@ -165,15 +165,15 @@ Summary: The Linux kernel
# define buildid .local
%define specversion 5.14.0
%define patchversion 5.14
%define pkgrelease 427.35.1
%define pkgrelease 427
%define kversion 5
%define tarfile_release 5.14.0-427.35.1. el9_4
%define tarfile_release 5.14.0-427.el9
# This is needed to do merge window version magic
%define patchlevel 14
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 427.35.1 %{?buildid}%{?dist}
%define specrelease 427%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 5.14.0-427.35.1. el9_4
%define kabiversion 5.14.0-427.el9
#
# End of genspec.sh variables
@ -185,7 +185,6 @@ Summary: The Linux kernel
# should not be exported to RPM provides
%global __provides_exclude_from ^%{_libexecdir}/kselftests
%define _with_kabidupchk 1
# The following build options are enabled by default, but may become disabled
# by later architecture-specific checks. These can also be disabled by using
# --without <opt> in the rpmbuild command, or by forcing these values to 0.
@ -232,6 +231,8 @@ Summary: The Linux kernel
%define with_rtonly %{?_with_rtonly: 1} %{?!_with_rtonly: 0}
# Control whether we perform a compat. check against published ABI.
%define with_kabichk %{?_without_kabichk: 0} %{?!_without_kabichk: 1}
# Temporarily disable kabi checks until RC.
%define with_kabichk 0
# Control whether we perform a compat. check against DUP ABI.
%define with_kabidupchk %{?_with_kabidupchk: 1} %{?!_with_kabidupchk: 0}
#
@ -628,7 +629,7 @@ Summary: The Linux kernel
Name: kernel
License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib
URL: https://www.kernel.org/
Version: %{specversion}
Version: %{specversion}.1
Release: %{pkg_release}
# DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD.
# SET %%nobuildarches (ABOVE) INSTEAD
@ -967,6 +968,18 @@ Source4002: gating.yaml
Patch1: patch-%{patchversion}-redhat.patch
%endif
# AlmaLinux patches
Patch1001: 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
# Bring back deprecated PCI ids #CFHack #CFHack2024
Patch2001: 0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch
Patch2002: 0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch
Patch2003: 0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch
Patch2004: 0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
Patch2005: 0005-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch
Patch2006: 0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch
Patch2007: 0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
# empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
@ -1693,9 +1706,19 @@ cp -a %{SOURCE1} .
%if !%{nopatches}
ApplyPatch 0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch
ApplyPatch 0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch
ApplyPatch 0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch
ApplyPatch 0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
ApplyPatch 0005-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch
ApplyPatch 0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch
ApplyPatch 0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
ApplyOptionalPatch patch-%{patchversion}-redhat.patch
%endif
ApplyPatch 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
ApplyOptionalPatch linux-kernel-test.patch
# END OF PATCH APPLICATIONS
@ -2198,12 +2221,12 @@ BuildKernel() {
cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp --parents tools/build/fixdep.c $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp --parents tools/objtool/sync-check.sh $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/bpf/resolve_btfids $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/bpf/resolve_btfids/main.c $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/bpf/resolve_btfids/Build $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp --parents security/selinux/include/policycap_names.h $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp --parents security/selinux/include/policycap.h $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/include/asm $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/include/asm-generic $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/include/linux $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
cp -a --parents tools/include/uapi/asm $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
@ -2241,9 +2264,6 @@ BuildKernel() {
if [ -d arch/%{asmarch}/include ]; then
cp -a --parents arch/%{asmarch}/include $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/
fi
if [ -d tools/arch/%{asmarch}/include ]; then
cp -a --parents tools/arch/%{asmarch}/include $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
fi
%ifarch aarch64
# arch/arm64/include/asm/xen references arch/arm
cp -a --parents arch/arm/include/asm/xen $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/
@ -2531,7 +2551,6 @@ BuildKernel() {
%if %{with_cross}
make -C $RPM_BUILD_ROOT/lib/modules/$KernelVer/build M=scripts clean
make -C $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/tools/bpf/resolve_btfids clean
sed -i 's/REBUILD_SCRIPTS_FOR_CROSS:=0/REBUILD_SCRIPTS_FOR_CROSS:=1/' $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile
%endif
@ -3185,7 +3204,7 @@ then\
)\
fi\
%if %{with_cross}\
echo "Building scripts and resolve_btfids "\
echo "Building scripts"\
env --unset=ARCH make -C /usr/src/kernels/%{KVERREL}%{?1:+%{1}} prepare_after_cross\
%endif\
%{nil}
@ -3732,848 +3751,16 @@ fi
#
#
%changelog
* Fri Aug 30 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.35.1.el9_4]
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619}
- ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437]
- ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437]
- mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131}
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102}
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720}
- net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883}
- nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073}
- kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956]
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927}
- Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886}
- xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082}
- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875]
- nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629}
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979}
- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463}
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697]
* Thu Aug 22 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.34.1.el9_4]
- mm: prevent derefencing NULL ptr in pfn_section_valid() (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055}
- mm, kmsan: fix infinite recursion due to RCU critical section (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055}
- ppp: reject claimed-as-LCP but actually malformed packets (CKI Backport Bot) [RHEL-51061 RHEL-51059] {CVE-2024-41044}
- x86: stop playing stack games in profile_pc() (CKI Backport Bot) [RHEL-51651] {CVE-2024-42096}
- PCI/MSI: Fix UAF in msi_capability_init (CKI Backport Bot) [RHEL-51438] {CVE-2024-41096}
- iommufd: Fix missing update of domains_itree after splitting iopt_area (Jerry Snitselaar) [RHEL-42518 RHEL-28780] {CVE-2023-52801}
- mm: cachestat: fix folio read-after-free in cache walk (Nico Pache) [RHEL-41739 RHEL-5619] {CVE-2024-26630}
- regmap: maple: Fix cache corruption in regcache_maple_drop() (Jaroslav Kysela) [RHEL-43179 RHEL-39706] {CVE-2024-36019}
- mm: cachestat: fix two shmem bugs (Nico Pache) [RHEL-36912] {CVE-2024-35797}
- kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (Steve Best) [RHEL-42778 RHEL-34985] {CVE-2024-26946}
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-43132 RHEL-37467] {CVE-2024-36000}
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- gpio: tegra186: Fix tegra186_gpio_is_accessible() check (Charles Mirabile) [RHEL-49347 RHEL-32452]
- net/sched: Fix UAF when resolving a clash (CKI Backport Bot) [RHEL-51022 RHEL-51020] {CVE-2024-41040}
- KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Maxim Levitsky) [RHEL-41462 RHEL-32430] {CVE-2024-35791}
- cxl/region: Fix memregion leaks in devm_cxl_add_region() (John W. Linville) [RHEL-47965 RHEL-23582] {CVE-2024-40936}
- x86/coco: Require seeding RNG with RDRAND on CoCo systems (Lenny Szubowicz) [RHEL-42986 RHEL-37269] {CVE-2024-35875}
- scsi: qedf: Ensure the copied buf is NUL terminated (cki-backport-bot) [RHEL-44203] {CVE-2024-38559}
* Fri Aug 16 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.33.1.el9_4]
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44287] {CVE-2024-38540}
- netfilter: flowtable: validate pppoe header (Florian Westphal) [RHEL-44430 RHEL-33469] {CVE-2024-27016}
- crypto: bcm - Fix pointer arithmetic (cki-backport-bot) [RHEL-44116] {CVE-2024-38579}
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CKI Backport Bot) [RHEL-51035 RHEL-51033] {CVE-2024-41041}
