Compare commits
No commits in common. "c8" and "changed/a9/kernel-rt-5.14.0-284.25.1.rt14.310.el9_2" have entirely different histories.
c8
...
changed/a9
9
.gitignore
vendored
9
.gitignore
vendored
@ -1,10 +1,3 @@
|
|||||||
SOURCES/centossecureboot201.cer
|
SOURCES/linux-5.14.0-284.18.1.rt14.303.el9_2.tar.xz
|
||||||
SOURCES/centossecurebootca2.cer
|
|
||||||
SOURCES/linux-4.18.0-553.22.1.rt7.363.el8_10.tar.xz
|
|
||||||
SOURCES/redhatsecureboot302.cer
|
|
||||||
SOURCES/redhatsecureboot303.cer
|
|
||||||
SOURCES/redhatsecureboot501.cer
|
|
||||||
SOURCES/redhatsecurebootca3.cer
|
|
||||||
SOURCES/redhatsecurebootca7.cer
|
|
||||||
SOURCES/rheldup3.x509
|
SOURCES/rheldup3.x509
|
||||||
SOURCES/rhelkpatch1.x509
|
SOURCES/rhelkpatch1.x509
|
||||||
|
@ -1,10 +1,3 @@
|
|||||||
2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
|
07e50b63de13b38e14c64ef375831bbb25e36fac SOURCES/linux-5.14.0-284.18.1.rt14.303.el9_2.tar.xz
|
||||||
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
|
|
||||||
10a633b22d2e20b43269fd0d124077c931dd2fa8 SOURCES/linux-4.18.0-553.22.1.rt7.363.el8_10.tar.xz
|
|
||||||
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
|
|
||||||
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
|
|
||||||
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
|
|
||||||
cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer
|
|
||||||
905d91a282727c7f5ad433a49ac42a0772311c6a SOURCES/redhatsecurebootca7.cer
|
|
||||||
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
|
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
|
||||||
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
|
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
|
||||||
|
@ -0,0 +1,87 @@
|
|||||||
|
From 6f404ab35a9a684cb6ee146a39413698bba17fe4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Date: Wed, 2 Aug 2023 12:50:36 +0000
|
||||||
|
Subject: [PATCH 1/5] KVM: x86/mmu: Fix race condition in direct_page_fault
|
||||||
|
|
||||||
|
make_mmu_pages_available() must be called with mmu_lock held for write.
|
||||||
|
However, if the TDP MMU is used, it will be called with mmu_lock held for
|
||||||
|
read.
|
||||||
|
This function does nothing unless shadow pages are used, so there is no
|
||||||
|
race unless nested TDP is used.
|
||||||
|
Since nested TDP uses shadow pages, old shadow pages may be zapped by this
|
||||||
|
function even when the TDP MMU is enabled.
|
||||||
|
Since shadow pages are never allocated by kvm_tdp_mmu_map(), a race
|
||||||
|
condition can be avoided by not calling make_mmu_pages_available() if the
|
||||||
|
TDP MMU is currently in use.
|
||||||
|
|
||||||
|
I encountered this when repeatedly starting and stopping nested VM.
|
||||||
|
It can be artificially caused by allocating a large number of nested TDP
|
||||||
|
SPTEs.
|
||||||
|
|
||||||
|
For example, the following BUG and general protection fault are caused in
|
||||||
|
the host kernel.
|
||||||
|
|
||||||
|
pte_list_remove: 00000000cd54fc10 many->many
|
||||||
|
------------[ cut here ]------------
|
||||||
|
kernel BUG at arch/x86/kvm/mmu/mmu.c:963!
|
||||||
|
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
|
||||||
|
RIP: 0010:pte_list_remove.cold+0x16/0x48 [kvm]
|
||||||
|
Call Trace:
|
||||||
|
<TASK>
|
||||||
|
drop_spte+0xe0/0x180 [kvm]
|
||||||
|
mmu_page_zap_pte+0x4f/0x140 [kvm]
|
||||||
|
__kvm_mmu_prepare_zap_page+0x62/0x3e0 [kvm]
|
||||||
|
kvm_mmu_zap_oldest_mmu_pages+0x7d/0xf0 [kvm]
|
||||||
|
direct_page_fault+0x3cb/0x9b0 [kvm]
|
||||||
|
kvm_tdp_page_fault+0x2c/0xa0 [kvm]
|
||||||
|
kvm_mmu_page_fault+0x207/0x930 [kvm]
|
||||||
|
npf_interception+0x47/0xb0 [kvm_amd]
|
||||||
|
svm_invoke_exit_handler+0x13c/0x1a0 [kvm_amd]
|
||||||
|
svm_handle_exit+0xfc/0x2c0 [kvm_amd]
|
||||||
|
kvm_arch_vcpu_ioctl_run+0xa79/0x1780 [kvm]
|
||||||
|
kvm_vcpu_ioctl+0x29b/0x6f0 [kvm]
|
||||||
|
__x64_sys_ioctl+0x95/0xd0
|
||||||
|
do_syscall_64+0x5c/0x90
|
||||||
|
|
||||||
|
general protection fault, probably for non-canonical address
|
||||||
|
0xdead000000000122: 0000 [#1] PREEMPT SMP NOPTI
|
||||||
|
RIP: 0010:kvm_mmu_commit_zap_page.part.0+0x4b/0xe0 [kvm]
|
||||||
|
Call Trace:
|
||||||
|
<TASK>
|
||||||
|
kvm_mmu_zap_oldest_mmu_pages+0xae/0xf0 [kvm]
|
||||||
|
direct_page_fault+0x3cb/0x9b0 [kvm]
|
||||||
|
kvm_tdp_page_fault+0x2c/0xa0 [kvm]
|
||||||
|
kvm_mmu_page_fault+0x207/0x930 [kvm]
|
||||||
|
npf_interception+0x47/0xb0 [kvm_amd]
|
||||||
|
|
||||||
|
CVE: CVE-2022-45869
|
||||||
|
Fixes: a2855afc7ee8 ("KVM: x86/mmu: Allow parallel page faults for the TDP MMU")
|
||||||
|
Signed-off-by: Kazuki Takiguchi <takiguchi.kazuki171@gmail.com>
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
|
||||||
|
Conflicts: dropped hunk in direct_page_fault because the following backported commits do the same thing
|
||||||
|
a158127f55b98c ("KVM: x86/mmu: Split out TDP MMU page fault handling")
|
||||||
|
1290f90e77186b ("KVM: x86/mmu: Stop needlessly making MMU pages available for TDP MMU faults")
|
||||||
|
|
||||||
|
Signed-off-by: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
arch/x86/kvm/mmu/mmu.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
|
||||||
|
index 05c137831..2968f8137 100644
|
||||||
|
--- a/arch/x86/kvm/mmu/mmu.c
|
||||||
|
+++ b/arch/x86/kvm/mmu/mmu.c
|
||||||
|
@@ -2432,6 +2432,7 @@ static bool __kvm_mmu_prepare_zap_page(struct kvm *kvm,
|
||||||
|
{
|
||||||
|
bool list_unstable, zapped_root = false;
|
||||||
|
|
||||||
|
+ lockdep_assert_held_write(&kvm->mmu_lock);
|
||||||
|
trace_kvm_mmu_prepare_zap_page(sp);
|
||||||
|
++kvm->stat.mmu_shadow_zapped;
|
||||||
|
*nr_zapped = mmu_zap_unsync_children(kvm, sp, invalid_list);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,45 @@
|
|||||||
|
From c9e34f92dafffe1fd37ba7ef7fb198002576bea1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Date: Wed, 2 Aug 2023 12:54:02 +0000
|
||||||
|
Subject: [PATCH 2/5] prlimit: do_prlimit needs to have a speculation check
|
||||||
|
|
||||||
|
CVE: CVE-2023-0458
|
||||||
|
|
||||||
|
commit 739790605705ddcf18f21782b9c99ad7d53a8c11
|
||||||
|
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||||
|
Date: Fri Jan 20 11:03:20 2023 +0100
|
||||||
|
|
||||||
|
prlimit: do_prlimit needs to have a speculation check
|
||||||
|
|
||||||
|
do_prlimit() adds the user-controlled resource value to a pointer that
|
||||||
|
will subsequently be dereferenced. In order to help prevent this
|
||||||
|
codepath from being used as a spectre "gadget" a barrier needs to be
|
||||||
|
added after checking the range.
