kernel-rt-5.14.0-78.rt21.78.el9

* Mon Apr 11 2022 Fernando Pacheco <fpacheco@redhat.com> [5.14.0-78.rt21.78.el9]
- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574]
- CI: Remove deprecated option (Veronika Kabatova)
- scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069973]
- scsi: iscsi: Merge suspend fields (Chris Leech) [2069973]
- scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069973]
- scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069973]
- NFS: Don't loop forever in nfs_do_recoalesce() (Steve Dickson) [2069274]
- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069686]
- KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033070]
- iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053219]
- iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053219]
- redhat/configs: drop some config options for rhel 9. (David Airlie) [2067027]
- arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Use the clearbhb instruction in mitigations (Waiman Long) [2062288] {CVE-2022-23960}
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Mitigate spectre style branch history side channels (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add percpu vectors for EL1 (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add macro for reading symbol addresses from the trampoline (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add vectors that have the bhb mitigation sequences (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Allow the trampoline text to occupy multiple pages (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Make the kpti trampoline's kpti sequence optional (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Move trampoline macros out of ifdef'd section (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Move the trampoline data page before the text page (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Free up another register on kpti's tramp_exit path (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Make the trampoline cleanup optional (Waiman Long) [2062288] {CVE-2022-23960}
- KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry.S: Add ventry overflow sanity checks (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Cortex-A510 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Cortex-X2 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: cpufeature: add HWCAP for FEAT_RPRES (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: add ID_AA64ISAR2_EL1 sys register (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: cpufeature: add HWCAP for FEAT_AFP (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add HWCAP for self-synchronising virtual counter (Waiman Long) [2062288] {CVE-2022-23960}
- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2061621]
- redhat/configs: remove unnecessary GPIO options for aarch64 (Brian Masney) [2060951]
- redhat/configs: remove viperboard related Kconfig options (Brian Masney) [2060951]
- configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067243]
- block: release rq qos structures for queue without disk (Ming Lei) [2065610]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064862] {CVE-2022-1011}
- crypto: hmac - disallow keys < 112 bits in FIPS mode (Herbert Xu) [2033512]
- crypto: hmac - add fips_skip support (Herbert Xu) [2033512]
- crypto: des - disallow des3 in FIPS mode (Herbert Xu) [2033512]
- crypto: dh - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
- crypto: rsa - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
- watch_queue: Make comment about setting ->defunct more accurate (David Howells) [2063758]
- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) [2063758]
- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) [2063758]
- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) [2063758]
- watch_queue: Use the bitmap API when applicable (David Howells) [2063758]
- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) [2063758]
- watch_queue: Fix to release page in ->release() (David Howells) [2063758]
- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) [2063758]
- watch_queue: Fix filter limit check (David Howells) [2063758] {CVE-2022-0995}
- s390/mm: check 2KB-fragment page on release (Rafael Aquini) [2069978]
- s390/mm: better annotate 2KB pagetable fragments handling (Rafael Aquini) [2069978]
- s390/mm: fix 2KB pgtable release race (Rafael Aquini) [2069978]
- ima: fix deadlock when traversing "ima_default_rules". (Bruno Meneguele) [2063913]
- IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms (Bruno Meneguele) [2063913]
- IMA: introduce a new policy option func=SETXATTR_CHECK (Bruno Meneguele) [2063913]
- IMA: add a policy option to restrict xattr hash algorithms on appraisal (Bruno Meneguele) [2063913]
- IMA: add support to restrict the hash algorithms used for file appraisal (Bruno Meneguele) [2063913]
- IMA: block writes of the security.ima xattr with unsupported algorithms (Bruno Meneguele) [2063913]
- IMA: remove the dependency on CRYPTO_MD5 (Bruno Meneguele) [2063913]
- perf symbols: Fix symbol size calculation condition (Michael Petlan) [2049222]
- redhat/Makefile: Fix dist-dump-variables target (Prarit Bhargava)
- redhat/configs/process_configs.sh: Avoid race with find (Prarit Bhargava)
- redhat/configs/process_configs.sh: Remove CONTINUEONERROR (Prarit Bhargava)
- redhat/configs/process_configs.sh: Fix race with tools generation (Prarit Bhargava)
- redhat/Makefile: Silence dist-clean-configs output (Prarit Bhargava)
- Print arch with process_configs errors (Prarit Bhargava)
- Pass RHJOBS to process_configs for dist-configs-check as well (Prarit Bhargava)
- redhat/configs/process_configs.sh: Fix issue with old error files (Prarit Bhargava)
- redhat/configs/build_configs.sh: Parallelize execution (Prarit Bhargava)
- redhat/configs/build_configs.sh: Provide better messages (Prarit Bhargava)
- redhat/configs/build_configs.sh: Create unique output files (Prarit Bhargava)
- redhat/configs/build_configs.sh: Add local variables (Prarit Bhargava)
- redhat/configs/process_configs.sh: Parallelize execution (Prarit Bhargava)
- redhat/configs/process_configs.sh: Provide better messages (Prarit Bhargava)
- redhat/configs/process_configs.sh: Create unique output files (Prarit Bhargava)
- redhat/configs/process_configs.sh: Add processing config function (Prarit Bhargava)
- cifs: modefromsids must add an ACE for authenticated users (Ronnie Sahlberg) [1988278]
Resolves: rhbz#2061574, rhbz#2069978, rhbz#2063913, rhbz#2049222, rhbz#1988278

