Oracle Linux 6277 Published by

A kernel security, bug fix, and enhancement update has been released for Oracle Linux 9.



El-errata: ELSA-2022-6610 Important: Oracle Linux 9 kernel security, bug fix, and enhancement update


Oracle Linux Security Advisory ELSA-2022-6610

  http://linux.oracle.com/errata/ELSA-2022-6610.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-abi-stablelists-5.14.0-70.26.1.0.1.el9_0.noarch.rpm
kernel-core-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-debug-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-debug-core-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-debug-devel-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-debug-devel-matched-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-debug-modules-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-debug-modules-extra-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-devel-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-devel-matched-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-doc-5.14.0-70.26.1.0.1.el9_0.noarch.rpm
kernel-headers-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-modules-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-modules-extra-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-tools-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-tools-libs-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
perf-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
python3-perf-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-cross-headers-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm
kernel-tools-libs-devel-5.14.0-70.26.1.0.1.el9_0.x86_64.rpm

aarch64:
bpftool-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
kernel-headers-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
kernel-tools-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
kernel-tools-libs-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
perf-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
python3-perf-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
kernel-cross-headers-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm
kernel-tools-libs-devel-5.14.0-70.26.1.0.1.el9_0.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-70.26.1.0.1.el9_0.src.rpm

Related CVEs:

CVE-2022-2078
CVE-2022-34918



Description of changes:

[5.14.0-70.26.1.0.1.el9_0.OL9]
- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499}

[5.14.0-70.26.1.el9_0.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4]
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]

