[ubuntu/noble-proposed] linux-nvidia 6.8.0-1006.6 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue May 14 17:41:22 UTC 2024
linux-nvidia (6.8.0-1006.6) noble; urgency=medium
* noble/linux-nvidia: 6.8.0-1006.6 -proposed tracker (LP: #2060232)
* Packaging resync (LP: #1786013)
- [Packaging] drop getabis data
- [Packaging] Replace fs/cifs with fs/smb in inclusion list
- [Packaging] debian.nvidia/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
* Enable GDS in the 6.8 based linux-nvidia kernel (LP: #2059814)
- NVIDIA: SAUCE: Patch NFS driver to support GDS with 6.8 Kernel
- NVIDIA: SAUCE: NVMe/MVMEeOF: Patch NVMe/NVMeOF driver to support GDS on
Linux 6.8 Kernel
- NVIDIA: [Config] Add nvidia-fs build dependencies
* Reapply the linux-nvidia kernel config options from the 5.15 and 6.5 kernels
(LP: #2060327)
- NVIDIA: [Config]: Grouping AAEON config options together, under a comment
- NVIDIA: [Config]: Disable the NOUVEAU driver which is not used with -nvidia
kernels
- NVIDIA: [Config]: Adding CORESIGHT and ARM64_ERRATUM configs to annotations
[ Ubuntu: 6.8.0-31.31 ]
* noble/linux: 6.8.0-31.31 -proposed tracker (LP: #2062933)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
[ Ubuntu: 6.8.0-30.30 ]
* noble/linux: 6.8.0-30.30 -proposed tracker (LP: #2061893)
* System unstable, kernel ring buffer flooded with "BUG: Bad page state in
process swapper/0" (LP: #2056706)
- xen-netfront: Add missing skb_mark_for_recycle
[ Ubuntu: 6.8.0-29.29 ]
* noble/linux: 6.8.0-29.29 -proposed tracker (LP: #2061888)
* [24.04 FEAT] [SEC2353] zcrypt: extend error recovery to deal with device
scans (LP: #2050019)
- s390/zcrypt: harmonize debug feature calls and defines
- s390/zcrypt: introduce dynamic debugging for AP and zcrypt code
- s390/pkey: harmonize pkey s390 debug feature calls
- s390/pkey: introduce dynamic debugging for pkey
- s390/ap: add debug possibility for AP messages
- s390/zcrypt: add debug possibility for CCA and EP11 messages
- s390/ap: rearm APQNs bindings complete completion
- s390/ap: clarify AP scan bus related functions and variables
- s390/ap: rework ap_scan_bus() to return true on config change
- s390/ap: introduce mutex to lock the AP bus scan
- s390/zcrypt: introduce retries on in-kernel send CPRB functions
- s390/zcrypt: improve zcrypt retry behavior
- s390/pkey: improve pkey retry behavior
* [24.04 FEAT] Memory hotplug vmem pages (s390x) (LP: #2051835)
- mm/memory_hotplug: introduce MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
- s390/mm: allocate vmemmap pages from self-contained memory range
- s390/sclp: remove unhandled memory notifier type
- s390/mm: implement MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
- s390: enable MHP_MEMMAP_ON_MEMORY
- [Config] enable CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE and
CONFIG_MHP_MEMMAP_ON_MEMORY for s390x
[ Ubuntu: 6.8.0-28.28 ]
* noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867)
* linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor
profiles/features (LP: #2061851)
- SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom
[ Ubuntu: 6.8.0-25.25 ]
* noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
* Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909)
- x86/cpufeatures: Add new word for scattered features
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- x86/syscall: Don't force use of indirect calls for system calls
- x86/bhi: Add support for clearing branch history at syscall entry
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S
- x86/bhi: Enumerate Branch History Injection (BHI) bug
- x86/bhi: Add BHI mitigation knob
- x86/bhi: Mitigate KVM by default
- KVM: x86: Add BHI_NO
- x86: set SPECTRE_BHI_ON as default
- [Config] enable spectre_bhi=auto by default
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/90]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/90]: fixup notify
- SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
- SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
- SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
- SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined
profiles can mediate user namespaces
* [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793)
- SAUCE: cacheinfo: Check for null last-level cache info
- SAUCE: cacheinfo: Allocate memory for memory if not done from the primary
CPU
- SAUCE: x86/cacheinfo: Delete global num_cache_leaves
- SAUCE: x86/cacheinfo: Clean out init_cache_level()
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
CONFIG_SECURITY=n
- [Config] toolchain version update
[ Ubuntu: 6.8.0-22.22 ]
* noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238)
[ Ubuntu: 6.8.0-21.21 ]
* noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225)
* Miscellaneous Ubuntu changes
- [Config] update toolchain version in annotations
Date: 2024-04-22 20:02:27.266645+00:00
Changed-By: Ian May <ianm at nvidia.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1006.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list