Commit Graph

115 Commits

Author SHA1 Message Date
Denys Vlasenko
b8fa01287a kernel-4.18.0-553.34.1.el8_10
* Thu Dec 12 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.34.1.el8_10]
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (Davide Caratti) [RHEL-69667] {CVE-2024-53122}
- NFS: nfs_async_write_reschedule_io must not recurse into the writeback code (Benjamin Coddington) [RHEL-68647]
- xfs: fix sparse inode limits on runt AG (Pavel Reichl) [RHEL-62924]
- KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration (Maxim Levitsky) [RHEL-67974]
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Vitaly Kuznetsov) [RHEL-65362]
- dlm: fix recovery of middle conversions (Alexander Aring) [RHEL-64860]
- i40e: fix race condition by adding filter's intermediate sync state (Michal Schmidt) [RHEL-68271] {CVE-2024-53088}
- i40e: fix i40e_count_filters() to count only active/new filters (Michal Schmidt) [RHEL-68271] {CVE-2024-53088}
Resolves: RHEL-62924, RHEL-64860, RHEL-65362, RHEL-67974, RHEL-68271, RHEL-68647, RHEL-69667

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-12-12 21:06:03 +01:00
Denys Vlasenko
7d691c59f4 kernel-4.18.0-553.33.1.el8_10
* Fri Dec 06 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.33.1.el8_10]
- Revert "scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload" This patch is dependent on the mbox refactor patch that was not added to rh8. (Dick Kennedy) [RHEL-64073]
- drm/i915: Fix HPD polling, reenabling the output poll work as needed (Lyude Paul) [RHEL-62796]
- drm: Add an HPD poll helper to reschedule the poll work (Lyude Paul) [RHEL-62796]
Resolves: RHEL-62796, RHEL-64073

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-12-06 12:40:59 +01:00
Denys Vlasenko
6e91e28ffa kernel-4.18.0-553.32.1.el8_10
* Fri Nov 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.32.1.el8_10]
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082}
- gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869]
- Revert "GFS2: Don't add all glocks to the lru" (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869]
- gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869]
- gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869]
- KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080]
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264}
- md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585]
Resolves: RHEL-19080, RHEL-58585, RHEL-62869, RHEL-65158, RHEL-66965, RHEL-68025

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-11-29 14:35:37 +01:00
Denys Vlasenko
14ee20d83a kernel-4.18.0-553.31.1.el8_10
* Fri Nov 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.31.1.el8_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}
Resolves: RHEL-65399, RHEL-65955, RHEL-66042, RHEL-66104, RHEL-66457, RHEL-66862, RHEL-67823, RHEL-7988

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-11-22 09:48:19 +01:00
Denys Vlasenko
a897b12c37 kernel-4.18.0-553.30.1.el8_10
* Fri Nov 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.30.1.el8_10]
- media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043}
- blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200]
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52684]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52684]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52684]
- smb: client: use actual path when queryfs (Paulo Alcantara) [RHEL-60363]
- cifs: Fix uninitialized memory reads for oparms.mode (Paulo Alcantara) [RHEL-60363]
- cifs: Fix uninitialized memory read for smb311 posix symlink create (Paulo Alcantara) [RHEL-60363]
- cifs: convert the path to utf16 in smb2_query_info_compound (Paulo Alcantara) [RHEL-60363]
- autofs: fix thinko in validate_dev_ioctl() (Ian Kent) [RHEL-62168]
- autofs: add per dentry expire timeout (Ian Kent) [RHEL-62168]
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (Viktor Malik) [RHEL-44167] {CVE-2024-38564}
Resolves: RHEL-35763, RHEL-44167, RHEL-52684, RHEL-60363, RHEL-61200, RHEL-62168

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-11-15 00:45:33 +01:00
Denys Vlasenko
8c16665a51 kernel-4.18.0-553.29.1.el8_10
* Thu Nov 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.29.1.el8_10]
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (cki-backport-bot) [RHEL-36372] {CVE-2024-27399}
- mptcp: pm: Fix uaf in __timer_delete_sync (Guillaume Nault) [RHEL-60614] {CVE-2024-46858}
- cifs: fix dfs link failover in cifs_tree_connect() (Paulo Alcantara) [RHEL-8002]
Resolves: RHEL-36372, RHEL-60614, RHEL-8002

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-11-07 09:24:32 +01:00
Denys Vlasenko
24ba219b96 kernel-4.18.0-553.28.1.el8_10
* Thu Oct 31 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.28.1.el8_10]
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Mete Durlu) [RHEL-61702]
- smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-61400]
- smb: client: fix potential deadlock when releasing mids (Paulo Alcantara) [RHEL-61400]
- cifs: remove useless DeleteMidQEntry() (Paulo Alcantara) [RHEL-61400]
- Bluetooth: af_bluetooth: Fix deadlock (CKI Backport Bot) [RHEL-58991]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Nico Pache) [RHEL-26709]
- audit: Send netlink ACK before setting connection in auditd_set (Richard Guy Briggs) [RHEL-14004]
- KVM: selftests: x86: Fix test failure on arch lbr capable platforms (Maxim Levitsky) [RHEL-23999]
- raid1: fix use-after-free for original bio in raid1_write_request() (Nigel Croxon) [RHEL-55263]
Resolves: RHEL-14004, RHEL-23999, RHEL-26709, RHEL-55263, RHEL-58991, RHEL-61400, RHEL-61702

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-10-31 15:02:54 +01:00
Denys Vlasenko
8ced754fdf kernel-4.18.0-553.27.1.el8_10
* Thu Oct 17 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.27.1.el8_10]
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Waiman Long) [RHEL-62139] {CVE-2024-47668}
- bonding: fix xfrm real_dev null pointer dereference (Hangbin Liu) [RHEL-57239] {CVE-2024-44989}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (Hangbin Liu) [RHEL-57233] {CVE-2024-44990}
- bpf: Fix overrunning reservations in ringbuf (Viktor Malik) [RHEL-49414] {CVE-2024-41009}
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CKI Backport Bot) [RHEL-49309] {CVE-2022-48773}
- tty: tty_io: update timestamps on all device nodes (Aristeu Rozanski) [RHEL-55257]
- tty: use 64-bit timstamp (Aristeu Rozanski) [RHEL-55257]
- ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-60669] {CVE-2024-46826}
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (Xin Long) [RHEL-58100]
- loopback: fix lockdep splat (Xin Long) [RHEL-58100]
- blackhole_netdev: use blackhole_netdev to invalidate dst entries (Xin Long) [RHEL-58100]
- loopback: create blackhole net device similar to loopack. (Xin Long) [RHEL-58100]
Resolves: RHEL-49309, RHEL-49414, RHEL-55257, RHEL-57233, RHEL-57239, RHEL-58100, RHEL-60669, RHEL-62139

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-10-17 19:16:21 +02:00
Denys Vlasenko
7d0d16faa1 kernel-4.18.0-553.26.1.el8_10
* Wed Oct 09 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.26.1.el8_10]
- nouveau: lock the client object tree. (Abdiel Janulgue) [RHEL-35118] {CVE-2024-27062}
- cifs: fix deadlock between reconnect and lease break (Paulo Alcantara) [RHEL-58037]
- ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-56156]
- gfs2: Randomize GLF_VERIFY_DELETE work delay (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Update to the evict / remote delete documentation (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Clean up delete work processing (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Fix unlinked inode cleanup (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE (Andreas Gruenbacher) [RHEL-35757]
- gfs2: make timeout values more explicit (Wolfram Sang) [RHEL-35757]
- gfs2: Simplify function gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename SDF_DEACTIVATING to SDF_KILL (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Cease delete work during unmount (Bob Peterson) [RHEL-35757]
- gfs2: Improve gfs2_upgrade_iopen_glock comment (Andreas Gruenbacher) [RHEL-35757]
- gfs2: nit: gfs2_drop_inode shouldn't return bool (Bob Peterson) [RHEL-35757]
- dmaengine: fix NULL pointer in channel unregistration function (Jerry Snitselaar) [RHEL-28867] {CVE-2023-52492}
- dma-direct: Leak pages on dma_set_decrypted() failure (Jerry Snitselaar) [RHEL-37335] {CVE-2024-35939}
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (Olga Kornievskaia) [RHEL-41075]
- NFSv4: Always ask for type with READDIR (Benjamin Coddington) [RHEL-39397]
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (Paulo Alcantara) [RHEL-60251]
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (Paulo Alcantara) [RHEL-60251]
- cifs: Remove duplicated include in cifsglob.h (Paulo Alcantara) [RHEL-60251]
- cifs: fix oops during encryption (Paulo Alcantara) [RHEL-60251]
Resolves: RHEL-28867, RHEL-35118, RHEL-35757, RHEL-37335, RHEL-39397, RHEL-41075, RHEL-56156, RHEL-58037, RHEL-60251

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-10-09 22:52:14 +02:00
Denys Vlasenko
ba7d5425aa kernel-4.18.0-553.25.1.el8_10
* Wed Oct 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.25.1.el8_10]
- cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052]
- cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052]
- cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052]
- smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052]
- smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052]
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052]
- cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052]
- cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052]
- cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052]
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052]
- cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052]
- cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052]
- Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix unix perm bits to cifsacl conversion for "other" bits. (Paulo Alcantara) [RHEL-56052]
- drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttilä) [RHEL-53633] {CVE-2024-41092}
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
- of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
Resolves: RHEL-27224, RHEL-44267, RHEL-51553, RHEL-53633, RHEL-55000, RHEL-56052

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-10-02 11:16:18 +02:00
Denys Vlasenko
13be37371f kernel-4.18.0-553.24.1.el8_10
* Wed Sep 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.24.1.el8_10]
- cifs: do not set WorkstationName in NTLMSSP auth blob (Paulo Alcantara) [RHEL-56729]
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Steve Best) [RHEL-56162] {CVE-2024-43889}
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (CKI Backport Bot) [RHEL-57000]
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Xin Long) [RHEL-56234] {CVE-2024-44935}
- net/mlx5e: Fix netif state handling (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44031] {CVE-2024-38586}
- netfilter: flowtable: initialise extack before use (Florian Westphal) [RHEL-58542] {CVE-2024-45018}
- memcg: protect concurrent access to mem_cgroup_idr (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- memcontrol: ensure memcg acquired by id is properly set up (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- mm: memcontrol: fix cannot alloc the maximum memcg ID (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-23676]
Resolves: RHEL-23676, RHEL-43864, RHEL-44031, RHEL-56162, RHEL-56234, RHEL-56252, RHEL-56729, RHEL-57000, RHEL-58542

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-09-25 16:48:13 +02:00
Denys Vlasenko
67fea34b5b kernel-4.18.0-553.23.1.el8_10
* Thu Sep 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.23.1.el8_10]
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [RHEL-57002]
- netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924}
- netfilter: nf_tables: missing iterator type in lookup walk (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
- netfilter: nft_set_pipapo: walk over current view on netlink dump (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
- netfilter: nftables: add helper function to flush set elements (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
- netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51040] {CVE-2024-41042}
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter) [RHEL-51516] {CVE-2024-42070}
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Phil Sutter) [RHEL-43003] {CVE-2024-35898}
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
- netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Phil Sutter) [RHEL-42680] {CVE-2024-26851}
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- dev/parport: fix the array out-of-bounds risk (Steve Best) [RHEL-54985] {CVE-2024-42301}
- KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) [RHEL-35100] {CVE-2024-26976}
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44279] {CVE-2024-38540}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55069] {CVE-2024-42284}
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (CKI Backport Bot) [RHEL-26831] {CVE-2024-24857}
- drm/i915/dpt: Make DPT object unshrinkable (CKI Backport Bot) [RHEL-47856] {CVE-2024-40924}
- tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48363] {CVE-2024-40983}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54763] {CVE-2024-43854}
- gso: do not skip outer ip header in case of ipip and net_failover (CKI Backport Bot) [RHEL-55790] {CVE-2022-48936}
- drm/amdgpu: avoid using null object of framebuffer (CKI Backport Bot) [RHEL-51405] {CVE-2024-41093}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Guillaume Nault) [RHEL-48170] {CVE-2024-40961}
- mlxsw: spectrum_acl_erp: Fix object nesting warning (CKI Backport Bot) [RHEL-55568] {CVE-2024-43880}
- ibmvnic: Add tx check to prevent skb leak (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
- ibmvnic: rename local variable index to bufidx (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- USB: serial: mos7840: fix crash on resume (CKI Backport Bot) [RHEL-53680] {CVE-2024-42244}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CKI Backport Bot) [RHEL-48381] {CVE-2024-40984}
Resolves: RHEL-26831, RHEL-34221, RHEL-35033, RHEL-35100, RHEL-37038, RHEL-37039, RHEL-42680, RHEL-43003, RHEL-44279, RHEL-47606, RHEL-47856, RHEL-48170, RHEL-48363, RHEL-48381, RHEL-51040, RHEL-51249, RHEL-51405, RHEL-51516, RHEL-53680, RHEL-54763, RHEL-54985, RHEL-55069, RHEL-55568, RHEL-55790, RHEL-57002

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-09-19 02:25:52 +02:00
Denys Vlasenko
1238d03c7f kernel-4.18.0-553.22.1.el8_10
* Wed Sep 11 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.22.1.el8_10]
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Michal Schmidt) [RHEL-51278] {CVE-2024-41071}
Resolves: RHEL-51278

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-09-11 19:04:16 +02:00
Denys Vlasenko
96cfee15d2 kernel-4.18.0-553.21.1.el8_10
* Wed Sep 04 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.21.1.el8_10]
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-55874]
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (CKI Backport Bot) [RHEL-55123] {CVE-2024-42265}
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44207] {CVE-2024-38558}
- mlxsw: thermal: Fix out-of-bounds memory accesses (CKI Backport Bot) [RHEL-38375] {CVE-2021-47441}
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47552] {CVE-2024-40904}
- ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-54903] {CVE-2024-42322}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CKI Backport Bot) [RHEL-53702] {CVE-2024-42246}
- drm/amdgpu: change vm->task_info handling (Michel Dänzer) [RHEL-49379] {CVE-2024-41008}
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Michel Dänzer) [RHEL-45036] {CVE-2024-39471}
- drm/amdgpu: add error handle to avoid out-of-bounds (Michel Dänzer) [RHEL-45036] {CVE-2024-39471}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Michel Dänzer) [RHEL-52845] {CVE-2024-42228}
Resolves: RHEL-38375, RHEL-44207, RHEL-45036, RHEL-47552, RHEL-49379, RHEL-52845, RHEL-53702, RHEL-54903, RHEL-55123, RHEL-55874

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-09-04 17:17:50 +02:00
Denys Vlasenko
de4004ba64 kernel-4.18.0-553.20.1.el8_10
* Thu Aug 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.20.1.el8_10]
- KVM: arm64: Disassociate vcpus from redistributor region on teardown (Shaoqin Huang) [RHEL-48417] {CVE-2024-40989}
- devres: Fix memory leakage caused by driver API devm_free_percpu() (CKI Backport Bot) [RHEL-55597] {CVE-2024-43871}
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-26680] {CVE-2024-26600}
- nvmet-fc: avoid deadlock on delete association path (Maurizio Lombardi) [RHEL-31618] {CVE-2024-26769}
- nvmet-fc: release reference on target port (Maurizio Lombardi) [RHEL-31618] {CVE-2024-26769}
- ACPI: LPIT: Avoid u32 multiplication overflow (Mark Langsdorf) [RHEL-37062] {CVE-2023-52683}
- sched/deadline: Fix task_struct reference leak (Phil Auld) [RHEL-50904] {CVE-2024-41023}
- nfsd: fix crash on LOCKT on reexported NFSv3 (Benjamin Coddington) [RHEL-31515]
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path (CKI Backport Bot) [RHEL-26570] {CVE-2024-26595}
- mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code (Ivan Vecera) [RHEL-26570] {CVE-2024-26595}
- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-29110] {CVE-2023-52605}
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Mark Langsdorf) [RHEL-33198] {CVE-2024-26894}
- mm: prevent derefencing NULL ptr in pfn_section_valid() (Audra Mitchell) [RHEL-51132] {CVE-2024-41055}
- mm, kmsan: fix infinite recursion due to RCU critical section (Audra Mitchell) [RHEL-51132] {CVE-2024-41055}
- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-30904]
- cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-30904]
- ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
- ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
- ext4: check the return value of ext4_xattr_inode_dec_ref() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
- ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48507] {CVE-2024-40998}
- ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
Resolves: RHEL-26570, RHEL-26680, RHEL-29110, RHEL-30904, RHEL-31515, RHEL-31618, RHEL-33198, RHEL-37062, RHEL-48271, RHEL-48417, RHEL-48507, RHEL-50904, RHEL-51132, RHEL-55597

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-08-29 16:34:01 +02:00
Denys Vlasenko
4c931425b4 kernel-4.18.0-553.19.1.el8_10
* Thu Aug 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.19.1.el8_10]
- drm/i915/vma: Fix UAF on destroy against retire race (Mika Penttilä) [RHEL-35222] {CVE-2024-26939}
- RHEL-48620 (Kenneth Yin) [RHEL-48620]
- net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CKI Backport Bot) [RHEL-42721] {CVE-2024-26855}
- net: usb: asix: do not force pause frames support (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: fix "can't send until first packet is send" issue (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: fix modprobe "sysfs: cannot create duplicate filename" (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: add proper error handling of usb read errors (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- asix: fix wrong return value in asix_check_host_enable() (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- asix: fix uninit-value in asix_mdio_read() (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: fix boolconv.cocci warnings (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: do not call phy_disconnect() for ax88178 (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: move embedded PHY detection as early as possible (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: fix uninit value bugs (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: add missing stop (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: suspend PHY on driver probe (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: manage PHY PM from MAC (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: Fix less than zero comparison of a u16 (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: Fix less than zero comparison of a u16 (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: add error handling for asix_mdio_* functions (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: add phylib support (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: refactor asix_read_phy_addr() and handle errors on return (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- SUNRPC: always free ctxt when freeing deferred request (Jay Shin) [RHEL-40936]
- SUNRPC: double free xprt_ctxt while still in use (Jay Shin) [RHEL-40936]
- SUNRPC: Remove svc_rqst::rq_xprt_hlen (Jay Shin) [RHEL-40936]
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (Jay Shin) [RHEL-40936]
- x86/bugs: Extend VMware Retbleed workaround to Nehalem & earlier CPUs (Waiman Long) [RHEL-48646]
- wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-39797] {CVE-2024-36922}
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (John Meneghini) [RHEL-39908] {CVE-2024-36919}
- nbd: always initialize struct msghdr completely (Ming Lei) [RHEL-29498] {CVE-2024-26638}
- block: don't call rq_qos_ops->done_bio if the bio isn't tracked (Ming Lei) [RHEL-42151] {CVE-2021-47412}
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (Maurizio Lombardi) [RHEL-52013] {CVE-2024-42152}
- ipv6: prevent NULL dereference in ip6_output() (Sabrina Dubroca) [RHEL-39912] {CVE-2024-36901}
- ppp: reject claimed-as-LCP but actually malformed packets (Guillaume Nault) [RHEL-51052] {CVE-2024-41044}
- leds: trigger: Unregister sysfs attributes before calling deactivate() (CKI Backport Bot) [RHEL-54834] {CVE-2024-43830}
- crypto: bcm - Fix pointer arithmetic (cki-backport-bot) [RHEL-44108] {CVE-2024-38579}
- scsi: qedf: Ensure the copied buf is NUL terminated (John Meneghini) [RHEL-44195] {CVE-2024-38559}
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Waiman Long) [RHEL-53657] {CVE-2024-42240}
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (CKI Backport Bot) [RHEL-47529] {CVE-2024-40901}
- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (CKI Backport Bot) [RHEL-39843] {CVE-2024-36902}
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) [RHEL-45167]
- net: usb: ax88179_178a: improve reset check (Jose Ignacio Tornos Martinez) [RHEL-45167]
- net: usb: ax88179_178a: fix link status when link is set to down/up (Jose Ignacio Tornos Martinez) [RHEL-45167]
- net: usb: ax88179_178a: avoid writing the mac address before first reading (Jose Ignacio Tornos Martinez) [RHEL-45167]
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Shaoqin Huang) [RHEL-40837] {CVE-2024-36953}
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (Shaoqin Huang) [RHEL-40837] {CVE-2024-36953}
- media: cec: cec-api: add locking in cec_release() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: avoid confusing "transmit timed out" message (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: avoid recursive cec_claim_log_addrs (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: remove length check of Timer Status (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: count low-drive, error and arb-lost conditions (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: add note about *_from_edid() function usage in drm (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: add adap_unconfigured() callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: add adap_nb_transmit_canceled() callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: don't set last_initiator if tx in progress (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: disable adapter in cec_devnode_unregister (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: not all messages were passed on when monitoring (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: add support for Absolute Volume Control (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: log when claiming LA fails unexpectedly (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: drop activate_cnt, use state info instead (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: reconfigure if the PA changes during configuration (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: fix is_configuring state (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: stop trying LAs on CEC_TX_STATUS_TIMEOUT (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: don't unconfigure if already unconfigured (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: add optional adap_configured callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: add xfer_timeout_ms field (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: use call_op and check for !unregistered (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: fix interrupt en/disable handling (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: drop unused 'enabled' field from struct cec_pin (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: fix off-by-one SFT check (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: rename timer overrun variables (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: correctly pass on reply results (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: abort if the current transmit was canceled (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: call enable_adap on s_log_addrs (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: media/cec.h: document cec_adapter fields (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: fix a deadlock situation (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: safely unhook lists in cec_data (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: copy sequence field for the reply (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: fix trivial style warnings (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: add 'unregistered' checks (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: don't use flush_scheduled_work() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: Use fallthrough pseudo-keyword (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: remove unused waitq and phys_addrs fields (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: silence shift wrapping warning in __cec_s_log_addrs() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: move the core to a separate directory (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- net/iucv: Avoid explicit cpumask var allocation on stack (CKI Backport Bot) [RHEL-51631] {CVE-2024-42094}
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-40400]
- KVM: selftests: Make hyperv_clock require TSC based system clocksource (Vitaly Kuznetsov) [RHEL-19027]
- KVM: selftests: Run clocksource dependent tests with hyperv_clocksource_tsc_page too (Vitaly Kuznetsov) [RHEL-19027]
- KVM: selftests: Use generic sys_clocksource_is_tsc() in vmx_nested_tsc_scaling_test (Vitaly Kuznetsov) [RHEL-19027]
- KVM: selftests: Generalize check_clocksource() from kvm_clock_test (Vitaly Kuznetsov) [RHEL-19027]
- firmware: cs_dsp: Return error if block header overflows file (CKI Backport Bot) [RHEL-53646] {CVE-2024-42238}
- firmware: cs_dsp: Validate payload length before processing block (CKI Backport Bot) [RHEL-53638] {CVE-2024-42237}
- mm, slub: fix potential memoryleak in kmem_cache_open() (Waiman Long) [RHEL-38404] {CVE-2021-47466}
- slub: don't panic for memcg kmem cache creation failure (Waiman Long) [RHEL-38404] {CVE-2021-47466}
- wifi: ath11k: fix htt pktlog locking (Jose Ignacio Tornos Martinez) [RHEL-38317] {CVE-2023-52800}
- wifi: ath11k: fix dfs radar event locking (Jose Ignacio Tornos Martinez) [RHEL-38165] {CVE-2023-52798}
- lib/generic-radix-tree.c: Don't overflow in peek() (Waiman Long) [RHEL-37737] {CVE-2021-47432}
- include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions (Waiman Long) [RHEL-37737] {CVE-2021-47432}
- EDAC/i10nm: Skip the absent memory controllers (Aristeu Rozanski) [RHEL-43236]
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-38197] {CVE-2023-52809}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570}
- nvme-fc: do not wait in vain when unloading module (Ewan D. Milne) [RHEL-33083] {CVE-2024-26846}
- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (CKI Backport Bot) [RHEL-49698] {CVE-2022-48866}
- scsi: qedf: Set qed_slowpath_params to zero before use (John Meneghini) [RHEL-9797]
- scsi: qedf: Wait for stag work during unload (John Meneghini) [RHEL-9797]
- scsi: qedf: Don't process stag work during unload and recovery (John Meneghini) [RHEL-9797]
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Audra Mitchell) [RHEL-42625] {CVE-2024-26720}
- mm: avoid overflows in dirty throttling logic (Audra Mitchell) [RHEL-51840] {CVE-2024-42131}
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Audra Mitchell) [RHEL-42625] {CVE-2024-26720}
- ACPI: fix NULL pointer dereference (Mark Langsdorf) [RHEL-37897] {CVE-2021-47289}
Resolves: RHEL-19027, RHEL-22559, RHEL-28108, RHEL-29498, RHEL-33083, RHEL-35222, RHEL-37737, RHEL-37897, RHEL-38165, RHEL-38197, RHEL-38317, RHEL-38404, RHEL-39797, RHEL-39843, RHEL-39908, RHEL-39912, RHEL-40400, RHEL-40837, RHEL-40936, RHEL-42151, RHEL-42625, RHEL-42721, RHEL-43236, RHEL-44108, RHEL-44149, RHEL-44195, RHEL-45167, RHEL-47529, RHEL-48620, RHEL-48646, RHEL-49698, RHEL-51052, RHEL-51631, RHEL-51840, RHEL-52013, RHEL-53638, RHEL-53646, RHEL-53657, RHEL-54834, RHEL-9797

