.gitignore

@@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-553.5.1.rt7.346.el8_10.tar.xz
+SOURCES/linux-4.18.0-544.rt7.333.el8.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer

.kernel-rt.metadata

@@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-cb417a89c5eaa050ddd947687406375c4f16db02 SOURCES/linux-4.18.0-553.5.1.rt7.346.el8_10.tar.xz
+5b1daa8c998a7d55be920ede75b14bc707dcf887 SOURCES/linux-4.18.0-544.rt7.333.el8.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer

SOURCES/kernel-rt-aarch64-debug.config

@@ -3560,7 +3560,6 @@ CONFIG_IBMASR=m
 CONFIG_ICE=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IEEE802154_FAKELB=m

SOURCES/kernel-rt-aarch64.config

@@ -3576,7 +3576,6 @@ CONFIG_IBMASR=m
 CONFIG_ICE=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IEEE802154_FAKELB=m

SOURCES/kernel-rt-ppc64le-debug.config

@@ -3203,7 +3203,6 @@ CONFIG_IBM_BSR=m
 CONFIG_ICE=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m

SOURCES/kernel-rt-ppc64le.config

@@ -3216,7 +3216,6 @@ CONFIG_IBM_BSR=m
 CONFIG_ICE=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m

SOURCES/kernel-rt-s390x-debug.config

@@ -3269,7 +3269,6 @@ CONFIG_IBMASR=m
 CONFIG_IBM_PARTITION=y
 CONFIG_ICE=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m

SOURCES/kernel-rt-s390x-zfcpdump.config

@@ -3415,7 +3415,6 @@ CONFIG_IBMASR=m
 CONFIG_IBM_PARTITION=y
 CONFIG_ICE=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IEEE802154_FAKELB=m

SOURCES/kernel-rt-s390x.config

@@ -3284,7 +3284,6 @@ CONFIG_IBMASR=m
 CONFIG_IBM_PARTITION=y
 CONFIG_ICE=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IEEE802154=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m

SOURCES/kernel-rt-x86_64-debug.config

@@ -2939,7 +2939,6 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
-CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m
@@ -3428,7 +3427,6 @@ CONFIG_ICE=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_IDEAPAD_LAPTOP=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IE6XX_WDT=m
 CONFIG_IEEE802154=m
 CONFIG_IEEE802154_6LOWPAN=m

SOURCES/kernel-rt-x86_64.config

@@ -2968,7 +2968,6 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
-CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m
@@ -3442,7 +3441,6 @@ CONFIG_ICE=m
 CONFIG_ICPLUS_PHY=m
 CONFIG_IDEAPAD_LAPTOP=m
 CONFIG_IDLE_PAGE_TRACKING=y
-CONFIG_IDPF=m
 CONFIG_IE6XX_WDT=m
 CONFIG_IEEE802154=m
 CONFIG_IEEE802154_6LOWPAN=m

SOURCES/mod-internal.list

@@ -13,7 +13,10 @@ qos-test
 resource_kunit
 soc-topology-test
 soc-utils-test
+<<<<<<< HEAD
+=======
 stackinit_kunit
+>>>>>>> c8-beta
 string-stream-test
 test_linear_ranges
 test_bits

SOURCES/x509.genkey

@@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts
 
 [ req_distinguished_name ]
-O = Red Hat
+O = AlmaLinux
-CN = Red Hat Enterprise Linux kernel signing key
+CN = AlmaLinux kernel signing key
-emailAddress = secalert@redhat.com
+emailAddress = security@almalinux.org
 
 [ myexts ]
 basicConstraints=critical,CA:FALSE

SPECS/kernel.spec

@@ -12,7 +12,7 @@
 # change below to w4T.xzdio):
 %define _binary_payload w3T.xzdio
 
-%global distro_build 553
+%global distro_build 544
 
 # Sign the x86_64 kernel for secure boot authentication
 %ifarch x86_64 aarch64 s390x ppc64le
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.5.1.rt7.346.el8_10
+%define pkgrelease 544.rt7.333.el8
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.5.1.rt7.346%{?dist}
+%define specrelease 544.rt7.333%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -53,7 +53,6 @@
 # architecture allows it. All should default to 1 (enabled) and be flipped to
 # 0 (disabled) by later arch-specific checks.
 
