Unbreakable Enterprise kernel-container security update

[5.4.17-2036.102.0.2.el7]

• xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
• xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
• xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
• xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
• xen/xenbus: Add ‘will_handle’ callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
• xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
• target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}
  [5.4.17-2036.102.0.el7]
• futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}
• perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}
• intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858]
• dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418]
• vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069]
• vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069]
• vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069]
• vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069]
• vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069]
• vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069]
• vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069]
• scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069]
• scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069]
• scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279]
• scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Get sas_device objects using device’s rphy (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Update hba_port’s sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279]
• scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279]
• icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}
• perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885]
• perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885]
• perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]
  [5.4.17-2036.101.2.el7]
• vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}
• page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966]
• Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
• fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
• ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053]
• net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896]
• hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973]
• hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973]
• RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752]
• lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752]
• arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521]
• Revert ‘arm64/dts: Serial console fix for RPi4’ (Vijay Kumar) [Orabug: 31970521]
• uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237]
• NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992]
• NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992]
• xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: add a new ‘late EOI’ evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
• xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]
  [5.4.17-2036.101.1.el7]
• uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425]
• platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425]
• platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425]
• platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425]
• IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895]
• IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895]
• IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895]
• IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895]
• IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895]
• IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895]
• IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895]
• perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin()) [Orabug: 32131172] {CVE-2020-25704}
• vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}
• vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}
• tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}
• NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]
  [5.4.17-2036.101.0.el7]
• hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142]
• hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142]
• x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850]
• x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850]
• x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850]
• mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850]
• x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850]
• x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850]
• perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
• x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
• x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850]
• kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996]
• cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750]
• cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750]
• rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472]
• net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959]
• uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923]
• rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247]
• rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245]
• rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• Revert ‘RDS: Drop the connection as part of cancel to avoid hangs’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• Revert ‘rds: fix warning in rds_send_drop_to()’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• Revert ‘rds: Use correct conn when dropping connections due to cancel’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• Revert ‘rds: prevent use-after-free of rds conn in rds_send_drop_to()’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• Revert ‘rds: Use bitmap to designate dropped connections’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• Revert ‘UEK6 compiler warning for /net/rds/send.c’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
• x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971]
• x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971]
• x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971]
• x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971]
• x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971]
• ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684]
• IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517]
• net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845]
• Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}
• ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040]
• ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040]
• ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040]
• ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040]
• ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040]
• scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148]
• net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840]
• A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766]
• powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}