[5.4.17-2136.306.1.3.el7uek] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2.el7uek] - Revert rds/ib: recover rds connection from stuck rx path [Orabug: 34045203] [5.4.17-2136.306.1.1.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain [Orabug: 34035701] {CVE-2022-1016} - exec, elf: ignore invalid note data [Orabug: 34035682] [5.4.17-2136.306.1.el7uek] - sr9700: sanity check for packet length [Orabug: 33962705] {CVE-2022-26966} - net/packet: rx_owner_map depends on pg_vec [Orabug: 33835787] {CVE-2021-22600} - KVM: SVM: Don"t flush cache if hardware enforces cache coherency across encryption domains [Orabug: 33921125] - x86/mm/pat: Don"t flush cache if hardware enforces cache coherency across encryption domnains [Orabug: 33921125] - rds/ib: Resize CQ if send-/recv-ring-size are changed [Orabug: 33940519] - NFSv4: Handle case where the lookup of a directory fails [Orabug: 33958154] {CVE-2022-24448} - Revert btrfs: inode: refactor the parameters of insert_reserved_file_extent [Orabug: 33958240] - Revert btrfs: fix metadata reservation for fallocate that leads to transaction aborts [Orabug: 33958240] - ovl: fix WARN_ON nlink drop to zero [Orabug: 33687076] - panic: reinitialize logbuf locks before notifiers [Orabug: 33740420] - printk: Drop console_sem during panic [Orabug: 33740420] - printk: Avoid livelock with heavy printk during panic [Orabug: 33740420] - printk: disable optimistic spin during panic [Orabug: 33740420] - printk: Add panic_in_progress helper [Orabug: 33740420] - sched: Put vcpu preemption idle check into a SCHED_FEAT. [Orabug: 33806261] - rds/ib: recover rds connection from stuck rx path [Orabug: 33820776] - drm/vmwgfx: Fix stale file descriptors on failed usercopy [Orabug: 33840432] {CVE-2022-22942} - udf: Restore i_lenAlloc when inode expansion fails [Orabug: 33870266] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format [Orabug: 33870266] {CVE-2022-0617} - ACPI: sysfs: copy ACPI data using io memory copying [Orabug: 33876016] - Enable CONFIG_DM_DUST and nano for UEK6 [Orabug: 33897851] - arm64/efi: remove spurious WARN_ON for !4K kernels [Orabug: 33900748] - lib/iov_iter: initialize flags in new pipe_buffer [Orabug: 33910799] - ipv4: tcp: send zero IPID in SYNACK messages [Orabug: 33917056] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets [Orabug: 33917056] {CVE-2020-36516} - bpf: fix out-of-tree module build [Orabug: 33919430] - ACPICA: Enable sleep button on ACPI legacy wake [Orabug: 33925471] - arm64: Use the clearbhb instruction in mitigations [Orabug: 33921736] {CVE-2022-23960} - arm64: add ID_AA64ISAR2_EL1 sys register [Orabug: 33921736] {CVE-2022-23960} - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated [Orabug: 33921736] {CVE-2022-23960} - arm64: Mitigate spectre style branch history side channels [Orabug: 33921736] {CVE-2022-23960} - KVM: arm64: Add templates for BHB mitigation sequences [Orabug: 33921736] {CVE-2022-23960} - arm64: Add Cortex-X2 CPU part definition [Orabug: 33921736] {CVE-2022-23960} - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition [Orabug: 33921736] {CVE-2022-23960} - arm64: Add part number for Arm Cortex-A77 [Orabug: 33921736] {CVE-2022-23960} - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 [Orabug: 33921736] {CVE-2022-23960} - arm64: Add percpu vectors for EL1 [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add macro for reading symbol addresses from the trampoline [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add vectors that have the bhb mitigation sequences [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Allow the trampoline text to occupy multiple pages [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Make the kpti trampoline"s kpti sequence optional [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Move trampoline macros out of ifdef"d section [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Don"t assume tramp_vectors is the start of the vectors [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Move the trampoline data page before the text page [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Free up another register on kpti"s tramp_exit path [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Make the trampoline cleanup optional [Orabug: 33921736] {CVE-2022-23960} - arm64: entry.S: Add ventry overflow sanity checks [Orabug: 33921736] {CVE-2022-23960} - Revert BACKPORT: VARIANT 2: arm64: Add initial retpoline support [Orabug: 33921736] {CVE-2022-23960} - Revert BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br. [Orabug: 33921736] {CVE-2022-23960} - Revert BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA. [Orabug: 33921736] {CVE-2022-23960} - Revert BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr. [Orabug: 33921736] {CVE-2022-23960} - Revert BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block. [Orabug: 33921736] {CVE-2022-23960} - Revert BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline. [Orabug: 33921736] {CVE-2022-23960} - Revert Arm64: add retpoline to cpu_show_spectre_v2 [Orabug: 33921736] {CVE-2022-23960} - Revert arm64: retpoline: Don"t use retpoline in KVM"s HYP part. [Orabug: 