From d0ce8b55b0b92e3a995451b4d62f604cb8994d33 Mon Sep 17 00:00:00 2001
From: almalinux-bot-kernel <almalinux-bot-kernel@almalinux.org>
Date: Wed, 24 Dec 2025 04:16:32 +0000
Subject: [PATCH] Import of kernel-6.12.0-124.21.1.el10_1

---
 ....0-124.20.1.el10 => COPYING-6.12.0-124.21.1.el10 |  0
 Makefile.rhelver                                    |  2 +-
 configs/kernel-6.12.0-ppc64le-debug.config          | 13 +------------
 drivers/net/tun.c                                   |  3 +++
 fs/namespace.c                                      |  5 +++++
 redhat/kernel.changelog-10.1                        |  5 +++++
 uki-addons.sbat                                     |  4 ++--
 uki.sbat                                            |  4 ++--
 8 files changed, 19 insertions(+), 17 deletions(-)
 rename COPYING-6.12.0-124.20.1.el10 => COPYING-6.12.0-124.21.1.el10 (100%)

diff --git a/COPYING-6.12.0-124.20.1.el10 b/COPYING-6.12.0-124.21.1.el10
similarity index 100%
rename from COPYING-6.12.0-124.20.1.el10
rename to COPYING-6.12.0-124.21.1.el10
diff --git a/Makefile.rhelver b/Makefile.rhelver
index ed5527efd4..76c6c89c69 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 124.20.1
+RHEL_RELEASE = 124.21.1
 
 #
 # RHEL_REBASE_NUM
diff --git a/configs/kernel-6.12.0-ppc64le-debug.config b/configs/kernel-6.12.0-ppc64le-debug.config
index 1b844fbe97..f941e92267 100644
--- a/configs/kernel-6.12.0-ppc64le-debug.config
+++ b/configs/kernel-6.12.0-ppc64le-debug.config
@@ -500,9 +500,6 @@ CONFIG_PPC_TRANSACTIONAL_MEM=y
 CONFIG_PPC_UV=y
 # CONFIG_LD_HEAD_STUB_CATCH is not set
 CONFIG_MPROFILE_KERNEL=y
-CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY=y
-CONFIG_PPC_FTRACE_OUT_OF_LINE=y
-CONFIG_PPC_FTRACE_OUT_OF_LINE_NUM_RESERVE=32768
 CONFIG_HOTPLUG_CPU=y
 CONFIG_INTERRUPT_SANITIZE_REGISTERS=y
 CONFIG_PPC_QUEUED_SPINLOCKS=y
@@ -725,7 +722,6 @@ CONFIG_FUNCTION_ALIGNMENT_4B=y
 CONFIG_FUNCTION_ALIGNMENT=4
 CONFIG_CC_HAS_MIN_FUNCTION_ALIGNMENT=y
 CONFIG_CC_HAS_SANE_FUNCTION_ALIGNMENT=y
-CONFIG_ARCH_WANTS_PRE_LINK_VMLINUX=y
 # end of General architecture-dependent options
 
 CONFIG_RT_MUTEXES=y
@@ -5030,7 +5026,6 @@ CONFIG_HID_KUNIT_TEST=m
 #
 # HID-BPF support
 #
-CONFIG_HID_BPF=y
 # end of HID-BPF support
 
