10 changed files with 233 additions and 40 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-544.rt7.333.el8.tar.xz
+SOURCES/linux-4.18.0-552.rt7.341.el8.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-5b1daa8c998a7d55be920ede75b14bc707dcf887 SOURCES/linux-4.18.0-544.rt7.333.el8.tar.xz
+ab103b94f787e61478734f8cc9141a9a836ac2f1 SOURCES/linux-4.18.0-552.rt7.341.el8.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
--- a/SOURCES/almalinuxdup1.x509
+++ b/SOURCES/almalinuxdup1.x509
--- a/SOURCES/almalinuxkpatch1.x509
+++ b/SOURCES/almalinuxkpatch1.x509
--- a/SOURCES/almalinuxsecurebootca0.cer
+++ b/SOURCES/almalinuxsecurebootca0.cer
--- a/SOURCES/kernel-rt-x86_64-debug.config
+++ b/SOURCES/kernel-rt-x86_64-debug.config
@ -2939,6 +2939,7 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
+CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m
--- a/SOURCES/kernel-rt-x86_64.config
+++ b/SOURCES/kernel-rt-x86_64.config
@ -2968,6 +2968,7 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
+CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m
--- a/SOURCES/mod-internal.list
+++ b/SOURCES/mod-internal.list
@ -13,10 +13,7 @@ qos-test
 resource_kunit
 soc-topology-test
 soc-utils-test
-<<<<<<< HEAD
-=======
 stackinit_kunit
->>>>>>> c8-beta
 string-stream-test
 test_linear_ranges
 test_bits
--- a/SOURCES/x509.genkey
+++ b/SOURCES/x509.genkey
@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts

 [ req_distinguished_name ]
-O = AlmaLinux
-CN = AlmaLinux kernel signing key
-emailAddress = security@almalinux.org
+O = Red Hat
+CN = Red Hat Enterprise Linux kernel signing key
+emailAddress = secalert@redhat.com

 [ myexts ]
 basicConstraints=critical,CA:FALSE
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@ -12,7 +12,7 @@
 # change below to w4T.xzdio):
 %define _binary_payload w3T.xzdio

-%global distro_build 544
+%global distro_build 552

 # Sign the x86_64 kernel for secure boot authentication
 %ifarch x86_64 aarch64 s390x ppc64le
@ -38,10 +38,10 @@
 # define buildid .local

 %define specversion 4.18.0
-%define pkgrelease 544.rt7.333.el8
+%define pkgrelease 552.rt7.341.el8

 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 544.rt7.333%{?dist}
+%define specrelease 552.rt7.341%{?dist}

 %define pkg_release %{specrelease}%{?buildid}

@ -147,7 +147,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .333
+%global rtbuild .341
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@ -346,6 +346,7 @@ Requires: rt-setup
 %endif
 %endif

+
 #
 # List the packages used during the kernel build
 #
@ -445,19 +446,36 @@ Source9: x509.genkey
 %define signing_key_filename kernel-signing-s390.cer
 %endif

-Source10: almalinuxsecurebootca0.cer
-Source11: almalinuxsecurebootca0.cer
-
-%define secureboot_ca_0 %{SOURCE10}
-%define secureboot_ca_1 %{SOURCE11}
-%define secureboot_ca_2 %{SOURCE11}
-
-%define secureboot_key_0 %{SOURCE10}
-%define pesign_name_0 almalinuxsecurebootca0
+Source10: redhatsecurebootca3.cer
+Source11: centossecurebootca2.cer
+Source12: centossecureboot201.cer
+Source13: redhatsecureboot501.cer
+Source14: redhatsecureboot302.cer
+Source15: redhatsecureboot303.cer
+Source16: redhatsecurebootca7.cer
+%if 0%{?centos}
+%define secureboot_ca_0  %{SOURCE11}
+%define secureboot_key_0 %{SOURCE12}
+%define pesign_name_0 centossecureboot201
+%else