33921736] {CVE-2022-23960} - Revert uek-rpm: aarch64 config enable RETPOLINE [Orabug: 33921736] {CVE-2022-23960} - Revert uek-rpm: aarch64 config enable RETPOLINE OL8 [Orabug: 33921736] {CVE-2022-23960} - x86/speculation: Add knob for eibrs_retpoline_enabled [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting [Orabug: 33941936] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: The choice of retpoline mode is sometimes ignored [Orabug: 33917127] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to match upstream [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with `spectre_v2=none` [Orabug: 33941936] {CVE-2021-26401} - ovl: fix WARN_ON nlink drop to zero [Orabug: 33687076] - panic: reinitialize logbuf locks before notifiers [Orabug: 33740420] - printk: Drop console_sem during panic [Orabug: 33740420] - printk: Avoid livelock with heavy printk during panic [Orabug: 33740420] - printk: disable optimistic spin during panic [Orabug: 33740420] - printk: Add panic_in_progress helper [Orabug: 33740420] - sched: Put vcpu preemption idle check into a SCHED_FEAT. [Orabug: 33806261] - rds/ib: recover rds connection from stuck rx path [Orabug: 33820776] - drm/vmwgfx: Fix stale file descriptors on failed usercopy [Orabug: 33840432] {CVE-2022-22942} - udf: Restore i_lenAlloc when inode expansion fails [Orabug: 33870266] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format [Orabug: 33870266] {CVE-2022-0617} - ACPI: sysfs: copy ACPI data using io memory copying [Orabug: 33876016] - Enable CONFIG_DM_DUST and nano for UEK6 [Orabug: 33897851] - arm64/efi: remove spurious WARN_ON for !4K kernels [Orabug: 33900748] - lib/iov_iter: initialize flags in new pipe_buffer [Orabug: 33910799] - ipv4: tcp: send zero IPID in SYNACK messages [Orabug: 33917056] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets [Orabug: 33917056] {CVE-2020-36516} - bpf: fix out-of-tree module build [Orabug: 33919430] - ACPICA: Enable sleep button on ACPI legacy wake [Orabug: 33925471] - arm64: Use the clearbhb instruction in mitigations [Orabug: 33921736] - arm64: add ID_AA64ISAR2_EL1 sys register [Orabug: 33921736] - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated [Orabug: 33921736] - arm64: Mitigate spectre style branch history side channels [Orabug: 33921736] - KVM: arm64: Add templates for BHB mitigation sequences [Orabug: 33921736] - arm64: Add Cortex-X2 CPU part definition [Orabug: 33921736] - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition [Orabug: 33921736] - arm64: Add part number for Arm Cortex-A77 [Orabug: 33921736] - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 [Orabug: 33921736] - arm64: Add percpu vectors for EL1 [Orabug: 33921736] - arm64: entry: Add macro for reading symbol addresses from the trampoline [Orabug: 33921736] - arm64: entry: Add vectors that have the bhb mitigation sequences [Orabug: 33921736] - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations [Orabug: 33921736] - arm64: entry: Allow the trampoline text to occupy multiple pages [Orabug: 33921736] - arm64: entry: Make the kpti trampoline"s kpti sequence optional [Orabug: 33921736] - arm64: entry: Move trampoline macros out of ifdef"d section [Orabug: 33921736] - arm64: entry: Don"t assume tramp_vectors is the start of the vectors [Orabug: 33921736] - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary [Orabug: 33921736] - arm64: entry: Move the trampoline data page before the text page [Orabug: 33921736] - arm64: entry: Free up another register on kpti"s tramp_exit path [Orabug: 33921736] - arm64: entry: Make the trampoline cleanup optional [Orabug: 33921736] - arm64: entry.S: Add ventry overflow sanity checks [Orabug: 33921736] - Revert BACKPORT: VARIANT 2: arm64: Add initial retpoline support [Orabug: 33921736] - Revert BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br. [Orabug: 33921736] - Revert BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA. [Orabug: 33921736] - Revert BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr. [Orabug: 33921736] - Revert BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block. [Orabug: 33921736] - Revert BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline. [Orabug: 33921736] - Revert Arm64: add retpoline to cpu_show_spectre_v2 [Orabug: 33921736] - Revert arm64: retpoline: Don"t use retpoline in KVM"s HYP part. [Orabug: 33921736] - Revert uek-rpm: aarch64 config enable RETPOLINE [Orabug: 33921736] - Revert uek-rpm: aarch64 config enable RETPOLINE OL8 [Orabug: 33921736] - x86/speculation: Add knob for eibrs_retpoline_enabled [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting [Orabug: 33941936] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: The choice of retpoline mode is sometimes ignored [Orabug: 33917127] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to match upstream [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with `spectre_v2=none` [Orabug: 33941936] {CVE-2021-26341} - rds/ib: handle posted ACK during connection shutdown [Orabug: 33820760] - rds/ib: reap tx completions during connection shutdown [Orabug: 33820760] - rds/ib: recover rds connection from stuck tx path [Orabug: 33820760]