394 Star 1.4K Fork 1.3K

GVPopenEuler / kernel

2023-06-13 20:57
zhangchangzhong

1TASK


4.19.90-2306.1.0~1...4.19.90-2306.3.0


TASK COMMIT
bugzilla: #I79V8S:CVE-2023-3006 0211ac08b393 arm64: Add AMPERE1 to the Spectre-BHB affected list
bugzilla: #I6TPN9:【syzkaller】WARNING in sk_stream_kill_queues 31b82122185b sctp: Call inet6_destroy_sock() via sk->sk_destruct().
8267b0d5924d net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
fe2eb442a625 dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
bugzilla: #I6YKXB:CVE-2023-31084 cfbabcb30713 media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
bugzilla: #I7BQZ0:鲲鹏920潮汐affinity带宽感知功耗优化需求 ce35ded5d577 sched: smart grid: init sched_grid_qos structure on QOS purpose
713cfd2684fa sched: Introduce smart grid scheduling strategy for cfs
bugzilla: #I7BZ5U:[openEuler-1.0-LTS] linux-4.19.y bugfix回合 aaf2ccb45d17 ipmi: fix SSIF not responding under certain cond.
b0afa0fa6f02 ipmi_ssif: Rename idle state and check
c68cb2370f53 mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
13e4745bdae1 printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
e84cc7b8907c serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
5195a946c535 tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
dd9c02c5488f af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
5fd1535ba1ee nohz: Add TICK_DEP_BIT_RCU
b17c92472f1d perf/core: Fix hardlockup failure caused by perf throttle
56ce204e20e4 of: Fix modalias string generation
1606722329bb tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
e76e6556ee86 ipv4: Fix potential uninit variable access bug in __ip_make_skb()
262311ea9156 crypto: drbg - Only fail when jent is unavailable in FIPS mode
72a9e727cf4e crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
e773dd0e65fb net/packet: convert po->auxdata to an atomic flag
e7ca048556fe net/packet: convert po->origdev to an atomic flag
925fad9e4728 ring-buffer: Sync IRQ works before buffer destruction
02fde7c4d742 dccp: Call inet6_destroy_sock() via sk->sk_destruct().
85d76b96a410 inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
7d023a7e0bd5 tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
f5b6756a2ead udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
bugzilla: #I73DDA:主线问题修复 828b20a29f48 lib/cmdline: fix get_option() for strings starting with hyphen
a81561c6714b of: overlay: fix for_each_child.cocci warnings
bugzilla: 188446, #I6DK3O:【OLK-5.10】执行fs_fusiontest测试套test_fs_fusion174用例,触发KASAN: stack-out-of-bounds Read in unwind_next_frame 26e94eaf2280 kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
bugzilla: #I79LIO:CVE-2023-2985 16f9da385df3 fs: hfsplus: fix UAF issue in hfsplus_put_super
bugzilla: 187268, #I76JDY:【OLK-5.10】WARNING in iomap_apply a325a2698de5 block: Fix the partition start may overflow in add_partition()
ad0628d34225 block: refactor blkpg_ioctl
bugzilla: 188799, #I79QWO:【OLK-5.10】KASAN: use-after-free Read in sock_shutdown 4b53fff3a622 nbd: get config_lock before sock_shutdown
bugzilla: #I7ASU6:CVE-2023-2860 d9d1ff020291 ipv6: sr: fix out-of-bounds read when setting HMAC data.
bugzilla: #I78SWJ:dm设备创建过程中alloc dax失败触发panic ee776389220b dm: add disk before alloc dax
bugzilla: #I79ZEK:dm-thin-pool kworker与drop cache并发触发死锁 c7ca9c064ae0 dm thin: Fix ABBA deadlock by resetting dm_bufio_client

2CVE


CVE issue
CVE-2023-2860 #I7ASU6:CVE-2023-2860
CVE-2023-2985 #I79LIO:CVE-2023-2985
CVE-2023-3006 #I79V8S:CVE-2023-3006
CVE-2023-31084 #I6YKXB:CVE-2023-31084
2023-06-06 21:30
zhangchangzhong

1TASK


4.19.90-2305.4.0~1...4.19.90-2306.1.0


TASK COMMIT
bugzilla: #I70WHL:ext4 日志checkpoint与do_get_write_access并发可能导致buffer dirty被清除没有落盘 d55550a76967 jbd2: remove t_checkpoint_io_list
4d00544e8fe7 jbd2: recheck chechpointing non-dirty buffer
bugzilla: #I6UVFG:鲲鹏上使用20.03 sp2 4.19内核跑fio任务,对比x86的centos 7.6 3.10内核读写性能差,中断多 b06e74f5f8a2 irqchip/gic-v3-its: Balance initial LPI affinity across CPUs
a7293ea13285 irqchip/gic-v3-its: Track LPI distribution on a per CPU basis
bugzilla: #I7781Q:CVE-2023-33288 b1e67cfbc36b power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
bugzilla: #I79V6E:替换mq的时候出现空指针访问问题 90dd65871201 net: sched: fix NULL pointer dereference in mq_attach

2CVE


CVE issue
CVE-2023-33288 #I7781Q:CVE-2023-33288
2023-05-31 09:52
zhangchangzhong

1TASK


4.19.90-2305.3.0~1...4.19.90-2305.4.0


TASK COMMIT
bugzilla: #I78PCH:【openEuler-1.0-LTS】cpufreq:conservative: Add a switch to enable fast mode 75704b66dfba cpufreq: conservative: Add a switch to enable fast mode
bugzilla: #I78RHX:[openEuler-1.0-LTS] 【长稳】kmemleak检测到内存泄露(pm_check_save_msr) b6a8455c8958 x86/pm: Fix false positive kmemleak report in msr_build_context()
bugzilla: #I52XND:CVE-2022-1280 fedecbf14c46 drm: Lock pointer access in drm_master_release()
9d5d59994e3f drm: Fix use-after-free read in drm_getunique()
bugzilla: #I77WRQ:[openEuler-1.0-LTS] 主线补丁回合of: overlay: kmemleak in dup_and_fixup_symbol_prop() 572d59a1eb4f of: overlay: kmemleak in dup_and_fixup_symbol_prop()
4e3707f2728f iommu/dma: Fix MSI reservation allocation
bugzilla: #I787JE:【openEuler-1.0-LTS】主线补丁回合 lib/stackdepot.c: fix global out-of-bounds in stack_slabs 151f428b6fde lib/stackdepot.c: fix global out-of-bounds in stack_slabs
bugzilla: #I70RD3:[openEuler-1.0-LTS] rcu: Use *_ONCE() to protect lockless ->expmask accesses b6852ac3afe2 rcu: Use *_ONCE() to protect lockless ->expmask accesses
bugzilla: #I72C6P:配置iommu直通报错 98e12a77646f iommu: Don't print warning when IOMMU driver only supports unmanaged domains
bugzilla: 188791,#I76XUJ:【OLK 同步】【syzkaller】KASAN: slab-out-of-bounds in crc16 ae9d60b7064b ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

2CVE


CVE issue
CVE-2022-1280 #I52XND:CVE-2022-1280
2023-05-24 09:46
zhangchangzhong

1TASK


4.19.90-2305.2.0~1...4.19.90-2305.3.0


TASK COMMIT
bugzilla: #I71F49:CVE-2023-32233 17b61a6c6e34 netfilter: nf_tables: deactivate anonymous set from preparation phase
bugzilla: #I6V709:GNU ar (GNU Binutils for Ubuntu) 2.26.1 编译4.19内核编译失败 2b05b5e194b8 x86/msr-index: make SPEC_CTRL_IBRS assembler-portable
bugzilla: #I6X4UN:CVE-2023-2124 f5a69974a960 xfs: verify buffer contents when we skip log replay
bugzilla: #I6WRGD:【openEuler-1.0-LTS】KVM pvsched bug b699af9b37a2 kvm: arm64: fix some pvsched bugs