 %ifarch x86_64 aarch64
-%define secureboot_key_1 %{SOURCE11}
-%define pesign_name_1 almalinuxsecurebootca0
+%define secureboot_ca_0 %{SOURCE10}
+%define secureboot_key_0 %{SOURCE13}
+%define pesign_name_0 redhatsecureboot501
+%endif
+
+%ifarch s390x
+%define secureboot_ca_0 %{SOURCE10}
+%define secureboot_key_0 %{SOURCE14}
+%define pesign_name_0 redhatsecureboot302
+%endif
+
+%ifarch ppc64le
+%define secureboot_ca_0 %{SOURCE16}
+%define secureboot_key_0 %{SOURCE15}
+%define pesign_name_0 redhatsecureboot701
+%endif
 %endif

 Source17: mod-blacklist.sh
@ -487,8 +505,8 @@ Source43: generate_bls_conf.sh

 Source44: mod-internal.list

-Source100: almalinuxdup1.x509
-Source101: almalinuxkpatch1.x509
+Source100: rheldup3.x509
+Source101: rhelkpatch1.x509

 %if %{with_kabichk}
 Source200: check-kabi
@ -531,8 +549,8 @@ Patch999999: linux-kernel-test.patch
 BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root

 %description
-This is the package which provides the Linux %{name} for AlmaLinux.
-It is based on upstream Linux at version %{version} and maintains kABI
+This is the package which provides the Linux %{name} for Red Hat Enterprise
+Linux. It is based on upstream Linux at version %{version} and maintains kABI
 compatibility of a set of approved symbols, however it is heavily modified with
 backports and fixes pulled from newer upstream Linux %{name} releases. This means
 this is not a %{version} kernel anymore: it includes several components which come
@ -540,7 +558,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
 core. Some of the components/backports that may be pulled in are: changes like
 updates to the core kernel (eg.: scheduler, cgroups, memory management, security
 fixes and features), updates to block layer, supported filesystems, major driver
-updates for supported hardware in AlmaLinux, enhancements for
+updates for supported hardware in Red Hat Enterprise Linux, enhancements for
 enterprise customers, etc.

 #
@ -789,14 +807,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 %endif

 %package -n %{name}-abi-stablelists
-Summary: The AlmaLinux kernel ABI symbol stablelists
+Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
 Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
-The kABI package contains information pertaining to the AlmaLinux
-kernel ABI, including lists of kernel symbols that are needed by
+The kABI package contains information pertaining to the Red Hat Enterprise
+Linux kernel ABI, including lists of kernel symbols that are needed by
 external Linux kernel modules, and a yum plugin to aid enforcement.

 %if %{with_kabidw_base}
@ -805,8 +823,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
 Group: System Environment/Kernel
 AutoReqProv: no
 %description kernel-kabidw-base-internal
-The package contains data describing the current ABI of the AlmaLinux
-kernel, suitable for the kabi-dw tool.
+The package contains data describing the current ABI of the Red Hat Enterprise
+Linux kernel, suitable for the kabi-dw tool.
 %endif

 #
@ -880,7 +898,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 AutoReq: no\
 AutoProv: yes\
 %description %{?1:%{1}-}modules-internal\
-This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
+This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
 %{nil}

 #
@ -971,11 +989,6 @@ Summary: %{variant_summary}\
 Group: System Environment/Kernel\
 Provides: %{name}-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 Provides: installonlypkg(kernel)\
-%if "%{?1}" == ""\
-Provides: almalinux(kernel-sig-key) = 202303\
-Conflicts: shim-ia32 <= 15.6-1.el8.alma\
-Conflicts: shim-x64 <= 15.6-1.el8.alma\
-%endif\
 %{expand:%%kernel_reqprovconf}\
 %if %{?1:1} %{!?1:0} \
 %{expand:%%kernel_meta_package %{?1:%{1}}}\
@ -1737,7 +1750,7 @@ BuildKernel() {
    # build a BLS config for this kernel
    %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"

