[ubuntu/noble-proposed] linux-nvidia 6.8.0-1006.6 (Accepted)

Andy Whitcroft apw at canonical.com
Tue May 14 17:41:22 UTC 2024


linux-nvidia (6.8.0-1006.6) noble; urgency=medium

  * noble/linux-nvidia: 6.8.0-1006.6 -proposed tracker (LP: #2060232)

  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data
    - [Packaging] Replace fs/cifs with fs/smb in inclusion list
    - [Packaging] debian.nvidia/dkms-versions -- update from kernel-versions
      (main/d2024.04.04)

  * Enable GDS in the 6.8 based linux-nvidia kernel (LP: #2059814)
    - NVIDIA: SAUCE: Patch NFS driver to support GDS with 6.8 Kernel
    - NVIDIA: SAUCE: NVMe/MVMEeOF: Patch NVMe/NVMeOF driver to support GDS on
      Linux 6.8 Kernel
    - NVIDIA: [Config] Add nvidia-fs build dependencies

  * Reapply the linux-nvidia kernel config options from the 5.15 and 6.5 kernels
    (LP: #2060327)
    - NVIDIA: [Config]: Grouping AAEON config options together, under a comment
    - NVIDIA: [Config]: Disable the NOUVEAU driver which is not used with -nvidia
      kernels
    - NVIDIA: [Config]: Adding CORESIGHT and ARM64_ERRATUM configs to annotations

  [ Ubuntu: 6.8.0-31.31 ]

  * noble/linux: 6.8.0-31.31 -proposed tracker (LP: #2062933)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/d2024.04.04)

  [ Ubuntu: 6.8.0-30.30 ]

  * noble/linux: 6.8.0-30.30 -proposed tracker (LP: #2061893)
  * System unstable, kernel ring buffer flooded with "BUG: Bad page state in
    process swapper/0" (LP: #2056706)
    - xen-netfront: Add missing skb_mark_for_recycle

  [ Ubuntu: 6.8.0-29.29 ]

  * noble/linux: 6.8.0-29.29 -proposed tracker (LP: #2061888)
  * [24.04 FEAT] [SEC2353] zcrypt: extend error recovery to deal with device
    scans (LP: #2050019)
    - s390/zcrypt: harmonize debug feature calls and defines
    - s390/zcrypt: introduce dynamic debugging for AP and zcrypt code
    - s390/pkey: harmonize pkey s390 debug feature calls
    - s390/pkey: introduce dynamic debugging for pkey
    - s390/ap: add debug possibility for AP messages
    - s390/zcrypt: add debug possibility for CCA and EP11 messages
    - s390/ap: rearm APQNs bindings complete completion
    - s390/ap: clarify AP scan bus related functions and variables
    - s390/ap: rework ap_scan_bus() to return true on config change
    - s390/ap: introduce mutex to lock the AP bus scan
    - s390/zcrypt: introduce retries on in-kernel send CPRB functions
    - s390/zcrypt: improve zcrypt retry behavior
    - s390/pkey: improve pkey retry behavior
  * [24.04 FEAT] Memory hotplug vmem pages (s390x) (LP: #2051835)
    - mm/memory_hotplug: introduce MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
    - s390/mm: allocate vmemmap pages from self-contained memory range
    - s390/sclp: remove unhandled memory notifier type
    - s390/mm: implement MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
    - s390: enable MHP_MEMMAP_ON_MEMORY
    - [Config] enable CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE and
      CONFIG_MHP_MEMMAP_ON_MEMORY for s390x

  [ Ubuntu: 6.8.0-28.28 ]

  * noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867)
  * linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor
    profiles/features (LP: #2061851)
    - SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom

  [ Ubuntu: 6.8.0-25.25 ]

  * noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/d2024.04.04)
  * Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909)
    - x86/cpufeatures: Add new word for scattered features
    - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
    - x86/syscall: Don't force use of indirect calls for system calls
    - x86/bhi: Add support for clearing branch history at syscall entry
    - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
    - x86/bhi: Enumerate Branch History Injection (BHI) bug
    - x86/bhi: Add BHI mitigation knob
    - x86/bhi: Mitigate KVM by default
    - KVM: x86: Add BHI_NO
    - x86: set SPECTRE_BHI_ON as default
    - [Config] enable spectre_bhi=auto by default
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure
      management of the sock security
    - SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions
      with stacked LSMs
    - SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx
      hook
    - SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob
      in audit_context
    - SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM
      data
    - SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in
      audit_names
    - SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new
      security_cred_getlsmblob LSM hook
    - SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data
      from secid to lsmblob
    - SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for
      audit data
    - SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM:
      security_lsmblob_to_secctx module selection
    - SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple
      records in an audit_buffer
    - SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for
      multiple task security contexts
    - SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for
      multiple object contexts
    - SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused
      lsmcontext_init()
    - SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in
      security_getprocattr
    - SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check
      on release
    - SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage
    - SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM
      handles the context string
    - SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the
      exclusive flag
    - SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob
      size tracking
    - SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs
      instead of module specific data
    - SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure
      management of the key security blob
    - SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure
      management of the mnt_opts security blob
    - SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of
      ENOSYS in inode_setxattr
    - SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob
      scaffolding
    - SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of
      netlabel
    - SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict
      security_cred_getsecid() to a single LSM
    - SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove
      LSM_FLAG_EXCLUSIVE
    - SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
      [12/95]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation
    - SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [47/90]: af_unix mediation
    - SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible
    - SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation
    - SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve
      notification
    - SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size
    - SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt
      reply that denies all access
    - SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
    - SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to
      use lookup_perms()
    - SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check.
    - SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using
      RULE_MEDIATES
    - SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one
      entry have correct flags
    - SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that
      unconfined cannot use change_hat
    - SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to
      provide semantics of some checks
    - SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label
    - SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to
      label_mediates()
    - SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended
      permission.
    - SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define
      the kill signal
    - SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is
      not the first entry
    - SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned
      when a user ns is created
    - SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with
      policy state machine
    - SAUCE: apparmor4.0.0 [87/90]: fixup notify
    - SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
    - SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
    - SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
    - SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined
      profiles can mediate user namespaces
  * [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793)
    - SAUCE: cacheinfo: Check for null last-level cache info
    - SAUCE: cacheinfo: Allocate memory for memory if not done from the primary
      CPU
    - SAUCE: x86/cacheinfo: Delete global num_cache_leaves
    - SAUCE: x86/cacheinfo: Clean out init_cache_level()
  * Miscellaneous Ubuntu changes
    - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
      CONFIG_SECURITY=n
    - [Config] toolchain version update

  [ Ubuntu: 6.8.0-22.22 ]

  * noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238)

  [ Ubuntu: 6.8.0-21.21 ]

  * noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225)
  * Miscellaneous Ubuntu changes
    - [Config] update toolchain version in annotations

Date: 2024-04-22 20:02:27.266645+00:00
Changed-By: Ian May <ianm at nvidia.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1006.6
-------------- next part --------------
Sorry, changesfile not available.


More information about the noble-changes mailing list