2CVE


CVE issue
CVE-2023-2124 #I6X4UN:CVE-2023-2124
CVE-2023-32233 #I71F49:CVE-2023-32233
2023-05-13 10:37
zhangchangzhong

1TASK


4.19.90-2305.1.0~1...4.19.90-2305.2.0


TASK COMMIT
bugzilla: 188766, #I72J0M:【openEuler 20.03-LTS-SP3】【arm/x86】ltp执行用例bind04失败 3716f8b55f38 net: sctp: update stream->incnt after successful allocation of stream_in
bugzilla: #I71UGQ:MPAM中断注册失败提示信息修改 547d96244681 arm64/mpam: modify mpam irq register error log
bugzilla: #I722EJ:[openEuler-1.0-LTS] openeuler_defconfig: Add configuration items for zhaoxin 7a9fe891747c openeuler_defconfig: Add configuration items for zhaoxin
bugzilla: #I6WHKQ:CVE-2023-2002 63055a9f3225 bluetooth: Perform careful capability checks in hci_sock_ioctl()
bugzilla: #I70OFF:CVE-2023-32269 768851b2ba7b netrom: Fix use-after-free caused by accept on already connected socket
bugzilla: #I6J3EV:[openEuler-1.0-LTS] Add Zhaoxin I2C driver 735c81b4d33c i2c: Add Zhaoxin I2C driver
bugzilla: #I70T8Z:【4.19 Backport】mm: memcontrol: switch to rcu protection in drain_all_stock() 1bcf784ab18f mm: memcontrol: switch to rcu protection in drain_all_stock()
bugzilla: #I6X8PA:allyesconfig 编译失败 69e990d3a8e9 scsi/hifc: Fix compile error in allyesconfigs
6ba57e271892 net/hinic: Fix compile error in allyesconfigs
bugzilla: #I71KVZ:[openEuler-1.0-LTS] a use-after-free bug in uncore_pci_remove() need to be fixed 6368e6891dbf x86/perf: fix use-after-free bug in uncore_pci_remove()
bugzilla: #I6J50I:[openEuler-1.0-LTS] Add support for Zhaoxin SM3 and SM4 instruction 358c7df96d1c crypto: Driver for Zhaoxin GMI SM4 Block Cipher Algorithm
81b22f5c7b0f crypto: Driver for Zhaoxin GMI SM3 Secure Hash algorithm
bugzilla: #I715PM:[openEuler-1.0-LTS] linux-4.19.y lts补丁分析回合(4.19.279-4.19.281) dfe264f8de77 ipv6: Fix an uninit variable access bug in __ip6_make_skb()
bugzilla: #I6J1F6:[openEuler-1.0-LTS] Add Zhaoxin ACE driver 0f74c26725b8 crypto: Add Zhaoxin ACE driver
bugzilla: #I6J28W:[openEuler-1.0-LTS] Add support of turbo boost control interface for Zhaoxin CPUs 0f84577f13e7 cpufreq: ACPI: Add Zhaoxin/Centaur turbo boost control interface support
bugzilla: #I6J139:[openEuler-1.0-LTS] Add Zhaoxin rng driver 050ff2f361bf hwrng: Add Zhaoxin rng driver
bugzilla: #I62VRB:[openEuelr-1.0-LTS] USB: HCD: Fix URB giveback issue in tasklet function a43f121a7a5d USB: HCD: Fix URB giveback issue in tasklet function
bugzilla: #I6IZG5:[openEuler-1.0-LTS] ACPI, x86: Improve Zhaoxin processors support for NONSTOP TSC 8b3eb0b595d3 ACPI, x86: Improve Zhaoxin processors support for NONSTOP TSC

2CVE


CVE issue
CVE-2023-2002 #I6WHKQ:CVE-2023-2002
CVE-2023-32269 #I70OFF:CVE-2023-32269
2023-05-09 20:36
zhangchangzhong

1TASK


4.19.90-2304.5.0~1...4.19.90-2305.1.0


TASK COMMIT
bugzilla: #I715PM:[openEuler-1.0-LTS] linux-4.19.y lts补丁分析回合(4.19.279-4.19.281) dfe264f8de77 ipv6: Fix an uninit variable access bug in __ip6_make_skb()
f2f214e03ac5 cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
091d8aaeefec verify_pefile: relax wrapper length check
a0b7ac46ca09 udp6: fix potential access to stale information
72aa5504a320 mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
10bbeae84886 ftrace: Mark get_lock_parent_ip() __always_inline
45d428d0ee55 perf/core: Fix the same task check in perf_event_set_output
4f4f55aaab91 net: don't let netpoll invoke NAPI if in xmit context
d4d35e459ea1 icmp: guard against too small mtu
e7b1f6981d9c sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
ad628dadd52e dm stats: check for and propagate alloc_percpu failure
571b0419f2d6 dm thin: fix deadlock when swapping to thin device
bugzilla: #I6WPFT:【openEuler 1.0-LTS】【OLK-5.10】新增handle_fasteoi_edge_ir修复中断亲和性设置失败问题 94b461f6f354 genirq: introduce handle_fasteoi_edge_irq for phytium
a95cc4dafae3 genirq: introduce handle_fasteoi_edge_irq flow handler
109f327dd9f1 Revert "genirq: Remove irqd_irq_disabled in __irq_move_irq"
57640b7f1678 Revert "config: enbale irq pending config for openeuler"
dd3c29a33e06 Revert "genirq: introduce CONFIG_GENERIC_PENDING_IRQ_FIX_KABI"
861bab7039b5 Revert "irqchip/gic-v3-its: introduce CONFIG_GENERIC_PENDING_IRQ"
bugzilla: 188707, #I6VK2F:CVE-2023-2007 0efeeaf3c7d1 scsi: dpt_i2o: Remove obsolete driver
bugzilla: 188015, #I6OERX:【OLK-5.10】md主线补丁回合 6e7c8275aa34 md: extend disks_mutex coverage
2ebcef2d5cb7 md: use msleep() in md_notify_reboot()
87c2c3870ca6 md: fix double free of mddev->private in autorun_array()
bugzilla: 188569, #I6ZG5B:【OLK-5.10】设置坏块时与预期不一致 19ee4891a5e7 block/badblocks: fix badblocks loss when badblocks combine
b36ddbdb0cea block/badblocks: fix the bug of reverse order
efa964ee4749 block: Only set bb->changed when badblocks changes
bugzilla: 188553, #I6TNFX:【OLK同步】生命周期并发插拔盘,提示sysfs重复 4f5666c8cf49 md: fix sysfs duplicate file while adding rdev
52e332f2e418 md: replace invalid function flush_rdev_wq() with flush_workqueue()
bugzilla: #I718K0:【OLK-5.10】KASAN: use-after-free Write in collect_expired_timers d8503f10b41d bonding: Fix memory leak when changing bond type to Ethernet
bugzilla: #I6YQZS:CVE-2023-2269 958bfa705d8e dm ioctl: fix nested locking in table_clear() to remove deadlock concern
bugzilla: #I6WCC1:【OLK-5.10】BUG: soft lockup in sys_wait4 63043b7557cf timers/nohz: Last resort update jiffies on nohz_full IRQ entry
bugzilla: #I6WNGK:【OLK-5.10/openEuler-1.0-LTS】WARNING: proc registration bug in bond_netdev_event 5e25dec63b45 bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
5bcf7783da27 bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
bugzilla: #I6ZWOL:CVE-2023-2483 055345a5d7fb net: qcom/emac: Fix use after free bug in emac_remove due to race condition
bugzilla: #I70MZX:ovl: get_acl:在rcu路径存在空指针解引用问题 54f2fb061dd5 ovl: get_acl: Fix null pointer dereference at realinode in rcu-walk mode
bugzilla: #I6ZISA:CVE-2023-31436 e769145ba5ed net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
bugzilla: 188499, #I6TNVT:【OLK-5.10 同步】[syzkaller] WARNING in ext4_da_update_reserve_space 8c1d63f6de21 ext4: only update i_reserved_data_blocks on successful block allocation
bugzilla: #I6RKHX:mm: mem_reliable: Set child task's reliable_nr_page to zero during fork 3fbf32b8a2d7 mm: mem_reliable: Use zone_page_state to count free reliable pages
bugzilla: 188601, #I6TNTC:【OLK-5.10 同步】[syzkaller] KASAN: null-ptr-deref Write in bdi_split_work_to_wbs 641e7fcc458c writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
bugzilla: 188712,#I6X47E:CVE-2023-2177 703397c74f8f sctp: leave the err path free in sctp_stream_init to sctp_stream_free
bugzilla: #I6X49E:CVE-2023-2176 5ca384e3b0a1 RDMA/core: Refactor rdma_bind_addr
be16dfab24cc Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow"
bugzilla: #I6ZCW0:overlay: 使用acl cache优化路径查找性能 c309468e7759 fix kabi broken due to import new inode operation get_inode_acl
e01a5e43ccfb ovl: enable RCU'd ->get_acl()
527b26b1c422 vfs: add rcu argument to ->get_acl() callback