-    # AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
+    # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
    mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
    install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
    %ifarch s390x ppc64le
@ -2685,6 +2698,187 @@ fi
 #
 #
 %changelog
+* Sun Apr 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.rt7.341.el8]
+- [rt] build kernel-rt-4.18.0-552.rt7.341.el8 [RHEL-5332]
+- i40e: Enforce software interrupt during busy-poll exit (Ivan Vecera) [RHEL-26248]
+- i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-26248]
+
+* Fri Apr 05 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-551.rt7.340.el8]
+- [rt] build kernel-rt-4.18.0-551.rt7.340.el8 [RHEL-5332]
+- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30040] {CVE-2024-25743 CVE-2024-25742}
+- i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-22992]
+- i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-22992]
+
+* Sun Mar 31 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-550.rt7.339.el8]
+- [rt] build kernel-rt-4.18.0-550.rt7.339.el8 [RHEL-5332]
+- mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28875 RHEL-28876] {CVE-2023-52489}
+- mm: use __pfn_to_section() instead of open coding it (Waiman Long) [RHEL-28875] {CVE-2023-52489}
+
+* Thu Mar 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-549.rt7.338.el8]
+- [rt] build kernel-rt-4.18.0-549.rt7.338.el8 [RHEL-5332]
+- dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29678]
+- dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29678]
+- RDMA/mana_ib: Add CQ interrupt support for RAW QP (Maxim Levitsky) [RHEL-23934]
+- RDMA/mana_ib: query device capabilities (Maxim Levitsky) [RHEL-23934]
+- RDMA/mana_ib: register RDMA device with GDMA (Maxim Levitsky) [RHEL-23934]
+- net: mana: add msix index sharing between EQs (Maxim Levitsky) [RHEL-23934]
+- net: mana: Fix spelling mistake "enforecement" -> "enforcement" (Maxim Levitsky) [RHEL-23934]
+- net :mana :Add remaining GDMA stats for MANA to ethtool (Maxim Levitsky) [RHEL-23934]
+- net: mana: Fix oversized sge0 for GSO packets (Maxim Levitsky) [RHEL-23934]
+- net: mana: Fix TX CQE error handling (Maxim Levitsky) [RHEL-23934]
+- net: mana: Add gdma stats to ethtool output for mana (Maxim Levitsky) [RHEL-23934]
+- net: mana: Fix MANA VF unload when hardware is unresponsive (Maxim Levitsky) [RHEL-23934]
+- net: mana: Configure hwc timeout from hardware (Maxim Levitsky) [RHEL-23934]
+- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (Maxim Levitsky) [RHEL-23934]
+
+* Mon Mar 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-548.rt7.337.el8]
+- [rt] build kernel-rt-4.18.0-548.rt7.337.el8 [RHEL-5332]
+- gitlab-ci: enable arm64/s390x/ppc64le debug builds (Michael Hofmann)
+- arm64: Add missing bits of AmpereOne Spectre-BHB mitigation (Mark Salter) [RHEL-29005]
+- [rt] enable CONFIG_DRM_MGAG200_IOBURST_WORKAROUND (Jocelyn Falempe) [RHEL-13214]
+- drm/mgag200: Add a workaround for low-latency (Jocelyn Falempe) [RHEL-13214]
+
+* Wed Mar 20 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-547.rt7.336.el8]
+- [rt] build kernel-rt-4.18.0-547.rt7.336.el8 [RHEL-5332]
+- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Give up if memory attribute protocol returns an error (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Increase section and file alignment to 4k/512 (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Split off PE/COFF .data section (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Drop PE/COFF .reloc section (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Construct PE/COFF .text section from assembler (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Derive file size from _edata symbol (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed: Remove, discard, or assert for unwanted sections (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Check that there are no run-time relocations (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Discard .discard.unreachable for arch/x86/boot/compressed/vmlinux (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Define setup size in linker script (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Set EFI handover offset directly in header asm (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Drop references to startup_64 (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Drop redundant code setting the root device (Lenny Szubowicz) [RHEL-2505]
+- x86/build: Declutter the build output (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Omit compression buffer from PE/COFF image memory footprint (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Mark global variables as static (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Remove extra headroom for setup block (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Remove the 'bugger off' message (Lenny Szubowicz) [RHEL-2505]
