kernel-rt-5.14.0-78.rt21.78.el9

* Mon Apr 11 2022 Fernando Pacheco <fpacheco@redhat.com> [5.14.0-78.rt21.78.el9]
- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574]
- CI: Remove deprecated option (Veronika Kabatova)
- scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069973]
- scsi: iscsi: Merge suspend fields (Chris Leech) [2069973]
- scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069973]
- scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069973]
- NFS: Don't loop forever in nfs_do_recoalesce() (Steve Dickson) [2069274]
- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069686]
- KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033070]
- iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053219]
- iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053219]
- redhat/configs: drop some config options for rhel 9. (David Airlie) [2067027]
- arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Use the clearbhb instruction in mitigations (Waiman Long) [2062288] {CVE-2022-23960}
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Mitigate spectre style branch history side channels (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add percpu vectors for EL1 (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add macro for reading symbol addresses from the trampoline (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add vectors that have the bhb mitigation sequences (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Allow the trampoline text to occupy multiple pages (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Make the kpti trampoline's kpti sequence optional (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Move trampoline macros out of ifdef'd section (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Move the trampoline data page before the text page (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Free up another register on kpti's tramp_exit path (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry: Make the trampoline cleanup optional (Waiman Long) [2062288] {CVE-2022-23960}
- KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: entry.S: Add ventry overflow sanity checks (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Cortex-A510 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Cortex-X2 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: cpufeature: add HWCAP for FEAT_RPRES (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: add ID_AA64ISAR2_EL1 sys register (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: cpufeature: add HWCAP for FEAT_AFP (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
- arm64: Add HWCAP for self-synchronising virtual counter (Waiman Long) [2062288] {CVE-2022-23960}
- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2061621]
- redhat/configs: remove unnecessary GPIO options for aarch64 (Brian Masney) [2060951]
- redhat/configs: remove viperboard related Kconfig options (Brian Masney) [2060951]
- configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067243]
- block: release rq qos structures for queue without disk (Ming Lei) [2065610]
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064862] {CVE-2022-1011}
- crypto: hmac - disallow keys < 112 bits in FIPS mode (Herbert Xu) [2033512]
- crypto: hmac - add fips_skip support (Herbert Xu) [2033512]
- crypto: des - disallow des3 in FIPS mode (Herbert Xu) [2033512]
- crypto: dh - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
- crypto: rsa - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
- watch_queue: Make comment about setting ->defunct more accurate (David Howells) [2063758]
- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) [2063758]
- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) [2063758]
- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) [2063758]
- watch_queue: Use the bitmap API when applicable (David Howells) [2063758]
- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) [2063758]
- watch_queue: Fix to release page in ->release() (David Howells) [2063758]
- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) [2063758]
- watch_queue: Fix filter limit check (David Howells) [2063758] {CVE-2022-0995}
- s390/mm: check 2KB-fragment page on release (Rafael Aquini) [2069978]
- s390/mm: better annotate 2KB pagetable fragments handling (Rafael Aquini) [2069978]
- s390/mm: fix 2KB pgtable release race (Rafael Aquini) [2069978]
- ima: fix deadlock when traversing "ima_default_rules". (Bruno Meneguele) [2063913]
- IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms (Bruno Meneguele) [2063913]
- IMA: introduce a new policy option func=SETXATTR_CHECK (Bruno Meneguele) [2063913]
- IMA: add a policy option to restrict xattr hash algorithms on appraisal (Bruno Meneguele) [2063913]
- IMA: add support to restrict the hash algorithms used for file appraisal (Bruno Meneguele) [2063913]
- IMA: block writes of the security.ima xattr with unsupported algorithms (Bruno Meneguele) [2063913]
- IMA: remove the dependency on CRYPTO_MD5 (Bruno Meneguele) [2063913]
- perf symbols: Fix symbol size calculation condition (Michael Petlan) [2049222]
- redhat/Makefile: Fix dist-dump-variables target (Prarit Bhargava)
- redhat/configs/process_configs.sh: Avoid race with find (Prarit Bhargava)
- redhat/configs/process_configs.sh: Remove CONTINUEONERROR (Prarit Bhargava)
- redhat/configs/process_configs.sh: Fix race with tools generation (Prarit Bhargava)
- redhat/Makefile: Silence dist-clean-configs output (Prarit Bhargava)
- Print arch with process_configs errors (Prarit Bhargava)
- Pass RHJOBS to process_configs for dist-configs-check as well (Prarit Bhargava)
- redhat/configs/process_configs.sh: Fix issue with old error files (Prarit Bhargava)
- redhat/configs/build_configs.sh: Parallelize execution (Prarit Bhargava)
- redhat/configs/build_configs.sh: Provide better messages (Prarit Bhargava)
- redhat/configs/build_configs.sh: Create unique output files (Prarit Bhargava)
- redhat/configs/build_configs.sh: Add local variables (Prarit Bhargava)
- redhat/configs/process_configs.sh: Parallelize execution (Prarit Bhargava)
- redhat/configs/process_configs.sh: Provide better messages (Prarit Bhargava)
- redhat/configs/process_configs.sh: Create unique output files (Prarit Bhargava)
- redhat/configs/process_configs.sh: Add processing config function (Prarit Bhargava)
- cifs: modefromsids must add an ACE for authenticated users (Ronnie Sahlberg) [1988278]
Resolves: rhbz#2061574, rhbz#2069978, rhbz#2063913, rhbz#2049222, rhbz#1988278