2CVE


CVE issue
CVE-2023-2007 #I6VK2F:CVE-2023-2007
CVE-2023-2176 #I6X49E:CVE-2023-2176
CVE-2023-2177 #I6X47E:CVE-2023-2177
CVE-2023-2269 #I6YQZS:CVE-2023-2269
CVE-2023-2483 #I6ZWOL:CVE-2023-2483
CVE-2023-31436 #I6ZISA:CVE-2023-31436
2023-04-26 11:33
zhangchangzhong

1TASK


4.19.90-2304.4.0~1...4.19.90-2304.5.0


TASK COMMIT
bugzilla: #I51UWX:【openEuler 20.03-LTS-SP3】hns roce inline超规格上限场景拦截 18f1f2023e7b RDMA/hns: Add check for user-configured max_inline_data value
bugzilla: #I6W80A:CVE-2023-30772 5f77c283a409 power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
bugzilla: #I6XHPL:CVE-2023-2194 b735f6696a2f i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
bugzilla: #I6X2LV:kmemleak检测到内存泄露 08551f225d8b audit: fix a memleak caused by auditing load module
bugzilla: #I6WB6P:【openEuler 1.0-LTS】UBSAN: shift-out-of-bounds in net/ipv4/tcp_input.c:545:23 091ae3d555f2 tcp: restrict net.ipv4.tcp_app_win
bugzilla: #I6V7TU:CVE-2023-1998 21f0fb9d4b2a x86/speculation: Allow enabling STIBP with legacy IBRS
bugzilla: #I6WKM7:arm-smmu-v3 存在内存释放后重用bug f7f1638905b2 iommu/arm-smmu-v3: Fix UAF when handle evt during iommu group removing
bugzilla: #I6J0SW:[openEulre-1.0-LTS] ata: sata_zhaoxin: Update Zhaoxin Serial ATA product name 2ee4396a8c61 ata: sata_zhaoxin: Update Zhaoxin Serial ATA product name

2CVE


CVE issue
CVE-2023-1998 #I6V7TU:CVE-2023-1998
CVE-2023-2194 #I6XHPL:CVE-2023-2194
CVE-2023-30772 #I6W80A:CVE-2023-30772
2023-04-19 09:31
zhangchangzhong

1TASK


4.19.90-2304.3.0~1...4.19.90-2304.4.0


TASK COMMIT
bugzilla: #I6U7AN:CVE-2023-30456 3987c8362591 KVM: nVMX: add missing consistency checks for CR0 and CR4
bugzilla: 188685, #I5QLC4:CVE-2022-36280 5e4437d3b1a3 drm/vmwgfx: Validate the box size for the snooped cursor
bugzilla: #I6UYBU:CVE-2023-1829 261ad491b1f8 net/sched: Retire tcindex classifier
bugzilla: #I6FB6C:CVE-2022-27672 7a79450e621f Documentation/hw-vuln: Fix rST warning
1101214616ad Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
4c403c8ede37 KVM: x86: Mitigate the cross-thread return address predictions bug
944927af1f37 x86/speculation: Identify processors vulnerable to SMT RSB predictions
133b46382cf0 cpu/SMT: create and export cpu_smt_possible()
bugzilla: #I6UW64:CVE-2023-1990 a5f1c66087f9 nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
bugzilla: #I6UW68:CVE-2023-1989 ba592ac92ca1 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

2CVE


CVE issue
CVE-2022-27672 #I6FB6C:CVE-2022-27672
CVE-2023-1829 #I6UYBU:CVE-2023-1829
CVE-2023-1989 #I6UW68:CVE-2023-1989
CVE-2023-1990 #I6UW64:CVE-2023-1990
CVE-2023-30456 #I6U7AN:CVE-2023-30456
CVE-2022-36280 #I5QLC4:CVE-2022-36280
2023-04-11 22:58
zhangchangzhong

1TASK


4.19.90-2304.1.0~1...4.19.90-2304.3.0


TASK COMMIT
bugzilla: 188657, #I6T36A:CVE-2023-1855 980077ee512a hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
bugzilla: 188641, #I6R4MM:CVE-2023-1670 f4ba1c5f4e4f xirc2ps_cs: Fix use after free bug in xirc2ps_detach
bugzilla: 188655, #I6T36H:CVE-2023-1859 6740b62b2ef8 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
bugzilla: #I6TIG1:【openeuler-1.0-LTS】linux-4.19.y lts补丁回合(4.19.273-4.19.279) c6efc48af630 bpf: add missing header file include
bb47af81b6ab uaccess: Add speculation barrier to copy_from_user()
fff0900750dc random: always mix cycle counter in add_latent_entropy()
8295451eac31 x86/mm: Fix use of uninitialized buffer in sme_enable()
9188d63895a7 ext4: fail ext4_iget if special inode unallocated
484d277946ab ext4: zero i_disksize when initializing the bootloader inode
8c2b61430618 irqdomain: Drop bogus fwspec-mapping error handling
02f71880b1bc irqdomain: Fix disassociation race
1db520826324 irqdomain: Fix association race
a96794fa4925 x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
754bca977c79 x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
4baf67fc8fe0 x86/bugs: Reset speculation control settings on init
960d6b2a68e6 timers: Prevent union confusion from unexpected restart_syscall()
902690527224 crypto: rsa-pkcs1pad - Use akcipher_request_complete
6196963fbeb9 crypto: seqiv - Handle EBUSY correctly
11b6c1a2b202 ACPI: battery: Fix missing NUL-termination with large strings
721f9208f560 ACPICA: nsrepair: handle cases without a return value correctly
09f78ae49e12 genirq: Fix the return type of kstat_cpu_irqs_sum()
e0ccb64b8344 ACPI: NFIT: fix a potential deadlock during NFIT teardown
32bc48867637 alarmtimer: Prevent starvation by small intervals and SIG_IGN
bugzilla: #I6TJ97:tracing:回合主线修复潜在内存乱序问题的补丁 19ad53da9465 ring-buffer: Fix race while reader and writer are on the same page
bugzilla: #I6TI3Y:【同步社区4.19lts】cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock 6ea7c5e7c10c cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
b48ceb10050c cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
f49afae4d30e cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
bugzilla: #I6TI3Y:【同步社区4.19lts】cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock 1ffff6958523 Revert "cgroup/cpuset: Change cpuset_rwsem and hotplug lock order"
5faaedb6b760 Revert "cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock"
7d8391de2f63 Revert "cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()"
bugzilla: #I6MRB5:【openEuler 1.0-LTS】block: fix scan partition for exclusively open device again ad2c2fb94f6c block: fix wrong mode for blkdev_put() from disk_scan_partitions()
fb5186196e26 block: fix scan partition for exclusively open device again
cdfb5c11ad89 block: fix kabi broken in ioctl.c
efc73feb2901 block: merge disk_scan_partitions and blkdev_reread_part
fbbec472351c block: cleanup partition scanning in register_disk
33b040f77d59 block: Revert "block: check 'bd_super' before rescanning partition"
bugzilla: #I6T6VY:【openEuler-1.0-LTS】md: refactor idle/frozen_sync_thread() d0acf215de83 md: fix kabi broken in struct mddev
e990c8140609 md: use interruptible apis in idle/frozen_sync_thread
dadf056356b1 md: wake up 'resync_wait' at last in md_reap_sync_thread()
969e6f89624f md: refactor idle/frozen_sync_thread()
d2a9f128efd3 md: add a mutex to synchronize idle and frozen in action_store()
dd9fcd211132 md: refactor action_store() for 'idle' and 'frozen'
bugzilla: #I6RKHX:mm: mem_reliable: Set child task's reliable_nr_page to zero during fork 8b29c3675923 mm: mem_reliable: Initialize reliable_nr_page when mm_init()
bugzilla: #I6SJI1:【openEuelr 1.0-LTS】md: fix soft lockup in status_resync 07193bd7bd92 md: fix soft lockup in status_resync
dfd1a3692fa8 md: don't update recovery_cp when curr_resync is ACTIVE
a89f484219c9 md: Ensure resync is reported after it starts
f4c09a4e9723 md: Use enum for overloaded magic numbers used by mddev->curr_resync
bugzilla: 188586, #I6TFPJ:【OLK-5.10】BUG: KASAN: null-ptr-deref in device_del ced482be8693 loop: Add parm check in loop_control_ioctl
bugzilla: #I6LH5K:[openEuler-1.0-LTS]从 cfq 切换为其他调度器wbt将不会使能 5b16ba935e47 block/wbt: enable wbt after switching cfq to other schedulers
bugzilla: #I6T1EY:CVE-2023-1838 ca27f8069629 Fix double fget() in vhost_net_set_backend()
bugzilla: #I6TE76:【openEuler-1.0-LTS】vruntime溢出问题补丁回合 2ff1290e7767 sched/fair: Sanitize vruntime of entity being migrated
9b35c87f205d sched/fair: sanitize vruntime of entity being placed
c0f17a99bce2 Revert "sched: Reinit task's vruntime if a task sleep over 200 days"
bugzilla: #I6PQCT:CVE-2023-1611 88466df56775 btrfs: fix race between quota disable and quota assign ioctls