Signed-off-by: Fernando Pacheco <fpacheco@redhat.com>
This commit is contained in:
Fernando Pacheco 2022-04-11 11:16:52 -07:00
parent 40ee36a838
commit 2687a0396a
6 changed files with 224 additions and 92 deletions

View File

@ -12,7 +12,7 @@ RHEL_MINOR = 1
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 77
RHEL_RELEASE = 78
#
# ZSTREAM
@ -66,4 +66,4 @@ ifneq ("$(ZSTREAM)", "yes")
endif
endif
RTBUILD:=.77
RTBUILD:=.78

View File

@ -1191,7 +1191,7 @@ CONFIG_DRM_FBDEV_EMULATION=y
# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set
CONFIG_DRM_FBDEV_OVERALLOC=100
CONFIG_DRM_GM12U320=m
CONFIG_DRM_GMA500=m
# CONFIG_DRM_GMA500 is not set
CONFIG_DRM_GUD=m
# CONFIG_DRM_HDLCD is not set
# CONFIG_DRM_HISI_HIBMC is not set
@ -1565,14 +1565,14 @@ CONFIG_FB_EFI=y
# CONFIG_FB_MODE_HELPERS is not set
# CONFIG_FB_N411 is not set
# CONFIG_FB_NEOMAGIC is not set
CONFIG_FB_NVIDIA_BACKLIGHT=y
# CONFIG_FB_NVIDIA_BACKLIGHT is not set
# CONFIG_FB_NVIDIA_DEBUG is not set
# CONFIG_FB_NVIDIA_I2C is not set
# CONFIG_FB_NVIDIA is not set
# CONFIG_FB_OPENCORES is not set
# CONFIG_FB_PM2 is not set
# CONFIG_FB_PM3 is not set
CONFIG_FB_RADEON_BACKLIGHT=y
# CONFIG_FB_RADEON_BACKLIGHT is not set
# CONFIG_FB_RADEON_DEBUG is not set
# CONFIG_FB_RADEON_I2C is not set
# CONFIG_FB_RADEON is not set
@ -1755,7 +1755,7 @@ CONFIG_GPIO_MLXBF2=m
# CONFIG_GPIO_SYSFS is not set
# CONFIG_GPIO_THUNDERX is not set
# CONFIG_GPIO_TPIC2810 is not set
CONFIG_GPIO_VIPERBOARD=m
# CONFIG_GPIO_VIPERBOARD is not set
# CONFIG_GPIO_VX855 is not set
# CONFIG_GPIO_WATCHDOG is not set
# CONFIG_GPIO_WINBOND is not set
@ -2063,7 +2063,7 @@ CONFIG_I2C_STUB=m
CONFIG_I2C_TINY_USB=m
CONFIG_I2C_VIA=m
CONFIG_I2C_VIAPRO=m
CONFIG_I2C_VIPERBOARD=m
# CONFIG_I2C_VIPERBOARD is not set
# CONFIG_I2C_XILINX is not set
CONFIG_I2C=y
# CONFIG_I3C is not set
@ -3019,7 +3019,7 @@ CONFIG_MFD_SM501=m
# CONFIG_MFD_TPS65912_SPI is not set
# CONFIG_MFD_TPS80031 is not set
# CONFIG_MFD_TQMX86 is not set
CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_VIPERBOARD is not set
CONFIG_MFD_VX855=m
# CONFIG_MFD_WL1273_CORE is not set
# CONFIG_MFD_WM831X_I2C is not set
@ -4285,7 +4285,7 @@ CONFIG_RMI4_F11=y
CONFIG_RMI4_F12=y
CONFIG_RMI4_F30=y
CONFIG_RMI4_F34=y
# CONFIG_RMI4_F3A is not set
CONFIG_RMI4_F3A=y
# CONFIG_RMI4_F54 is not set
CONFIG_RMI4_F55=y
CONFIG_RMI4_I2C=m

