[ol9_appstream] kernel-headers-5.14.0-284.30.0.1.el9_2.aarch64

Name:	kernel-headers
Version:	5.14.0
Release:	284.30.0.1.el9_2
Architecture:	aarch64
Group:	Unspecified
Size:	5814299
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-headers-5.14.0-284.30.0.1.el9_2.aarch64.rpm
Source RPM:	kernel-5.14.0-284.30.0.1.el9_2.src.rpm
Build Date:	Thu Sep 14 2023
Build Host:	build-ol9-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://www.kernel.org/
Summary:	Header files for the Linux kernel for use by glibc
Description:	Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

Changelog (Show File list) (Show related packages)

Tue Sep 12 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.30.0.1.el9_2.OL9]

- x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637}
- x86/speculation: Restore speculation related MSRs {CVE-2023-1637}
- x86/pm: Save the MSR validity status at context setup {CVE-2023-1637}
- x86/pm: Fix false positive kmemleak report in msr_build_context() {CVE-2023-1637}
- x86/cpu: Restore AMD's DE_CFG MSR after resume {CVE-2023-1637}
- x86/pm: Add enumeration check before spec MSRs {CVE-2023-1637}
- arm64: efi: Execute runtime services from a dedicated {CVE-2023-21102}
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE {CVE-2023-3390}
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain {CVE-2023-3390}
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails {CVE-2023-3390}
- netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID {CVE-2023-4147}
- netfilter: nf_tables: do not ignore genmask when looking up chain by id {CVE-2023-31248}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001}
- netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776}

Thu Aug 03 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.25.1.0.1.el9_2.OL9]
```
- Fix KVM: x86/mmu: Fix race condition in direct_page_fault [Orabug: 35673032] {CVE-2022-45869}
```

Tue Aug 01 2023 Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com> - [5.14.0-284.25.1.el9_2.OL9]

- KVM: x86/mmu: Fix race condition in direct_page_fault
- prlimit: do_prlimit needs to have a speculation check {CVE-2023-0458}
- x86/speculation: Allow enabling STIBP with legacy IBRS {CVE-2023-1998}
- ipvlan: Fix out of bounds caused by unclear skb->cb {CVE-2023-3090}
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt {CVE-2023-35788}

Thu Jul 20 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.18.1.el9_2.OL9]

- cifs: fix wrong unlock before return from cifs_tree_connect()
- docs: Remove the unnecessary unicode character
- perf vendor events intel: Refresh ivytown metrics and events
- perf vendor events: Update Intel ivytown
- perf vendor events intel: Refresh jaketown metrics and events
- perf vendor events: Update Intel jaketown
- NFSD: RHEL-only bug introduced in fix for COMMIT and NFS4ERR_DELAY loop
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
- workqueue: Fix isolated CPUs interference problem
- sched/core: Fix arch_scale_freq_tick() on tickless systems
- ice: no busy waiting in GNSS thread and for SQ commands
- wdat_wdt: avoid watchdog timeout during reboot
- hugetlbfs: don't delete error page from pagecache
- mm/filemap: fix page end in filemap_get_read_batch
- isched/deadline: Add more reschedule cases to prio_changed_dl()
- sched/rt: Fix bad task migration for rt tasks
- blk-mq: directly poll requests
- KVM: VMX: Fix crash due to uninitialized current_vmcs
- wifi: iwlwifi: mvm: protect TXQ list manipulation
- crypto: jitter - permanent and intermittent health errors
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
- cpufreq: intel_pstate: Read all MSRs on the target CPU
- cpufreq: intel_pstate: Enable HWP IO boost for all servers
- crypto: qat: Update QAT drivers upto v6.2
- info/owners.yaml: Adjust intel_qat subsystem entry
- net: tls: fix possible race condition between do_tls_getsockopt_conf and do_tls_setsockopt_conf() {CVE-2023-28466}
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() {CVE-2023-2194}
- xfs: verify buffer contents when we skip log replay {CVE-2023-2124} 
- bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002}
- netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233}
- perf: Fix check before add_event_to_groups() in perf_group_detach() {CVE-2023-2235}

Tue May 09 2023 Natalya Naumova <natalya.naumova@oracle.com> - [5.14.0-284.11.1.el9_2.OL9]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]