-%define _with_kabidupchk 1
 # The following build options are enabled by default.
 # Use either --without <opt> in your rpmbuild command or force values
 # to 0 in here to disable them.
@@ -148,7 +147,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .346
+%global rtbuild .333
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -347,7 +346,6 @@ Requires: rt-setup
 %endif
 %endif
 
-
 #
 # List the packages used during the kernel build
 #
@@ -447,36 +445,19 @@ Source9: x509.genkey
 %define signing_key_filename kernel-signing-s390.cer
 %endif
 
-Source10: redhatsecurebootca3.cer
+Source10: almalinuxsecurebootca0.cer
-Source11: centossecurebootca2.cer
+Source11: almalinuxsecurebootca0.cer
-Source12: centossecureboot201.cer
+
-Source13: redhatsecureboot501.cer
+%define secureboot_ca_0 %{SOURCE10}
-Source14: redhatsecureboot302.cer
+%define secureboot_ca_1 %{SOURCE11}
-Source15: redhatsecureboot303.cer
+%define secureboot_ca_2 %{SOURCE11}
-Source16: redhatsecurebootca7.cer
+
-%if 0%{?centos}
+%define secureboot_key_0 %{SOURCE10}
-%define secureboot_ca_0  %{SOURCE11}
+%define pesign_name_0 almalinuxsecurebootca0
-%define secureboot_key_0 %{SOURCE12}
-%define pesign_name_0 centossecureboot201
-%else
 
 %ifarch x86_64 aarch64
-%define secureboot_ca_0 %{SOURCE10}
+%define secureboot_key_1 %{SOURCE11}
-%define secureboot_key_0 %{SOURCE13}
+%define pesign_name_1 almalinuxsecurebootca0
-%define pesign_name_0 redhatsecureboot501
-%endif
-
-%ifarch s390x
-%define secureboot_ca_0 %{SOURCE10}
-%define secureboot_key_0 %{SOURCE14}
-%define pesign_name_0 redhatsecureboot302
-%endif
-
-%ifarch ppc64le
-%define secureboot_ca_0 %{SOURCE16}
-%define secureboot_key_0 %{SOURCE15}
-%define pesign_name_0 redhatsecureboot701
-%endif
 %endif
 
 Source17: mod-blacklist.sh
@@ -506,8 +487,8 @@ Source43: generate_bls_conf.sh
 
 Source44: mod-internal.list
 
-Source100: rheldup3.x509
+Source100: almalinuxdup1.x509
-Source101: rhelkpatch1.x509
+Source101: almalinuxkpatch1.x509
 
 %if %{with_kabichk}
 Source200: check-kabi
@@ -550,8 +531,8 @@ Patch999999: linux-kernel-test.patch
 BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
 
 %description
-This is the package which provides the Linux %{name} for Red Hat Enterprise
+This is the package which provides the Linux %{name} for AlmaLinux.
-Linux. It is based on upstream Linux at version %{version} and maintains kABI
+It is based on upstream Linux at version %{version} and maintains kABI
 compatibility of a set of approved symbols, however it is heavily modified with
 backports and fixes pulled from newer upstream Linux %{name} releases. This means
 this is not a %{version} kernel anymore: it includes several components which come
@@ -559,7 +540,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
 core. Some of the components/backports that may be pulled in are: changes like
 updates to the core kernel (eg.: scheduler, cgroups, memory management, security
 fixes and features), updates to block layer, supported filesystems, major driver
-updates for supported hardware in Red Hat Enterprise Linux, enhancements for
+updates for supported hardware in AlmaLinux, enhancements for
 enterprise customers, etc.
 
 #
@@ -808,14 +789,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 %endif
 
 %package -n %{name}-abi-stablelists
-Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
+Summary: The AlmaLinux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
 Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
-The kABI package contains information pertaining to the Red Hat Enterprise
+The kABI package contains information pertaining to the AlmaLinux
-Linux kernel ABI, including lists of kernel symbols that are needed by
+kernel ABI, including lists of kernel symbols that are needed by
 external Linux kernel modules, and a yum plugin to aid enforcement.
 
 %if %{with_kabidw_base}
@@ -824,8 +805,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
 Group: System Environment/Kernel
 AutoReqProv: no
 %description kernel-kabidw-base-internal
-The package contains data describing the current ABI of the Red Hat Enterprise
+The package contains data describing the current ABI of the AlmaLinux
-Linux kernel, suitable for the kabi-dw tool.
+kernel, suitable for the kabi-dw tool.
 %endif
 
 #
@@ -899,7 +880,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 AutoReq: no\
 AutoProv: yes\
 %description %{?1:%{1}-}modules-internal\
-This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
+This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
 %{nil}
 
 #
@@ -990,6 +971,11 @@ Summary: %{variant_summary}\
 Group: System Environment/Kernel\
 Provides: %{name}-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 Provides: installonlypkg(kernel)\
+%if "%{?1}" == ""\
+Provides: almalinux(kernel-sig-key) = 202303\
+Conflicts: shim-ia32 <= 15.6-1.el8.alma\
+Conflicts: shim-x64 <= 15.6-1.el8.alma\
+%endif\
 %{expand:%%kernel_reqprovconf}\
 %if %{?1:1} %{!?1:0} \
 %{expand:%%kernel_meta_package %{?1:%{1}}}\
@@ -1751,7 +1737,7 @@ BuildKernel() {
     # build a BLS config for this kernel
     %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
 
