[4.18.0-425.3.1.OL8]
– Update Oracle Linux certificates (Kevin Lyons)
– Disable signing for aarch64 (Ilya Okomin)
– Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
– Update x509.genkey [Orabug: 24817676]
– Conflict with shim-ia32 and shim-x64 num_chipselect constraint (Jaroslav Kysela) [2005073]
– spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]
– spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]
– spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]
– spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]
– spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]
– spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]
– spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]
– spi: Reduce kthread priority (Jaroslav Kysela) [2005073]
– spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]
– i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]
– s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]
– nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]
– x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}
– x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}
– tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]
– tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]
– x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]
– x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]
– x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]
– x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]
– iavf: Fix reset error handling (Petr Oros) [2119759]
– iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]
– iavf: Fix adminq error handling (Petr Oros) [2119759]
– iavf: Fix missing state logs (Petr Oros) [2119759]
– ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]
[4.18.0-423]
– netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]
– net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]
– net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]
– net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]
– net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]
– net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]
– net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]
– Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]
– net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]
– net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]
– net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]
– net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]
– net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]
– net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]
– net/mlx5: fix typo in comment (Amir Tzin) [2049440]
– IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]
– net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]
– net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]
– net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]
– net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]
– net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]
– net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]
– net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]
– net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]
– net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]
– net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]
– net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]
– net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]
– net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]
– net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]
– net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]
– net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]
– net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]
– net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]
– net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]
– net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]
– net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]
– net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]
– net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]
– RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]
– RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]
– net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]
– net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]
– net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]
– net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]
– net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]
– net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]
– net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]
– net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]
– net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]
– net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]
– net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]
– net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]
– net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]
– net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]
– net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]
– net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]
– net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]
– net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]
– net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]
– RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]
– net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]
– net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]
– net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]
– net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]
– net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]
– net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]
– net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]
– net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]
– net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]
– net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]
– net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]
– net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]
– net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]
– net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]
– net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]
– net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]
– net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]
– net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]
– net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]
– net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]
– net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]
– net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]
– net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]
– net/mlx5: Add pages debugfs (Amir Tzin) [2049440]
– net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]
– net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]
– net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]
– net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]
– net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]
– net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]
– net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]
– net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]
– mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]
– net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]
– net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]
– net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]
– net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]
– net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]
– net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]
– net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]
– RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]
– net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]
– net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]
– net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]
– net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]
– net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]
– net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]
– net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]
– net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]
– net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]
– net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]
– net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]
– net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]
– net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]
– mlx5: remove unused static inlines (Amir Tzin) [2049440]
– RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]
– RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]
– RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]
– RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]
– RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]
– net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]
– net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]
– net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]
– net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]
– net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]
– net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]
– net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]
– net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]
– net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]
– net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]
– net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]
– net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]
– net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]
– net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]
– net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]
– net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]
– net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]
– net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]
– net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]
– net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]
– net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]
– net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]
– net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]
– net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]
– net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]
– net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]
– net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]
– RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]
– RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]
– net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]
– net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]
– net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]
– net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]
– net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]
– net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]
– net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]
– net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]
– net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]
– net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]
– net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]
– net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]
– net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}
– netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}
– netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}
– netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}
– net: let flow have same hash in two directions (Ivan Vecera) [2111094]
– ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]
– net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]
– selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]
– selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]
– selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]
– ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]
– ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]
– ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]
– ipv6: Use a more suitable label name (Ivan Vecera) [2111094]
– ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]
– ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]
– ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]
– ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]
– selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]
– ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]
– selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]
– ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]
– ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]
– ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]
– ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]
– net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]
– route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]
[4.18.0-422]
– drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]
– rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]
– redhat: add ca7 to redhat/git/files (Jarod Wilson)Read More
kernel security, bug fix, and enhancement update