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-08-22 11:08:48 +02:00
Denys Vlasenko
0488193495 kernel-4.18.0-553.18.1.el8_10
* Fri Aug 16 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.18.1.el8_10]
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (Ewan D. Milne) [RHEL-39805] {CVE-2024-36920}
- tun: limit printing rate when illegal packet received by tun dev (Jon Maloy) [RHEL-35046] {CVE-2024-27013}
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Michel Dänzer) [RHEL-38210] {CVE-2023-52817}
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Michel Dänzer) [RHEL-38210] {CVE-2023-52817}
- drm/amdgpu/mes: fix use-after-free issue (Michel Dänzer) [RHEL-44043] {CVE-2024-38581}
- drm/amdgpu: Fix the null pointer when load rlc firmware (Michel Dänzer) [RHEL-30603] {CVE-2024-26649}
- drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (Michel Dänzer) [RHEL-35160] {CVE-2024-27042}
- net/sched: Fix UAF when resolving a clash (Xin Long) [RHEL-51014] {CVE-2024-41040}
- tcp_metrics: validate source addr length (Guillaume Nault) [RHEL-52025] {CVE-2024-42154}
- NFSv4/pnfs: Fix a use-after-free bug in open (Benjamin Coddington) [RHEL-35508]
- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Benjamin Coddington) [RHEL-35508]
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [RHEL-51799] {CVE-2024-42124}
- Input: elantech - fix stack out of bound access in elantech_change_report_id() (CKI Backport Bot) [RHEL-41938] {CVE-2021-47097}
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (CKI Backport Bot) [RHEL-28982] {CVE-2023-52478}
- drm/radeon: fix UBSAN warning in kv_dpm.c (CKI Backport Bot) [RHEL-48399] {CVE-2024-40988}
- usb: core: Don't hold the device lock while sleeping in do_proc_control() (Desnes Nunes) [RHEL-43646] {CVE-2021-47582}
- USB: core: Make do_proc_control() and do_proc_bulk() killable (Desnes Nunes) [RHEL-43646] {CVE-2021-47582}
- scsi: qedi: Fix crash while reading debugfs attribute (CKI Backport Bot) [RHEL-48327] {CVE-2024-40978}
- wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48309] {CVE-2024-40977}
- net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-52433]
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CKI Backport Bot) [RHEL-48016] {CVE-2024-40941}
- net/iucv: fix use after free in iucv_sock_close() (Mete Durlu) [RHEL-53988]
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CKI Backport Bot) [RHEL-47908] {CVE-2024-40929}
- Input: aiptek - properly check endpoint type (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836}
- Input: aiptek - use descriptors of current altsetting (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836}
- Input: aiptek - fix endpoint sanity check (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836}
- usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (CKI Backport Bot) [RHEL-52373] {CVE-2024-42226}
- wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52366] {CVE-2024-42225}
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CKI Backport Bot) [RHEL-47776] {CVE-2024-40912}
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (CKI Backport Bot) [RHEL-47758] {CVE-2024-40911}
- VMCI: Use struct_size() in kmalloc() (Steve Best) [RHEL-37325] {CVE-2024-35944}
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (Steve Best) [RHEL-37325] {CVE-2024-35944}
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Steve Best) [RHEL-37325] {CVE-2024-35944}
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Jose Ignacio Tornos Martinez) [RHEL-51761] {CVE-2024-42114}
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (CKI Backport Bot) [RHEL-51442] {CVE-2024-41097}
- nfs: handle error of rpc_proc_register() in init_nfs_fs() (Scott Mayhew) [RHEL-39904] {CVE-2024-36939}
- drm/radeon: check bo_va->bo is non-NULL before using it (CKI Backport Bot) [RHEL-51184] {CVE-2024-41060}
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CKI Backport Bot) [RHEL-51027] {CVE-2024-41041}
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CKI Backport Bot) [RHEL-50961] {CVE-2024-41035}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44408] {CVE-2024-37356}
- tcp: avoid too many retransmit packets (Florian Westphal) [RHEL-48627] {CVE-2024-41007}
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Florian Westphal) [RHEL-48627]
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Florian Westphal) [RHEL-48627]
- tcp: refactor tcp_retransmit_timer() (Florian Westphal) [RHEL-48627]
- tcp: exit if nothing to retransmit on RTO timeout (Florian Westphal) [RHEL-48627]
- netfilter: nf_tables: Reject tables of unsupported family (Florian Westphal) [RHEL-21418] {CVE-2023-6040}
Resolves: RHEL-21418, RHEL-28982, RHEL-30603, RHEL-35046, RHEL-35160, RHEL-35508, RHEL-37325, RHEL-38210, RHEL-39805, RHEL-39904, RHEL-41938, RHEL-43646, RHEL-44043, RHEL-44408, RHEL-47758, RHEL-47776, RHEL-47908, RHEL-48016, RHEL-48309, RHEL-48327, RHEL-48399, RHEL-48627, RHEL-48963, RHEL-50961, RHEL-51014, RHEL-51027, RHEL-51184, RHEL-51442, RHEL-51761, RHEL-51799, RHEL-52025, RHEL-52366, RHEL-52373, RHEL-52433, RHEL-53988

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-08-16 15:54:03 +02:00
Denys Vlasenko
8f964f1def kernel-4.18.0-553.17.1.el8_10
* Wed Aug 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.17.1.el8_10]
- kyber: fix out of bounds access when preempted (Ming Lei) [RHEL-27258] {CVE-2021-46984}
- vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-35874]
- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-35874]
- fbmem: Do not delete the mode that is still in use (CKI Backport Bot) [RHEL-37796] {CVE-2021-47338}
- netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49361] {CVE-2024-41005}
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Mark Salter) [RHEL-43702] {CVE-2021-47609}
- ipv6: prevent possible NULL dereference in rt6_probe() (Guillaume Nault) [RHEL-48149] {CVE-2024-40960}
- HID: i2c-hid-of: fix NULL-deref on failed power up (CKI Backport Bot) [RHEL-31598] {CVE-2024-26717}
- cpufreq: amd-pstate: fix memory leak on CPU EPP exit (CKI Backport Bot) [RHEL-48489] {CVE-2024-40997}
- x86/mm/pat: fix VM_PAT handling in COW mappings (Chris von Recklinghausen) [RHEL-37258] {CVE-2024-35877}
- PCI/PM: Drain runtime-idle callbacks before driver removal (Myron Stowe) [RHEL-42937] {CVE-2024-35809}
- PCI: Drop pci_device_remove() test of pci_dev->driver (Myron Stowe) [RHEL-42937] {CVE-2024-35809}
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Mika Penttilä) [RHEL-26909] {CVE-2023-52470}
- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Desnes Nunes) [RHEL-43979] {CVE-2022-48760}
- cifs: fix bad fids sent over wire (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB311_posix_mkdir (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB2_tcon (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB2_open (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB2_ioctl (Paulo Alcantara) [RHEL-52517]
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501}
- drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501}
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Xin Long) [RHEL-42997] {CVE-2024-35884}
- filelock: Remove locks reliably when fcntl/close race is detected (Bill O'Donnell) [RHEL-50170] {CVE-2024-41012}
- Input: add bounds checking to input_set_capability() (Benjamin Tissoires) [RHEL-21413] {CVE-2022-48619}
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48130] {CVE-2024-40959}
- blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [RHEL-33695]
- blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [RHEL-33695]
- net: do not leave a dangling sk pointer, when socket creation fails (CKI Backport Bot) [RHEL-48060] {CVE-2024-40954}
- perf/x86/lbr: Filter vsyscall addresses (Michael Petlan) [RHEL-28991] {CVE-2023-52476}
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (CKI Backport Bot) [RHEL-47678] {CVE-2024-39499}
- serial: core: fix transmit-buffer reset and memleak (Steve Best) [RHEL-38731] {CVE-2021-47527}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51236] {CVE-2024-41065}
- powerpc/eeh: avoid possible crash when edev->pdev changes (Mamatha Inamdar) [RHEL-51220] {CVE-2024-41064}
- x86: stop playing stack games in profile_pc() (Steve Best) [RHEL-51643] {CVE-2024-42096}
- mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47933 RHEL-47934] {CVE-2024-40931}
- liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (CKI Backport Bot) [RHEL-47492] {CVE-2024-39506}
- tun: add missing verification for short frame (Patrick Talbert) [RHEL-50194] {CVE-2024-41091}
- tap: add missing verification for short frame (Patrick Talbert) [RHEL-50279] {CVE-2024-41090}
- usb-storage: alauda: Check whether the media is initialized (Desnes Nunes) [RHEL-43708] {CVE-2024-38619}
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (Desnes Nunes) [RHEL-43708] {CVE-2024-38619}
- hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37723] {CVE-2021-47384}
- block: fix that util can be greater than 100%% (Ming Lei) [RHEL-23074]
- block: support to account io_ticks precisely (Ming Lei) [RHEL-23074]
- watchdog: Fix possible use-after-free by calling del_timer_sync() (Steve Best) [RHEL-38795] {CVE-2021-47321}
- hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37719] {CVE-2021-47385}
- mlxsw: spectrum: Protect driver from buggy firmware (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560}
- mlxsw: Verify the accessed index doesn't exceed the array length (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560}
- dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41835] {CVE-2024-26880}
- tty: Fix out-of-bound vmalloc access in imageblit (Steve Best) [RHEL-37727] {CVE-2021-47383}
- hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37715] {CVE-2021-47386}
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (Steve Best) [RHEL-37710] {CVE-2021-47393}
- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Steve Best) [RHEL-38436] {CVE-2021-47497}
- driver core: auxiliary bus: Fix memory leak when driver_register() fail (Steve Best) [RHEL-37901] {CVE-2021-47287}
- phylib: fix potential use-after-free (cki-backport-bot) [RHEL-43764] {CVE-2022-48754}
- ptp: Fix possible memory leak in ptp_clock_register() (Hangbin Liu) [RHEL-38424] {CVE-2021-47455}
- NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-51315] {CVE-2024-41076}
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CKI Backport Bot) [RHEL-51618] {CVE-2024-42090}
- ftruncate: pass a signed offset (CKI Backport Bot) [RHEL-51598] {CVE-2024-42084}
- af_unix: Fix garbage collector racing against connect() (Felix Maurer) [RHEL-34225] {CVE-2024-26923}
- virtio-net: Add validation for used length (Laurent Vivier) [RHEL-42080] {CVE-2021-47352}
- net: fix possible store tearing in neigh_periodic_work() (Antoine Tenart) [RHEL-42359] {CVE-2023-52522}
- tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) [RHEL-41823] {CVE-2024-26665}
- vt_ioctl: fix array_index_nospec in vt_setactivate (John W. Linville) [RHEL-49141] {CVE-2022-48804}
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (CKI Backport Bot) [RHEL-38302] {CVE-2023-52840}
- netns: Make get_net_ns() handle zero refcount net (Antoine Tenart) [RHEL-48105] {CVE-2024-40958}
- tracing: Ensure visibility when inserting an element into tracing_map (Michael Petlan) [RHEL-30457] {CVE-2024-26645}
- KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50072]
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CKI Backport Bot) [RHEL-51144] {CVE-2024-41056}
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) [RHEL-11843]
- firmware: cs_dsp: Fix overflow checking of wmfw header (CKI Backport Bot) [RHEL-50999] {CVE-2024-41039}
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (CKI Backport Bot) [RHEL-50987] {CVE-2024-41038}
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Xin Long) [RHEL-48471] {CVE-2024-40995}
- net: fix out-of-bounds access in ops_init (Xin Long) [RHEL-43185] {CVE-2024-36883}
- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Do not access uninitialized therm_work (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Optimize notifications of thermal throttle (Steve Best) [RHEL-45310]
- jiffies: add utility function to calculate delta in ms (Steve Best) [RHEL-45310]
- x86/mce: Lower throttling MCE messages' priority to warning (Steve Best) [RHEL-45310]
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (Eder Zulian) [RHEL-37361] {CVE-2024-35989}
- xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50879] {CVE-2024-41013}
- xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50856] {CVE-2024-41014}
- dm-crypt: limit the size of encryption requests (Benjamin Marzinski) [RHEL-29330]
- netfilter: flowtable: remove nf_ct_l4proto_find() call (Florian Westphal) [RHEL-49589]
Resolves: RHEL-11843, RHEL-21413, RHEL-23074, RHEL-26909, RHEL-27258, RHEL-28991, RHEL-29330, RHEL-30457, RHEL-31598, RHEL-33695, RHEL-34225, RHEL-35874, RHEL-37258, RHEL-37361, RHEL-37710, RHEL-37715, RHEL-37719, RHEL-37723, RHEL-37727, RHEL-37796, RHEL-37901, RHEL-38302, RHEL-38424, RHEL-38436, RHEL-38731, RHEL-38795, RHEL-41823, RHEL-41835, RHEL-42080, RHEL-42245, RHEL-42359, RHEL-42937, RHEL-42997, RHEL-43185, RHEL-43702, RHEL-43708, RHEL-43764, RHEL-43979, RHEL-45310, RHEL-47492, RHEL-47642, RHEL-47678, RHEL-47933, RHEL-47934, RHEL-48060, RHEL-48105, RHEL-48130, RHEL-48149, RHEL-48471, RHEL-48489, RHEL-49141, RHEL-49361, RHEL-49589, RHEL-50072, RHEL-50170, RHEL-50194, RHEL-50279, RHEL-50856, RHEL-50879, RHEL-50987, RHEL-50999, RHEL-51144, RHEL-51220, RHEL-51236, RHEL-51315, RHEL-51598, RHEL-51618, RHEL-51643, RHEL-52517

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-08-07 22:36:06 +02:00
Denys Vlasenko
898019bf59 kernel-4.18.0-553.16.1.el8_10
* Thu Aug 01 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.16.1.el8_10]
- x86/bhi: Fix incorrect CLEAR_BRANCH_HISTORY position in entry_INT80_compat (Waiman Long) [RHEL-50648]
Resolves: RHEL-50648

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-08-01 07:05:38 +02:00
Denys Vlasenko
d93604b637 kernel-4.18.0-553.15.1.el8_10
* Fri Jul 26 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.15.1.el8_10]
- Revert "scsi: st: Add third party poweron reset handling" (John Meneghini) [RHEL-44613]
- ionic: fix use after netif_napi_del() (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502}
- ionic: clean interrupt before enabling queue to avoid credit race (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502}
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CKI Backport Bot) [RHEL-49321] {CVE-2021-47624}
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47882] {CVE-2024-40927}
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (cki-backport-bot) [RHEL-36362] {CVE-2024-27395}
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979}
- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979}
- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43721] {CVE-2024-36979}
- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37022] {CVE-2024-35847}
- irqchip/gic-v3-its: Fix potential VPE leak on error (Charles Mirabile) [RHEL-37744] {CVE-2021-47373}
- i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Charles Mirabile) [RHEL-34735] {CVE-2022-48632}
- iommu/dma: fix zeroing of bounce buffer padding used by untrusted devices (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: remove alloc_size argument to swiotlb_tbl_map_single() (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: Fix alignment checks when both allocation and DMA masks are present (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: Fix double-allocation of slots due to broken alignment handling (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (cki-backport-bot) [RHEL-44441] {CVE-2024-31076}
Resolves: RHEL-34735, RHEL-36362, RHEL-36954, RHEL-37022, RHEL-37744, RHEL-43721, RHEL-44441, RHEL-44613, RHEL-47624, RHEL-47882, RHEL-49321

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-07-26 23:53:52 +02:00
Denys Vlasenko
de236294fb kernel-4.18.0-553.14.1.el8_10
* Thu Jul 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.14.1.el8_10]
- s390/qeth: Fix kernel panic after setting hsuid (Mete Durlu) [RHEL-49754]
- perf/core: Protect event sibling list locking against interrupt inversion (Daniel Vacek) [RHEL-31798]
- vt: fix unicode buffer corruption when deleting characters (Steve Best) [RHEL-36936] {CVE-2024-35823}
- cifs: translate network errors on send to -ECONNABORTED (Paulo Alcantara) [RHEL-36754]
- xfs: don't block in busy flushing when freeing extents (Brian Foster) [RHEL-7984]
- xfs: allow extent free intents to be retried (Brian Foster) [RHEL-7984]
- xfs: pass alloc flags through to xfs_extent_busy_flush() (Brian Foster) [RHEL-7984]
- xfs: use deferred frees for btree block freeing (Brian Foster) [RHEL-7984]
- xfs: fix bounds check in xfs_defer_agfl_block() (Brian Foster) [RHEL-7984]
- xfs: validate block number being freed before adding to xefi (Brian Foster) [RHEL-7984]
- xfs: rename xfs_bmap_add_free to xfs_free_extent_later (Brian Foster) [RHEL-7984]
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (Desnes Nunes) [RHEL-36803] {CVE-2024-35790}
- stm class: Fix a double free in stm_register_device() (Steve Best) [RHEL-44514] {CVE-2024-38627}
- s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Mete Durlu) [RHEL-49755]
- tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44471] {CVE-2024-36489}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46473] {CVE-2024-39472}
- fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- fs/proc: do_task_stat: use __for_each_thread() (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- exit: Use the correct exit_code in /proc/<pid>/stat (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38283] {CVE-2023-52811}
- scsi: qla2xxx: Fix double free of fcport (Ewan D. Milne) [RHEL-39549] {CVE-2024-26929}
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Ewan D. Milne) [RHEL-39549] {CVE-2024-26930}
- scsi: qla2xxx: Fix command flush on cable pull (Ewan D. Milne) [RHEL-39549] {CVE-2024-26931}
Resolves: RHEL-31562, RHEL-31798, RHEL-36754, RHEL-36803, RHEL-36936, RHEL-38283, RHEL-39549, RHEL-44471, RHEL-44514, RHEL-46473, RHEL-49754, RHEL-49755, RHEL-7984