-    # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
+    # AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
     mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
     install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
     %ifarch s390x ppc64le
@@ -2699,361 +2685,6 @@ fi
 #
 #
 %changelog
-* Tue May 21 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.5.1.rt7.346.el8_10]
-- [rt] build kernel-rt-4.18.0-553.5.1.rt7.346.el8_10 [RHEL-34640]
-- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-29238]
-- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-29238]
-- uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439}
-- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (Ken Cox) [RHEL-27316] {CVE-2021-47013}
-- keys: Fix linking a duplicate key to a keyring's assoc_array (David Howells) [RHEL-30772]
-- keys: Hoist locking out of __key_link_begin() (David Howells) [RHEL-30772]
-- keys: Break bits out of key_unlink() (David Howells) [RHEL-30772]
-- keys: Change keyring_serialise_link_sem to a mutex (David Howells) [RHEL-30772]
-- wifi: brcm80211: handle pmk_op allocation failure (Jose Ignacio Tornos Martinez) [RHEL-35150] {CVE-2024-27048}
-- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-35140] {CVE-2024-27052}
-- wifi: iwlwifi: mvm: ensure offloading TID queue exists (Jose Ignacio Tornos Martinez) [RHEL-35130] {CVE-2024-27056}
-- wifi: mt76: mt7921e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-34866] {CVE-2024-26892}
-- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-34189] {CVE-2024-26897}
-- wifi: iwlwifi: mvm: fix a crash when we run out of stations (Jose Ignacio Tornos Martinez) [RHEL-31547] {CVE-2024-26693}
-- wifi: iwlwifi: fix double-free bug (Jose Ignacio Tornos Martinez) [RHEL-31543] {CVE-2024-26694}
-- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Jose Ignacio Tornos Martinez) [RHEL-29089] {CVE-2023-52594}
-- wifi: rt2x00: restart beacon queue when hardware reset (Jose Ignacio Tornos Martinez) [RHEL-29093] {CVE-2023-52595}
-- wifi: iwlwifi: fix a memory corruption (Jose Ignacio Tornos Martinez) [RHEL-28903] {CVE-2024-26610}
-
-* Thu May 16 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.4.1.rt7.345.el8_10]
-- [rt] build kernel-rt-4.18.0-553.4.1.rt7.345.el8_10 [RHEL-34640]
-- cpuhotplug: Fix kABI breakage caused by CPUHP_AP_HYPERV_ONLINE (Vitaly Kuznetsov) [RHEL-36117]
-- net/mlx5e: Prevent deadlock while disabling aRFS (Kamal Heib) [RHEL-35041] {CVE-2024-27014}
-- x86/tsc: Defer marking TSC unstable to a worker (Wander Lairson Costa) [RHEL-32676]
-- x86/smpboot: Make TSC synchronization function call based (Wander Lairson Costa) [RHEL-32676]
-- net: usb: fix possible use-after-free in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171}
-- net: usb: fix memory leak in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171}
-
-* Sun May 12 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.3.1.rt7.344.el8_10]
-- [rt] build kernel-rt-4.18.0-552.3.1.rt7.344.el8_10 [RHEL-34640]
-- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-30076] {CVE-2024-26643}
-- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-30080] {CVE-2024-26642}
-- selftests/bpf: Fix pyperf180 compilation failure with clang18 (Artem Savkov) [RHEL-35576]
-- md/raid5: fix atomicity violation in raid5_cache_count (Nigel Croxon) [RHEL-27930] {CVE-2024-23307}
-- usb: ulpi: Fix debugfs directory leak (Desnes Nunes) [RHEL-33287] {CVE-2024-26919}
-- powerpc/pseries: Fix potential memleak in papr_get_attr() (Mamatha Inamdar) [RHEL-35213] {CVE-2022-48669}
-- USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (Desnes Nunes) [RHEL-35122] {CVE-2024-27059}
-- NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-34912]
-- USB: core: Fix deadlock in usb_deauthorize_interface() (Desnes Nunes) [RHEL-35002] {CVE-2024-26934}
-- usb: xhci: Add error handling in xhci_map_urb_for_dma (Desnes Nunes) [RHEL-34958] {CVE-2024-26964}
-- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35076] {CVE-2024-26993}
-- xhci: handle isoc Babble and Buffer Overrun events properly (Desnes Nunes) [RHEL-31297] {CVE-2024-26659}
-- xhci: process isoc TD properly when there was a transaction error mid TD. (Desnes Nunes) [RHEL-31297] {CVE-2024-26659}
-- USB: core: Fix deadlock in port "disable" sysfs attribute (Desnes Nunes) [RHEL-35006] {CVE-2024-26933}
-- USB: core: Add hub_get() and hub_put() routines (Desnes Nunes) [RHEL-35006] {CVE-2024-26933}
-- netfilter: ipset: Missing gc cancellations fixed (Phil Sutter) [RHEL-30521]
-- netfilter: ipset: fix performance regression in swap operation (Phil Sutter) [RHEL-30521]
-- netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports (Phil Sutter) [RHEL-30521]
-- netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Phil Sutter) [RHEL-30521]
-- x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu (David Arcari) [RHEL-32516]