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Florian Westphal) [RHEL-42832 RHEL-33985] {CVE-2024-27019}
- netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV (Florian Westphal) [RHEL-42832 RHEL-33985]
- netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj() (Florian Westphal) [RHEL-42832 RHEL-33985]
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Florian Westphal) [RHEL-41802 RHEL-33985] {CVE-2024-26925}
- netfilter: nf_tables: discard table flag update with pending basechain deletion (Florian Westphal) [RHEL-40231 RHEL-33985] {CVE-2024-35897}
- netfilter: nf_tables: reject table flag and netdev basechain updates (Florian Westphal) [RHEL-40231 RHEL-33985]
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839}
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839}
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839}
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839}
- netfilter: nft_limit: reject configurations that cause integer overflow (Florian Westphal) [RHEL-40065 RHEL-33985] {CVE-2024-26668}
- scsi: qedi: Fix crash while reading debugfs attribute (CKI Backport Bot) [RHEL-48339] {CVE-2024-40978}
- mm/huge_memory: don't unpoison huge_zero_folio (Aristeu Rozanski) [RHEL-47804] {CVE-2024-40914}
- tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48375 RHEL-6118] {CVE-2024-40983}
- netfilter: nft_set_rbtree: skip end interval element from gc (Florian Westphal) [RHEL-41265] {CVE-2024-26581}
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (CKI Backport Bot) [RHEL-52021 RHEL-52019 RHEL-52020] {CVE-2024-42152}
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (CKI Backport Bot) [RHEL-51756] {CVE-2024-42110}
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Florian Westphal) [RHEL-40265 RHEL-33985] {CVE-2024-35898}
- netfilter: br_netfilter: remove WARN traps (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415}
- netfilter: br_netfilter: skip conntrack input hook for promisc packets (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415}
- netfilter: bridge: confirm multicast packets before passing them up the stack (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415}
- netfilter: nf_conntrack_bridge: initialize err to 0 (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Florian Westphal) [RHEL-42842 RHEL-33985] {CVE-2024-27020}
* Mon Aug 12 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.32.1.el9_4]
- REDHAT: Makefile, dont reset dist-git-tmp if set (Lucas Zampieri)
- net/mlx5e: Fix netif state handling (Benjamin Poirier) [RHEL-43872 RHEL-43870] {CVE-2024-38608}
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Benjamin Poirier) [RHEL-43872 RHEL-43870] {CVE-2024-38608}
- tun: add missing verification for short frame (Patrick Talbert) [RHEL-50202 RHEL-50203] {CVE-2024-41091}
- tap: add missing verification for short frame (Patrick Talbert) [RHEL-50264 RHEL-50265] {CVE-2024-41090}
- vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-43421 RHEL-30023] {CVE-2024-26810}
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44299] {CVE-2024-38538}
- KVM: arm64: Ensure target address is granule-aligned for range TLBI (Sebastian Ott) [RHEL-52248 RHEL-31215]
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (cki-backport-bot) [RHEL-44250] {CVE-2024-38544}
- NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-52082] {CVE-2024-41076}
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46421 RHEL-35393] {CVE-2024-39476}
- KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50074]
- cxl/port: Fix delete_endpoint() vs parent unregistration race (John W. Linville) [RHEL-39290 RHEL-23582] {CVE-2023-52771}
- net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Petr Oros) [RHEL-49862 RHEL-17486] {CVE-2024-26855}
- ice: fix LAG and VF lock dependency in ice_reset_vf() (Petr Oros) [RHEL-49820 RHEL-17486] {CVE-2024-36003}
- net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (Jose Ignacio Tornos Martinez) [RHEL-47992 RHEL-9429] {CVE-2024-40939}
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (CKI Backport Bot) [RHEL-47770] {CVE-2024-40911}
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CKI Backport Bot) [RHEL-47788] {CVE-2024-40912}
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CKI Backport Bot) [RHEL-47920] {CVE-2024-40929}
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CKI Backport Bot) [RHEL-48028] {CVE-2024-40941}
- seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Hangbin Liu) [RHEL-48098 RHEL-45826] {CVE-2024-40957}
- ipv6: fix possible race in __fib6_drop_pcpu_from() (Hangbin Liu) [RHEL-47572 RHEL-45826] {CVE-2024-40905}
- redhat/configs: Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-39581 RHEL-28760]
- drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-39581 RHEL-28760]
- drm/mgag200: Fix caching setup for remapped video memory (Scott Weaver) [RHEL-39581 RHEL-24102]
- Revert "drm/mgag200: Flush the cache to improve latency" (Scott Weaver) [RHEL-39581 RHEL-28760]
- net: psample: fix flag being set in wrong skb (Adrian Moreno) [RHEL-47275]
- net: openvswitch: store sampling probability in cb. (Adrian Moreno) [RHEL-47275]
- net: openvswitch: add psample action (Adrian Moreno) [RHEL-47275]
- net: psample: allow using rate as probability (Adrian Moreno) [RHEL-47275]
- net: psample: skip packet copy if no listeners (Adrian Moreno) [RHEL-47275]
- net: psample: add user cookie (Adrian Moreno) [RHEL-47275]
- i40e: fix: remove needless retries of NVM update (CKI Backport Bot) [RHEL-48169 RHEL-36692]
- ice: Reject pin requests with unsupported flags (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: Don't process extts if PTP is disabled (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: Fix improper extts handling (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: stop destroying and reinitalizing Tx tracker during reset (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: factor out ice_ptp_rebuild_owner() (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: rename ice_ptp_tx_cfg_intr (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: don't check has_ready_bitmap in E810 functions (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: rename verify_cached to has_ready_bitmap (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: pass reset type to PTP reset functions (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: introduce PTP state machine (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: make RX HW timestamp reading code more reusable (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: Rename E822 to E82X (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: periodically kick Tx timestamp interrupt (Petr Oros) [RHEL-50388 RHEL-17486]
- ice: Re-enable timestamping correctly after reset (Petr Oros) [RHEL-50388 RHEL-17486]
- ptp: introduce helpers to adjust by scaled parts per million (Petr Oros) [RHEL-50388 RHEL-17486]
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Andrew Halaney) [RHEL-42566 RHEL-24205] {CVE-2023-52880}
- netfilter: complete validation of user input (Phil Sutter) [RHEL-47384 RHEL-37212] {CVE-2024-35962}
- netfilter: validate user input for expected length (Phil Sutter) [RHEL-41668 RHEL-37212] {CVE-2024-35896}
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-40051 RHEL-39719] {CVE-2024-36025}
- x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-37615 RHEL-33260] {CVE-2024-26908}
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Prarit Bhargava) [RHEL-37615 RHEL-25415]
* Fri Aug 09 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.31.1.el9_4]
- net: fix __dst_negative_advice() race (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971}
- net: annotate data-races around sk->sk_dst_pending_confirm (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971}
* Mon Aug 05 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.30.1.el9_4]
- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Mark Salter) [RHEL-49538 RHEL-39308]
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jon Maloy) [RHEL-44467] {CVE-2024-37353}
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-36271 RHEL-26682] {CVE-2024-26600}
- eeprom: at24: fix memory corruption race condition (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Use dev_err_probe for nvmem register failure (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Add support for 24c1025 EEPROM (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: remove struct at24_client (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- at24: Support probing while in non-zero ACPI D state (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44439] {CVE-2024-37356}
- cxl/region: Fix cxlr_pmem leaks (cki-backport-bot) [RHEL-44486] {CVE-2024-38391}
- tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44480] {CVE-2024-36489}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-42714 RHEL-33266] {CVE-2024-26853}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44404 RHEL-44402] {CVE-2024-33621}
