Cloud Kernel SIG Monthly News: New versions of ANCK 5.10 and 4.19 are released, and ABS adds new warehouse building functions

Cloud Kernel SIG (Special Interest Group): Support the R&D, release and service of the Dragon Lizard kernel version, and provide cost-effective kernel products available for production.

01 SIG overall progress

Release ANCK 5.10-014 version.
Release ANCK 4.19-027.2 version.
The ABS platform has added the OOT warehouse temporary construction function.

02 Specific progress

Release ANCK 5.10-014 version:

Version updated to 5.10.134-14.
Important kernel bugs and security vulnerabilities (CVE) fixes.
Support the multi-pcp function, bypass the big lock of the buddy system, and improve the network packet receiving ability.
virtio-net supports uso offloading. Compared with ufo offloading, it can improve the packet receiving performance and the forwarding performance of forwarding components in complex network environments.
Enable the Intel IAA accelerator driver to improve the performance of compression and decompression.
Fix silent data loss in shmem/hugetlb file system due to page cache truncate.
Add coresight ETE driver and tools/perf tool support.
Under the Arm64 platform, the signal processing mechanism of the kvm module is enhanced to fix the downtime problem caused by RAS and other scenarios.
Synchronize the CMN and DRW drivers of the linux community, add debugfs support, and fix related defects.
Support X86 kernel mode Copy On Write to trigger MCE error recovery.
Supports topdown analysis of performance issues in the form of perf metric, improving the usability of CPU PMU.
Added support for SEV and SEV-ES hardware features to support proper operation of the pre-attestation feature of SEV confidential containers.
Fix the problem of virtual address space exhaustion caused by pci_iounmap not implemented under aarch64 architecture.

Self-study

Support the code segment locking function of the whole machine/memcg granularity.
Provides the function of page cache usage limit to solve the OOM problem caused by the recovery speed of page cache being slower than the production speed.
Support dynamic CPU isolation.
Supports CPU Burst and memory minimum watermark grading functions on cgroup v2.
The xdp socket supports allocating virtual memory for the queue, avoiding the problem of xdp socket allocation failure caused by memory fragmentation.

Important CVE list:

CVE-2023-1076 (PR#1536)	CVE-2022-41849 (PR#1383)	CVE-2023-1077 (PR#1460)	CVE-2023-1073 (PR#1516)
CVE-2022-3707 (PR#1520)	CVE-2022-4095 (PR#1523)	CVE-2022-4744 (PR#1524)	CVE-2023-1095 (PR#1400)
CVE-2023-1074 (PR#1514)	CVE-2022-47521 (PR#1526)	CVE-2023-23000 (PR#1386)	CVE-2022-4662 (PR#1344)
CVE-2023-1118 (PR#1390)	CVE-2023-23004 (PR#1387)	CVE-2023-0590 (PR#1312)	CVE-2023-1281 (PR#1490)
CVE-2021-3759 (PR#1320)	CVE-2023-0461 (PR#1402)	CVE-2021-33061 (PR#1319)	CVE-2023-0597 (PR#1314)
CVE-2022-3523 (PR#1273)	CVE-2022-42703 (PR#1261)	CVE-2022-4129 (PR#1269)	CVE-2022-42328 (PR#1142)
CVE-2022-42329 (PR#1142)	CVE-2023-23454 (PR#1239)	CVE-2023-0394 (PR#1238)	CVE-2023-23455 (PR#1237)
CVE-2023-23559 (PR#1235)	CVE-2022-45934 (PR#1102)	CVE-2022-47520 (PR#1049)	CVE-2022-47519 (PR#1050)
CVE-2022-47518 (PR#1051)	CVE-2022-47946 (PR#1173)	CVE-2022-2196 (PR#1153)	CVE-2022-3643 (PR#1143)
CVE-2022-4139 (PR#1141)	CVE-2022-1184 (PR#1140)	CVE-2022-41218 (PR#1059)	CVE-2022-3303 (PR#977)
CVE-2023-0266 (PR#1125)	CVE-2022-4696 (PR#1097)	CVE-2023-0179 (PR#1075)	CVE-2022-42719 (PR#1008)
CVE-2022-39190 (PR#1007)	CVE-2022-0171 (PR#1002)	CVE-2022-4378 (PR#1006)	CVE-2022-39189 (PR#1003)
CVE-2022-3566 (PR#988)	CVE-2022-3535 (PR#997)	CVE-2022-3633 (PR#998)	CVE-2022-3435 (PR#999)
CVE-2022-3534 (PR#978)	CVE-2022-3564 (PR#984)	CVE-2022-3524 (PR#983)	CVE-2022-3567 (PR#981)
CVE-2022-3586 (PR#973)	CVE-2022-3521 (PR#964)	CVE-2022-42720 (PR#963)	CVE-2022-42721 (PR#962)
CVE-2022-42722 (PR#961)	CVE-2022-41674 (PR#960)	CVE-2022-2663 (PR#958)	CVE-2022-3028 (PR#957)
CVE-2022-1679 (PR#956)	CVE-2022-42895 (PR#955)	CVE-2022-42896 (PR#954)	CVE-2022-3565 (PR#943)
CVE-2022-3545 (PR#936)	CVE-2022-3629 (PR#934)	CVE-2022-40307 (PR#931)	CVE-2022-2905 (PR#929)
CVE-2022-3594 (PR#945)	CVE-2022-3061 (PR#948)	CVE-2022-3628 (PR#950)	CVE-2022-3635 (PR#933)
CVE-2022-39842 (PR#937)	CVE-2022-3169 (PR#928)	CVE-2022-3623 (PR#926)	CVE-2022-40768 (PR#922)

