kernel-6.11.0-0.rc5.20240827git3e9bff3bbe13.44

* Tue Aug 27 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.3e9bff3bbe13.44]
- Linux v6.11.0-0.rc5.3e9bff3bbe13
Resolves: RHEL-49398

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes 2024-08-27 11:28:15 -06:00
parent 17565722aa
commit 7e878ba500
No known key found for this signature in database
GPG Key ID: B8FA7924A4B1C140
21 changed files with 221 additions and 106 deletions

View File

@ -12,7 +12,7 @@ RHEL_MINOR = 99
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 43
RHEL_RELEASE = 44
#
# RHEL_REBASE_NUM

View File

@ -1,9 +1,21 @@
https://gitlab.com/cki-project/kernel-ark/-/commit/f0422a4f19781da4d37e9d95c8df8eae5db72d0c
f0422a4f19781da4d37e9d95c8df8eae5db72d0c Revert "pidfd: prevent creation of pidfds for kthreads"
https://gitlab.com/cki-project/kernel-ark/-/commit/b0c8e7622950ce4bd430980be9a93e56bda43672
b0c8e7622950ce4bd430980be9a93e56bda43672 crypto: akcipher - Disable signing and decryption
https://gitlab.com/cki-project/kernel-ark/-/commit/a09122a7a65c8e9f1a0982f6a9c768bf040f6df9
a09122a7a65c8e9f1a0982f6a9c768bf040f6df9 crypto: dh - implement FIPS PCT
https://gitlab.com/cki-project/kernel-ark/-/commit/a9c9a82dfe33e40861d7d0a13ae9fe50a5b49c12
a9c9a82dfe33e40861d7d0a13ae9fe50a5b49c12 crypto: ecdh - disallow plain "ecdh" usage in FIPS mode
https://gitlab.com/cki-project/kernel-ark/-/commit/135f5f0257aaf5fc358eb35665b88f78cfa9882d
135f5f0257aaf5fc358eb35665b88f78cfa9882d crypto: seqiv - flag instantiations as FIPS compliant
https://gitlab.com/cki-project/kernel-ark/-/commit/6425c2e128af3870617dd29da8110e7fa17b9ba9
6425c2e128af3870617dd29da8110e7fa17b9ba9 not upstream: Disable vdso getrandom when FIPS is enabled
https://gitlab.com/cki-project/kernel-ark/-/commit/ecb1311a2f2e5baf8cd394850d03d33e18c8ba41
ecb1311a2f2e5baf8cd394850d03d33e18c8ba41 [kernel] bpf: set default value for bpf_jit_harden
https://gitlab.com/cki-project/kernel-ark/-/commit/6ae23a2899f457adcbd4e081dec7a49a62b5ec87
6ae23a2899f457adcbd4e081dec7a49a62b5ec87 Add support to rh_waived cmdline boot parameter

View File

@ -2132,7 +2132,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_BMAN_TEST is not set
CONFIG_FSL_DPAA2_ETH_DCB=y
@ -4282,8 +4282,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2116,7 +2116,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_BMAN_TEST is not set
CONFIG_FSL_DPAA2_ETH_DCB=y
@ -4261,8 +4261,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2129,7 +2129,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_BMAN_TEST is not set
CONFIG_FSL_DPAA2_ETH_DCB=y
@ -4279,8 +4279,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2113,7 +2113,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_BMAN_TEST is not set
CONFIG_FSL_DPAA2_ETH_DCB=y
@ -4258,8 +4258,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2167,7 +2167,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_BMAN_TEST is not set
CONFIG_FSL_DPAA2_ETH_DCB=y
@ -4319,8 +4319,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2151,7 +2151,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_BMAN_TEST is not set
CONFIG_FSL_DPAA2_ETH_DCB=y
@ -4298,8 +4298,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -1883,7 +1883,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -3927,8 +3927,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -1867,7 +1867,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -3907,8 +3907,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -1886,7 +1886,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -3907,8 +3907,7 @@ CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
# CONFIG_NETIUCV is not set
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -1870,7 +1870,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -3887,8 +3887,7 @@ CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
# CONFIG_NETIUCV is not set
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -3897,7 +3897,6 @@ CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
# CONFIG_NETIUCV is not set
# CONFIG_NET_KEY is not set
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2015,7 +2015,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -4144,8 +4144,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -1999,7 +1999,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -4124,8 +4124,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2053,7 +2053,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -4184,8 +4184,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -2037,7 +2037,7 @@ CONFIG_FRONTSWAP=y
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE=y
CONFIG_FS_DAX=y
# CONFIG_FS_ENCRYPTION is not set
CONFIG_FS_ENCRYPTION=y
# CONFIG_FSI is not set
# CONFIG_FSL_EDMA is not set
# CONFIG_FSL_ENETC_IERB is not set
@ -4164,8 +4164,7 @@ CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPIP=m
CONFIG_NET_IPVTI=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
# CONFIG_NET_KEY is not set
# CONFIG_NETKIT is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NETLABEL=y

