[ol8_baseos_latest] kernel-debug-core-4.18.0-80.1.2.el8_0.x86_64

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

This variant of the kernel has numerous debugging options enabled.
It should only be installed when trying to gather additional information
on kernel bugs, as some of these options impact performance noticably.

Changelog (Show File list) (Show related packages)

• Mon Jul 08 2019 Natalya Naumova <natalya.naumova@oracle.com> - [4.18.0-80.1.2.el8_0.OL8]

  - Oracle Linux certificates (Alexey Petrenko)
  - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  - Update x509.genkey [Orabug: 24817676]

• Sun Apr 28 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.1.2.el8_0]

  - [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [include] locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
  - [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}

• Sat Apr 27 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.1.1.el8_0]

  - [zstream] switch to zstream (Frantisek Hrbata)

• Wed Mar 13 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.el8]

  - [arm64] revert "arm64: tlb: Avoid synchronous TLBIs when freeing page tables" (Christoph von Recklinghausen) [1685697]

• Mon Mar 11 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-79.el8]

  - [firmware] drivers/firmware: psci_checker: stash and use topology_core_cpumask for hotplug tests (Josh Poimboeuf) [1687101]
  - [arm64] arm64: topology: re-introduce numa mask check for scheduler MC selection (Josh Poimboeuf) [1687101]
  - [arm64] arm64: topology: rename llc_siblings to align with other struct members (Josh Poimboeuf) [1687101]
  - [arm64] arm64: smp: remove cpu and numa topology information when hotplugging out CPU (Josh Poimboeuf) [1687101]
  - [arm64] arm64: topology: restrict updating siblings_masks to online cpus only (Josh Poimboeuf) [1687101]
  - [arm64] arm64: topology: add support to remove cpu topology sibling masks (Josh Poimboeuf) [1687101]
  - [arm64] arm64: numa: separate out updates to percpu nodeid and NUMA node cpumap (Josh Poimboeuf) [1687101]
  - [arm64] arm64: topology: refactor reset_cpu_topology to add support for removing topology (Josh Poimboeuf) [1687101]

• Sun Mar 10 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-78.el8]

  - [fs] gfs2: Fix missed wakeups in find_insert_glock (Andreas Grunbacher) [1678907]

• Thu Mar 07 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-77.el8]

  - [firmware] efi: Reduce the amount of memblock reservations for persistent allocations (Bhupesh Sharma) [1682988]
  - [firmware] efi: Permit multiple entries in persistent memreserve data structure (Bhupesh Sharma) [1682988]
  - [kernel] cpu/hotplug: Create SMT sysfs interface for all arches (Josh Poimboeuf) [1686068]
  - [net] netfilter: nft_set_hash: bogus element self comparison from deactivation path (Florian Westphal) [1678574]
  - [net] netfilter: nft_set_hash: fix lookups with fixed size hash on big endian (Florian Westphal) [1678574]

• Tue Mar 05 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-76.el8]

  - [security] revert "Add a SysRq option to lift kernel lockdown" (Lenny Szubowicz) [1684348]
  - [s390] s390/setup: fix boot crash for machine without EDAT-1 (Philipp Rudo) [1677357]
  - [s390] s390/setup: fix early warning messages (Philipp Rudo) [1677357]

• Fri Mar 01 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-75.el8]

  - [netdrv] net: hns3: add 8 BD limit for tx flow (Xiaojun Tan) [1676771]
  - [netdrv] net: hns3: fix a SSU buffer checking bug (Xiaojun Tan) [1676771]
  - [netdrv] net: hns3: aligning buffer size in SSU to 256 bytes (Xiaojun Tan) [1676771]
  - [netdrv] net: hns3: getting tx and dv buffer size through firmware (Xiaojun Tan) [1676771]
  - [net] netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs (Florian Westphal) [1676602]
  - [char] ipmi: fix use-after-free of user->release_barrier.rda (Xiaojun Tan) [1677550]
  - [char] ipmi: Prevent use-after-free in deliver_response (Xiaojun Tan) [1677550]

• Wed Feb 27 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-74.el8]

  - [x86] revert "cpu/hotplug: Add SMT policy options" (Josh Poimboeuf) [1683690]
  - [crypto] net: crypto set sk to NULL when af_alg_release (Neil Horman) [1679450] {CVE-2019-8912}
  - [drm] drm/i915/gvt: update force-to-nonpriv register whitelist (Paul Lai) [1643972]
  - [kernel] MODSIGN: Also check platform keyring in mod_verify_sig() (Lenny Szubowicz) [1568532]
  - [kernel] Fix for module sig verification (Lenny Szubowicz) [1568532]
  - [security] efi: Lock down the kernel if booted in secure boot mode (Lenny Szubowicz) [1568532]
  - [firmware] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode (Lenny Szubowicz) [1568532]
  - [x86] Copy secure_boot flag in boot params across kexec reboot (Lenny Szubowicz) [1568532]
  - [fs] debugfs: Restrict debugfs when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [mm] x86/mmiotrace: Lock down the testmmiotrace module (Lenny Szubowicz) [1568532]
  - [kernel] Lock down module params that specify hardware parameters (eg. ioport) (Lenny Szubowicz) [1568532]
  - [tty] Lock down TIOCSSERIAL (Lenny Szubowicz) [1568532]
  - [pcmcia] Prohibit PCMCIA CIS storage when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [acpi] acpi: Disable ACPI table override if the kernel is locked down (Lenny Szubowicz) [1568532]
  - [acpi] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down (Lenny Szubowicz) [1568532]
  - [acpi] ACPI: Limit access to custom_method when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [x86] x86/msr: Restrict MSR access when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [x86] x86: Lock down IO port access when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [pci] PCI: Lock down BAR access when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [kernel] uswsusp: Disable when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [kernel] hibernate: Disable when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [kernel] kexec_load: Disable at runtime if the kernel is locked down (Lenny Szubowicz) [1568532]
  - [char] Restrict /dev/{mem, kmem, port} when the kernel is locked down (Lenny Szubowicz) [1568532]
  - [kernel] MODSIGN: Enforce module signatures if the kernel is locked down (Lenny Szubowicz) [1568532]
  - [security] Add a SysRq option to lift kernel lockdown (Lenny Szubowicz) [1568532]
  - [security] Add the ability to lock down access to the running kernel image (Lenny Szubowicz) [1568532]