View File

@ -1183,7 +1183,7 @@ CONFIG_DRM_FBDEV_EMULATION=y
# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set
CONFIG_DRM_FBDEV_OVERALLOC=100
CONFIG_DRM_GM12U320=m
CONFIG_DRM_GMA500=m
# CONFIG_DRM_GMA500 is not set
CONFIG_DRM_GUD=m
# CONFIG_DRM_HDLCD is not set
# CONFIG_DRM_HISI_HIBMC is not set
@ -1549,14 +1549,14 @@ CONFIG_FB_EFI=y
# CONFIG_FB_MODE_HELPERS is not set
# CONFIG_FB_N411 is not set
# CONFIG_FB_NEOMAGIC is not set
CONFIG_FB_NVIDIA_BACKLIGHT=y
# CONFIG_FB_NVIDIA_BACKLIGHT is not set
# CONFIG_FB_NVIDIA_DEBUG is not set
# CONFIG_FB_NVIDIA_I2C is not set
# CONFIG_FB_NVIDIA is not set
# CONFIG_FB_OPENCORES is not set
# CONFIG_FB_PM2 is not set
# CONFIG_FB_PM3 is not set
CONFIG_FB_RADEON_BACKLIGHT=y
# CONFIG_FB_RADEON_BACKLIGHT is not set
# CONFIG_FB_RADEON_DEBUG is not set
# CONFIG_FB_RADEON_I2C is not set
# CONFIG_FB_RADEON is not set
@ -1739,7 +1739,7 @@ CONFIG_GPIO_MLXBF2=m
# CONFIG_GPIO_SYSFS is not set
# CONFIG_GPIO_THUNDERX is not set
# CONFIG_GPIO_TPIC2810 is not set
CONFIG_GPIO_VIPERBOARD=m
# CONFIG_GPIO_VIPERBOARD is not set
# CONFIG_GPIO_VX855 is not set
# CONFIG_GPIO_WATCHDOG is not set
# CONFIG_GPIO_WINBOND is not set
@ -2047,7 +2047,7 @@ CONFIG_I2C_STUB=m
CONFIG_I2C_TINY_USB=m
CONFIG_I2C_VIA=m
CONFIG_I2C_VIAPRO=m
CONFIG_I2C_VIPERBOARD=m
# CONFIG_I2C_VIPERBOARD is not set
# CONFIG_I2C_XILINX is not set
CONFIG_I2C=y
# CONFIG_I3C is not set
@ -2999,7 +2999,7 @@ CONFIG_MFD_SM501=m
# CONFIG_MFD_TPS65912_SPI is not set
# CONFIG_MFD_TPS80031 is not set
# CONFIG_MFD_TQMX86 is not set
CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_VIPERBOARD is not set
CONFIG_MFD_VX855=m
# CONFIG_MFD_WL1273_CORE is not set
# CONFIG_MFD_WM831X_I2C is not set
@ -4264,7 +4264,7 @@ CONFIG_RMI4_F11=y
CONFIG_RMI4_F12=y
CONFIG_RMI4_F30=y
CONFIG_RMI4_F34=y
# CONFIG_RMI4_F3A is not set
CONFIG_RMI4_F3A=y
# CONFIG_RMI4_F54 is not set
CONFIG_RMI4_F55=y
CONFIG_RMI4_I2C=m