-- x86/coco: Disable 32-bit emulation by default on TDX and SEV (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-- x86: Make IA32_EMULATION boot time configurable (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-- x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-- x86/elf: Make loading of 32bit processes depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-- x86/entry: Rename ignore_sysret() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-- x86/cpu: Don't write CSTAR MSR on Intel CPUs (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-- x86: Introduce ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}
-
-* Tue May 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.2.1.rt7.343.el8_10]
-- [rt] build kernel-rt-4.18.0-552.2.1.rt7.343.el8_10 [RHEL-34640]
-- s390/ptrace: handle setting of fpc register correctly (Tobias Huschle) [RHEL-29106] {CVE-2023-52598}
-- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Tobias Huschle) [RHEL-27746] {CVE-2024-26615}
-- wifi: mac80211: fix race condition on enabling fast-xmit (Jose Ignacio Tornos Martinez) [RHEL-31664] {CVE-2024-26779}
-- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (Mamatha Inamdar) [RHEL-24401]
-- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (Mamatha Inamdar) [RHEL-24401]
-- mtd: require write permissions for locking and badblock ioctls (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055}
-- mtd: properly check all write ioctls for permissions (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055}
-- pid: take a reference when initializing `cad_pid` (Waiman Long) [RHEL-29420] {CVE-2021-47118}
-- i2c: i801: Don't generate an interrupt on bus reset (Prarit Bhargava) [RHEL-30325] {CVE-2021-47153}
-- RDMA/srpt: Do not register event handler until srpt device is fully setup (Kamal Heib) [RHEL-33224] {CVE-2024-26872}
-- ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-26723]
-- ceph: switch to use cap_delay_lock for the unlink delay list (Xiubo Li) [RHEL-32870]
-- ceph: pass ino# instead of old_dentry if it's disconnected (Xiubo Li) [RHEL-32870]
-- fat: fix uninitialized field in nostale filehandles (Andrey Albershteyn) [RHEL-33186 RHEL-35108] {CVE-2024-26973}
-- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Andrey Albershteyn) [RHEL-33186] {CVE-2024-26901}
-- idpf: limit the support to GCP only (Michal Schmidt) [RHEL-15652]
-- redhat/configs: enable CONFIG_IDPF (Michal Schmidt) [RHEL-15652]
-- idpf: remove the use of ETHTOOL_RING_USE_TCP_DATA_SPLIT (Michal Schmidt) [RHEL-15652]
-- idpf: workaround for unavailable skb page recycling (Michal Schmidt) [RHEL-15652]
-- idpf: always allocate a full page (Michal Schmidt) [RHEL-15652]
-- idpf: remove page pool stats code (Michal Schmidt) [RHEL-15652]
-- idpf: add minimal macros for __free(kfree) to work (Michal Schmidt) [RHEL-15652]
-- idpf: fixup include paths for RHEL 8 (Michal Schmidt) [RHEL-15652]
-- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-15652]
-- idpf: disable local BH when scheduling napi for marker packets (Michal Schmidt) [RHEL-15652]
-- idpf: remove dealloc vector msg err in idpf_intr_rel (Michal Schmidt) [RHEL-15652]
-- idpf: fix minor controlq issues (Michal Schmidt) [RHEL-15652]
-- idpf: prevent deinit uninitialized virtchnl core (Michal Schmidt) [RHEL-15652]
-- idpf: cleanup virtchnl cruft (Michal Schmidt) [RHEL-15652]
-- idpf: refactor idpf_recv_mb_msg (Michal Schmidt) [RHEL-15652]
-- idpf: add async_handler for MAC filter messages (Michal Schmidt) [RHEL-15652]
-- idpf: refactor remaining virtchnl messages (Michal Schmidt) [RHEL-15652]
-- idpf: refactor queue related virtchnl messages (Michal Schmidt) [RHEL-15652]
-- idpf: refactor vport virtchnl messages (Michal Schmidt) [RHEL-15652]
-- idpf: implement virtchnl transaction manager (Michal Schmidt) [RHEL-15652]
-- idpf: add idpf_virtchnl.h (Michal Schmidt) [RHEL-15652]
-- idpf: avoid compiler padding in virtchnl2_ptype struct (Michal Schmidt) [RHEL-15652]
-- idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-15652]
-- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (Michal Schmidt) [RHEL-15652]
-- idpf: fix corrupted frames and skb leaks in singleq mode (Michal Schmidt) [RHEL-15652]
-- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-15652]
-- idpf: add get/set for Ethtool's header split ringparam (Michal Schmidt) [RHEL-15652]
-- idpf: fix potential use-after-free in idpf_tso() (Michal Schmidt) [RHEL-15652]
-- idpf: cancel mailbox work in error path (Michal Schmidt) [RHEL-15652]
-- idpf: set scheduling mode for completion queue (Michal Schmidt) [RHEL-15652]
-- idpf: add SRIOV support and other ndo_ops (Michal Schmidt) [RHEL-15652]
-- idpf: add ethtool callbacks (Michal Schmidt) [RHEL-15652]
-- idpf: add singleq start_xmit and napi poll (Michal Schmidt) [RHEL-15652]
-- idpf: add RX splitq napi poll support (Michal Schmidt) [RHEL-15652]
-- idpf: add TX splitq napi poll support (Michal Schmidt) [RHEL-15652]
-- idpf: add splitq start_xmit (Michal Schmidt) [RHEL-15652]
