ELSA-2021-9084 - Unbreakable Enterprise kernel security update

Release Date:2021-03-12


- ovl: restore creds in all return paths of ovl_iterate (Somasundaram Krishnasamy) [Orabug: 32620381]

- block/diskstats: accumulate all per-cpu counters in one pass (Konstantin Khlebnikov) [Orabug: 32531559]
- uek-rpm: config-aarch-embedded2 update for Jan 2021 Elba patches (Dave Kleikamp) [Orabug: 32532588]
- dts/pensando: Fix compatile -> compatible typeo. (David Clear) [Orabug: 32532588]
- Interrupt domain controllers for Elba ASIC. (David Clear) [Orabug: 32532588]
- elba_defconfig: CONFIG_PTP_1588_CLOCK=y (David Clear) [Orabug: 32532588]
- soc/pensando: pcie driver (David Clear) [Orabug: 32532588]
- pcie: control access to pcie clock domain registers (David Clear) [Orabug: 32532588]
- mmc: sdhci-cadence-elba ADMA and HS200 tuning support (David Clear) [Orabug: 32532588]
- enable rcu callback offloading & adaptive tick mode to reduce jitter (David Clear) [Orabug: 32532588]
- uek-rpm: Enable perf trace support for OL7 kernel builds. (Mridula Shastry) [Orabug: 32528194]
- uek-rpm: update config-aarch-embedded2 for Elba (Dave Kleikamp) [Orabug: 32361844]
- elba: u-boot environment partitions in the device-tree (David Clear) [Orabug: 32361844]
- i2c: Add Elba Ortano Lattice RD1173 I2C controller driver. (David Clear) [Orabug: 32361844]
- elba: one more mnet for elba.dtsi (David Clear) [Orabug: 32361844]
- elba: Add IPv6 support to elba_defconfig (David Clear) [Orabug: 32361844]
- mmc: sdhci-cadence-elba sdhci driver cleanup (David Clear) [Orabug: 32361844]
- spi-dw: custom chip-select handler for elba (David Clear) [Orabug: 32361844]
- arch/arm64: Pensando elba dts and config files (David Clear) [Orabug: 32361844]
- drivers/soc/pensando: crash dump driver. (David Clear) [Orabug: 32361844]
- drivers/pensando/soc: Boot State Machine (BSM) integration. (David Clear) [Orabug: 32361844]
- drivers/soc/pensando: /dev/capmem driver. (David Clear) [Orabug: 32361844]
- drivers/mmc/host: Pensando Elba support in the Cadence EMMC host controller (David Clear) [Orabug: 32361844]
- drivers/gpio: support the Elba SPI chip-selects. (David Clear) [Orabug: 32361844]
- arch/arm64: Pensando Elba SoC declaration. (David Clear) [Orabug: 32361844]
- mmc: sdhci-cadence: fix PHY write (Vladimir Kondratiev) [Orabug: 32361844]
- mmc: sdhci-cadence: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN for UniPhier (Masahiro Yamada) [Orabug: 32361844]
- mmc: sdhci-cadence: remove unneeded 'inline' marker (Masahiro Yamada) [Orabug: 32361844]
- mmc: sdhci-cadence: use struct_size() helper (Gustavo A. R. Silva) [Orabug: 32361844]
- mmc: sdhci-cadence: fix logically and structurally dead code (Gustavo A. R. Silva) [Orabug: 32361844]
- mmc: sdhci-cadence: send tune request twice to work around errata (Masahiro Yamada) [Orabug: 32361844]
- mmc: sdhci-cadence: use bitfield access macros for cleanup (Masahiro Yamada) [Orabug: 32361844]
- Revert 'Support the reset pulse width from the device-tree.' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Initial Pensando Capri SoC declaration' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Add Capri EMMC phy and instantiate the driver in the dts' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Capri SPI driver' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Interrupt domain controllers for Capri ASIC.' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Add uio support for Capri PCIE and Link interrupts' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Pensando/Capri PCIE panic handler.' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Pensando crash dump driver' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Pensando Boot State Machine (BSM) integration.' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Add mnic nodes to the Pensando devicetree' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'mtd/spi-nor/cadence-quadspi.c: Speed up reads.' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Add /proc/xmaps' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Add Pensando Capri board .dts files and default configs' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Provide for precise control of pgprot for Pensando' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Kconfig option to disable outer-cache-allocate for Pensando' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Add /dev/capmem driver for Pensando' (Dave Kleikamp) [Orabug: 32361844]