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-44404 RHEL-32205]
- ipvlan: properly track tx_errors (Davide Caratti) [RHEL-44404 RHEL-32205]
- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-41698 RHEL-39754] {CVE-2024-36941}
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-41658 RHEL-37028] {CVE-2024-35845}
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-41556 RHEL-37018] {CVE-2024-35852}
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44215] {CVE-2024-38558}
- wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-41520 RHEL-39799] {CVE-2024-36922}
- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-38754 RHEL-37345] {CVE-2024-35937}
- ice: fix memory corruption bug with suspend and rebuild (Petr Oros) [RHEL-49858 RHEL-17486] {CVE-2024-35911}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Hangbin Liu) [RHEL-48182 RHEL-45826] {CVE-2024-40961}
- netns: Make get_net_ns() handle zero refcount net (Paolo Abeni) [RHEL-48117 RHEL-46610] {CVE-2024-40958}
- net: do not leave a dangling sk pointer, when socket creation fails (Paolo Abeni) [RHEL-48072 RHEL-46610] {CVE-2024-40954}
- net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (CKI Backport Bot) [RHEL-47902] {CVE-2024-40928}
- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Ivan Vecera) [RHEL-43619 RHEL-30344] {CVE-2021-47606}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46921] {CVE-2024-39487}
- nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (Benjamin Coddington) [RHEL-42732 RHEL-34875] {CVE-2024-26868}
- efi: fix panic in kdump kernel (Steve Best) [RHEL-42920 RHEL-36998] {CVE-2024-35800}
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() (Hangbin Liu) [RHEL-41735 RHEL-31050] {CVE-2024-27417}
- netfilter: nf_tables: do not compare internal table flags on updates (Florian Westphal) [RHEL-41682 RHEL-33985] {CVE-2024-27065}
- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-41466 RHEL-39786] {CVE-2024-36903}
- netfilter: nf_tables: honor table dormant flag from netdev release event path (Florian Westphal) [RHEL-40056 RHEL-33985] {CVE-2024-36005}
- cifs: fix underflow in parse_server_interfaces() (Paulo Alcantara) [RHEL-34636 RHEL-31245] {CVE-2024-26828}
- drm/i915/audio: Fix audio time stamp programming for DP (CKI Backport Bot) [RHEL-45843]
- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864}
- platform/x86: wmi: remove unnecessary initializations (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CKI Backport Bot) [RHEL-43170] {CVE-2024-36017}
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Florian Westphal) [RHEL-40062 RHEL-33985] {CVE-2024-26808}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-39017 RHEL-32372] {CVE-2024-35969}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Florian Westphal) [RHEL-38765 RHEL-33985] {CVE-2024-35899}
- vt: fix unicode buffer corruption when deleting characters (Andrew Halaney) [RHEL-42947 RHEL-24205] {CVE-2024-35823}
* Fri Jul 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.29.1.el9_4]
- net: Avoid address overwrite in kernel_connect (Davide Caratti) [RHEL-45728 RHEL-30875]
- net: replace calls to sock->ops->connect() with kernel_connect() (Davide Caratti) [RHEL-45728 RHEL-33410]
- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-41638 RHEL-39704] {CVE-2024-36020}
- cifs: translate network errors on send to -ECONNABORTED (Jay Shin) [RHEL-47047 RHEL-31245]
- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44132] {CVE-2024-38575}
- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-43208 RHEL-39803] {CVE-2024-36921}
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-42906 RHEL-36809] {CVE-2024-35789}
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-42886 RHEL-36900] {CVE-2024-27434}
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-42860 RHEL-35142] {CVE-2024-27052}
- wifi: mt76: mt7925e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-42856 RHEL-35148] {CVE-2024-27049}
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-42743 RHEL-34187] {CVE-2024-26897}
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Jose Ignacio Tornos Martinez) [RHEL-42383 RHEL-35199] {CVE-2023-52651}
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-41402 RHEL-39781] {CVE-2024-36929}
* Fri Jul 19 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.28.1.el9_4]
- mlxbf_gige: call request_irq() after NAPI initialized (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907}
- mlxbf_gige: stop PHY during open() error paths (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907}
- mlxbf_gige: stop interface during shutdown (Kamal Heib) [RHEL-41708 RHEL-37244] {CVE-2024-35885}
- net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43796 RHEL-43794] {CVE-2022-48743}
- nfp: flower: handle acti_netdevs allocation failure (Ken Cox) [RHEL-42852 RHEL-35158] {CVE-2024-27046}
- block: add check that partition length needs to be aligned with block size (Ming Lei) [RHEL-45501 RHEL-26616] {CVE-2023-52458}
- nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- NFSD: CREATE_SESSION must never cache NFS4ERR_DELAY replies (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- NFSD: Document the phases of CREATE_SESSION (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- NFSD: Fix the NFSv4.1 CREATE_SESSION operation (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- icmp: prevent possible NULL dereferences from icmp_build_probe() (Antoine Tenart) [RHEL-42974 RHEL-37002] {CVE-2024-35857}
- NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking (Scott Mayhew) [RHEL-45360 RHEL-24133]
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (Aristeu Rozanski) [RHEL-46335 RHEL-38634]
- RAS/AMD/ATL: Fix MI300 bank hash (Aristeu Rozanski) [RHEL-46335 RHEL-38634]
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-42689 RHEL-33271] {CVE-2024-26852}
- epoll: be better about file lifetimes (Pavel Reichl) [RHEL-44091 RHEL-44083] {CVE-2024-38580}
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Dick Kennedy) [RHEL-40659 RHEL-40665 RHEL-24508 RHEL-39793] {CVE-2024-36924}
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Dick Kennedy) [RHEL-40659 RHEL-40669 RHEL-24508 RHEL-39887] {CVE-2024-36952}
- bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (Viktor Malik) [RHEL-42640 RHEL-31726] {CVE-2024-26737}
- can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ken Cox) [RHEL-41489 RHEL-38415] {CVE-2021-47459}
- wifi: ath11k: restore country code during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: refactor setting country code logic (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- bus: mhi: host: Add mhi_power_down_keep_dev() API to support system suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- net: qrtr: support suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: support hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: thermal: don't try to register multiple times (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: fix warning on DMA ring capabilities event (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: do not dump SRNG statistics during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: remove MHI LOOPBACK channels (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: rearrange IRQ enable/disable in reset path (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
* Mon Jul 15 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.27.1.el9_4]
- drm/ast: Fix soft lockup (CKI Backport Bot) [RHEL-45716]
- dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41838 RHEL-33217] {CVE-2024-26880}
- KVM: arm64: Do not re-initialize the KVM lock (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: Fix host-programmed guest events in nVHE (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: Fix double-free following kvm_pgtable_stage2_free_unlinked() (Sebastian Ott) [RHEL-37528 RHEL-36279]
- octeontx2-af: Use separate handlers for interrupts (Kamal Heib) [RHEL-42846 RHEL-35170] {CVE-2024-27030}
- Squashfs: check the inode number is not the invalid value of zero (Abhi Das) [RHEL-42811 RHEL-35098] {CVE-2024-26982}
- net: fix sk_memory_allocated_{add|sub} vs softirqs (Paolo Abeni) [RHEL-36773 RHEL-34070]
- tcp: sk_forced_mem_schedule() optimization (Paolo Abeni) [RHEL-36773 RHEL-34070]
- net: make SK_MEMORY_PCPU_RESERV tunable (Paolo Abeni) [RHEL-36773 RHEL-34070]
- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-42655 RHEL-31690] {CVE-2024-26773}
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-42528 RHEL-38200] {CVE-2023-52809}
- KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (Maxim Levitsky) [RHEL-43388]
- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-40398 RHEL-36047]