Signed-off-by: Fernando Pacheco <fpacheco@redhat.com>

Makefile.rhelver

@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 77
+RHEL_RELEASE = 78
 
 #
 # ZSTREAM
@@ -66,4 +66,4 @@ ifneq ("$(ZSTREAM)", "yes")
   endif
 endif
 
-RTBUILD:=.77
+RTBUILD:=.78

kernel-rt-x86_64-debug-rhel.config

@@ -1191,7 +1191,7 @@ CONFIG_DRM_FBDEV_EMULATION=y
 # CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set
 CONFIG_DRM_FBDEV_OVERALLOC=100
 CONFIG_DRM_GM12U320=m
-CONFIG_DRM_GMA500=m
+# CONFIG_DRM_GMA500 is not set
 CONFIG_DRM_GUD=m
 # CONFIG_DRM_HDLCD is not set
 # CONFIG_DRM_HISI_HIBMC is not set
@@ -1565,14 +1565,14 @@ CONFIG_FB_EFI=y
 # CONFIG_FB_MODE_HELPERS is not set
 # CONFIG_FB_N411 is not set
 # CONFIG_FB_NEOMAGIC is not set
-CONFIG_FB_NVIDIA_BACKLIGHT=y
+# CONFIG_FB_NVIDIA_BACKLIGHT is not set
 # CONFIG_FB_NVIDIA_DEBUG is not set
 # CONFIG_FB_NVIDIA_I2C is not set
 # CONFIG_FB_NVIDIA is not set
 # CONFIG_FB_OPENCORES is not set
 # CONFIG_FB_PM2 is not set
 # CONFIG_FB_PM3 is not set
-CONFIG_FB_RADEON_BACKLIGHT=y
+# CONFIG_FB_RADEON_BACKLIGHT is not set
 # CONFIG_FB_RADEON_DEBUG is not set
 # CONFIG_FB_RADEON_I2C is not set
 # CONFIG_FB_RADEON is not set
@@ -1755,7 +1755,7 @@ CONFIG_GPIO_MLXBF2=m
 # CONFIG_GPIO_SYSFS is not set
 # CONFIG_GPIO_THUNDERX is not set
 # CONFIG_GPIO_TPIC2810 is not set
-CONFIG_GPIO_VIPERBOARD=m
+# CONFIG_GPIO_VIPERBOARD is not set
 # CONFIG_GPIO_VX855 is not set
 # CONFIG_GPIO_WATCHDOG is not set
 # CONFIG_GPIO_WINBOND is not set
@@ -2063,7 +2063,7 @@ CONFIG_I2C_STUB=m
 CONFIG_I2C_TINY_USB=m
 CONFIG_I2C_VIA=m
 CONFIG_I2C_VIAPRO=m
-CONFIG_I2C_VIPERBOARD=m
+# CONFIG_I2C_VIPERBOARD is not set
 # CONFIG_I2C_XILINX is not set
 CONFIG_I2C=y
 # CONFIG_I3C is not set
@@ -3019,7 +3019,7 @@ CONFIG_MFD_SM501=m
 # CONFIG_MFD_TPS65912_SPI is not set
 # CONFIG_MFD_TPS80031 is not set
 # CONFIG_MFD_TQMX86 is not set
-CONFIG_MFD_VIPERBOARD=m
+# CONFIG_MFD_VIPERBOARD is not set
 CONFIG_MFD_VX855=m
 # CONFIG_MFD_WL1273_CORE is not set
 # CONFIG_MFD_WM831X_I2C is not set
@@ -4285,7 +4285,7 @@ CONFIG_RMI4_F11=y
 CONFIG_RMI4_F12=y
 CONFIG_RMI4_F30=y
 CONFIG_RMI4_F34=y
-# CONFIG_RMI4_F3A is not set
+CONFIG_RMI4_F3A=y
 # CONFIG_RMI4_F54 is not set
 CONFIG_RMI4_F55=y
 CONFIG_RMI4_I2C=m