View File

@ -1,7 +1,16 @@
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
- Revert "pidfd: prevent creation of pidfds for kthreads" (Christian Brauner)
* Tue Aug 27 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.3e9bff3bbe13.44]
- Linux v6.11.0-0.rc5.3e9bff3bbe13
Resolves: RHEL-49398
* Mon Aug 26 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
- Add weakdep support to the kernel spec (Justin M. Forbes)
Resolves:
- redhat: configs: disable PF_KEY in RHEL (Sabrina Dubroca)
- crypto: akcipher - Disable signing and decryption (Vladis Dronov) [RHEL-54183] {CVE-2023-6240}
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-54183]
- crypto: ecdh - disallow plain "ecdh" usage in FIPS mode (Vladis Dronov) [RHEL-54183]
- crypto: seqiv - flag instantiations as FIPS compliant (Vladis Dronov) [RHEL-54183]
- [kernel] bpf: set default value for bpf_jit_harden (Artem Savkov) [RHEL-51896]
Resolves: RHEL-51896, RHEL-54183
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.42]
- Linux v6.11.0-0.rc5

View File

@ -163,13 +163,13 @@ Summary: The Linux kernel
%define specrpmversion 6.11.0
%define specversion 6.11.0
%define patchversion 6.11
%define pkgrelease 0.rc5.43
%define pkgrelease 0.rc5.20240827git3e9bff3bbe13.44
%define kversion 6
%define tarfile_release 6.11-rc5
%define tarfile_release 6.11-rc5-15-g3e9bff3bbe13
# This is needed to do merge window version magic
%define patchlevel 11
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 0.rc5.43%{?buildid}%{?dist}
%define specrelease 0.rc5.20240827git3e9bff3bbe13.44%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 6.11.0
@ -4098,9 +4098,17 @@ fi\
#
#
%changelog
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
- Revert "pidfd: prevent creation of pidfds for kthreads" (Christian Brauner)
* Tue Aug 27 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.3e9bff3bbe13.44]
- Linux v6.11.0-0.rc5.3e9bff3bbe13
* Mon Aug 26 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.43]
- Add weakdep support to the kernel spec (Justin M. Forbes)
- redhat: configs: disable PF_KEY in RHEL (Sabrina Dubroca)
- crypto: akcipher - Disable signing and decryption (Vladis Dronov) [RHEL-54183] {CVE-2023-6240}
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-54183]
- crypto: ecdh - disallow plain "ecdh" usage in FIPS mode (Vladis Dronov) [RHEL-54183]
- crypto: seqiv - flag instantiations as FIPS compliant (Vladis Dronov) [RHEL-54183]
- [kernel] bpf: set default value for bpf_jit_harden (Artem Savkov) [RHEL-51896]
* Sun Aug 25 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc5.42]
- Linux v6.11.0-0.rc5