|
||||||
|
|
||||||
|
Reported-by: Jordy Zomer <jordyzomer@google.com>
|
||||||
|
Tested-by: Jordy Zomer <jordyzomer@google.com>
|
||||||
|
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
|
||||||
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||||
|
|
||||||
|
Signed-off-by: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
kernel/sys.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/kernel/sys.c b/kernel/sys.c
|
||||||
|
index 75852f64d..45480f6f6 100644
|
||||||
|
--- a/kernel/sys.c
|
||||||
|
+++ b/kernel/sys.c
|
||||||
|
@@ -1439,6 +1439,8 @@ static int do_prlimit(struct task_struct *tsk, unsigned int resource,
|
||||||
|
|
||||||
|
if (resource >= RLIM_NLIMITS)
|
||||||
|
return -EINVAL;
|
||||||
|
+ resource = array_index_nospec(resource, RLIM_NLIMITS);
|
||||||
|
+
|
||||||
|
if (new_rlim) {
|
||||||
|
if (new_rlim->rlim_cur > new_rlim->rlim_max)
|
||||||
|
return -EINVAL;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,95 @@
|
|||||||
|
From 4758c1f8ad5385e53ea85739ad9f6fa6dfc0abda Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Date: Wed, 2 Aug 2023 12:55:46 +0000
|
||||||
|
Subject: [PATCH 3/5] x86/speculation: Allow enabling STIBP with legacy IBRS
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
When plain IBRS is enabled (not enhanced IBRS), the logic in
|
||||||
|
spectre_v2_user_select_mitigation() determines that STIBP is not needed.
|
||||||
|
|
||||||
|
The IBRS bit implicitly protects against cross-thread branch target
|
||||||
|
injection. However, with legacy IBRS, the IBRS bit is cleared on
|
||||||
|
returning to userspace for performance reasons which leaves userspace
|
||||||
|
threads vulnerable to cross-thread branch target injection against which
|
||||||
|
STIBP protects.
|
||||||
|
|
||||||
|
Exclude IBRS from the spectre_v2_in_ibrs_mode() check to allow for
|
||||||
|
enabling STIBP (through seccomp/prctl() by default or always-on, if
|
||||||
|
selected by spectre_v2_user kernel cmdline parameter).
|
||||||
|
|
||||||
|
[ bp: Massage. ]
|
||||||
|
|
||||||
|
Fixes: 7c693f54c873 ("x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS")
|
||||||
|
Reported-by: José Oliveira <joseloliveira11@gmail.com>
|
||||||
|
Reported-by: Rodrigo Branco <rodrigo@kernelhacking.com>
|
||||||
|
Signed-off-by: KP Singh <kpsingh@kernel.org>
|
||||||
|
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
||||||
|
Signed-off-by: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
arch/x86/kernel/cpu/bugs.c | 25 ++++++++++++++++++-------
|
||||||
|
1 file changed, 18 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
||||||
|
index da7c361f4..e13c4ecdc 100644
|
||||||
|
--- a/arch/x86/kernel/cpu/bugs.c
|
||||||
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||||
|
@@ -1095,14 +1095,18 @@ spectre_v2_parse_user_cmdline(void)
|
||||||
|
return SPECTRE_V2_USER_CMD_AUTO;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)
|
||||||
|
+static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
|
||||||
|
{
|
||||||
|
- return mode == SPECTRE_V2_IBRS ||
|
||||||
|
- mode == SPECTRE_V2_EIBRS ||
|
||||||
|
+ return mode == SPECTRE_V2_EIBRS ||
|
||||||
|
mode == SPECTRE_V2_EIBRS_RETPOLINE ||
|
||||||
|
mode == SPECTRE_V2_EIBRS_LFENCE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)
|
||||||
|
+{
|
||||||
|
+ return spectre_v2_in_eibrs_mode(mode) || mode == SPECTRE_V2_IBRS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void __init
|
||||||
|
spectre_v2_user_select_mitigation(void)
|
||||||
|
{
|
||||||
|
@@ -1165,12 +1169,19 @@ spectre_v2_user_select_mitigation(void)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * If no STIBP, IBRS or enhanced IBRS is enabled, or SMT impossible,
|
||||||
|
- * STIBP is not required.
|
||||||
|
+ * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP
|
||||||
|
+ * is not required.
|
||||||
|
+ *
|
||||||
|
+ * Enhanced IBRS also protects against cross-thread branch target
|
||||||
|
+ * injection in user-mode as the IBRS bit remains always set which
|
||||||
|
+ * implicitly enables cross-thread protections. However, in legacy IBRS
|
||||||
|
+ * mode, the IBRS bit is set only on kernel entry and cleared on return
|
||||||
|
+ * to userspace. This disables the implicit cross-thread protection,
|
||||||
|
+ * so allow for STIBP to be selected in that case.
|
||||||
|
*/
|
||||||
|
if (!boot_cpu_has(X86_FEATURE_STIBP) ||
|
||||||
|
!smt_possible ||
|
||||||
|
- spectre_v2_in_ibrs_mode(spectre_v2_enabled))
|
||||||
|
+ spectre_v2_in_eibrs_mode(spectre_v2_enabled))
|
||||||
|
return;
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -2295,7 +2306,7 @@ static ssize_t mmio_stale_data_show_state(char *buf)
|
||||||
|
|
||||||
|
static char *stibp_state(void)
|
||||||
|
{
|
||||||
|
- if (spectre_v2_in_ibrs_mode(spectre_v2_enabled))
|
||||||
|
+ if (spectre_v2_in_eibrs_mode(spectre_v2_enabled))
|
||||||
|
return "";
|
||||||
|
|
||||||
|
switch (spectre_v2_user_stibp) {
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,180 @@
|
|||||||
|
From 4308d0e03dfe439f30b356630beb8b941bf84bf7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Date: Wed, 2 Aug 2023 13:05:59 +0000
|
||||||
|
Subject: [PATCH 4/5] ipvlan:Fix out-of-bounds caused by unclear skb->cb
|
||||||
|
|
||||||
|
CVE: CVE-2023-3090
|
||||||
|
|
||||||
|
commit 90cbed5247439a966b645b34eb0a2e037836ea8e
|
||||||
|
Author: t.feng <fengtao40@huawei.com>
|
||||||
|
Date: Wed May 10 11:50:44 2023 +0800
|
||||||
|
|
||||||
|
ipvlan:Fix out-of-bounds caused by unclear skb->cb
|
||||||
|
|
||||||
|
If skb enqueue the qdisc, fq_skb_cb(skb)->time_to_send is changed which
|
||||||
|
is actually skb->cb, and IPCB(skb_in)->opt will be used in
|
||||||
|
__ip_options_echo. It is possible that memcpy is out of bounds and lead
|
||||||
|
to stack overflow.
|
||||||
|
We should clear skb->cb before ip_local_out or ip6_local_out.
|
||||||
|
|
||||||
|
v2:
|
||||||
|
1. clean the stack info
|
||||||
|
2. use IPCB/IP6CB instead of skb->cb
|
||||||
|
|
||||||
|
crash on stable-5.10(reproduce in kasan kernel).
