This bug was fixed in the package linux-lowlatency - 6.8.0-7.7.1
---------------
linux-lowlatency (6.8.0-7.7.1) noble; urgency=medium
* noble/linux-lowlatency: 6.8.0-7.7.1 -proposed tracker (LP: #2052773)
* Packaging resync (LP: #1786013)
- debian.lowlatency/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
* Miscellaneous Ubuntu changes
- [packaging] update rust, clang and bindgen build-deps
- [Config] updateconfigs following 6.8.0-7.7 rebase
[ Ubuntu: 6.8.0-7.7 ]
* noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label
collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct
LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject
lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark
usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts
blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE:
apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of
unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep
or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when
updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined()
to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking
is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering
of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a
global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
[ Ubuntu: 6.8.0-6.6 ]
* noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
- [Packaging] update variants
* FIPS kernels should default to fips mode (LP: #2049082)
- SAUCE: Enable fips mode by default, in FIPS kernels only
* Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468)
- [Packaging] Remove old snapcraft.yaml
* Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
* Miscellaneous Ubuntu changes
- [Packaging] Remove in-tree abi checks
- [Packaging] drop abi files with clean
- [Packaging] Remove do_full_source variable (fixup)
- [Packaging] Remove update-dkms-versions and move dkms-versions
- [Config] updateconfigs following v6.8-rc3 rebase
- [packaging] rename to linux
- [packaging] rebase on v6.8-rc3
- [packaging] disable signing for ppc64el
* Rebase on v6.8-rc3
[ Ubuntu: 6.8.0-5.5 ]
* noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136)
* Miscellaneous upstream changes
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
[ Ubuntu: 6.8.0-4.4 ]
* noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502)
* Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer
(LP: #1965303)
- [Config] enable simpledrm and DRM fbdev emulation layer
* Miscellaneous Ubuntu changes
- [Config] toolchain update
* Miscellaneous upstream changes
- rust: upgrade to Rust 1.75.0
[ Ubuntu: 6.8.0-3.3 ]
* noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE:
apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of
unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep
or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when
updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering
of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a
global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label
collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct
LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject
lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in
socket_getpeersec hooks
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark
usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts
blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined()
to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking
is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] updateconfigs following v6.8-rc2 rebase
[ Ubuntu: 6.8.0-2.2 ]
* noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110)
* Miscellaneous Ubuntu changes
- [Config] toolchain update
- [Config] enable Rust
[ Ubuntu: 6.8.0-1.1 ]
* noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102)
* Miscellaneous Ubuntu changes
- [packaging] move to v6.8-rc1
- [Config] updateconfigs following v6.8-rc1 rebase
- SAUCE: export file_close_fd() instead of close_fd_get_file()
- SAUCE: cpufreq: s/strlcpy/strscpy/
- debian/dkms-versions -- temporarily disable zfs dkms
- debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms
- debian/dkms-versions -- temporarily disable v4l2loopback
[ Ubuntu: 6.8.0-0.0 ]
* Empty entry.
[ Ubuntu: 6.7.0-7.7 ]
* noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
* Miscellaneous Ubuntu changes
- [Packaging] re-enable signing for s390x and ppc64el
[ Ubuntu: 6.7.0-6.6 ]
* Empty entry.
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
* Enforce RETPOLINE and SLS mitigrations (LP: #2046440)
- SAUCE: objtool: Make objtool check actually fatal upon fatal errors
- SAUCE: objtool: make objtool SLS validation fatal when building with
CONFIG_SLS=y
- SAUCE: objtool: make objtool RETPOLINE validation fatal when building with
CONFIG_RETPOLINE=y
- SAUCE: scripts: remove generating .o-ur objects
- [Packaging] Remove all custom retpoline-extract code
- Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables"
- Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late
initialisation code"
- Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within
firmware_restrict_branch_speculation_{start,end}"
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable riscv64 builds
- [Packaging] temporarily disable Rust dependencies on riscv64
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
anymore (LP: #2048919)
- [Config] Enable S390_UV_UAPI (built-in)
* Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
- SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on
Meteor
Lake
- SAUCE: platform/x86: int3472: Add handshake GPIO function
* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
(LP: #2033406)
- [Packaging] Make WWAN driver loadable modules
* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata
* [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
PCIE peripherals (LP: #2036587)
- [Config] Enable CONFIG_MTK_IOMMU on arm64
* linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
* kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
- [Packaging] Revert arm64 image format to Image.gz
* Mantic minimized/minimal cloud images do not receive IP address during
provisioning; systemd regression with wait-online (LP: #2036968)
- [Config] Enable virtio-net as built-in to avoid race
* Make backlight module auto detect dell_uart_backlight (LP: #2008882)
- SAUCE: ACPI: video: Dell AIO UART backlight detection
* Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364)
- [Config] Default to performance CPUFreq governor on riscv64
* Enable Nezha board (LP: #1975592)
- [Config] Build in D1 clock drivers on riscv64
- [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64
- [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64
- [Config] Disable SUN50I_DE2_BUS on riscv64
- [Config] Disable unneeded sunxi pinctrl drivers on riscv64
* Enable StarFive VisionFive 2 board (LP: #2013232)
- [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64
- [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64
* rcu_sched detected stalls on CPUs/tasks (LP: #1967130)
- [Config] Enable virtually mapped stacks on riscv64
* Check for changes relevant for security certifications (LP: #1945989)
- [Packaging] Add a new fips-checks script
* Installation support for SMARC RZ/G2L platform (LP: #2030525)
- [Config] build Renesas RZ/G2L USBPHY control driver statically
* Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226)
- [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64
* Default module signing algo should be accelerated (LP: #2034061)
- [Config] Default module signing algo should be accelerated
