Format: 1.8 Date: Fri, 05 Apr 2024 20:47:16 +0200 Source: linux-lowlatency Built-For-Profiles: noudeb Architecture: source Version: 6.8.0-20.20.1 Distribution: noble Urgency: medium Maintainer: Ubuntu Kernel Team Changed-By: Andrea Righi Launchpad-Bugs-Fixed: 1786013 1951440 1971699 2028253 2032602 2038583 2043994 2045561 2048183 2048768 2049390 2051342 2052005 2052439 2052918 2052945 2053015 2053094 2054094 2054809 2055421 2055551 2055871 2056126 2056354 2056616 2056738 2056745 2057456 2057910 2058221 2058224 2060318 Changes: linux-lowlatency (6.8.0-20.20.1) noble; urgency=medium . * noble/linux-lowlatency: 6.8.0-20.20.1 -proposed tracker (LP: #2060318) . * Packaging resync (LP: #1786013) - [Packaging] drop getabis data . * Miscellaneous Ubuntu changes - [Packaging] lowlatency: sync reconstruct with master - [Config] lowlatency: update annotations after rebase . [ Ubuntu: 6.8.0-20.20 ] . * noble/linux: 6.8.0-20.20 -proposed tracker (LP: #2058221) * Noble update: v6.8.1 upstream stable release (LP: #2058224) - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set - Documentation/hw-vuln: Add documentation for RFDS - x86/rfds: Mitigate Register File Data Sampling (RFDS) - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests - Linux 6.8.1 * Autopkgtest failures on amd64 (LP: #2048768) - [Packaging] update to clang-18 * Miscellaneous Ubuntu changes - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with CONFIG_SECURITY=n - [Config] amd64: MITIGATION_RFDS=y . [ Ubuntu: 6.8.0-19.19 ] . * noble/linux: 6.8.0-19.19 -proposed tracker (LP: #2057910) * Miscellaneous Ubuntu changes - [Packaging] re-introduce linux-doc as an empty package . [ Ubuntu: 6.8.0-18.18 ] . * noble/linux: 6.8.0-18.18 -proposed tracker (LP: #2057456) * Miscellaneous Ubuntu changes - [Packaging] drop dependency on libclang-17 . [ Ubuntu: 6.8.0-17.17 ] . * noble/linux: 6.8.0-17.17 -proposed tracker (LP: #2056745) * Miscellaneous upstream changes - Revert "UBUNTU: [Packaging] Add debian/control sanity check" . [ Ubuntu: 6.8.0-16.16 ] . * noble/linux: 6.8.0-16.16 -proposed tracker (LP: #2056738) * left-over ceph debugging printks (LP: #2056616) - Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put before unmounting" * qat: Improve error recovery flows (LP: #2056354) - crypto: qat - add heartbeat error simulator - crypto: qat - disable arbitration before reset - crypto: qat - update PFVF protocol for recovery - crypto: qat - re-enable sriov after pf reset - crypto: qat - add fatal error notification - crypto: qat - add auto reset on error - crypto: qat - limit heartbeat notifications - crypto: qat - improve aer error reset handling - crypto: qat - change SLAs cleanup flow at shutdown - crypto: qat - resolve race condition during AER recovery - Documentation: qat: fix auto_reset section * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve notification - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt reply that denies all access - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc can check if restriction are in place - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/87]: fixup notify - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined profiles can mediate user namespaces * Enable lowlatency settings in the generic kernel (LP: #2051342) - [Config] enable low-latency settings * hwmon: (coretemp) Fix core count limitation (LP: #2056126) - hwmon: (coretemp) Introduce enum for attr index - hwmon: (coretemp) Remove unnecessary dependency of array index - hwmon: (coretemp) Replace sensor_device_attribute with device_attribute - hwmon: (coretemp) Remove redundant pdata->cpu_map[] - hwmon: (coretemp) Abstract core_temp helpers - hwmon: (coretemp) Split package temp_data and core temp_data - hwmon: (coretemp) Remove redundant temp_data->is_pkg_data - hwmon: (coretemp) Use dynamic allocated memory for core temp_data * Miscellaneous Ubuntu changes - [Config] Disable CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION - [Packaging] remove debian/scripts/misc/arch-has-odm-enabled.sh - rebase on v6.8 - [Config] toolchain version update * Miscellaneous upstream changes - crypto: qat - add fatal error notify method * Rebase on v6.8 . [ Ubuntu: 6.8.0-15.15 ] . * noble/linux: 6.8.0-15.15 -proposed tracker (LP: #2055871) * Miscellaneous Ubuntu changes - rebase on v6.8-rc7 * Miscellaneous upstream changes - Revert "UBUNTU: [Packaging] Transition laptop-23.10 to generic" * Rebase on v6.8-rc7 . [ Ubuntu: 6.8.0-14.14 ] . * noble/linux: 6.8.0-14.14 -proposed tracker (LP: #2055551) * Please change CONFIG_CONSOLE_LOGLEVEL_QUIET to 3 (LP: #2049390) - [Config] reduce verbosity when booting in quiet mode * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux- modules-extra to linux-modules (LP: #2054809) - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules- extra * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from linux-modules-extra to linux-modules (LP: #2045561) - [Packaging] Move dmi-sysfs.ko into linux-modules * Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440) - [Config] enable Intel DMA remapping by default * disable Intel DMA remapping by default (LP: #1971699) - [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON * Packaging resync (LP: #1786013) - debian.master/dkms-versions -- update from kernel-versions (main/d2024.02.29) * Miscellaneous Ubuntu changes - SAUCE: modpost: Replace 0-length array with flex-array member - [packaging] do not include debian/ directory in a binary package - [packaging] remove debian/stamps/keep-dir . [ Ubuntu: 6.8.0-13.13 ] . * noble/linux: 6.8.0-13.13 -proposed tracker (LP: #2055421) * Packaging resync (LP: #1786013) - debian.master/dkms-versions -- update from kernel-versions (main/d2024.02.29) * Miscellaneous Ubuntu changes - rebase on v6.8-rc6 - [Config] updateconfifs following v6.8-rc6 rebase * Rebase on v6.8-rc6 . [ Ubuntu: 6.8.0-12.12 ] . * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094) - [Packaging] rules: Put usbip manpages in the correct directory * Validate connection interval to pass Bluetooth Test Suite (LP: #2052005) - Bluetooth: Enforce validation on max value of connection interval * Turning COMPAT_32BIT_TIME off on s390x (LP: #2038583) - [Config] Turn off 31-bit COMPAT on s390x * Don't produce linux-source binary package (LP: #2043994) - [Packaging] Add debian/control sanity check * Don't produce linux-*-source- package (LP: #2052439) - [Packaging] Move linux-source package stub to debian/control.d - [Packaging] Build linux-source package only for the main kernel * Don't produce linux-*-cloud-tools-common, linux-*-tools-common and linux-*-tools-host binary packages (LP: #2048183) - [Packaging] Move indep tools package stubs to debian/control.d - [Packaging] Build indep tools packages only for the main kernel * Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440) - [Config] enable Intel DMA remapping by default * disable Intel DMA remapping by default (LP: #1971699) - [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON * Miscellaneous Ubuntu changes - [Packaging] Transition laptop-23.10 to generic . [ Ubuntu: 6.8.0-11.11 ] . * noble/linux: 6.8.0-11.11 -proposed tracker (LP: #2053094) * Miscellaneous Ubuntu changes - [Packaging] riscv64: disable building unnecessary binary debs . [ Ubuntu: 6.8.0-10.10 ] . * noble/linux: 6.8.0-10.10 -proposed tracker (LP: #2053015) * Miscellaneous Ubuntu changes - [Packaging] add Rust build-deps for riscv64 * Miscellaneous upstream changes - Revert "Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on riscv64"" . [ Ubuntu: 6.8.0-9.9 ] . * noble/linux: 6.8.0-9.9 -proposed tracker (LP: #2052945) * Miscellaneous upstream changes - Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on riscv64" . [ Ubuntu: 6.8.0-8.8 ] . * noble/linux: 6.8.0-8.8 -proposed tracker (LP: #2052918) * Miscellaneous Ubuntu changes - [Packaging] riscv64: enable linux-libc-dev build - v6.8-rc4 rebase * Rebase on v6.8-rc4 Checksums-Sha1: b56470ac82f875d5a7a83e73dcdf74739cc6175e 6547 linux-lowlatency_6.8.0-20.20.1.dsc 2654708a6e4fa7a56109392290d152d4923c4bdc 1572467 linux-lowlatency_6.8.0-20.20.1.diff.gz e735a3ae8583291c790c239be2da5463325d22b7 10533 linux-lowlatency_6.8.0-20.20.1_source.buildinfo Checksums-Sha256: 17fff3ecaadab29dd6bb063885481517c4113495d3ef808a59b8b89dde4fe388 6547 linux-lowlatency_6.8.0-20.20.1.dsc 16ed8a434267d6547209b83a08d8734dd65771b0076ae1f4295b891cebd41728 1572467 linux-lowlatency_6.8.0-20.20.1.diff.gz 049d64399fe4b555553fa44a2b6107bf6bc79f309ccaf7e7e02fda9c67b888bd 10533 linux-lowlatency_6.8.0-20.20.1_source.buildinfo Files: 723df6b7fc3103e163e4542945b151b0 6547 devel optional linux-lowlatency_6.8.0-20.20.1.dsc d4305310454855a32b26179d5a4717b5 1572467 devel optional linux-lowlatency_6.8.0-20.20.1.diff.gz 992f588a5e9ad9e9905362c4a1bf75e3 10533 devel optional linux-lowlatency_6.8.0-20.20.1_source.buildinfo Ubuntu-Compatible-Signing: ubuntu/4 pro/3