|
||||||
|
Stack info:
|
||||||
|
[ 2203.651571] BUG: KASAN: stack-out-of-bounds in
|
||||||
|
__ip_options_echo+0x589/0x800
|
||||||
|
[ 2203.653327] Write of size 4 at addr ffff88811a388f27 by task
|
||||||
|
swapper/3/0
|
||||||
|
[ 2203.655460] CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Not tainted
|
||||||
|
5.10.0-60.18.0.50.h856.kasan.eulerosv2r11.x86_64 #1
|
||||||
|
[ 2203.655466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
|
||||||
|
BIOS rel-1.10.2-0-g5f4c7b1-20181220_000000-szxrtosci10000 04/01/2014
|
||||||
|
[ 2203.655475] Call Trace:
|
||||||
|
[ 2203.655481] <IRQ>
|
||||||
|
[ 2203.655501] dump_stack+0x9c/0xd3
|
||||||
|
[ 2203.655514] print_address_description.constprop.0+0x19/0x170
|
||||||
|
[ 2203.655530] __kasan_report.cold+0x6c/0x84
|
||||||
|
[ 2203.655586] kasan_report+0x3a/0x50
|
||||||
|
[ 2203.655586] kasan_report+0x3a/0x50
|
||||||
|
[ 2203.655594] check_memory_region+0xfd/0x1f0
|
||||||
|
[ 2203.655594] check_memory_region+0xfd/0x1f0
|
||||||
|
[ 2203.655601] memcpy+0x39/0x60
|
||||||
|
[ 2203.655608] __ip_options_echo+0x589/0x800
|
||||||
|
[ 2203.655654] __icmp_send+0x59a/0x960
|
||||||
|
[ 2203.655755] nf_send_unreach+0x129/0x3d0 [nf_reject_ipv4]
|
||||||
|
[ 2203.655763] reject_tg+0x77/0x1bf [ipt_REJECT]
|
||||||
|
[ 2203.655772] ipt_do_table+0x691/0xa40 [ip_tables]
|
||||||
|
[ 2203.655821] nf_hook_slow+0x69/0x100
|
||||||
|
[ 2203.655828] __ip_local_out+0x21e/0x2b0
|
||||||
|
[ 2203.655857] ip_local_out+0x28/0x90
|
||||||
|
[ 2203.655868] ipvlan_process_v4_outbound+0x21e/0x260 [ipvlan]
|
||||||
|
[ 2203.655931] ipvlan_xmit_mode_l3+0x3bd/0x400 [ipvlan]
|
||||||
|
[ 2203.655967] ipvlan_queue_xmit+0xb3/0x190 [ipvlan]
|
||||||
|
[ 2203.655977] ipvlan_start_xmit+0x2e/0xb0 [ipvlan]
|
||||||
|
[ 2203.655984] xmit_one.constprop.0+0xe1/0x280
|
||||||
|
[ 2203.655992] dev_hard_start_xmit+0x62/0x100
|
||||||
|
[ 2203.656000] sch_direct_xmit+0x215/0x640
|
||||||
|
[ 2203.656028] __qdisc_run+0x153/0x1f0
|
||||||
|
[ 2203.656069] __dev_queue_xmit+0x77f/0x1030
|
||||||
|
[ 2203.656173] ip_finish_output2+0x59b/0xc20
|
||||||
|
[ 2203.656244] __ip_finish_output.part.0+0x318/0x3d0
|
||||||
|
[ 2203.656312] ip_finish_output+0x168/0x190
|
||||||
|
[ 2203.656320] ip_output+0x12d/0x220
|
||||||
|
[ 2203.656357] __ip_queue_xmit+0x392/0x880
|
||||||
|
[ 2203.656380] __tcp_transmit_skb+0x1088/0x11c0
|
||||||
|
[ 2203.656436] __tcp_retransmit_skb+0x475/0xa30
|
||||||
|
[ 2203.656505] tcp_retransmit_skb+0x2d/0x190
|
||||||
|
[ 2203.656512] tcp_retransmit_timer+0x3af/0x9a0
|
||||||
|
[ 2203.656519] tcp_write_timer_handler+0x3ba/0x510
|
||||||
|
[ 2203.656529] tcp_write_timer+0x55/0x180
|
||||||
|
[ 2203.656542] call_timer_fn+0x3f/0x1d0
|
||||||
|
[ 2203.656555] expire_timers+0x160/0x200
|
||||||
|
[ 2203.656562] run_timer_softirq+0x1f4/0x480
|
||||||
|
[ 2203.656606] __do_softirq+0xfd/0x402
|
||||||
|
[ 2203.656613] asm_call_irq_on_stack+0x12/0x20
|
||||||
|
[ 2203.656617] </IRQ>
|
||||||
|
[ 2203.656623] do_softirq_own_stack+0x37/0x50
|
||||||
|
[ 2203.656631] irq_exit_rcu+0x134/0x1a0
|
||||||
|
[ 2203.656639] sysvec_apic_timer_interrupt+0x36/0x80
|
||||||
|
[ 2203.656646] asm_sysvec_apic_timer_interrupt+0x12/0x20
|
||||||
|
[ 2203.656654] RIP: 0010:default_idle+0x13/0x20
|
||||||
|
[ 2203.656663] Code: 89 f0 5d 41 5c 41 5d 41 5e c3 cc cc cc cc cc cc cc
|
||||||
|
cc cc cc cc cc cc 0f 1f 44 00 00 0f 1f 44 00 00 0f 00 2d 9f 32 57 00 fb
|
||||||
|
f4 <c3> cc cc cc cc 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 be 08
|
||||||
|
[ 2203.656668] RSP: 0018:ffff88810036fe78 EFLAGS: 00000256
|
||||||
|
[ 2203.656676] RAX: ffffffffaf2a87f0 RBX: ffff888100360000 RCX:
|
||||||
|
ffffffffaf290191
|
||||||
|
[ 2203.656681] RDX: 0000000000098b5e RSI: 0000000000000004 RDI:
|
||||||
|
ffff88811a3c4f60
|
||||||
|
[ 2203.656686] RBP: 0000000000000000 R08: 0000000000000001 R09:
|
||||||
|
ffff88811a3c4f63
|
||||||
|
[ 2203.656690] R10: ffffed10234789ec R11: 0000000000000001 R12:
|
||||||
|
0000000000000003
|
||||||
|
[ 2203.656695] R13: ffff888100360000 R14: 0000000000000000 R15:
|
||||||
|
0000000000000000
|
||||||
|
[ 2203.656729] default_idle_call+0x5a/0x150
|
||||||
|
[ 2203.656735] cpuidle_idle_call+0x1c6/0x220
|
||||||
|
[ 2203.656780] do_idle+0xab/0x100
|
||||||
|
[ 2203.656786] cpu_startup_entry+0x19/0x20
|
||||||
|
[ 2203.656793] secondary_startup_64_no_verify+0xc2/0xcb
|
||||||
|
|
||||||
|
[ 2203.657409] The buggy address belongs to the page:
|
||||||
|
[ 2203.658648] page:0000000027a9842f refcount:1 mapcount:0
|
||||||
|
mapping:0000000000000000 index:0x0 pfn:0x11a388
|
||||||
|
[ 2203.658665] flags:
|
||||||
|
0x17ffffc0001000(reserved|node=0|zone=2|lastcpupid=0x1fffff)
|
||||||
|
[ 2203.658675] raw: 0017ffffc0001000 ffffea000468e208 ffffea000468e208
|
||||||
|
0000000000000000
|
||||||
|
[ 2203.658682] raw: 0000000000000000 0000000000000000 00000001ffffffff
|
||||||
|
0000000000000000
|
||||||
|
[ 2203.658686] page dumped because: kasan: bad access detected
|
||||||
|
|
||||||
|
To reproduce(ipvlan with IPVLAN_MODE_L3):
|
||||||
|
Env setting:
|
||||||
|
=======================================================
|
||||||
|
modprobe ipvlan ipvlan_default_mode=1
|
||||||
|
sysctl net.ipv4.conf.eth0.forwarding=1
|
||||||
|
iptables -t nat -A POSTROUTING -s 20.0.0.0/255.255.255.0 -o eth0 -j
|
||||||
|
MASQUERADE
|
||||||
|
ip link add gw link eth0 type ipvlan
|
||||||
|
ip -4 addr add 20.0.0.254/24 dev gw
|
||||||
|
ip netns add net1
|
||||||
|
ip link add ipv1 link eth0 type ipvlan
|
||||||
|
ip link set ipv1 netns net1
|
||||||
|
ip netns exec net1 ip link set ipv1 up
|
||||||
|
ip netns exec net1 ip -4 addr add 20.0.0.4/24 dev ipv1
|
||||||
|
ip netns exec net1 route add default gw 20.0.0.254
|
||||||
|
ip netns exec net1 tc qdisc add dev ipv1 root netem loss 10%
|
||||||
|
ifconfig gw up
|
||||||
|
iptables -t filter -A OUTPUT -p tcp --dport 8888 -j REJECT --reject-with
|
||||||
|
icmp-port-unreachable
|
||||||
|
=======================================================
|
||||||
|
And then excute the shell(curl any address of eth0 can reach):
|
||||||
|
|
||||||
|
for((i=1;i<=100000;i++))
|
||||||
|
do
|
||||||
|
ip netns exec net1 curl x.x.x.x:8888
|
||||||
|
done
|
||||||
|
=======================================================
|
||||||
|
|
||||||
|
Fixes: 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.")