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-07-25 01:29:55 +02:00
Denys Vlasenko
2e13fa6bef kernel-4.18.0-553.13.1.el8_10
* Fri Jul 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.13.1.el8_10]
- redhat: remove handling of deleted rhdocs/ directory from genspec.sh (Denys Vlasenko)
- x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-28202]
- perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-28202]
- Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-28202]
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Waiman Long) [RHEL-28202]
- x86/bugs: Reset speculation control settings on init (Waiman Long) [RHEL-28202]
- KVM: x86: Update KVM-only leaf handling to allow for 100%% KVM-only leafs (Waiman Long) [RHEL-28202]
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (Waiman Long) [RHEL-28202]
- mptcp: ensure snd_nxt is properly initialized on connect (Davide Caratti) [RHEL-39865] {CVE-2024-36889}
- powerpc/pseries: Enforce hcall result buffer validity and size (Mamatha Inamdar) [RHEL-48291] {CVE-2024-40974}
- wifi: mac80211: fix potential key use-after-free (Jose Ignacio Tornos Martinez) [RHEL-28007] {CVE-2023-52530}
- cppc_cpufreq: Fix possible null pointer dereference (Mark Langsdorf) [RHEL-44137] {CVE-2024-38573}
- net/sched: act_mirred: use the backlog for mirred ingress (Davide Caratti) [RHEL-31718] {CVE-2024-26740}
- vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-31922] {CVE-2024-26810}
- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Davide Caratti) [RHEL-43464] {CVE-2024-36978}
- tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized (Guillaume Nault) [RHEL-37850] {CVE-2021-47304}
- pstore/ram: Fix crash when setting number of cpus to an odd number (Lenny Szubowicz) [RHEL-29471] {CVE-2023-52619}
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Jocelyn Falempe) [RHEL-37101] {CVE-2023-52662}
- drm/vmwgfx: Fix the lifetime of the bo cursor memory (Jocelyn Falempe) [RHEL-36962] {CVE-2024-35810}
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (Jocelyn Falempe) [RHEL-34987] {CVE-2024-26940}
- drm/vmwgfx: Unmap the surface before resetting it on a plane state (Jocelyn Falempe) [RHEL-35217] {CVE-2023-52648}
- drm/vmwgfx: Fix invalid reads in fence signaled events (Jocelyn Falempe) [RHEL-40010] {CVE-2024-36960}
- block: Fix wrong offset in bio_truncate() (Ming Lei) [RHEL-43782] {CVE-2022-48747}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46913] {CVE-2024-39487}
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41183] {CVE-2024-36971}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-33264] {CVE-2024-26853}
- mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-34967] {CVE-2024-26961}
- cpufreq: exit() callback is optional (Mark Langsdorf) [RHEL-43840] {CVE-2024-38615}
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) [RHEL-34672]
- cifs: lock chan_lock outside match_session (Paulo Alcantara) [RHEL-34672]
- smb3: workaround negprot bug in some Samba servers (Paulo Alcantara) [RHEL-34672]
- smb3: use netname when available on secondary channels (Paulo Alcantara) [RHEL-34672]
- smb3: fix empty netname context on secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: populate empty hostnames for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: always iterate smb sessions using primary channel (Paulo Alcantara) [RHEL-34672]
- cifs: Fix connections leak when tlink setup failed (Paulo Alcantara) [RHEL-34672]
- cifs: Fix memory leak when build ntlmssp negotiate blob failed (Paulo Alcantara) [RHEL-34672]
- cifs: always initialize struct msghdr smb_msg completely (Paulo Alcantara) [RHEL-34672]
- cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Paulo Alcantara) [RHEL-34672]
- cifs: revalidate mapping when doing direct writes (Paulo Alcantara) [RHEL-34672]
- cifs: skip extra NULL byte in filenames (Paulo Alcantara) [RHEL-34672]
- cifs: list_for_each() -> list_for_each_entry() (Paulo Alcantara) [RHEL-34672]
- smb2: small refactor in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- cifs: Fix crash on unload of cifs_arc4.ko (Paulo Alcantara) [RHEL-34672]
- cifs: remove check of list iterator against head past the loop body (Paulo Alcantara) [RHEL-34672]
- cifs: fix reconnect on smb3 mount types (Paulo Alcantara) [RHEL-34672]
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (Paulo Alcantara) [RHEL-34672]
- cifs: skip trailing separators of prefix paths (Paulo Alcantara) [RHEL-34672]
- cifs: fix ntlmssp on old servers (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [RHEL-34672]
- cifs: do not skip link targets when an I/O fails (Paulo Alcantara) [RHEL-34672]
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (Paulo Alcantara) [RHEL-34672]
- smb3: fix snapshot mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix workstation_name for multiuser mounts (Paulo Alcantara) [RHEL-34672]
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (Paulo Alcantara) [RHEL-34672]
- cifs: free ntlmsspblob allocated in negotiate (Paulo Alcantara) [RHEL-34672]
- cifs: avoid use of dstaddr as key for fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: add server conn_id to fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: fix missed refcounting of ipc tcon (Paulo Alcantara) [RHEL-34672]
- smb2: clarify rc initialization in smb2_reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: populate server_hostname for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should be set on new server (Paulo Alcantara) [RHEL-34672]
- cifs: introduce cifs_ses_mark_for_reconnect() helper (Paulo Alcantara) [RHEL-34672]
- cifs: protect srv_count with cifs_tcp_ses_lock (Paulo Alcantara) [RHEL-34672]
- cifs: move debug print out of spinlock (Paulo Alcantara) [RHEL-34672]
- cifs: do not duplicate fscache cookie for secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: connect individual channel servers to primary channel server (Paulo Alcantara) [RHEL-34672]
- cifs: protect session channel fields with chan_lock (Paulo Alcantara) [RHEL-34672]
- cifs: do not negotiate session if session already exists (Paulo Alcantara) [RHEL-34672]
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (Paulo Alcantara) [RHEL-34672]
- cifs: fix potential use-after-free bugs (Paulo Alcantara) [RHEL-34672]
- cifs: release lock earlier in dequeue_mid error case (Paulo Alcantara) [RHEL-34672]
- smb3: remove trivial dfs compile warning (Paulo Alcantara) [RHEL-34672]
- cifs: support nested dfs links over reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: for compound requests, use open handle if possible (Paulo Alcantara) [RHEL-34672]
- cifs: split out dfs code from cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant (Paulo Alcantara) [RHEL-34672]
- cifs: introduce new helper for cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: fix print of hdr_flags in dfscache_proc_show() (Paulo Alcantara) [RHEL-34672]
- cifs: send workstation name during ntlmssp session setup (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should not share socket with future sessions (Paulo Alcantara) [RHEL-34672]
- smb3: add dynamic trace points for socket connection (Paulo Alcantara) [RHEL-34672]
- cifs: Move SMB2_Create definitions to the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: Move more definitions into the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Paulo Alcantara) [RHEL-34672]
- cifs: Create a new shared file holding smb2 pdu definitions (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect check for null pointer in header_assemble (Paulo Alcantara) [RHEL-34672]
- smb3: correct server pointer dereferencing check to be more consistent (Paulo Alcantara) [RHEL-34672]
- cifs: Deal with some warnings from W=1 (Paulo Alcantara) [RHEL-34672]
- cifs: fix a sign extension bug (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect kernel doc comments (Paulo Alcantara) [RHEL-34672]
- cifs: remove pathname for file from SPDX header (Paulo Alcantara) [RHEL-34672]
- cifs: move SMB FSCTL definitions to common code (Paulo Alcantara) [RHEL-34672]
- cifs: rename cifs_common to smbfs_common (Paulo Alcantara) [RHEL-34672]
- cifs: update FSCTL definitions (Paulo Alcantara) [RHEL-34672]
- cifs: cifs_md4 convert to SPDX identifier (Paulo Alcantara) [RHEL-34672]
- cifs: create a MD4 module and switch cifs.ko to use it (Paulo Alcantara) [RHEL-34672]
- cifs: fork arc4 and create a separate module for it for cifs and other users (Paulo Alcantara) [RHEL-34672]
- smb3: fix posix extensions mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix wrong release in sess_alloc_buffer() failed path (Paulo Alcantara) [RHEL-34672]
- CIFS: Fix a potencially linear read overflow (Paulo Alcantara) [RHEL-34672]
- cifs: use the correct max-length for dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: create sd context must be a multiple of 8 (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp sessions of dfs connections (Paulo Alcantara) [RHEL-34672]
- cifs: added WARN_ON for all the count decrements (Paulo Alcantara) [RHEL-34672]
- cifs: fix missing null session check in mount (Paulo Alcantara) [RHEL-34672]
- cifs: handle reconnect of tcon when there is no cached dfs referral (Paulo Alcantara) [RHEL-34672]
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (Paulo Alcantara) [RHEL-34672]
- smb3: fix typo in header file (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: Add support for negotiating signing algorithm (Paulo Alcantara) [RHEL-34672]
- cifs: prevent NULL deref in cifs_compose_mount_options() (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL dereference in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- smbdirect: missing rc checks while waiting for rdma events (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid field over-reading memcpy() (Paulo Alcantara) [RHEL-34672]
- smb311: remove dead code for non compounded posix query info (Paulo Alcantara) [RHEL-34672]
- cifs: fix SMB1 error path in cifs_get_file_info_unix (Paulo Alcantara) [RHEL-34672]
- smb3: fix uninitialized value for port in witness protocol move (Paulo Alcantara) [RHEL-34672]
- cifs: fix unneeded null check (Paulo Alcantara) [RHEL-34672]
- cifs: use SPDX-Licence-Identifier (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in cifs_debug.c (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in smb2misc.c (Paulo Alcantara) [RHEL-34672]
- cifs: missed ref-counting smb session in find (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp servers with dfs mounts (Paulo Alcantara) [RHEL-34672]
- cifs: set a minimum of 2 minutes for refreshing dfs cache (Paulo Alcantara) [RHEL-34672]
- cifs: Remove unused inline function is_sysvol_or_netlogon() (Paulo Alcantara) [RHEL-34672]
- cifs: remove duplicated prototype (Paulo Alcantara) [RHEL-34672]
- cifs: fix ipv6 formating in cifs_ses_add_channel (Paulo Alcantara) [RHEL-34672]
- cifs: fix string declarations and assignments in tracepoints (Paulo Alcantara) [RHEL-34672]
- cifs: fix memory leak in smb2_copychunk_range (Paulo Alcantara) [RHEL-34672]
- SMB3: incorrect file id in requests compounded with open (Paulo Alcantara) [RHEL-34672]
- smb3: if max_channels set to more than one channel request multichannel (Paulo Alcantara) [RHEL-34672]
- smb3: do not attempt multichannel to server which does not support it (Paulo Alcantara) [RHEL-34672]
- smb3: when mounting with multichannel include it in requested capabilities (Paulo Alcantara) [RHEL-34672]
- cifs: simplify SWN code with dummy funcs instead of ifdefs (Paulo Alcantara) [RHEL-34672]
- cifs: log mount errors using cifs_errorf() (Paulo Alcantara) [RHEL-34672]
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (Paulo Alcantara) [RHEL-34672]
- cifs: allocate buffer in the caller of build_path_from_dentry() (Paulo Alcantara) [RHEL-34672]
- cifs: make build_path_from_dentry() return const char * (Paulo Alcantara) [RHEL-34672]
- cifs: remove old dead code (Paulo Alcantara) [RHEL-34672]
- fs: cifs: Remove repeated struct declaration (Paulo Alcantara) [RHEL-34672]
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (Paulo Alcantara) [RHEL-34672]
- cifs: have ->mkdir() handle race with another client sanely (Paulo Alcantara) [RHEL-34672]
- do_cifs_create(): don't set ->i_mode of something we had not created (Paulo Alcantara) [RHEL-34672]
- cifs: Silently ignore unknown oplock break handle (Paulo Alcantara) [RHEL-34672]
- cifs: change noisy error message to FYI (Paulo Alcantara) [RHEL-34672]
- cifs: print MIDs in decimal notation (Paulo Alcantara) [RHEL-34672]
- cifs: minor simplification to smb2_is_network_name_deleted (Paulo Alcantara) [RHEL-34672]
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (Paulo Alcantara) [RHEL-34672]
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (Paulo Alcantara) [RHEL-34672]
- cifs: change confusing field serverName (to ip_addr) (Paulo Alcantara) [RHEL-34672]
- cifs: Reformat DebugData and index connections by conn_id. (Paulo Alcantara) [RHEL-34672]
- cifs: Identify a connection by a conn_id. (Paulo Alcantara) [RHEL-34672]
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (Paulo Alcantara) [RHEL-34672]
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Simplify bool comparison. (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Assign boolean values to a bool variable (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid error pointer dereference (Paulo Alcantara) [RHEL-34672]
- cifs: Re-indent cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Unlock on errors in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Delete a stray unlock in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Tracepoints and logs for tracing credit changes. (Paulo Alcantara) [RHEL-34672]
- cifs: Fix some error pointers handling detected by static checker (Paulo Alcantara) [RHEL-34672]
- smb3: remind users that witness protocol is experimental (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: do not log warning message if server doesn't populate salt (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: update comments clarifying SPNEGO info in negprot response (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (Paulo Alcantara) [RHEL-34672]
- SMB3: avoid confusing warning message on mount to Azure (Paulo Alcantara) [RHEL-34672]
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46662] {CVE-2024-39476}
- net: fix information leakage in /proc/net/ptype (Hangbin Liu) [RHEL-44000] {CVE-2022-48757}
- usb: typec: ucsi: Limit read size on v1.2 (Desnes Nunes) [RHEL-37286] {CVE-2024-35924}
- minmax: relax check to allow comparison between unsigned arguments and signed constants (Desnes Nunes) [RHEL-37286]
- minmax: allow comparisons of 'int' against 'unsigned char/short' (Desnes Nunes) [RHEL-37286]
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (Desnes Nunes) [RHEL-37286]
- minmax: add umin(a, b) and umax(a, b) (Desnes Nunes) [RHEL-37286]
- minmax: fix header inclusions (Desnes Nunes) [RHEL-37286]
- minmax: clamp more efficiently by avoiding extra comparison (Desnes Nunes) [RHEL-37286]
- minmax: sanity check constant bounds when clamping (Desnes Nunes) [RHEL-37286]
- tracing: Define the is_signed_type() macro once (Desnes Nunes) [RHEL-37286]
- linux/bits.h: fix compilation error with GENMASK (Desnes Nunes) [RHEL-37286]
- x86/apic: Mask IOAPIC entries when disabling the local APIC (Lenny Szubowicz) [RHEL-18077]
- userfaultfd: fix a race between writeprotect and exit_mmap() (Rafael Aquini) [RHEL-38410] {CVE-2021-47461}
- mm: khugepaged: skip huge page collapse for special files (Waiman Long) [RHEL-38446] {CVE-2021-47491}
- cachefiles: fix memory leak in cachefiles_add_cache() (Andrey Albershteyn) [RHEL-33109] {CVE-2024-26840}
- drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Michel Dänzer) [RHEL-31429] {CVE-2024-26660}
- net/mlx5: Discard command completions in internal error (Kamal Heib) [RHEL-44231] {CVE-2024-38555}
- drm: Don't unref the same fb many times by mistake due to deadlock handling (CKI Backport Bot) [RHEL-29011] {CVE-2023-52486}
- md: fix resync softlockup when bitmap size is less than array size (Nigel Croxon) [RHEL-43942] {CVE-2024-38598}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (Davide Caratti) [RHEL-39712] {CVE-2024-36017}
- netfilter: nf_tables: discard table flag update with pending basechain deletion (Phil Sutter) [RHEL-37205] {CVE-2024-35897}
- netfilter: nf_tables: reject table flag and netdev basechain updates (Phil Sutter) [RHEL-37205]
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Ewan D. Milne) [RHEL-40172] {CVE-2024-36924}
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Ewan D. Milne) [RHEL-40172] {CVE-2024-36952}
- netfilter: nf_tables: fix memleak in map from abort path (Phil Sutter) [RHEL-35052] {CVE-2024-27011}
- netfilter: nf_tables: reject new basechain after table flag update (Phil Sutter) [RHEL-37193] {CVE-2024-35900}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Phil Sutter) [RHEL-37197] {CVE-2024-35899}
- netfilter: complete validation of user input (Phil Sutter) [RHEL-37210]
- netfilter: validate user input for expected length (Phil Sutter) [RHEL-37210] {CVE-2024-35896}
- netfilter: tproxy: bail out if IP has been disabled on the device (Phil Sutter) [RHEL-44363] {CVE-2024-36270}
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Phil Sutter) [RHEL-44532] {CVE-2024-36286}
- netfilter: nf_tables: do not compare internal table flags on updates (Phil Sutter) [RHEL-35114] {CVE-2024-27065}
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Phil Sutter) [RHEL-35028] {CVE-2024-27019}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Phil Sutter) [RHEL-35024] {CVE-2024-27020}
- netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Phil Sutter) [RHEL-35024]
- netfilter: conntrack: serialize hash resizes and cleanups (Phil Sutter) [RHEL-37703] {CVE-2021-47408}
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Phil Sutter) [RHEL-34217] {CVE-2024-26925}
- netfilter: nf_tables: release batch on table validation from abort path (Phil Sutter) [RHEL-34217]
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-38319] {CVE-2023-52796}
Resolves: RHEL-18077, RHEL-28007, RHEL-28202, RHEL-29011, RHEL-29471, RHEL-31429, RHEL-31718, RHEL-31922, RHEL-33109, RHEL-33264, RHEL-34217, RHEL-34672, RHEL-34967, RHEL-34987, RHEL-35024, RHEL-35028, RHEL-35052, RHEL-35114, RHEL-35217, RHEL-36962, RHEL-37101, RHEL-37193, RHEL-37197, RHEL-37205, RHEL-37210, RHEL-37286, RHEL-37703, RHEL-37850, RHEL-38319, RHEL-38410, RHEL-38446, RHEL-39712, RHEL-39865, RHEL-40010, RHEL-40172, RHEL-41183, RHEL-43464, RHEL-43782, RHEL-43840, RHEL-43942, RHEL-44000, RHEL-44137, RHEL-44231, RHEL-44363, RHEL-44532, RHEL-46662, RHEL-46913, RHEL-48291

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-07-19 01:21:11 +02:00
Denys Vlasenko
9dbacbed09 kernel-4.18.0-553.12.1.el8_10
* Wed Jul 10 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.12.1.el8_10]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538}
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469}
- SUNRPC: Fix a suspicious RCU usage warning (Scott Mayhew) [RHEL-30503] {CVE-2023-52623}
- ice: Fix some null pointer dereference issues in ice_ptp.c (Petr Oros) [RHEL-26901] {CVE-2023-52471}
- xfs: fix internal error from AGFL exhaustion (Pavel Reichl) [RHEL-45581]
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (Phil Auld) [RHEL-38117] {CVE-2023-52707}
- wait: add wake_up_pollfree() (Phil Auld) [RHEL-38117]
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-33269] {CVE-2024-26852}
- net: bridge: switchdev: Skip MDB replays of deferred events on offload (Ivan Vecera) [RHEL-33117] {CVE-2024-26837}
- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Pavel Reichl) [RHEL-31700] {CVE-2024-26772}
- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-31688] {CVE-2024-26773}
- ext4: fix double-free of blocks due to wrong extents moved_len (Pavel Reichl) [RHEL-31612] {CVE-2024-26704}
- vxlan: Pull inner IP header in vxlan_xmit_one(). (Guillaume Nault) [RHEL-31389]
- geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Guillaume Nault) [RHEL-31389]
- vxlan: Pull inner IP header in vxlan_rcv(). (Guillaume Nault) [RHEL-31389]
- geneve: fix header validation in geneve[6]_xmit_skb (Guillaume Nault) [RHEL-31389]
- geneve: make sure to pull inner header in geneve_rx() (Guillaume Nault) [RHEL-31389]
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Guillaume Nault) [RHEL-31389]
- net: geneve: check skb is large enough for IPv4/IPv6 header (Guillaume Nault) [RHEL-31389]
- net/smc: fix neighbour and rtable leak in smc_ib_find_route() (Tobias Huschle) [RHEL-39744] {CVE-2024-36945}
- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-38452] {CVE-2024-36010}
- bonding: stop the device in bond_setup_by_slave() (Hangbin Liu) [RHEL-38327] {CVE-2023-52784}
- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-39702] {CVE-2024-36020}
- powerpc/64: Fix the definition of the fixmap area (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
- powerpc/mm/hash64: Add a variable to track the end of IO mapping (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Xin Long) [RHEL-39770] {CVE-2024-36933}
- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Xin Long) [RHEL-39770]
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39779] {CVE-2024-36929}
- tcp: properly terminate timers for kernel sockets (Guillaume Nault) [RHEL-37171] {CVE-2024-35910}
- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39831]
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39831] {CVE-2024-36905}
- tcp: remove redundant check on tskb (Florian Westphal) [RHEL-39831]
- drm/ast: Fix soft lockup (cki-backport-bot) [RHEL-37438] {CVE-2024-35952}
- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-39341]
- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-39341]
- null_blk: fix return value from null_add_dev() (Ming Lei) [RHEL-39341]
Resolves: RHEL-26893, RHEL-26901, RHEL-27191, RHEL-30503, RHEL-31389, RHEL-31612, RHEL-31688, RHEL-31700, RHEL-33117, RHEL-33269, RHEL-37171, RHEL-37438, RHEL-38117, RHEL-38327, RHEL-38452, RHEL-39341, RHEL-39702, RHEL-39744, RHEL-39770, RHEL-39779, RHEL-39831, RHEL-44291, RHEL-45581

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-07-10 18:57:22 +02:00
Denys Vlasenko
d1cd9718e8 kernel-4.18.0-553.11.1.el8_10
* Wed Jul 03 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.11.1.el8_10]
- x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-42121]
- Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-42121]
- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-42121]
- x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-42121]
- Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-42121]
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-42121]
- x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-42121]
- KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-42121]
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-42121]
- x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-42121]
- x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-42121]
- x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-42121]
- x86/cpu: Fix Gracemont uarch (Waiman Long) [RHEL-42121]
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-42121]
- KVM: VMX: Access @flags as a 32-bit value in __vmx_vcpu_run() (Waiman Long) [RHEL-42121]
- x86/asm: Add _ASM_RIP() macro for x86-64 (%%rip) suffix (Waiman Long) [RHEL-42121]
- x86/asm: Have the __ASM_FORM macros handle commas in arguments (Waiman Long) [RHEL-42121]
- x86/asm: Allow to pass macros to __ASM_FORM() (Waiman Long) [RHEL-42121]
- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-39801] {CVE-2024-36921}
- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-39784]
- ipv4: Fix uninit-value access in __ip_make_skb() (Antoine Tenart) [RHEL-39784] {CVE-2024-36927}
- perf mmap: Lazily initialize zstd streams to save memory when not using it (Michael Petlan) [RHEL-34876]
- perf tools: Fix spelling mistake "commpressor" -> "compressor" (Michael Petlan) [RHEL-34876]
- perf record: Introduce data transferred and compressed stats (Michael Petlan) [RHEL-34876]
- perf record: Introduce compressor at mmap buffer object (Michael Petlan) [RHEL-34876]
- perf record: Introduce bytes written stats (Michael Petlan) [RHEL-34876]
- perf record: Introduce data file at mmap buffer object (Michael Petlan) [RHEL-34876]
- perf record: Start threads in the beginning of trace streaming (Alexey Bayduraev) [RHEL-34876]
- perf record: Stop threads in the end of trace streaming (Michael Petlan) [RHEL-34876]
- perf record: Introduce thread local variable (Michael Petlan) [RHEL-34876]
- perf record: Introduce function to propagate control commands (Michael Petlan) [RHEL-34876]
- perf record: Introduce thread specific data array (Michael Petlan) [RHEL-34876]
- tools lib: Introduce fdarray duplicate function (Michael Petlan) [RHEL-34876]
- perf record: Introduce thread affinity and mmap masks (Michael Petlan) [RHEL-34876]
- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-40901]
- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-40901]
- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-40901]
- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-40901]
- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Remove useless assignment (Bob Peterson) [RHEL-40901]
- gfs2: simplify slot_get (Bob Peterson) [RHEL-40901]
- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-40901]
- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-40901]
- gfs2: use constant for array size (Bob Peterson) [RHEL-40901]
- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-40901]
- gfs2: Remove useless err set (Bob Peterson) [RHEL-40901]
- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-40901]
- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-40901]
- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-40901]
- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-40901]
- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-40901]
- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-40901]
- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-40901]
- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-40901]
- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-40901]
- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-40901]
- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-40901]
- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-40901]
- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-40901]
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
- af_unix: Fix data-races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
- af_unix: Fix data races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
- perf/core: Fix event sibling list locking (Daniel Vacek) [RHEL-31798]
- media: bttv: fix use after free error due to btv->timeout timer (Kate Hsuan) [RHEL-38256] {CVE-2023-52847}
- arp: Prevent overflow in arp_req_get(). (Antoine Tenart) [RHEL-31706] {CVE-2024-26733}
- Bluetooth: btusb: Add a new PID/VID 0489/e0c8 for MT7921 (David Marlin) [RHEL-10263]
- mm: swap: fix race between free_swap_and_cache() and swapoff() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- swap: comments get_swap_device() with usage rule (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- mm/swapfile.c: __swap_entry_free() always free 1 entry (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- mm/swapfile.c: call free_swap_slot() in __swap_entry_free() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- mm/swapfile.c: use __try_to_reclaim_swap() in free_swap_and_cache() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43788] {CVE-2022-48743}
- ovl: fix warning in ovl_create_real() (cki-backport-bot) [RHEL-43652] {CVE-2021-47579}
- net/sched: initialize noop_qdisc owner (Davide Caratti) [RHEL-35056]
- net/sched: Fix mirred deadlock on device recursion (Davide Caratti) [RHEL-35056] {CVE-2024-27010}
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Pavel Reichl) [RHEL-45029] {CVE-2024-39276}
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-38713] {CVE-2021-47548}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44396] {CVE-2024-33621}
- mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26462] {CVE-2024-26586}
- inet: inet_defrag: prevent sk release while still in use (Antoine Tenart) [RHEL-33398] {CVE-2024-26921}
- skb_expand_head() adjust skb->truesize incorrectly (Antoine Tenart) [RHEL-33398]
- nvmet: fix ns enable/disable possible hang (Ming Lei) [RHEL-43547]
Resolves: RHEL-10263, RHEL-26462, RHEL-31706, RHEL-31798, RHEL-33398, RHEL-34876, RHEL-34971, RHEL-35056, RHEL-38256, RHEL-38713, RHEL-39784, RHEL-39801, RHEL-40901, RHEL-42121, RHEL-43547, RHEL-43652, RHEL-43788, RHEL-43961, RHEL-44396, RHEL-45029

