěpán Horáček) [RHEL-52747]
+- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Štěpán Horáček) [RHEL-52747]
+- tpm_tis_spi: add missing attpm20p SPI device ID entry (Štěpán Horáček) [RHEL-52747]
+- KEYS: trusted: Do not use WARN when encode fails (Štěpán Horáček) [RHEL-52747]
+- KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers (Štěpán Horáček) [RHEL-52747]
+- tpm: Add tpm_buf_read_{u8,u16,u32} (Štěpán Horáček) [RHEL-52747]
+- tpm: TPM2B formatted buffers (Štěpán Horáček) [RHEL-52747]
+- tpm: Store the length of the tpm_buf data separately. (Štěpán Horáček) [RHEL-52747]
+- tpm: Update struct tpm_buf documentation comments (Štěpán Horáček) [RHEL-52747]
+- tpm: Move buffer handling from static inlines to real functions (Štěpán Horáček) [RHEL-52747]
+- tpm: Remove tpm_send() (Štěpán Horáček) [RHEL-52747]
+- tpm: Remove unused tpm_buf_tag() (Štěpán Horáček) [RHEL-52747]
+- tpm/eventlog: remove redundant assignment to variabel ret (Štěpán Horáček) [RHEL-52747]
+- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-73657] {CVE-2024-54680}
+- nvmet: Don't overflow subsysnqn (CKI Backport Bot) [RHEL-74081] {CVE-2024-53681}
+- PCI: Wait for Link before restoring Downstream Buses (Myron Stowe) [RHEL-71363]
+- PCI: Use an error code with PCIe failed link retraining (Myron Stowe) [RHEL-71363]
+- PCI: Correct error reporting with PCIe failed link retraining (Myron Stowe) [RHEL-71363]
+- PCI: Revert to the original speed after PCIe failed link retraining (Myron Stowe) [RHEL-71363]
+- PCI: Clear the LBMS bit after a link retrain (Myron Stowe) [RHEL-71363]
+- PCI: Wait for device readiness with Configuration RRS (Myron Stowe) [RHEL-71363]
+- s390/pci: Add pci_msg debug view to PCI report (Mete Durlu) [RHEL-50792]
+- s390/debug: Add a reverse mode for debug_dump() (Mete Durlu) [RHEL-50792]
+- s390/debug: Add debug_dump() to write debug view to a string buffer (Mete Durlu) [RHEL-50792]
+- s390/debug: Split private data alloc/free out of file operations (Mete Durlu) [RHEL-50792]
+- s390/debug: Simplify and document debug_next_entry() logic (Mete Durlu) [RHEL-50792]
+- s390/pci: Report PCI error recovery results via SCLP (Mete Durlu) [RHEL-50792]
+- s390/debug: Pass in and enforce output buffer size for format handlers (Mete Durlu) [RHEL-50792]
+- s390/sclp: Allow user-space to provide PCI reports for optical modules (Mete Durlu) [RHEL-71265]
+- Enable peer to peer DMA for ROCm (Mika Penttilä) [RHEL-9998]
+- pinmux: Use sequential access to access desc->pinmux data (David Arcari) [RHEL-73715] {CVE-2024-47141}
+- block: Prevent potential deadlocks in zone write plug error recovery (Ming Lei) [RHEL-71498]
+- dm: Fix dm-zoned-reclaim zone write pointer alignment (Ming Lei) [RHEL-71498]
+- block: Ignore REQ_NOWAIT for zone reset and zone finish operations (Ming Lei) [RHEL-71498]
+- block: Use a zone write plug BIO work for REQ_NOWAIT BIOs (Ming Lei) [RHEL-71498]
+- block: Prevent potential deadlock in blk_revalidate_disk_zones() (Ming Lei) [RHEL-71498]
+- block: Switch to using refcount_t for zone write plugs (Ming Lei) [RHEL-71498]
+- block: Add a public bdev_zone_is_seq() helper (Ming Lei) [RHEL-71498]
+- block: RCU protect disk->conv_zones_bitmap (Ming Lei) [RHEL-71498]
+- MAINTAINERS: Make Kristen Accardi the IAA crypto driver maintainer (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Remove potential infinite loop in check_completion() (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Fix potential use after free bug (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Use cpumask_weight() when rebalancing (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Fix some errors in IAA documentation (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Change iaa statistics to atomic64_t (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Add global_stats file and remove individual stat files (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - Remove comp/decomp delay statistics (Vladis Dronov) [RHEL-49539]
+- crypto: iaa - fix decomp_bytes_in stats (Vladis Dronov) [RHEL-49539]