Wed Apr 12 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.11.1.el9_2]

- vfio: Make the group FD disassociate from the iommu_group (Alex Williamson) [2180649]
- vfio: Hold a reference to the iommu_group in kvm for SPAPR (Alex Williamson) [2180649]
- vfio: Add vfio_file_is_group() (Alex Williamson) [2180649]
- vfio: Change vfio_group->group_rwsem to a mutex (Alex Williamson) [2180649]
- vfio: Remove the vfio_group->users and users_comp (Alex Williamson) [2180649]
- vfio: Follow a strict lifetime for struct iommu_group (Alex Williamson) [2180649]

Wed Apr 05 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.10.1.el9_2]

- dm: fix __send_duplicate_bios() to always allow for splitting IO (Benjamin Marzinski) [2184420]
- dm: fix improper splitting for abnormal bios (Benjamin Marzinski) [2184420]

Tue Apr 04 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.9.1.el9_2]

- ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) [2165345] {CVE-2023-0386}

Mon Apr 03 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.8.1.el9_2]

- Reinstate "GFS2: free disk inode which is deleted by remote node -V2" (Bob Peterson) [2181344]
- iavf: fix hang on reboot with ice (Stefan Assmann) [2175775]
- xfs: fix off-by-one-block in xfs_discard_folio() (Carlos Maiolino) [2178173]

Thu Mar 30 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.7.1.el9_2]