View File

@ -121,13 +121,13 @@ Summary: The Linux kernel
%define kversion 5.14
%define rpmversion 5.14.0
%define pkgrelease 77.rt21.77.el9
%define pkgrelease 78.rt21.78.el9
# This is needed to do merge window version magic
%define patchlevel 14
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 77.rt21.77%{?buildid}%{?dist}
%define specrelease 78.rt21.78%{?buildid}%{?dist}
%define pkg_release %{specrelease}
@ -704,7 +704,7 @@ BuildRequires: lld
# exact git commit you can run
#
# xzcat -qq ${TARBALL} | git get-tar-commit-id
Source0: linux-5.14.0-77.rt21.77.el9.tar.xz
Source0: linux-5.14.0-78.rt21.78.el9.tar.xz
Source1: Makefile.rhelver
@ -1417,8 +1417,8 @@ ApplyOptionalPatch()
fi
}
%setup -q -n kernel-5.14.0-77.rt21.77.el9 -c
mv linux-5.14.0-77.rt21.77.el9 linux-%{KVERREL}
%setup -q -n kernel-5.14.0-78.rt21.78.el9 -c
mv linux-5.14.0-78.rt21.78.el9 linux-%{KVERREL}
cd linux-%{KVERREL}
cp -a %{SOURCE1} .
@ -3095,8 +3095,97 @@ fi
#
#
%changelog
* Fri Apr 08 2022 Juri Lelli <juri.lelli@redhat.com> [5.14.0-77.rt21.77.el9]
- [rt] build kernel-rt-5.14.0-77.rt21.77.el9 [2061574]
* Mon Apr 11 2022 Fernando Pacheco <fpacheco@redhat.com> [5.14.0-78.rt21.78.el9]
- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574]
* Mon Apr 11 2022 Fernando Pacheco <fpacheco@redhat.com> [5.14.0-78.rt21.78.el9]
- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574]
- CI: Remove deprecated option (Veronika Kabatova)
- scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069973]
- scsi: iscsi: Merge suspend fields (Chris Leech) [2069973]
- scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069973]
- scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069973]
- NFS: Don't loop forever in nfs_do_recoalesce() (Steve Dickson) [2069274]
- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069686]
- KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033070]
- iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053219]
- iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053219]
- redhat/configs: drop some config options for rhel 9. (David Airlie) [2067027]
- arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Use the clearbhb instruction in mitigations (Waiman Long) [2062288] {CVE-2022-23960}
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Mitigate spectre style branch history side channels (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add percpu vectors for EL1 (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add macro for reading symbol addresses from the trampoline (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add vectors that have the bhb mitigation sequences (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Allow the trampoline text to occupy multiple pages (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Make the kpti trampoline's kpti sequence optional (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Move trampoline macros out of ifdef'd section (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Move the trampoline data page before the text page (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Free up another register on kpti's tramp_exit path (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Make the trampoline cleanup optional (Waiman Long) [2062288] {CVE-2022-23960}
- KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry.S: Add ventry overflow sanity checks (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Cortex-A510 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Cortex-X2 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: cpufeature: add HWCAP for FEAT_RPRES (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: add ID_AA64ISAR2_EL1 sys register (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: cpufeature: add HWCAP for FEAT_AFP (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add HWCAP for self-synchronising virtual counter (Waiman Long) [2062288] {CVE-2022-23960}
- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2061621]
- redhat/configs: remove unnecessary GPIO options for aarch64 (Brian Masney) [2060951]
- redhat/configs: remove viperboard related Kconfig options (Brian Masney) [2060951]
- configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067243]
- block: release rq qos structures for queue without disk (Ming Lei) [2065610]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064862] {CVE-2022-1011}
- crypto: hmac - disallow keys < 112 bits in FIPS mode (Herbert Xu) [2033512]
- crypto: hmac - add fips_skip support (Herbert Xu) [2033512]
- crypto: des - disallow des3 in FIPS mode (Herbert Xu) [2033512]
- crypto: dh - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
- crypto: rsa - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
- watch_queue: Make comment about setting ->defunct more accurate (David Howells) [2063758]
- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) [2063758]
- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) [2063758]
- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) [2063758]
- watch_queue: Use the bitmap API when applicable (David Howells) [2063758]
- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) [2063758]
- watch_queue: Fix to release page in ->release() (David Howells) [2063758]
- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) [2063758]
- watch_queue: Fix filter limit check (David Howells) [2063758] {CVE-2022-0995}
- s390/mm: check 2KB-fragment page on release (Rafael Aquini) [2069978]
- s390/mm: better annotate 2KB pagetable fragments handling (Rafael Aquini) [2069978]
- s390/mm: fix 2KB pgtable release race (Rafael Aquini) [2069978]
- ima: fix deadlock when traversing "ima_default_rules". (Bruno Meneguele) [2063913]
- IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms (Bruno Meneguele) [2063913]
- IMA: introduce a new policy option func=SETXATTR_CHECK (Bruno Meneguele) [2063913]
- IMA: add a policy option to restrict xattr hash algorithms on appraisal (Bruno Meneguele) [2063913]
- IMA: add support to restrict the hash algorithms used for file appraisal (Bruno Meneguele) [2063913]
- IMA: block writes of the security.ima xattr with unsupported algorithms (Bruno Meneguele) [2063913]
- IMA: remove the dependency on CRYPTO_MD5 (Bruno Meneguele) [2063913]
- perf symbols: Fix symbol size calculation condition (Michael Petlan) [2049222]
- redhat/Makefile: Fix dist-dump-variables target (Prarit Bhargava)
- redhat/configs/process_configs.sh: Avoid race with find (Prarit Bhargava)
- redhat/configs/process_configs.sh: Remove CONTINUEONERROR (Prarit Bhargava)
- redhat/configs/process_configs.sh: Fix race with tools generation (Prarit Bhargava)
- redhat/Makefile: Silence dist-clean-configs output (Prarit Bhargava)
- Print arch with process_configs errors (Prarit Bhargava)
- Pass RHJOBS to process_configs for dist-configs-check as well (Prarit Bhargava)
- redhat/configs/process_configs.sh: Fix issue with old error files (Prarit Bhargava)
- redhat/configs/build_configs.sh: Parallelize execution (Prarit Bhargava)
- redhat/configs/build_configs.sh: Provide better messages (Prarit Bhargava)
- redhat/configs/build_configs.sh: Create unique output files (Prarit Bhargava)
- redhat/configs/build_configs.sh: Add local variables (Prarit Bhargava)
- redhat/configs/process_configs.sh: Parallelize execution (Prarit Bhargava)
- redhat/configs/process_configs.sh: Provide better messages (Prarit Bhargava)
- redhat/configs/process_configs.sh: Create unique output files (Prarit Bhargava)
- redhat/configs/process_configs.sh: Add processing config function (Prarit Bhargava)
- cifs: modefromsids must add an ACE for authenticated users (Ronnie Sahlberg) [1988278]
* Fri Apr 08 2022 Juri Lelli <juri.lelli@redhat.com> [5.14.0-77.rt21.77.el9]
- [rt] build kernel-rt-5.14.0-77.rt21.77.el9 [2061574]