|
||||||
|
Signed-off-by: "t.feng" <fengtao40@huawei.com>
|
||||||
|
Suggested-by: Florian Westphal <fw@strlen.de>
|
||||||
|
Reviewed-by: Paolo Abeni <pabeni@redhat.com>
|
||||||
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||||
|
|
||||||
|
Signed-off-by: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
drivers/net/ipvlan/ipvlan_core.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
|
||||||
|
index fe584e8ac..ab14c06d1 100644
|
||||||
|
--- a/drivers/net/ipvlan/ipvlan_core.c
|
||||||
|
+++ b/drivers/net/ipvlan/ipvlan_core.c
|
||||||
|
@@ -437,6 +437,9 @@ static int ipvlan_process_v4_outbound(struct sk_buff *skb)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
skb_dst_set(skb, &rt->dst);
|
||||||
|
+
|
||||||
|
+ memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
|
||||||
|
+
|
||||||
|
err = ip_local_out(net, skb->sk, skb);
|
||||||
|
if (unlikely(net_xmit_eval(err)))
|
||||||
|
dev->stats.tx_errors++;
|
||||||
|
@@ -475,6 +478,9 @@ static int ipvlan_process_v6_outbound(struct sk_buff *skb)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
skb_dst_set(skb, dst);
|
||||||
|
+
|
||||||
|
+ memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
|
||||||
|
+
|
||||||
|
err = ip6_local_out(net, skb->sk, skb);
|
||||||
|
if (unlikely(net_xmit_eval(err)))
|
||||||
|
dev->stats.tx_errors++;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,49 @@
|
|||||||
|
From 68e161867609dafcee1a20343990547a8da9be83 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Date: Wed, 2 Aug 2023 13:10:03 +0000
|
||||||
|
Subject: [PATCH 5/5] net/sched: flower: fix possible OOB write
|
||||||
|
in-fl_set_geneve_opt()
|
||||||
|
|
||||||
|
CVE: CVE-2023-35788
|
||||||
|
|
||||||
|
commit 4d56304e5827c8cc8cc18c75343d283af7c4825c
|
||||||
|
Author: Hangyu Hua <hbh25y@gmail.com>
|
||||||
|
Date: Wed May 31 18:28:04 2023 +0800
|
||||||
|
|
||||||
|
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
|
||||||
|
|
||||||
|
If we send two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets and their total
|
||||||
|
size is 252 bytes(key->enc_opts.len = 252) then
|
||||||
|
key->enc_opts.len = opt->length = data_len / 4 = 0 when the third
|
||||||
|
TCA_FLOWER_KEY_ENC_OPTS_GENEVE packet enters fl_set_geneve_opt. This
|
||||||
|
bypasses the next bounds check and results in an out-of-bounds.
|
||||||
|
|
||||||
|
Fixes: 0a6e77784f49 ("net/sched: allow flower to match tunnel options")
|
||||||
|
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
|
||||||
|
Reviewed-by: Simon Horman <simon.horman@corigine.com>
|
||||||
|
Reviewed-by: Pieter Jansen van Vuuren <pieter.jansen-van-vuuren@amd.com>
|
||||||
|
Link: https://lore.kernel.org/r/20230531102805.27090-1-hbh25y@gmail.com
|
||||||
|
|
||||||
|
Signed-off-by: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
net/sched/cls_flower.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
|
||||||
|
index 041d63ff8..65b68bf36 100644
|
||||||
|
--- a/net/sched/cls_flower.c
|
||||||
|
+++ b/net/sched/cls_flower.c
|
||||||
|
@@ -1145,6 +1145,9 @@ static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
|
||||||
|
if (option_len > sizeof(struct geneve_opt))
|
||||||
|
data_len = option_len - sizeof(struct geneve_opt);
|
||||||
|
|
||||||
|
+ if (key->enc_opts.len > FLOW_DIS_TUN_OPTS_MAX - 4)
|
||||||
|
+ return -ERANGE;
|
||||||
|
+
|
||||||
|
opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
|
||||||
|
memset(opt, 0xff, option_len);
|
||||||
|
opt->length = data_len / 4;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
69
SOURCES/Makefile.rhelver
Normal file
69
SOURCES/Makefile.rhelver
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
RHEL_MAJOR = 9
|
||||||
|
RHEL_MINOR = 2
|
||||||
|
|
||||||
|
#
|
||||||
|
# RHEL_RELEASE
|
||||||
|
# -------------
|
||||||
|
#
|
||||||
|
# Represents build number in 'release' part of RPM's name-version-release.
|
||||||
|
# name is <package_name>, e.g. kernel
|
||||||
|
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
||||||
|
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
||||||
|
#
|
||||||
|
# Use this spot to avoid future merge conflicts.
|
||||||
|
# Do not trim this comment.
|
||||||
|
RHEL_RELEASE = 284.18.1
|
||||||
|
|
||||||
|
#
|
||||||
|
# ZSTREAM
|
||||||
|
# -------
|
||||||
|
#
|
||||||
|
# This variable controls whether we use zstream numbering or not for the
|
||||||
|
# package release. The zstream release keeps the build number of the last
|
||||||
|
# build done for ystream for the Beta milestone, and increments a second
|
||||||
|
# number for each build. The third number is used for branched builds
|
||||||
|
# (eg.: for builds with security fixes or hot fixes done outside of the
|
||||||
|
# batch release process).
|
||||||
|
#
|
||||||
|
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
||||||
|
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
||||||
|
# where X is the build number. With ZSTREAM set to "yes", we will have
|
||||||
|
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
||||||
|
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
||||||
|
# build number and Z will always be 1 except if you're doing a branched build
|
||||||
|
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
||||||
|
# number will be incremented instead of the Y).
|
||||||
|
#
|
||||||
|
ZSTREAM ?= yes
|
||||||
|
|
||||||
|
#
|
||||||
|
# Early y+1 numbering
|
||||||
|
# --------------------
|
||||||
|
#
|
||||||
|
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
||||||
|
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
||||||
|
# is incremented with each build starting from 1. After merge from y,
|
||||||
|
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# rhel8.0 rhel-8.1
|
||||||
|
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
||||||
|
# kernel-4.18.0-58.2.el8
|
||||||
|
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
||||||
|
# kernel-4.18.0-60.el8
|
||||||
|
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Use this spot to avoid future merge conflicts.