[5.14.0-70.26.1.el9_0]
- redhat/configs enable CONFIG_ICE_HWTS (Petr Oros) [2108204 2037974]
- redhat/configs enable CONFIG_ICE_SWITCHDEV (Petr Oros) [2108204 2037974]
- ice: Fix VF not able to send tagged traffic with no VLAN filters (Petr Oros) [2119290 2116964]
- ice: Ignore error message when setting same promiscuous mode (Petr Oros) [2119290 2116964]
- ice: Fix clearing of promisc mode with bridge over bond (Petr Oros) [2119290 2116964]
- ice: Ignore EEXIST when setting promisc mode (Petr Oros) [2119290 2116964]
- ice: Fix double VLAN error when entering promisc mode (Petr Oros) [2119290 2116964]
- ice: Fix promiscuous mode not turning off (Petr Oros) [2119290 2116964]
- ice: Introduce enabling promiscuous mode on multiple VF's (Petr Oros) [2119290 2116964]
- ice: do not setup vlan for loopback VSI (Petr Oros) [2119290 2116964]
- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Petr Oros) [2119290 2116964]
- ice: Fix VSIs unable to share unicast MAC (Petr Oros) [2119290 2116964]
- ice: Fix max VLANs available for VF (Petr Oros) [2119290 2116964]
- ice: change devlink code to read NVM in blocks (Petr Oros) [2119290 2116964]
- ice: Fix memory corruption in VF driver (Petr Oros) [2108204 2037974]
- ice: Fix queue config fail handling (Petr Oros) [2108204 2037974]
- ice: Sync VLAN filtering features for DVM (Petr Oros) [2108204 2037974]
- ice: Fix PTP TX timestamp offset calculation (Petr Oros) [2108204 2037974]
- ice: Fix interrupt moderation settings getting cleared (Petr Oros) [2108204 2037974]
- ice: fix possible under reporting of ethtool Tx and Rx statistics (Petr Oros) [2108204 2037974]
- ice: fix crash when writing timestamp on RX rings (Petr Oros) [2108204 2037974]
- ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2108204 2037974]
- ice: clear stale Tx queue settings before configuring (Petr Oros) [2108204 2037974]
- ice: Fix race during aux device (un)plugging (Petr Oros) [2108204 2037974]
- ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2108204 2037974]
- ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2108204 2037974]
- ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974]
- ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974]
- ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2108204 2037974]
- ice: fix crash in switchdev mode (Petr Oros) [2108204 2037974]
- ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (Petr Oros) [2108204 2037974]
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2108204 2037974]
- ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2108204 2037974]
- ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2108204 2037974]
- ice: synchronize_rcu() when terminating rings (Petr Oros) [2108204 2037974]
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2108204 2037974]
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2108204 2037974]
- ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2108204 2037974]
- ice: Fix MAC address setting (Petr Oros) [2108204 2037974]
- ice: Clear default forwarding VSI during VSI release (Petr Oros) [2108204 2037974]
- ice: xsk: Fix indexing in ice_tx_xsk_pool() (Petr Oros) [2108204 2037974]
- ice: xsk: Stop Rx processing when ntc catches ntu (Petr Oros) [2108204 2037974]
- ice: don't allow to run ice_send_event_to_aux() in atomic ctx (Petr Oros) [2108204 2037974]
- ice: fix 'scheduling while atomic' on aux critical err interrupt (Petr Oros) [2108204 2037974]
- ice: add trace events for tx timestamps (Petr Oros) [2108204 2037974]
- ice: fix return value check in ice_gnss.c (Petr Oros) [2108204 2037974]
- ice: destroy flow director filter mutex after releasing VSIs (Petr Oros) [2108204 2037974]
- ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Petr Oros) [2108204 2037974]
- ice: remove PF pointer from ice_check_vf_init (Petr Oros) [2108204 2037974]