kernel-rt-x86_64-rhel.config

@@ -1183,7 +1183,7 @@ CONFIG_DRM_FBDEV_EMULATION=y
 # CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set
 CONFIG_DRM_FBDEV_OVERALLOC=100
 CONFIG_DRM_GM12U320=m
-CONFIG_DRM_GMA500=m
+# CONFIG_DRM_GMA500 is not set
 CONFIG_DRM_GUD=m
 # CONFIG_DRM_HDLCD is not set
 # CONFIG_DRM_HISI_HIBMC is not set
@@ -1549,14 +1549,14 @@ CONFIG_FB_EFI=y
 # CONFIG_FB_MODE_HELPERS is not set
 # CONFIG_FB_N411 is not set
 # CONFIG_FB_NEOMAGIC is not set
-CONFIG_FB_NVIDIA_BACKLIGHT=y
+# CONFIG_FB_NVIDIA_BACKLIGHT is not set
 # CONFIG_FB_NVIDIA_DEBUG is not set
 # CONFIG_FB_NVIDIA_I2C is not set
 # CONFIG_FB_NVIDIA is not set
 # CONFIG_FB_OPENCORES is not set
 # CONFIG_FB_PM2 is not set
 # CONFIG_FB_PM3 is not set
-CONFIG_FB_RADEON_BACKLIGHT=y
+# CONFIG_FB_RADEON_BACKLIGHT is not set
 # CONFIG_FB_RADEON_DEBUG is not set
 # CONFIG_FB_RADEON_I2C is not set
 # CONFIG_FB_RADEON is not set
@@ -1739,7 +1739,7 @@ CONFIG_GPIO_MLXBF2=m
 # CONFIG_GPIO_SYSFS is not set
 # CONFIG_GPIO_THUNDERX is not set
 # CONFIG_GPIO_TPIC2810 is not set
-CONFIG_GPIO_VIPERBOARD=m
+# CONFIG_GPIO_VIPERBOARD is not set
 # CONFIG_GPIO_VX855 is not set
 # CONFIG_GPIO_WATCHDOG is not set
 # CONFIG_GPIO_WINBOND is not set
@@ -2047,7 +2047,7 @@ CONFIG_I2C_STUB=m
 CONFIG_I2C_TINY_USB=m
 CONFIG_I2C_VIA=m
 CONFIG_I2C_VIAPRO=m
-CONFIG_I2C_VIPERBOARD=m
+# CONFIG_I2C_VIPERBOARD is not set
 # CONFIG_I2C_XILINX is not set
 CONFIG_I2C=y
 # CONFIG_I3C is not set
@@ -2999,7 +2999,7 @@ CONFIG_MFD_SM501=m
 # CONFIG_MFD_TPS65912_SPI is not set
 # CONFIG_MFD_TPS80031 is not set
 # CONFIG_MFD_TQMX86 is not set
-CONFIG_MFD_VIPERBOARD=m
+# CONFIG_MFD_VIPERBOARD is not set
 CONFIG_MFD_VX855=m
 # CONFIG_MFD_WL1273_CORE is not set
 # CONFIG_MFD_WM831X_I2C is not set
@@ -4264,7 +4264,7 @@ CONFIG_RMI4_F11=y
 CONFIG_RMI4_F12=y
 CONFIG_RMI4_F30=y
 CONFIG_RMI4_F34=y
-# CONFIG_RMI4_F3A is not set
+CONFIG_RMI4_F3A=y
 # CONFIG_RMI4_F54 is not set
 CONFIG_RMI4_F55=y
 CONFIG_RMI4_I2C=m

kernel.spec

@@ -121,13 +121,13 @@ Summary: The Linux kernel
 %define kversion 5.14
 
 %define rpmversion 5.14.0
-%define pkgrelease 77.rt21.77.el9
+%define pkgrelease 78.rt21.78.el9
 