-- idpf: initialize interrupts and enable vport (Michal Schmidt) [RHEL-15652]
-- idpf: configure resources for RX queues (Michal Schmidt) [RHEL-15652]
-- idpf: configure resources for TX queues (Michal Schmidt) [RHEL-15652]
-- idpf: add ptypes and MAC filter support (Michal Schmidt) [RHEL-15652]
-- idpf: add create vport and netdev configuration (Michal Schmidt) [RHEL-15652]
-- idpf: add core init and interrupt request (Michal Schmidt) [RHEL-15652]
-- idpf: add controlq init and reset checks (Michal Schmidt) [RHEL-15652]
-- idpf: add module register and probe functionality (Michal Schmidt) [RHEL-15652]
-- virtchnl: add virtchnl version 2 ops (Michal Schmidt) [RHEL-15652]
-- net: netdev_queue: netdev_txq_completed_mb(): fix wake condition (Michal Schmidt) [RHEL-15652]
-- net: piggy back on the memory barrier in bql when waking queues (Michal Schmidt) [RHEL-15652]
-- net: provide macros for commonly copied lockless queue stop/wake code (Michal Schmidt) [RHEL-15652]
-
-* Sun Apr 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.1.1.rt7.342.el8_10]
-- [rt] build kernel-rt-4.18.0-552.1.1.rt7.342.el8_10 [RHEL-34640]
-- build: Update RTBZ for 8.10 z-stream builds (Denys Vlasenko)
-- redhat: set DIST to el8_10 and ZSTREAM to yes for 8.10 (Denys Vlasenko)
-- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Prarit Bhargava) [RHEL-32590] {CVE-2021-47185}
-- net: mana: Fix Rx DMA datasize and skb_over_panic (Cathy Avery) [RHEL-32579]
-- RDMA/srpt: Support specifying the srpt_service_guid parameter (Kamal Heib) [RHEL-31710] {CVE-2024-26744}
-- RDMA/qedr: Fix qedr_create_user_qp error flow (Kamal Heib) [RHEL-31714] {CVE-2024-26743}
-- hwmon: (coretemp) Fix out-of-bounds memory access (David Arcari) [RHEL-31305] {CVE-2024-26664}
-- RDMA/irdma: Fix KASAN issue with tasklet (Kamal Heib) [RHEL-15776]
-- net: bridge: use DEV_STATS_INC() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}
-- net: Fix unwanted sign extension in netdev_stats_to_stats64() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}
-- net: add atomic_long_t to net_device_stats fields (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}
-- net/sched: act_ct: fix skb leak and crash on ooo frags (Xin Long) [RHEL-29467] {CVE-2023-52610}
-- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Jose Ignacio Tornos Martinez) [RHEL-28015] {CVE-2023-52528}
-- RDMA/core: Fix uninit-value access in ib_get_eth_speed() (Kamal Heib) [RHEL-30130]
-- RDMA/core: Get IB width and speed from netdev (Kamal Heib) [RHEL-30130]
-- cpufreq: intel_pstate: Add Emerald Rapids support in no-HWP mode (Prarit Bhargava) [RHEL-29444]
-- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Mamatha Inamdar) [RHEL-29118] {CVE-2023-52607}
-- powerpc/lib: Validate size for vector operations (Mamatha Inamdar) [RHEL-29114] {CVE-2023-52606}
-- usb: hub: Guard against accesses to uninitialized BOS descriptors (Desnes Nunes) [RHEL-28986] {CVE-2023-52477}
-- media: uvcvideo: Fix OOB read (Desnes Nunes) [RHEL-27940] {CVE-2023-52565}
-- media: pvrusb2: fix use after free on context disconnection (Desnes Nunes) [RHEL-26498] {CVE-2023-52445}
-- i2c: i801: Fix block process call transactions (Prarit Bhargava) [RHEL-26478] {CVE-2024-26593}
-- overlay: disable EVM (Coiby Xu) [RHEL-19863]
-- evm: add support to disable EVM on unsupported filesystems (Coiby Xu) [RHEL-19863]
-- evm: don't copy up 'security.evm' xattr (Coiby Xu) [RHEL-19863]
-- net: ena: Remove ena_select_queue (Kamal Heib) [RHEL-14286]
-- media: dvbdev: Fix memory leak in dvb_media_device_free() (Prarit Bhargava) [RHEL-27254] {CVE-2020-36777}
-- gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28784]
-- i2c: Fix a potential use after free (Prarit Bhargava) [RHEL-26849] {CVE-2019-25162}
-- i2c: validate user data in compat ioctl (Prarit Bhargava) [RHEL-27022] {CVE-2021-46934}
-- platform/x86: think-lmi: Fix reference leak (Prarit Bhargava) [RHEL-28030] {CVE-2023-52520}
-- vhost: use kzalloc() instead of kmalloc() followed by memset() (Jon Maloy) [RHEL-21505] {CVE-2024-0340}
-- RDMA/siw: Fix connection failure handling (Kamal Heib) [RHEL-28042] {CVE-2023-52513}
-- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-27778 RHEL-27779] {CVE-2022-48627}
-- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (Steve Best) [RHEL-26669] {CVE-2024-26603}
-- mptcp: fix double-free on socket dismantle (Davide Caratti) [RHEL-22773] {CVE-2024-26782}
-- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-17114] {CVE-2023-6240}
-- crypto: akcipher - default implementations for request callbacks (Herbert Xu) [RHEL-17114] {CVE-2023-6240}
-- crypto: testmgr - split akcipher tests by a key type (Herbert Xu) [RHEL-17114] {CVE-2023-6240}
-- workqueue: Warn when a rescuer could not be created (Waiman Long) [RHEL-22136]
-- RDMA/cma: Avoid GID lookups on iWARP devices (Benjamin Coddington) [RHEL-12456]
-- RDMA/cma: Deduplicate error flow in cma_validate_port() (Benjamin Coddington) [RHEL-12456]