- RAS: enable CONFIG_RAS_FMPM (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Safely handle saved records of various sizes (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- Merge tag 'edac_updates_for_v6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Fix off by one when unwinding on error (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Add debugfs interface to print record entries (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Save SPA values (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS: Export helper to get ras_debugfs_dir (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS: Introduce a FRU memory poison manager (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- x86/cpu/amd: Provide a separate accessor for Node ID (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Add MI300 row retirement support (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- Documentation: Move RAS section to admin-guide (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Add MI300 support (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- Documentation: RAS: Add index and address translation section (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- cpu/SMT: Make SMT control more robust against enumeration failures (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
* Fri Jul 05 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.26.1.el9_4]
- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-39217 RHEL-37430] {CVE-2024-35958}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-41749 RHEL-39837] {CVE-2024-36904}
- mm/mglru: Revert "don't sync disk for each aging cycle" (Waiman Long) [RHEL-44418]
- tipc: fix UAF in error path (Xin Long) [RHEL-34848 RHEL-34280] {CVE-2024-36886}
- selftest/cgroup: Update test_cpuset_prs.sh to match changes (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Make cpuset.cpus.exclusive independent of cpuset.cpus (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition (Waiman Long) [RHEL-45139]
- selftest/cgroup: Fix test_cpuset_prs.sh problems reported by test robot (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix remote root partition creation problem (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix retval in update_cpumask() (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() (Waiman Long) [RHEL-45139]
- ice: implement AQ download pkg retry (Petr Oros) [RHEL-38907 RHEL-17318]
- redhat: include resolve_btfids in kernel-devel (Viktor Malik) [RHEL-43426 RHEL-40707]
- blk-cgroup: fix list corruption from resetting io stat (cki-backport-bot) [RHEL-44977] {CVE-2024-38663}
- misc: rtsx: do clear express reg every SD_INT (David Arcari) [RHEL-39985 RHEL-33706]
- misc: rtsx: Fix rts5264 driver status incorrect when card removed (David Arcari) [RHEL-39985 RHEL-33706]
- netfilter: tproxy: bail out if IP has been disabled on the device (cki-backport-bot) [RHEL-44371] {CVE-2024-36270}
- lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44263 RHEL-44261] {CVE-2024-38543}
- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44039] {CVE-2024-38586}
- net: micrel: Fix receiving the timestamp in the frame for lan8841 (cki-backport-bot) [RHEL-43996] {CVE-2024-38593}
- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-43379 RHEL-27780] {CVE-2022-48627}
- net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Kamal Heib) [RHEL-42728 RHEL-34192] {CVE-2024-26858}
- locking/atomic: Make test_and_*_bit() ordered on failure (Paolo Bonzini) [RHEL-45896]
- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (Rafael Aquini) [RHEL-42659 RHEL-31840] {CVE-2024-26783}
- can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Jose Ignacio Tornos Martinez) [RHEL-42379 RHEL-31530] {CVE-2023-52638}
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-42226 RHEL-38715] {CVE-2021-47548}
* Mon Jul 01 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.25.1.el9_4]
- nvme: fix reconnection fail due to reserved tag allocation (Maurizio Lombardi) [RHEL-42896 RHEL-36896] {CVE-2024-27435}
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (cki-backport-bot) [RHEL-43625] {CVE-2021-47596}
- scsi: sg: Avoid race in error handling & drop bogus warn (Ewan D. Milne) [RHEL-36106 RHEL-35659]
- scsi: sg: Avoid sg device teardown race (Ewan D. Milne) [RHEL-36106 RHEL-35659]
- netfilter: nf_tables: use timestamp to check for set element timeout (Florian Westphal) [RHEL-38032 RHEL-33985] {CVE-2024-27397}
- netfilter: nft_set_rbtree: Remove unused variable nft_net (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nft_set_rbtree: prefer sync gc to async worker (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nft_set_rbtree: rename gc deactivate+erase function (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) [RHEL-38032 RHEL-33985]
- octeontx2-af: avoid off-by-one read from userspace (Kamal Heib) [RHEL-40486 RHEL-39873] {CVE-2024-36957}
* Sun Jun 23 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.24.1.el9_4]
- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Michal Schmidt) [RHEL-43272 RHEL-23117]
- xen-netfront: Add missing skb_mark_for_recycle (Vitaly Kuznetsov) [RHEL-37626 RHEL-36573] {CVE-2024-27393}
- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-34953 RHEL-29239]
- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-34953 RHEL-29239]
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-38972 RHEL-37093] {CVE-2023-52667}
- crypto: qat - Fix typo (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}
- crypto: qat - specify firmware files for 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - validate slices count returned by FW (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve error logging to be consistent across features (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve error message in adf_get_arbiter_mapping() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - implement interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add bank save and restore flows (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - expand CSR operations for QAT GEN4 devices (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - rename get_sla_arr_of_type() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate CSR access code (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - move PFVF compat checker to a function (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate and rename 4xxx PF2VM definitions (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - adf_get_etr_base() helper (Vladis Dronov) [RHEL-38546 RHEL-35816]
- redhat/configs: Add CONFIG_CRYPTO_DEV_QAT_420XX (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - make ring to service map common for QAT GEN4 (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix ring to service map for dcc in 420xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix ring to service map for dcc in 4xxx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix comment structure (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove unnecessary description from comment (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove double initialization of value (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - removed unused macro in adf_cnv_dbgfs.c (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove unused macros in qat_comp_alg.c (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- Documentation: qat: fix auto_reset section (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}
- crypto: qat - change SLAs cleanup flow at shutdown (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve aer error reset handling (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - limit heartbeat notifications (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add auto reset on error (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add fatal error notification (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - re-enable sriov after pf reset (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - update PFVF protocol for recovery (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - disable arbitration before reset (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add fatal error notify method (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add heartbeat error simulator (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - avoid memcpy() overflow warning (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - generate dynamically arbiter mappings (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for ring pair level telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for device telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add admin msgs for telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - include pci.h for GET_DEV() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for 420xx devices (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - move fw config related structures (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate portions of qat_4xxx code (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - change signature of uof_get_num_objs() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate and rename get_service_enabled() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- seq_file: add helper macro to define attribute for rw file (Vladis Dronov) [RHEL-38546 RHEL-35816]
