Oracle Linux 6277 Published by

An unbreakable Enterprise kernel security update has been released for Oracle Linux 7.



El-errata: ELSA-2020-5649 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2020-5649

  http://linux.oracle.com/errata/ELSA-2020-5649.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1902.301.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.301.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.301.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.301.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.301.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.301.1.el7uek.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.301.1.el7uek.src.rpm


Description of changes:

[4.14.35-1902.301.1.el7uek]
- vhost: Check docket sk_family instead of call getname (Eugenio Pérez) [Orabug: 31085991] {CVE-2020-10942}
- uek-rpm: config-mips64-embedded misc pruning (Eric Saint-Etienne) [Orabug: 31079017]
- ubifs: Check for name being NULL while mounting (Richard Weinberger) [Orabug: 29410897]
- team: avoid complex list operations in team_nl_cmd_options_set() (Cong Wang) [Orabug: 30886420]
- Revert "oled: give panic handler chance to run before kexec" (Wengang Wang) [Orabug: 31098796]
- Revert "oled: Limit panic routine change x86 only" (Wengang Wang) [Orabug: 31098796]
- net/mlx5: Add pci AtomicOps request (Michael Guralnik) [Orabug: 30750027]
- PCI: Add pci_enable_atomic_ops_to_root() (Jay Cornwall) [Orabug: 30750027]
- locking/rwsem: Prevent decrement of reader count before increment (Waiman Long) [Orabug: 31087349]
- net: core: another layer of lists, around PF_MEMALLOC skb handling (Sasha Levin) [Orabug: 31087349]
- locking/rwsem: Fix (possible) missed wakeup (Xie Yongji) [Orabug: 31087349]
- swiotlb: clean up reporting (Kees Cook) [Orabug: 31085014] {CVE-2018-5953}
- nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31015775]
- NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31015775]
- ppp: remove the PPPIOCDETACH ioctl (Eric Biggers) [Orabug: 31061772]
- batman-adv: Avoid WARN on net_device without parent in netns (Sven Eckelmann) [Orabug: 30857690]
- net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055325] {CVE-2019-18806}
- net_sched: fix datalen for ematch (Cong Wang) [Orabug: 30877993]
- net/xfrm: fix out-of-bounds packet access (Alexei Starovoitov) [Orabug: 30885434]
- RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 30729404]
- RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 30729404]
- RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 30729404]
- IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 30729404]
- RDMA/mlx5: Use odp instead of mr->umem in pagefault_mr (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/mlx5: Use ib_umem_start instead of umem.address (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Use kvcalloc for the dma_list and page_list (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Check for overflow when computing the umem_odp end (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Provide ib_umem_odp_release() to undo the allocs (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Split creating a umem_odp from ib_umem_get (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Make the three ways to create a umem_odp clear (Jason Gunthorpe) [Orabug: 30729404]
- RMDA/odp: Consolidate umem_odp initialization (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Make it clearer when a umem is an implicit ODP umem (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Iterate over the whole rbtree directly (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Use the common interval tree library instead of generic (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/mlx5: Fix MR npages calculation for IB_ACCESS_HUGETLB (Jason Gunthorpe) [Orabug: 30729404]
- IB/mlx5: Fix implicit MR release flow (Yishai Hadas) [Orabug: 30729404]
- RDMA/netlink: Implement counter dumpit calback (Mark Zhang) [Orabug: 30729404]
- RDMA/nldev: Allow counter auto mode configration through RDMA netlink (Mark Zhang) [Orabug: 30729404]
- RDMA/odp: Fix missed unlock in non-blocking invalidate_start (Jason Gunthorpe) [Orabug: 30729404]
- RDMA: Report available cdevs through RDMA_NLDEV_CMD_GET_CHARDEV (Jason Gunthorpe) [Orabug: 30729404]
- RDMA: Add NLDEV_GET_CHARDEV to allow char dev discovery and autoload (Jason Gunthorpe) [Orabug: 30729404]
- RDMA: Convert put_page() to put_user_page*() (John Hubbard) [Orabug: 30729404]
- RDMA/umem: Move page_shift from ib_umem to ib_odp_umem (Jason Gunthorpe) [Orabug: 30729404]
- mm: introduce put_user_page*(), placeholder versions (John Hubbard) [Orabug: 30729404]
- RDMA/umem: Remove hugetlb flag (Shiraz Saleem) [Orabug: 30729404]
- RDMA/bnxt_re: Use core helpers to get aligned DMA address (Shiraz Saleem) [Orabug: 30729404]
- RDMA/i40iw: Use core helpers to get aligned DMA address within a supported page size (Shiraz Saleem) [Orabug: 30729404]
- RDMA/verbs: Add a DMA iterator to return aligned contiguous memory blocks (Shiraz Saleem) [Orabug: 30729404]
- RDMA/umem: Add API to find best driver supported page size in an MR (Shiraz Saleem) [Orabug: 30729404]
- RDMA/umem: Handle page combining avoidance correctly in ib_umem_add_sg_table() (Shiraz Saleem) [Orabug: 30729404]
- RDMA/core: Add a netlink command to change net namespace of rdma device (Parav Pandit) [Orabug: 30729404]
- RDMA/umem: Use correct value for SG entries in sg_copy_to_buffer() (Shiraz Saleem) [Orabug: 30729404]
- RDMA/nldev: Return device protocol (Leon Romanovsky) [Orabug: 30729404]
- RDMA/umem: Combine contiguous PAGE_SIZE regions in SGEs (Shiraz Saleem) [Orabug: 30729404]
- RDMA/core: Add interface to read device namespace sharing mode (Parav Pandit) [Orabug: 30729404]
- IB/mlx5: Reset access mask when looping inside page fault handler (Moni Shoua) [Orabug: 30729404]
- IB/core: Ensure an invalidate_range callback on ODP MR (Ira Weiny) [Orabug: 30729404]
- RDMA/umem: Revert broken 'off by one' fix (John Hubbard) [Orabug: 30729404]
- RDMA/umem: minor bug fix in error handling path (John Hubbard) [Orabug: 30729404]
- RDMA/nldev: Provide parent IDs for PD, MR and QP objects (Leon Romanovsky) [Orabug: 30729404]
- RDMA/nldev: Share with user-space object IDs (Leon Romanovsky) [Orabug: 30729404]
- IB/uverbs: Add ib_ucontext to uverbs_attr_bundle sent from ioctl and cmd flows (Shamir Rabinovitch) [Orabug: 30729404]
- RDMA/rdmavt: Adapt to handle non-uniform sizes on umem SGEs (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/ocrdma: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/qedr: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/cxgb3: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/cxgb4: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/i40iw: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/mthca: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/bnxt_re: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- lib/scatterlist: Provide a DMA page iterator (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/nldev: Dynamically generate restrack dumpit callbacks (Leon Romanovsky) [Orabug: 30729404]
- IB/{core,hw}: Have ib_umem_get extract the ib_ucontext from ib_udata (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/uverbs: Use uverbs_attr_bundle to pass udata for ioctl() (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/uverbs: Use uverbs_attr_bundle to pass udata for write_ex (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/uverbs: Replace ib_uverbs_file with uverbs_attr_bundle for write (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/core: Refactor ib_register_device() function (Parav Pandit) [Orabug: 30729404]
- RDMA/core: Fix unwinding flow in case of error to register device (Parav Pandit) [Orabug: 30729404]
- RDMA/nldev: Allow IB device rename through RDMA netlink (Leon Romanovsky) [Orabug: 30729404]
- RDMA: Fully setup the device name in ib_register_device (Jason Gunthorpe) [Orabug: 30729404]
- mm: Introduce kvcalloc() (Kees Cook) [Orabug: 30729404]
- RDMA/uapi: Fix uapi breakage (Doug Ledford) [Orabug: 30729404]
- RDMA/nldev: helper functions to add driver attributes (Steve Wise) [Orabug: 30729404]
- RDMA/nldev: add driver-specific resource tracking (Steve Wise) [Orabug: 30729404]
- RDMA/nldev: Add explicit pad attribute (Steve Wise) [Orabug: 30729404]
- RDMA/bnxt_re: Add support for MRs with Huge pages (Somnath Kotur) [Orabug: 30729404]
- IB/{rdmavt, hfi1, qib}: Self determine driver name (Michael J. Ruhl) [Orabug: 30729404]
- RDMA/vmw_pvrdma: Do not re-calculate npages (Yuval Shaia) [Orabug: 30729404]
- iw_cxgb4: allocate wait object for each memory object (Steve Wise) [Orabug: 30729404]
- IB/uverbs: clean up INIT_UDATA() macro usage (Arnd Bergmann) [Orabug: 30729404]
- x86/init: Fix kasan gcc8+ type miss match error. (John Donnelly) [Orabug: 31076337]

