From 2687a0396a735afc460278c8483acd9bad64ad51 Mon Sep 17 00:00:00 2001 From: Fernando Pacheco Date: Mon, 11 Apr 2022 11:16:52 -0700 Subject: [PATCH] kernel-rt-5.14.0-78.rt21.78.el9 * Mon Apr 11 2022 Fernando Pacheco [5.14.0-78.rt21.78.el9] - [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574] - CI: Remove deprecated option (Veronika Kabatova) - scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069973] - scsi: iscsi: Merge suspend fields (Chris Leech) [2069973] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069973] - scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069973] - NFS: Don't loop forever in nfs_do_recoalesce() (Steve Dickson) [2069274] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069686] - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033070] - iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053219] - iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053219] - redhat/configs: drop some config options for rhel 9. (David Airlie) [2067027] - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Use the clearbhb instruction in mitigations (Waiman Long) [2062288] {CVE-2022-23960} - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Mitigate spectre style branch history side channels (Waiman Long) [2062288] {CVE-2022-23960} - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Add percpu vectors for EL1 (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Add macro for reading symbol addresses from the trampoline (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Add vectors that have the bhb mitigation sequences (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Allow the trampoline text to occupy multiple pages (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Make the kpti trampoline's kpti sequence optional (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Move trampoline macros out of ifdef'd section (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Don't assume tramp_vectors is the start of the vectors (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Move the trampoline data page before the text page (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Free up another register on kpti's tramp_exit path (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry: Make the trampoline cleanup optional (Waiman Long) [2062288] {CVE-2022-23960} - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (Waiman Long) [2062288] {CVE-2022-23960} - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (Waiman Long) [2062288] {CVE-2022-23960} - arm64: entry.S: Add ventry overflow sanity checks (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Add Cortex-A510 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Add Cortex-X2 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960} - arm64: cpufeature: add HWCAP for FEAT_RPRES (Waiman Long) [2062288] {CVE-2022-23960} - arm64: add ID_AA64ISAR2_EL1 sys register (Waiman Long) [2062288] {CVE-2022-23960} - arm64: cpufeature: add HWCAP for FEAT_AFP (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960} - arm64: Add HWCAP for self-synchronising virtual counter (Waiman Long) [2062288] {CVE-2022-23960} - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2061621] - redhat/configs: remove unnecessary GPIO options for aarch64 (Brian Masney) [2060951] - redhat/configs: remove viperboard related Kconfig options (Brian Masney) [2060951] - configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067243] - block: release rq qos structures for queue without disk (Ming Lei) [2065610] - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064862] {CVE-2022-1011} - crypto: hmac - disallow keys < 112 bits in FIPS mode (Herbert Xu) [2033512] - crypto: hmac - add fips_skip support (Herbert Xu) [2033512] - crypto: des - disallow des3 in FIPS mode (Herbert Xu) [2033512] - crypto: dh - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512] - crypto: rsa - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512] - watch_queue: Make comment about setting ->defunct more accurate (David Howells) [2063758] - watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) [2063758] - watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) [2063758] - watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) [2063758] - watch_queue: Use the bitmap API when applicable (David Howells) [2063758] - watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) [2063758] - watch_queue: Fix to release page in ->release() (David Howells) [2063758] - watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) [2063758] - watch_queue: Fix filter limit check (David Howells) [2063758] {CVE-2022-0995} - s390/mm: check 2KB-fragment page on release (Rafael Aquini) [2069978] - s390/mm: better annotate 2KB pagetable fragments handling (Rafael Aquini) [2069978] - s390/mm: fix 2KB pgtable release race (Rafael Aquini) [2069978] - ima: fix deadlock when traversing "ima_default_rules". (Bruno Meneguele) [2063913] - IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms (Bruno Meneguele) [2063913] - IMA: introduce a new policy option func=SETXATTR_CHECK (Bruno Meneguele) [2063913] - IMA: add a policy option to restrict xattr hash algorithms on appraisal (Bruno Meneguele) [2063913] - IMA: add support to restrict the hash algorithms used for file appraisal (Bruno Meneguele) [2063913] - IMA: block writes of the security.ima xattr with unsupported algorithms (Bruno Meneguele) [2063913] - IMA: remove the dependency on CRYPTO_MD5 (Bruno Meneguele) [2063913] - perf symbols: Fix symbol size calculation condition (Michael Petlan) [2049222] - redhat/Makefile: Fix dist-dump-variables target (Prarit Bhargava) - redhat/configs/process_configs.sh: Avoid race with find (Prarit Bhargava) - redhat/configs/process_configs.sh: Remove CONTINUEONERROR (Prarit Bhargava) - redhat/configs/process_configs.sh: Fix race with tools generation (Prarit Bhargava) - redhat/Makefile: Silence dist-clean-configs output (Prarit Bhargava) - Print arch with process_configs errors (Prarit Bhargava) - Pass RHJOBS to process_configs for dist-configs-check as well (Prarit Bhargava) - redhat/configs/process_configs.sh: Fix issue with old error files (Prarit Bhargava) - redhat/configs/build_configs.sh: Parallelize execution (Prarit Bhargava) - redhat/configs/build_configs.sh: Provide better messages (Prarit Bhargava) - redhat/configs/build_configs.sh: Create unique output files (Prarit Bhargava) - redhat/configs/build_configs.sh: Add local variables (Prarit Bhargava) - redhat/configs/process_configs.sh: Parallelize execution (Prarit Bhargava) - redhat/configs/process_configs.sh: Provide better messages (Prarit Bhargava) - redhat/configs/process_configs.sh: Create unique output files (Prarit Bhargava) - redhat/configs/process_configs.sh: Add processing config function (Prarit Bhargava) - cifs: modefromsids must add an ACE for authenticated users (Ronnie Sahlberg) [1988278] Resolves: rhbz#2061574, rhbz#2069978, rhbz#2063913, rhbz#2049222, rhbz#1988278 Signed-off-by: Fernando Pacheco --- Makefile.rhelver | 4 +- kernel-rt-x86_64-debug-rhel.config | 14 +-- kernel-rt-x86_64-rhel.config | 14 +-- kernel.spec | 103 +++++++++++++++-- process_configs.sh | 175 ++++++++++++++++++----------- sources | 6 +- 6 files changed, 224 insertions(+), 92 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index 1240f5c..956d808 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 1 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 77 +RHEL_RELEASE = 78 # # ZSTREAM @@ -66,4 +66,4 @@ ifneq ("$(ZSTREAM)", "yes") endif endif -RTBUILD:=.77 +RTBUILD:=.78 diff --git a/kernel-rt-x86_64-debug-rhel.config b/kernel-rt-x86_64-debug-rhel.config index 265fa04..b632d12 100644 --- a/kernel-rt-x86_64-debug-rhel.config +++ b/kernel-rt-x86_64-debug-rhel.config @@ -1191,7 +1191,7 @@ CONFIG_DRM_FBDEV_EMULATION=y # CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set CONFIG_DRM_FBDEV_OVERALLOC=100 CONFIG_DRM_GM12U320=m -CONFIG_DRM_GMA500=m +# CONFIG_DRM_GMA500 is not set CONFIG_DRM_GUD=m # CONFIG_DRM_HDLCD is not set # CONFIG_DRM_HISI_HIBMC is not set @@ -1565,14 +1565,14 @@ CONFIG_FB_EFI=y # CONFIG_FB_MODE_HELPERS is not set # CONFIG_FB_N411 is not set # CONFIG_FB_NEOMAGIC is not set -CONFIG_FB_NVIDIA_BACKLIGHT=y +# CONFIG_FB_NVIDIA_BACKLIGHT is not set # CONFIG_FB_NVIDIA_DEBUG is not set # CONFIG_FB_NVIDIA_I2C is not set # CONFIG_FB_NVIDIA is not set # CONFIG_FB_OPENCORES is not set # CONFIG_FB_PM2 is not set # CONFIG_FB_PM3 is not set -CONFIG_FB_RADEON_BACKLIGHT=y +# CONFIG_FB_RADEON_BACKLIGHT is not set # CONFIG_FB_RADEON_DEBUG is not set # CONFIG_FB_RADEON_I2C is not set # CONFIG_FB_RADEON is not set @@ -1755,7 +1755,7 @@ CONFIG_GPIO_MLXBF2=m # CONFIG_GPIO_SYSFS is not set # CONFIG_GPIO_THUNDERX is not set # CONFIG_GPIO_TPIC2810 is not set -CONFIG_GPIO_VIPERBOARD=m +# CONFIG_GPIO_VIPERBOARD is not set # CONFIG_GPIO_VX855 is not set # CONFIG_GPIO_WATCHDOG is not set # CONFIG_GPIO_WINBOND is not set @@ -2063,7 +2063,7 @@ CONFIG_I2C_STUB=m CONFIG_I2C_TINY_USB=m CONFIG_I2C_VIA=m CONFIG_I2C_VIAPRO=m -CONFIG_I2C_VIPERBOARD=m +# CONFIG_I2C_VIPERBOARD is not set # CONFIG_I2C_XILINX is not set CONFIG_I2C=y # CONFIG_I3C is not set @@ -3019,7 +3019,7 @@ CONFIG_MFD_SM501=m # CONFIG_MFD_TPS65912_SPI is not set # CONFIG_MFD_TPS80031 is not set # CONFIG_MFD_TQMX86 is not set -CONFIG_MFD_VIPERBOARD=m +# CONFIG_MFD_VIPERBOARD is not set CONFIG_MFD_VX855=m # CONFIG_MFD_WL1273_CORE is not set # CONFIG_MFD_WM831X_I2C is not set @@ -4285,7 +4285,7 @@ CONFIG_RMI4_F11=y CONFIG_RMI4_F12=y CONFIG_RMI4_F30=y CONFIG_RMI4_F34=y -# CONFIG_RMI4_F3A is not set +CONFIG_RMI4_F3A=y # CONFIG_RMI4_F54 is not set CONFIG_RMI4_F55=y CONFIG_RMI4_I2C=m diff --git a/kernel-rt-x86_64-rhel.config b/kernel-rt-x86_64-rhel.config index 6f45028..1c64b08 100644 --- a/kernel-rt-x86_64-rhel.config +++ b/kernel-rt-x86_64-rhel.config @@ -1183,7 +1183,7 @@ CONFIG_DRM_FBDEV_EMULATION=y # CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set CONFIG_DRM_FBDEV_OVERALLOC=100 CONFIG_DRM_GM12U320=m -CONFIG_DRM_GMA500=m +# CONFIG_DRM_GMA500 is not set CONFIG_DRM_GUD=m # CONFIG_DRM_HDLCD is not set # CONFIG_DRM_HISI_HIBMC is not set @@ -1549,14 +1549,14 @@ CONFIG_FB_EFI=y # CONFIG_FB_MODE_HELPERS is not set # CONFIG_FB_N411 is not set # CONFIG_FB_NEOMAGIC is not set -CONFIG_FB_NVIDIA_BACKLIGHT=y +# CONFIG_FB_NVIDIA_BACKLIGHT is not set # CONFIG_FB_NVIDIA_DEBUG is not set # CONFIG_FB_NVIDIA_I2C is not set # CONFIG_FB_NVIDIA is not set # CONFIG_FB_OPENCORES is not set # CONFIG_FB_PM2 is not set # CONFIG_FB_PM3 is not set -CONFIG_FB_RADEON_BACKLIGHT=y +# CONFIG_FB_RADEON_BACKLIGHT is not set # CONFIG_FB_RADEON_DEBUG is not set # CONFIG_FB_RADEON_I2C is not set # CONFIG_FB_RADEON is not set @@ -1739,7 +1739,7 @@ CONFIG_GPIO_MLXBF2=m # CONFIG_GPIO_SYSFS is not set # CONFIG_GPIO_THUNDERX is not set # CONFIG_GPIO_TPIC2810 is not set -CONFIG_GPIO_VIPERBOARD=m +# CONFIG_GPIO_VIPERBOARD is not set # CONFIG_GPIO_VX855 is not set # CONFIG_GPIO_WATCHDOG is not set # CONFIG_GPIO_WINBOND is not set @@ -2047,7 +2047,7 @@ CONFIG_I2C_STUB=m CONFIG_I2C_TINY_USB=m CONFIG_I2C_VIA=m CONFIG_I2C_VIAPRO=m -CONFIG_I2C_VIPERBOARD=m +# CONFIG_I2C_VIPERBOARD is not set # CONFIG_I2C_XILINX is not set CONFIG_I2C=y # CONFIG_I3C is not set @@ -2999,7 +2999,7 @@ CONFIG_MFD_SM501=m # CONFIG_MFD_TPS65912_SPI is not set # CONFIG_MFD_TPS80031 is not set # CONFIG_MFD_TQMX86 is not set -CONFIG_MFD_VIPERBOARD=m +# CONFIG_MFD_VIPERBOARD is not set CONFIG_MFD_VX855=m # CONFIG_MFD_WL1273_CORE is not set # CONFIG_MFD_WM831X_I2C is not set @@ -4264,7 +4264,7 @@ CONFIG_RMI4_F11=y CONFIG_RMI4_F12=y