View File

@ -60,6 +60,9 @@ switch_to_toplevel()
checkoptions()
{
count=$3
variant=$4
/usr/bin/awk '
/is not set/ {
@ -82,14 +85,14 @@ checkoptions()
print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree";
}
}
' "$1" "$2" > .mismatches
' "$1" "$2" > .mismatches${count}
checkoptions_error=false
if test -s .mismatches
if test -s .mismatches${count}
then
while read -r LINE
do
if find ./ -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then
if find "${REDHAT}"/configs -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then
# This is a known broken config.
# See script help warning.
checkoptions_error=false
@ -97,14 +100,13 @@ checkoptions()
checkoptions_error=true
break
fi
done < .mismatches
done < .mismatches${count}
! $checkoptions_error && return
echo "Error: Mismatches found in configuration files"
cat .mismatches
RETURNCODE=1
[ "$CONTINUEONERROR" ] || exit 1
sed -i "1s/^/Error: Mismatches found in configuration files for ${arch} ${variant}\n/" .mismatches${count}
else
rm -f .mismatches${count}
fi
}
@ -218,75 +220,119 @@ function commit_new_configs()
git commit -m "[redhat] AUTOMATIC: New configs"
}
function process_config()
{
local cfg
local arch
local cfgtmp
local cfgorig
local count
local variant
cfg=$1
count=$2
arch=$(head -1 "$cfg" | cut -b 3-)
if [ "$arch" = "EMPTY" ]
then
# This arch is intentionally left blank
return
fi
variant=$(basename "$cfg" | cut -d"-" -f3- | cut -d"." -f1)
cfgtmp="${cfg}.tmp"
cfgorig="${cfg}.orig"
cat "$cfg" > "$cfgorig"
echo "Processing $cfg ... "
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig${count}
grep -E 'CONFIG_' .listnewconfig${count} > .newoptions${count}
if test -n "$NEWOPTIONS" && test -s .newoptions${count}
then
echo "Found unset config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors${count}
cat .newoptions${count} >> .errors${count}
rm .newoptions${count}
RETURNCODE=1
fi
rm .newoptions${count}
grep -E 'config.*warning' .listnewconfig${count} > .warnings${count}
if test -n "$CHECKWARNINGS" && test -s .warnings${count}
then
echo "Found misconfigured config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors${count}
cat .warnings${count} >> .errors${count}
rm .warnings${count}
fi
rm .warnings${count}
rm .listnewconfig${count}
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1
echo "# $arch" > "$cfgtmp"
cat "$cfgorig" >> "$cfgtmp"
if test -n "$CHECKOPTIONS"
then
checkoptions "$cfg" "$cfgtmp" "$count" "$variant"
fi
# if test run, don't overwrite original
if test -n "$TESTRUN"
then
rm -f "$cfgtmp"
else
mv "$cfgtmp" "$cfg"
fi
rm -f "$cfgorig"
echo "Processing $cfg complete"
}
function process_configs()
{
# assume we are in $source_tree/configs, need to get to top level
pushd "$(switch_to_toplevel)" &>/dev/null
# The next line is throwaway code for transition to parallel
# processing. Leaving this line in place is harmless, but it can be
# removed the next time anyone updates this function.
[ -f .mismatches ] && rm -f .mismatches
count=0
for cfg in "$SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}${SUBARCH}"*.config
do
arch=$(head -1 "$cfg" | cut -b 3-)
cfgtmp="${cfg}.tmp"
cfgorig="${cfg}.orig"
cat "$cfg" > "$cfgorig"
if [ "$arch" = "EMPTY" ]
then
# This arch is intentionally left blank
continue
if [ "$count" -eq 0 ]; then
# do the first one by itself so that tools are built
process_config "$cfg" "$count"
fi
echo -n "Processing $cfg ... "
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig
grep -E 'CONFIG_' .listnewconfig > .newoptions
if test -n "$NEWOPTIONS" && test -s .newoptions
then
echo "Found unset config items, please set them to an appropriate value"
cat .newoptions
rm .newoptions
RETURNCODE=1
[ "$CONTINUEONERROR" ] || exit 1
fi
rm .newoptions
grep -E 'config.*warning' .listnewconfig > .warnings
if test -n "$CHECKWARNINGS" && test -s .warnings
then
echo "Found misconfigured config items, please set them to an appropriate value"
cat .warnings
rm .warnings
RETURNCODE=1
[ "$CONTINUEONERROR" ] || exit 1
fi
rm .warnings
rm .listnewconfig
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1
echo "# $arch" > "$cfgtmp"
cat "$cfgorig" >> "$cfgtmp"
if test -n "$CHECKOPTIONS"
then
checkoptions "$cfg" "$cfgtmp"
fi
# if test run, don't overwrite original
if test -n "$TESTRUN"
then
rm -f "$cfgtmp"
else
mv "$cfgtmp" "$cfg"
fi
rm -f "$cfgorig"
echo "done"
process_config "$cfg" "$count" &
waitpids[${count}]=$!
((count++))
while [ "$(jobs | grep Running | wc -l)" -ge $RHJOBS ]; do :; done
done
for pid in ${waitpids[*]}; do
wait ${pid}
done
rm "$SCRIPT_DIR"/*.config*.old
if ls .errors* 1> /dev/null 2>&1; then
RETURNCODE=1
cat .errors*
rm .errors* -f
fi
if ls .mismatches* 1> /dev/null 2>&1; then
RETURNCODE=1
cat .mismatches*
rm .mismatches* -f
fi
popd > /dev/null
echo "Processed config files are in $SCRIPT_DIR"
[ $RETURNCODE -eq 0 ] && echo "Processed config files are in $SCRIPT_DIR"
}
CHECKOPTIONS=""
CONTINUEONERROR=""
NEWOPTIONS=""
TESTRUN=""
CHECKWARNINGS=""
@ -301,7 +347,6 @@ do
case $key in
-a)
CHECKOPTIONS="x"
CONTINUEONERROR="x"
NEWOPTIONS="x"
CHECKWARNINGS="x"
;;
@ -311,9 +356,6 @@ do
-h)
usage
;;
-i)
CONTINUEONERROR="x"
;;
-n)
NEWOPTIONS="x"
;;
@ -343,6 +385,7 @@ PACKAGE_NAME="${1:-kernel-rt}" # defines the package name used
KVERREL="$(test -n "$2" && echo "-$2" || echo "")"
SUBARCH="$(test -n "$3" && echo "-$3" || echo "")"
FLAVOR="$(test -n "$4" && echo "-$4" || echo "-common")"
RHJOBS="$(test -n "$5" && echo "$5" || nproc --all)"
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")