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-07-03 19:34:27 +02:00
Denys Vlasenko
6d43a57074 kernel-4.18.0-553.10.1.el8_10
* Fri Jun 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.10.1.el8_10]
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803}
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025}
- tcp: add sanity checks to rx zerocopy (Guillaume Nault) [RHEL-29494] {CVE-2024-26640}
- SUNRPC: fix some memleaks in gssx_dec_option_array (Scott Mayhew) [RHEL-35209] {CVE-2024-27388}
- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-39752] {CVE-2024-36941}
- nfs: fix UAF in direct writes (Scott Mayhew) [RHEL-34975] {CVE-2024-26958}
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Scott Mayhew) [RHEL-33228] {CVE-2024-26870}
- drm/amd/pm: Fix error of MACO flag setting code (Michel Dänzer) [RHEL-15928]
- scsi: aacraid: fix io hangs and improve performance (John Meneghini) [RHEL-23913]
- block: prevent division by zero in blk_rq_stat_sum() (Ming Lei) [RHEL-37279] {CVE-2024-35925}
- block: fix overflow in blk_ioctl_discard() (Ming Lei) [RHEL-39811] {CVE-2024-36917}
- virtio-blk: fix implicit overflow on virtio_max_dma_size (Ming Lei) [RHEL-38131] {CVE-2023-52762}
- nbd: null check for nla_nest_start (Ming Lei) [RHEL-35176] {CVE-2024-27025}
- isdn: mISDN: netjet: Fix crash in nj_probe: (Ken Cox) [RHEL-38444] {CVE-2021-47284}
- isdn: mISDN: Fix sleeping function called from invalid context (Ken Cox) [RHEL-38400] {CVE-2021-47468}
- net/smc: avoid data corruption caused by decline (Tobias Huschle) [RHEL-38234] {CVE-2023-52775}
- ubi: Check for too small LEB size in VTBL code (David Arcari) [RHEL-25092] {CVE-2024-25739}
- i2c: core: Fix atomic xfer check for non-preempt config (Steve Best) [RHEL-38313] {CVE-2023-52791}
- i2c: core: Run atomic i2c xfer when !preemptible (Steve Best) [RHEL-38313] {CVE-2023-52791}
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Steve Best) [RHEL-39902] {CVE-2024-36950}
- ipv6: init the accept_queue's spinlocks in inet6_create (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
- tcp: make sure init the accept_queue's spinlocks once (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-39352] {CVE-2024-36016}
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37484] {CVE-2024-36006}
- pwm: Fix double shift bug (Steve Best) [RHEL-38278] {CVE-2023-52756}
- mmc: sdio: fix possible resource leaks in some error paths (Steve Best) [RHEL-38149] {CVE-2023-52730}
- of: unittest: Fix compile in the non-dynamic case (Steve Best) [RHEL-37070] {CVE-2023-52679}
- of: unittest: Fix of_count_phandle_with_args() expected value message (Steve Best) [RHEL-37070] {CVE-2023-52679}
- of: Fix double free in of_parse_phandle_with_args_map (Steve Best) [RHEL-37070] {CVE-2023-52679}
- pinctrl: core: delete incorrect free in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
- pinctrl: core: fix possible memory leak in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (Desnes Nunes) [RHEL-38331] {CVE-2023-52764}
- tipc: fix a possible memleak in tipc_buf_append (Xin Long) [RHEL-39881] {CVE-2024-36954}
- cifs: fix mid leak during reconnection after timeout threshold (Paulo Alcantara) [RHEL-36222]
- cifs: Fix use-after-free in rdata->read_into_pages() (Paulo Alcantara) [RHEL-36222]
- cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (Paulo Alcantara) [RHEL-36222]
- cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (Paulo Alcantara) [RHEL-36222]
- cifs: destage dirty pages before re-reading them for cache=none (Paulo Alcantara) [RHEL-36222]
- cifs: destage any unwritten data to the server before calling copychunk_write (Paulo Alcantara) [RHEL-36222]
- Adjust cifssb maximum read size (Paulo Alcantara) [RHEL-36222]
- cifs: make locking consistent around the server session status (Paulo Alcantara) [RHEL-36222]
- cifs: fix credit accounting for extra channel (Paulo Alcantara) [RHEL-36222]
- smb3: prevent races updating CurrentMid (Paulo Alcantara) [RHEL-36222]
- cifs: fix missing spinlock around update to ses->status (Paulo Alcantara) [RHEL-36222]
- cifs: use echo_interval even when connection not ready. (Paulo Alcantara) [RHEL-36222]
- cifs: detect dead connections only when echoes are enabled. (Paulo Alcantara) [RHEL-36222]
- cifs: Fix preauth hash corruption (Paulo Alcantara) [RHEL-36222]
- cifs: do not send close in compound create+close requests (Paulo Alcantara) [RHEL-36222]
- cifs: ask for more credit on async read/write code paths (Paulo Alcantara) [RHEL-36222]
- cifs: use discard iterator to discard unneeded network data more efficiently (Paulo Alcantara) [RHEL-36222]
- cifs: Fix in error types returned for out-of-credit situations. (Paulo Alcantara) [RHEL-36222]
- smb3: fix crediting for compounding when only one request in flight (Paulo Alcantara) [RHEL-36222]
- cifs: New optype for session operations. (Paulo Alcantara) [RHEL-36222]
- mm/gup: do not return 0 from pin_user_pages_fast() for bad args (Paulo Alcantara) [RHEL-36222]
- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44124] {CVE-2024-38575}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-39835] {CVE-2024-36904}
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Jose Ignacio Tornos Martinez) [RHEL-38159] {CVE-2023-52832}
- wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-38155] {CVE-2023-52777}
- net: ieee802154: fix null deref in parse dev addr (Steve Best) [RHEL-38012] {CVE-2021-47257}
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-37465] {CVE-2024-36000}
- x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-37343] {CVE-2024-35937}
- wifi: rtw89: fix null pointer access when abort scan (Jose Ignacio Tornos Martinez) [RHEL-37355] {CVE-2024-35946}
- atl1c: Work around the DMA RX overflow issue (Ken Cox) [RHEL-38287] {CVE-2023-52834}
- wifi: ath11k: decrease MHI channel buffer length to 8KB (Jose Ignacio Tornos Martinez) [RHEL-37339] {CVE-2024-35938}
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (Jose Ignacio Tornos Martinez) [RHEL-37163] {CVE-2024-35912}
- USB: core: Fix access violation during port device removal (Desnes Nunes) [RHEL-39853] {CVE-2024-36896}
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Ewan D. Milne) [RHEL-37123] {CVE-2024-35930}
- netfilter: nf_tables: honor table dormant flag from netdev release event path (Phil Sutter) [RHEL-37450] {CVE-2024-36005}
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
- wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
- misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume (Steve Best) [RHEL-36932] {CVE-2024-35824}
Resolves: RHEL-15928, RHEL-23913, RHEL-25092, RHEL-28899, RHEL-29494, RHEL-33228, RHEL-33258, RHEL-34975, RHEL-35176, RHEL-35209, RHEL-36222, RHEL-36898, RHEL-36932, RHEL-37070, RHEL-37123, RHEL-37163, RHEL-37279, RHEL-37339, RHEL-37343, RHEL-37355, RHEL-37450, RHEL-37465, RHEL-37484, RHEL-38012, RHEL-38131, RHEL-38149, RHEL-38155, RHEL-38159, RHEL-38234, RHEL-38264, RHEL-38278, RHEL-38287, RHEL-38313, RHEL-38331, RHEL-38400, RHEL-38444, RHEL-39352, RHEL-39717, RHEL-39752, RHEL-39756, RHEL-39811, RHEL-39835, RHEL-39853, RHEL-39881, RHEL-39902, RHEL-44124

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-06-28 15:48:57 +02:00
Denys Vlasenko
85bf7844fb kernel-4.18.0-553.9.1.el8_10
* Fri Jun 21 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.9.1.el8_10]
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Steve Best) [RHEL-37262] {CVE-2024-35876}
- net/sched: flower: Fix chain template offload (Xin Long) [RHEL-31313] {CVE-2024-26669}
- SUNRPC: fix a memleak in gss_import_v2_context (Scott Mayhew) [RHEL-35195] {CVE-2023-52653}
- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-26564] {CVE-2023-52463}
- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
- quota: Fix potential NULL pointer dereference (Pavel Reichl) [RHEL-33219] {CVE-2024-26878}
- locking/lockdep: Fix overflow in presentation of average lock-time (Čestmír Kalina) [RHEL-17678]
- blk-cgroup: Properly propagate the iostat update up the hierarchy (Ming Lei) [RHEL-40939]
- proc: Use new_inode not new_inode_pseudo (Ian Kent) [RHEL-40167]
- stmmac: Clear variable when destroying workqueue (Izabela Bakollari) [RHEL-31822] {CVE-2024-26802}
- powerpc/pseries/memhp: Fix access beyond end of drmem array (Mamatha Inamdar) [RHEL-26495] {CVE-2023-52451}
- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-38258] {CVE-2023-52864}
- Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (Kamal Heib) [RHEL-36908] {CVE-2023-52658}
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Cathy Avery) [RHEL-39074]
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Cathy Avery) [RHEL-39074]
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Cathy Avery) [RHEL-39074]
- hv_netvsc: remove duplicated including of slab.h (Cathy Avery) [RHEL-39074]
- hv_netvsc: rndis_filter needs to select NLS (Cathy Avery) [RHEL-39074]
- hv_netvsc: Mark VF as slave before exposing it to user-mode (Cathy Avery) [RHEL-39074]
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (Cathy Avery) [RHEL-39074]
- hv_netvsc: fix race of netvsc and VF register_netdevice (Cathy Avery) [RHEL-39074]
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (Cathy Avery) [RHEL-39074]
- hv_netvsc: Allocate rx indirection table size dynamically (Cathy Avery) [RHEL-39074]
- net: hv_netvsc: Fix a warning triggered by memcpy in rndis_filter (Cathy Avery) [RHEL-39074]
- gfs2: Fix lru_count accounting (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Fix "Make glock lru list scanning safer" (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Fix "ignore unlock failures after withdraw" (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Delay withdraw from atomic context (Andreas Gruenbacher) [RHEL-32941]
- gfs2: trivial clean up of gfs2_ail_error (Andreas Gruenbacher) [RHEL-32941]
- ext4: fix corruption during on-line resize (Carlos Maiolino) [RHEL-36974] {CVE-2024-35807}
- ext4: correct offset of gdb backup in non meta_bg group to update_backups (Carlos Maiolino) [RHEL-36974]
- ext4: avoid online resizing failures due to oversized flex bg (Carlos Maiolino) [RHEL-30507] {CVE-2023-52622}
- ext4: use time_is_before_jiffies() instead of open coding it (Carlos Maiolino) [RHEL-30507]
- ext4: unify the type of flexbg_size to unsigned int (Carlos Maiolino) [RHEL-30507]
- ext4: remove unnecessary check from alloc_flex_gd() (Carlos Maiolino) [RHEL-30507]
- tracing: Do no increment trace_clock_global() by one (Jerome Marchand) [RHEL-27107] {CVE-2021-46939}
- tracing: Restructure trace_clock_global() to never block (Jerome Marchand) [RHEL-27107] {CVE-2021-46939}
- net/sched: act_skbmod: prevent kernel-infoleak (Xin Long) [RHEL-37220] {CVE-2024-35893}
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Xin Long) [RHEL-38307] {CVE-2023-52845}
- redhat: remove the merge subtrees script (Derek Barbosa)
- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)
- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)
- dyndbg: fix old BUG_ON in >control parser (Waiman Long) [RHEL-37111] {CVE-2024-35947}
- dyndbg: let query-modname override actual module name (Waiman Long) [RHEL-37111]
- dyndbg: make dyndbg a known cli param (Waiman Long) [RHEL-37111]
- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-33437]
- net: usb: lan78xx: don't modify phy_device state concurrently (Jamie Bainbridge) [RHEL-33437]
- efi: runtime: Fix potential overflow of soft-reserved region size (Lenny Szubowicz) [RHEL-33096] {CVE-2024-26843}
- perf/arm-cmn: Fail DTC counter allocation correctly (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Rework DTC counters (again) (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Fix DTC domain detection (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Revamp model detection (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Fix port detection for CMN-700 (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Move overlapping wp_combine field (Michael Petlan) [RHEL-23841]
- Partially revert "perf/arm-cmn: Optimise DTC counter accesses" (Michael Petlan) [RHEL-23841]
- drivers/perf: Compile with gnu99 standard (Michael Petlan) [RHEL-23841]
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Steve Best) [RHEL-36994] {CVE-2024-35801}
- watchdog: softdog: Add options 'soft_reboot_cmd' and 'soft_active_on_boot' (Waiman Long) [RHEL-19723]
- tipc: fix UAF in error path (Xin Long) [RHEL-34278] {CVE-2024-36886}
Resolves: RHEL-17678, RHEL-19723, RHEL-23841, RHEL-26495, RHEL-26564, RHEL-27107, RHEL-30507, RHEL-31313, RHEL-31822, RHEL-32941, RHEL-33096, RHEL-33219, RHEL-33437, RHEL-34278, RHEL-35195, RHEL-35826, RHEL-36908, RHEL-36974, RHEL-36994, RHEL-37111, RHEL-37220, RHEL-37262, RHEL-38258, RHEL-38307, RHEL-39074, RHEL-40167, RHEL-40939

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-06-21 14:55:17 +02:00
Denys Vlasenko
f23a3cd900 kernel-4.18.0-553.8.1.el8_10
* Fri Jun 14 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.8.1.el8_10]
- udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353}
- net: ti: fix UAF in tlan_remove_one (Jose Ignacio Tornos Martinez) [RHEL-38940] {CVE-2021-47310}
- ARM: footbridge: fix PCI interrupt mapping (Myron Stowe) [RHEL-26971] {CVE-2021-46909}
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Kamal Heib) [RHEL-37454] {CVE-2024-36004}
- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Kamal Heib) [RHEL-37424] {CVE-2024-35959}
- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-37420] {CVE-2024-35960}
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-37091] {CVE-2023-52667}
- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-37428] {CVE-2024-35958}
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
- mISDN: fix possible use-after-free in HFC_cleanup() (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-35106]
- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-35106]
- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-35106]
- [rt] Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-36172]
- drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-36172]
- drm/mgag200: Fix caching setup for remapped video memory (Jocelyn Falempe) [RHEL-36172]
- Revert "drm/mgag200: Add a workaround for low-latency" (Jocelyn Falempe) [RHEL-36172]
- mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-33133] {CVE-2024-26826}
- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-31730]
- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-31730] {CVE-2024-26735}
- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-14195 RHEL-33243] {CVE-2024-26859}
- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-14195 RHEL-33243]
- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-14195 RHEL-33243]
- x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [RHEL-15495] {CVE-2023-5090}
- EDAC/thunderx: Fix possible out-of-bounds string access (Aristeu Rozanski) [RHEL-26573] {CVE-2023-52464}
Resolves: RHEL-14195, RHEL-15495, RHEL-26573, RHEL-26971, RHEL-31730, RHEL-33133, RHEL-33243, RHEL-35106, RHEL-36172, RHEL-37091, RHEL-37420, RHEL-37424, RHEL-37428, RHEL-37454, RHEL-37763, RHEL-37769, RHEL-38940

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-06-14 00:22:10 +02:00
Denys Vlasenko
f98a3e0f69 kernel-4.18.0-553.7.1.el8_10
* Thu Jun 06 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.7.1.el8_10]
- net: qcom/emac: fix UAF in emac_remove (Ken Cox) [RHEL-37834] {CVE-2021-47311}
- perf/core: Bail out early if the request AUX area is out of bound (Michael Petlan) [RHEL-38268] {CVE-2023-52835}
- crypto: pcrypt - Fix hungtask for PADATA_RESET (Herbert Xu) [RHEL-38171] {CVE-2023-52813}
- drm/amdgpu: fix use-after-free bug (Jocelyn Falempe) [RHEL-31240] {CVE-2024-26656}
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37008] {CVE-2024-35854}
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37004] {CVE-2024-35855}
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37012] {CVE-2024-35853}
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-37016] {CVE-2024-35852}
- mlxsw: spectrum_acl_tcam: Fix warning during rehash (Ivan Vecera) [RHEL-37480] {CVE-2024-36007}
- can: peak_pci: peak_pci_remove(): fix UAF (Jose Ignacio Tornos Martinez) [RHEL-38419] {CVE-2021-47456}
- usbnet: fix error return code in usbnet_probe() (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495}
- usbnet: sanity check for maxpacket (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495}
- net/mlx5e: fix a double-free in arfs_create_groups (Kamal Heib) [RHEL-36920] {CVE-2024-35835}
- can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Jose Ignacio Tornos Martinez) [RHEL-38220] {CVE-2023-52878}
- net: cdc_eem: fix tx fixup skb leak (Jose Ignacio Tornos Martinez) [RHEL-38080] {CVE-2021-47236}
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Jose Ignacio Tornos Martinez) [RHEL-38113] {CVE-2023-52703}
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Desnes Nunes) [RHEL-38248] {CVE-2023-52877}
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Desnes Nunes) [RHEL-38240] {CVE-2023-52781}
- gro: fix ownership transfer (Xin Long) [RHEL-37226] {CVE-2024-35890}
- tipc: fix kernel warning when sending SYN message (Xin Long) [RHEL-38109] {CVE-2023-52700}
- erspan: make sure erspan_base_hdr is present in skb->head (Xin Long) [RHEL-37230] {CVE-2024-35888}
- scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() (Bryan Gurney) [RHEL-17366]
- scsi: mpi3mr: Sanitise num_phys (Bryan Gurney) [RHEL-17366]
- netfilter: nf_tables: use timestamp to check for set element timeout (Phil Sutter) [RHEL-38023] {CVE-2024-27397}
- net/ipv6: SKB symmetric hash should incorporate transport ports (Sabrina Dubroca) [RHEL-32061]
- crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) [RHEL-37089] {CVE-2023-52669}
- net: Save and restore msg_namelen in sock_sendmsg (Jamie Bainbridge) [RHEL-35893]
- net: prevent address rewrite in kernel_bind() (Jamie Bainbridge) [RHEL-35893]
- net: prevent rewrite of msg_name in sock_sendmsg() (Jamie Bainbridge) [RHEL-35893]
- net: replace calls to sock->ops->connect() with kernel_connect() (Jamie Bainbridge) [RHEL-35893]
- net: Avoid address overwrite in kernel_connect (Jamie Bainbridge) [RHEL-35893]
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-37026] {CVE-2024-35845}
- wifi: mac80211: fix potential sta-link leak (Jose Ignacio Tornos Martinez) [RHEL-36916] {CVE-2024-35838}
- wifi: nl80211: reject iftype change with mesh ID change (Jose Ignacio Tornos Martinez) [RHEL-36884] {CVE-2024-27410}
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-36807] {CVE-2024-35789}
- Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-31826] {CVE-2024-26801}
- tls: disable async encrypt/decrypt (Sabrina Dubroca) [RHEL-26362 RHEL-26409 RHEL-26420] {CVE-2024-26584 CVE-2024-26583 CVE-2024-26585}
- Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [RHEL-35096] {CVE-2024-26982}
- ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (Rafael Aquini) [RHEL-27782] {CVE-2021-47069}
- ipc/msg.c: update and document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069}
- ipc/sem.c: document and update memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069}
- ipc/mqueue.c: update/document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069}
- ipc/mqueue.c: remove duplicated code (Rafael Aquini) [RHEL-27782] {CVE-2021-47069}
- net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-30582] {CVE-2023-52626}
- Revert "ACPI: bus: Rework system-level device notification handling" (Prarit Bhargava) [RHEL-21486]
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Prarit Bhargava) [RHEL-29485] {CVE-2023-52615}
Resolves: RHEL-17366, RHEL-21486, RHEL-26362, RHEL-26409, RHEL-26420, RHEL-27782, RHEL-29485, RHEL-30582, RHEL-31240, RHEL-31826, RHEL-32061, RHEL-35096, RHEL-35893, RHEL-36807, RHEL-36884, RHEL-36916, RHEL-36920, RHEL-37004, RHEL-37008, RHEL-37012, RHEL-37016, RHEL-37026, RHEL-37089, RHEL-37226, RHEL-37230, RHEL-37480, RHEL-37834, RHEL-38023, RHEL-38080, RHEL-38109, RHEL-38113, RHEL-38171, RHEL-38220, RHEL-38240, RHEL-38248, RHEL-38268, RHEL-38419, RHEL-38440

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-06-06 19:05:48 +02:00
Denys Vlasenko
a46af5247a kernel-4.18.0-553.6.1.el8_10
* Wed May 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.6.1.el8_10]
- powerpc/powernv: Add a null pointer check in opal_event_init() (Mamatha Inamdar) [RHEL-37058] {CVE-2023-52686}
- crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-35361]
- crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-35361]
- KEYS: use kfree_sensitive with key (Vladis Dronov) [RHEL-35361]
- lib/mpi: Extend the MPI library (only mpi_*_bit() part) (Vladis Dronov) [RHEL-35361]
- net: ip_tunnel: prevent perpetual headroom growth (Felix Maurer) [RHEL-31814] {CVE-2024-26804}
- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-36048]
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Kamal Heib) [RHEL-33162] {CVE-2024-26907}
- ovl: fix leaked dentry (Miklos Szeredi) [RHEL-27306] {CVE-2021-46972}
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm/vsyscall: Consider vsyscall page part of user address space (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- x86/mm: Add vsyscall address helper (Rafael Aquini) [RHEL-33166] {CVE-2024-26906}
- mm/swap: fix race when skipping swapcache (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- swap: fix do_swap_page() race with swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- mm/swapfile: use percpu_ref to serialize against concurrent swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759}
- mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() (Rafael Aquini) [RHEL-29294] {CVE-2023-52560}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-29783]
- block: null_blk: Fix handling of fake timeout request (Ming Lei) [RHEL-8130]
- null_blk: fix poll request timeout handling (Ming Lei) [RHEL-8130]
- block: null_blk: end timed out poll request (Ming Lei) [RHEL-8130]
- block: null_blk: only set set->nr_maps as 3 if active poll_queues is > 0 (Ming Lei) [RHEL-8130]
- null_blk: allow zero poll queues (Ming Lei) [RHEL-8130]
- null_blk: Fix handling of submit_queues and poll_queues attributes (Ming Lei) [RHEL-8130]
- null_blk: poll queue support (Ming Lei) [RHEL-8130]
- null_blk: fix command timeout completion handling (Ming Lei) [RHEL-8130]
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Prarit Bhargava) [RHEL-27790] {CVE-2021-47073}
- Bluetooth: avoid memcmp() out of bounds warning (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Fix coding style (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Fix using memcmp when comparing keys (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: Reject connection with the device which has same BD_ADDR (David Marlin) [RHEL-3017] {CVE-2020-26555}
- Bluetooth: hci_event: Ignore NULL link key (David Marlin) [RHEL-3017] {CVE-2020-26555}
- ppp_async: limit MRU to 64K (Guillaume Nault) [RHEL-31353] {CVE-2024-26675}
- powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Mamatha Inamdar) [RHEL-37078] {CVE-2023-52675}
- tcp: do not accept ACK of bytes we never sent (Xin Long) [RHEL-21952]
Resolves: RHEL-21952, RHEL-27306, RHEL-27790, RHEL-29294, RHEL-29783, RHEL-3017, RHEL-31353, RHEL-31644, RHEL-31814, RHEL-33162, RHEL-33166, RHEL-35361, RHEL-36048, RHEL-37058, RHEL-37078, RHEL-8130