CONFIG_RMI4_F30=y CONFIG_RMI4_F34=y -# CONFIG_RMI4_F3A is not set +CONFIG_RMI4_F3A=y # CONFIG_RMI4_F54 is not set CONFIG_RMI4_F55=y CONFIG_RMI4_I2C=m diff --git a/kernel.spec b/kernel.spec index 7495d52..7c22386 100755 --- a/kernel.spec +++ b/kernel.spec @@ -121,13 +121,13 @@ Summary: The Linux kernel %define kversion 5.14 %define rpmversion 5.14.0 -%define pkgrelease 77.rt21.77.el9 +%define pkgrelease 78.rt21.78.el9 # This is needed to do merge window version magic %define patchlevel 14 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 77.rt21.77%{?buildid}%{?dist} +%define specrelease 78.rt21.78%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -704,7 +704,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.14.0-77.rt21.77.el9.tar.xz +Source0: linux-5.14.0-78.rt21.78.el9.tar.xz Source1: Makefile.rhelver @@ -1417,8 +1417,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.14.0-77.rt21.77.el9 -c -mv linux-5.14.0-77.rt21.77.el9 linux-%{KVERREL} +%setup -q -n kernel-5.14.0-78.rt21.78.el9 -c +mv linux-5.14.0-78.rt21.78.el9 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -3095,8 +3095,97 @@ fi # # %changelog -* Fri Apr 08 2022 Juri Lelli [5.14.0-77.rt21.77.el9] -- [rt] build kernel-rt-5.14.0-77.rt21.77.el9 [2061574] +* Mon Apr 11 2022 Fernando Pacheco [5.14.0-78.rt21.78.el9] +- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574] + +* Mon Apr 11 2022 Fernando Pacheco [5.14.0-78.rt21.78.el9] +- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574] +- CI: Remove deprecated option (Veronika Kabatova) +- scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069973] +- scsi: iscsi: Merge suspend fields (Chris Leech) [2069973] +- scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069973] +- scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069973] +- NFS: Don't loop forever in nfs_do_recoalesce() (Steve Dickson) [2069274] +- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069686] +- KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033070] +- iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053219] +- iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053219] +- redhat/configs: drop some config options for rhel 9. (David Airlie) [2067027] +- arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Use the clearbhb instruction in mitigations (Waiman Long) [2062288] {CVE-2022-23960} +- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Mitigate spectre style branch history side channels (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Add percpu vectors for EL1 (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Add macro for reading symbol addresses from the trampoline (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Add vectors that have the bhb mitigation sequences (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Allow the trampoline text to occupy multiple pages (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Make the kpti trampoline's kpti sequence optional (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Move trampoline macros out of ifdef'd section (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Don't assume tramp_vectors is the start of the vectors (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Move the trampoline data page before the text page (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Free up another register on kpti's tramp_exit path (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry: Make the trampoline cleanup optional (Waiman Long) [2062288] {CVE-2022-23960} +- KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: entry.S: Add ventry overflow sanity checks (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Add Cortex-A510 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Add Cortex-X2 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: cpufeature: add HWCAP for FEAT_RPRES (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: add ID_AA64ISAR2_EL1 sys register (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: cpufeature: add HWCAP for FEAT_AFP (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960} +- arm64: Add HWCAP for self-synchronising virtual counter (Waiman Long) [2062288] {CVE-2022-23960} +- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2061621] +- redhat/configs: remove unnecessary GPIO options for aarch64 (Brian Masney) [2060951] +- redhat/configs: remove viperboard related Kconfig options (Brian Masney) [2060951] +- configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067243] +- block: release rq qos structures for queue without disk (Ming Lei) [2065610] +- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064862] {CVE-2022-1011} +- crypto: hmac - disallow keys < 112 bits in FIPS mode (Herbert Xu) [2033512] +- crypto: hmac - add fips_skip support (Herbert Xu) [2033512] +- crypto: des - disallow des3 in FIPS mode (Herbert Xu) [2033512] +- crypto: dh - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512] +- crypto: rsa - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512] +- watch_queue: Make comment about setting ->defunct more accurate (David Howells) [2063758] +- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) [2063758] +- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) [2063758] +- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) [2063758] +- watch_queue: Use the bitmap API when applicable (David Howells) [2063758] +- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) [2063758] +- watch_queue: Fix to release page in ->release() (David Howells) [2063758] +- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) [2063758] +- watch_queue: Fix filter limit check (David Howells) [2063758] {CVE-2022-0995} +- s390/mm: check 2KB-fragment page on release (Rafael Aquini) [2069978] +- s390/mm: better annotate 2KB pagetable fragments handling (Rafael Aquini) [2069978] +- s390/mm: fix 2KB pgtable release race (Rafael Aquini) [2069978] +- ima: fix deadlock when traversing "ima_default_rules". (Bruno Meneguele) [2063913] +- IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms (Bruno Meneguele) [2063913] +- IMA: introduce a new policy option func=SETXATTR_CHECK (Bruno Meneguele) [2063913] +- IMA: add a policy option to restrict xattr hash algorithms on appraisal (Bruno Meneguele) [2063913] +- IMA: add support to restrict the hash algorithms used for file appraisal (Bruno Meneguele) [2063913] +- IMA: block writes of the security.ima xattr with unsupported algorithms (Bruno Meneguele) [2063913] +- IMA: remove the dependency on CRYPTO_MD5 (Bruno Meneguele) [2063913] +- perf symbols: Fix symbol size calculation condition (Michael Petlan) [2049222] +- redhat/Makefile: Fix dist-dump-variables target (Prarit Bhargava) +- redhat/configs/process_configs.sh: Avoid race with find (Prarit Bhargava) +- redhat/configs/process_configs.sh: Remove CONTINUEONERROR (Prarit Bhargava) +- redhat/configs/process_configs.sh: Fix race with tools generation (Prarit Bhargava) +- redhat/Makefile: Silence dist-clean-configs output (Prarit Bhargava) +- Print arch with process_configs errors (Prarit Bhargava) +- Pass RHJOBS to process_configs for dist-configs-check as well (Prarit Bhargava) +- redhat/configs/process_configs.sh: Fix issue with old error files (Prarit Bhargava) +- redhat/configs/build_configs.sh: Parallelize execution (Prarit Bhargava) +- redhat/configs/build_configs.sh: Provide better messages (Prarit Bhargava) +- redhat/configs/build_configs.sh: Create unique output files (Prarit Bhargava) +- redhat/configs/build_configs.sh: Add local variables (Prarit Bhargava) +- redhat/configs/process_configs.sh: Parallelize execution (Prarit Bhargava) +- redhat/configs/process_configs.sh: Provide better messages (Prarit