[4.14.35-1902.301.0.el7uek]
- kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31049316]
- media: usb: fix memory leak in af9005_identify_state (Navid Emamdoost) [Orabug: 31029908] {CVE-2019-18809}
- nvme: fix possible deadlock when nvme_update_formats fails (Sagi Grimberg) [Orabug: 31002557]
- alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Thadeu Lima de Souza Cascardo) [Orabug: 30995760]
- uek-rpm: Make sure perf builds against libnuma and add run-time dependency (Dave Kleikamp) [Orabug: 30896468]
- perf/x86/intel: Add Icelake support (Thomas Tai) [Orabug: 30872256]
- x86/CPU: Add Icelake model number (Rajneesh Bhardwaj) [Orabug: 30872256]
- perf/x86/intel/ds: Handle PEBS overflow for fixed counters (Kan Liang) [Orabug: 30872256]
- perf/x86/intel: Introduce PMU flag for Extended PEBS (Kan Liang) [Orabug: 30872256]
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present (Dmitry Safonov) [Orabug: 30591419]
- tty: Simplify tty->count math in tty_reopen() (Dmitry Safonov) [Orabug: 30591419]
- tty: Hold tty_ldisc_lock() during tty_reopen() (Dmitry Safonov) [Orabug: 30591419]
- tty/ldsem: Wake up readers after timed out down_write() (Dmitry Safonov) [Orabug: 30591419]
- tty: Drop tty->count on tty_reopen() failure (Dmitry Safonov) [Orabug: 30591419]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 30328633]
- net: erspan: fix use-after-free (William Tu) [Orabug: 29784424]
- batman-adv: Force mac header to start of data on xmit (Sven Eckelmann) [Orabug: 29784399]
- sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (Cong Wang) [Orabug: 30886600]
- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (Cong Wang) [Orabug: 30884437]
- add extra symbols from UEK5R3 to the kABI whitelist (Dan Duval) [Orabug: 30295161]
- iommu: Force iommu shutdown on panic (John Donnelly) [Orabug: 31043947]
- iommu/amd: Only free resources once on init error (Kevin Mitchell) [Orabug: 31043947]
- iommu/amd: Move gart fallback to amd_iommu_init (Kevin Mitchell) [Orabug: 31043947]
- iommu/amd: Make iommu_disable safer (Kevin Mitchell) [Orabug: 31043947]
- iommu/vt-d: Turn off translations at shutdown (Deepa Dinamani) [Orabug: 31043947]