- ice: introduce ice_virtchnl.c and ice_virtchnl.h (Petr Oros) [2108204 2037974]
- ice: cleanup long lines in ice_sriov.c (Petr Oros) [2108204 2037974]
- ice: introduce ICE_VF_RESET_LOCK flag (Petr Oros) [2108204 2037974]
- ice: introduce ICE_VF_RESET_NOTIFY flag (Petr Oros) [2108204 2037974]
- ice: convert ice_reset_vf to take flags (Petr Oros) [2108204 2037974]
- ice: convert ice_reset_vf to standard error codes (Petr Oros) [2108204 2037974]
- ice: make ice_reset_all_vfs void (Petr Oros) [2108204 2037974]
- ice: drop is_vflr parameter from ice_reset_all_vfs (Petr Oros) [2108204 2037974]
- ice: move reset functionality into ice_vf_lib.c (Petr Oros) [2108204 2037974]
- ice: fix a long line warning in ice_reset_vf (Petr Oros) [2108204 2037974]
- ice: introduce VF operations structure for reset flows (Petr Oros) [2108204 2037974]
- ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id (Petr Oros) [2108204 2037974]
- ice: introduce ice_vf_lib.c, ice_vf_lib.h, and ice_vf_lib_private.h (Petr Oros) [2108204 2037974]
- ice: use ice_is_vf_trusted helper function (Petr Oros) [2108204 2037974]
- ice: log an error message when eswitch fails to configure (Petr Oros) [2108204 2037974]
- ice: cleanup error logging for ice_ena_vfs (Petr Oros) [2108204 2037974]
- ice: move ice_set_vf_port_vlan near other .ndo ops (Petr Oros) [2108204 2037974]
- ice: refactor spoofchk control code in ice_sriov.c (Petr Oros) [2108204 2037974]
- ice: rename ICE_MAX_VF_COUNT to avoid confusion (Petr Oros) [2108204 2037974]
- ice: remove unused definitions from ice_sriov.h (Petr Oros) [2108204 2037974]
- ice: convert vf->vc_ops to a const pointer (Petr Oros) [2108204 2037974]
- ice: remove circular header dependencies on ice.h (Petr Oros) [2108204 2037974]
- ice: rename ice_virtchnl_pf.c to ice_sriov.c (Petr Oros) [2108204 2037974]
- ice: rename ice_sriov.c to ice_vf_mbx.c (Petr Oros) [2108204 2037974]
- ice: Fix FV offset searching (Petr Oros) [2108204 2037974]
- ice: Add support for outer dest MAC for ADQ tunnels (Petr Oros) [2108204 2037974]
- ice: avoid XDP checks in ice_clean_tx_irq() (Petr Oros) [2108204 2037974]
- ice: change "can't set link" message to dbg level (Petr Oros) [2108204 2037974]
- ice: Add slow path offload stats on port representor in switchdev (Petr Oros) [2108204 2037974]
- ice: Add support for inner etype in switchdev (Petr Oros) [2108204 2037974]
- ice: Fix curr_link_speed advertised speed (Petr Oros) [2108204 2037974]
- ice: Don't use GFP_KERNEL in atomic context (Petr Oros) [2108204 2037974]
- ice: stop disabling VFs due to PF error responses (Petr Oros) [2108204 2037974]
- ice: convert VF storage to hash table with krefs and RCU (Petr Oros) [2108204 2037974]
- ice: introduce VF accessor functions (Petr Oros) [2108204 2037974]
- ice: factor VF variables to separate structure (Petr Oros) [2108204 2037974]
- ice: convert ice_for_each_vf to include VF entry iterator (Petr Oros) [2108204 2037974]
- ice: use ice_for_each_vf for iteration during removal (Petr Oros) [2108204 2037974]
- ice: remove checks in ice_vc_send_msg_to_vf (Petr Oros) [2108204 2037974]
- ice: move VFLR acknowledge during ice_free_vfs (Petr Oros) [2108204 2037974]
- ice: move clear_malvf call in ice_free_vfs (Petr Oros) [2108204 2037974]
- ice: pass num_vfs to ice_set_per_vf_res() (Petr Oros) [2108204 2037974]
- ice: store VF pointer instead of VF ID (Petr Oros) [2108204 2037974]
- ice: refactor unwind cleanup in eswitch mode (Petr Oros) [2108204 2037974]
- ice: add TTY for GNSS module for E810T device (Petr Oros) [2108204 2037974]
- ice: initialize local variable 'tlv' (Petr Oros) [2108204 2037974]
- ice: check the return of ice_ptp_gettimex64 (Petr Oros) [2108204 2037974]
- ice: fix concurrent reset and removal of VFs (Petr Oros) [2108204 2037974]
- ice: fix setting l4 port flag when adding filter (Petr Oros) [2108204 2037974]