- rxrpc: Fix wrong error return in rxrpc_connect_call() (Marc Dionne) [2170099]
- rxrpc: Fix incoming call setup race (Marc Dionne) [2170099]
- rxrpc: Move client call connection to the I/O thread (Marc Dionne) [2170099]
- rxrpc: Move the client conn cache management to the I/O thread (Marc Dionne) [2170099]
- rxrpc: Remove call->state_lock (Marc Dionne) [2170099]
- rxrpc: Move call state changes from recvmsg to I/O thread (Marc Dionne) [2170099]
- rxrpc: Move call state changes from sendmsg to I/O thread (Marc Dionne) [2170099]
- rxrpc: Wrap accesses to get call state to put the barrier in one place (Marc Dionne) [2170099]
- rxrpc: Split out the call state changing functions into their own file (Marc Dionne) [2170099]
- rxrpc: Set up a connection bundle from a call, not rxrpc_conn_parameters (Marc Dionne) [2170099]
- rxrpc: Offload the completion of service conn security to the I/O thread (Marc Dionne) [2170099]
- rxrpc: Make the set of connection IDs per local endpoint (Marc Dionne) [2170099]
- rxrpc: Tidy up abort generation infrastructure (Marc Dionne) [2170099]
- rxrpc: Clean up connection abort (Marc Dionne) [2170099]
- rxrpc: Implement a mechanism to send an event notification to a connection (Marc Dionne) [2170099]
- rxrpc: Only disconnect calls in the I/O thread (Marc Dionne) [2170099]
- rxrpc: Only set/transmit aborts in the I/O thread (Marc Dionne) [2170099]
- rxrpc: Separate call retransmission from other conn events (Marc Dionne) [2170099]
- rxrpc: Make the local endpoint hold a ref on a connected call (Marc Dionne) [2170099]
- rxrpc: Stash the network namespace pointer in rxrpc_local (Marc Dionne) [2170099]
- rxrpc: Fix a couple of potential use-after-frees (Marc Dionne) [2170099]
- rxrpc: Fix the return value of rxrpc_new_incoming_call() (Marc Dionne) [2170099]
- rxrpc: rxperf: Fix uninitialised variable (Marc Dionne) [2170099]
- rxrpc: Fix I/O thread stop (Marc Dionne) [2170099]
- rxrpc: Fix switched parameters in peer tracing (Marc Dionne) [2170099]
- rxrpc: Fix locking issues in rxrpc_put_peer_locked() (Marc Dionne) [2170099]
- rxrpc: Fix I/O thread startup getting skipped (Marc Dionne) [2170099]
- rxrpc: Fix NULL deref in rxrpc_unuse_local() (Marc Dionne) [2170099]
- rxrpc: Fix security setting propagation (Marc Dionne) [2170099]
- rxrpc: Fix missing unlock in rxrpc_do_sendmsg() (Marc Dionne) [2170099]
- rxrpc: Transmit ACKs at the point of generation (Marc Dionne) [2170099]
- rxrpc: Fold __rxrpc_unuse_local() into rxrpc_unuse_local() (Marc Dionne) [2170099]
- rxrpc: Move the cwnd degradation after transmitting packets (Marc Dionne) [2170099]
- rxrpc: Trace/count transmission underflows and cwnd resets (Marc Dionne) [2170099]
- rxrpc: Remove the _bh annotation from all the spinlocks (Marc Dionne) [2170099]
- rxrpc: Make the I/O thread take over the call and local processor work (Marc Dionne) [2170099]
- rxrpc: Extract the peer address from an incoming packet earlier (Marc Dionne) [2170099]
- rxrpc: Reduce the use of RCU in packet input (Marc Dionne) [2170099]
- rxrpc: Simplify skbuff accounting in receive path (Marc Dionne) [2170099]
- rxrpc: Remove RCU from peer->error_targets list (Marc Dionne) [2170099]
- rxrpc: Move DATA transmission into call processor work item (Marc Dionne) [2170099]
- rxrpc: Copy client call parameters into rxrpc_call earlier (Marc Dionne) [2170099]
- rxrpc: Implement a mechanism to send an event notification to a call (Marc Dionne) [2170099]
- rxrpc: Don't use sk->sk_receive_queue.lock to guard socket state changes (Marc Dionne) [2170099]
- rxrpc: Remove call->input_lock (Marc Dionne) [2170099]
- rxrpc: Move error processing into the local endpoint I/O thread (Marc Dionne) [2170099]
- rxrpc: Move packet reception processing into I/O thread (Marc Dionne) [2170099]
- rxrpc: Create a per-local endpoint receive queue and I/O thread (Marc Dionne) [2170099]
- rxrpc: Split the receive code (Marc Dionne) [2170099]
- rxrpc: Don't hold a ref for connection workqueue (Marc Dionne) [2170099]
- rxrpc: Don't hold a ref for call timer or workqueue (Marc Dionne) [2170099]
- rxrpc: trace: Don't use __builtin_return_address for sk_buff tracing (Marc Dionne) [2170099]
- rxrpc: Trace rxrpc_bundle refcount (Marc Dionne) [2170099]
- rxrpc: trace: Don't use __builtin_return_address for rxrpc_call tracing (Marc Dionne) [2170099]
- rxrpc: trace: Don't use __builtin_return_address for rxrpc_conn tracing (Marc Dionne) [2170099]
- rxrpc: trace: Don't use __builtin_return_address for rxrpc_peer tracing (Marc Dionne) [2170099]
- rxrpc: trace: Don't use __builtin_return_address for rxrpc_local tracing (Marc Dionne) [2170099]
- rxrpc: Extract the code from a received ABORT packet much earlier (Marc Dionne) [2170099]