Bhargava) +- redhat/configs/process_configs.sh: Create unique output files (Prarit Bhargava) +- redhat/configs/process_configs.sh: Add processing config function (Prarit Bhargava) +- cifs: modefromsids must add an ACE for authenticated users (Ronnie Sahlberg) [1988278] * Fri Apr 08 2022 Juri Lelli [5.14.0-77.rt21.77.el9] - [rt] build kernel-rt-5.14.0-77.rt21.77.el9 [2061574] diff --git a/process_configs.sh b/process_configs.sh index e0418d7..c838c70 100755 --- a/process_configs.sh +++ b/process_configs.sh @@ -60,6 +60,9 @@ switch_to_toplevel() checkoptions() { + count=$3 + variant=$4 + /usr/bin/awk ' /is not set/ { @@ -82,14 +85,14 @@ checkoptions() print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree"; } } - ' "$1" "$2" > .mismatches + ' "$1" "$2" > .mismatches${count} checkoptions_error=false - if test -s .mismatches + if test -s .mismatches${count} then while read -r LINE do - if find ./ -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then + if find "${REDHAT}"/configs -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then # This is a known broken config. # See script help warning. checkoptions_error=false @@ -97,14 +100,13 @@ checkoptions() checkoptions_error=true break fi - done < .mismatches + done < .mismatches${count} ! $checkoptions_error && return - echo "Error: Mismatches found in configuration files" - cat .mismatches - RETURNCODE=1 - [ "$CONTINUEONERROR" ] || exit 1 + sed -i "1s/^/Error: Mismatches found in configuration files for ${arch} ${variant}\n/" .mismatches${count} + else + rm -f .mismatches${count} fi } @@ -218,75 +220,119 @@ function commit_new_configs() git commit -m "[redhat] AUTOMATIC: New configs" } +function process_config() +{ + local cfg + local arch + local cfgtmp + local cfgorig + local count + local variant + + cfg=$1 + count=$2 + + arch=$(head -1 "$cfg" | cut -b 3-) + + if [ "$arch" = "EMPTY" ] + then + # This arch is intentionally left blank + return + fi + + variant=$(basename "$cfg" | cut -d"-" -f3- | cut -d"." -f1) + + cfgtmp="${cfg}.tmp" + cfgorig="${cfg}.orig" + cat "$cfg" > "$cfgorig" + + echo "Processing $cfg ... " + + make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig${count} + grep -E 'CONFIG_' .listnewconfig${count} > .newoptions${count} + if test -n "$NEWOPTIONS" && test -s .newoptions${count} + then + echo "Found unset config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors${count} + cat .newoptions${count} >> .errors${count} + rm .newoptions${count} + RETURNCODE=1 + fi + rm .newoptions${count} + + grep -E 'config.*warning' .listnewconfig${count} > .warnings${count} + if test -n "$CHECKWARNINGS" && test -s .warnings${count} + then + echo "Found misconfigured config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors${count} + cat .warnings${count} >> .errors${count} + rm .warnings${count} + fi + rm .warnings${count} + + rm .listnewconfig${count} + + make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1 + echo "# $arch" > "$cfgtmp" + cat "$cfgorig" >> "$cfgtmp" + if test -n "$CHECKOPTIONS" + then + checkoptions "$cfg" "$cfgtmp" "$count" "$variant" + fi + # if test run, don't overwrite original + if test -n "$TESTRUN" + then + rm -f "$cfgtmp" + else + mv "$cfgtmp" "$cfg" + fi + rm -f "$cfgorig" + echo "Processing $cfg complete" +} + function process_configs() { # assume we are in $source_tree/configs, need to get to top level pushd "$(switch_to_toplevel)" &>/dev/null + # The next line is throwaway code for transition to parallel + # processing. Leaving this line in place is harmless, but it can be + # removed the next time anyone updates this function. + [ -f .mismatches ] && rm -f .mismatches + + count=0 for cfg in "$SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}${SUBARCH}"*.config do - arch=$(head -1 "$cfg" | cut -b 3-) - cfgtmp="${cfg}.tmp" - cfgorig="${cfg}.orig" - cat "$cfg" > "$cfgorig" - - if [ "$arch" = "EMPTY" ] - then - # This arch is intentionally left blank - continue + if [ "$count" -eq 0 ]; then + # do the first one by itself so that tools are built + process_config "$cfg" "$count" fi - echo -n "Processing $cfg ... " - - make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig - grep -E 'CONFIG_' .listnewconfig > .newoptions - if test -n "$NEWOPTIONS" && test -s .newoptions - then - echo "Found unset config items, please set them to an appropriate value" - cat .newoptions - rm .newoptions - RETURNCODE=1 - [ "$CONTINUEONERROR" ] || exit 1 - fi - rm .newoptions - - grep -E 'config.*warning' .listnewconfig > .warnings - if test -n "$CHECKWARNINGS" && test -s .warnings - then - echo "Found misconfigured config items, please set them to an appropriate value" - cat .warnings - rm .warnings - RETURNCODE=1 - [ "$CONTINUEONERROR" ] || exit 1 - fi - rm .warnings - - rm .listnewconfig - - make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1 - echo "# $arch" > "$cfgtmp" - cat "$cfgorig" >> "$cfgtmp" - if test -n "$CHECKOPTIONS" - then - checkoptions "$cfg" "$cfgtmp" - fi - # if test run, don't overwrite original - if test -n "$TESTRUN" - then - rm -f "$cfgtmp" - else - mv "$cfgtmp" "$cfg" - fi - rm -f "$cfgorig" - echo "done" + process_config "$cfg" "$count" & + waitpids[${count}]=$! + ((count++)) + while [ "$(jobs | grep Running | wc -l)" -ge $RHJOBS ]; do :; done done + for pid in ${waitpids[*]}; do + wait ${pid} + done + rm "$SCRIPT_DIR"/*.config*.old + + if ls .errors* 1> /dev/null 2>&1; then + RETURNCODE=1 + cat .errors* + rm .errors* -f + fi + if ls .mismatches* 1> /dev/null 2>&1; then + RETURNCODE=1 + cat .mismatches* + rm .mismatches* -f + fi + popd > /dev/null - echo "Processed config files are in $SCRIPT_DIR" + [ $RETURNCODE -eq 0 ] && echo "Processed config files are in $SCRIPT_DIR" } CHECKOPTIONS="" -CONTINUEONERROR="" NEWOPTIONS="" TESTRUN="" CHECKWARNINGS="" @@ -301,7 +347,6 @@ do case $key in -a) CHECKOPTIONS="x" - CONTINUEONERROR="x" NEWOPTIONS="x" CHECKWARNINGS="x" ;; @@ -311,9 +356,6 @@ do -h) usage ;; - -i) - CONTINUEONERROR="x" - ;; -n) NEWOPTIONS="x" ;; @@ -343,6 +385,7 @@ PACKAGE_NAME="${1:-kernel-rt}" # defines the package name used KVERREL="$(test -n "$2" && echo "-$2" || echo "")" SUBARCH="$(test -n "$3" && echo "-$3" || echo "")" FLAVOR="$(test -n "$4" && echo "-$4" || echo "-common")" +RHJOBS="$(test -n "$5" && echo "$5" || nproc --all)" SCRIPT=$(readlink -f "$0") SCRIPT_DIR=$(dirname "$SCRIPT") diff --git a/sources b/sources index 0a9f2b9..a2ea234 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (kernel-abi-whitelists-5.13.0-1.tar.bz2) = ceba454e1f590c1e4ef4115a75463ae3ac2c2aa7ec85fa14a2669d666c421483a38225ee19d7d72b4ac7032375741408b23543e43588538c80161ec0cf57051c -SHA512 (linux-5.14.0-77.rt21.77.el9.tar.xz) = 09acb7d59788f40870b522302302ded62e0714eea6dbed99d28c69537909a9547f42bdf439f52c596d251d357895aed649eb6f3296ef5d424ef8b2aca9fb10b4 -SHA512 (kernel-abi-stablelists-5.14.0-77.rt21.77.el9.tar.bz2) = fb6b7dd353c2ffd728c32542d12ee65c24221791099942259a020e9d2fcf1f043c27a27aa0279a4a9a2f6114258b1d9cd3fa6009db1dd8396b44800bdd2e9766 -SHA512 (kernel-kabi-dw-5.14.0-77.rt21.77.el9.tar.bz2) = c901529aff636abbc2aa5f289ec098a2a29c8507aa81ee649d1104592b8abad9f495db0e947dc36a84e043708a47373de35156b40b252281ef747f06e19ed914 +SHA512 (linux-5.14.0-78.rt21.78.el9.tar.xz) = 0847477361a0b4a3666b57f957724fe5e67ecd2e29d0eef09e44e0e0114869fddda4fab5214002ecf73c81f9ef80a1df8c6bede8b91dfeff3c150a91d7488c68 +SHA512 (kernel-abi-stablelists-5.14.0-78.rt21.78.el9.tar.bz2) = 59182c8e2c3e5182afbbad053b683e60e111b7be538950f76c92aa2597877dc1922d0382448aa9f058b4160849504eb9a458aa7819d950cfe099ef7c4607fab5 +SHA512 (kernel-kabi-dw-5.14.0-78.rt21.78.el9.tar.bz2) = f48c87da1305f27edb6978f09d3ddef1604f6f064094a9b8ab9c39a5f9451c9155419f680227af536db9172609e6c6f8ba7629f707088e64eeb01a43bbf4670e