- ice: Match on all profiles in slow-path (Petr Oros) [2108204 2037974]
- ice: enable parsing IPSEC SPI headers for RSS (Petr Oros) [2108204 2037974]
- ice: Simplify tracking status of RDMA support (Petr Oros) [2108204 2037974]
- ice: fix IPIP and SIT TSO offload (Petr Oros) [2108204 2037974]
- ice: fix an error code in ice_cfg_phy_fec() (Petr Oros) [2108204 2037974]
- ice: Add ability for PF admin to enable VF VLAN pruning (Petr Oros) [2108204 2037974]
- ice: Add support for 802.1ad port VLANs VF (Petr Oros) [2108204 2037974]
- ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev (Petr Oros) [2108204 2037974]
- ice: Support configuring the device to Double VLAN Mode (Petr Oros) [2108204 2037974]
- ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Petr Oros) [2108204 2037974]
- ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads (Petr Oros) [2108204 2037974]
- ice: Add outer_vlan_ops and VSI specific VLAN ops implementations (Petr Oros) [2108204 2037974]
- ice: Adjust naming for inner VLAN operations (Petr Oros) [2108204 2037974]
- ice: Use the proto argument for VLAN ops (Petr Oros) [2108204 2037974]
- ice: Refactor vf->port_vlan_info to use ice_vlan (Petr Oros) [2108204 2037974]
- ice: Introduce ice_vlan struct (Petr Oros) [2108204 2037974]
- ice: Add new VSI VLAN ops (Petr Oros) [2108204 2037974]
- ice: Add helper function for adding VLAN 0 (Petr Oros) [2108204 2037974]
- ice: Refactor spoofcheck configuration functions (Petr Oros) [2108204 2037974]
- ice: Remove likely for napi_complete_done (Petr Oros) [2108204 2037974]
- ice: add support for DSCP QoS for IDC (Petr Oros) [2108204 2037974]
- ice: respect metadata on XSK Rx to skb (Petr Oros) [2108204 2037974]
- ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Petr Oros) [2108204 2037974]
- ice: respect metadata in legacy-rx/ice_construct_skb() (Petr Oros) [2108204 2037974]
- ice: Remove useless DMA-32 fallback configuration (Petr Oros) [2108204 2037974]
- ice: Use bitmap_free() to free bitmap (Petr Oros) [2108204 2037974]
- ice: Optimize a few bitmap operations (Petr Oros) [2108204 2037974]
- ice: Slightly simply ice_find_free_recp_res_idx (Petr Oros) [2108204 2037974]
- ice: improve switchdev's slow-path (Petr Oros) [2108204 2037974]
- ice: replay advanced rules after reset (Petr Oros) [2108204 2037974]
- net: fixup build after bpf header changes (Petr Oros) [2108204 2037974]
- net: Don't include filter.h from net/sock.h (Petr Oros) [2108204 2037974]
- ice: Add flow director support for channel mode (Petr Oros) [2108204 2037974]
- ice: switch to napi_build_skb() (Petr Oros) [2108204 2037974]
- ice: xsk: fix cleaned_count setting (Petr Oros) [2108204 2037974]
- ice: xsk: allow empty Rx descriptors on XSK ZC data path (Petr Oros) [2108204 2037974]
- ice: xsk: allocate separate memory for XDP SW ring (Petr Oros) [2108204 2037974]
- ice: xsk: return xsk buffers back to pool when cleaning the ring (Petr Oros) [2108204 2037974]
- ice: trivial: fix odd indenting (Petr Oros) [2108204 2037974]
- ice: support crosstimestamping on E822 devices if supported (Petr Oros) [2108204 2037974]
- ice: exit bypass mode once hardware finishes timestamp calibration (Petr Oros) [2108204 2037974]
- ice: ensure the hardware Clock Generation Unit is configured (Petr Oros) [2108204 2037974]
- ice: implement basic E822 PTP support (Petr Oros) [2108204 2037974]
- ice: convert clk_freq capability into time_ref (Petr Oros) [2108204 2037974]
- ice: introduce ice_ptp_init_phc function (Petr Oros) [2108204 2037974]
- ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Petr Oros) [2108204 2037974]
- ice: PTP: move setting of tstamp_config (Petr Oros) [2108204 2037974]
- ice: introduce ice_base_incval function (Petr Oros) [2108204 2037974]
- ice: Fix E810 PTP reset flow (Petr Oros) [2108204 2037974]