 # This is needed to do merge window version magic
 %define patchlevel 14
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 77.rt21.77%{?buildid}%{?dist}
+%define specrelease 78.rt21.78%{?buildid}%{?dist}
 
 %define pkg_release %{specrelease}
 
@@ -704,7 +704,7 @@ BuildRequires: lld
 # exact git commit you can run
 #
 # xzcat -qq ${TARBALL} | git get-tar-commit-id
-Source0: linux-5.14.0-77.rt21.77.el9.tar.xz
+Source0: linux-5.14.0-78.rt21.78.el9.tar.xz
 
 Source1: Makefile.rhelver
 
@@ -1417,8 +1417,8 @@ ApplyOptionalPatch()
   fi
 }
 
-%setup -q -n kernel-5.14.0-77.rt21.77.el9 -c
+%setup -q -n kernel-5.14.0-78.rt21.78.el9 -c
-mv linux-5.14.0-77.rt21.77.el9 linux-%{KVERREL}
+mv linux-5.14.0-78.rt21.78.el9 linux-%{KVERREL}
 
 cd linux-%{KVERREL}
 cp -a %{SOURCE1} .
@@ -3095,8 +3095,97 @@ fi
 #
 #
 %changelog
-* Fri Apr 08 2022 Juri Lelli <juri.lelli@redhat.com> [5.14.0-77.rt21.77.el9]
+* Mon Apr 11 2022 Fernando Pacheco <fpacheco@redhat.com> [5.14.0-78.rt21.78.el9]
-- [rt] build kernel-rt-5.14.0-77.rt21.77.el9 [2061574]
+- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574]
+
+* Mon Apr 11 2022 Fernando Pacheco <fpacheco@redhat.com> [5.14.0-78.rt21.78.el9]
+- [rt] build kernel-rt-5.14.0-78.rt21.78.el9 [2061574]
+- CI: Remove deprecated option (Veronika Kabatova)
+- scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069973]
+- scsi: iscsi: Merge suspend fields (Chris Leech) [2069973]
+- scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069973]
+- scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069973]
+- NFS: Don't loop forever in nfs_do_recoalesce() (Steve Dickson) [2069274]
+- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069686]
+- KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033070]
+- iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053219]
+- iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053219]
+- redhat/configs: drop some config options for rhel 9. (David Airlie) [2067027]
+- arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Use the clearbhb instruction in mitigations (Waiman Long) [2062288] {CVE-2022-23960}
+- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Mitigate spectre style branch history side channels (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Add percpu vectors for EL1 (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Add macro for reading symbol addresses from the trampoline (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Add vectors that have the bhb mitigation sequences (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Allow the trampoline text to occupy multiple pages (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Make the kpti trampoline's kpti sequence optional (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Move trampoline macros out of ifdef'd section (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Don't assume tramp_vectors is the start of the vectors (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Move the trampoline data page before the text page (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Free up another register on kpti's tramp_exit path (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry: Make the trampoline cleanup optional (Waiman Long) [2062288] {CVE-2022-23960}
+- KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: entry.S: Add ventry overflow sanity checks (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Add Cortex-A510 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Add Cortex-X2 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: cpufeature: add HWCAP for FEAT_RPRES (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: add ID_AA64ISAR2_EL1 sys register (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: cpufeature: add HWCAP for FEAT_AFP (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Waiman Long) [2062288] {CVE-2022-23960}
+- arm64: Add HWCAP for self-synchronising virtual counter (Waiman Long) [2062288] {CVE-2022-23960}
+- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2061621]
+- redhat/configs: remove unnecessary GPIO options for aarch64 (Brian Masney) [2060951]
+- redhat/configs: remove viperboard related Kconfig options (Brian Masney) [2060951]
+- configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067243]
+- block: release rq qos structures for queue without disk (Ming Lei) [2065610]
+- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064862] {CVE-2022-1011}
+- crypto: hmac - disallow keys < 112 bits in FIPS mode (Herbert Xu) [2033512]