+- x86/efi: Drop alignment flags from PE section headers (Lenny Szubowicz) [RHEL-2505]
+- efi: Put Linux specific magic number in the DOS header (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Avoid physical KASLR on older Dell systems (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: efistub: Assign global boot_params variable (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Avoid legacy decompressor when doing EFI boot (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Perform SNP feature test while running in the firmware (Lenny Szubowicz) [RHEL-2505]
+- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Lenny Szubowicz) [RHEL-2505]
+- efi/libstub: Add limit argument to efi_random_alloc() (Lenny Szubowicz) [RHEL-2505]
+- arm64: efi: Limit allocations to 48-bit addressable physical region (Lenny Szubowicz) [RHEL-2505]
+- efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Lenny Szubowicz) [RHEL-2505]
+- arm64: efi: kaslr: Fix occasional random alloc (and boot) failure (Lenny Szubowicz) [RHEL-2505]
+- efi/libstub/random: Increase random alloc granularity (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Factor out kernel decompression and relocation (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Move global symbol references to C code (Lenny Szubowicz) [RHEL-2505]
+- decompress: Use 8 byte alignment (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Prefer EFI memory attributes protocol over DXE services (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Perform 4/5 level paging switch from the stub (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Merge trampoline cleanup with switching code (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Pass pgtable address to trampoline directly (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Only call the trampoline when changing paging levels (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Call trampoline directly from C code (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Avoid the need for a stack in the 32-bit trampoline (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Use standard calling convention for trampoline (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Call trampoline as a normal function (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed/64: Remove .bss/.pgtable from bzImage (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Remove run-time relocations from .head.text code (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Assign paging related global variables earlier (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Clear BSS in EFI handover protocol entrypoint (Lenny Szubowicz) [RHEL-2505]
+- x86/head_64: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505]
+- x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved (Lenny Szubowicz) [RHEL-2505]
+- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Lenny Szubowicz) [RHEL-2505]
+- efi/libstub: Add memory attribute protocol definitions (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: libstub: remove unused variable (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Robustify calling startup_{32,64}() from the decompressor code (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Simplify and clean up handover entry code (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Branch straight to kernel entry point from C code (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Avoid using code32_start (Lenny Szubowicz) [RHEL-2505]
+- efi/libstub/x86: Use Exit() boot service to exit the stub on errors (Lenny Szubowicz) [RHEL-2505]
+- efi: x86: Wipe setup_data on pure EFI boot (Lenny Szubowicz) [RHEL-2505]
+- efi: x86: Fix config name for setting the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505]
+- efi: x86: Set the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Add kernel preferred address to PE header (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Use symbolic constants in PE header instead of bare numbers (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Drop redundant .bss section (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: add headroom to decompressor BSS to account for setup block (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Remove run-time relocations from head_{32,64}.S (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed: Fix debug_puthex() parameter type (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed/64: Use 32-bit (zero-extended) MOV for z_output_len (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Use unsigned comparison for addresses (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Micro-optimize GDT loading instructions (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: GDT limit value should be size - 1 (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Remove GDT setup from efi_main (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Clear direction and interrupt flags in startup_64 (Lenny Szubowicz) [RHEL-2505]