- ice: Don't put stale timestamps in the skb (Petr Oros) [2108204 2037974]
- ice: Use div64_u64 instead of div_u64 in adjfine (Petr Oros) [2108204 2037974]
- ice: use modern kernel API for kick (Petr Oros) [2108204 2037974]
- ice: tighter control over VSI_DOWN state (Petr Oros) [2108204 2037974]
- ice: use prefetch methods (Petr Oros) [2108204 2037974]
- ice: update to newer kernel API (Petr Oros) [2108204 2037974]
- ice: support immediate firmware activation via devlink reload (Petr Oros) [2108204 2037974]
- ice: reduce time to read Option ROM CIVD data (Petr Oros) [2108204 2037974]
- ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Petr Oros) [2108204 2037974]
- ice: move and rename ice_check_for_pending_update (Petr Oros) [2108204 2037974]
- ice: devlink: add shadow-ram region to snapshot Shadow RAM (Petr Oros) [2108204 2037974]
- ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Petr Oros) [2108204 2037974]
- ice: Remove unnecessary casts (Petr Oros) [2108204 2037974]
- ice: Propagate error codes (Petr Oros) [2108204 2037974]
- ice: Remove excess error variables (Petr Oros) [2108204 2037974]
- ice: Cleanup after ice_status removal (Petr Oros) [2108204 2037974]
- ice: Remove enum ice_status (Petr Oros) [2108204 2037974]
- ice: Use int for ice_status (Petr Oros) [2108204 2037974]
- ice: Remove string printing for ice_status (Petr Oros) [2108204 2037974]
- ice: Refactor status flow for DDP load (Petr Oros) [2108204 2037974]
- ice: Refactor promiscuous functions (Petr Oros) [2108204 2037974]
- ice: refactor PTYPE validating (Petr Oros) [2108204 2037974]
- ice: Add package PTYPE enable information (Petr Oros) [2108204 2037974]
- ice: safer stats processing (Petr Oros) [2108204 2037974]
- ice: fix adding different tunnels (Petr Oros) [2108204 2037974]
- ice: fix choosing UDP header type (Petr Oros) [2108204 2037974]
- ice: ignore dropped packets during init (Petr Oros) [2108204 2037974]
- ice: rearm other interrupt cause register after enabling VFs (Petr Oros) [2108204 2037974]
- ice: fix FDIR init missing when reset VF (Petr Oros) [2108204 2037974]
- net/ice: Remove unused enum (Petr Oros) [2108204 2037974]
- net/ice: Fix boolean assignment (Petr Oros) [2108204 2037974]
- ice: avoid bpf_prog refcount underflow (Petr Oros) [2108204 2037974]
- ice: fix vsi->txq_map sizing (Petr Oros) [2108204 2037974]
- net/ice: Add support for enable_iwarp and enable_roce devlink param (Petr Oros) [2108204 2037974]
- ice: Hide bus-info in ethtool for PRs in switchdev mode (Petr Oros) [2108204 2037974]
- ice: Clear synchronized addrs when adding VFs in switchdev mode (Petr Oros) [2108204 2037974]
- ice: fix error return code in ice_get_recp_frm_fw() (Petr Oros) [2108204 2037974]
- ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Petr Oros) [2108204 2037974]
- ice: Add support to print error on PHY FW load failure (Petr Oros) [2108204 2037974]
- ice: Add support for changing MTU on PR in switchdev mode (Petr Oros) [2108204 2037974]
- ice: send correct vc status in switchdev (Petr Oros) [2108204 2037974]
- ice: support for GRE in eswitch (Petr Oros) [2108204 2037974]
- ice: low level support for tunnels (Petr Oros) [2108204 2037974]
- ice: VXLAN and Geneve TC support (Petr Oros) [2108204 2037974]
- ice: support for indirect notification (Petr Oros) [2108204 2037974]
- ice: Add tc-flower filter support for channel (Petr Oros) [2108204 2037974]
- ice: enable ndo_setup_tc support for mqprio_qdisc (Petr Oros) [2108204 2037974]
- ice: Add infrastructure for mqprio support via ndo_setup_tc (Petr Oros) [2108204 2037974]
- ice: fix an error code in ice_ena_vfs() (Petr Oros) [2108204 2037974]
- ice: Refactor PR ethtool ops (Petr Oros) [2108204 2037974]
- ice: Manage act flags for switchdev offloads (Petr Oros) [2108204 2037974]
- ice: Forbid trusted VFs in switchdev mode (Petr Oros) [2108204 2037974]