2CVE


CVE issue
CVE-2023-1611 #I6PQCT:CVE-2023-1611
CVE-2023-1670 #I6R4MM:CVE-2023-1670
CVE-2023-1838 #I6T1EY:CVE-2023-1838
CVE-2023-1855 #I6T36A:CVE-2023-1855
CVE-2023-1859 #I6T36H:CVE-2023-1859
CVE-2023-0459 #I71N8L:CVE-2023-0459
2023-04-04 19:32
zhangchangzhong

1TASK


4.19.90-2303.6.0~1...4.19.90-2304.1.0


TASK COMMIT
bugzilla: #I6SMBI:ext4 buffer部分写可能导致idisk_size大于i_size 4badc771d324 ext4: Fix i_disksize exceeding i_size problem in paritally written case
bugzilla: #I6MMUV:ext4反复挂载做故障注入可能导致日志部分重演,造成文件系统损坏 7962560cb7fc ext4: ext4_put_super: Remove redundant checking for 'sbi->s_journal_bdev'
8b8c3195c877 ext4: Fix reusing stale buffer heads from last failed mounting
bugzilla: #I6OOP3:CVE-2023-1513 c7fbe8558c7b kvm: initialize all of the kvm_debugregs structure before sending it to userspace
bugzilla: #I6S5DO:openEuler-1.0-LTS virtio_net回合2个LTS bugfix补丁 b34bd6e1468b net: virtio_net_hdr_to_skb: count transport header in UFO
793b08a9a5de net: be more gentle about silly gso requests coming from user
bugzilla: 188500, #I6RJ0V:【OLK5.10】[Syzkaller] WARNING in ext4_add_complete_io 41d10c74ff04 ext4: fix race between writepages and remount

2CVE


CVE issue
CVE-2023-1513 #I6OOP3:CVE-2023-1513
2023-03-31 20:25
zhangchangzhong

1TASK


4.19.90-2303.5.0~1...4.19.90-2303.6.0


TASK COMMIT
bugzilla: #I6AOWP:CVE-2023-0266 3035add57688 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
bugzilla: #I6NJNA:【OLK-5.10】使用kasan内核执行用例发现slab-out-of-bounds in lookup_rec+0xd8/0x17c 及 use-after-free in lookup_rec+0xd8/0x17c b8bc36011ce4 ftrace: Fix invalid address access in lookup_rec() when index is 0
bugzilla: #I6CE9I:【openEuler 1.0-LTS】回合主线trace特性相关的bugfix补丁 568913afecb8 ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
bugzilla: #I6NBPU:【openEuler 1.0-LTS】block: fix scan partition for exclusively open device again d490eece0b79 scsi: scsi_dh_alua: fix memleak for 'qdata' in alua_activate()
bugzilla: #I6Q364:CVE-2021-3923 8fc782dc80ba RDMA/core: Don't infoleak GRH fields
bugzilla: #I6L46J:[openEuler-1.0-LTS] Backport cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock c2d835561848 cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
4924308a1ca9 cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
c831178aad59 cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
bugzilla: #I6HGFP:【openEuler 1.0-LTS】回合主线补丁mm: memcontrol: fix cannot alloc the maximum memcg ID e73a67d49a8c mm: memcontrol: fix cannot alloc the maximum memcg ID

2CVE


CVE issue
CVE-2021-3923 #I6Q364:CVE-2021-3923
CVE-2023-0266 #I6AOWP:CVE-2023-0266
2023-03-29 10:16
zhangchangzhong

