[El-errata] ELSA-2020-5848 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Sep 15 07:49:13 PDT 2020

Oracle Linux Security Advisory ELSA-2020-5848


The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Revert "aarch64/BM: config failed, hub doesn't have any ports" (Thomas Tai)  [Orabug: 31838351] [Orabug: 31844671]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini)  [Orabug: 31839185] [Orabug: 31844556]

- nfsd: apply umask on fs without ACL support (J. Bruce Fields)  [Orabug: 31779884]  {CVE-2020-24394}
- arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces (Kees Cook)  [Orabug: 31776626]
- arm32/64/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook)  [Orabug: 31776626]
- arm32/64/elf: Add tables to document READ_IMPLIES_EXEC (Kees Cook)  [Orabug: 31776626]
- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit (Kees Cook)  [Orabug: 31776626]
- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook)  [Orabug: 31776626]
- x86/elf: Add table to document READ_IMPLIES_EXEC (Kees Cook)  [Orabug: 31776626]
- x86/mm: use max memory block size on bare metal (Daniel Jordan)  [Orabug: 31771277]
- drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup (Scott Cheloha)  [Orabug: 31771277]
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon)  [Orabug: 31755752]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood)  [Orabug: 31688620]
- arm64/dts: Serial console fix for RPi4 (Vijay Kumar)  [Orabug: 31562971]
- md: get sysfs entry after redundancy attr group create (Junxiao Bi)  [Orabug: 31682033]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi)  [Orabug: 31682033]

- RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna)  [Orabug: 31358080]
- rds: ib: Revert "net/rds: Avoid stalled connection due to CM REQ retries" (Håkon Bugge)  [Orabug: 31648138]
- rds: Clear reconnect pending bit (Håkon Bugge)  [Orabug: 31648138]
- RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon)  [Orabug: 31483278]
- RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe)  [Orabug: 31483278]
- RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg)  [Orabug: 31483278]
- bnxt_en: allow firmware to disable VLAN offloads (Michael Chan)
- bnxt_en: clean up VLAN feature bit handling (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Implement ethtool -X to set indirection table. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Return correct RSS indirection table entries to ethtool -x. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Fill HW RSS table from the RSS logical indirection table. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Add helper function to return the number of RSS contexts. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Add logical RSS indirection table structure. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Fix up bnxt_get_rxfh_indir_size(). (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Set up the chip specific RSS table size. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: fix firmware message length endianness (Michael Chan)  [Orabug: 31663185]
- net: bnxt: Remove Comparison to bool in bnxt_ethtool.c (Jason Yan)  [Orabug: 31663185]
- bnxt_en: show only relevant ethtool stats for a TX or RX ring (Rajesh Ravi)  [Orabug: 31663185]
- bnxt_en: Split HW ring statistics strings into RX and TX parts. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Refactor the software ring counters. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Do not include ETH_FCS_LEN in the max packet length sent to fw. (Vasundhara Volam)  [Orabug: 31663185]
- bnxt_en: Improve TQM ring context memory sizing formulas. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Allocate TQM ring context memory according to fw specification. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Update firmware spec. to (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Return error when allocating zero size context memory. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Reset rings if ring reservation fails during open() (Vasundhara Volam)  [Orabug: 31663185]
- bnxt_en: Return error if bnxt_alloc_ctx_mem() fails. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Process the NQ under NAPI continuous polling. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Simplify __bnxt_poll_cqs_done(). (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Handle all NQ notifications in bnxt_poll_p5(). (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Disable workaround for lost interrupts on 575XX B0 and newer chips. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Periodically check and remove aged-out ntuple filters (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Do not accept fragments for aRFS flow steering. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Remove the setting of dev_port. (Michael Chan)  [Orabug: 31663185]
- bnxt_en: Improve link up detection. (Michael Chan)  [Orabug: 31663185]
- RDMA/nldev: Provide MR statistics (Erez Alfasi)  [Orabug: 31079901]
- RDMA/mlx5: Return ODP type per MR (Erez Alfasi)  [Orabug: 31079901]
- RDMA/nldev: Allow different fill function per resource (Erez Alfasi)  [Orabug: 31079901]
- IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi)  [Orabug: 31079901]
- x86/reboot: Move up iommu_shutdown() before stop_other_cpus() (Saeed Mirzamohammadi)  [Orabug: 31542630]
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu)  [Orabug: 31350643]  {CVE-2020-12771}
- selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore)  [Orabug: 31439365]  {CVE-2020-10751}
- Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (Wade Mealing)  [Orabug: 31510722]  {CVE-2020-10781}
- Enable config option CONFIG_NFSD_V4_2_INTER_SSC (Dai Ngo)  [Orabug: 31535947]
- NFSD: Fix NFS server build errors (Chuck Lever)  [Orabug: 31535947]
- nfsd4: fix double free in nfsd4_do_async_copy() (Dan Carpenter)  [Orabug: 31535947]
- NFSD fixing possible null pointer derefering in copy offload (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD fix nfserro errno mismatch (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD: fix seqid in copy stateid (Olga Kornievskaia)  [Orabug: 31535947]
- NFSv4.2 fix memory leak in nfs42_ssc_open (Olga Kornievskaia)  [Orabug: 31535947]
- NFSv4: Make _nfs42_proc_copy_notify() static (YueHaibing)  [Orabug: 31535947]
- nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list (Trond Myklebust)  [Orabug: 31535947]
- NFSD: allow inter server COPY to have a STALE source server fh (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD add nfs4 inter ssc to nfsd4_copy (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD check stateids against copy stateids (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD fix mismatching type in nfsd4_set_netaddr (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD fill-in netloc4 structure (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD add COPY_NOTIFY operation (Olga Kornievskaia)  [Orabug: 31535947]
to COPY (Olga Kornievskaia)  [Orabug: 31535947]
- NFSD COPY_NOTIFY xdr (Olga Kornievskaia)  [Orabug: 31535947]
- NFSv4.2 fix kfree in __nfs42_copy_file_range (Olga Kornievskaia)  [Orabug: 31535947]
- NFS based on file size issue sync copy or fallback to generic copy offload (Olga Kornievskaia)  [Orabug: 31535947]
- NFS: handle source server reboot (Olga Kornievskaia)  [Orabug: 31535947]
- NFS: skip recovery of copy open on dest server (Olga Kornievskaia)  [Orabug: 31535947]
- NFS: inter ssc open (Olga Kornievskaia)  [Orabug: 31535947]
to COPY (Olga Kornievskaia)  [Orabug: 31535947]
- NFS: add COPY_NOTIFY operation (Olga Kornievskaia)  [Orabug: 31535947]
- NFS NFSD: defining nl4_servers structure needed by both (Olga Kornievskaia)  [Orabug: 31535947]
- kvm: svm: Introduce GA Log tracepoint for AVIC (Suravee Suthikulpanit)  [Orabug: 31631367]
- KVM: SVM: Inhibit APIC virtualization for X2APIC guest (Oliver Upton)  [Orabug: 31631367]
- KVM: SVM: allocate AVIC data structures based on kvm_amd module parameter (Paolo Bonzini)  [Orabug: 31631367]
- kvm: x86: svm: Fix NULL pointer dereference when AVIC not enabled (Suravee Suthikulpanit)  [Orabug: 31631367]
- KVM: SVM: allow AVIC without split irqchip (Paolo Bonzini)  [Orabug: 31631367]
- kvm: ioapic: Lazy update IOAPIC EOI (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: ioapic: Refactor kvm_ioapic_update_eoi() (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: i8254: Deactivate APICv when using in-kernel PIT re-injection mode. (Suravee Suthikulpanit)  [Orabug: 31631367]
- svm: Temporarily deactivate AVIC during ExtINT handling (Suravee Suthikulpanit)  [Orabug: 31631367]
- svm: Deactivate AVIC when launching guest with nested SVM support (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: x86: hyperv: Use APICv update request interface (Suravee Suthikulpanit)  [Orabug: 31631367]
- svm: Add support for dynamic APICv (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: x86: Introduce x86 ops hook for pre-update APICv (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: x86: Introduce APICv x86 ops for checking APIC inhibit reasons (Suravee Suthikulpanit)  [Orabug: 31631367]
- KVM: svm: avic: Add support for dynamic setup/teardown of virtual APIC backing page (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: x86: svm: Add support to (de)activate posted interrupts (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: x86: Add APICv (de)activate request trace points (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: x86: Add support for dynamic APICv activation (Suravee Suthikulpanit)  [Orabug: 31631367]
- KVM: x86: remove get_enable_apicv from kvm_x86_ops (Paolo Bonzini)  [Orabug: 31631367]
- kvm: x86: Introduce APICv inhibit reason bits (Suravee Suthikulpanit)  [Orabug: 31631367]
- kvm: lapic: Introduce APICv update helper function (Suravee Suthikulpanit)  [Orabug: 31631367]
- KVM: X86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Peter Xu)  [Orabug: 31631367]
- KVM: SVM: Remove check if APICv enabled in SVM update_cr8_intercept() handler (Liran Alon)  [Orabug: 31631367]
- kvm: x86: Modify kvm_x86_ops.get_enable_apicv() to use struct kvm parameter (Suthikulpanit, Suravee)  [Orabug: 31631367]
- kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder)  [Orabug: 31694365]
- random32: update the net random state on interrupt and activity (Willy Tarreau)  [Orabug: 31698078]  {CVE-2020-16166}
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang)  [Orabug: 31705117]  {CVE-2020-14331} {CVE-2020-14331}
- net/rds: Incorrect WARN_ON() (Ka-Cheong Poon)  [Orabug: 31718014]

More information about the El-errata mailing list