- ice: introduce XDP_TX fallback path (Petr Oros) [2108204 2037974]
- ice: optimize XDP_TX workloads (Petr Oros) [2108204 2037974]
- ice: propagate xdp_ring onto rx_ring (Petr Oros) [2108204 2037974]
- ice: do not create xdp_frame on XDP_TX (Petr Oros) [2108204 2037974]
- ice: unify xdp_rings accesses (Petr Oros) [2108204 2037974]
- ice: ndo_setup_tc implementation for PR (Petr Oros) [2108204 2037974]
- ice: ndo_setup_tc implementation for PF (Petr Oros) [2108204 2037974]
- ice: Allow changing lan_en and lb_en on all kinds of filters (Petr Oros) [2108204 2037974]
- ice: cleanup rules info (Petr Oros) [2108204 2037974]
- ice: allow deleting advanced rules (Petr Oros) [2108204 2037974]
- ice: allow adding advanced rules (Petr Oros) [2108204 2037974]
- ice: create advanced switch recipe (Petr Oros) [2108204 2037974]
- ice: manage profiles and field vectors (Petr Oros) [2108204 2037974]
- ice: implement low level recipes functions (Petr Oros) [2108204 2037974]
- ice: add port representor ethtool ops and stats (Petr Oros) [2108204 2037974]
- ice: switchdev slow path (Petr Oros) [2108204 2037974]
- ice: rebuild switchdev when resetting all VFs (Petr Oros) [2108204 2037974]
- ice: enable/disable switchdev when managing VFs (Petr Oros) [2108204 2037974]
- ice: introduce new type of VSI for switchdev (Petr Oros) [2108204 2037974]
- ice: set and release switchdev environment (Petr Oros) [2108204 2037974]
- ice: allow changing lan_en and lb_en on dflt rules (Petr Oros) [2108204 2037974]
- ice: manage VSI antispoof and destination override (Petr Oros) [2108204 2037974]
- ice: allow process VF opcodes in different ways (Petr Oros) [2108204 2037974]
- ice: introduce VF port representor (Petr Oros) [2108204 2037974]
- ice: Move devlink port to PF/VF struct (Petr Oros) [2108204 2037974]
- ice: support basic E-Switch mode control (Petr Oros) [2108204 2037974]
- ethernet: use eth_hw_addr_set() for dev->addr_len cases (Petr Oros) [2108204 2037974]
- ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Petr Oros) [2108204 2037974]
- ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Petr Oros) [2108204 2037974]
- ice: Only lock to update netdev dev_addr (Petr Oros) [2108204 2037974]
- ice: restart periodic outputs around time changes (Petr Oros) [2108204 2037974]
- ice: fix Tx queue iteration for Tx timestamp enablement (Petr Oros) [2108204 2037974]
- devlink: Add 'enable_iwarp' generic device param (Petr Oros) [2108204 2037974]
- i40e: Fix tunnel checksum offload with fragmented traffic (Ivan Vecera) [2119479 2037980]
- i40e: Fix call trace in setup_tx_descriptors (Ivan Vecera) [2119479 2037980]
- i40e: Fix calculating the number of queue pairs (Ivan Vecera) [2119479 2037980]
- i40e: Fix adding ADQ filter to TC0 (Ivan Vecera) [2119479 2037980]
- i40e: i40e_main: fix a missing check on list iterator (Ivan Vecera) [2119479 2037980]
- i40e, xsk: Get rid of redundant 'fallthrough' (Ivan Vecera) [2119479 2037980]
- i40e, xsk: Diversify return values from xsk_wakeup call paths (Ivan Vecera) [2119479 2037980]
- i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Ivan Vecera) [2119479 2037980]
- i40e: Add Ethernet Connection X722 for 10GbE SFP+ support (Ivan Vecera) [2119479 2037980]
- i40e: Add vsi.tx_restart to i40e ethtool stats (Ivan Vecera) [2119479 2037980]
- i40e: Add tx_stopped stat (Ivan Vecera) [2119479 2037980]
- i40e: Add support for MPLS + TSO (Ivan Vecera) [2119479 2037980]
- i40e: little endian only valid checksums (Ivan Vecera) [2119479 2037980]
- i40e: stop disabling VFs due to PF error responses (Ivan Vecera) [2119479 2037980]
- Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC" (Ivan Vecera) [2119479 2037980]
- i40e: Add a stat for tracking busy rx pages (Ivan Vecera) [2119479 2037980]
- i40e: Add a stat for tracking pages waived (Ivan Vecera) [2119479 2037980]