+- crypto: hmac - add fips_skip support (Herbert Xu) [2033512]
+- crypto: des - disallow des3 in FIPS mode (Herbert Xu) [2033512]
+- crypto: dh - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
+- crypto: rsa - limit key size to 2048 in FIPS mode (Herbert Xu) [2033512]
+- watch_queue: Make comment about setting ->defunct more accurate (David Howells) [2063758]
+- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) [2063758]
+- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) [2063758]
+- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) [2063758]
+- watch_queue: Use the bitmap API when applicable (David Howells) [2063758]
+- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) [2063758]
+- watch_queue: Fix to release page in ->release() (David Howells) [2063758]
+- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) [2063758]
+- watch_queue: Fix filter limit check (David Howells) [2063758] {CVE-2022-0995}
+- s390/mm: check 2KB-fragment page on release (Rafael Aquini) [2069978]
+- s390/mm: better annotate 2KB pagetable fragments handling (Rafael Aquini) [2069978]
+- s390/mm: fix 2KB pgtable release race (Rafael Aquini) [2069978]
+- ima: fix deadlock when traversing "ima_default_rules". (Bruno Meneguele) [2063913]
+- IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms (Bruno Meneguele) [2063913]
+- IMA: introduce a new policy option func=SETXATTR_CHECK (Bruno Meneguele) [2063913]
+- IMA: add a policy option to restrict xattr hash algorithms on appraisal (Bruno Meneguele) [2063913]
+- IMA: add support to restrict the hash algorithms used for file appraisal (Bruno Meneguele) [2063913]
+- IMA: block writes of the security.ima xattr with unsupported algorithms (Bruno Meneguele) [2063913]
+- IMA: remove the dependency on CRYPTO_MD5 (Bruno Meneguele) [2063913]
+- perf symbols: Fix symbol size calculation condition (Michael Petlan) [2049222]
+- redhat/Makefile: Fix dist-dump-variables target (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Avoid race with find (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Remove CONTINUEONERROR (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Fix race with tools generation (Prarit Bhargava)
+- redhat/Makefile: Silence dist-clean-configs output (Prarit Bhargava)
+- Print arch with process_configs errors (Prarit Bhargava)
+- Pass RHJOBS to process_configs for dist-configs-check as well (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Fix issue with old error files (Prarit Bhargava)
+- redhat/configs/build_configs.sh: Parallelize execution (Prarit Bhargava)
+- redhat/configs/build_configs.sh: Provide better messages (Prarit Bhargava)
+- redhat/configs/build_configs.sh: Create unique output files (Prarit Bhargava)
+- redhat/configs/build_configs.sh: Add local variables (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Parallelize execution (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Provide better messages (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Create unique output files (Prarit Bhargava)
+- redhat/configs/process_configs.sh: Add processing config function (Prarit Bhargava)
+- cifs: modefromsids must add an ACE for authenticated users (Ronnie Sahlberg) [1988278]
 
 * Fri Apr 08 2022 Juri Lelli <juri.lelli@redhat.com> [5.14.0-77.rt21.77.el9]
 - [rt] build kernel-rt-5.14.0-77.rt21.77.el9 [2061574]

process_configs.sh

@@ -60,6 +60,9 @@ switch_to_toplevel()
 
 checkoptions()
 {
+	count=$3
+	variant=$4
+
 	/usr/bin/awk '
 
 		/is not set/ {
@@ -82,14 +85,14 @@ checkoptions()
 					 print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree";
 			}
 		}
-	' "$1" "$2" > .mismatches
+	' "$1" "$2" > .mismatches${count}
 
 	checkoptions_error=false
-	if test -s .mismatches
+	if test -s .mismatches${count}
 	then
 		while read -r LINE
 		do
-			if find ./ -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then
+			if find "${REDHAT}"/configs -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then
 				# This is a known broken config.
 				# See script help warning.
 				checkoptions_error=false
@@ -97,14 +100,13 @@ checkoptions()
 				checkoptions_error=true
 				break
 			fi
-		done < .mismatches
+		done < .mismatches${count}
 
 		! $checkoptions_error && return
 
-		echo "Error: Mismatches found in configuration files"
+		sed -i "1s/^/Error: Mismatches found in configuration files for ${arch} ${variant}\n/" .mismatches${count}
-		cat .mismatches
+	else
-		RETURNCODE=1
+		rm -f .mismatches${count}
-		[ "$CONTINUEONERROR" ] || exit 1
 	fi
 }
 