- rxrpc: Drop rxrpc_conn_parameters from rxrpc_connection and rxrpc_bundle (Marc Dionne) [2170099]
- rxrpc: Remove the [_k]net() debugging macros (Marc Dionne) [2170099]
- rxrpc: Remove the [k_]proto() debugging macros (Marc Dionne) [2170099]
- rxrpc: Remove handling of duplicate packets in recvmsg_queue (Marc Dionne) [2170099]
- rxrpc: Fix call leak (Marc Dionne) [2170099]
- rxrpc: Enable rxperf test module (Marc Dionne) [2170099]
- rxrpc: Implement an in-kernel rxperf server for testing purposes (Marc Dionne) [2170099]
- rxrpc: Fix checker warning (Marc Dionne) [2170099]
- rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] (Marc Dionne) [2170099]
- rxrpc: uninitialized variable in rxrpc_send_ack_packet() (Marc Dionne) [2170099]
- rxrpc: fix rxkad_verify_response() (Marc Dionne) [2170099]
- rxrpc: Fix network address validation (Marc Dionne) [2170099]
- rxrpc: Fix oops from calling udpv6_sendmsg() on AF_INET socket (Marc Dionne) [2170099]
- rxrpc: Allocate an skcipher each time needed rather than reusing (Marc Dionne) [2170099]
- rxrpc: Fix congestion management (Marc Dionne) [2170099]
- rxrpc: Remove the rxtx ring (Marc Dionne) [2170099]
- rxrpc: Save last ACK's SACK table rather than marking txbufs (Marc Dionne) [2170099]
- rxrpc: Remove call->lock (Marc Dionne) [2170099]
- rxrpc: Don't use a ring buffer for call Tx queue (Marc Dionne) [2170099]
- rxrpc: Get rid of the Rx ring (Marc Dionne) [2170099]
- rxrpc: Clone received jumbo subpackets and queue separately (Marc Dionne) [2170099]
- rxrpc: Split the rxrpc_recvmsg tracepoint (Marc Dionne) [2170099]
- rxrpc: Clean up ACK handling (Marc Dionne) [2170099]
- rxrpc: Allocate ACK records at proposal and queue for transmission (Marc Dionne) [2170099]
- rxrpc: Define rxrpc_txbuf struct to carry data to be transmitted (Marc Dionne) [2170099]
- rxrpc: Remove call->tx_phase (Marc Dionne) [2170099]
- rxrpc: Remove the flags from the rxrpc_skb tracepoint (Marc Dionne) [2170099]
- rxrpc: Remove unnecessary header inclusions (Marc Dionne) [2170099]
- rxrpc: Call udp_sendmsg() directly (Marc Dionne) [2170099]
- rxrpc: Fix ack.bufferSize to be 0 when generating an ack (Marc Dionne) [2170099]
- rxrpc: Record stats for why the REQUEST-ACK flag is being set (Marc Dionne) [2170099]
- rxrpc: Record statistics about ACK types (Marc Dionne) [2170099]
- rxrpc: Add stats procfile and DATA packet stats (Marc Dionne) [2170099]
- rxrpc: Track highest acked serial (Marc Dionne) [2170099]
- rxrpc: Split call timer-expiration from call timer-set tracepoint (Marc Dionne) [2170099]
- rxrpc: Trace setting of the request-ack flag (Marc Dionne) [2170099]
- rxrpc: Automatically generate trace tag enums (Marc Dionne) [2170099]
- rxrpc: remove rxrpc_max_call_lifetime declaration (Marc Dionne) [2170099]
- rxrpc: Remove rxrpc_get_reply_time() which is no longer used (Marc Dionne) [2170099]
- rxrpc: Fix calc of resend age (Marc Dionne) [2170099]
- rxrpc: Fix local destruction being repeated (Marc Dionne) [2170099]
- rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (Marc Dionne) [2170099]
- rxrpc: Fix locking in rxrpc's sendmsg (Marc Dionne) [2170099]
- net: rxrpc: fix clang -Wformat warning (Marc Dionne) [2170099]
- rxrpc: Fix decision on when to generate an IDLE ACK (Marc Dionne) [2170099]
- rxrpc: Don't let ack.previousPacket regress (Marc Dionne) [2170099]
- rxrpc: Fix overlapping ACK accounting (Marc Dionne) [2170099]
- rxrpc: Don't try to resend the request if we're receiving the reply (Marc Dionne) [2170099]
- rxrpc: Fix listen() setting the bar too high for the prealloc rings (Marc Dionne) [2170099]
- rxrpc, afs: Fix selection of abort codes (Marc Dionne) [2170099]
- rxrpc: Return an error to sendmsg if call failed (Marc Dionne) [2170099]
- rxrpc: Fix locking issue (Marc Dionne) [2170099]
- rxrpc: Use refcount_t rather than atomic_t (Marc Dionne) [2170099]
- rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc (Marc Dionne) [2170099]
- rxrpc: Enable IPv6 checksums on transport socket (Marc Dionne) [2170099]
- rxrpc: Restore removed timer deletion (Marc Dionne) [2170099]
- rxrpc: fix a race in rxrpc_exit_net() (Marc Dionne) [2170099]
- rxrpc: fix some null-ptr-deref bugs in server_key.c (Marc Dionne) [2170099]
- rxrpc: Fix call timer start racing with call destruction (Marc Dionne) [2170099]
- rxrpc: Adjust retransmission backoff (Marc Dionne) [2170099]
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (Marc Dionne) [2170099]
- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (Marc Dionne) [2170099]
- rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (Marc Dionne) [2170099]
- net: RxRPC: make dependent Kconfig symbols be shown indented (Marc Dionne) [2170099]