-- RDMA/core: Set gid_attr.ndev for iWARP devices (Benjamin Coddington) [RHEL-12456]
-- RDMA/siw: Fabricate a GID on tun and loopback devices (Benjamin Coddington) [RHEL-12456]
-- eventpoll: fix missing wakeup for ovflist in ep_poll_callback (Luis Claudio R. Goncalves) [RHEL-23022]
-
-* Sun Apr 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-552.rt7.341.el8]
-- [rt] build kernel-rt-4.18.0-552.rt7.341.el8 [RHEL-5332]
-- i40e: Enforce software interrupt during busy-poll exit (Ivan Vecera) [RHEL-26248]
-- i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-26248]
-
-* Fri Apr 05 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-551.rt7.340.el8]
-- [rt] build kernel-rt-4.18.0-551.rt7.340.el8 [RHEL-5332]
-- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30040] {CVE-2024-25743 CVE-2024-25742}
-- i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-22992]
-- i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-22992]
-
-* Sun Mar 31 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-550.rt7.339.el8]
-- [rt] build kernel-rt-4.18.0-550.rt7.339.el8 [RHEL-5332]
-- mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28875 RHEL-28876] {CVE-2023-52489}
-- mm: use __pfn_to_section() instead of open coding it (Waiman Long) [RHEL-28875] {CVE-2023-52489}
-
-* Thu Mar 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-549.rt7.338.el8]
-- [rt] build kernel-rt-4.18.0-549.rt7.338.el8 [RHEL-5332]
-- dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29678]
-- dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29678]
-- RDMA/mana_ib: Add CQ interrupt support for RAW QP (Maxim Levitsky) [RHEL-23934]
-- RDMA/mana_ib: query device capabilities (Maxim Levitsky) [RHEL-23934]
-- RDMA/mana_ib: register RDMA device with GDMA (Maxim Levitsky) [RHEL-23934]
-- net: mana: add msix index sharing between EQs (Maxim Levitsky) [RHEL-23934]
-- net: mana: Fix spelling mistake "enforecement" -> "enforcement" (Maxim Levitsky) [RHEL-23934]
-- net :mana :Add remaining GDMA stats for MANA to ethtool (Maxim Levitsky) [RHEL-23934]
-- net: mana: Fix oversized sge0 for GSO packets (Maxim Levitsky) [RHEL-23934]
-- net: mana: Fix TX CQE error handling (Maxim Levitsky) [RHEL-23934]
-- net: mana: Add gdma stats to ethtool output for mana (Maxim Levitsky) [RHEL-23934]
-- net: mana: Fix MANA VF unload when hardware is unresponsive (Maxim Levitsky) [RHEL-23934]
-- net: mana: Configure hwc timeout from hardware (Maxim Levitsky) [RHEL-23934]
-- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (Maxim Levitsky) [RHEL-23934]
-
-* Mon Mar 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-548.rt7.337.el8]
-- [rt] build kernel-rt-4.18.0-548.rt7.337.el8 [RHEL-5332]
-- gitlab-ci: enable arm64/s390x/ppc64le debug builds (Michael Hofmann)
-- arm64: Add missing bits of AmpereOne Spectre-BHB mitigation (Mark Salter) [RHEL-29005]
-- [rt] enable CONFIG_DRM_MGAG200_IOBURST_WORKAROUND (Jocelyn Falempe) [RHEL-13214]
-- drm/mgag200: Add a workaround for low-latency (Jocelyn Falempe) [RHEL-13214]
-
-* Wed Mar 20 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-547.rt7.336.el8]
-- [rt] build kernel-rt-4.18.0-547.rt7.336.el8 [RHEL-5332]
-- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Give up if memory attribute protocol returns an error (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Increase section and file alignment to 4k/512 (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Split off PE/COFF .data section (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Drop PE/COFF .reloc section (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Construct PE/COFF .text section from assembler (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Derive file size from _edata symbol (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed: Remove, discard, or assert for unwanted sections (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Check that there are no run-time relocations (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Discard .discard.unreachable for arch/x86/boot/compressed/vmlinux (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Define setup size in linker script (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Set EFI handover offset directly in header asm (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Drop references to startup_64 (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Drop redundant code setting the root device (Lenny Szubowicz) [RHEL-2505]
-- x86/build: Declutter the build output (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Omit compression buffer from PE/COFF image memory footprint (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Mark global variables as static (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Remove extra headroom for setup block (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Remove the 'bugger off' message (Lenny Szubowicz) [RHEL-2505]