|
||||||
|
# Do not trim this comment.
|
||||||
|
EARLY_YSTREAM ?= no
|
||||||
|
EARLY_YBUILD:=
|
||||||
|
EARLY_YRELEASE:=
|
||||||
|
ifneq ("$(ZSTREAM)", "yes")
|
||||||
|
ifeq ("$(EARLY_YSTREAM)","yes")
|
||||||
|
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
RTBUILD:=.303
|
25
SOURCES/README.rst
Normal file
25
SOURCES/README.rst
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
===================
|
||||||
|
The Kernel dist-git
|
||||||
|
===================
|
||||||
|
|
||||||
|
The kernel is maintained in a `source tree`_ rather than directly in dist-git.
|
||||||
|
The specfile is maintained as a `template`_ in the source tree along with a set
|
||||||
|
of build scripts to generate configurations, (S)RPMs, and to populate the
|
||||||
|
dist-git repository.
|
||||||
|
|
||||||
|
The `documentation`_ for the source tree covers how to contribute and maintain
|
||||||
|
the tree.
|
||||||
|
|
||||||
|
If you're looking for the downstream patch set it's available in the source
|
||||||
|
tree with "git log master..ark-patches" or
|
||||||
|
`online`_.
|
||||||
|
|
||||||
|
Each release in dist-git is tagged in the source repository so you can easily
|
||||||
|
check out the source tree for a build. The tags are in the format
|
||||||
|
name-version-release, but note release doesn't contain the dist tag since the
|
||||||
|
source can be built in different build roots (Fedora, CentOS, etc.)
|
||||||
|
|
||||||
|
.. _source tree: https://gitlab.com/cki-project/kernel-ark.git
|
||||||
|
.. _template: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/redhat/kernel.spec.template
|
||||||
|
.. _documentation: https://gitlab.com/cki-project/kernel-ark/-/wikis/home
|
||||||
|
.. _online: https://gitlab.com/cki-project/kernel-ark/-/commits/ark-patches
|
BIN
SOURCES/almalinuxdup1.x509
Normal file
BIN
SOURCES/almalinuxdup1.x509
Normal file
Binary file not shown.
BIN
SOURCES/almalinuxkpatch1.x509
Normal file
BIN
SOURCES/almalinuxkpatch1.x509
Normal file
Binary file not shown.
166
SOURCES/check-kabi
Executable file
166
SOURCES/check-kabi
Executable file
@ -0,0 +1,166 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
#
|
||||||
|
# check-kabi - Red Hat kABI reference checking tool
|
||||||
|
#
|
||||||
|
# We use this script to check against reference Module.kabi files.
|
||||||
|
#
|
||||||
|
# Author: Jon Masters <jcm@redhat.com>
|
||||||
|
# Copyright (C) 2007-2009 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This software may be freely redistributed under the terms of the GNU
|
||||||
|
# General Public License (GPL).
|
||||||
|
|
||||||
|
# Changelog:
|
||||||
|
#
|
||||||
|
# 2018/06/01 - Update for python3 by Petr Oros.
|
||||||
|
# 2009/08/15 - Updated for use in RHEL6.
|
||||||
|
# 2007/06/13 - Initial rewrite in python by Jon Masters.
|
||||||
|
|
||||||
|
__author__ = "Jon Masters <jcm@redhat.com>"
|
||||||
|
__version__ = "2.0"
|
||||||
|
__date__ = "2009/08/15"
|
||||||
|
__copyright__ = "Copyright (C) 2007-2009 Red Hat, Inc"
|
||||||
|
__license__ = "GPL"
|
||||||
|
|
||||||
|
import getopt
|
||||||
|
import string
|
||||||
|
import sys
|
||||||
|
|
||||||
|
true = 1
|
||||||
|
false = 0
|
||||||
|
|
||||||
|
|
||||||
|
def load_symvers(symvers, filename):
|
||||||
|
"""Load a Module.symvers file."""
|
||||||
|
|
||||||
|
symvers_file = open(filename, "r")
|
||||||
|
|
||||||
|
while true:
|
||||||
|
in_line = symvers_file.readline()
|
||||||
|
if in_line == "":
|
||||||
|
break
|
||||||
|
if in_line == "\n":
|
||||||
|
continue
|
||||||
|
checksum, symbol, directory, type, *ns = in_line.split()
|
||||||
|
ns = ns[0] if ns else None
|
||||||
|
|
||||||
|
symvers[symbol] = in_line[0:-1]
|
||||||
|
|
||||||
|
|
||||||
|
def load_kabi(kabi, filename):
|
||||||
|
"""Load a Module.kabi file."""
|
||||||
|
|
||||||
|
kabi_file = open(filename, "r")
|
||||||
|
|
||||||
|
while true:
|
||||||
|
in_line = kabi_file.readline()
|
||||||
|
if in_line == "":
|
||||||
|
break
|
||||||
|
if in_line == "\n":
|
||||||
|
continue
|
||||||
|
checksum, symbol, directory, type, *ns = in_line.split()
|
||||||
|
ns = ns[0] if ns else None
|
||||||
|
|
||||||
|
kabi[symbol] = in_line[0:-1]
|
||||||
|
|
||||||
|
|
||||||
|
def check_kabi(symvers, kabi):
|
||||||
|
"""Check Module.kabi and Module.symvers files."""
|
||||||
|
|
||||||
|
fail = 0
|
||||||
|
warn = 0
|
||||||
|
changed_symbols = []
|
||||||
|
moved_symbols = []
|
||||||
|
ns_symbols = []
|
||||||
|
|
||||||
|
for symbol in kabi:
|
||||||
|
abi_hash, abi_sym, abi_dir, abi_type, *abi_ns = kabi[symbol].split()
|
||||||
|
abi_ns = abi_ns[0] if abi_ns else None
|
||||||
|
if symbol in symvers:
|
||||||
|
sym_hash, sym_sym, sym_dir, sym_type, *sym_ns = symvers[symbol].split()
|
||||||
|
sym_ns = sym_ns[0] if sym_ns else None
|
||||||
|
if abi_hash != sym_hash:
|
||||||
|
fail = 1
|
||||||
|
changed_symbols.append(symbol)
|
||||||
|
|
||||||
|
if abi_dir != sym_dir:
|
||||||
|
warn = 1
|
||||||
|
moved_symbols.append(symbol)
|
||||||
|
|
||||||
|
if abi_ns != sym_ns:
|
||||||
|
warn = 1
|
||||||
|
ns_symbols.append(symbol)
|
||||||
|
else:
|
||||||
|
fail = 1
|
||||||
|
changed_symbols.append(symbol)
|
||||||
|
|
||||||
|
if fail:
|
||||||
|
print("*** ERROR - ABI BREAKAGE WAS DETECTED ***")
|
||||||
|
print("")
|
||||||
|
print("The following symbols have been changed (this will cause an ABI breakage):")
|
||||||
|
print("")
|
||||||
|
for symbol in changed_symbols:
|
||||||
|
print(symbol)
|
||||||
|
print("")
|
||||||
|
|
||||||
|
if warn:
|
||||||
|
print("*** WARNING - ABI SYMBOLS MOVED ***")
|
||||||
|
if moved_symbols:
|
||||||
|
print("")
|
||||||
|
print("The following symbols moved (typically caused by moving a symbol from being")
|
||||||
|
print("provided by the kernel vmlinux out to a loadable module):")
|
||||||
|
print("")
|
||||||
|
for symbol in moved_symbols:
|
||||||
|
print(symbol)
|
||||||
|
print("")
|
||||||
|
if ns_symbols:
|
||||||
|
print("")
|
||||||
|
print("The following symbols changed symbol namespaces:")
|
||||||
|
print("")
|
||||||
|
for symbol in ns_symbols:
|
||||||
|
print(symbol)
|
||||||
|
print("")
|
||||||
|
|
||||||
|
"""Halt the build, if we got errors and/or warnings. In either case,
|
||||||
|
double-checkig is required to avoid introducing / concealing
|
||||||
|
KABI inconsistencies."""