@@ -218,56 +220,62 @@ function commit_new_configs()
 	git commit -m "[redhat] AUTOMATIC: New configs"
 }
 
-function process_configs()
+function process_config()
 {
-	# assume we are in $source_tree/configs, need to get to top level
+	local cfg
-	pushd "$(switch_to_toplevel)" &>/dev/null
+	local arch
+	local cfgtmp
+	local cfgorig
+	local count
+	local variant
+
+	cfg=$1
+	count=$2
 
-	for cfg in "$SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}${SUBARCH}"*.config
-	do
 	arch=$(head -1 "$cfg" | cut -b 3-)
-		cfgtmp="${cfg}.tmp"
-		cfgorig="${cfg}.orig"
-		cat "$cfg" > "$cfgorig"
 
 	if [ "$arch" = "EMPTY" ]
 	then
 		# This arch is intentionally left blank
-			continue
+		return
 	fi
-		echo -n "Processing $cfg ... "
 
-		make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig
+	variant=$(basename "$cfg" | cut -d"-" -f3- | cut -d"." -f1)
-		grep -E 'CONFIG_' .listnewconfig > .newoptions
+
-		if test -n "$NEWOPTIONS" && test -s .newoptions
+	cfgtmp="${cfg}.tmp"
+	cfgorig="${cfg}.orig"
+	cat "$cfg" > "$cfgorig"
+
+	echo "Processing $cfg ... "
+
+	make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig${count}
+	grep -E 'CONFIG_' .listnewconfig${count} > .newoptions${count}
+	if test -n "$NEWOPTIONS" && test -s .newoptions${count}
 	then
-			echo "Found unset config items, please set them to an appropriate value"
+		echo "Found unset config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors${count}
-			cat .newoptions
+		cat .newoptions${count} >> .errors${count}
-			rm .newoptions
+		rm .newoptions${count}
 		RETURNCODE=1
-			[ "$CONTINUEONERROR" ] || exit 1
 	fi
-		rm .newoptions
+	rm .newoptions${count}
 
-		grep -E 'config.*warning' .listnewconfig > .warnings
+	grep -E 'config.*warning' .listnewconfig${count} > .warnings${count}
-		if test -n "$CHECKWARNINGS" && test -s .warnings
+	if test -n "$CHECKWARNINGS" && test -s .warnings${count}
 	then
-			echo "Found misconfigured config items, please set them to an appropriate value"
+		echo "Found misconfigured config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors${count}
-			cat .warnings
+		cat .warnings${count} >> .errors${count}
-			rm .warnings
+		rm .warnings${count}
-			RETURNCODE=1
-			[ "$CONTINUEONERROR" ] || exit 1
 	fi
-		rm .warnings
+	rm .warnings${count}
 
-		rm .listnewconfig
+	rm .listnewconfig${count}
 
 	make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE=$(get_cross_compile $arch) KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1
 	echo "# $arch" > "$cfgtmp"
 	cat "$cfgorig" >> "$cfgtmp"
 	if test -n "$CHECKOPTIONS"
 	then
-			checkoptions "$cfg" "$cfgtmp"
+		checkoptions "$cfg" "$cfgtmp" "$count" "$variant"
 	fi
 	# if test run, don't overwrite original
 	if test -n "$TESTRUN"
@@ -277,16 +285,54 @@ function process_configs()
 		mv "$cfgtmp" "$cfg"
 	fi
 	rm -f "$cfgorig"
-		echo "done"
+	echo "Processing $cfg complete"
+}
+
+function process_configs()
+{
+	# assume we are in $source_tree/configs, need to get to top level
+	pushd "$(switch_to_toplevel)" &>/dev/null
+
+	# The next line is throwaway code for transition to parallel
+	# processing.  Leaving this line in place is harmless, but it can be
+	# removed the next time anyone updates this function.
+	[ -f .mismatches ] && rm -f .mismatches
+
+	count=0
+	for cfg in "$SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}${SUBARCH}"*.config
+	do
+		if [ "$count" -eq 0 ]; then
+			# do the first one by itself so that tools are built
+			process_config "$cfg" "$count"
+		fi
+		process_config "$cfg" "$count" &
+		waitpids[${count}]=$!
+		((count++))
+		while [ "$(jobs | grep Running | wc -l)" -ge $RHJOBS ]; do :; done
 	done
+	for pid in ${waitpids[*]}; do
+		wait ${pid}
+	done
+
 	rm "$SCRIPT_DIR"/*.config*.old
+
+	if ls .errors* 1> /dev/null 2>&1; then
+		RETURNCODE=1
+		cat .errors*
+		rm .errors* -f
+	fi
+	if ls .mismatches* 1> /dev/null 2>&1; then
+		RETURNCODE=1
+		cat .mismatches*
+		rm .mismatches* -f
+	fi
+
 	popd > /dev/null
 