- i40e: Add a stat tracking new RX page allocations (Ivan Vecera) [2119479 2037980]
- i40e: Aggregate and export RX page reuse stat (Ivan Vecera) [2119479 2037980]
- i40e: Remove rx page reuse double count (Ivan Vecera) [2119479 2037980]
- i40e: Fix race condition while adding/deleting MAC/VLAN filters (Ivan Vecera) [2119479 2037980]
- i40e: Add new version of i40e_aq_add_macvlan function (Ivan Vecera) [2119479 2037980]
- i40e: Add new versions of send ASQ command functions (Ivan Vecera) [2119479 2037980]
- i40e: Add sending commands in atomic context (Ivan Vecera) [2119479 2037980]
- i40e: Remove unused RX realloc stat (Ivan Vecera) [2119479 2037980]
- i40e: Disable hw-tc-offload feature on driver load (Ivan Vecera) [2119479 2037980]
- i40e: Fix reset path while removing the driver (Ivan Vecera) [2119479 2037980]
- i40e: Fix reset bw limit when DCB enabled with 1 TC (Ivan Vecera) [2119479 2037980]
- i40e: respect metadata on XSK Rx to skb (Ivan Vecera) [2119479 2037980]
- i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Ivan Vecera) [2119479 2037980]
- i40e: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119479 2037980]
- i40e: fix unsigned stat widths (Ivan Vecera) [2119479 2037980]
- i40e: Fix for failed to init adminq while VF reset (Ivan Vecera) [2119479 2037980]
- i40e: Fix queues reservation for XDP (Ivan Vecera) [2119479 2037980]
- i40e: Fix issue when maximum queues is exceeded (Ivan Vecera) [2119479 2037980]
- i40e: Increase delay to 1 s after global EMP reset (Ivan Vecera) [2119479 2037980]
- i40e: remove variables set but not used (Ivan Vecera) [2119479 2037980]
- i40e: Remove non-inclusive language (Ivan Vecera) [2119479 2037980]
- i40e: Update FW API version (Ivan Vecera) [2119479 2037980]
- i40e: Minimize amount of busy-waiting during AQ send (Ivan Vecera) [2119479 2037980]
- i40e: Add ensurance of MacVlan resources for every trusted VF (Ivan Vecera) [2119479 2037980]
- i40e: Fix incorrect netdev's real number of RX/TX queues (Ivan Vecera) [2119479 2037980]
- i40e: Fix for displaying message regarding NVM version (Ivan Vecera) [2119479 2037980]
- i40e: fix use-after-free in i40e_sync_filters_subtask() (Ivan Vecera) [2119479 2037980]
- i40e: Fix to not show opcode msg on unsuccessful VF MAC change (Ivan Vecera) [2119479 2037980]
- i40e: switch to napi_build_skb() (Ivan Vecera) [2119479 2037980]
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (Ivan Vecera) [2119479 2037980]
- i40e: Fix pre-set max number of queues for VF (Ivan Vecera) [2119479 2037980]
- i40e: Fix failed opcode appearing if handling messages from VF (Ivan Vecera) [2119479 2037980]
- i40e: Fix display error code in dmesg (Ivan Vecera) [2119479 2037980]
- i40e: Fix creation of first queue by omitting it if is not power of two (Ivan Vecera) [2119479 2037980]
- i40e: Fix warning message and call stack during rmmod i40e driver (Ivan Vecera) [2119479 2037980]
- i40e: Fix ping is lost after configuring ADq on VF (Ivan Vecera) [2119479 2037980]
- i40e: Fix changing previously set num_queue_pairs for PFs (Ivan Vecera) [2119479 2037980]
- i40e: Fix NULL ptr dereference on VSI filter sync (Ivan Vecera) [2119479 2037980]
- i40e: Fix correct max_pkt_size on VF RX queue (Ivan Vecera) [2119479 2037980]
- i40e: Fix freeing of uninitialized misc IRQ vector (Ivan Vecera) [2119479 2037980]
- i40e: Fix spelling mistake "dissable" -> "disable" (Ivan Vecera) [2119479 2037980]
- i40e: add support for PTP external synchronization clock (Ivan Vecera) [2119479 2037980]
- i40e: improve locking of mac_filter_hash (Ivan Vecera) [2119479 2037980]
- netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (Florian Westphal) [2108199 2096401] {CVE-2022-1972}
- netfilter: nf_tables: stricter validation of element data (Florian Westphal) [2104591 2104592] {CVE-2022-34918}