1TASK


4.19.90-2303.4.0~1...4.19.90-2303.5.0


TASK COMMIT
bugzilla: #I6OP9S:CVE-2023-1281 b890f5a3cc7e net/sched: tcindex: search key must be 16 bits
5b5fa0f3a642 net/sched: tcindex: update imperfect hash filters respecting rcu
e476efc3085f rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
bugzilla: #I5GZ2Z:CVE-2022-29901 9f8ce10e5afd x86/speculation: Add RSB VM Exit protections
e916d5392cd7 x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
a1394e52ad8e x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
f9e1d462638f x86/speculation: Disable RRSBA behavior
e62fdec4ae04 x86/bugs: Add Cannon lake to RETBleed affected CPU list
7bef7147376e x86/cpu/amd: Enumerate BTC_NO
f31d83507635 x86/common: Stamp out the stepping madness
f1d04d69267c x86/speculation: Fill RSB on vmexit for IBRS
0bfc2c3f9f4d KVM: VMX: Fix IBRS handling after vmexit
b53f15e360de KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
5daa62c9cf2e x86/speculation: Remove x86_spec_ctrl_mask
d23c8595e601 x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
c11e951eea8b x86/speculation: Fix SPEC_CTRL write on SMT state change
33ee9ebdb565 x86/speculation: Fix firmware entry SPEC_CTRL handling
f3a233591ef8 x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
3acbac72baea x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
b182a654cbe5 intel_idle: Disable IBRS during long idle
9c9bc221e8ce x86/bugs: Report Intel retbleed vulnerability
453bc9f90ab6 x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
f9d721b45167 x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
20c985e02798 x86/bugs: Optimize SPEC_CTRL MSR writes
d4373bace140 x86/entry: Add kernel IBRS implementation
dcafc887e8f2 x86/entry: Remove skip_r11rcx
027d410a0016 x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
fd760c16b338 x86/bugs: Add AMD retbleed= boot parameter
8141c3dedea3 x86/bugs: Report AMD retbleed vulnerability
589b54f5ca82 x86/cpufeatures: Move RETPOLINE flags to word 11
d8f471afab72 x86/cpu: Add a steppings field to struct x86_cpu_id
fe92f4a883cb x86/cpu: Add consistent CPU match macros
d94cc2165fdc x86/devicetable: Move x86 specific macro out of generic code
360426181b55 x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header
512b69f49cd5 x86/cpufeature: Add facility to check for min microcode revisions
147b7989e072 Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
ebcf747f6f04 Revert "x86/speculation: Add RSB VM Exit protections"
1a2d42b2a1b7 x86/nospec: Fix i386 RSB stuffing
bugzilla: 188471,#I6MR1V:【OLK5.10】文件系统长稳环境出现fsck修复后仍有错误 3060396eb530 ext4: make sure fs error flag setted before clear journal error
847c9db673c4 ext4: commit super block if fs record error when journal record without error
bugzilla: #I6PMWS:【openEuler-1.0-LTS】回合两个hugetlb相关的bugfix b0fdae57352d hugetlb: fix hugepages_setup when deal with pernode
a19acce44557 hugetlb: fix wrong use of nr_online_nodes
bugzilla: #I6Q4F0:【OLK-5.10】tty: fix out-of-bounds access in tty_driver_lookup_tty() 0b24a7a2a230 tty: fix out-of-bounds access in tty_driver_lookup_tty()
bugzilla: #I6O1UD:[openEuler-1.0-LTS] 回合主线补丁 6dfc76f160cb arm64: errata: Remove AES hwcap for COMPAT tasks
749b4db93c96 kernel: Initialize cpumask before parsing
f8b36a80c940 genirq: Disable interrupts for force threaded handlers
eb96b91c895d softirq: Don't try waking ksoftirqd before it has been spawned
bugzilla: #I6J2FQ:关掉所有phy后,对SAS/SATA盘开phy,其他未开phy的SATA盘会打印‘wait phyup timeout, issuing link reset’ 2ec9b38eedb9 scsi: hisi_sas: Clear interrupt status when exiting channel int0 for v3 hw
bugzilla: #I6J25G:SATA盘回DMA Setup帧长度异常时触发群体慢盘问题 ad00f9f78f35 scsi: hisi_sas: Handle NCQ error when IPTT is valid
bugzilla: #I6J1SI:跑IO时拔盘压测出现空指针异常 fab7024b0c77 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list
bugzilla: #I64END:CVE-2022-4269 dd56ba38315d act_mirred: use the backlog for nested calls to mirred ingress
07af41461362 net/sched: act_mirred: refactor the handle of xmit
a4c713b12dc9 net: sched: don't expose action qstats to skb_tc_reinsert()
66b5f39a8911 net: sched: protect against stack overflow in TC act_mirred
bd898bf14a7e net: sched: refactor reinsert action
bugzilla: #I6NIUR:CVE-2023-28466 4d71819aa9de net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
bugzilla: #I6NCVX:CVE-2023-1380 42c36c1d12db wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
bugzilla: 188522,#I6N7ZP:【OLK5.10】[syzkaller] kernel BUG in ext4_mb_load_buddy_gfp 72b4882b21aa ext4: fix another off-by-one fsmap error on 1k block filesystems

2CVE


CVE issue
CVE-2022-29901 #I5GZ2Z:CVE-2022-29901
CVE-2022-4269 #I6MZNK:CVE-2022-4269社区已有补丁
CVE-2022-4269 #I64END:CVE-2022-4269
CVE-2023-1281 #I6OP9S:CVE-2023-1281
CVE-2023-1380 #I6NCVX:CVE-2023-1380
CVE-2023-28466 #I6NIUR:CVE-2023-28466
2023-03-21 20:52
zhangchangzhong

1TASK


4.19.90-2303.3.0~1...4.19.90-2303.4.0


TASK COMMIT
bugzilla: #I6NCRH:CVE-2023-1382 338a985a0da9 tipc: add an extra conn_get in tipc_conn_alloc
30b75522bd3d tipc: set con sock in tipc_conn_alloc
bugzilla: #I6E9D3:[openEuler-1.0-LTS] oom: decouple mems_allowed from oom_unkillable_task 7999deb00792 mm/oom_kill.c: fix oom_cpuset_eligible() comment
b749780e0737 oom: decouple mems_allowed from oom_unkillable_task
cdec350a0aeb mm, oom: remove redundant task_in_mem_cgroup() check
712f5449b0f7 mm, oom: refactor dump_tasks for memcg OOMs
bugzilla: #I6GTUI:fs: move guard_bio_eod() after bio_set_op_attrs 37e2394c9430 block: Fix wrong offset in bio_truncate()
5c75e1b8adab fs: move guard_bio_eod() after bio_set_op_attrs
578a75ceb8a9 block: add bio_truncate to fix guard_bio_eod
bugzilla: #I6L0EC:[openEuler-1.0-LTS] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() b57634863a38 mm/mempolicy.c: fix out of bounds write in mpol_parse_str()
bugzilla: 188381, #I644ST:【openEuler-1.0-LTS】 [内核][cifs][smb] 网络不好时,cifs访问出现UAF be3bd00e246a cifs: Fix use-after-free in rdata->read_into_pages()
bugzilla: #I6NCQH:CVE-2023-28328 190213e7a4f9 media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

2CVE


CVE issue
CVE-2023-1382 #I6NCRH:CVE-2023-1382
CVE-2023-28328 #I6NCQH:CVE-2023-28328
2023-03-14 21:21
zhangchangzhong