-	echo "Processed config files are in $SCRIPT_DIR"
+	[ $RETURNCODE -eq 0 ] && echo "Processed config files are in $SCRIPT_DIR"
 }
 
 CHECKOPTIONS=""
-CONTINUEONERROR=""
 NEWOPTIONS=""
 TESTRUN=""
 CHECKWARNINGS=""
@@ -301,7 +347,6 @@ do
 	case $key in
 		-a)
 			CHECKOPTIONS="x"
-			CONTINUEONERROR="x"
 			NEWOPTIONS="x"
 			CHECKWARNINGS="x"
 			;;
@@ -311,9 +356,6 @@ do
 		-h)
 			usage
 			;;
-		-i)
-			CONTINUEONERROR="x"
-			;;
 		-n)
 			NEWOPTIONS="x"
 			;;
@@ -343,6 +385,7 @@ PACKAGE_NAME="${1:-kernel-rt}" # defines the package name used
 KVERREL="$(test -n "$2" && echo "-$2" || echo "")"
 SUBARCH="$(test -n "$3" && echo "-$3" || echo "")"
 FLAVOR="$(test -n "$4" && echo "-$4" || echo "-common")"
+RHJOBS="$(test -n "$5" && echo "$5" || nproc --all)"
 SCRIPT=$(readlink -f "$0")
 SCRIPT_DIR=$(dirname "$SCRIPT")
 

sources

@@ -1,4 +1,4 @@
 SHA512 (kernel-abi-whitelists-5.13.0-1.tar.bz2) = ceba454e1f590c1e4ef4115a75463ae3ac2c2aa7ec85fa14a2669d666c421483a38225ee19d7d72b4ac7032375741408b23543e43588538c80161ec0cf57051c
-SHA512 (linux-5.14.0-77.rt21.77.el9.tar.xz) = 09acb7d59788f40870b522302302ded62e0714eea6dbed99d28c69537909a9547f42bdf439f52c596d251d357895aed649eb6f3296ef5d424ef8b2aca9fb10b4
+SHA512 (linux-5.14.0-78.rt21.78.el9.tar.xz) = 0847477361a0b4a3666b57f957724fe5e67ecd2e29d0eef09e44e0e0114869fddda4fab5214002ecf73c81f9ef80a1df8c6bede8b91dfeff3c150a91d7488c68
-SHA512 (kernel-abi-stablelists-5.14.0-77.rt21.77.el9.tar.bz2) = fb6b7dd353c2ffd728c32542d12ee65c24221791099942259a020e9d2fcf1f043c27a27aa0279a4a9a2f6114258b1d9cd3fa6009db1dd8396b44800bdd2e9766
+SHA512 (kernel-abi-stablelists-5.14.0-78.rt21.78.el9.tar.bz2) = 59182c8e2c3e5182afbbad053b683e60e111b7be538950f76c92aa2597877dc1922d0382448aa9f058b4160849504eb9a458aa7819d950cfe099ef7c4607fab5
-SHA512 (kernel-kabi-dw-5.14.0-77.rt21.77.el9.tar.bz2) = c901529aff636abbc2aa5f289ec098a2a29c8507aa81ee649d1104592b8abad9f495db0e947dc36a84e043708a47373de35156b40b252281ef747f06e19ed914
+SHA512 (kernel-kabi-dw-5.14.0-78.rt21.78.el9.tar.bz2) = f48c87da1305f27edb6978f09d3ddef1604f6f064094a9b8ab9c39a5f9451c9155419f680227af536db9172609e6c6f8ba7629f707088e64eeb01a43bbf4670e