* Miscellaneous Ubuntu changes
- [Config] annotations clean-up
[ Upstream Kernel Changes ]
* Rebase to v6.7
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.7.0-5.5 ]
* noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust support
- [Packaging] temporarily disable riscv64 builds
[ Ubuntu: 6.7.0-4.4 ]
* noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807)
* unconfined profile denies userns_create for chromium based processes
(LP: #1990064)
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of
unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [05/69]: af_unix mediation
- SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of
lsm
names for attrs
- SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions
with
stacked LSMs
- SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx
in
netlink netfilter
- SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data
in
a lsmblob
- SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier
for
confirmation
- SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data
in
audit_names
- SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records
in
an audit_buffer
- SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep
or
reuse and delete
- SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching
- SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when
updating
- SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering
of
notifications
- SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a
global
variable for a feature value
- SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined
profiles can mediate user namespaces
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen
on (LP: #2042385)
- SAUCE: r8169: Add quirks to enable ASPM on Dell platforms
* [Debian] autoreconstruct - Do not generate chmod -x for deleted files
(LP: #2045562)
- [Debian] autoreconstruct - Do not generate chmod -x for deleted files
* Disable Legacy TIOCSTI (LP: #2046192)
- [Config]: disable CONFIG_LEGACY_TIOCSTI
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] remove helper scripts
- [Packaging] update annotations scripts
* Miscellaneous Ubuntu changes
- [Packaging] rules: Remove unused dkms make variables
- [Config] update annotations after rebase to v6.7-rc8
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc8
[ Ubuntu: 6.7.0-3.3 ]
* noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060)
* enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040)
- [Config] enable CONFIG_INTEL_TDX_HOST
* linux tools packages for derived kernels refuse to install simultaneously
due to libcpupower name collision (LP: #2035971)
- [Packaging] Statically link libcpupower into cpupower tool
* make lazy RCU a boot time option (LP: #2045492)
- SAUCE: rcu: Provide a boot time parameter to control lazy RCU
* Build failure if run in a console (LP: #2044512)
- [Packaging] Fix kernel module compression failures
* Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582)
- [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k
* Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584)
- [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64
* Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587)
- [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le
* [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
(LP: #2042853)
- [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y
* back-out zstd module compression automatic for backports (LP: #2045593)
- [Packaging] make ZSTD module compression conditional
* Miscellaneous Ubuntu changes
- [Packaging] Remove do_full_source variable
- [Packaging] Remove obsolete config handling
- [Packaging] Remove support for sub-flavors
- [Packaging] Remove old linux-libc-dev version hack
- [Packaging] Remove obsolete scripts
- [Packaging] Remove README.inclusion-list
- [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch
- [Packaging] Enable rootless builds
- [Packaging] Allow to run debian/rules without (fake)root
- [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH
- [Packaging] override KERNELRELEASE instead of KERNELVERSION
- [Config] update toolchain versions in annotations
- [Packaging] drop useless linux-doc
- [Packaging] scripts: Rewrite insert-ubuntu-changes in Python
- [Packaging] enable riscv64 builds
- [Packaging] remove the last sub-flavours bit
- [Packaging] check debian.env to determine do_libc_dev_package
- [Packaging] remove debian.*/variants
- [Packaging] remove do_libc_dev_package variable
- [Packaging] move linux-libc-dev.stub to debian/control.d/
- [Packaging] Update check to build linux-libc-dev to the source package
name
- [Packaging] rules: Remove startnewrelease target
- [Packaging] Remove debian/commit-templates
- [Config] update annotations after rebase to v6.7-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc4
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust
- [Config] enable Rust in annotations
- [Packaging] Remove do_enforce_all variable
- [Config] disable Softlogic 6x10 capture card driver on armhf
- [Packaging] disable Rust support
- [Config] update annotations after rebase to v6.7-rc3
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc3
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] update helper scripts
* Miscellaneous Ubuntu changes
- [Config] update annotations after rebase to v6.7-rc2
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc2
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
-- Paolo Pisati <[email protected]> Fri, 09 Feb 2024 15:23:33
+0100
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2045492
Title:
make lazy RCU a boot time option
Status in linux package in Ubuntu:
Fix Released
Status in linux-lowlatency package in Ubuntu:
Fix Released
Status in linux source package in Noble:
Fix Released
Status in linux-lowlatency source package in Noble:
Fix Released
Bug description:
[Impact]
With LP: #2023007 we have decided to enable CONFIG_RCU_LAZY in the
lowlatency kernel to improve power consumption, but this option can
potentially introduce performance regressions in some cases, due to
the fact that RCU callbacks are now batched and flushed all at once
after a timed delay.
It would be definitely safer to have a way to enable/disable lazy RCUs
at boot time. In this way we could provide a simple kernel command
line option that can be used in all those cases where the lowlatency
kernel is required, but we don't want to risk performance regressions.
[Test case]
In this context providing a single test case is not relevant. After
applying the fix any performance benchmark can be used to evaluate if
lazy RCU feature should be enabled at boot time or not (according to
the specific context where the lowlatency kernel is going to be
used/deployed).
[Fix]
Apply this patch to the *generic* kernel:
https://lore.kernel.org/lkml/[email protected]/T/#u
We want to apply this to the generic kernel, not just lowlatency,
because in this way *all* derivatives will have the possibility to get
this feature, in case some of them want to enable lazy RCUs (even
generic itself).
Then make sure that lowlatency (or any other kernel with
CONFIG_RCU_LAZY=y) also has CONFIG_RCU_LAZY_DEFAULT_OFF not set (so
that the previous behavior is not changed).
[Regression potential]
We may receive reports of small performance regressions vs power
consumption regressions, depending on the rcutree.enable_rcu_lazy
command line option that is used. In such case we should suggest the
user to test both with lazy RCU disabled or enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2045492/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