- minmax: Introduce {min,max}_array() (Vladis Dronov) [RHEL-38546 RHEL-35816]
* Fri Jun 14 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.23.1.el9_4]
- net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-34050 RHEL-30492] {CVE-2023-52626}
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (Ming Lei) [RHEL-38595 RHEL-36684]
- net/sched: flower: Add lock protection when remove filter handle (Petr Oros) [RHEL-35672 RHEL-33379]
- Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-33913 RHEL-31828] {CVE-2024-26801}
- net: hns3: do not allow call hns3_nic_net_open repeatedly (Jose Ignacio Tornos Martinez) [RHEL-38933 RHEL-37707] {CVE-2021-47400}
- tmpfs: fix Documentation of noswap and huge mount options (Nico Pache) [RHEL-38252 RHEL-31975]
- shmem: add support to ignore swap (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: update documentation (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: skip page split if we're not reclaiming (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: move reclaim check early on writepages() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: set shmem_writepage() variables early (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: remove check for folio lock on writepage() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- ice: Add automatic VF reset on Tx MDD events (Petr Oros) [RHEL-39083 RHEL-36317]
- net/ipv6: SKB symmetric hash should incorporate transport ports (Ivan Vecera) [RHEL-37641 RHEL-36218]
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix missing sk_buff release in seg6_input_core (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu) [RHEL-37669 RHEL-37511]
- block: fix q->blkg_list corruption during disk rebind (Ming Lei) [RHEL-36687 RHEL-33577]
- ice: fix uninitialized dplls mutex usage (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix pin phase adjust updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll periodic work data updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll and dpll_pin data access on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll input pin phase_adjust value updates (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix connection state of DPLL and out pin (Petr Oros) [RHEL-36716 RHEL-36283]
- redhat: remove the merge subtrees script (Derek Barbosa)
- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)
- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)
- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-38954 RHEL-37422] {CVE-2024-35960}
- smb: client: fix UAF in smb2_reconnect_server() (Jay Shin) [RHEL-28943 RHEL-40177 RHEL-37273 RHEL-7986] {CVE-2024-35870}
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (Jay Shin) [RHEL-28943 RHEL-31245]
- RHEL: enable CONFIG_AMD_ATL (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- EDAC/amd64: Use new AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- RAS: Introduce AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
* Mon Jun 10 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.22.1.el9_4]
- dpll: fix dpll_pin_on_pin_register() for multiple parent pins (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: indent DPLL option type by a tab (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: fix dpll_xa_ref_*_del() for multiple registrations (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: spec: use proper enum for pin capabilities attribute (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: move all dpll<>netdev helpers to dpll code (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: fix build failure due to rcu_dereference_check() on unknown type (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: rely on rcu for netdev_dpll_pin() (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: fix possible deadlock during netlink dump operation (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: check that pin is registered in __dpll_pin_unregister() (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: move xa_erase() call in to match dpll_pin_alloc() error path order (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: expose fractional frequency offset value to user (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: allocate pin ids in cycle (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: remove leftover mode_supported() op and use mode_get() instead (Petr Oros) [RHEL-36572 RHEL-32098]
- Documentation: dpll: wrap DPLL_CMD_PIN_GET output in a code block (Petr Oros) [RHEL-36572 RHEL-32098]
- Documentation: dpll: Fix code blocks (Petr Oros) [RHEL-36572 RHEL-32098]
- MAINTAINERS: adjust header file entry in DPLL SUBSYSTEM (Petr Oros) [RHEL-36572 RHEL-32098]
- netdev: Remove unneeded semicolon (Petr Oros) [RHEL-36572 RHEL-32098]
- netlink: add variable-length / auto integers (Petr Oros) [RHEL-36572 RHEL-30145]
- netlink: allow be16 and be32 types in all uint policy checks (Ivan Vecera) [RHEL-36572 RHEL-30656]
- net: netlink: recommend policy range validation (Ivan Vecera) [RHEL-36572 RHEL-30344]
- netlink: add nla be16/32 types to minlen array (Ivan Vecera) [RHEL-36572 RHEL-30344]
- netlink: introduce bigendian integer types (Michal Schmidt) [RHEL-36572 RHEL-30344]
- netlink: introduce NLA_POLICY_MAX_BE (Ivan Vecera) [RHEL-36572 RHEL-30344]
- ice: use irq_update_affinity_hint() (Michal Schmidt) [RHEL-38512 RHEL-35293]
- x86/tsc: Defer marking TSC unstable to a worker (Wander Lairson Costa) [RHEL-9296 RHEL-19514]
- x86/smpboot: Make TSC synchronization function call based (David Arcari) [RHEL-9296 RHEL-19514]
- Bluetooth: hci_core: Remove le_restart_scan work (David Marlin) [RHEL-38524 RHEL-30099]
- hwmon: (coretemp) Enlarge per package core count limit (David Arcari) [RHEL-35447 RHEL-22705]
- hwmon: (coretemp) Fix bogus core_id to attr name mapping (David Arcari) [RHEL-35447 RHEL-22705]
- hwmon: (coretemp) Fix out-of-bounds memory access (David Arcari) [RHEL-35447 RHEL-22705]
- perf: arm_cspmu: Reject events meant for other PMUs (Michael Petlan) [RHEL-34991 RHEL-25824]
- smb: client: refresh referral without acquiring refpath_lock (Jay Shin) [RHEL-38904 RHEL-7986]
- smb: client: guarantee refcounted children from parent session (Jay Shin) [RHEL-38904 RHEL-7986]
- smb3: show beginning time for per share stats (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: fix mount when dns_resolver key is not available (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: get rid of dfs code dep in namespace.c (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: get rid of dfs naming in automount code (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: rename cifs_dfs_ref.c to namespace.c (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: ensure to try all targets when finding nested links (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: introduce DFS_CACHE_TGT_LIST() (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: remove redundant pointer 'server' (Jay Shin) [RHEL-38904 RHEL-28739]
- smb: client: fix parsing of source mount option (Jay Shin) [RHEL-38904 RHEL-28739]
- integrity: eliminate unnecessary "Problem loading X.509 certificate" msg (Coiby Xu) [RHEL-39933 RHEL-12346]
* Mon Jun 03 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.21.1.el9_4]
- drm/i915/display: Increase number of fast wake precharge pulses (Mika Penttilä) [RHEL-36534 RHEL-20439]
- drm/i915/psr: Improve fast and IO wake lines calculation (Mika Penttilä) [RHEL-36534 RHEL-20439]
- drm/i915/display: Make intel_dp_aux_fw_sync_len available for PSR code (Mika Penttilä) [RHEL-36534 RHEL-20439]
- smb: client: improve DFS mount check (Jay Shin) [RHEL-36743 RHEL-28739]
- net: mana: Fix Rx DMA datasize and skb_over_panic (Cathy Avery) [RHEL-37622 RHEL-9872]
* Thu May 23 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.20.1.el9_4]
- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735}
- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-36145 RHEL-29035]
- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-36145 RHEL-29035]
- PCI: Fix pci_rh_check_status() call semantics (Luiz Capitulino) [RHEL-36541 RHEL-35032]
- cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-36530 RHEL-31990 RHEL-9354]
* Mon May 20 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.19.1.el9_4]
- x86/mce: Cleanup mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- x86/mce: Define amd_mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- x86/MCE/AMD: Split amd_mce_is_memory_error() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35302 RHEL-35078] {CVE-2024-26993}
* Mon May 13 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.18.1.el9_4]
- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-32971 RHEL-30082] {CVE-2024-26642}
