-
Tue Jan 24 2023 Darren Archibald <darren.archibald@oracle.com> [3.10.0-1160.83.1.0.2.el7.OL7]
- md/raid5: fix oops during stripe resizing (Ritika Srivastava) [Orabug: 34048726]
- blk-mq: Remove generation seqeunce (Ritika Srivastava) [Orabug: 33964689]
- block: init flush rq ref count to 1 (Ritika Srivastava) [Orabug: 33964689]
- block: fix null pointer dereference in blk_mq_rq_timed_out() (Ritika Srivastava) [Orabug: 33964689]
- [xen/netfront] stop tx queues during live migration (Orabug: 33446314)
- [xen/balloon] Support xend-based toolstack (Orabug: 28663970)
- [x86/apic/x2apic] avoid allocate multiple irq vectors for a single interrupt on multiple cpu, otherwise irq vectors would be used up when there are only 2 cpu online per node. [Orabug: 28691156]
- [bonding] avoid repeated display of same link status change. [Orabug: 28109857]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [Orabug: 22552377
- kexec: Increase KEXEC_AUTO_RESERVED_SIZE to 256M [Orabug: 31517048]
-
Tue Jan 24 2023 Darren Archibald <darren.archibald@oracle.com> [3.10.0-1160.83.1.0.1.el7.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}
Tue Jan 24 2023 Darren Archibald <darren.archibald@oracle.com> [3.10.0-1160.83.1.el7.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9.el7
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)
-
Mon Dec 19 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.83.1.el7]
- x86/sme: avoid using __x86_return_thunk (Rafael Aquini) [2122158]
- scsi: core: Simplify control flow in scmd_eh_abort_handler() (Ewan D. Milne) [2128337]
- scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run (Ewan D. Milne) [2128337]
- [netdrv] i40e: Fix freeing of uninitialized misc IRQ vector (Jamie Bainbridge) [2129248]
- x86/speculation: Use generic retpoline by default on AMD (Rafael Aquini) [2062165] {CVE-2021-26401}
-
Thu Dec 08 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.82.1.el7]
- net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}
- net: usb: ax88179_178a: fix packet alignment padding (Jose Ignacio Tornos Martinez) [2120504] {CVE-2022-2964}
- mm: swap: disable swap_vma_readahead for PPC64 (Rafael Aquini) [2142455]
-
Thu Nov 24 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.81.1.el7]
- [netdrv] bnxt: don't lock the tx queue from napi poll (Jamie Bainbridge) [2110869]
- [netdrv] bnxt_en: reverse order of TX disable and carrier off (Jamie Bainbridge) [2110869]
- [netdrv] qede: confirm skb is allocated before using (Jamie Bainbridge) [2131145]
-
Sat Oct 08 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.80.1.el7]
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]
- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]
-
Thu Sep 22 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.79.1.el7]
- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}
- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
-
Thu Sep 15 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.78.1.el7]
- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}
-
Thu Sep 08 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.77.1.el7]
- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]
- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]
- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]
- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]
- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]
- net/mlx5: Expose command polling interface (Jay Shin) [2077711]
- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]
- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]
- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]
-
Tue Jul 26 2022 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-1160.76.1.el7]
- sfc: complete the next packet when we receive a timestamp (Íñigo Huguet) [1793280]