[5.14.0-70.25.1.el9_0]
- powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2121719 2063682]
- iavf: Fix deadlock in initialization (Ivan Vecera) [2119477 2037976]
- iavf: Fix reset error handling (Ivan Vecera) [2119477 2037976]
- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Ivan Vecera) [2119477 2037976]
- iavf: Fix adminq error handling (Ivan Vecera) [2119477 2037976]
- iavf: Fix missing state logs (Ivan Vecera) [2119477 2037976]
- iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119477 2037976]
- ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2119477 2037976]
- iavf: Fix issue with MAC address of VF shown as zero (Ivan Vecera) [2119477 2037976]
- Revert "iavf: Fix deadlock occurrence during resetting VF interface" (Ivan Vecera) [2119477 2037976]
- iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2119477 2037976]
- iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2119477 2037976]
- iavf: Fix adopting new combined setting (Ivan Vecera) [2119477 2037976]
- iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2119477 2037976]
- iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2119477 2037976]
- iavf: Fix missing check for running netdev (Ivan Vecera) [2119477 2037976]
- iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2119477 2037976]
- iavf: Fix race in init state (Ivan Vecera) [2119477 2037976]
- iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2119477 2037976]
- iavf: Fix init state closure on remove (Ivan Vecera) [2119477 2037976]
- iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2119477 2037976]
- iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2119477 2037976]
- iavf: Remove non-inclusive language (Ivan Vecera) [2119477 2037976]
- iavf: Fix incorrect use of assigning iavf_status to int (Ivan Vecera) [2119477 2037976]
- iavf: stop leaking iavf_status as "errno" values (Ivan Vecera) [2119477 2037976]
- iavf: remove redundant ret variable (Ivan Vecera) [2119477 2037976]
- iavf: Add usage of new virtchnl format to set default MAC (Ivan Vecera) [2119477 2037976]
- iavf: refactor processing of VLAN V2 capability message (Ivan Vecera) [2119477 2037976]
- iavf: Add support for 50G/100G in AIM algorithm (Ivan Vecera) [2119477 2037976]
- iavf: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119477 2037976]
- iavf: remove an unneeded variable (Ivan Vecera) [2119477 2037976]
- iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2119477 2037976]
- iavf: switch to napi_build_skb() (Ivan Vecera) [2119477 2037976]
- iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2119477 2037976]
- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2119477 2037976]
- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2119477 2037976]
- iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2119477 2037976]
- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2119477 2037976]
- virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2119477 2037976]
- virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2119477 2037976]
- virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2119477 2037976]
- iavf: do not override the adapter state in the watchdog task (again) (Ivan Vecera) [2119477 2037976]
- iavf: missing unlocks in iavf_watchdog_task() (Ivan Vecera) [2119477 2037976]
- iavf: Fix reporting when setting descriptor count (Ivan Vecera) [2119477 2037976]
- iavf: restore MSI state on reset (Ivan Vecera) [2119477 2037976]
- iavf: Fix displaying queue statistics shown by ethtool (Ivan Vecera) [2119477 2037976]
- iavf: Refactor string format to avoid static analysis warnings (Ivan Vecera) [2119477 2037976]
- iavf: Refactor text of informational message (Ivan Vecera) [2119477 2037976]
- iavf: Fix static code analysis warning (Ivan Vecera) [2119477 2037976]
- iavf: Refactor iavf_mac_filter struct memory usage (Ivan Vecera) [2119477 2037976]
- iavf: Enable setting RSS hash key (Ivan Vecera) [2119477 2037976]
- iavf: Add trace while removing device (Ivan Vecera) [2119477 2037976]
- iavf: return errno code instead of status code (Ivan Vecera) [2119477 2037976]
- iavf: Log info when VF is entering and leaving Allmulti mode (Ivan Vecera) [2119477 2037976]
- iavf: Add change MTU message (Ivan Vecera) [2119477 2037976]
- iavf: Fix VLAN feature flags after VFR (Ivan Vecera) [2119477 2037976]
- iavf: Fix refreshing iavf adapter stats on ethtool request (Ivan Vecera) [2119477 2037976]
- iavf: Fix deadlock occurrence during resetting VF interface (Ivan Vecera) [2119477 2037976]
- iavf: Prevent changing static ITR values if adaptive moderation is on (Ivan Vecera) [2119477 2037976]
- iavf: Restore VLAN filters after link down (Ivan Vecera) [2119477 2037976]
- iavf: Fix for setting queues to 0 (Ivan Vecera) [2119477 2037976]
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Ivan Vecera) [2119477 2037976]
- iavf: validate pointers (Ivan Vecera) [2119477 2037976]
- iavf: prevent accidental free of filter structure (Ivan Vecera) [2119477 2037976]
- iavf: Fix failure to exit out from last all-multicast mode (Ivan Vecera) [2119477 2037976]
- iavf: don't clear a lock we don't hold (Ivan Vecera) [2119477 2037976]
- iavf: free q_vectors before queues in iavf_disable_vf (Ivan Vecera) [2119477 2037976]
- iavf: check for null in iavf_fix_features (Ivan Vecera) [2119477 2037976]
- iavf: Fix return of set the new channel count (Ivan Vecera) [2119477 2037976]
- iavf: Fix kernel BUG in free_msi_irqs (Ivan Vecera) [2119477 2037976]
- iavf: Add helper function to go from pci_dev to adapter (Ivan Vecera) [2119477 2037976]
- iavf: Combine init and watchdog state machines (Ivan Vecera) [2119477 2037976]
- iavf: Add __IAVF_INIT_FAILED state (Ivan Vecera) [2119477 2037976]
- iavf: Refactor iavf state machine tracking (Ivan Vecera) [2119477 2037976]
- iavf: fix double unlock of crit_lock (Ivan Vecera) [2119477 2037976]
- iavf: use mutexes for locking of critical sections (Ivan Vecera) [2119477 2037976]
- iavf: fix locking of critical sections (Ivan Vecera) [2119477 2037976]
- iavf: do not override the adapter state in the watchdog task (Ivan Vecera) [2119477 2037976]
- redhat: nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue)) (John Meneghini) [2118698 2112031]
- x86/platform/uv: Log gap hole end size (Frank Ramsay) [2107732 2074097]
- x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2107732 2074097]
- x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2107732 2074097]
- cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (Steve Best) [2099417 2072886]
- [s390] RDMA/mlx5: Fix number of allocated XLT entries (Mete Durlu) [2092270 2088360]

[5.14.0-70.24.1.el9_0]
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2117756 2108624]
- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2117756 2066146]
- nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2117756 2066146]
- nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2117756 2066146]
- block: fix surprise removal for drivers calling blk_set_queue_dying (Gopal Tiwari) [2117755 2066146]
- nvme-tcp: fix bogus request completion when failing to send AER (Gopal Tiwari) [2117755 2066146]
- nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2117755 2066146]
- kvm: x86: Add CPUID support for Intel AMX (David Arcari) [2108203 1924149]

[5.14.0-70.23.1.el9_0]
- block: limit request dispatch loop duration (Ming Lei) [2111395 2066297]
- block: ensure plug merging checks the correct queue at least once (Ming Lei) [2111395 2066297]
- net/mlx5e: Don't block routes with nexthop objects in SW (Mohammad Kabat) [2092535 2061799]
- net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects are used (Mohammad Kabat) [2092535 2049450]

_______________________________________________