View File

@ -11,8 +11,12 @@
arch/x86/kernel/cpu/common.c | 1 +
arch/x86/kernel/setup.c | 98 +++-
certs/extract-cert.c | 25 +-
crypto/akcipher.c | 6 +-
crypto/dh.c | 25 +
crypto/drbg.c | 18 +-
crypto/rng.c | 149 +++++-
crypto/seqiv.c | 15 +-
crypto/testmgr.c | 4 +-
drivers/acpi/apei/hest.c | 8 +
drivers/acpi/irq.c | 17 +-
drivers/acpi/scan.c | 9 +
@ -48,7 +52,7 @@
fs/afs/main.c | 3 +
fs/erofs/super.c | 9 +
fs/ext4/super.c | 11 +
include/linux/crypto.h | 1 +
include/linux/crypto.h | 3 +
include/linux/efi.h | 22 +-
include/linux/kernel.h | 16 +
include/linux/lsm_hook_defs.h | 2 +
@ -63,8 +67,8 @@
include/linux/security.h | 5 +
init/main.c | 3 +
kernel/Makefile | 1 +
kernel/bpf/core.c | 5 +
kernel/bpf/syscall.c | 23 +
kernel/fork.c | 25 +-
kernel/module/main.c | 13 +
kernel/module/signing.c | 9 +-
kernel/panic.c | 13 +
@ -79,7 +83,7 @@
security/lockdown/Kconfig | 13 +
security/lockdown/lockdown.c | 1 +
security/security.c | 12 +
81 files changed, 2688 insertions(+), 280 deletions(-)
85 files changed, 2734 insertions(+), 266 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 09126bb8cc9f..ee2984e46c06 100644
@ -501,6 +505,67 @@ index 70e9ec89d87d..f5fb74916cee 100644
} else {
BIO *b;
X509 *x509;
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index e0ff5f4dda6d..098a52ded759 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -126,14 +126,12 @@ int crypto_register_akcipher(struct akcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
- if (!alg->sign)
- alg->sign = akcipher_default_op;
+ alg->sign = akcipher_default_op;
if (!alg->verify)
alg->verify = akcipher_default_op;
if (!alg->encrypt)
alg->encrypt = akcipher_default_op;
- if (!alg->decrypt)
- alg->decrypt = akcipher_default_op;
+ alg->decrypt = akcipher_default_op;
if (!alg->set_priv_key)
alg->set_priv_key = akcipher_default_set_key;
diff --git a/crypto/dh.c b/crypto/dh.c
index 68d11d66c0b5..6e3e515b2452 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -227,10 +227,35 @@ static int dh_compute_value(struct kpp_request *req)
/* SP800-56A rev 3 5.6.2.1.3 key check */
} else {
+ MPI val_pct;
+
if (dh_is_pubkey_valid(ctx, val)) {
ret = -EAGAIN;
goto err_free_val;
}
+
+ /*
+ * SP800-56Arev3, 5.6.2.1.4: ("Owner Assurance
+ * of Pair-wise Consistency"): recompute the
+ * public key and check if the results match.
+ */
+ val_pct = mpi_alloc(0);
+ if (!val_pct) {
+ ret = -ENOMEM;
+ goto err_free_val;
+ }
+
+ ret = _compute_val(ctx, base, val_pct);
+ if (ret) {
+ mpi_free(val_pct);
+ goto err_free_val;
+ }
+
+ if (mpi_cmp(val, val_pct) != 0) {
+ fips_fail_notify();
+ panic("dh: pair-wise consistency test failed\n");
+ }
+ mpi_free(val_pct);
}
}
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 3addce90930c..730b03de596a 100644
--- a/crypto/drbg.c
@ -775,6 +840,67 @@ index 9d8804e46422..5ccb0485ff4b 100644
+
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Random Number Generator");
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index 17e11d51ddc3..9c136a3b6267 100644
--- a/crypto/seqiv.c
+++ b/crypto/seqiv.c
@@ -132,6 +132,19 @@ static int seqiv_aead_decrypt(struct aead_request *req)
return crypto_aead_decrypt(subreq);
}
+static int aead_init_seqiv(struct crypto_aead *aead)
+{
+ int err;
+
+ err = aead_init_geniv(aead);
+ if (err)
+ return err;
+
+ crypto_aead_set_flags(aead, CRYPTO_TFM_FIPS_COMPLIANCE);
+
+ return 0;
+}
+
static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
{
struct aead_instance *inst;
@@ -149,7 +162,7 @@ static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
inst->alg.encrypt = seqiv_aead_encrypt;
inst->alg.decrypt = seqiv_aead_decrypt;
- inst->alg.init = aead_init_geniv;
+ inst->alg.init = aead_init_seqiv;
inst->alg.exit = aead_exit_geniv;
inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index f02cb075bd68..669e306f1cb2 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4216,7 +4216,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
* Don't invoke (decrypt or sign) test which require a private key
* for vectors with only a public key.
*/
- if (vecs->public_key_vec) {
+ if (1 || vecs->public_key_vec) {
err = 0;
goto free_all;
}
@@ -5093,14 +5093,12 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdh-nist-p256",
.test = alg_test_kpp,
- .fips_allowed = 1,
.suite = {
.kpp = __VECS(ecdh_p256_tv_template)
}
}, {
.alg = "ecdh-nist-p384",
.test = alg_test_kpp,
- .fips_allowed = 1,
.suite = {
.kpp = __VECS(ecdh_p384_tv_template)
}
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index 20d757687e3d..90a13f20f052 100644
--- a/drivers/acpi/apei/hest.c
@ -2390,14 +2516,16 @@ index e72145c4ae5a..7522b976a836 100644
err = ext4_register_sysfs(sb);
if (err)
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index b164da5e129e..59021b8609a7 100644
index b164da5e129e..cd78d16ee5d6 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -133,6 +133,7 @@
@@ -133,6 +133,9 @@
#define CRYPTO_TFM_REQ_FORBID_WEAK_KEYS 0x00000100
#define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200
#define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400
+#define CRYPTO_TFM_REQ_NEED_RESEED 0x00000800
+
+#define CRYPTO_TFM_FIPS_COMPLIANCE 0x80000000
/*
* Miscellaneous stuff.
@ -3281,6 +3409,23 @@ index 3c13240dfc9f..dc6723d84302 100644
obj-$(CONFIG_USERMODE_DRIVER) += usermode_driver.o
obj-$(CONFIG_MULTIUSER) += groups.o
obj-$(CONFIG_VHOST_TASK) += vhost_task.o
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 7ee62e38faf0..63817aceb71f 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -566,7 +566,12 @@ void bpf_prog_kallsyms_del_all(struct bpf_prog *fp)
/* All BPF JIT sysctl knobs here. */
int bpf_jit_enable __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
int bpf_jit_kallsyms __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
+#ifdef CONFIG_RHEL_DIFFERENCES
+/* RHEL-only: set it to 1 by default */
+int bpf_jit_harden __read_mostly = 1;
+#else
int bpf_jit_harden __read_mostly;
+#endif /* CONFIG_RHEL_DIFFERENCES */
long bpf_jit_limit __read_mostly;
long bpf_jit_limit_max __read_mostly;
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index bf6c5f685ea2..649f2fccaddd 100644
--- a/kernel/bpf/syscall.c
@ -3329,50 +3474,6 @@ index bf6c5f685ea2..649f2fccaddd 100644
*(int *)table->data = unpriv_enable;
}
diff --git a/kernel/fork.c b/kernel/fork.c
index 18bdc87209d0..cc760491f201 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2053,23 +2053,10 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re
*/
int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret)
{
- if (!pid)
- return -EINVAL;
-
- scoped_guard(rcu) {
- struct task_struct *tsk;
-
- if (flags & PIDFD_THREAD)
- tsk = pid_task(pid, PIDTYPE_PID);
- else
- tsk = pid_task(pid, PIDTYPE_TGID);
- if (!tsk)
- return -EINVAL;
+ bool thread = flags & PIDFD_THREAD;
- /* Don't create pidfds for kernel threads for now. */
- if (tsk->flags & PF_KTHREAD)
- return -EINVAL;
- }
+ if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID))
+ return -EINVAL;
return __pidfd_prepare(pid, flags, ret);
}
@@ -2416,12 +2403,6 @@ __latent_entropy struct task_struct *copy_process(
if (clone_flags & CLONE_PIDFD) {
int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0;
- /* Don't create pidfds for kernel threads for now. */
- if (args->kthread) {
- retval = -EINVAL;
- goto bad_fork_free_pid;
- }
-
/* Note that no task has been attached to @pid yet. */
retval = __pidfd_prepare(pid, flags, &pidfile);
if (retval < 0)
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 71396e297499..29e469418075 100644
--- a/kernel/module/main.c