1TASK


4.19.90-2303.1.0~1...4.19.90-2303.3.0


TASK COMMIT
bugzilla: 188150, #I643OL:【openEuler 2003 LTS】【openEuler-1.0-LTS】 [内核] [kernfs] [block] 测试iscsi中blk层宕机 c0c09f907b82 scsi: cancel the inflight async device probe when remove scsi_target
bugzilla: 188355, #I6E4JF:【openEuler-1.0-LTS】iscsi:不断删除scsi,以及iscsi logout时出现UAF宕机 74313e96e2ba scsi: fix use-after-free problem in scsi_remove_target
bugzilla: #I6I7U9:CVE-2023-1079 a418baf88350 HID: asus: use spinlock to safely schedule workers
28cadeaeeb9b HID: asus: use spinlock to protect concurrent accesses
11bda74e6195 HID: asus: Remove check for same LED brightness on set
bugzilla: #I6HOKY:【openEuler 1.0-LTS】kernfs读写与blk_mq_unregister_dev并发触发死锁 3b104ae105cf blk-wbt: don't enable throttling if default elevator is bfq
5974d33c8b97 block: Fix kabi broken by "block: split .sysfs_lock into two locks"
696831814f81 block: fix comment and add lockdep assert
3326f40a3e87 block: don't release queue's sysfs lock during switching elevator
5596d82c8583 block: fix race between switching elevator and removing queues
e5264f986cae block: split .sysfs_lock into two locks
bugzilla: #I6ETWH:[openEuler-1.0-LTS] crypto: rsa-pkcs1pad - restore signature length check 7dc6d3e91263 crypto: rsa-pkcs1pad - restore signature length check
bugzilla: #I6EVUJ:[openEuler-1.0-LTS] fs/proc: task_mmu.c: don't read mapcount for migration entry 52c0780d79d5 fs/proc: task_mmu.c: don't read mapcount for migration entry
bugzilla: #I6KOHU:[openEuler-1.0-LTS] linux-4.19.y 补丁分析回合(4.19.271..4.19.273) 031a45a606b4 migrate: hugetlb: check for hugetlb shared PMD in node migration
f5870e5919d3 mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
f1d875559c49 ipv6: Fix tcp socket connection with DSCP.
67e3c16be73a ipv6: Fix datagram socket connection with DSCP.
e1429d265e36 aio: fix mremap after fork null-deref
30d362dcbd2e bpf: Always return target ifindex in bpf_fib_lookup
5e65706cb2ee serial: 8250_dma: Fix DMA Rx rearm race
8812dbbec994 serial: 8250_dma: Fix DMA Rx completion race
af83cc7d80e7 x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
16478563e10f ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
802895f02273 netlink: annotate data races around sk_state
72f0879dc14d netlink: annotate data races around dst_portid and dst_group
cff1c1271e72 netlink: annotate data races around nlk->portid
85d4f5676846 netlink: remove hash::nelems check in netlink_insert
4f88522fe0e4 net: fix UaF in netns ops registration error path
3cc926ed33eb netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
bugzilla: 188431, #I6DKVG:CVE-2023-20938 f39ea04fab0b binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
4369d76d38f4 binder: Address corner cases in deferred copy and fixup
aeb72290f074 binder: fix pointer cast warning
10b7fd8d39c9 binder: defer copies of pre-patched txn data
fca2d3509780 binder: read pre-translated fds from sender buffer
cdd8f6bfd494 binder: avoid potential data leakage when copying txn
84b65739b82d binder: fix handling of error during copy
24a7578b626e binder: use cred instead of task for getsecid
bb295d94f6f4 binder: don't detect sender/target during buffer cleanup
c31c1b8518d4 binder: make sure fd closes complete
c1f73bbb7d46 binder: Remove bogus warning on failed same-process transaction
08f9c4234f65 binder: fix incorrect calculation for num_valid
819938038fb5 binder: Prevent repeated use of ->mmap() via NULL mapping
629bb8dcfe87 binder: Don't modify VMA bounds in ->mmap handler
f3547f7a9dc3 binder: Set end of SG buffer area properly.
2672b43c0fa8 binder: return errors from buffer copy functions
0ee6c2a3b69b binder: check for overflow when alloc for security context
e8311e88b526 binder: fix BUG_ON found by selinux-testsuite
33ec204f9424 binder: fix handling of misaligned binder object
d549e609b868 binder: use userspace pointer as base of buffer space
31ef55d24c2c binder: remove user_buffer_offset
42338d030eca binder: remove kernel vm_area for buffer space
71e99420f63e binder: avoid kernel vm_area for buffer fixups
5a7cf16a73cb binder: add function to copy binder object from buffer
f39c7856abb0 binder: add functions to copy to/from binder buffers
da280e85b89b binder: create userspace-to-binder-buffer copy function
a1da4e72bbf9 binder: fix use-after-free due to ksys_close() during fdget()
f219ab951f97 binder: fix kerneldoc header for struct binder_buffer
1f2026c67acb binder: create node flag to request sender's security context
589e7699ecf0 binder: Add BINDER_GET_NODE_INFO_FOR_REF ioctl.
1ff383528290 binder: use standard functions to allocate fds
bugzilla: #I53Q6M:【OLK-5.10】挂载文件系统的裸盘操作打印增强 e556e4408096 block: fix kabi change since add bd_write_openers and bd_part_write_openers
756985f38aed block: add info when opening an exclusive opened block device for write
af291b1906f1 block: add info when opening a write opend block device exclusively
681d2a461112 Revert "block: add info when opening an exclusive opened block device for write"
729f7e4df3a1 Revert "block: add info when opening a write opend block device exclusively"
bugzilla: #I6K53I:ext4: 构造特殊block bitmap损坏镜像导致WANRON fb114c547d4f ext4: fix WARNING in mb_find_extent
bugzilla: #I6I7U3:CVE-2023-1074 c281f437f9d3 sctp: fail if no bound addresses can be used for a given scope

2CVE


CVE issue
CVE-2023-1074 #I6I7U3:CVE-2023-1074
CVE-2023-1079 #I6I7U9:CVE-2023-1079
CVE-2023-20938 #I6DKVG:CVE-2023-20938
CVE-2023-1582 #I6PDF4:CVE-2023-1582
2023-03-07 22:14
zhangchangzhong

1TASK


4.19.90-2302.5.0~1...4.19.90-2303.1.0


TASK COMMIT
bugzilla: #I6IFV4:CVE-2023-1073 9098709adfee HID: check empty report_list in hid_validate_values()
bugzilla: 46904, #I6KOXL:[openEuler-1.0-LTS] dhugetlb: use mutex lock in update_reserve_pages() f9234c02aedd dhugetlb: use mutex lock in update_reserve_pages()
bugzilla: #I6HWOS:CVE-2023-26607 ead53ab74409 ntfs: fix out-of-bounds read in ntfs_attr_find()
a7fca6e8c749 ntfs: fix use-after-free in ntfs_ucsncmp()
bugzilla: #I6IW01:CVE-2023-1118 31f9ae4d3e25 media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
bugzilla: #I6IXQP:CVE-2023-23000 3c5972ff8fe3 phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
bugzilla: #I6IK9U:CVE-2023-1095 ee8628e10abb netfilter: nf_tables: fix null deref due to zeroed list head
bugzilla: #I6H3MB:CVE-2023-0461 e533d31278a5 tcp: Fix listen() regression in 5.15.88.
bugzilla: #I6I7UC:CVE-2023-1076 03d1f7f58d44 tap: tap_open(): correctly initialize socket uid
df0a3d2ffdff tun: tun_chr_open(): correctly initialize socket uid
2f23d45192de net: add sock_init_data_uid()
bugzilla: #I6I7UF:CVE-2023-1078 5c7ddc56383c rds: rds_rm_zerocopy_callback() use list_first_entry()

2CVE


CVE issue
CVE-2023-0461 #I6H3MB:CVE-2023-0461
CVE-2023-1073 #I6IFV4:CVE-2023-1073
CVE-2023-1076 #I6I7UC:CVE-2023-1076
CVE-2023-1078 #I6I7UF:CVE-2023-1078
CVE-2023-1095 #I6IK9U:CVE-2023-1095
CVE-2023-1118 #I6IW01:CVE-2023-1118
CVE-2023-23000 #I6IXQP:CVE-2023-23000
CVE-2023-26607 #I6HWOS:CVE-2023-26607
2023-02-28 22:33
Qiuuuuu

1TASK


4.19.90-2302.4.0~1...4.19.90-2302.5.0


TASK COMMIT
bugzilla: #I6BO2R:【openEuler 1.0-LTS】【OLK-5.10】新增中断重入告警维测 2e14980575f2 genirq: Remove irqd_irq_disabled in __irq_move_irq
bugzilla: 188443, #I6I8YD:回合补丁修复iscsi UAF问题 cc6fb9a67b31 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
3835c5e97f02 scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
6ef38034c01a !420:backport CVEs and bugfixes backport CVEs and bugfixes
18e32b667b26 !415:mainline bugfix backport mainline bugfix backport
bugzilla: #I6HZHU:CVE-2023-26545 387bf44c2b6f net: mpls: fix stale pointer if allocation fails during device rename
bugzilla: 188413, #I6GWYG:【OLK-5.10】 nbd_dev_add函数出现panic 659039b1e0be nbd: fix assignment error for first_minor in nbd_dev_add
bugzilla: #I6DRJ1:主线补丁回合:selinux: reorder hooks to make runtime disable less broken 2a72e51db13a selinux: further adjust init order for cred_* hooks
5e10c473f431 selinux: further adjust init order for file_alloc_security hook
18e32b667b26 !415:mainline bugfix backport mainline bugfix backport
bugzilla: #I6DRJ1:主线补丁回合:selinux: reorder hooks to make runtime disable less broken 87d41806ccde selinux: reorder hooks to make runtime disable less broken
bugzilla: #I6AAU7:主线补丁回合:evm: Check also if *tfm is an error pointer in init_desc() 2de20782d714 evm: Fix a small race in init_desc()
57911670b7b3 evm: Check also if *tfm is an error pointer in init_desc()
bugzilla: 34842, #I6H9U5:【openEuler-1.0-LTS】回合6个主线bugfix补丁 d00796bcdb13 iommu: Properly export iommu_group_get_for_dev()
bugzilla: 20547, #I6H9U5:【openEuler-1.0-LTS】回合6个主线bugfix补丁 4d84d9c9d5c3 of: resolver: Add of_node_put() before return and break
bugzilla: 22762, #I6H9U5:【openEuler-1.0-LTS】回合6个主线bugfix补丁 a08d7b29bcc5 of: unittest: Add of_node_put() before return
bugzilla: 30226, #I6H9U5:【openEuler-1.0-LTS】回合6个主线bugfix补丁 7675ff81e96a drivers/iommu: Allow IOMMU bus ops to be unregistered
bugzilla: 30237, #I6H9U5:【openEuler-1.0-LTS】回合6个主线bugfix补丁 00834beff78d drivers/iommu: Export core IOMMU API symbols to permit modular drivers
bugzilla: 29297, #I6H9U5:【openEuler-1.0-LTS】回合6个主线bugfix补丁 4eb17f9b6e08 component: do not dereference opaque pointer in debugfs
bugzilla: #I69WIO:【openEuler-1.0-LTS】4.19分支安全组1月份主线补丁回合 aa8b0c753dcd ipmi: use %*ph to print small buffer
bugzilla: #I6F049:【openEuler-1.0-LTS】crypto: algif_skcipher - Use chunksize instead of blocksize 565c35a828cc crypto: algif_skcipher - Use chunksize instead of blocksize
bugzilla: #I6FMKH:【openEuler-1.0-LTS】 crypto: algif_skcipher - EBUSY on aio should be an error a14fdf71ecec crypto: algif_skcipher - EBUSY on aio should be an error
bugzilla: #I6HB6T:crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() e49619d52c9c crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
bugzilla: 46904, #I6GSKP:【openEuler 1.0-LTS】动态大页特性完善内存故障处理逻辑 d755712ec805 dhugetlb: isolate hwpoison hugepage when release
bugzilla: #I6G76L:【OLK-5.10】sharepool中退组接口和sp_alloc接口存在并发问题,并发调用可能导致UAF 77978cd7dac4 mm/sharepool: Fix null-pointer-deference in sp_free_area