+- cppc_cpufreq: Remove HiSilicon CPPC workaround (Mark Langsdorf) [RHEL-65441]
+- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (Mark Langsdorf) [RHEL-65441]
+- nbd: fix partial sending (Ming Lei) [RHEL-64338]
+- kernel.spec: perf: fix C++ demangle support (Michael Petlan) [RHEL-69463]
+- mptcp: fix TCP options overflow. (CKI Backport Bot) [RHEL-73516]
+- Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x (CKI Backport Bot) [RHEL-70424]
+- netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level (CKI Backport Bot) [RHEL-73350] {CVE-2024-56783}
+- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (Benjamin Coddington) [RHEL-67304]
+- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (CKI Backport Bot) [RHEL-73708]
+- netfilter: nft_set_hash: skip duplicated elements pending gc run (CKI Backport Bot) [RHEL-73708]
+- netfilter: nft_inner: incorrect percpu area handling under softirq (CKI Backport Bot) [RHEL-73708]
+- netfilter: x_tables: fix LED ID check in led_tg_check() (CKI Backport Bot) [RHEL-73708]
+- netfilter: ipset: add missing range check in bitmap_ip_uadt (CKI Backport Bot) [RHEL-73708]
+- netfilter: nf_tables: must hold rcu read lock while iterating object type list (CKI Backport Bot) [RHEL-73708]
+- netfilter: nf_tables: must hold rcu read lock while iterating expression type list (CKI Backport Bot) [RHEL-73708]
+- netfilter: fib: check correct rtable in vrf setups (CKI Backport Bot) [RHEL-73708]
+- netfilter: allow ipv6 fragments to arrive on different devices (CKI Backport Bot) [RHEL-73708]
+- netfilter: ctnetlink: support CTA_FILTER for flush (CKI Backport Bot) [RHEL-73708]
+- netfilter: nfnetlink: convert kfree_skb to consume_skb (CKI Backport Bot) [RHEL-73708]
+- netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery (CKI Backport Bot) [RHEL-73708]
+- netfilter: nf_tables: skip transaction if update object is not implemented (CKI Backport Bot) [RHEL-73708]
+- netfilter: ip6_tables: zero-initialize fragment offset (CKI Backport Bot) [RHEL-73708]
+- fadump: reserve param area if below boot_mem_top (Mamatha Inamdar) [RHEL-73120]
+- powerpc/fadump: allocate memory for additional parameters early (Mamatha Inamdar) [RHEL-73120]
+- Bluetooth: btusb: mediatek: change the conditions for ISO interface (Bastien Nocera) [RHEL-72839]
+- Bluetooth: btusb: mediatek: add intf release flow when usb disconnect (Bastien Nocera) [RHEL-72839] {CVE-2024-56757}
+- Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (Bastien Nocera) [RHEL-72839]
+- Bluetooth: btusb: mediatek: move Bluetooth power off command position (Bastien Nocera) [RHEL-72839]
+
 * Wed Jan 22 2025 Rado Vrbovsky <rvrbovsk@redhat.com> [5.14.0-554.el9]
 - ALSA: configuration update for 9.6 (Jaroslav Kysela) [RHEL-60915]
 - pinctrl: cs42l43: use new pinctrl_gpio_direction_input and pinctrl_gpio_direction_output fcns (Jaroslav Kysela) [RHEL-60915]

sources

@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-554.el9.tar.xz) = 7a2d7d056eb2be03db5faa3af6350a81bb5c0bdbcc4091092bc207d936e192bb2da60574d636efe01697cecbbf2ddc432f5276c2d93342ce643974ebfa7d316e
-SHA512 (kernel-abi-stablelists-5.14.0-554.el9.tar.bz2) = a7d200e3a49b3dc879ee6079a8c8de3c511ee1d160d992d96b597fcb991dd09bb7d5691f67cc700c740d2d9a52f1ccaa61ff38bb251beecf7b68b253c4107d53
-SHA512 (kernel-kabi-dw-5.14.0-554.el9.tar.bz2) = 3d08f838767b27b87724fed347ce3be63fce15e5eded0576121c474d14db4a6d07895b350c635e343d5522ac237dfd982d1f39b8480c4129f4eb79f6a64115cb
+SHA512 (linux-5.14.0-555.el9.tar.xz) = b71620266dde4d17414f2cf1ceebfc4222c3d4bb9208b2f58545f1f72028ce62d948776b65aa0d2f9d9569eef3d94321f5e6962efd459ddd2774e0f4f8baddcf
+SHA512 (kernel-abi-stablelists-5.14.0-555.el9.tar.bz2) = 9c988149cd76d3c2314949ad3f97a2f91d6d5433f1d4ef8f37bb6305b3d911aed777f1993c06f1d67c0690ee1f5a422ff8143e172d261a11ffb3edc4b3967a49
+SHA512 (kernel-kabi-dw-5.14.0-555.el9.tar.bz2) = 3d08f838767b27b87724fed347ce3be63fce15e5eded0576121c474d14db4a6d07895b350c635e343d5522ac237dfd982d1f39b8480c4129f4eb79f6a64115cb