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-33070 RHEL-30078] {CVE-2024-26643}
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- arm64: tlb: Fix TLBI RANGE operand (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- arm64/mm: Modify range-based tlbi to decrement scale (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained (Scott Weaver) [RHEL-35878 RHEL-33061]
- net: ip_tunnel: prevent perpetual headroom growth (Guillaume Nault) [RHEL-33934 RHEL-31816] {CVE-2024-26804}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) [RHEL-30910 RHEL-19729]
- gro: fix ownership transfer (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [RHEL-30910 RHEL-19729]
- bpf, tcx: Get rid of tcx_link_const (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add additional mprog query test coverage (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Make seen_tc* variable tests more robust (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test query on empty mprog and pass revision into attach (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Adapt assert_mprog_count to always expect 0 count (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftest/bpf: Add various selftests for program limits (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Refuse unused attributes in bpf_prog_{attach,detach} (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Handle bpf_mprog_query with NULL entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- net: Fix skb consume leak in sch_handle_egress (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add various more tcx test cases (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add test for detachment on empty mprog entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat during dev unregister (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat in ingress_destroy upon tcx_entry_free (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx links (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx opts (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Add fd-based tcx multi-prog infra with link support (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpftool: Implement link show support for tcx (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpftool: Extend net dump with tcx progs (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpf: fix precision backtracking instruction iteration (Jay Shin) [RHEL-35230 RHEL-23643]
* Tue May 07 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.17.1.el9_4]
- ceph: switch to use cap_delay_lock for the unlink delay list (Jay Shin) [RHEL-33003 RHEL-32997]
- ceph: remove useless session parameter for check_caps() (Xiubo Li) [RHEL-33003 RHEL-19813]
- ceph: flush the dirty caps immediatelly when quota is approaching (Xiubo Li) [RHEL-33003 RHEL-19813]
- vhost: Add smp_rmb() in vhost_enable_notify() (Gavin Shan) [RHEL-31839 RHEL-26104]
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) [RHEL-31839 RHEL-26104]
- iommu/vt-d: Support enforce_cache_coherency only for empty domains (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Add MTL to quirk list to skip TE disabling (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Make context clearing consistent with context mapping (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Disable PCI ATS in legacy passthrough mode (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- PCI/MSI: Prevent MSI hardware interrupt number truncation (Myron Stowe) [RHEL-33656 RHEL-21453]
* Fri Apr 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.16.1.el9_4]
- memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656]
- memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656]
- iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656]
* Fri Apr 19 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.15.1.el9_4]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000]
- crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742}
* Fri Apr 12 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.14.1.el9_4]
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845]
- printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709]
- mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667]
- trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667]
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667]
- cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514]
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}
* Wed Apr 10 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.13.1.el9_4]
- ice: fix enabling RX VLAN filtering (Petr Oros) [RHEL-28837]
* Fri Apr 05 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.12.1.el9_4]
- mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28877 RHEL-28878] {CVE-2023-52489}
- Revert "[redhat] kabi: add symbol __scsi_execute to stablelist" (Ewan D. Milne) [RHEL-30725]
* Wed Apr 03 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.11.1.el9_4]
- xfs: fix SEEK_HOLE/DATA for regions with active COW extents (Bill O'Donnell) [RHEL-29365]
* Tue Apr 02 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.10.1.el9_4]
- NFS: remove sync_mode test from nfs_writepage_locked() (Jeffrey Layton) [RHEL-28630]
- nfs: Remove writepage (Jeffrey Layton) [RHEL-28630]
* Mon Apr 01 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.9.1.el9_4]
- blk-mq: don't schedule block kworker on isolated CPUs (Ming Lei) [RHEL-13920]
* Tue Mar 26 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.8.1.el9_4]
- dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29679]
- dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29679]
- NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-7976]
* Mon Mar 25 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.7.1.el9_4]
- NFS: Read unlock folio on nfs_page_create_from_folio() error (Benjamin Coddington) [RHEL-18029]
- i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-15701]
- i40e: Fix firmware version comparison function (Ivan Vecera) [RHEL-15701]
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (Ivan Vecera) [RHEL-15701]
- i40e: take into account XDP Tx queues when stopping rings (Ivan Vecera) [RHEL-15701]
- i40e: avoid double calling i40e_pf_rxq_wait() (Ivan Vecera) [RHEL-15701]
- i40e: Fix wrong mask used during DCB config (Ivan Vecera) [RHEL-15701]
- i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) [RHEL-15701]
- i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-15701]
- net: intel: fix old compiler regressions (Ivan Vecera) [RHEL-15701]
- i40e: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Ivan Vecera) [RHEL-15701]
- i40e: set xdp_rxq_info::frag_size (Ivan Vecera) [RHEL-15701]
- intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Ivan Vecera) [RHEL-15701]
- i40e: handle multi-buffer packets that are shrunk by xdp prog (Ivan Vecera) [RHEL-15701]
- i40e: Include types.h to some headers (Ivan Vecera) [RHEL-15701]
- i40e: Restore VF MSI-X state during PCI reset (Ivan Vecera) [RHEL-15701]
- i40e: fix use-after-free in i40e_aqc_add_filters() (Ivan Vecera) [RHEL-15701]
- i40e: Avoid unnecessary use of comma operator (Ivan Vecera) [RHEL-15701]
- i40e: Fix VF disable behavior to block all traffic (Ivan Vecera) [RHEL-15701]
- i40e: Fix filter input checks to prevent config with invalid values (Ivan Vecera) [RHEL-15701]
- i40e: field get conversion (Ivan Vecera) [RHEL-15701]
- i40e: field prep conversion (Ivan Vecera) [RHEL-15701]
- intel: add bit macro includes where needed (Ivan Vecera) [RHEL-15701]
- i40e: remove fake support of rx-frames-irq (Ivan Vecera) [RHEL-15701]
- i40e: Fix ST code value for Clause 45 (Ivan Vecera) [RHEL-15701]
- i40e: Fix unexpected MFS warning message (Ivan Vecera) [RHEL-15701]
- i40e: Remove queue tracking fields from i40e_adminq_ring (Ivan Vecera) [RHEL-15701]
- i40e: Remove AQ register definitions for VF types (Ivan Vecera) [RHEL-15701]
- i40e: Delete unused and useless i40e_pf fields (Ivan Vecera) [RHEL-15701]
- i40e: Fix adding unsupported cloud filters (Ivan Vecera) [RHEL-15701]
- i40e: Delete unused i40e_mac_info fields (Ivan Vecera) [RHEL-15701]
- i40e: Move inline helpers to i40e_prototype.h (Ivan Vecera) [RHEL-15701]
- i40e: Remove VF MAC types (Ivan Vecera) [RHEL-15701]
- i40e: Use helpers to check running FW and AQ API versions (Ivan Vecera) [RHEL-15701]
- i40e: Add other helpers to check version of running firmware and AQ API (Ivan Vecera) [RHEL-15701]
- i40e: Move i40e_is_aq_api_ver_ge helper (Ivan Vecera) [RHEL-15701]
- i40e: Initialize hardware capabilities at single place (Ivan Vecera) [RHEL-15701]
- i40e: Consolidate hardware capabilities (Ivan Vecera) [RHEL-15701]
- i40e: Use DECLARE_BITMAP for flags field in i40e_hw (Ivan Vecera) [RHEL-15701]
- i40e: Use DECLARE_BITMAP for flags and hw_features fields in i40e_pf (Ivan Vecera) [RHEL-15701]
- i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-15701]
- i40e: Remove unused flags (Ivan Vecera) [RHEL-15701]