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-05-29 22:37:37 +02:00
Denys Vlasenko
e84ea13bd0 kernel-4.18.0-553.5.1.el8_10
* Mon May 20 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.5.1.el8_10]
- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-29238]
- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-29238]
- uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439}
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (Ken Cox) [RHEL-27316] {CVE-2021-47013}
- keys: Fix linking a duplicate key to a keyring's assoc_array (David Howells) [RHEL-30772]
- keys: Hoist locking out of __key_link_begin() (David Howells) [RHEL-30772]
- keys: Break bits out of key_unlink() (David Howells) [RHEL-30772]
- keys: Change keyring_serialise_link_sem to a mutex (David Howells) [RHEL-30772]
- wifi: brcm80211: handle pmk_op allocation failure (Jose Ignacio Tornos Martinez) [RHEL-35150] {CVE-2024-27048}
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-35140] {CVE-2024-27052}
- wifi: iwlwifi: mvm: ensure offloading TID queue exists (Jose Ignacio Tornos Martinez) [RHEL-35130] {CVE-2024-27056}
- wifi: mt76: mt7921e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-34866] {CVE-2024-26892}
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-34189] {CVE-2024-26897}
- wifi: iwlwifi: mvm: fix a crash when we run out of stations (Jose Ignacio Tornos Martinez) [RHEL-31547] {CVE-2024-26693}
- wifi: iwlwifi: fix double-free bug (Jose Ignacio Tornos Martinez) [RHEL-31543] {CVE-2024-26694}
- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Jose Ignacio Tornos Martinez) [RHEL-29089] {CVE-2023-52594}
- wifi: rt2x00: restart beacon queue when hardware reset (Jose Ignacio Tornos Martinez) [RHEL-29093] {CVE-2023-52595}
- wifi: iwlwifi: fix a memory corruption (Jose Ignacio Tornos Martinez) [RHEL-28903] {CVE-2024-26610}
Resolves: RHEL-26232, RHEL-27316, RHEL-28903, RHEL-29089, RHEL-29093, RHEL-29238, RHEL-30772, RHEL-31543, RHEL-31547, RHEL-34189, RHEL-34866, RHEL-35130, RHEL-35140, RHEL-35150

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-05-21 00:16:59 +02:00
Denys Vlasenko
9fc0a7e3c8 kernel-4.18.0-553.4.1.el8_10
* Wed May 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.4.1.el8_10]
- cpuhotplug: Fix kABI breakage caused by CPUHP_AP_HYPERV_ONLINE (Vitaly Kuznetsov) [RHEL-36117]
- net/mlx5e: Prevent deadlock while disabling aRFS (Kamal Heib) [RHEL-35041] {CVE-2024-27014}
- x86/tsc: Defer marking TSC unstable to a worker (Wander Lairson Costa) [RHEL-32676]
- x86/smpboot: Make TSC synchronization function call based (Wander Lairson Costa) [RHEL-32676]
- net: usb: fix possible use-after-free in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171}
- net: usb: fix memory leak in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171}
Resolves: RHEL-30311, RHEL-32676, RHEL-35041, RHEL-36117

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-05-15 17:51:09 +02:00
Denys Vlasenko
42a083e861 kernel-4.18.0-552.3.1.el8_10
* Sat May 11 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.3.1.el8_10]
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-30076] {CVE-2024-26643}
- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-30080] {CVE-2024-26642}
- selftests/bpf: Fix pyperf180 compilation failure with clang18 (Artem Savkov) [RHEL-35576]
- md/raid5: fix atomicity violation in raid5_cache_count (Nigel Croxon) [RHEL-27930] {CVE-2024-23307}
- usb: ulpi: Fix debugfs directory leak (Desnes Nunes) [RHEL-33287] {CVE-2024-26919}
- powerpc/pseries: Fix potential memleak in papr_get_attr() (Mamatha Inamdar) [RHEL-35213] {CVE-2022-48669}
- USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (Desnes Nunes) [RHEL-35122] {CVE-2024-27059}
- NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-34912]
- USB: core: Fix deadlock in usb_deauthorize_interface() (Desnes Nunes) [RHEL-35002] {CVE-2024-26934}
- usb: xhci: Add error handling in xhci_map_urb_for_dma (Desnes Nunes) [RHEL-34958] {CVE-2024-26964}
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35076] {CVE-2024-26993}
- xhci: handle isoc Babble and Buffer Overrun events properly (Desnes Nunes) [RHEL-31297] {CVE-2024-26659}
- xhci: process isoc TD properly when there was a transaction error mid TD. (Desnes Nunes) [RHEL-31297] {CVE-2024-26659}
- USB: core: Fix deadlock in port "disable" sysfs attribute (Desnes Nunes) [RHEL-35006] {CVE-2024-26933}
- USB: core: Add hub_get() and hub_put() routines (Desnes Nunes) [RHEL-35006] {CVE-2024-26933}
- netfilter: ipset: Missing gc cancellations fixed (Phil Sutter) [RHEL-30521]
- netfilter: ipset: fix performance regression in swap operation (Phil Sutter) [RHEL-30521]
- netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports (Phil Sutter) [RHEL-30521]
- netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Phil Sutter) [RHEL-30521]
- x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu (David Arcari) [RHEL-32516]
- x86/coco: Disable 32-bit emulation by default on TDX and SEV (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
- x86: Make IA32_EMULATION boot time configurable (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
- x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
- x86/elf: Make loading of 32bit processes depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
- x86/entry: Rename ignore_sysret() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
- x86/cpu: Don't write CSTAR MSR on Intel CPUs (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
- x86: Introduce ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
Resolves: RHEL-25087, RHEL-27930, RHEL-30076, RHEL-30080, RHEL-30521, RHEL-31297, RHEL-32516, RHEL-33287, RHEL-34912, RHEL-34958, RHEL-35002, RHEL-35006, RHEL-35076, RHEL-35122, RHEL-35213, RHEL-35576

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-05-11 16:33:23 +02:00
Denys Vlasenko
03e89c3291 kernel-4.18.0-552.2.1.el8_10
* Mon May 06 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.2.1.el8_10]
- s390/ptrace: handle setting of fpc register correctly (Tobias Huschle) [RHEL-29106] {CVE-2023-52598}
- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Tobias Huschle) [RHEL-27746] {CVE-2024-26615}
- wifi: mac80211: fix race condition on enabling fast-xmit (Jose Ignacio Tornos Martinez) [RHEL-31664] {CVE-2024-26779}
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (Mamatha Inamdar) [RHEL-24401]
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (Mamatha Inamdar) [RHEL-24401]
- mtd: require write permissions for locking and badblock ioctls (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055}
- mtd: properly check all write ioctls for permissions (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055}
- pid: take a reference when initializing `cad_pid` (Waiman Long) [RHEL-29420] {CVE-2021-47118}
- i2c: i801: Don't generate an interrupt on bus reset (Prarit Bhargava) [RHEL-30325] {CVE-2021-47153}
- RDMA/srpt: Do not register event handler until srpt device is fully setup (Kamal Heib) [RHEL-33224] {CVE-2024-26872}
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-26723]
- ceph: switch to use cap_delay_lock for the unlink delay list (Xiubo Li) [RHEL-32870]
- ceph: pass ino# instead of old_dentry if it's disconnected (Xiubo Li) [RHEL-32870]
- fat: fix uninitialized field in nostale filehandles (Andrey Albershteyn) [RHEL-33186 RHEL-35108] {CVE-2024-26973}
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Andrey Albershteyn) [RHEL-33186] {CVE-2024-26901}
- idpf: limit the support to GCP only (Michal Schmidt) [RHEL-15652]
- redhat/configs: enable CONFIG_IDPF (Michal Schmidt) [RHEL-15652]
- idpf: remove the use of ETHTOOL_RING_USE_TCP_DATA_SPLIT (Michal Schmidt) [RHEL-15652]
- idpf: workaround for unavailable skb page recycling (Michal Schmidt) [RHEL-15652]
- idpf: always allocate a full page (Michal Schmidt) [RHEL-15652]
- idpf: remove page pool stats code (Michal Schmidt) [RHEL-15652]
- idpf: add minimal macros for __free(kfree) to work (Michal Schmidt) [RHEL-15652]
- idpf: fixup include paths for RHEL 8 (Michal Schmidt) [RHEL-15652]
- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-15652]
- idpf: disable local BH when scheduling napi for marker packets (Michal Schmidt) [RHEL-15652]
- idpf: remove dealloc vector msg err in idpf_intr_rel (Michal Schmidt) [RHEL-15652]
- idpf: fix minor controlq issues (Michal Schmidt) [RHEL-15652]
- idpf: prevent deinit uninitialized virtchnl core (Michal Schmidt) [RHEL-15652]
- idpf: cleanup virtchnl cruft (Michal Schmidt) [RHEL-15652]
- idpf: refactor idpf_recv_mb_msg (Michal Schmidt) [RHEL-15652]
- idpf: add async_handler for MAC filter messages (Michal Schmidt) [RHEL-15652]
- idpf: refactor remaining virtchnl messages (Michal Schmidt) [RHEL-15652]
- idpf: refactor queue related virtchnl messages (Michal Schmidt) [RHEL-15652]
- idpf: refactor vport virtchnl messages (Michal Schmidt) [RHEL-15652]
- idpf: implement virtchnl transaction manager (Michal Schmidt) [RHEL-15652]
- idpf: add idpf_virtchnl.h (Michal Schmidt) [RHEL-15652]
- idpf: avoid compiler padding in virtchnl2_ptype struct (Michal Schmidt) [RHEL-15652]
- idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-15652]
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (Michal Schmidt) [RHEL-15652]
- idpf: fix corrupted frames and skb leaks in singleq mode (Michal Schmidt) [RHEL-15652]
- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-15652]
- idpf: add get/set for Ethtool's header split ringparam (Michal Schmidt) [RHEL-15652]
- idpf: fix potential use-after-free in idpf_tso() (Michal Schmidt) [RHEL-15652]
- idpf: cancel mailbox work in error path (Michal Schmidt) [RHEL-15652]
- idpf: set scheduling mode for completion queue (Michal Schmidt) [RHEL-15652]
- idpf: add SRIOV support and other ndo_ops (Michal Schmidt) [RHEL-15652]
- idpf: add ethtool callbacks (Michal Schmidt) [RHEL-15652]
- idpf: add singleq start_xmit and napi poll (Michal Schmidt) [RHEL-15652]
- idpf: add RX splitq napi poll support (Michal Schmidt) [RHEL-15652]
- idpf: add TX splitq napi poll support (Michal Schmidt) [RHEL-15652]
- idpf: add splitq start_xmit (Michal Schmidt) [RHEL-15652]
- idpf: initialize interrupts and enable vport (Michal Schmidt) [RHEL-15652]
- idpf: configure resources for RX queues (Michal Schmidt) [RHEL-15652]
- idpf: configure resources for TX queues (Michal Schmidt) [RHEL-15652]
- idpf: add ptypes and MAC filter support (Michal Schmidt) [RHEL-15652]
- idpf: add create vport and netdev configuration (Michal Schmidt) [RHEL-15652]
- idpf: add core init and interrupt request (Michal Schmidt) [RHEL-15652]
- idpf: add controlq init and reset checks (Michal Schmidt) [RHEL-15652]
- idpf: add module register and probe functionality (Michal Schmidt) [RHEL-15652]
- virtchnl: add virtchnl version 2 ops (Michal Schmidt) [RHEL-15652]
- net: netdev_queue: netdev_txq_completed_mb(): fix wake condition (Michal Schmidt) [RHEL-15652]
- net: piggy back on the memory barrier in bql when waking queues (Michal Schmidt) [RHEL-15652]
- net: provide macros for commonly copied lockless queue stop/wake code (Michal Schmidt) [RHEL-15652]
Resolves: RHEL-15652, RHEL-24401, RHEL-26723, RHEL-27585, RHEL-27746, RHEL-29106, RHEL-29420, RHEL-30325, RHEL-31664, RHEL-32870, RHEL-33186, RHEL-33224, RHEL-35108

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-05-06 12:11:19 +02:00
Denys Vlasenko
31bb566f0a kernel-4.18.0-552.1.1.el8_10
* Fri Apr 26 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.1.1.el8_10]
- redhat: set DIST to el8_10 and ZSTREAM to yes for 8.10 (Denys Vlasenko)
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Prarit Bhargava) [RHEL-32590] {CVE-2021-47185}
- net: mana: Fix Rx DMA datasize and skb_over_panic (Cathy Avery) [RHEL-32579]
- RDMA/srpt: Support specifying the srpt_service_guid parameter (Kamal Heib) [RHEL-31710] {CVE-2024-26744}
- RDMA/qedr: Fix qedr_create_user_qp error flow (Kamal Heib) [RHEL-31714] {CVE-2024-26743}
- hwmon: (coretemp) Fix out-of-bounds memory access (David Arcari) [RHEL-31305] {CVE-2024-26664}
- RDMA/irdma: Fix KASAN issue with tasklet (Kamal Heib) [RHEL-15776]
- net: bridge: use DEV_STATS_INC() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}
- net: Fix unwanted sign extension in netdev_stats_to_stats64() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}
- net: add atomic_long_t to net_device_stats fields (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}
- net/sched: act_ct: fix skb leak and crash on ooo frags (Xin Long) [RHEL-29467] {CVE-2023-52610}
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Jose Ignacio Tornos Martinez) [RHEL-28015] {CVE-2023-52528}
- RDMA/core: Fix uninit-value access in ib_get_eth_speed() (Kamal Heib) [RHEL-30130]
- RDMA/core: Get IB width and speed from netdev (Kamal Heib) [RHEL-30130]
- cpufreq: intel_pstate: Add Emerald Rapids support in no-HWP mode (Prarit Bhargava) [RHEL-29444]
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Mamatha Inamdar) [RHEL-29118] {CVE-2023-52607}
- powerpc/lib: Validate size for vector operations (Mamatha Inamdar) [RHEL-29114] {CVE-2023-52606}
- usb: hub: Guard against accesses to uninitialized BOS descriptors (Desnes Nunes) [RHEL-28986] {CVE-2023-52477}
- media: uvcvideo: Fix OOB read (Desnes Nunes) [RHEL-27940] {CVE-2023-52565}
- media: pvrusb2: fix use after free on context disconnection (Desnes Nunes) [RHEL-26498] {CVE-2023-52445}
- i2c: i801: Fix block process call transactions (Prarit Bhargava) [RHEL-26478] {CVE-2024-26593}
- overlay: disable EVM (Coiby Xu) [RHEL-19863]
- evm: add support to disable EVM on unsupported filesystems (Coiby Xu) [RHEL-19863]
- evm: don't copy up 'security.evm' xattr (Coiby Xu) [RHEL-19863]
- net: ena: Remove ena_select_queue (Kamal Heib) [RHEL-14286]
- media: dvbdev: Fix memory leak in dvb_media_device_free() (Prarit Bhargava) [RHEL-27254] {CVE-2020-36777}
- gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28784]
- i2c: Fix a potential use after free (Prarit Bhargava) [RHEL-26849] {CVE-2019-25162}
- i2c: validate user data in compat ioctl (Prarit Bhargava) [RHEL-27022] {CVE-2021-46934}
- platform/x86: think-lmi: Fix reference leak (Prarit Bhargava) [RHEL-28030] {CVE-2023-52520}
- vhost: use kzalloc() instead of kmalloc() followed by memset() (Jon Maloy) [RHEL-21505] {CVE-2024-0340}
- RDMA/siw: Fix connection failure handling (Kamal Heib) [RHEL-28042] {CVE-2023-52513}
- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-27778 RHEL-27779] {CVE-2022-48627}
- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (Steve Best) [RHEL-26669] {CVE-2024-26603}
- mptcp: fix double-free on socket dismantle (Davide Caratti) [RHEL-22773] {CVE-2024-26782}
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-17114] {CVE-2023-6240}
- crypto: akcipher - default implementations for request callbacks (Herbert Xu) [RHEL-17114] {CVE-2023-6240}
- crypto: testmgr - split akcipher tests by a key type (Herbert Xu) [RHEL-17114] {CVE-2023-6240}
- workqueue: Warn when a rescuer could not be created (Waiman Long) [RHEL-22136]
- RDMA/cma: Avoid GID lookups on iWARP devices (Benjamin Coddington) [RHEL-12456]
- RDMA/cma: Deduplicate error flow in cma_validate_port() (Benjamin Coddington) [RHEL-12456]
- RDMA/core: Set gid_attr.ndev for iWARP devices (Benjamin Coddington) [RHEL-12456]
- RDMA/siw: Fabricate a GID on tun and loopback devices (Benjamin Coddington) [RHEL-12456]
Resolves: RHEL-12456, RHEL-14286, RHEL-15776, RHEL-17114, RHEL-19863, RHEL-21505, RHEL-22136, RHEL-22773, RHEL-26478, RHEL-26498, RHEL-26669, RHEL-26849, RHEL-27022, RHEL-27254, RHEL-27778, RHEL-27779, RHEL-27940, RHEL-27989, RHEL-28015, RHEL-28030, RHEL-28042, RHEL-28784, RHEL-28986, RHEL-29114, RHEL-29118, RHEL-29444, RHEL-29467, RHEL-30130, RHEL-31305, RHEL-31710, RHEL-31714, RHEL-32579, RHEL-32590

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-04-26 15:19:52 +02:00
Denys Vlasenko
c02f304be5 kernel-4.18.0-552.el8
* Sun Apr 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.el8]
- i40e: Enforce software interrupt during busy-poll exit (Ivan Vecera) [RHEL-26248]
- i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-26248]
Resolves: RHEL-26248

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-04-07 13:31:05 +02:00
Denys Vlasenko
2956eacb25 kernel-4.18.0-551.el8
* Fri Apr 05 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-551.el8]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30040] {CVE-2024-25743 CVE-2024-25742}
- i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-22992]
- i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-22992]
Resolves: RHEL-22992, RHEL-30040

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-04-05 12:58:42 +02:00
Denys Vlasenko
d70a436410 kernel-4.18.0-550.el8
* Sun Mar 31 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-550.el8]
- mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28875 RHEL-28876] {CVE-2023-52489}
- mm: use __pfn_to_section() instead of open coding it (Waiman Long) [RHEL-28875] {CVE-2023-52489}
Resolves: RHEL-28875, RHEL-28876

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-03-31 12:29:14 +02:00
Denys Vlasenko
cb527335cb kernel-4.18.0-549.el8
* Thu Mar 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-549.el8]
- dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29678]
- dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29678]
- RDMA/mana_ib: Add CQ interrupt support for RAW QP (Maxim Levitsky) [RHEL-23934]
- RDMA/mana_ib: query device capabilities (Maxim Levitsky) [RHEL-23934]
- RDMA/mana_ib: register RDMA device with GDMA (Maxim Levitsky) [RHEL-23934]
- net: mana: add msix index sharing between EQs (Maxim Levitsky) [RHEL-23934]
- net: mana: Fix spelling mistake "enforecement" -> "enforcement" (Maxim Levitsky) [RHEL-23934]
- net :mana :Add remaining GDMA stats for MANA to ethtool (Maxim Levitsky) [RHEL-23934]
- net: mana: Fix oversized sge0 for GSO packets (Maxim Levitsky) [RHEL-23934]
- net: mana: Fix TX CQE error handling (Maxim Levitsky) [RHEL-23934]
- net: mana: Add gdma stats to ethtool output for mana (Maxim Levitsky) [RHEL-23934]
- net: mana: Fix MANA VF unload when hardware is unresponsive (Maxim Levitsky) [RHEL-23934]
- net: mana: Configure hwc timeout from hardware (Maxim Levitsky) [RHEL-23934]
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (Maxim Levitsky) [RHEL-23934]
Resolves: RHEL-23934, RHEL-29678

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-03-28 12:38:21 +01:00
Denys Vlasenko
aa6361212b kernel-4.18.0-548.el8
* Sun Mar 24 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-548.el8]
- gitlab-ci: enable arm64/s390x/ppc64le debug builds (Michael Hofmann)
- arm64: Add missing bits of AmpereOne Spectre-BHB mitigation (Mark Salter) [RHEL-29005]
- [rt] enable CONFIG_DRM_MGAG200_IOBURST_WORKAROUND (Jocelyn Falempe) [RHEL-13214]
- drm/mgag200: Add a workaround for low-latency (Jocelyn Falempe) [RHEL-13214]
Resolves: RHEL-13214, RHEL-27861, RHEL-29005