View File

@ -1,3 +1,3 @@
SHA512 (linux-6.11-rc5.tar.xz) = ff448b1f89c72e7f6b55049cd7cc090971b8fd138f37797ea75b2294aa47f6e625874b2bc5958d57f1c3535d3926374bafb15661e42dad34bb41692f0e0d016b
SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = f1335e684c694ca921a702c6e13dc7cf6184294db2b8671161b6689d483722cd7c2970bb74df7c2da55b5f9c80e9144adf0a7d6f7b7225022b2f368ec821da50
SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = ccd65f0cbf5f967b6a49f1d8e596e065f389177bd496715d5dd2bb8b7b735dcdeb1d4eff1cf55a62d1aaa92bcf98c9a7bc4f931e0ec2c09eba63acd573581e04
SHA512 (linux-6.11-rc5-15-g3e9bff3bbe13.tar.xz) = ae746f6c59c27274d79861d16a9cbea3db179eeda2b5979622f91a8e1c49cb8acc5149171d6e9d43878f7b0dc2b418dc8c3b39fa8c076bdb73616ed8dad92832
SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = 2c203d38dc30d67f52015828f8754eac49964d3c1996d0b667b87aa7aff20ed2fa5fae19a90b253d488bb54d5f9bd8200ae305879b6b5b9d41acb98fefd8c1f4
SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = 115ed2d2d87324b30eb4c078719913a80b3992ba9e3ac9df4711712b3de12a8f46732a468e8a5acd1c86983426d5a09d1df94c5cda27575a08f3622f4d7e5bc9