2CVE


CVE issue
CVE-2023-26545 #I6HZHU:CVE-2023-26545
最后提交信息为: !423genirq bugfix for arm64
2023-02-21 19:38
Qiuuuuu

1TASK


4.19.90-2302.3.0~1...4.19.90-2302.4.0


TASK COMMIT
bugzilla: #I5Z32F:【openEuler-1.0-LTS】bonding 支持MPLS特性 e830f7951c39 net: bonding: Inherit MPLS features from slave devices
bugzilla: 187818, #I6DK3O:【OLK-5.10】执行fs_fusiontest测试套test_fs_fusion174用例,触发KASAN: stack-out-of-bounds Read in unwind_next_frame be8cb43b5af0 x86/unwind: Fix check_paravirt() calls orc_find() before declaration
bugzilla: 46904, #I6FCQZ:【openEuler-1.0-LTS】开启动态大页之后使用cont-bit大页可能挂死 7d9032b0a196 dhugetlb: set hpool to NULL for cont-bit hugepage
bugzilla: #I6FK2R:【openEuler 1.0-LTS】【syzkaller】auto tuning hugepage 功能导致出现链表并发操作告警 062d53793327 arm64/ascend: Delete CONFIG_ASCEND_AUTO_TUNING_HUGEPAGE in hulk_defconfig
9fb6a430b0b6 arm64/ascend: Delete unused feature auto-tuning hugepage
bugzilla: #I6AXGS:mm/memcg_memfs_info: fix potential oom_lock recursion deadlock fbae61552ee6 mm/memcg_memfs_info: fix potential oom_lock recursion deadlock
bugzilla: #I6DKZJ:定时任务br_ip4_multicast_query_expired概率性出现rcu死锁问题 d582b6e04f57 net: bridge: mcast: add and enforce query interval minimum
c89e66bf5be4 net: bridge: mcast: add and enforce startup query interval minimum
bugzilla: #I6DZIB:【openEuler-1.0-LTS】block, bfq: switch 'bfqg->ref' to use atomic refcount apis 9f64d49e3b12 block, bfq: switch 'bfqg->ref' to use atomic refcount apis
278253ce9c0e x86/bugs: Flush IBP in ib_prctl_set()
561722c0d702 media: vivid: fix compose size exceed boundary
bugzilla: #I697AN:希望4.19.90和5.10.0内核bonding模块支持双发网卡的ARP 701a586ea523 anolis: bond: broadcast ARP or ND messages to all slaves

2CVE


NA

2023-02-14 19:16
Qiuuuuu

1TASK


4.19.90-2302.1.0~1...4.19.90-2302.3.0


TASK COMMIT
bugzilla: #I6DZIB:【openEuler-1.0-LTS】block, bfq: switch 'bfqg->ref' to use atomic refcount apis 9f64d49e3b12 block, bfq: switch 'bfqg->ref' to use atomic refcount apis
bugzilla: #I6CU98:CVE-2023-0045 278253ce9c0e x86/bugs: Flush IBP in ib_prctl_set()
bugzilla: #I6CIGU:CVE-2023-0615 561722c0d702 media: vivid: fix compose size exceed boundary
bugzilla: #I6DPF8:[openEuler-1.0-LTS] 4.19 lts 补丁回合(4.19.269..4.19.271) 381166036dcc cifs: do not include page data when checking signature
40124251c4b4 SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
8512d06632d6 net: stream: purge sk_error_queue in sk_stream_kill_queues()
d47b2f0c06b4 net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
34b18eb0287a ext4: fix deadlock due to mbcache entry corruption
5ae65557eaf8 mbcache: automatically delete entries from cache on freeing
4cd9f02e7d64 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
5fc2a8086e6e mm/khugepaged: fix GUP-fast interaction by sending IPI
ca1eb2d47a8f mm: gup: fix the fast GUP race against THP collapse
b3701e78a24b prlimit: do_prlimit needs to have a speculation check
89d288a07000 arm64: cmpxchg_double*: hazard against entire exchange variable
aeb315d840e5 net/ulp: prevent ULP without clone op from entering the LISTEN status
7798e957909c driver core: Fix bus_type.match() error handling in __driver_attach()
10fddc40e87c md: fix a crash in mempool_free
1bd6a4c1c438 bpf: pull before calling skb_postpull_rcsum()
3839e5832975 SUNRPC: ensure the matching upcall is in-flight upon downcall
ef39593e3409 ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
302deb4b70c5 pnode: terminate at peers of source
c35e430fb783 cifs: Fix uninitialized memory read for smb311 posix symlink create
29a747a1615a device_cgroup: Roll back to original exceptions after copy failure
5112aa6b6b9c PCI/sysfs: Fix double free in error path
b142a0a71168 PCI: Fix pci_device_is_present() for VFs by checking PF
2f5f822e3a67 ipmi: fix use after free in _ipmi_destroy_user()
c6ad76f1593c ima: Fix a potential NULL pointer access in ima_restore_measurement_list
6084ee2dfa48 ipmi: fix long wait in unload when IPMI disconnect
3c37b9ffb9c8 binfmt: Fix error return code in load_elf_fdpic_binary()
d493c90bb0eb chardev: fix error handling in cdev_device_add()
f4db575236be mrp: introduce active flags to prevent UAF when applicant uninit
d14c4e41f7dd bpf: make sure skb->len != 0 when redirecting to a tunneling device
ea64e5af1ecf ipmi: fix memleak when unload ipmi driver
e91098594d1c ACPICA: Fix error code path in acpi_ds_call_control_method()
8b13cf177744 skbuff: Account for tail adjustment during pull operations
6c4ef1eab910 serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
7bac3beadbea serial: amba-pl011: avoid SBSA UART accessing DMACR register
45fdebf6aa35 class: fix possible memory leak in __class_register()
bf0e65e2b1fe crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
41ee72beaccc blktrace: Fix output non-blktrace event when blk_classic option enabled
90d323ef4966 SUNRPC: Fix missing release socket in rpc_sockname()
a0d020cabbbb bonding: uninitialized variable in bond_miimon_inspect()
e6ef75f8bce3 pinctrl: pinconf-generic: add missing of_node_put()
ae4122ce7ca8 ima: Fix misuse of dereference of pointer in template_desc_init_fields()
27e4b5d9f3cb ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
3b4d0937c81c md/raid1: stop mdx_raid1 thread when raid1 array run failed
bd54f47b403b blk-mq: fix possible memleak when register 'hctx' failed
928b58de6538 perf: Fix possible memleak in pmu_dev_alloc()
815c58efcb59 cpuidle: dt: Return the correct numbers of parsed idle states
a8a7d816de9b pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
37d38fa423c9 pstore/ram: Fix error return code in ramoops_probe()
3d1f51395dd9 perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
bugzilla: #I6DZRO:【openEuler-1.0-LTS】sched/rt: Optimize checking group RT scheduler constraints 4cf97d6f5799 sched/rt: Optimize checking group RT scheduler constraints
bugzilla: 188227, #I6AG8P:【OLK-5.10】执行测试用例block_fusiontest/tests/scsi-mq/test_208,触发KASAN: use-after-free Read in md_wakeup_thread 390b7ab520a2 md: protect md_unregister_thread from reentrancy
bugzilla: #I6BE56:hugetlbfs上punch hole出现start==end的情况 9ebfa4f9d8d4 hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
bugzilla: #I6C67X:主线补丁回合,list_debug添加指针安全检测 3927ee8111f1 lib/list_debug.c: Detect uninitialized lists
bugzilla: 188240 52973ec4c5d3 crypto: tcrypt - avoid signed overflow in byte count
bugzilla: #I5RO2H:【OLK5.10 sharepool 修复大页Rsvd字段异常问题】 ba34d9d30784 mm: sharepool: fix hugepage_rsvd count increase error
bugzilla: #I6BO2R:【openEuler 1.0-LTS】【OLK-5.10】新增中断重入告警维测 eca55c5ae657 config: enbale irq pending config for openeuler
16073a1932c7 genirq: introduce CONFIG_GENERIC_PENDING_IRQ_FIX_KABI
6ea5519695b2 irqchip/gic-v3-its: introduce CONFIG_GENERIC_PENDING_IRQ
bugzilla: 188227, #I6AG8P:【OLK-5.10】执行测试用例block_fusiontest/tests/scsi-mq/test_208,触发KASAN: use-after-free Read in md_wakeup_thread 98cd4a577bb7 md: fix uaf in md_wakeup_thread
bugzilla: #I6BO2R:【openEuler 1.0-LTS】【OLK-5.10】新增中断重入告警维测 db0bbc90d1fc genirq: add printk safe in irq context
bugzilla: #I6C5HV:jbd2日志do_checkpoint和do_get_write_access并发在掉电场景导致文件系统损坏 e2c9c2573ecb jbd2: Fix data missing when reusing bh which is ready to be checkpointed
bugzilla: 187818, #I6DK3O:【OLK-5.10】执行fs_fusiontest测试套test_fs_fusion174用例,触发KASAN: stack-out-of-bounds Read in unwind_next_frame 98ce3754136a x86/unwind: Fix orc entry for paravirt {save,restore}_fl
bugzilla: #I6D6RL:CIFS共享目录挂载后执行mv失败 22792bc88cee cifs: sanitize multiple delimiters in prepath
bugzilla: #I5XXFF:CVE-2022-3707 1a1bee2fd2f0 drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