|
||||||
|
if fail or warn:
|
||||||
|
sys.exit(1)
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
|
||||||
|
def usage():
|
||||||
|
print("""
|
||||||
|
check-kabi: check Module.kabi and Module.symvers files.
|
||||||
|
|
||||||
|
check-kabi [ -k Module.kabi ] [ -s Module.symvers ]
|
||||||
|
|
||||||
|
""")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
symvers_file = ""
|
||||||
|
kabi_file = ""
|
||||||
|
|
||||||
|
opts, args = getopt.getopt(sys.argv[1:], 'hk:s:')
|
||||||
|
|
||||||
|
for o, v in opts:
|
||||||
|
if o == "-s":
|
||||||
|
symvers_file = v
|
||||||
|
if o == "-h":
|
||||||
|
usage()
|
||||||
|
sys.exit(0)
|
||||||
|
if o == "-k":
|
||||||
|
kabi_file = v
|
||||||
|
|
||||||
|
if (symvers_file == "") or (kabi_file == ""):
|
||||||
|
usage()
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
symvers = {}
|
||||||
|
kabi = {}
|
||||||
|
|
||||||
|
load_symvers(symvers, symvers_file)
|
||||||
|
load_kabi(kabi, kabi_file)
|
||||||
|
check_kabi(symvers, kabi)
|
38
SOURCES/dracut-virt.conf
Normal file
38
SOURCES/dracut-virt.conf
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
# generic + compressed please
|
||||||
|
hostonly="no"
|
||||||
|
compress="xz"
|
||||||
|
|
||||||
|
# VMs can't update microcode anyway
|
||||||
|
early_microcode="no"
|
||||||
|
|
||||||
|
# modules: basics
|
||||||
|
dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown "
|
||||||
|
|
||||||
|
# modules: storage support
|
||||||
|
dracutmodules+=" dm lvm rootfs-block fs-lib "
|
||||||
|
|
||||||
|
# modules: tpm and crypto
|
||||||
|
dracutmodules+=" crypt crypt-loop tpm2-tss "
|
||||||
|
|
||||||
|
# WALinuxagent-cvm with CVM specific udev rules
|
||||||
|
dracutmodules+=" walinuxagentcvm "
|
||||||
|
|
||||||
|
# drivers: virtual buses, pci
|
||||||
|
drivers+=" virtio-pci virtio-mmio " # qemu-kvm
|
||||||
|
drivers+=" hv-vmbus pci-hyperv " # hyperv
|
||||||
|
drivers+=" xen-pcifront " # xen
|
||||||
|
|
||||||
|
# drivers: storage
|
||||||
|
drivers+=" ahci nvme sd_mod sr_mod " # generic
|
||||||
|
drivers+=" virtio-blk virtio-scsi " # qemu-kvm
|
||||||
|
drivers+=" hv-storvsc " # hyperv
|
||||||
|
drivers+=" xen-blkfront " # xen
|
||||||
|
|
||||||
|
# root encryption
|
||||||
|
drivers+=" dm_crypt "
|
||||||
|
|
||||||
|
# filesystems
|
||||||
|
filesystems+=" vfat ext4 xfs overlay "
|
||||||
|
|
||||||
|
# systemd-pcrphase
|
||||||
|
install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service "
|
@ -15,4 +15,4 @@ ethdrvs="3com adaptec arc alteon atheros broadcom cadence calxeda chelsio cisco
|
|||||||
|
|
||||||
drmdrvs="amd arm bridge ast exynos hisilicon i2c imx mgag200 meson msm nouveau panel radeon rockchip tegra sun4i tinydrm vc4"
|
drmdrvs="amd arm bridge ast exynos hisilicon i2c imx mgag200 meson msm nouveau panel radeon rockchip tegra sun4i tinydrm vc4"
|
||||||
|
|
||||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr"
|
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr chtls"
|
0
SOURCES/filter-armv7hl.sh.rhel
Normal file
0
SOURCES/filter-armv7hl.sh.rhel
Normal file
@ -13,8 +13,11 @@
|
|||||||
# subsys should be in kernel-modules on all arches, please change the defaults
|
# subsys should be in kernel-modules on all arches, please change the defaults
|
||||||
# listed here.
|
# listed here.
|
||||||
|
|
||||||
|
# Overrides is individual modules which need to remain in kernel-core due to deps.
|
||||||
|
overrides="cec"
|
||||||
|
|
||||||
# Set the default dirs/modules to filter out
|
# Set the default dirs/modules to filter out
|
||||||
driverdirs="atm auxdisplay bcma bluetooth firewire fmc iio infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging tty uio uwb w1 virt"
|
driverdirs="atm auxdisplay bcma bluetooth firewire fmc iio infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging tty uio uwb w1"
|
||||||
|
|
||||||
chardrvs="mwave pcmcia"
|
chardrvs="mwave pcmcia"
|
||||||
|
|
||||||
@ -22,6 +25,8 @@ netdrvs="appletalk can dsa hamradio ieee802154 irda ppp slip usb wireless"
|
|||||||
|
|
||||||
ethdrvs="3com adaptec alteon amd aquantia atheros broadcom cadence calxeda chelsio cisco dec dlink emulex icplus marvell neterion nvidia oki-semi packetengines qlogic rdc renesas sfc silan sis smsc stmicro sun tehuti ti wiznet xircom"
|
ethdrvs="3com adaptec alteon amd aquantia atheros broadcom cadence calxeda chelsio cisco dec dlink emulex icplus marvell neterion nvidia oki-semi packetengines qlogic rdc renesas sfc silan sis smsc stmicro sun tehuti ti wiznet xircom"
|
||||||
|
|
||||||
|
cryptdrvs="bcm caam cavium chelsio hisilicon marvell qat"
|
||||||
|
|
||||||
inputdrvs="gameport tablet touchscreen"
|
inputdrvs="gameport tablet touchscreen"
|
||||||
|
|
||||||
scsidrvs="aacraid aic7xxx aic94xx be2iscsi bfa bnx2i bnx2fc csiostor cxgbi esas2r fcoe fnic hisi_sas isci libsas lpfc megaraid mpt2sas mpt3sas mvsas pm8001 qla2xxx qla4xxx sym53c8xx_2 ufs qedf"
|
scsidrvs="aacraid aic7xxx aic94xx be2iscsi bfa bnx2i bnx2fc csiostor cxgbi esas2r fcoe fnic hisi_sas isci libsas lpfc megaraid mpt2sas mpt3sas mvsas pm8001 qla2xxx qla4xxx sym53c8xx_2 ufs qedf"
|
||||||
@ -34,7 +39,7 @@ netprots="6lowpan appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee80215
|
|||||||
|
|
||||||
drmdrvs="amd ast gma500 i2c i915 mgag200 nouveau radeon via "
|
drmdrvs="amd ast gma500 i2c i915 mgag200 nouveau radeon via "
|
||||||
|
|
||||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr parport_serial ism xt_u32 act_ct"
|
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr chtls parport_serial ism regmap-sdw regmap-sdw-mbq arizona-micsupp hid-asus nct6775 ntc_thermistor"