- Revert 'Make low-speed APB bus accesses single threaded' (Dave Kleikamp) [Orabug: 32361844]
- sched/topology: Assert non-NUMA topology masks don't (partially) overlap (Valentin Schneider) [Orabug: 32485794]
- x86/msr: Add a pointer to an URL which contains further details (Borislav Petkov) [Orabug: 32409137]
- x86/msr: Downgrade unrecognized MSR message (Borislav Petkov) [Orabug: 32409137]
- x86/msr: Do not allow writes to MSR_IA32_ENERGY_PERF_BIAS (Borislav Petkov) [Orabug: 32409137]
- x86/msr: Prevent userspace MSR access from dominating the console (Chris Down) [Orabug: 32409137]
- x86/msr: Filter MSR writes (Borislav Petkov) [Orabug: 32409137]
- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32409137]
- tools/power/turbostat: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32409137]
- tools/power/cpupower: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32409137]
- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422664]
- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422664]
- ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32435220] {CVE-2020-16120}
- ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32435220] {CVE-2020-16120}
- ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32435220]
- l2tp: fix race in pppol2tp_release with session object destroy (James Chapman) [Orabug: 32435324]
- l2tp: fix races with tunnel socket close (James Chapman) [Orabug: 32435324]
- l2tp: don't use inet_shutdown on ppp session destroy (James Chapman) [Orabug: 32435324]
- l2tp: don't use inet_shutdown on tunnel destroy (James Chapman) [Orabug: 32435324]
- l2tp: exit_net cleanup check added (Vasily Averin) [Orabug: 32435324]
- l2tp: remove the .tunnel_sock field from struct pppol2tp_session (Guillaume Nault) [Orabug: 32435324]
- l2tp: avoid using ->tunnel_sock for getting session's parent tunnel (Guillaume Nault) [Orabug: 32435324]
- l2tp: remove .tunnel_sock from struct l2tp_eth (Guillaume Nault) [Orabug: 32435324]
- l2tp: don't close sessions in l2tp_tunnel_destruct() (Guillaume Nault) [Orabug: 32435324]
- l2tp: remove field 'dev' from struct l2tp_eth (Guillaume Nault) [Orabug: 32435324]
- l2tp: remove l2tp_tunnel_count and l2tp_session_count (Guillaume Nault) [Orabug: 32435324]
- l2tp: remove ->ref() and ->deref() (Guillaume Nault) [Orabug: 32435324]
- net: l2tp: mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 32435324]
- l2tp: initialise PPP sessions before registering them (Guillaume Nault) [Orabug: 32435324]
- rds: CONFIG_RDS_DEBUG + tracepoints breaks rds build (Alan Maguire) [Orabug: 32442506]
- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
- futex: Don't enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447189] {CVE-2021-3347}
- nbd: freeze the queue while we're adding connections (Josef Bacik) [Orabug: 32447287] {CVE-2021-3348}
- rds: avoid crash on IB conn path shutdown prepare (Alan Maguire) [Orabug: 32457375]
- net/rds: WARNING in rds_conn_drop (Ka-Cheong Poon) [Orabug: 32481707]
- rds: tracepoints incorrectly reporting valid rds ping as drop (Alan Maguire) [Orabug: 32490010]
- rds: tracepoint-related KASAN: use-after-free Read in rds_send_xmit (Alan Maguire) [Orabug: 32490032]
- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492279]
- selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492279]

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) kernel-uek-4.14.35-2047.501.1.el7uek.src.rpm3146de9f5df76385174b4fd0720f6910ELSA-2021-9220
Oracle Linux 7 (x86_64) kernel-uek-4.14.35-2047.501.1.el7uek.src.rpm3146de9f5df76385174b4fd0720f6910ELSA-2021-9220

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team