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-03-24 21:48:47 +01:00
Denys Vlasenko
abea27b0ac kernel-4.18.0-547.el8
* Tue Mar 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-547.el8]
- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Give up if memory attribute protocol returns an error (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Increase section and file alignment to 4k/512 (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Split off PE/COFF .data section (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Drop PE/COFF .reloc section (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Construct PE/COFF .text section from assembler (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Derive file size from _edata symbol (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed: Remove, discard, or assert for unwanted sections (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Check that there are no run-time relocations (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Discard .discard.unreachable for arch/x86/boot/compressed/vmlinux (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Define setup size in linker script (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Set EFI handover offset directly in header asm (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Drop references to startup_64 (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Drop redundant code setting the root device (Lenny Szubowicz) [RHEL-2505]
- x86/build: Declutter the build output (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Omit compression buffer from PE/COFF image memory footprint (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Mark global variables as static (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Remove extra headroom for setup block (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Remove the 'bugger off' message (Lenny Szubowicz) [RHEL-2505]
- x86/efi: Drop alignment flags from PE section headers (Lenny Szubowicz) [RHEL-2505]
- efi: Put Linux specific magic number in the DOS header (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Avoid physical KASLR on older Dell systems (Lenny Szubowicz) [RHEL-2505]
- x86/boot: efistub: Assign global boot_params variable (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Avoid legacy decompressor when doing EFI boot (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Perform SNP feature test while running in the firmware (Lenny Szubowicz) [RHEL-2505]
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Lenny Szubowicz) [RHEL-2505]
- efi/libstub: Add limit argument to efi_random_alloc() (Lenny Szubowicz) [RHEL-2505]
- arm64: efi: Limit allocations to 48-bit addressable physical region (Lenny Szubowicz) [RHEL-2505]
- efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Lenny Szubowicz) [RHEL-2505]
- arm64: efi: kaslr: Fix occasional random alloc (and boot) failure (Lenny Szubowicz) [RHEL-2505]
- efi/libstub/random: Increase random alloc granularity (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Factor out kernel decompression and relocation (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Move global symbol references to C code (Lenny Szubowicz) [RHEL-2505]
- decompress: Use 8 byte alignment (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Prefer EFI memory attributes protocol over DXE services (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Perform 4/5 level paging switch from the stub (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Merge trampoline cleanup with switching code (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Pass pgtable address to trampoline directly (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Only call the trampoline when changing paging levels (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Call trampoline directly from C code (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Avoid the need for a stack in the 32-bit trampoline (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Use standard calling convention for trampoline (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Call trampoline as a normal function (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed/64: Remove .bss/.pgtable from bzImage (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Remove run-time relocations from .head.text code (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Assign paging related global variables earlier (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Clear BSS in EFI handover protocol entrypoint (Lenny Szubowicz) [RHEL-2505]
- x86/head_64: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505]
- x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved (Lenny Szubowicz) [RHEL-2505]
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Lenny Szubowicz) [RHEL-2505]
- efi/libstub: Add memory attribute protocol definitions (Lenny Szubowicz) [RHEL-2505]
- efi/x86: libstub: remove unused variable (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Robustify calling startup_{32,64}() from the decompressor code (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Simplify and clean up handover entry code (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Branch straight to kernel entry point from C code (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Avoid using code32_start (Lenny Szubowicz) [RHEL-2505]
- efi/libstub/x86: Use Exit() boot service to exit the stub on errors (Lenny Szubowicz) [RHEL-2505]
- efi: x86: Wipe setup_data on pure EFI boot (Lenny Szubowicz) [RHEL-2505]
- efi: x86: Fix config name for setting the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505]
- efi: x86: Set the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Add kernel preferred address to PE header (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Use symbolic constants in PE header instead of bare numbers (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Drop redundant .bss section (Lenny Szubowicz) [RHEL-2505]
- efi/x86: add headroom to decompressor BSS to account for setup block (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Remove run-time relocations from head_{32,64}.S (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed: Fix debug_puthex() parameter type (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed/64: Use 32-bit (zero-extended) MOV for z_output_len (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Use unsigned comparison for addresses (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Micro-optimize GDT loading instructions (Lenny Szubowicz) [RHEL-2505]
- x86/boot: GDT limit value should be size - 1 (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Remove GDT setup from efi_main (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Clear direction and interrupt flags in startup_64 (Lenny Szubowicz) [RHEL-2505]
- efi/x86: Don't depend on firmware GDT layout (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Remove KEEP_SEGMENTS support (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Handle malformed SRAT tables during early ACPI parsing (Lenny Szubowicz) [RHEL-2505]
- efi/libstub/x86: Use mandatory 16-byte stack alignment in mixed mode (Lenny Szubowicz) [RHEL-2505]
- efi/libstub/x86: Avoid globals to store context during mixed mode calls (Lenny Szubowicz) [RHEL-2505]
- x86/efistub: Disable paging at mixed mode entry (Lenny Szubowicz) [RHEL-2505]
- x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table (Lenny Szubowicz) [RHEL-2505]
- x86/asm: Make some functions local (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Annotate data appropriately (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Annotate local functions (Lenny Szubowicz) [RHEL-2505]
- x86/asm: Make more symbols local (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed/64: Fix boot on machines with broken E820 table (Lenny Szubowicz) [RHEL-2505]
- x86, boot: Remove multiple copy of static function sanitize_boot_params() (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed/64: Remove unused variable (Lenny Szubowicz) [RHEL-2505]
- x86/boot/compressed/64: Explain paging_prepare()'s return value (Lenny Szubowicz) [RHEL-2505]
- x86/boot: Save several bytes in decompressor (Lenny Szubowicz) [RHEL-2505]
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Audra Mitchell) [RHEL-20614] {CVE-2024-0841}
- net/gve: update check for little-endianness in gve kconfig (Joshua Washington) [RHEL-29030]
Resolves: RHEL-20614, RHEL-2505, RHEL-29030

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-03-19 21:50:06 +01:00
Denys Vlasenko
0633b7745b kernel-4.18.0-546.el8
* Fri Mar 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-546.el8]
- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23430] {CVE-2024-26602}
- NFS: Set the stable writes flag when initialising the super block (Benjamin Coddington) [RHEL-25266]
- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21685] {CVE-2024-0565}
- scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) [RHEL-23942]
- scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) [RHEL-23942]
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26501] {CVE-2023-52448}
- smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434}
- smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434}
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (Jay Shin) [RHEL-22143]
- cifs: Replace remaining 1-element arrays (Jay Shin) [RHEL-22143]
- cifs: Convert struct fealist away from 1-element array (Jay Shin) [RHEL-22143]
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (Jay Shin) [RHEL-22143]
- cifs: Replace zero-length arrays with flexible-array members (Jay Shin) [RHEL-22143]
- cifs: Replace a couple of one-element arrays with flexible-array members (Jay Shin) [RHEL-22143]
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (Jay Shin) [RHEL-22143]
- nfsd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
- nfs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
- lockd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
- cifs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
- ceph: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
- filelock: add a new locks_inode_context accessor function (Jeffrey Layton) [RHEL-27441]
- dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-27849]
- dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849]
- dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-27849]
- dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-27849]
- dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849]
Resolves: RHEL-21685, RHEL-22143, RHEL-23430, RHEL-23942, RHEL-25266, RHEL-26241, RHEL-26501, RHEL-27441, RHEL-27849

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-03-15 01:26:23 +01:00
Denys Vlasenko
369ba532c9 kernel-4.18.0-545.el8
* Wed Mar 13 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-545.el8]
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26667]
- tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-19537]
- ipvlan: Add handling of NETDEV_UP events (Hangbin Liu) [RHEL-19098]
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-21760]
- ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-21760]
- ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-21760]
- nfs: fix redundant readdir request after get eof (Benjamin Coddington) [RHEL-7780]
- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994]
- NFSv4.1: fix pnfs MDS=DS session trunking (Scott Mayhew) [RHEL-7994]
- NFSv4.1: fix zero value filehandle in post open getattr (Scott Mayhew) [RHEL-7994]
- NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994]
Resolves: RHEL-19098, RHEL-19537, RHEL-21760, RHEL-26667, RHEL-7780, RHEL-7994

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-03-13 17:13:57 +01:00
Denys Vlasenko
260cea758c kernel-4.18.0-544.el8
* Thu Feb 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-544.el8]
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-23386] {CVE-2021-33631}
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Charles Mirabile) [RHEL-24019]
- scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-25747]
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (Steve Best) [RHEL-26167]
- gitlab-ci: do not show (results can be ignored) for rt pipelines (Michael Hofmann)
Resolves: RHEL-23386, RHEL-24019, RHEL-25747, RHEL-26167

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-02-22 18:39:05 +01:00
Denys Vlasenko
f42d553066 kernel-4.18.0-543.el8
* Wed Feb 21 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-543.el8]
- perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Charles Mirabile) [RHEL-23760]
- perf/arm-cmn: Move overlapping wp_combine field (Charles Mirabile) [RHEL-23757]
- drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Dänzer) [RHEL-14572]
- xfs: avoid AGI->AGF->inode-buffer deadlocks (Thiago Becker) [RHEL-7914]
- dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-22232]
- dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-22232]
- dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-22232]
- char: misc: Increase the maximum number of dynamic misc devices to 1048448 (Charles Mirabile) [RHEL-23758]
- char: misc: remove usage of list iterator past the loop body (Charles Mirabile) [RHEL-23758]
- char: misc: increase DYNAMIC_MINORS value (Charles Mirabile) [RHEL-23758]
- char: misc: Move EXPORT_SYMBOL immediately next to the functions/varibles (Charles Mirabile) [RHEL-23758]
- clocksource/drivers/arm_arch_timer: Force inlining of erratum_set_next_event_generic() (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Remove arch_timer_rate1 (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL register math error (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: limit XGene-1 workaround (Mark Salter) [RHEL-19605]
- clocksource/drivers/arch_arm_timer: Move workaround synchronisation around (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Fix masking for high freq counters (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Drop unnecessary ISB on CVAL programming (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Remove any trace of the TVAL programming interface (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Work around broken CVAL implementations (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Advertise 56bit timer to the core code (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Move MMIO timer programming over to CVAL (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Fix MMIO base address vs callback ordering issue (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Add __ro_after_init and __init (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Move drop _tval from erratum function names (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Move system register timer programming over to CVAL (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Extend write side of timer register accessors to u64 (Mark Salter) [RHEL-19605]
- clocksource/drivers/arm_arch_timer: Drop CNT*_TVAL read accessors (Mark Salter) [RHEL-19605]
- clocksource/arm_arch_timer: Add build-time guards for unhandled register accesses (Mark Salter) [RHEL-19605]
Resolves: RHEL-14572, RHEL-19605, RHEL-22232, RHEL-23757, RHEL-23758, RHEL-23760, RHEL-7914

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-02-21 07:26:31 +01:00
Denys Vlasenko
80dd1f5742 kernel-4.18.0-542.el8
* Mon Feb 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-542.el8]
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-23506] {CVE-2024-1086}
- drm/virtio: Set segment size for virtio_gpu device (Sebastian Ott) [RHEL-15465]
- xfs: run blockgc on freeze to avoid inode inactivation deadlock (Brian Foster) [RHEL-11344]
- RDMA/irdma: Report the correct link speed (Kamal Heib) [RHEL-23967]
- scsi: core: Increase max device queue_depth to 4096 (Ming Lei) [RHEL-11725]
- smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-22312]
- ovl: remove privs in ovl_fallocate() (Miklos Szeredi) [RHEL-17933]
- ovl: remove privs in ovl_copyfile() (Miklos Szeredi) [RHEL-17933]
- Bluetooth: Add more enc key size check (David Marlin) [RHEL-19666] {CVE-2023-24023}
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt (David Marlin) [RHEL-19666] {CVE-2023-24023}
- IB: Use capital "OR" for multiple licenses in SPDX (Izabela Bakollari) [RHEL-10238]
- RDMA/rdmavt: Delete unnecessary NULL check (Izabela Bakollari) [RHEL-10238]
- IB/rdmavt: Fix target union member for rvt_post_one_wr() (Izabela Bakollari) [RHEL-10238]
- selftests/mm: cow: print ksft header before printing anything else (Nico Pache) [RHEL-5623]
- selftests/mm/kugepaged: restore thp settings at exit (Nico Pache) [RHEL-5623]
- selftests: line buffer test program's stdout (Nico Pache) [RHEL-5623]
- selftests/kselftest/runner.sh: Pass optional command parameters in environment (Nico Pache) [RHEL-5623]
- selftests/kselftest/runner/run_one(): allow running non-executable files (Nico Pache) [RHEL-5623]
- selftests: allow runners to override the timeout (Nico Pache) [RHEL-5623]
- selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache) [RHEL-5623]
- redhat: Fix build for kselftests mm (Nico Pache) [RHEL-5623]
- selftests: anon_cow: skip broken test (Nico Pache) [RHEL-5623]
- mm/gup_test: free memory allocated via kvcalloc() using kvfree() (Nico Pache) [RHEL-5623]
- selftests/mm: prevent duplicate runs caused by TEST_GEN_PROGS (Nico Pache) [RHEL-5623]
- selftests: mm: add a test for mutually aligned moves > PMD size (Nico Pache) [RHEL-5623]
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (Nico Pache) [RHEL-5623]
- selftests: mm: fix failure case when new remap region was not found (Nico Pache) [RHEL-5623]
- selftests/mm: fix WARNING comparing pointer to 0 (Nico Pache) [RHEL-5623]
- selftests/mm: run all tests from run_vmtests.sh (Nico Pache) [RHEL-5623]
- selftests/mm: optionally pass duration to transhuge-stress (Nico Pache) [RHEL-5623]
- selftests/mm: make migration test robust to failure (Nico Pache) [RHEL-5623]
- selftests/mm: va_high_addr_switch should skip unsupported arm64 configs (Nico Pache) [RHEL-5623]
- selftests/mm: fix thuge-gen test bugs (Nico Pache) [RHEL-5623]
- selftests/mm: skip soft-dirty tests on arm64 (Nico Pache) [RHEL-5623]
- selftests/mm: add gup test matrix in run_vmtests.sh (Nico Pache) [RHEL-5623]
- selftests/mm: add -a to run_vmtests.sh (Nico Pache) [RHEL-5623]
- selftests/mm: give scripts execute permission (Nico Pache) [RHEL-5623]
- selftests: mm: remove duplicate unneeded defines (Nico Pache) [RHEL-5623]
- Documentation: kselftest: "make headers" is a prerequisite (Nico Pache) [RHEL-5623]
- selftests/mm: fix build failures due to missing MADV_COLLAPSE (Nico Pache) [RHEL-5623]
- selftests/mm: fix a "possibly uninitialized" warning in pkey-x86.h (Nico Pache) [RHEL-5623]
- selftests/mm: .gitignore: add mkdirty, va_high_addr_switch (Nico Pache) [RHEL-5623]
- selftests/mm: fix invocation of tests that are run via shell scripts (Nico Pache) [RHEL-5623]
- selftests/mm: fix "warning: expression which evaluates to zero..." in mlock2-tests.c (Nico Pache) [RHEL-5623]
- selftests/mm: fix unused variable warnings in hugetlb-madvise.c, migration.c (Nico Pache) [RHEL-5623]
- selftests/mm: fix cross compilation with LLVM (Nico Pache) [RHEL-5623]
- selftests/mm: run hugetlb testcases of va switch (Nico Pache) [RHEL-5623]
- selftests/mm: configure nr_hugepages for arm64 (Nico Pache) [RHEL-5623]
- selftests/mm: add platform independent in code comments (Nico Pache) [RHEL-5623]
- selftests/mm: rename va_128TBswitch to va_high_addr_switch (Nico Pache) [RHEL-5623]
- selftests/mm: add support for arm64 platform on va switch (Nico Pache) [RHEL-5623]
- selftests/mm: use PM_* macros in vm_utils.h (Nico Pache) [RHEL-5623]
- selftests/mm: merge default_huge_page_size() into one (Nico Pache) [RHEL-5623]
- selftests/mm: link vm_util.c always (Nico Pache) [RHEL-5623]
- selftests/mm: use TEST_GEN_PROGS where proper (Nico Pache) [RHEL-5623]
- selftests/mm: merge util.h into vm_util.h (Nico Pache) [RHEL-5623]
- selftests/mm: dump a summary in run_vmtests.sh (Nico Pache) [RHEL-5623]
- selftests/mm: set overcommit_policy as OVERCOMMIT_ALWAYS (Nico Pache) [RHEL-5623]
- selftests/mm: change NR_CHUNKS_HIGH for aarch64 (Nico Pache) [RHEL-5623]
- selftests/mm: change MAP_CHUNK_SIZE (Nico Pache) [RHEL-5623]
- selftests: vm: enable cross-compilation (Nico Pache) [RHEL-5623]
- selftests/vm: rename selftests/vm to selftests/mm (Nico Pache) [RHEL-5623]
- selftests: vm: Fix incorrect kernel headers search path (Nico Pache) [RHEL-5623]
- selftests/vm: cow: fix compile warning on 32bit (Nico Pache) [RHEL-5623]
- mm/gup_test: fix PIN_LONGTERM_TEST_READ with highmem (Nico Pache) [RHEL-5623]
- mm/pagewalk: don't trigger test_walk() in walk_page_vma() (Nico Pache) [RHEL-5623]
- selftests/vm: enable running select groups of tests (Nico Pache) [RHEL-5623]
- selftests/vm: anon_cow: add R/O longterm tests via gup_test (Nico Pache) [RHEL-5623]
- mm/gup_test: start/stop/read functionality for PIN LONGTERM test (Nico Pache) [RHEL-5623]
- selftests/vm: anon_cow: add liburing test cases (Nico Pache) [RHEL-5623]
- selftests/vm: anon_cow: hugetlb tests (Nico Pache) [RHEL-5623]
- selftests/vm: anon_cow: THP tests (Nico Pache) [RHEL-5623]
- selftests/vm: factor out pagemap_is_populated() into vm_util (Nico Pache) [RHEL-5623]
- selftests/vm: anon_cow: test COW handling of anonymous memory (Nico Pache) [RHEL-5623]
- selftests/vm: add local_config.h and local_config.mk to .gitignore (Nico Pache) [RHEL-5623]
- selftest: vm: remove deleted local_config.* from .gitignore (Nico Pache) [RHEL-5623]
- Kselftests: remove support of libhugetlbfs from kselftests (Nico Pache) [RHEL-5623]
- selftests/vm: use top_srcdir instead of recomputing relative paths (Nico Pache) [RHEL-5623]
- selftests/vm: skip 128TBswitch on unsupported arch (Nico Pache) [RHEL-5623]
- selftests/vm: fix va_128TBswitch.sh permissions (Nico Pache) [RHEL-5623]
- selftests/vm: add protection_keys tests to run_vmtests (Nico Pache) [RHEL-5623]
- selftests/vm: only run 128TBswitch with 5-level paging (Nico Pache) [RHEL-5623]
- userfaultfd: selftests: infinite loop in faulting_process (Nico Pache) [RHEL-5623]
- userfaultfd/selftests: Fix typo in comment (Nico Pache) [RHEL-5623]
- selftests: vm: Fix resource leak when return error (Nico Pache) [RHEL-5623]
- selftests: vm: add the "settings" file with timeout variable (Nico Pache) [RHEL-5623]
- selftests: vm: add "test_hmm.sh" to TEST_FILES (Nico Pache) [RHEL-5623]
- selftests: vm: check numa_available() before operating "merge_across_nodes" in ksm_tests (Nico Pache) [RHEL-5623]
- selftests: vm: add migration to the .gitignore (Nico Pache) [RHEL-5623]
- selftests/vm/pkeys: fix typo in comment (Nico Pache) [RHEL-5623]
- userfaultfd/selftests: use swap() instead of open coding it (Nico Pache) [RHEL-5623]
- selftests: vm: fix shellcheck warnings in run_vmtests.sh (Nico Pache) [RHEL-5623]
- selftests: vm: refactor run_vmtests.sh to reduce boilerplate (Nico Pache) [RHEL-5623]
- selftests: vm: add test for Soft-Dirty PTE bit (Nico Pache) [RHEL-5623]
- selftests: vm: bring common functions to a new file (Nico Pache) [RHEL-5623]
- mm: add selftests for migration entries (Nico Pache) [RHEL-5623]
- selftest/vm: add skip support to mremap_test (Nico Pache) [RHEL-5623]
- selftest/vm: support xfail in mremap_test (Nico Pache) [RHEL-5623]
- selftest/vm: verify remap destination address in mremap_test (Nico Pache) [RHEL-5623]
- selftest/vm: verify mmap addr in mremap_test (Nico Pache) [RHEL-5623]
- selftests: kselftest framework: provide "finished" helper (Nico Pache) [RHEL-5623]
- selftest/vm: add helpers to detect PAGE_SIZE and PAGE_SHIFT (Nico Pache) [RHEL-5623]
- selftest/vm: add util.h and and move helper functions there (Nico Pache) [RHEL-5623]
- selftests: vm: remove dependecy from internal kernel macros (Nico Pache) [RHEL-5623]
- selftests: vm: Add the uapi headers include variable (Nico Pache) [RHEL-5623]
- selftests/vm/transhuge-stress: Support file-backed PMD folios (Nico Pache) [RHEL-5623]
- selftests, x86: fix how check_cc.sh is being invoked (Nico Pache) [RHEL-5623]
- selftests: vm: fix clang build error multiple output files (Nico Pache) [RHEL-5623]
- kselftest/vm: fix tests build with old libc (Nico Pache) [RHEL-5623]
- selftest/vm: fix map_fixed_noreplace test failure (Nico Pache) [RHEL-5623]
- kselftest/vm: revert "tools/testing/selftests/vm/userfaultfd.c: use swap() to make code cleaner" (Nico Pache) [RHEL-5623]
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (Nico Pache) [RHEL-5623]
- tools/testing/selftests/vm/userfaultfd.c: use swap() to make code cleaner (Nico Pache) [RHEL-5623]
- selftests/vm: remove ARRAY_SIZE define from individual tests (Nico Pache) [RHEL-5623]
- selftests: vm: add KSM huge pages merging time test (Nico Pache) [RHEL-5623]
- selftest/vm: fix ksm selftest to run with different NUMA topologies (Nico Pache) [RHEL-5623]
- selftests/vm/transhuge-stress: fix ram size thinko (Nico Pache) [RHEL-5623]
- selftests: vm: add COW time test for KSM pages (Nico Pache) [RHEL-5623]
- selftests: vm: add KSM merging time test (Nico Pache) [RHEL-5623]
- mm: KSM: fix data type (Nico Pache) [RHEL-5623]
- selftests: vm: add KSM merging across nodes test (Nico Pache) [RHEL-5623]
- selftests: vm: add KSM zero page merging test (Nico Pache) [RHEL-5623]
- selftests: vm: add KSM unmerge test (Nico Pache) [RHEL-5623]
- selftests: vm: add KSM merge test (Nico Pache) [RHEL-5623]
- selftests: Fix spelling mistake "cann't" -> "cannot" (Nico Pache) [RHEL-5623]
- selftests/vm: use kselftest skip code for skipped tests (Nico Pache) [RHEL-5623]
- selftest/mremap_test: avoid crash with static build (Nico Pache) [RHEL-5623]
- selftest/mremap_test: update the test to handle pagesize other than 4K (Nico Pache) [RHEL-5623]
- selftests/vm/pkeys: exercise x86 XSAVE init state (Nico Pache) [RHEL-5623]
- selftests/vm/pkeys: refill shadow register after implicit kernel write (Nico Pache) [RHEL-5623]
- selftests/vm/pkeys: handle negative sys_pkey_alloc() return code (Nico Pache) [RHEL-5623]
- vm/test_vmalloc.sh: adapt for updated driver interface (Nico Pache) [RHEL-5623]
- tool: selftests: fix spelling typo of 'writting' (Nico Pache) [RHEL-5623]
- userfaultfd/selftests: hint the test runner on required privilege (Nico Pache) [RHEL-5623]
- userfaultfd/selftests: fix retval check for userfaultfd_open() (Nico Pache) [RHEL-5623]
- userfaultfd/selftests: always dump something in modes (Nico Pache) [RHEL-5623]
- userfaultfd: selftests: make __{s,u}64 format specifiers portable (Nico Pache) [RHEL-5623]
- tools: Avoid comma separated statements (Nico Pache) [RHEL-5623]
- kselftests: vm: add mremap tests (Nico Pache) [RHEL-5623]
- Revert "selftests/vm: enable running select groups of tests" (Nico Pache) [RHEL-5623]
Resolves: RHEL-10238, RHEL-11344, RHEL-11725, RHEL-15465, RHEL-17933, RHEL-19666, RHEL-22312, RHEL-23506, RHEL-23967, RHEL-5623