+- efi/x86: Don't depend on firmware GDT layout (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Remove KEEP_SEGMENTS support (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Handle malformed SRAT tables during early ACPI parsing (Lenny Szubowicz) [RHEL-2505]
+- efi/libstub/x86: Use mandatory 16-byte stack alignment in mixed mode (Lenny Szubowicz) [RHEL-2505]
+- efi/libstub/x86: Avoid globals to store context during mixed mode calls (Lenny Szubowicz) [RHEL-2505]
+- x86/efistub: Disable paging at mixed mode entry (Lenny Szubowicz) [RHEL-2505]
+- x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table (Lenny Szubowicz) [RHEL-2505]
+- x86/asm: Make some functions local (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Annotate data appropriately (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Annotate local functions (Lenny Szubowicz) [RHEL-2505]
+- x86/asm: Make more symbols local (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed/64: Fix boot on machines with broken E820 table (Lenny Szubowicz) [RHEL-2505]
+- x86, boot: Remove multiple copy of static function sanitize_boot_params() (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed/64: Remove unused variable (Lenny Szubowicz) [RHEL-2505]
+- x86/boot/compressed/64: Explain paging_prepare()'s return value (Lenny Szubowicz) [RHEL-2505]
+- x86/boot: Save several bytes in decompressor (Lenny Szubowicz) [RHEL-2505]
+- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Audra Mitchell) [RHEL-20614] {CVE-2024-0841}
+- net/gve: update check for little-endianness in gve kconfig (Joshua Washington) [RHEL-29030]
+
+* Fri Mar 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-546.rt7.335.el8]
+- [rt] build kernel-rt-4.18.0-546.rt7.335.el8 [RHEL-5332]
+- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23430] {CVE-2024-26602}
+- NFS: Set the stable writes flag when initialising the super block (Benjamin Coddington) [RHEL-25266]
+- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21685] {CVE-2024-0565}
+- scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) [RHEL-23942]
+- scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) [RHEL-23942]
+- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26501] {CVE-2023-52448}
+- smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434}
+- smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434}
+- smb3: Replace smb2pdu 1-element arrays with flex-arrays (Jay Shin) [RHEL-22143]
+- cifs: Replace remaining 1-element arrays (Jay Shin) [RHEL-22143]
+- cifs: Convert struct fealist away from 1-element array (Jay Shin) [RHEL-22143]
+- cifs: remove unneeded 2bytes of padding from smb2 tree connect (Jay Shin) [RHEL-22143]
+- cifs: Replace zero-length arrays with flexible-array members (Jay Shin) [RHEL-22143]
+- cifs: Replace a couple of one-element arrays with flexible-array members (Jay Shin) [RHEL-22143]
+- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (Jay Shin) [RHEL-22143]
+- nfsd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
+- nfs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
+- lockd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
+- cifs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
+- ceph: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
+- filelock: add a new locks_inode_context accessor function (Jeffrey Layton) [RHEL-27441]
+- dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-27849]
+- dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849]
+- dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-27849]
+- dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-27849]
+- dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849]
+
+* Wed Mar 13 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-545.rt7.334.el8]
+- [rt] build kernel-rt-4.18.0-545.rt7.334.el8 [RHEL-5332]
+- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26667]
+- tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-19537]
+- ipvlan: Add handling of NETDEV_UP events (Hangbin Liu) [RHEL-19098]
+- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-21760]
+- ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-21760]
+- ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-21760]
+- nfs: fix redundant readdir request after get eof (Benjamin Coddington) [RHEL-7780]
+- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994]
+- NFSv4.1: fix pnfs MDS=DS session trunking (Scott Mayhew) [RHEL-7994]
+- NFSv4.1: fix zero value filehandle in post open getattr (Scott Mayhew) [RHEL-7994]
+- NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994]
+- x86/boot: Ignore NMIs during very early boot (Valentin Schneider) [RHEL-22749]
+
 * Fri Feb 23 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-544.rt7.333.el8]
 - [rt] build kernel-rt-4.18.0-544.rt7.333.el8 [RHEL-5332]
 - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-23386] {CVE-2021-33631}