Note: Each CVE has a hyperlink to the patch, click on the link to view.

Release ANCK 4.19-027.2 version:

Version updated to 4.19.91-27.2.
Important kernel bugs and security vulnerabilities (CVE) fixes.
The bond NIC supports broadcasting ARP on all sub-slave interfaces (PR#1061).
Fixed the problem that the server may crash after the nfsv3 client access restarts (PR#1590).

Important CVE list:

CVE-2021-3923 (PR#1550)	CVE-2020-14331 (PR#1554)	CVE-2023-1611 (PR#1548)	CVE-2023-1838 (PR#1546)
CVE-2023-28772 (PR#1525)	CVE-2023-0030 (PR#1172)	CVE-2023-1118 (PR#1389)	CVE-2022-4662 (PR#1345)
CVE-2022-45934 (PR#1420)	CVE-2022-3108 (PR#1355)	CVE-2022-4129 (PR#1349)	CVE-2022-3564 (PR#1146)
CVE-2022-3524 (PR#1039)	CVE-2020-25671 (PR#1150)	CVE-2022-20566 (PR#1168)	CVE-2023-1095 (PR#1396)
CVE-2020-25670 (PR#1152)	CVE-2023-0590 (PR#1503)	CVE-2020-25672 (PR#1149)	CVE-2023-1281 (PR#1500)
CVE-2023-23454 (PR#1348)	CVE-2022-2964 (PR#1502)	CVE-2023-26545 (PR#1499)	CVE-2023-1074 (PR#1498)
CVE-2023-0394 (PR#1497)	CVE-2022-47929 (PR#1496)	CVE-2023-23455 (PR#1495)	CVE-2023-23559 (PR#1494)
CVE-2022-3535 (PR#1044)	CVE-2021-3759 (PR#1321)	CVE-2022-42703 (PR#1323)	CVE-2022-3107 (PR#1354)
CVE-2022-1975 (PR#1416)	CVE-2023-0461 (PR#1426)	CVE-2023-0597 (PR#1311)	CVE-2022-42328 (PR#1159)
CVE-2022-42896 (PR#1038)	CVE-2022-3111 (PR#1052)	CVE-2022-3239 (PR#1065)	CVE-2022-41218 (PR#1057)
CVE-2023-0266 (PR#1126)	CVE-2022-41858 (PR#1048)	CVE-2022-33741 (PR#1058)	CVE-2022-3566 (PR#1042)

注：每个 CVE 都带有修复补丁的超链接，点击链接查看。

kABI

The ABS platform has a new OOT warehouse temporary construction function, which is convenient for developers to conduct temporary construction tests on OOT. For details, see: https://openanolis.cn/sig/Cloud-Kernel/doc/721476435931824255