|
||||||
|
|
||||||
# Grab the arch-specific filter list overrides
|
# Grab the arch-specific filter list overrides
|
||||||
source ./filter-$2.sh
|
source ./filter-$2.sh
|
||||||
@ -88,7 +93,7 @@ done
|
|||||||
# Filter the char drivers
|
# Filter the char drivers
|
||||||
for char in ${chardrvs}
|
for char in ${chardrvs}
|
||||||
do
|
do
|
||||||
filter_dir $1 drivers/char/${input}
|
filter_dir $1 drivers/char/${char}
|
||||||
done
|
done
|
||||||
|
|
||||||
# Filter the ethernet drivers
|
# Filter the ethernet drivers
|
||||||
@ -97,6 +102,12 @@ do
|
|||||||
filter_dir $1 drivers/net/ethernet/${eth}
|
filter_dir $1 drivers/net/ethernet/${eth}
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Filter the crypto drivers
|
||||||
|
for crypt in ${cryptdrvs}
|
||||||
|
do
|
||||||
|
filter_dir $1 drivers/crypto/${crypt}
|
||||||
|
done
|
||||||
|
|
||||||
# SCSI
|
# SCSI
|
||||||
for scsi in ${scsidrvs}
|
for scsi in ${scsidrvs}
|
||||||
do
|
do
|
||||||
@ -135,9 +146,7 @@ done
|
|||||||
|
|
||||||
# Just kill sound.
|
# Just kill sound.
|
||||||
filter_dir $1 kernel/sound
|
filter_dir $1 kernel/sound
|
||||||
filter_ko $1 drivers/base/regmap/regmap-sdw
|
filter_dir $1 kernel/drivers/soundwire
|
||||||
filter_ko $1 drivers/base/regmap/regmap-sdw-mbq
|
|
||||||
filter_dir $1 drivers/soundwire
|
|
||||||
|
|
||||||
# Now go through and filter any single .ko files that might have deps on the
|
# Now go through and filter any single .ko files that might have deps on the
|
||||||
# things we filtered above
|
# things we filtered above
|
||||||
@ -146,6 +155,20 @@ do
|
|||||||
filter_ko $1 ${mod}
|
filter_ko $1 ${mod}
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Now process the override list to bring those modules back into core
|
||||||
|
for mod in ${overrides}
|
||||||
|
do
|
||||||
|
grep -v -e "/${mod}.ko" k-d.list > k-d.list.tmp
|
||||||
|
if [ $? -ne 0 ]
|
||||||
|
then
|
||||||
|
echo "Couldn't save ${mod}.ko Skipping."
|
||||||
|
else
|
||||||
|
grep -e "/${mod}.ko" k-d.list >> $filelist
|
||||||
|
mv k-d.list.tmp k-d.list
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
# Go through our generated drivers list and remove the .ko files. We'll
|
# Go through our generated drivers list and remove the .ko files. We'll
|
||||||
# restore them later.
|
# restore them later.
|
||||||
for mod in `cat k-d.list`
|
for mod in `cat k-d.list`
|
@ -11,4 +11,4 @@
|
|||||||
|
|
||||||
driverdirs="atm auxdisplay bcma bluetooth firewire fmc infiniband isdn leds media memstick message mmc mtd mwave nfc ntb pcmcia platform power ssb staging tty uio uwb w1"
|
driverdirs="atm auxdisplay bcma bluetooth firewire fmc infiniband isdn leds media memstick message mmc mtd mwave nfc ntb pcmcia platform power ssb staging tty uio uwb w1"
|
||||||
|
|
||||||
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr"
|
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr chtls"
|
@ -1,6 +1,6 @@
|
|||||||
--- !Policy
|
--- !Policy
|
||||||
product_versions:
|
product_versions:
|
||||||
- rhel-8
|
- rhel-9
|
||||||
decision_context: osci_compose_gate
|
decision_context: osci_compose_gate
|
||||||
rules:
|
rules:
|
||||||
- !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional}
|
- !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional}
|
||||||
|
@ -1,6 +1,36 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
for i in ${NAME}-*.config; do
|
# Adjusts the configuration options to build the variants correctly
|
||||||
NEW=${NAME}-${VERSION}-$(echo $i | sed -e "s/${NAME}//" | cut -d - -f2-)
|
|
||||||
mv ${i} ${NEW}
|
test -n "$RHTEST" && exit 0
|
||||||
|
|
||||||
|
DEBUGBUILDSENABLED=$1
|
||||||
|
if [ -z "$DEBUGBUILDSENABLED" ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$FLAVOR" ]; then
|
||||||
|
FLAVOR=rhel
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$FLAVOR" = "fedora" ]; then
|
||||||
|
SECONDARY=rhel
|
||||||
|
else
|
||||||
|
SECONDARY=fedora
|
||||||
|
fi
|
||||||
|
|
||||||
|
for i in kernel-rt-*-"$FLAVOR".config; do
|
||||||
|
NEW=kernel-rt-"$SPECVERSION"-$(echo "$i" | cut -d - -f3- | sed s/-"$FLAVOR"//)
|
||||||
|
#echo $NEW
|
||||||
|
mv "$i" "$NEW"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
rm -f kernel-rt-*-"$SECONDARY".config
|
||||||
|
|
||||||
|
if [ "$DEBUGBUILDSENABLED" -eq 0 ]; then
|
||||||
|
for i in kernel-rt-*debug*.config; do
|
||||||
|
base=$(echo "$i" | sed -r s/-?debug//g)
|
||||||
|
NEW=kernel-rt-$(echo "$base" | cut -d - -f3-)
|
||||||
|
mv "$i" "$NEW"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
. /etc/os-release
|
|
||||||
|
|
||||||
kernelver=$1 && shift
|
|
||||||
rootfs=$1 && shift
|
|
||||||
variant=$1 && shift
|
|
||||||
|
|
||||||
output="${rootfs}/lib/modules/${kernelver}/bls.conf"
|
|
||||||
date=$(date -u +%Y%m%d%H%M%S)
|
|
||||||
|
|
||||||
if [ "${variant:-5}" = "debug" ]; then
|
|
||||||
debugname=" with debugging"
|
|
||||||
debugid="-debug"
|
|
||||||
else
|
|
||||||
debugname=""
|
|
||||||
debugid=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat >${output} <<EOF
|
|
||||||
title ${NAME} (${kernelver}) ${VERSION}${debugname}
|
|
||||||
version ${kernelver}${debugid}
|
|
||||||
linux ${bootprefix}/vmlinuz-${kernelver}
|
|
||||||
initrd ${bootprefix}/initramfs-${kernelver}.img
|
|
||||||
options \$kernelopts
|
|
||||||
id ${ID}-${date}-${kernelver}${debugid}
|
|
||||||
grub_users \$grub_users
|
|
||||||
grub_arg --unrestricted
|
|
||||||
grub_class kernel${variant}
|
|
||||||
EOF
|
|
2
SOURCES/kernel-local
Normal file
2
SOURCES/kernel-local
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# This file is intentionally left empty in the stock kernel. Its a nicety