- i40e: add an error code check in i40e_vsi_setup (Ivan Vecera) [RHEL-15701]
- i40e: increase max descriptors for XL710 (Ivan Vecera) [RHEL-15701]
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) [RHEL-15701]
- i40e: sync next_to_clean and next_to_process for programming status desc (Ivan Vecera) [RHEL-15701]
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (Ivan Vecera) [RHEL-15701]
- i40e: xsk: remove count_mask (Ivan Vecera) [RHEL-15701]
- i40e: use scnprintf over strncpy+strncat (Ivan Vecera) [RHEL-15701]
- intel: fix format warnings (Ivan Vecera) [RHEL-15701]
- i40e: Refactor and rename i40e_read_pba_string() (Ivan Vecera) [RHEL-15701]
- i40e: Split and refactor i40e_nvm_version_str() (Ivan Vecera) [RHEL-15701]
- i40e: prevent crash on probe if hw registers have invalid values (Ivan Vecera) [RHEL-15701]
- i40e: Move DDP specific macros and structures to i40e_ddp.c (Ivan Vecera) [RHEL-15701]
- i40e: Remove circular header dependencies and fix headers (Ivan Vecera) [RHEL-15701]
- i40e: Split i40e_osdep.h (Ivan Vecera) [RHEL-15701]
- i40e: Move memory allocation structures to i40e_alloc.h (Ivan Vecera) [RHEL-15701]
- i40e: Simplify memory allocation functions (Ivan Vecera) [RHEL-15701]
- i40e: Refactor I40E_MDIO_CLAUSE* macros (Ivan Vecera) [RHEL-15701]
- i40e: Move I40E_MASK macro to i40e_register.h (Ivan Vecera) [RHEL-15701]
- i40e: Remove back pointer from i40e_hw structure (Ivan Vecera) [RHEL-15701]
- i40e: Add rx_missed_errors for buffer exhaustion (Ivan Vecera) [RHEL-15701]
- net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). (Ivan Vecera) [RHEL-15701]
- i40e: fix potential memory leaks in i40e_remove() (Ivan Vecera) [RHEL-15701]
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (Ivan Vecera) [RHEL-15701]
- i40e: fix misleading debug logs (Ivan Vecera) [RHEL-15701]
- i40e: Replace one-element array with flex-array member in struct i40e_profile_aq_section (Ivan Vecera) [RHEL-15701]
- i40e: Replace one-element array with flex-array member in struct i40e_section_table (Ivan Vecera) [RHEL-15701]
- i40e: Replace one-element array with flex-array member in struct i40e_profile_segment (Ivan Vecera) [RHEL-15701]
- i40e: Replace one-element array with flex-array member in struct i40e_package_header (Ivan Vecera) [RHEL-15701]
- i40e: Remove unused function declarations (Ivan Vecera) [RHEL-15701]
- i40e: remove i40e_status (Ivan Vecera) [RHEL-15701]
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (Ivan Vecera) [RHEL-15701]
- i40e: xsk: add TX multi-buffer support (Ivan Vecera) [RHEL-15701]
- i40e: xsk: add RX multi-buffer support (Ivan Vecera) [RHEL-15701]
- i40e, xsk: fix comment typo (Ivan Vecera) [RHEL-15701]
- i40e: remove unnecessary check for old MAC == new MAC (Ivan Vecera) [RHEL-15701]
- i40e: fix i40e_setup_misc_vector() error handling (Ivan Vecera) [RHEL-15701]
- i40e: fix accessing vsi->active_filters without holding lock (Ivan Vecera) [RHEL-15701]
- i40e: Add support for VF to specify its primary MAC address (Ivan Vecera) [RHEL-15701]
- i40e: fix registers dump after run ethtool adapter self test (Ivan Vecera) [RHEL-15701]
- i40e: fix flow director packet filter programming (Ivan Vecera) [RHEL-15701]
- i40e: add support for XDP multi-buffer Rx (Ivan Vecera) [RHEL-15701]
- i40e: add xdp_buff to i40e_ring struct (Ivan Vecera) [RHEL-15701]
- i40e: introduce next_to_process to i40e_ring (Ivan Vecera) [RHEL-15701]
- i40e: use frame_sz instead of recalculating truesize for building skb (Ivan Vecera) [RHEL-15701]
- i40e: Change size to truesize when using i40e_rx_buffer_flip() (Ivan Vecera) [RHEL-15701]
- i40e: add pre-xdp page_count in rx_buffer (Ivan Vecera) [RHEL-15701]
- i40e: change Rx buffer size for legacy-rx to support XDP multi-buffer (Ivan Vecera) [RHEL-15701]
- i40e: consolidate maximum frame size calculation for vsi (Ivan Vecera) [RHEL-15701]
- i40e: check vsi type before setting xdp_features flag (Ivan Vecera) [RHEL-15701]
- drivers: net: turn on XDP features (Ivan Vecera) [RHEL-15701]
- i40e: add xdp frags support to ndo_xdp_xmit (Ivan Vecera) [RHEL-15701]
- dmaengine: idxd: Ensure safe user copy of completion record (Jerry Snitselaar) [RHEL-28511]
- dmaengine: idxd: Remove shadow Event Log head stored in idxd (Jerry Snitselaar) [RHEL-28511]
- dmaengine: idxd: Move dma_free_coherent() out of spinlocked context (Jerry Snitselaar) [RHEL-28511]
* Thu Mar 21 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.6.1.el9_4]
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Daniel Vacek) [RHEL-26063]
- ASoC: Intel: soc-acpi: rt713+rt1316, no sdw-dmic config (Jaroslav Kysela) [RHEL-26456]
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Maxim Levitsky) [RHEL-26435]
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Maxim Levitsky) [RHEL-26435]
- mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26463 RHEL-26465] {CVE-2024-26586}
* Tue Mar 19 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.5.1.el9_4]
- i2c: i801: Fix block process call transactions (David Arcari) [RHEL-26479 RHEL-26481] {CVE-2024-26593}
- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23428 RHEL-23429] {CVE-2024-26602}
* Fri Mar 15 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.4.1.el9_4]
- redhat/configs: enable pwr-mlxbf (Nirmala Dalvi) [RHEL-21119]
- power: reset: pwr-mlxbf: support graceful reboot instead of emergency reset (Nirmala Dalvi) [RHEL-21119]
- power: reset: use capital "OR" for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21119]
- power: reset: pwr-mlxbf: change rst_pwr_hid and low_pwr_hid from global to local variables (Nirmala Dalvi) [RHEL-21119]
- power: reset: pwr-mlxbf: add missing include (Nirmala Dalvi) [RHEL-21119]
- power: reset: pwr-mlxbf: add BlueField SoC power control driver (Nirmala Dalvi) [RHEL-21119]
- redhat/configs: enable pinctrl_mlxbf3 This driver is required to support the pinctrl device on the Bluefield-3 card. (Nirmala Dalvi) [RHEL-21115]
- pinctrl: mlxbf3: Remove gpio_disable_free() (Nirmala Dalvi) [RHEL-21115]
- pinctrl: use capital "OR" for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21115]
- pinctrl: mlxbf3: set varaiable mlxbf3_pmx_funcs storage-class-specifier to static (Nirmala Dalvi) [RHEL-21115]
- pinctrl: mlxbf3: Add pinctrl driver support (Nirmala Dalvi) [RHEL-21115]
- redhat/configs: enable gpio_mlxbf3 (Nirmala Dalvi) [RHEL-21113]
- gpio: mlxbf3: add an error code check in mlxbf3_gpio_probe (Nirmala Dalvi) [RHEL-21113]
- gpio: mlxbf3: use capital "OR" for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21113]
- gpio: mlxbf3: Support add_pin_ranges() (Nirmala Dalvi) [RHEL-21113]
- gpio: mlxbf3: Add gpio driver support (Nirmala Dalvi) [RHEL-21113]
- redhat/configs: enable mlxbf-pmc (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Ignore unsupported performance blocks (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: mlxbf_pmc_event_list(): make size ptr optional (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Cleanup signed/unsigned mix-up (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Replace uintN_t with kernel-style types (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Fix offset calculation for crspace events (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: Check devm_hwmon_device_register_with_groups() return value (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: Add null pointer checks for devm_kasprintf() (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Add support for BlueField-3 (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: fix sscanf() error checking (Luiz Capitulino) [RHEL-21122]
- platform/mellanox: mlxbf-pmc: fix kernel-doc notation (Luiz Capitulino) [RHEL-21122]
- SUNRPC: Remove stale comments (Jeffrey Layton) [RHEL-22860]
- NFSD: Remove BUG_ON in nfsd4_process_cb_update() (Jeffrey Layton) [RHEL-22860]
- NFSD: Replace comment with lockdep assertion (Jeffrey Layton) [RHEL-22860]
- NFSD: Remove unused @reason argument (Jeffrey Layton) [RHEL-22860]
- NFSD: Add callback operation lifetime trace points (Jeffrey Layton) [RHEL-22860]
- NFSD: Rename nfsd_cb_state trace point (Jeffrey Layton) [RHEL-22860]
- NFSD: Replace dprintks in nfsd4_cb_sequence_done() (Jeffrey Layton) [RHEL-22860]
- NFSD: Add nfsd_seq4_status trace event (Jeffrey Layton) [RHEL-22860]
- NFSD: Retransmit callbacks after client reconnects (Jeffrey Layton) [RHEL-22860]
- NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (Jeffrey Layton) [RHEL-22860]
- NFSD: Convert the callback workqueue to use delayed_work (Jeffrey Layton) [RHEL-22860]
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Jeffrey Layton) [RHEL-22860]
- NFSv4, NFSD: move enum nfs_cb_opnum4 to include/linux/nfs4.h (Jeffrey Layton) [RHEL-22860]
- tls: fix use-after-free on failed backlog decryption (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584}
- tls: separate no-async decryption request handling from async (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584}