-- x86/efi: Drop alignment flags from PE section headers (Lenny Szubowicz) [RHEL-2505]
-- efi: Put Linux specific magic number in the DOS header (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Avoid physical KASLR on older Dell systems (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: efistub: Assign global boot_params variable (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Avoid legacy decompressor when doing EFI boot (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Perform SNP feature test while running in the firmware (Lenny Szubowicz) [RHEL-2505]
-- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Lenny Szubowicz) [RHEL-2505]
-- efi/libstub: Add limit argument to efi_random_alloc() (Lenny Szubowicz) [RHEL-2505]
-- arm64: efi: Limit allocations to 48-bit addressable physical region (Lenny Szubowicz) [RHEL-2505]
-- efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Lenny Szubowicz) [RHEL-2505]
-- arm64: efi: kaslr: Fix occasional random alloc (and boot) failure (Lenny Szubowicz) [RHEL-2505]
-- efi/libstub/random: Increase random alloc granularity (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Factor out kernel decompression and relocation (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Move global symbol references to C code (Lenny Szubowicz) [RHEL-2505]
-- decompress: Use 8 byte alignment (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Prefer EFI memory attributes protocol over DXE services (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Perform 4/5 level paging switch from the stub (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Merge trampoline cleanup with switching code (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Pass pgtable address to trampoline directly (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Only call the trampoline when changing paging levels (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Call trampoline directly from C code (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Avoid the need for a stack in the 32-bit trampoline (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Use standard calling convention for trampoline (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Call trampoline as a normal function (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed/64: Remove .bss/.pgtable from bzImage (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Remove run-time relocations from .head.text code (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Assign paging related global variables earlier (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Clear BSS in EFI handover protocol entrypoint (Lenny Szubowicz) [RHEL-2505]
-- x86/head_64: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505]
-- x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved (Lenny Szubowicz) [RHEL-2505]
-- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Lenny Szubowicz) [RHEL-2505]
-- efi/libstub: Add memory attribute protocol definitions (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: libstub: remove unused variable (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Robustify calling startup_{32,64}() from the decompressor code (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Simplify and clean up handover entry code (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Branch straight to kernel entry point from C code (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Avoid using code32_start (Lenny Szubowicz) [RHEL-2505]
-- efi/libstub/x86: Use Exit() boot service to exit the stub on errors (Lenny Szubowicz) [RHEL-2505]
-- efi: x86: Wipe setup_data on pure EFI boot (Lenny Szubowicz) [RHEL-2505]
-- efi: x86: Fix config name for setting the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505]
-- efi: x86: Set the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Add kernel preferred address to PE header (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Use symbolic constants in PE header instead of bare numbers (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Drop redundant .bss section (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: add headroom to decompressor BSS to account for setup block (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Remove run-time relocations from head_{32,64}.S (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed: Fix debug_puthex() parameter type (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed/64: Use 32-bit (zero-extended) MOV for z_output_len (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Use unsigned comparison for addresses (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Micro-optimize GDT loading instructions (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: GDT limit value should be size - 1 (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Remove GDT setup from efi_main (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Clear direction and interrupt flags in startup_64 (Lenny Szubowicz) [RHEL-2505]