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-02-19 17:02:45 +01:00
Denys Vlasenko
1fe7d71c7a kernel-4.18.0-541.el8
* Fri Feb 16 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-541.el8]
- cgroup/rstat: Optimize cgroup_rstat_updated_list() (Waiman Long) [RHEL-18154]
- cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (Waiman Long) [RHEL-18154]
- cgroup: use irqsave in cgroup_rstat_flush_locked(). (Waiman Long) [RHEL-18154]
- cgroup: fix spelling mistakes (Waiman Long) [RHEL-18154]
- s390/ipl: add missing intersection check to ipl_report handling (Tobias Huschle) [RHEL-24612]
- drm/amdgpu: Fix potential fence use-after-free v2 (Michel Dänzer) [RHEL-22504] {CVE-2023-51042}
- sched/fair: Don't balance task to its current running CPU (Luis Claudio R. Goncalves) [RHEL-8854]
- md: partially revert "md/raid6: use valid sector values to determine if an I/O should wait on the reshape" (Benjamin Marzinski) [RHEL-24518]
- blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) [RHEL-21289]
- sfc: introduce shutdown entry point in efx pci driver (Izabela Bakollari) [RHEL-11016]
- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Sebastian Ott) [RHEL-5178]
- efi: libstub: ensure allocated memory to be executable (Lenny Szubowicz) [RHEL-24852]
- efi: libstub: declare DXE services table (Lenny Szubowicz) [RHEL-24852]
- efi/libstub/x86: Avoid overflowing code32_start on PE entry (Lenny Szubowicz) [RHEL-24852]
- RDMA/efa: Fix wrong resources deallocation order (Izabela Bakollari) [RHEL-18229]
- RDMA/efa: Add RDMA write HW statistics counters (Izabela Bakollari) [RHEL-18229]
- RDMA/efa: Fix unsupported page sizes in device (Izabela Bakollari) [RHEL-18229]
- RDMA/efa: Add rdma write capability to device caps (Izabela Bakollari) [RHEL-18229]
- RDMA/efa: Add data polling capability feature bit (Izabela Bakollari) [RHEL-18229]
- APEI: GHES: correctly return NULL for ghes_get_devices() (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Make ghes_edac a proper module (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Prepare to make ghes_edac a proper module (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Add a notifier for reporting memory errors (Aristeu Rozanski) [RHEL-1603]
- efi/cper: Export several helpers for ghes_edac to use (Aristeu Rozanski) [RHEL-1603]
- ACPI: APEI: rename ghes_init() with an "acpi_" prefix (Aristeu Rozanski) [RHEL-1603]
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Clear scanned data on unload (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Fix NULL pointer dereference in ghes_edac_register() (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Scan the system once on driver init (Aristeu Rozanski) [RHEL-1603]
- EDAC/ghes: Remove unused members of struct ghes_edac_pvt, rename it to ghes_pvt (Aristeu Rozanski) [RHEL-1603]
- EDAC: Introduce an mci_for_each_dimm() iterator (Aristeu Rozanski) [RHEL-1603]
- EDAC: Remove EDAC_DIMM_OFF() macro (Aristeu Rozanski) [RHEL-1603]
- r8169: add handling DASH when DASH is disabled (Izabela Bakollari) [RHEL-6505]
- r8169: remove rtl_wol_shutdown_quirk() (Izabela Bakollari) [RHEL-6505]
- r8169: improve driver unload and system shutdown behavior on DASH-enabled systems (Izabela Bakollari) [RHEL-6505]
- r8169: fix dmar pte write access is not set error (Izabela Bakollari) [RHEL-6505]
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (Izabela Bakollari) [RHEL-6505]
- r8169: prevent potential deadlock in rtl8169_close (Izabela Bakollari) [RHEL-6505]
- r8169: fix deadlock on RTL8125 in jumbo mtu mode (Izabela Bakollari) [RHEL-6505]
- r8169: fix network lost after resume on DASH systems (Izabela Bakollari) [RHEL-6505]
- r8169: respect userspace disabling IFF_MULTICAST (Izabela Bakollari) [RHEL-6505]
- r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 (Izabela Bakollari) [RHEL-6505]
- r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 (Izabela Bakollari) [RHEL-6505]
- r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx (Izabela Bakollari) [RHEL-6505]
- r8169: fix rare issue with broken rx after link-down on RTL8125 (Izabela Bakollari) [RHEL-6505]
- r8169: check for PCI read error in probe (Izabela Bakollari) [RHEL-6505]
- r8169: fix RTL8168H and RTL8107E rx crc error (Izabela Bakollari) [RHEL-6505]
- r8169: reset bus if NIC isn't accessible after tx timeout (Izabela Bakollari) [RHEL-6505]
- r8169: disable ASPM in case of tx timeout (Izabela Bakollari) [RHEL-6505]
- r8169: use tp_to_dev instead of open code (Izabela Bakollari) [RHEL-6505]
- r8169: add rtl_disable_rxdvgate() (Izabela Bakollari) [RHEL-6505]
- r8169: remove not needed net_ratelimit() check (Izabela Bakollari) [RHEL-6505]
- r8169: remove useless PCI region size check (Izabela Bakollari) [RHEL-6505]
- Bluetooth: hci_sync: Fix not processing all entries on cmd_sync_work (David Marlin) [RHEL-23781]
- Bluetooth: hci_core: Fix unbalanced unlock in set_device_flags() (David Marlin) [RHEL-23781]
- Bluetooth: Fix not checking MGMT cmd pending queue (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Fix not using conn_timeout (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Fix hci_update_accept_list_sync (David Marlin) [RHEL-23781]
- Bluetooth: assign len after null check (David Marlin) [RHEL-23781]
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (David Marlin) [RHEL-23781]
- Bluetooth: fix data races in smp_unregister(), smp_del_chan() (David Marlin) [RHEL-23781]
- Bluetooth: hci_core: Fix leaking sent_cmd skb (David Marlin) [RHEL-23781]
- Bluetooth: hci_sock: fix endian bug in hci_sock_setsockopt() (David Marlin) [RHEL-23781]
- Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() (David Marlin) [RHEL-23781]
- Bluetooth: btqca: sequential validation (David Marlin) [RHEL-23781]
- Bluetooth: hci_event: Rework hci_inquiry_result_with_rssi_evt (David Marlin) [RHEL-23781]
- Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2 (David Marlin) [RHEL-23781]
- Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe (David Marlin) [RHEL-23781]
- Bluetooth: hci_bcm: Check for error irq (David Marlin) [RHEL-23781]
- Bluetooth: MGMT: Fix spelling mistake "simultanous" -> "simultaneous" (David Marlin) [RHEL-23781]
- Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES (David Marlin) [RHEL-23781]
- Bluetooth: MGMT: Fix LE simultaneous roles UUID if not supported (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Add check simultaneous roles support (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Wait for proper events when connecting LE (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Add support for waiting specific LE subevents (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Add hci_le_create_conn_sync (David Marlin) [RHEL-23781]
- Bluetooth: hci_event: Use skb_pull_data when processing inquiry results (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Push sync command cancellation to workqueue (David Marlin) [RHEL-23781]
- Bluetooth: hci_qca: Stop IBS timer during BT OFF (David Marlin) [RHEL-23781]
- Bluetooth: btintel: Add missing quirks and msft ext for legacy bootloader (David Marlin) [RHEL-23781]
- Bluetooth: L2CAP: Fix using wrong mode (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Fix not always pausing advertising when necessary (David Marlin) [RHEL-23781]
- Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_CONNECTED (David Marlin) [RHEL-23781]
- Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_FOUND (David Marlin) [RHEL-23781]
- Bluetooth: mgmt: Introduce mgmt_alloc_skb and mgmt_send_event_skb (David Marlin) [RHEL-23781]
- Bluetooth: btusb: Return error code when getting patch status failed (David Marlin) [RHEL-23781]
- Bluetooth: btusb: Handle download_firmware failure cases (David Marlin) [RHEL-23781]
- Bluetooth: msft: Fix compilation when CONFIG_BT_MSFTEXT is not set (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Set Privacy Mode when updating the resolving list (David Marlin) [RHEL-23781]
- Bluetooth: Introduce HCI_CONN_FLAG_DEVICE_PRIVACY device flag (David Marlin) [RHEL-23781]
- Bluetooth: btusb: Add support for queuing during polling interval (David Marlin) [RHEL-23781]
- Bluetooth: hci_core: Rework hci_conn_params flags (David Marlin) [RHEL-23781]
- Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag (David Marlin) [RHEL-23781]
- Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip (David Marlin) [RHEL-23781]
- Bluetooth: add quirk disabling LE Read Transmit Power (David Marlin) [RHEL-23781]
- Bluetooth: hci_event: Use of a function table to handle Command Status (David Marlin) [RHEL-23781]
- Bluetooth: hci_event: Use of a function table to handle Command Complete (David Marlin) [RHEL-23781]
- Bluetooth: hci_event: Use of a function table to handle LE subevents (David Marlin) [RHEL-23781]
- Bluetooth: hci_event: Use of a function table to handle HCI events (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse LE Direct Advertising Report event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse LE Ext Advertising Report event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse LE Advertising Report event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse LE Metaevents (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse Extended Inquiry Result event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result with RSSI event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse Command Complete event (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events (David Marlin) [RHEL-23781]
- Bluetooth: btusb: Cancel sync commands for certain URB errors (David Marlin) [RHEL-23781]
- Bluetooth: hci_core: Cancel sync command if sending a frame failed (David Marlin) [RHEL-23781]
- Bluetooth: Add hci_cmd_sync_cancel to public API (David Marlin) [RHEL-23781]
- Bluetooth: Reset more state when cancelling a sync command (David Marlin) [RHEL-23781]
- Bluetooth: Limit duration of Remote Name Resolve (David Marlin) [RHEL-23781]
- Bluetooth: Send device found event on name resolve failure (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Fix definition of hci_rp_delete_stored_link_key (David Marlin) [RHEL-23781]
- Bluetooth: HCI: Fix definition of hci_rp_read_stored_link_key (David Marlin) [RHEL-23781]
- Bluetooth: refactor malicious adv data check (David Marlin) [RHEL-23781]
- Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (David Marlin) [RHEL-23781]
- Bluetooth: btusb: enable Mediatek to support AOSP extension (David Marlin) [RHEL-23781]
- Bluetooth: Attempt to clear HCI_LE_ADV on adv set terminated error event (David Marlin) [RHEL-23781]
- Bluetooth: Ignore HCI_ERROR_CANCELLED_BY_HOST on adv set terminated event (David Marlin) [RHEL-23781]
- Bluetooth: hci_request: Remove bg_scan_update work (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_CONNECTABLE to use cmd_sync (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_DISCOVERABLE to use cmd_sync (David Marlin) [RHEL-23781]
- Bluetooth: btmrvl_main: repair a non-kernel-doc comment (David Marlin) [RHEL-23781]
- Bluetooth: Don't initialize msft/aosp when using user channel (David Marlin) [RHEL-23781]
- Bluetooth: fix uninitialized variables notify_evt (David Marlin) [RHEL-23781]
- Bluetooth: stop proccessing malicious adv data (David Marlin) [RHEL-23781]
- Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf() (David Marlin) [RHEL-23781]
- Bluetooth: aosp: Support AOSP Bluetooth Quality Report (David Marlin) [RHEL-23781]
- Bluetooth: Add struct of reading AOSP vendor capabilities (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Fix not setting adv set duration (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Fix missing static warnings (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Rework hci_suspend_notifier (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Rework init stages (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SSP (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert adv_expire (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_ADVERTISING (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_PHY_CONFIGURATION (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_READ_LOCAL_OOB_EXT_DATA (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_READ_LOCAL_OOB_DATA (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_LE (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_SECURE_CONN (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_GET_CONN_INFO (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Enable synch'd set_bredr (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_SET_FAST_CONNECTABLE (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_OP_START_DISCOVERY (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Convert MGMT_SET_POWERED (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Rework background scan (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Enable advertising when LL privacy is enabled (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 3 (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 2 (David Marlin) [RHEL-23781]
- Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 1 (David Marlin) [RHEL-23781]
- Bluetooth: Add helper for serialized HCI command execution (David Marlin) [RHEL-23781]
- Bluetooth: Fix removing adv when processing cmd complete (David Marlin) [RHEL-23781]
- Bluetooth: hci_bcm: Remove duplicated entry in OF table (David Marlin) [RHEL-23781]
- Bluetooth: bfusb: fix division by zero in send path (David Marlin) [RHEL-23781]
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (David Marlin) [RHEL-23781]
- Bluetooth: vhci: Fix checking of msft_opcode (David Marlin) [RHEL-23781]
- Bluetooth: btsdio: Do not bind to non-removable BCM4345 and BCM43455 (David Marlin) [RHEL-23781]
- Bluetooth: vhci: Add support for setting msft_opcode and aosp_capable (David Marlin) [RHEL-23781]
- Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (David Marlin) [RHEL-23781]
- Bluetooth: Fix memory leak of hci device (David Marlin) [RHEL-23781]
- Bluetooth: btintel: Fix bdaddress comparison with garbage value (David Marlin) [RHEL-23781]
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (David Marlin) [RHEL-23781]
- Bluetooth: L2CAP: Fix not initializing sk_peer_pid (David Marlin) [RHEL-23781]
- Bluetooth: hci_sock: purge socket queues in the destruct() callback (David Marlin) [RHEL-23781]
- Bluetooth: mgmt: Fix Experimental Feature Changed event (David Marlin) [RHEL-23781]
- Bluetooth: hci_vhci: Fix to set the force_wakeup value (David Marlin) [RHEL-23781]
- Bluetooth: Read codec capabilities only if supported (David Marlin) [RHEL-23781]
- Bluetooth: Fix handling of SUSPEND_DISCONNECTING (David Marlin) [RHEL-23781]
- Bluetooth: hci_vhci: Fix calling hci_{suspend,resume}_dev (David Marlin) [RHEL-23781]
- skbuff: introduce skb_pull_data (David Marlin) [RHEL-23781]
- Bluetooth: defer cleanup of resources in hci_unregister_dev() (David Marlin) [RHEL-23781]
- serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- amiserial: expand "custom" (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: extract port ISR (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: drop ISA support (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
- tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546}
Resolves: RHEL-11016, RHEL-1603, RHEL-18154, RHEL-18229, RHEL-19955, RHEL-21289, RHEL-22504, RHEL-23781, RHEL-24518, RHEL-24612, RHEL-24852, RHEL-5178, RHEL-6505, RHEL-8854

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-02-16 11:23:19 +01:00
Denys Vlasenko
340adeec0d kernel-4.18.0-540.el8
* Fri Feb 09 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-540.el8]
- mm/readahead: reintroduce legacy madvise_willneed behavior to force_page_cache_readahead (Rafael Aquini) [RHEL-22476]
- PCI: Disable ATS for specific Intel IPU E2000 devices (Myron Stowe) [RHEL-21011]
- PCI: Extract ATS disabling to a helper function (Myron Stowe) [RHEL-21011]
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (Tony Camuso) [RHEL-14732]
- HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID (Tony Camuso) [RHEL-14732]
- HID: intel-ish-hid: Fix kernel panic during warm reset (Tony Camuso) [RHEL-14732]
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: avoid two consecutive device resets (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: Bind only to vendor-specific interface (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: wol optimizations (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: move priv to driver_priv (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: restore state on resume (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: clean up pm calls (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: remove redundant init code (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: make drivers set the TSO limit not the GSO limit (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: add TSO feature (Jose Ignacio Tornos Martinez) [RHEL-17561]
- ethernet: constify references to netdev->dev_addr in drivers (Jose Ignacio Tornos Martinez) [RHEL-17561]
- net: usb: ax88179_178a: initialize local variables before use (Jose Ignacio Tornos Martinez) [RHEL-17561]
- gve: Remove dependency on 4k page size. (Joshua Washington) [RHEL-22210]
- gve: Add page size register to the register_page_list command. (Joshua Washington) [RHEL-22210]
- gve: Remove obsolete checks that rely on page size. (Joshua Washington) [RHEL-22210]
- gve: Deprecate adminq_pfn for pci revision 0x1. (Joshua Washington) [RHEL-22210]
- gve: Perform adminq allocations through a dma_pool. (Joshua Washington) [RHEL-22210]
- gve: add gve_features_check() (Joshua Washington) [RHEL-22210]
- gve: Fixes for napi_poll when budget is 0 (Joshua Washington) [RHEL-22210]
- gve: Do not fully free QPL pages on prefill errors (Joshua Washington) [RHEL-22210]
- gve: Use size_add() in call to struct_size() (Joshua Washington) [RHEL-22210]
- gve: fix frag_list chaining (Joshua Washington) [RHEL-22210]
- gve: RX path for DQO-QPL (Joshua Washington) [RHEL-22210 RHEL-9878]
- gve: Tx path for DQO-QPL (Joshua Washington) [RHEL-22210 RHEL-9878]
- gve: Control path for DQO-QPL (Joshua Washington) [RHEL-22210 RHEL-9878]
- gve: trivial spell fix Recive to Receive (Joshua Washington) [RHEL-22210]
- gve: unify driver name usage (Joshua Washington) [RHEL-22210]
- gve: Set default duplex configuration to full (Joshua Washington) [RHEL-22210]
- gve: Remove the code of clearing PBA bit (Joshua Washington) [RHEL-22210]
- gve: Secure enough bytes in the first TX desc for all TCP pkts (Joshua Washington) [RHEL-22210]
- gve: Cache link_speed value from device (Joshua Washington) [RHEL-22210]
- gve: Add AF_XDP zero-copy support for GQI-QPL format (Joshua Washington) [RHEL-22210]
- gve: Add XDP REDIRECT support for GQI-QPL format (Joshua Washington) [RHEL-22210]
- gve: Add XDP DROP and TX support for GQI-QPL format (Joshua Washington) [RHEL-22210]
- gve: Changes to add new TX queues (Joshua Washington) [RHEL-22210]
- gve: XDP support GQI-QPL: helper function changes (Joshua Washington) [RHEL-22210]
- gve: Fix gve interrupt names (Joshua Washington) [RHEL-22210]
- gve: Handle alternate miss completions (Joshua Washington) [RHEL-22210]
- gve: Adding a new AdminQ command to verify driver (Joshua Washington) [RHEL-22210]
- gve: Fix error return code in gve_prefill_rx_pages() (Joshua Washington) [RHEL-22210]
- gve: Reduce alloc and copy costs in the GQ rx path (Joshua Washington) [RHEL-22210]
- google/gve:fix repeated words in comments (Joshua Washington) [RHEL-22210]
- gve: Fix spelling mistake "droping" -> "dropping" (Joshua Washington) [RHEL-22210]
- gve: enhance no queue page list detection (Joshua Washington) [RHEL-22210]
- net: Google gve: Remove dma_wmb() before ringing doorbell (Joshua Washington) [RHEL-22210]
Resolves: RHEL-14732, RHEL-17561, RHEL-21011, RHEL-22210, RHEL-22476, RHEL-9878

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-02-09 13:11:40 +01:00
Denys Vlasenko
76d4d7fe1c kernel-4.18.0-539.el8
* Mon Feb 05 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-539.el8]
- tcp: Dump bound-only sockets in inet_diag. (Guillaume Nault) [RHEL-6113]
- rh_messages.h: update driver and device lists (Scott Weaver) [RHEL-22126]
- vmstat: allow_direct_reclaim should use zone_page_state_snapshot (Marcelo Tosatti) [RHEL-22138]
- rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-21941]
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-3179] {CVE-2022-38096}
- atm: Fix Use-After-Free in do_vcc_ioctl (Guillaume Nault) [RHEL-21179] {CVE-2023-51780}
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (Michael Petlan) [RHEL-22189]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Michael Petlan) [RHEL-22189]
- KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-7558]
- x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-7558]
- Bluetooth: Fix double free in hci_conn_cleanup (David Marlin) [RHEL-2555] {CVE-2023-28464}
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (David Marlin) [RHEL-2555]
- kobject: Fix slab-out-of-bounds in fill_kobj_path() (Waiman Long) [RHEL-20926] {CVE-2023-45863}
- kobject: modify kobject_get_path() to take a const * (Waiman Long) [RHEL-20926] {CVE-2023-45863}
- kobject: Remove docstring reference to kset (Waiman Long) [RHEL-20926] {CVE-2023-45863}
- EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Aristeu Rozanski) [RHEL-10031]
- amd64: allow F0 and F6 registers to be missing (Aristeu Rozanski) [RHEL-10031]
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Aristeu Rozanski) [RHEL-10031]
- x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Aristeu Rozanski) [RHEL-10031]
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- ipv6: Remove extra counter pull before gc (Davide Caratti) [RHEL-21457] {CVE-2023-52340}
- ipv6: remove max_size check inline with ipv4 (Davide Caratti) [RHEL-21457] {CVE-2023-52340}
- net/dst: use a smaller percpu_counter batch for dst entries accounting (Davide Caratti) [RHEL-21457] {CVE-2023-52340}
- net: add a route cache full diagnostic message (Davide Caratti) [RHEL-21457] {CVE-2023-52340}
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Bandan Das) [RHEL-16382]
- x86/sev: Do not handle #VC for DR7 read/write (Bandan Das) [RHEL-16382]
- Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (Bandan Das) [RHEL-16382]
- x86/alternatives: Add cond_resched() to text_poke_bp_batch() (Waiman Long) [RHEL-15221]
- x86/alternative: Fix race in try_get_desc() (Waiman Long) [RHEL-15221]
- x86/alternatives: Mark text_poke_loc_init() static (Waiman Long) [RHEL-15221]
- x86/int3: Ensure that poke_int3_handler() is not traced (Waiman Long) [RHEL-15221]
- tools/mm: filter out timestamps for correct collation (Audra Mitchell) [RHEL-3821]
- tools/vm/page_owner_sort.c: support sorting pid and time (Audra Mitchell) [RHEL-3821]
- tools/vm/page_owner_sort.c: filter out unneeded line (Audra Mitchell) [RHEL-3821]
- tools/vm/page_owner: use page_owner_sort in the use example (Audra Mitchell) [RHEL-3821]
- mm/page_owner: remove free_ts from page_owner output (Audra Mitchell) [RHEL-3821]
- xfs: up(ic_sema) if flushing data device fails (Andrey Albershteyn) [RHEL-8464]
- xfs: reserve less log space when recovering log intent items (Andrey Albershteyn) [RHEL-8464]
- xfs: fix an agbno overflow in __xfs_getfsmap_datadev (Andrey Albershteyn) [RHEL-8464]
- xfs: fix agf_fllast when repairing an empty AGFL (Andrey Albershteyn) [RHEL-8464]
- xfs: fix dqiterate thinko (Andrey Albershteyn) [RHEL-8464]
- xfs: fix uninit warning in xfs_growfs_data (Andrey Albershteyn) [RHEL-8464]
- xfs: fix xfs_btree_query_range callers to initialize btree rec fully (Andrey Albershteyn) [RHEL-8464]
- xfs: validate fsmap offsets specified in the query keys (Andrey Albershteyn) [RHEL-8464]
- xfs: fix logdev fsmap query result filtering (Andrey Albershteyn) [RHEL-8464]
- xfs: clean up the rtbitmap fsmap backend (Andrey Albershteyn) [RHEL-8464]
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (Andrey Albershteyn) [RHEL-8464]
- xfs: fix interval filtering in multi-step fsmap queries (Andrey Albershteyn) [RHEL-8464]
- xfs: don't reverse order of items in bulk AIL insertion (Andrey Albershteyn) [RHEL-8464]
- xfs: fix ag count overflow during growfs (Andrey Albershteyn) [RHEL-8464]
- xfs: don't deplete the reserve pool when trying to shrink the fs (Andrey Albershteyn) [RHEL-8464]
- xfs: fix agf/agfl verification on v4 filesystems (Andrey Albershteyn) [RHEL-8464]
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (Andrey Albershteyn) [RHEL-8464]
- xfs: fix rm_offset flag handling in rmap keys (Andrey Albershteyn) [RHEL-8464]
- xfs: make kobj_type structures constant (Andrey Albershteyn) [RHEL-8464]
- xfs: allow setting full range of panic tags (Andrey Albershteyn) [RHEL-8464]
- xfs: shut up -Wuninitialized in xfsaild_push (Andrey Albershteyn) [RHEL-8464]
- xfs: use memcpy, not strncpy, to format the attr prefix during listxattr (Andrey Albershteyn) [RHEL-8464]
- xfs: initialize the check_owner object fully (Andrey Albershteyn) [RHEL-8464]
- xfs: fix uninitialized list head in struct xfs_refcount_recovery (Andrey Albershteyn) [RHEL-8464]
- xfs: increase rename inode reservation (Andrey Albershteyn) [RHEL-8464]
- xfs: remove xfs_setattr_time() declaration (Andrey Albershteyn) [RHEL-8464]
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (Andrey Albershteyn) [RHEL-8464]
- xfs: check return codes when flushing block devices (Andrey Albershteyn) [RHEL-8464]
- xfs: reduce the number of atomic when locking a buffer after lookup (Andrey Albershteyn) [RHEL-8464]
- xfs: convert btree buffer log flags to unsigned. (Andrey Albershteyn) [RHEL-8464]
- xfs: shutdown in intent recovery has non-intent items in the AIL (Andrey Albershteyn) [RHEL-8464]
- xfs: aborting inodes on shutdown may need buffer lock (Andrey Albershteyn) [RHEL-8464]
- xfs: only bother with sync_filesystem during readonly remount (Andrey Albershteyn) [RHEL-8464]
- xfs: kill the XFS_IOC_{ALLOC,FREE}SP* ioctls (Andrey Albershteyn) [RHEL-8464] {CVE-2021-4155}
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Andrey Albershteyn) [RHEL-8464]
- xfs: only run COW extent recovery when there are no live extents (Andrey Albershteyn) [RHEL-8464]
- xfs: move recovery needed state updates to xfs_log_mount_finish (Andrey Albershteyn) [RHEL-8464]
- xfs: clear log incompat feature bits when the log is idle (Andrey Albershteyn) [RHEL-8464]
- xfs: allow setting and clearing of log incompat feature flags (Andrey Albershteyn) [RHEL-8464]
- xfs: remove all COW fork extents when remounting readonly (Andrey Albershteyn) [RHEL-8464]
- xfs: replace snprintf in show functions with sysfs_emit (Andrey Albershteyn) [RHEL-8464]
- xfs: reduce the size of nr_ops for refcount btree cursors (Andrey Albershteyn) [RHEL-8464]
- xfs: rework attr2 feature and mount options (Andrey Albershteyn) [RHEL-8464]
- xfs: sb verifier doesn't handle uncached sb buffer (Andrey Albershteyn) [RHEL-8464]
- xfs: standardize inode number formatting in ftrace output (Andrey Albershteyn) [RHEL-8464]
- xfs: make fsmap backend function key parameters const (Andrey Albershteyn) [RHEL-8464]
- xfs: remove kmem_alloc_io() (Andrey Albershteyn) [RHEL-8464]
- mm: Add kvrealloc() (Andrey Albershteyn) [RHEL-8464]
- xfs: remove kmem_realloc() (Andrey Albershteyn) [RHEL-8464]
- xfs: fix silly whitespace problems with kernel libxfs (Andrey Albershteyn) [RHEL-8464]
- xfs: deprecate BMV_IF_NO_DMAPI_READ flag (Andrey Albershteyn) [RHEL-8464]
Resolves: RHEL-10031, RHEL-15221, RHEL-16382, RHEL-19155, RHEL-19161, RHEL-19167, RHEL-20926, RHEL-21179, RHEL-21457, RHEL-21941, RHEL-22126, RHEL-22138, RHEL-22189, RHEL-2555, RHEL-3179, RHEL-3821, RHEL-6113, RHEL-7558, RHEL-8464