- tls: decrement decrypt_pending if no async completion will be called (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583}
- net: tls: fix use-after-free with partial reads and async decrypt (Sabrina Dubroca) [RHEL-26398 RHEL-26401] {CVE-2024-26582}
- net: tls: handle backlogging of crypto requests (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584}
- tls: fix race between tx work scheduling and socket close (Sabrina Dubroca) [RHEL-26361 RHEL-26363] {CVE-2024-26585}
- tls: fix race between async notify and socket close (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583}
- net: tls: factor out tls_*crypt_async_wait() (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583}
- i2c: mlxbf: Use devm_platform_get_and_ioremap_resource() (Luiz Capitulino) [RHEL-21116]
- I2C: Explicitly include correct DT includes (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: Use dev_err_probe in probe function (Luiz Capitulino) [RHEL-21116]
- i2c: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: depend on ACPI; clean away ifdeffage (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: remove device tree support (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: support BlueField-3 SoC (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: add multi slave functionality (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: support lock mechanism (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: Fix frequency calculation (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: Refactor _UID handling to use acpi_dev_uid_to_integer() (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: remove IRQF_ONESHOT (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Luiz Capitulino) [RHEL-21116]
- i2c: mlxbf: incorrect base address passed during io write (Luiz Capitulino) [RHEL-21116]
* Thu Mar 14 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.3.1.el9_4]
- SEV: disable SEV-ES DebugSwap by default (Paolo Bonzini) [RHEL-22997]
- dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-20912]
- dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-20912]
- dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-20912]
- dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-20912]
- dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-20912]
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26665]
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26500 RHEL-26502] {CVE-2023-52448}
- NFSv4: Always ask for type with READDIR (Benjamin Coddington) [RHEL-15843]
- sunrpc: have svc tasks sleep in TASK_INTERRUPTIBLE instead of TASK_IDLE (Jeffrey Layton) [RHEL-22742]
- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21687 RHEL-21688] {CVE-2024-0565}
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (Aristeu Rozanski) [RHEL-10022]
- EDAC/mc: Add support for HBM3 memory type (Aristeu Rozanski) [RHEL-10022]
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (Aristeu Rozanski) [RHEL-10022]
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (Aristeu Rozanski) [RHEL-10022]
- x86/mce/amd, EDAC/mce_amd: Move long names to decoder module (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Cache and use GPU node map (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Document heterogeneous system enumeration (Aristeu Rozanski) [RHEL-10022]
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (Aristeu Rozanski) [RHEL-10022]
- EDAC: Sanitize MODULE_AUTHOR strings (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Add get_err_info() to pvt->ops (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Split init_csrows() into dct/umc functions (Aristeu Rozanski) [RHEL-10022]
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Aristeu Rozanski) [RHEL-10022]
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (Viktor Malik) [RHEL-26131]
- fprobe: Release rethook after the ftrace_ops is unregistered (Viktor Malik) [RHEL-26131]
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super {CVE-2024-0841} (Audra Mitchell) [RHEL-20615 RHEL-20617] {CVE-2024-0841}
- smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26242 RHEL-26244] {CVE-2023-52434}
- smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26242 RHEL-26244] {CVE-2023-52434}
* Mon Mar 11 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.2.1.el9_4]
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) [RHEL-23426]
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (Paolo Bonzini) [RHEL-23426]
- x86/boot: Move x86_cache_alignment initialization to correct spot (Paolo Bonzini) [RHEL-23426]
- x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach (Paolo Bonzini) [RHEL-23426]
- KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu (Prasad Pandit) [RHEL-2815]
- drm/tegra: Remove existing framebuffer only if we support display (Robert Foss) [RHEL-26130]
- Deprecate qla4xxx in RHEL-9 (Chris Leech) [RHEL-1241]
- dm-bufio: fix no-sleep mode (Benjamin Marzinski) [RHEL-23968]
- selftests: rtnetlink: add MACsec offload tests (Sabrina Dubroca) [RHEL-24616]
- netdevsim: add dummy macsec offload (Sabrina Dubroca) [RHEL-24616]
- selftests: rtnetlink: Make the set of tests to run configurable (Sabrina Dubroca) [RHEL-24616]
* Mon Mar 04 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.1.1.el9_4]
- config: wifi: enable MT7925E card (Jose Ignacio Tornos Martinez) [RHEL-14693]
- shmem: support idmapped mounts for tmpfs (Giuseppe Scrivano) [RHEL-23900]
- iommu/vt-d: Fix incorrect cache invalidation for mm notification (Jerry Snitselaar) [RHEL-26541]
- mmu_notifiers: rename invalidate_range notifier (Jerry Snitselaar) [RHEL-26541]
- mmu_notifiers: don't invalidate secondary TLBs as part of mmu_notifier_invalidate_range_end() (Jerry Snitselaar) [RHEL-26541]
- mmu_notifiers: call invalidate_range() when invalidating TLBs (Jerry Snitselaar) [RHEL-26541]
- mmu_notifiers: fixup comment in mmu_interval_read_begin() (Jerry Snitselaar) [RHEL-26541]
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: Fix intermittent no ip issue (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: fix receive packet race condition (Luiz Capitulino) [RHEL-21118]
- net: ethernet: mellanox: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: Remove two unused function declarations (Luiz Capitulino) [RHEL-21118]
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: fix white space in mlxbf_gige_eth_ioctl (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: add "set_link_ksettings" ethtool callback (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: support 10M/100M/1G speeds on BlueField-3 (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: add MDIO support for BlueField-3 (Luiz Capitulino) [RHEL-21118]
- net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: clear MDIO gateway lock after read (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: compute MDIO period based on i1clk (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: remove own module name define and use KBUILD_MODNAME instead (Luiz Capitulino) [RHEL-21118]
- net/mlxbf_gige: use eth_zero_addr() to clear mac address (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: remove driver-managed interrupt counts (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: increase MDIO polling rate to 5us (Luiz Capitulino) [RHEL-21118]
- net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (Luiz Capitulino) [RHEL-21118]
- mlxbf_gige: clear valid_polarity upon open (Luiz Capitulino) [RHEL-21118]
- net/mlxbf_gige: Make use of devm_platform_ioremap_resourcexxx() (Luiz Capitulino) [RHEL-21118]
- redhat: update self-test data (Scott Weaver)
- redhat: enable zstream release numbering for RHEL 9.4 (Scott Weaver)
- redhat: set default dist suffix for RHEL 9.4 (Scott Weaver)
* Thu Apr 11 2024 Arkady L. Shane <tigro@msvsphere-os.ru> [5.14.0-427.el9.1]
- AlmaLinux patches
* hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
* mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
* qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
* qla4xxx: bring back deprecated PCI ids
* lpfc: bring back deprecated PCI ids
* be2iscsi: bring back deprecated PCI ids
* nvme *pci: add BOGUS_NID for Intel 0a54 device
* kernel/rh_messages.h: empty rh_disabled_pci_devices and rh_unmaintained_pci_devices lists
* Thu Feb 22 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.el9]
- scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26145]
@ -38679,6 +37866,9 @@ fi
- dm: fix __send_duplicate_bios() to always allow for splitting IO (Benjamin Marzinski) [2184420]
- dm: fix improper splitting for abnormal bios (Benjamin Marzinski) [2184420]
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - [5.14.0-299.el9]
- Rebuilt for MSVSphere 9.2 beta
* Thu Apr 13 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-299.el9]
- powerpc/xive: Use XIVE domain under xmon and debugfs (David Arcari) [2114045]
- powerpc/xics: Drop unmask of MSIs at startup (David Arcari) [2114045]
