Ubuntu
linux-bluefield package

~canonical-kernel/ubuntu/+source/linux-bluefield/+git/focal:master-prep

Git
lp:~canonical-kernel/ubuntu/+source/linux-bluefield/+git/focal
master-prep

Last commit made on 2022-03-08

Get this branch:: git clone -b master-prep https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-bluefield/+git/focal

Members of Canonical Kernel can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:: master-prep

Repository:: lp:~canonical-kernel/ubuntu/+source/linux-bluefield/+git/focal

Recent commits

c6e003a... by Raed Salem <email address hidden> on 2022-02-11

net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path

BugLink: https://bugs.launchpad.net/bugs/1960430

The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit, current code implementation did not handle the
case where IPsec is used in tunnel mode.

Fix by handling the case when IPsec is used in tunnel mode by
reading the protocol of the plain text packet IP protocol.

Fixes: fa4535238fb5 ("net/xfrm: Add inner_ipproto into sec_path")
Signed-off-by: Raed Salem <email address hidden>
Signed-off-by: Steffen Klassert <email address hidden>
(cherry picked from commit 45a98ef4922def8c679ca7c454403d1957fe70e7)
Signed-off-by: Bodong Wang <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Luke Nowakowski-Krijger <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

aaaf99b... by Huy Nguyen <email address hidden> on 2022-02-11

net/xfrm: Add inner_ipproto into sec_path

BugLink: https://bugs.launchpad.net/bugs/1960427

The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit.

For example, ConnectX6-DX IPsec device needs the plaintext's
IP protocol to support partial checksum offload on
VXLAN/GENEVE packet over IPsec transport mode tunnel.

Signed-off-by: Raed Salem <email address hidden>
Signed-off-by: Huy Nguyen <email address hidden>
Cc: Steffen Klassert <email address hidden>
Acked-by: Steffen Klassert <email address hidden>
Signed-off-by: Saeed Mahameed <email address hidden>
(cherry picked from commit fa4535238fb5f306f95de89371a993057b32b2a4)
Signed-off-by: Bodong Wang <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Luke Nowakowski-Krijger <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

8a6db3d... by Stefan Bader on 2022-03-02

UBUNTU: Ubuntu-bluefield-5.4.0-1030.33

Signed-off-by: Stefan Bader <email address hidden>

874e097... by Stefan Bader on 2022-03-02

UBUNTU: [Config] bluefield: Set CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

CVE-2022-23960
Signed-off-by: Stefan Bader <email address hidden>

487db57... by Stefan Bader on 2022-03-02

UBUNTU: [Config] bluefield: Enable CONFIG_BPF_UNPRIV_DEFAULT_OFF

BugLink: https://bugs.launchpad.net/bugs/1961338 (Disable unprivileged BPF by default (LP: #1961338))

This option will disable uprivileged BPF by default. It can be reenabled,
though, as it uses the new value 2 for the kernel.unprivileged_bpf_disabled
sysctl. That value disables it, but allows the sysctl knob to be set back
to 0.

This allows sysadmins to enable unprivileged BPF back by using sysctl
config files.

Follow changes made in primary kernel.

Signed-off-by: Stefan Bader <email address hidden>

069f4e7... by Stefan Bader on 2022-03-02