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-02-05 16:17:37 +01:00
Denys Vlasenko
402e4f1f00 kernel-4.18.0-538.el8
* Wed Jan 31 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-538.el8]
- ida: Fix crash in ida_free when the bitmap is empty (Wander Lairson Costa) [RHEL-19681] {CVE-2023-6915}
- mm: create a new system state and fix core_kernel_text() (Joel Savitz) [RHEL-5227]
- redhat: rewrite genlog and support Y- tags (Jan Stancek)
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" (Nigel Croxon) [RHEL-22698]
- Revert "x86/fpu/xstate: Fix PKRU covert channel" (Steve Best) [RHEL-22192]
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-19065] {CVE-2024-0646}
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-18990] {CVE-2023-6606}
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19144] {CVE-2023-6610}
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19144] {CVE-2023-6610}
- ovl: skip stale entries in merge dir cache iteration (Miklos Szeredi) [RHEL-18076]
- ovl: invalidate readdir cache on changes to dir with origin (Miklos Szeredi) [RHEL-18076]
- ipv6: avoid atomic fragment on GSO packets (Hangbin Liu) [RHEL-22149]
- ipv6: fix potential NULL deref in fib6_add() (Hangbin Liu) [RHEL-22149]
- lockdep: Fix block chain corruption (Joel Savitz) [RHEL-5227]
- futex: Don't include process MM in futex key on no-MMU (Joel Savitz) [RHEL-5227]
- locking/rtmutex: Fix task->pi_waiters integrity (Joel Savitz) [RHEL-5227]
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (Joel Savitz) [RHEL-5227]
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (Joel Savitz) [RHEL-5227]
- mm: make generic arch_is_kernel_initmem_freed() do what it says (Joel Savitz) [RHEL-5227]
Resolves: RHEL-18076, RHEL-18990, RHEL-19065, RHEL-19144, RHEL-19681, RHEL-22149, RHEL-22192, RHEL-22698, RHEL-5227

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-01-31 05:30:46 +01:00
Denys Vlasenko
c773a27bce kernel-4.18.0-537.el8
* Wed Jan 24 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-537.el8]
- cgroup/cpuset: Inherit parent's load balance state in v2 (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Free DL BW in case can_attach() fails (Waiman Long) [RHEL-12873]
- sched/deadline: Create DL BW alloc, free & check overflow interface (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Iterate only if DEADLINE tasks are present (Waiman Long) [RHEL-12873]
- sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets (Waiman Long) [RHEL-12873]
- sched/cpuset: Bring back cpuset_mutex (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Rename functions dealing with DEADLINE accounting (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Skip task update if hotplug doesn't affect current cpuset (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Optimize cpuset_attach() on v2 (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Skip spread flags update on v2 (Waiman Long) [RHEL-12873]
- kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Show invalid partition reason string (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [RHEL-12873]
- cgroup: cleanup comments (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Avoid memory migration when nodemasks match (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Enable memory migration for cpuset v2 (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Enable event notification when partition state changes (Waiman Long) [RHEL-12873]
- doc/admin-guide/cgroup-v2: use tables (Waiman Long) [RHEL-12873]
- docs/admin-guide: cgroup-v2: fix cgroup.type rendering (Waiman Long) [RHEL-12873]
- docs: fix memory.low description in cgroup-v2.rst (Waiman Long) [RHEL-12873]
- cgroup/cpuset: Revert "Reduce cpuset_rwsem writer latency" (Waiman Long) [RHEL-12873]
- selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code (Artem Savkov) [RHEL-17256]
- mISDN: fix use-after-free bugs in l1oip timer handlers (Ricardo Robaina) [RHEL-2553 RHEL-2690] {CVE-2022-3565}
- firmware: dmi-sysfs: make pr_info messages rate limited (Prarit Bhargava) [RHEL-21096]
- xfs: short circuit xfs_growfs_data_private() if delta is zero (Andrey Albershteyn) [RHEL-19431]
- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-16007]
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21054]
- netfilter: nf_tables: bail out on mismatching dynset and set expressions (Florian Westphal) [RHEL-19014] {CVE-2023-6622}
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-19721] {CVE-2023-6817}
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Hangbin Liu) [RHEL-19794] {CVE-2023-6932}
- s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22160]
- s390/dasd: protect device queue against concurrent access (Tobias Huschle) [RHEL-22161]
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (Tobias Huschle) [RHEL-16317]
- s390/cmma: fix detection of DAT pages (Tobias Huschle) [RHEL-16317]
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (Tobias Huschle) [RHEL-16317]
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (Tobias Huschle) [RHEL-16317]
- s390/cmma: fix initial kernel address space page table walk (Tobias Huschle) [RHEL-16317]
- s390/vfio-ap: do not reset queue removed from host config (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: reset queues associated with adapter for queue unbound from driver (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: reset queues filtered from the guest's AP config (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: always filter entire AP matrix (Cédric Le Goater) [RHEL-19575]
- KVM: s390: vsie: Fix STFLE interpretive execution identification (Cédric Le Goater) [RHEL-19575]
- KVM: s390: vsie: fix race during shadow creation (Cédric Le Goater) [RHEL-19575]
- KVM: s390: fix cc for successful PQAP (Cédric Le Goater) [RHEL-19575]
- KVM: s390: fix setting of fpc register (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: fix sysfs status attribute for AP queue devices (Cédric Le Goater) [RHEL-19575]
- s390/vfio-ap: unpin pages on gisc registration failure (Cédric Le Goater) [RHEL-19575]
- iommu/iova: Manage the depot list size (Jerry Snitselaar) [RHEL-10100]
- iommu/iova: Make the rcache depot scale better (Jerry Snitselaar) [RHEL-10100]
- iommu/iova: Optimize iova_magazine_alloc() (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove two WARN_ON in domain_context_mapping_one() (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Handle the failure case of dmar_reenable_qi() (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove BUG_ON in dmar_insert_dev_scope() (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove a useless BUG_ON(dev->is_virtfn) (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove BUG_ON in map/unmap() (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove BUG_ON when domain->pgd is NULL (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove BUG_ON in handling iotlb cache invalidation (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove BUG_ON on checking valid pfn range (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Make size of operands same in bitwise operations (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Do not use GFP_ATOMIC when not needed (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Remove PASID supervisor request support (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Use non-privileged mode for all PASIDs (Jerry Snitselaar) [RHEL-10100]
- iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Use page mode macros in fetch_pte() (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Allocate IOMMU irqs using numa locality info (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Allocate page table using numa locality info (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Do not allocate io_pgtable_ops for passthrough domain (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Fix compile error for unused function (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Improving Interrupt Remapping Table Invalidation (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Do not Invalidate IRT when IRTE caching is disabled (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Introduce Disable IRTE Caching Support (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Change macro for IOMMU control register bit shift to decimal value (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Remove the unused struct amd_ir_data.ref (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Switch amd_iommu_update_ga() to use modify_irte_ga() (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Handle GALog overflows (Jerry Snitselaar) [RHEL-10025]
- iommu/amd: Process all IVHDs before enabling IOMMU features (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Introduce global variable for storing common EFR and EFR2 (Jerry Snitselaar) [RHEL-10100]
- iommu/amd: Introduce Support for Extended Feature 2 Register (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Avoid memory allocation in iommu_suspend() (Jerry Snitselaar) [RHEL-10100]
- iommu/vt-d: Fix to flush cache of PASID directory table (Jerry Snitselaar) [RHEL-10100]
- of/address: Return an error when no valid dma-ranges are found (Jerry Snitselaar) [RHEL-10100]
- iommu/arm-smmu-qcom: Fix mask extraction for bootloader programmed SMRs (Jerry Snitselaar) [RHEL-10100]
- iommu/arm-smmu-qcom: Read back stream mappings (Jerry Snitselaar) [RHEL-10100]
- of: Fix "dma-ranges" handling for bus controllers (Jerry Snitselaar) [RHEL-10100]
- swiotlb: move slot allocation explanation comment where it belongs (Jerry Snitselaar) [RHEL-10100]
- swiotlb: fix debugfs reporting of reserved memory pools (Jerry Snitselaar) [RHEL-10100]
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (Jerry Snitselaar) [RHEL-1261]
- swiotlb: use the calculated number of areas (Jerry Snitselaar) [RHEL-1261]
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (Jerry Snitselaar) [RHEL-1261]
- swiotlb: reduce the number of areas to match actual memory pool size (Jerry Snitselaar) [RHEL-1261]
- swiotlb: always set the number of areas before allocating the pool (Jerry Snitselaar) [RHEL-1261]
- swiotlb: clean up some coding style and minor issues (Jerry Snitselaar) [RHEL-1261]
- iommu/amd: Fix DTE_IRQ_PHYS_ADDR_MASK macro (Jerry Snitselaar) [RHEL-1261]
- iommu/amd/iommu_v2: Clear pasid state in free path (Jerry Snitselaar) [RHEL-14152]
- iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind (Jerry Snitselaar) [RHEL-14152]
- iommu/amd: Don't block updates to GATag if guest mode is on (Jerry Snitselaar) [RHEL-1261]
- iommu/amd: Fix domain flush size when syncing iotlb (Jerry Snitselaar) [RHEL-1261]
- iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE (Jerry Snitselaar) [RHEL-1261]
- iommu: Fix error unwind in iommu_group_alloc() (Jerry Snitselaar) [RHEL-1261]
- net/mlx5e: Fix error code in mlx5e_tc_action_miss_mapping_get() (Amir Tzin) [RHEL-924]
- net/mlx5: Fix fw tracer first block check (Amir Tzin) [RHEL-924]
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (Amir Tzin) [RHEL-924]
- net/mlx5e: fix double free of encap_header (Amir Tzin) [RHEL-924]
- Revert "net/mlx5e: fix double free of encap_header" (Amir Tzin) [RHEL-924]
- Revert "net/mlx5e: fix double free of encap_header in update funcs" (Amir Tzin) [RHEL-924]
- net/mlx5e: fix double free of encap_header in update funcs (Amir Tzin) [RHEL-924]
- net/mlx5e: fix double free of encap_header (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix error codes in alloc_branch_attr() (Amir Tzin) [RHEL-924]
- net/mlx5e: Track xmit submission to PTP WQ after populating metadata map (Amir Tzin) [RHEL-924]
- net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe (Amir Tzin) [RHEL-924]
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Amir Tzin) [RHEL-924]
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (Amir Tzin) [RHEL-924]
- net/mlx5: Fix a NULL vs IS_ERR() check (Amir Tzin) [RHEL-924]
- net/mlx5e: Check netdev pointer before checking its net ns (Amir Tzin) [RHEL-924]
- net/mlx5e: TC, Don't offload post action rule if not supported (Amir Tzin) [RHEL-924]
- net/mlx5e: Remove a useless function call (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (Amir Tzin) [RHEL-924]
- net/mlx5: Increase size of irq name buffer (Amir Tzin) [RHEL-924]
- net/mlx5e: Update doorbell for port timestamping CQ before the software counter (Amir Tzin) [RHEL-924]
- net/mlx5e: Add recovery flow for tx devlink health reporter for unhealthy PTP SQ (Amir Tzin) [RHEL-924]
- net/mlx5e: Make tx_port_ts logic resilient to out-of-order CQEs (Amir Tzin) [RHEL-924]
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Amir Tzin) [RHEL-924]
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (Amir Tzin) [RHEL-924]
- net/mlx5e: Reduce the size of icosq_str (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix pedit endianness (Amir Tzin) [RHEL-924]
- net/mlx5: Decouple PHC .adjtime and .adjphase implementations (Amir Tzin) [RHEL-924]
- IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (Amir Tzin) [RHEL-924]
- IB/mlx5: Fix rdma counter binding for RAW QP (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix VF representors reporting zero counters to "ip -s" command (Amir Tzin) [RHEL-13397 RHEL-924]
- net/mlx5e: Don't offload internal port if filter device is out device (Amir Tzin) [RHEL-924]
- net/mlx5e: XDP, Fix XDP_REDIRECT mpwqe page fragment leaks on shutdown (Amir Tzin) [RHEL-924]
- net/mlx5: Handle fw tracer change ownership event based on MTRC (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, fix peer entry ageing in LAG mode (Amir Tzin) [RHEL-924]
- net/mlx5: E-switch, register event handler before arming the event (Amir Tzin) [RHEL-924]
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Fix NULL string error (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (Amir Tzin) [RHEL-924]
- net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Amir Tzin) [RHEL-924]
- net/mlx5: Free irqs only on shutdown callback (Amir Tzin) [RHEL-924]
- net/mlx5: Improve naming of pci function vectors (Amir Tzin) [RHEL-924]
- net/mlx5e: Clear mirred devices array if the rule is split (Amir Tzin) [RHEL-924]
- net/mlx5: Dynamic cyclecounter shift calculation for PTP free running clock (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Fix trailing */ formatting in block comment (Amir Tzin) [RHEL-924]
- net/mlx5: Use RMW accessors for changing LNKCTL (Amir Tzin) [RHEL-924]
- net/mlx5: DR, Fix code indentation (Amir Tzin) [RHEL-924]
- net/mlx5: Fix error message in mlx5_sf_dev_state_change_handler() (Amir Tzin) [RHEL-924]
- net/mlx5e: Add capability check for vnic counters (Amir Tzin) [RHEL-924]
- net/mlx5e: Expose catastrophic steering error counters (Amir Tzin) [RHEL-924]
- net/mlx5: Skip clock update work when device is in error state (Amir Tzin) [RHEL-924]
- net/mlx5: LAG, Check correct bucket when modifying LAG (Amir Tzin) [RHEL-924]
- net/mlx5e: Unoffload post act rule when handling FIB events (Amir Tzin) [RHEL-924]
- net/mlx5: Allow 0 for total host VFs (Amir Tzin) [RHEL-924]
- net/mlx5: DR, Fix wrong allocation of modify hdr pattern (Amir Tzin) [RHEL-924]
- net/mlx5e: TC, Fix internal port memory leak (Amir Tzin) [RHEL-924]
- net/mlx5: Fix typo reminder -> remainder (Amir Tzin) [RHEL-924]
- net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio (Amir Tzin) [RHEL-924]
- net/mlx5: fs_core: Make find_closest_ft more generic (Amir Tzin) [RHEL-924]
- net/mlx5e: kTLS, Fix protection domain in use syndrome when devlink reload (Amir Tzin) [RHEL-924]
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (Amir Tzin) [RHEL-13501 RHEL-924]
- net/mlx5e: Don't hold encap tbl lock if there is no encap action (Amir Tzin) [RHEL-924]
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Amir Tzin) [RHEL-924]
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (Amir Tzin) [RHEL-924]
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (Amir Tzin) [RHEL-924]
- net/mlx5e: Check for NOT_READY flag state after locking (Amir Tzin) [RHEL-924]
- net/mlx5: Register a unique thermal zone per device (Amir Tzin) [RHEL-924]
- net/mlx5e: fix memory leak in mlx5e_ptp_open (Amir Tzin) [RHEL-924]
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (Amir Tzin) [RHEL-924]
- net/mlx5e: fix double free in mlx5e_destroy_flow_table (Amir Tzin) [RHEL-924]
- net/mlx5: Fix reserved at offset in hca_cap register (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Fix Q-counters query in LAG mode (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Remove vport Q-counters dependency on normal Q-counters (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Fix Q-counters per vport allocation (Amir Tzin) [RHEL-924]
- net/mlx5: Drain health before unregistering devlink (Amir Tzin) [RHEL-924]
- net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register (Amir Tzin) [RHEL-924]
- eth: mlx5: avoid iterator use outside of a loop (Amir Tzin) [RHEL-924]
- net/mlx5: Update op_mode to op_mod for port selection (Amir Tzin) [RHEL-924]
- net/mlx5: E-Switch, Remove redundant dev arg from mlx5_esw_vport_alloc() (Amir Tzin) [RHEL-924]
- Documentation: net/mlx5: Wrap notes in admonition blocks (Amir Tzin) [RHEL-924]
- Documentation: net/mlx5: Use bullet and definition lists for vnic counters description (Amir Tzin) [RHEL-924]
- Documentation: net/mlx5: Wrap vnic reporter devlink commands in code blocks (Amir Tzin) [RHEL-924]
- net/mlx5e: Add vnic devlink health reporter to representors (Amir Tzin) [RHEL-14659 RHEL-924]
- net/mlx5: Add vnic devlink health reporter to PFs/VFs (Amir Tzin) [RHEL-14659 RHEL-924]
- Revert "net/mlx5: Expose vnic diagnostic counters for eswitch managed vports" (Amir Tzin) [RHEL-14659 RHEL-924]
- Revert "net/mlx5: Expose steering dropped packets counter" (Amir Tzin) [RHEL-14659 RHEL-924]
- net/mlx5: Create a new profile for SFs (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, add tracepoints for multicast (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, implement mdb offload (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, support multicast VLAN pop (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, add per-port multicast replication tables (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, snoop igmp/mld packets (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, extract code to lookup parent bridge of port (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, move additional data structures to priv header (Amir Tzin) [RHEL-924]
- net/mlx5: Bridge, increase bridge tables sizes (Amir Tzin) [RHEL-924]
- net/mlx5: Add mlx5_ifc definitions for bridge multicast support (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix SQ SW state layout in SQ devlink health diagnostics (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix RQ SW state layout in RQ devlink health diagnostics (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Remove unused num_alloc_xa_entries variable (Amir Tzin) [RHEL-924]
- net/mlx5e: Rename misleading skb_pc/cc references in ptp code (Amir Tzin) [RHEL-924]
- net/mlx5: Update cyclecounter shift value to improve ptp free running mode precision (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Expand switchdev Q-counters to expose representor statistics (Amir Tzin) [RHEL-924]
- net/mlx5: Introduce other vport query for Q-counters (Amir Tzin) [RHEL-924]
- net/mlx5e: Fix build break on 32bit (Amir Tzin) [RHEL-924]
- net/mlx5: Set out of order (ooo) by default (Amir Tzin) [RHEL-924]
- RDMA/mlx5: Disable out-of-order in integrity enabled QPs (Amir Tzin) [RHEL-924]
- net/mlx5: Expose bits for enabling out-of-order by default (Amir Tzin) [RHEL-924]
- net/mlx5e: TC, Add support for VxLAN GBP encap/decap flows offload (Amir Tzin) [RHEL-897 RHEL-924]
- net/mlx5e: Add helper for encap_info_equal for tunnels with options (Amir Tzin) [RHEL-897 RHEL-924]
- net/mlx5e: Remove redundant include statement and adjust code to upstream. (Amir Tzin) [RHEL-924]
- net/mlx5e: Enable TC offload for egress MACVLAN over bond (Amir Tzin) [RHEL-924]
- net/mlx5e: Enable TC offload for ingress MACVLAN over bond (Amir Tzin) [RHEL-924]
- net/mlx5e: TC, Extract indr setup block checks to function (Amir Tzin) [RHEL-924]
- net/mlx5e: Add XSK RQ state flag for RQ devlink health diagnostics (Amir Tzin) [RHEL-924]
- net/mlx5e: Expose SQ SW state as part of SQ health diagnostics (Amir Tzin) [RHEL-924]
- net/mlx5e: Stringify RQ SW state in RQ devlink health diagnostics (Amir Tzin) [RHEL-924]
- net/mlx5e: Rename RQ/SQ adaptive moderation state flag (Amir Tzin) [RHEL-924]
- net/mlx5e: Utilize the entire fifo (Amir Tzin) [RHEL-924]
- net/mlx5: Implement thermal zone (Amir Tzin) [RHEL-924]
- net/mlx5: Stop waiting for PCI up if teardown was triggered (Amir Tzin) [RHEL-924]
- net/mlx5: remove redundant clear_bit (Amir Tzin) [RHEL-924]
Resolves: RHEL-10025, RHEL-10100, RHEL-1261, RHEL-12873, RHEL-13397, RHEL-13501, RHEL-14152, RHEL-14659, RHEL-16007, RHEL-16317, RHEL-17256, RHEL-19014, RHEL-19431, RHEL-19575, RHEL-19721, RHEL-19794, RHEL-21054, RHEL-21096, RHEL-22160, RHEL-22161, RHEL-2553, RHEL-2690, RHEL-897, RHEL-924

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2024-01-24 06:43:08 +01:00