2CVE


CVE issue
CVE-2022-3707 #I5XXFF:CVE-2022-3707
CVE-2023-0045 #I6CU98:CVE-2023-0045
CVE-2023-0615 #I6CIF8:CVE-2023-0615
2023-02-07 21:00
Qiuuuuu

1TASK


4.19.90-2301.6.0~1...4.19.90-2302.1.0


TASK COMMIT
bugzilla: #I6CE9I:【openEuler 1.0-LTS】回合主线trace特性相关的bugfix补丁 ac59b83e5b01 ring-buffer: Fix race between reset page and reading page
bugzilla: #I6B4N7:dm linear设备reload自身触发panic 920e093b4b9a block: don't allow a disk link holder to itself
bugzilla: 187904,#I6BJAR:【OLK5.10 LTS 回合】ext4: fix use-after-free in ext4_orphan_cleanup 7f6d120a3b83 ext4: fix use-after-free in ext4_orphan_cleanup
eed57abe5e59 ext4: lost matching-pair of trace in ext4_truncate
bugzilla: 188291, #I6B1V2:CVE-2023-0394 34d18a87e565 ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
bugzilla: #I6AWEO:zram 压测产生softlock a0fd3ba4fdbd mm/swapfile: add cond_resched() in get_swap_pages()
bugzilla: #I6AR36:[OLK-5.10] KASAN: null-ptr-deref Write in delete_from_page_cache e9b25ed0117e hugetlbfs: don't delete error page from pagecache
e759fdf58083 mm: hwpoison: refactor refcount check handling
bugzilla: 46904, #I6BDME:【openEuler 1.0-LTS】回合动态大页特性 db1c58801858 dhugetlb: set DYNAMIC_HUGETLB to y for hulk_defconfig
20bd30cdeb29 dhugetlb: use enable_dhugetlb to disable huge_memory
20f0535e57da dhugetlb: skip dissolve hugepage belonging to dynamic hugetlb
f15774c66bcd dhugetlb: only support 1G/2M hugepage and ARM64_4K_PAGES
1cca8ee58207 dhugetlb: isolate dynamic hugetlb code
0bc0d0d57eda dhugetlb: backport dynamic hugetlb feature
bugzilla: #I69PY0:在可用物理内存不足时,可能造成fork失败,系统将不能执行任何命令 b8042a6b91ce mm: fix false-positive OVERCOMMIT_GUESS failures
bugzilla: #I6CGZN:【openEuler-1.0-LTS】cfq: fix memory leak for cfqq ecf818a5ca64 cfq: fix memory leak for cfqq

2CVE


CVE issue
CVE-2023-0394 #I6B1V2:CVE-2023-0394
2023-01-31 21:18
Qiuuuuu

1TASK


4.19.90-2301.5.0~1...4.19.90-2301.6.0


TASK COMMIT
bugzilla: #I6AXHU:4.19回合主线bugfix补丁 ea2f18c2a6f5 bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal
e007b6e3e16b of/fdt: Don't calculate initrd size from DT if start > end
d61c6b1d5738 lib/cmdline: avoid page fault in next_arg
bugzilla: #I6BO2R:【openEuler 1.0-LTS】【OLK-5.10】新增中断重入告警维测 bdc370d64dc4 genirq: Introduce warn log when irq be reentrant
bugzilla: #I6B0FA:CVE-2022-47929 9b7fffe98c70 net: sched: disallow noqueue for qdisc classes
bugzilla: 188250, #I6AQG9:CVE-2023-23455 2b3a2023f0fb net: sched: atm: dont intepret cls results when asked to drop
bugzilla: #I6BHNT:【openEuler-1.0-LTS】block: check 'bd_super' before rescanning partition 00f206947a6c block: check 'bd_super' before rescanning partition
bugzilla: #I6AQIL:CVE-2023-23454 6398c1f104c5 net: sched: cbq: dont intepret cls results when asked to drop
bugzilla: #I6AWEO:zram 压测产生softlock 92100397dfd0 swapfile: fix soft lockup in scan_swap_map_slots
bugzilla: #I67J42:iBMA驱动在内存压力过大情况下,可能出现自旋锁死锁,造成系统复位 22c4847a5ab9 Huawei BMA: Fix iBMA driver bug

2CVE


CVE issue
CVE-2022-47929 #I6B0FA:CVE-2022-47929
CVE-2023-23454 #I6AQIL:CVE-2023-23454
CVE-2023-23455 #I6AQG9:CVE-2023-23455
C
1
https://gitee.com/openeuler/kernel.git
git@gitee.com:openeuler/kernel.git
openeuler
kernel
kernel

搜索帮助