View File

@ -1,4 +1,4 @@
SHA512 (kernel-abi-whitelists-5.13.0-1.tar.bz2) = ceba454e1f590c1e4ef4115a75463ae3ac2c2aa7ec85fa14a2669d666c421483a38225ee19d7d72b4ac7032375741408b23543e43588538c80161ec0cf57051c
SHA512 (linux-5.14.0-77.rt21.77.el9.tar.xz) = 09acb7d59788f40870b522302302ded62e0714eea6dbed99d28c69537909a9547f42bdf439f52c596d251d357895aed649eb6f3296ef5d424ef8b2aca9fb10b4
SHA512 (kernel-abi-stablelists-5.14.0-77.rt21.77.el9.tar.bz2) = fb6b7dd353c2ffd728c32542d12ee65c24221791099942259a020e9d2fcf1f043c27a27aa0279a4a9a2f6114258b1d9cd3fa6009db1dd8396b44800bdd2e9766
SHA512 (kernel-kabi-dw-5.14.0-77.rt21.77.el9.tar.bz2) = c901529aff636abbc2aa5f289ec098a2a29c8507aa81ee649d1104592b8abad9f495db0e947dc36a84e043708a47373de35156b40b252281ef747f06e19ed914
SHA512 (linux-5.14.0-78.rt21.78.el9.tar.xz) = 0847477361a0b4a3666b57f957724fe5e67ecd2e29d0eef09e44e0e0114869fddda4fab5214002ecf73c81f9ef80a1df8c6bede8b91dfeff3c150a91d7488c68
SHA512 (kernel-abi-stablelists-5.14.0-78.rt21.78.el9.tar.bz2) = 59182c8e2c3e5182afbbad053b683e60e111b7be538950f76c92aa2597877dc1922d0382448aa9f058b4160849504eb9a458aa7819d950cfe099ef7c4607fab5
SHA512 (kernel-kabi-dw-5.14.0-78.rt21.78.el9.tar.bz2) = f48c87da1305f27edb6978f09d3ddef1604f6f064094a9b8ab9c39a5f9451c9155419f680227af536db9172609e6c6f8ba7629f707088e64eeb01a43bbf4670e