 CONFIG_I2C_HID=y
@@ -7132,8 +7127,6 @@ CONFIG_HAVE_FUNCTION_TRACER=y
 CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
 CONFIG_HAVE_DYNAMIC_FTRACE=y
 CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
-CONFIG_HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS=y
 CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y
 CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
 CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
@@ -7154,8 +7147,6 @@ CONFIG_FUNCTION_TRACER=y
 CONFIG_FUNCTION_GRAPH_TRACER=y
 CONFIG_DYNAMIC_FTRACE=y
 CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
-CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
-CONFIG_DYNAMIC_FTRACE_WITH_CALL_OPS=y
 CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
 CONFIG_FPROBE=y
 CONFIG_FUNCTION_PROFILER=y
@@ -7180,7 +7171,7 @@ CONFIG_BPF_EVENTS=y
 CONFIG_DYNAMIC_EVENTS=y
 CONFIG_PROBE_EVENTS=y
 CONFIG_FTRACE_MCOUNT_RECORD=y
-CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=y
+CONFIG_FTRACE_MCOUNT_USE_CC=y
 CONFIG_TRACING_MAP=y
 CONFIG_SYNTH_EVENTS=y
 # CONFIG_USER_EVENTS is not set
@@ -7206,8 +7197,6 @@ CONFIG_RV_REACTORS=y
 CONFIG_RV_REACT_PRINTK=y
 CONFIG_RV_REACT_PANIC=y
 # CONFIG_SAMPLES is not set
-CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y
-CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y
 CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
 CONFIG_STRICT_DEVMEM=y
 # CONFIG_IO_STRICT_DEVMEM is not set
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 4e8dfd9c1f..52e016a479 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1932,6 +1932,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
 				local_bh_enable();
 				goto unlock_frags;
 			}
+
+			if (frags && skb != tfile->napi.skb)
+				tfile->napi.skb = skb;
 		}
 		rcu_read_unlock();
 		local_bh_enable();
diff --git a/fs/namespace.c b/fs/namespace.c
index da767032a0..64f9006f8c 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2261,6 +2261,11 @@ struct vfsmount *clone_private_mount(const struct path *path)
 	if (!check_mnt(old_mnt))
 		goto invalid;
 
+	if (!ns_capable(old_mnt->mnt_ns->user_ns, CAP_SYS_ADMIN)) {
+		up_read(&namespace_sem);
+		return ERR_PTR(-EPERM);
+	}
+
 	if (has_locked_children(old_mnt, path->dentry))
 		goto invalid;
 
diff --git a/redhat/kernel.changelog-10.1 b/redhat/kernel.changelog-10.1
index eb24300303..7ed7bbb6f1 100644
--- a/redhat/kernel.changelog-10.1
+++ b/redhat/kernel.changelog-10.1
@@ -1,3 +1,8 @@
+* Thu Dec 04 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.21.1.el10_1]
+- CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129282] {CVE-2025-38499}
+- net: tun: Update napi->skb after XDP process (CKI Backport Bot) [RHEL-122247] {CVE-2025-39984}
+Resolves: RHEL-122247, RHEL-129282
+
 * Tue Dec 02 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.20.1.el10_1]
 - iommu/vt-d: Disallow dirty tracking if incoherent page walk (CKI Backport Bot) [RHEL-125482] {CVE-2025-40058}
 - net/mlx5: fs, fix UAF in flow counter release (Michal Schmidt) [RHEL-124432] {CVE-2025-39979}
diff --git a/uki-addons.sbat b/uki-addons.sbat
index e6a3e75e20..4e091f97b7 100644
--- a/uki-addons.sbat
+++ b/uki-addons.sbat
@@ -1,3 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-kernel-uki-virt-addons.centos,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.20.1.el10.x86_64,mailto:secalert@redhat.com
-kernel-uki-virt-addons.almalinux,1,AlmaLinux,kernel-uki-virt-addons,6.12.0-124.20.1.el10.x86_64,mailto:security@almalinux.org
+kernel-uki-virt-addons.centos,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.21.1.el10.x86_64,mailto:secalert@redhat.com
+kernel-uki-virt-addons.almalinux,1,AlmaLinux,kernel-uki-virt-addons,6.12.0-124.21.1.el10.x86_64,mailto:security@almalinux.org
diff --git a/uki.sbat b/uki.sbat
index 7d994c1b2b..5f939b4e08 100644
--- a/uki.sbat
+++ b/uki.sbat
@@ -1,3 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-kernel-uki-virt.centos,1,Red Hat,kernel-uki-virt,6.12.0-124.20.1.el10.x86_64,mailto:secalert@redhat.com
-kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,6.12.0-124.20.1.el10.x86_64,mailto:security@almalinux.org
+kernel-uki-virt.centos,1,Red Hat,kernel-uki-virt,6.12.0-124.21.1.el10.x86_64,mailto:secalert@redhat.com
+kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,6.12.0-124.21.1.el10.x86_64,mailto:security@almalinux.org