-- efi/x86: Don't depend on firmware GDT layout (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Remove KEEP_SEGMENTS support (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Handle malformed SRAT tables during early ACPI parsing (Lenny Szubowicz) [RHEL-2505]
-- efi/libstub/x86: Use mandatory 16-byte stack alignment in mixed mode (Lenny Szubowicz) [RHEL-2505]
-- efi/libstub/x86: Avoid globals to store context during mixed mode calls (Lenny Szubowicz) [RHEL-2505]
-- x86/efistub: Disable paging at mixed mode entry (Lenny Szubowicz) [RHEL-2505]
-- x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table (Lenny Szubowicz) [RHEL-2505]
-- x86/asm: Make some functions local (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Annotate data appropriately (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Annotate local functions (Lenny Szubowicz) [RHEL-2505]
-- x86/asm: Make more symbols local (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed/64: Fix boot on machines with broken E820 table (Lenny Szubowicz) [RHEL-2505]
-- x86, boot: Remove multiple copy of static function sanitize_boot_params() (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed/64: Remove unused variable (Lenny Szubowicz) [RHEL-2505]
-- x86/boot/compressed/64: Explain paging_prepare()'s return value (Lenny Szubowicz) [RHEL-2505]
-- x86/boot: Save several bytes in decompressor (Lenny Szubowicz) [RHEL-2505]
-- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Audra Mitchell) [RHEL-20614] {CVE-2024-0841}
-- net/gve: update check for little-endianness in gve kconfig (Joshua Washington) [RHEL-29030]
-
-* Fri Mar 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-546.rt7.335.el8]
-- [rt] build kernel-rt-4.18.0-546.rt7.335.el8 [RHEL-5332]
-- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23430] {CVE-2024-26602}
-- NFS: Set the stable writes flag when initialising the super block (Benjamin Coddington) [RHEL-25266]
-- smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21685] {CVE-2024-0565}
-- scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) [RHEL-23942]
-- scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) [RHEL-23942]
-- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26501] {CVE-2023-52448}
-- smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434}
-- smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434}
-- smb3: Replace smb2pdu 1-element arrays with flex-arrays (Jay Shin) [RHEL-22143]
-- cifs: Replace remaining 1-element arrays (Jay Shin) [RHEL-22143]
-- cifs: Convert struct fealist away from 1-element array (Jay Shin) [RHEL-22143]
-- cifs: remove unneeded 2bytes of padding from smb2 tree connect (Jay Shin) [RHEL-22143]
-- cifs: Replace zero-length arrays with flexible-array members (Jay Shin) [RHEL-22143]
-- cifs: Replace a couple of one-element arrays with flexible-array members (Jay Shin) [RHEL-22143]
-- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (Jay Shin) [RHEL-22143]
-- nfsd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
-- nfs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
-- lockd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
-- cifs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
-- ceph: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441]
-- filelock: add a new locks_inode_context accessor function (Jeffrey Layton) [RHEL-27441]
-- dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-27849]
-- dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849]
-- dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-27849]
-- dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-27849]
-- dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849]
-
-* Wed Mar 13 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-545.rt7.334.el8]
-- [rt] build kernel-rt-4.18.0-545.rt7.334.el8 [RHEL-5332]
-- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26667]
-- tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-19537]
-- ipvlan: Add handling of NETDEV_UP events (Hangbin Liu) [RHEL-19098]
-- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-21760]
-- ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-21760]
-- ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-21760]
-- nfs: fix redundant readdir request after get eof (Benjamin Coddington) [RHEL-7780]
-- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994]
-- NFSv4.1: fix pnfs MDS=DS session trunking (Scott Mayhew) [RHEL-7994]
-- NFSv4.1: fix zero value filehandle in post open getattr (Scott Mayhew) [RHEL-7994]
-- NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994]
-- x86/boot: Ignore NMIs during very early boot (Valentin Schneider) [RHEL-22749]
-
 * Fri Feb 23 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-544.rt7.333.el8]
 - [rt] build kernel-rt-4.18.0-544.rt7.333.el8 [RHEL-5332]
 - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-23386] {CVE-2021-33631}