Unbreakable Enterprise kernel security update

[4.14.35-2047.540.4.1]

• Revert ‘selftests/kcmp: Make the test output consistent and clear’ (Samasth Norway Ananda) [Orabug: 37029311]
  [4.14.35-2047.540.4]
• kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson)
• ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)
• printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36208661]
  [4.14.35-2047.540.3]
• MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36952386] {CVE-2024-40968}
  [4.14.35-2047.540.2]
• fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922242]
• cifs: fix panic in smb2_reconnect (Ronnie Sahlberg) [Orabug: 36314494]
• cifs: convert cifs_put_smb_ses from static to global (Dai Ngo) [Orabug: 36314494]
• net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768890] {CVE-2024-36484}
  [4.14.35-2047.540.1]
• x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773812]
• LTS version v4.14.349 (Yifei Liu)
• x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov)
• x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov)
• x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov)
• nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
• ext4: fix mb_cache_entry’s e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774600] {CVE-2024-39276}
• sparc: move struct termio to asm/termios.h (Mike Gilbert)
• kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
• kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
• kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
• kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809289] {CVE-2024-39480}
• sparc64: Fix number of online CPUs (Sam Ravnborg)
• intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
• net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774613] {CVE-2024-39301}
• KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
• netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso)
• netfilter: nft_dynset: report EOPNOTSUPP on missing set feature (Pablo Neira Ayuso)
• netfilter: nf_tables: don’t skip expired elements during walk (Pablo Neira Ayuso)
• netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso)
• netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (Pablo Neira Ayuso)
• netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso)
• netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso)
• netfilter: nf_tables: fix set double-free in abort path (Pablo Neira Ayuso)
• netfilter: nf_tables: add nft_set_is_anonymous() helper (Pablo Neira Ayuso)
• fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) [Orabug: 36809265] {CVE-2024-39475}
• media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
• media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
• arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
• arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
• ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
• neighbour: fix unaligned access to pneigh_entry (Qingfang DENG)
• nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753565] {CVE-2024-38583}
• fs/nilfs2: convert timers to use timer_setup() (Kees Cook)
• mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
• binder: fix max_thread type inconsistency (Carlos Llamas)
• ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753730] {CVE-2024-38618}
• ALSA: timer: Simplify timer hw resolution calls (Takashi Iwai)
• ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763552] {CVE-2024-33621}
• ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) [Orabug: 36940543] {CVE-2023-52796}
• ipvlan: properly track tx_errors (Eric Dumazet)
• net: add DEV_STATS_READ() helper (Eric Dumazet)
• kconfig: fix comparison to constant symbols, ‘m’, ‘n’ (Masahiro Yamada)
• net:fec: Add fec_enet_deinit() (Xiaolei Wang)
• net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
• smsc95xx: use usbnet->driver_priv (Andre Edich)
• smsc95xx: remove redundant function arguments (Andre Edich)
• enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763837] {CVE-2024-38659}
• dma-buf/sw-sync: don’t enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763846] {CVE-2024-38780}
• net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
• nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
• spi: Don’t mark message DMA mapped when no transfer in it is (Andy Shevchenko)
• netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763571] {CVE-2024-36286}
• net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
• net: fec: remove redundant variable ‘inc’ (Colin Ian King)
• virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763588] {CVE-2024-37353}
• arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825259] {CVE-2024-39488}
• openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
• tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763592] {CVE-2024-37356}
• params: lift param_set_uint_minmax to common code (Sagi Grimberg)
• ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825263] {CVE-2024-39489}
• x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
• null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
• media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
• um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
• powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
• media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763603] {CVE-2024-38621}
• um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768584] {CVE-2024-39292}
• um: Fix return value in ubd_init() (Duoming Zhou)
• Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
• Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
• libsubcmd: Fix parse-options memory leak (Ian Rogers)
• f2fs: add error prints for debugging mount failure (Sahitya Tummala)
• extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
• ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678065] {CVE-2024-36015}
• stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763764] {CVE-2024-38627}
• usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
• greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
• serial: max3100: Fix bitwise types (Andy Shevchenko)
• serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763815] {CVE-2024-38633}
• serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763820] {CVE-2024-38634}
• firmware: dmi-id: add a release callback function (Arnd Bergmann)
• dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
• greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763833] {CVE-2024-38637}
• sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
• sched/topology: Don’t set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider)
• af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
• netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753582] {CVE-2024-38589}
• RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
• RDMA/ipoib: Fix use of sizeof() (Kamal Heib)
• selftests/kcmp: remove unused open mode (Edward Liaw)
• selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
• ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
• x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
• ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
• fbdev: sh7760fb: allow modular build (Randy Dunlap)
• media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
• media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
• powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
• drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753415] {CVE-2024-38549}
• fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
• mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
• ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753711] {CVE-2024-38612}
• ipv6: sr: fix incorrect unregister order (Hangbin Liu)
• ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
• net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753463] {CVE-2024-38558}
• net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
• af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753600] {CVE-2024-38596}
• m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
• m68k/mac: Use '030 reset method on SE/30 (Finn Thain)
• m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753715] {CVE-2024-38613}
• net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
• wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
• scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753468] {CVE-2024-38559}
• scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753473] {CVE-2024-38560}
• Revert ‘sh: Handle calling csum_partial with misaligned data’ (Guenter Roeck)
• sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
• wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753486] {CVE-2024-38565}
• wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753509] {CVE-2024-38567}
• macintosh/via-macii: Fix ‘BUG: sleeping function called from invalid context’ (Finn Thain)
• macintosh/via-macii, macintosh/adb-iop: Clean up whitespace (Finn Thain)
• m68k/mac: Add mutual exclusion for IOP interrupt polling (Finn Thain)
• macintosh/via-macii: Remove BUG_ON assertions (Finn Thain)
• wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
• scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
• scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
• ACPI: disable -Wstringop-truncation (Arnd Bergmann)
• irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
• scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
• scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
• scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
• wifi: ath10k: poll service ready message before failing (Baochen Qiang)
• nfsd: drop st_mutex before calling move_to_close_lru() (NeilBrown)
• null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
• jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753652] {CVE-2024-38599}
• crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
• parisc: add missing export of __cmpxchg_u8() (Al Viro)
• nilfs2: fix out-of-range warning (Arnd Bergmann)
• ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753537] {CVE-2024-38578}
• firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
• crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753542] {CVE-2024-38579}
• ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
• ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
• ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
• net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
• wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
• tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678069] {CVE-2024-36016}
• nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753558] {CVE-2024-38582}
• nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
• ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753662] {CVE-2024-38601}