|
||||||
|
# added for those wanting to do custom rebuilds with altered config opts.
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
72
SOURCES/merge.pl
Executable file
72
SOURCES/merge.pl
Executable file
@ -0,0 +1,72 @@
|
|||||||
|
#! /usr/bin/perl
|
||||||
|
|
||||||
|
my @args=@ARGV;
|
||||||
|
my %configvalues;
|
||||||
|
my @configoptions;
|
||||||
|
my $configcounter = 0;
|
||||||
|
|
||||||
|
# optionally print out the architecture as the first line of our output
|
||||||
|
my $arch = $args[2];
|
||||||
|
if (defined $arch) {
|
||||||
|
print "# $arch\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# first, read the override file
|
||||||
|
|
||||||
|
open (FILE,"$args[0]") || die "Could not open $args[0]";
|
||||||
|
while (<FILE>) {
|
||||||
|
my $str = $_;
|
||||||
|
my $configname;
|
||||||
|
|
||||||
|
if (/\# ([\w]+) is not set/) {
|
||||||
|
$configname = $1;
|
||||||
|
} elsif (/^\#/) {
|
||||||
|
# fall through on comments like 'avoid CONFIG_FOO=y'
|
||||||
|
;
|
||||||
|
} elsif (/([\w]+)=/) {
|
||||||
|
$configname = $1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (defined($configname) && !exists($configvalues{$configname})) {
|
||||||
|
$configvalues{$configname} = $str;
|
||||||
|
$configoptions[$configcounter] = $configname;
|
||||||
|
$configcounter ++;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
# now, read and output the entire configfile, except for the overridden
|
||||||
|
# parts... for those the new value is printed.
|
||||||
|
|
||||||
|
open (FILE2,"$args[1]") || die "Could not open $args[1]";
|
||||||
|
while (<FILE2>) {
|
||||||
|
my $configname;
|
||||||
|
|
||||||
|
if (/\# ([\w]+) is not set/) {
|
||||||
|
$configname = $1;
|
||||||
|
} elsif (/^\#/) {
|
||||||
|
# fall through on comments like 'avoid CONFIG_FOO=y'
|
||||||
|
;
|
||||||
|
} elsif (/([\w]+)=/) {
|
||||||
|
$configname = $1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (defined($configname) && exists($configvalues{$configname})) {
|
||||||
|
print "$configvalues{$configname}";
|
||||||
|
delete($configvalues{$configname});
|
||||||
|
} else {
|
||||||
|
print "$_";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# now print the new values from the overridden configfile
|
||||||
|
my $counter = 0;
|
||||||
|
|
||||||
|
while ($counter < $configcounter) {
|
||||||
|
my $configname = $configoptions[$counter];
|
||||||
|
if (exists($configvalues{$configname})) {
|
||||||
|
print "$configvalues{$configname}";
|
||||||
|
}
|
||||||
|
$counter++;
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
@ -1,4 +1,5 @@
|
|||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
# shellcheck disable=SC2164
|
||||||
|
|
||||||
RpmDir=$1
|
RpmDir=$1
|
||||||
ModDir=$2
|
ModDir=$2
|
||||||
@ -24,9 +25,9 @@ __EOF__
|
|||||||
|
|
||||||
check_blacklist()
|
check_blacklist()
|
||||||
{
|
{
|
||||||
mod=$(find $RpmDir/$ModDir -name "$1")
|
mod=$(find "$RpmDir/$ModDir" -name "$1")
|
||||||
[ ! "$mod" ] && return 0
|
[ ! "$mod" ] && return 0
|
||||||
if modinfo $mod | grep -q '^alias:\s\+net-'; then
|
if modinfo "$mod" | grep -q '^alias:\s\+net-'; then
|
||||||
mod="${1##*/}"
|
mod="${1##*/}"
|
||||||
mod="${mod%.ko*}"
|
mod="${mod%.ko*}"
|
||||||
echo "$mod has an alias that allows auto-loading. Blacklisting."
|
echo "$mod has an alias that allows auto-loading. Blacklisting."
|
||||||
@ -37,7 +38,7 @@ check_blacklist()
|
|||||||
find_depends()
|
find_depends()
|
||||||
{
|
{
|
||||||
dep=$1
|
dep=$1
|
||||||
depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
|
depends=$(modinfo "$dep" | sed -n -e "/^depends/ s/^depends:[ \t]*//p")
|
||||||
[ -z "$depends" ] && exit
|
[ -z "$depends" ] && exit
|
||||||
for mod in ${depends//,/ }
|
for mod in ${depends//,/ }
|
||||||
do
|
do
|
||||||
@ -45,14 +46,14 @@ find_depends()
|
|||||||
[ -z "$match" ] && continue
|
[ -z "$match" ] && continue
|
||||||
# check if the module we are looking at is in mod-* too.
|
# check if the module we are looking at is in mod-* too.
|
||||||
# if so we do not need to mark the dep as required.
|
# if so we do not need to mark the dep as required.
|
||||||
mod2=${dep##*/} # same as `basename $dep`, but faster
|
mod2=${dep##*/} # same as $(basename $dep), but faster
|
||||||
match2=$(grep "^$mod2" "$ListName")
|
match2=$(grep "^$mod2" "$ListName")
|
||||||
if [ -n "$match2" ]
|
if [ -n "$match2" ]
|
||||||
then
|
then
|
||||||
#echo $mod2 >> notreq.list
|
#echo $mod2 >> notreq.list
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
echo $mod.ko >> req.list
|
echo "$mod".ko >> req.list
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -60,11 +61,11 @@ foreachp()
|
|||||||
{
|
{
|
||||||
P=$(nproc)
|
P=$(nproc)
|
||||||
bgcount=0
|
bgcount=0
|
||||||
while read mod; do
|
while read -r mod; do
|
||||||
$1 "$mod" &
|
$1 "$mod" &
|
||||||
|
|
||||||
bgcount=$((bgcount + 1))
|
bgcount=$((bgcount + 1))
|
||||||
if [ $bgcount -eq $P ]; then
|
if [ $bgcount -eq "$P" ]; then
|
||||||
wait -n
|
wait -n
|
||||||
bgcount=$((bgcount - 1))
|
bgcount=$((bgcount - 1))
|
||||||
fi
|
fi
|
||||||
@ -76,12 +77,12 @@ foreachp()
|
|||||||
# Destination was specified on the command line
|
# Destination was specified on the command line
|
||||||
test -n "$4" && echo "$0: Override Destination $Dest has been specified."
|
test -n "$4" && echo "$0: Override Destination $Dest has been specified."
|
||||||
|
|
||||||
pushd $Dir
|
pushd "$Dir"
|
||||||
|
|
||||||
OverrideDir=$(basename $List)
|
OverrideDir=$(basename "$List")
|
||||||
OverrideDir=${OverrideDir%.*}
|
OverrideDir=${OverrideDir%.*}
|
||||||
OverrideDir=${OverrideDir#*-}
|
OverrideDir=${OverrideDir#*-}
|
||||||
mkdir -p $OverrideDir
|
mkdir -p "$OverrideDir"
|
||||||
|
|
||||||
rm -rf modnames
|
rm -rf modnames
|
||||||
find . -name "*.ko" -type f > modnames
|
find . -name "*.ko" -type f > modnames
|
||||||
@ -94,7 +95,8 @@ cp "$List" .
|
|||||||
|
|
||||||
# This variable needs to be exported because it is used in sub-script
|
# This variable needs to be exported because it is used in sub-script
|
||||||
# executed by xargs
|
# executed by xargs
|
||||||
export ListName=$(basename "$List")
|
ListName=$(basename "$List")
|
||||||
|
export ListName
|
||||||
|
|
||||||
foreachp find_depends < modnames
|
foreachp find_depends < modnames
|
||||||
|
|
||||||
@ -102,25 +104,25 @@ sort -u req.list > req2.list
|
|||||||
sort -u "$ListName" > modules2.list
|
sort -u "$ListName" > modules2.list
|
||||||
join -v 1 modules2.list req2.list > modules3.list
|
join -v 1 modules2.list req2.list > modules3.list
|
||||||
|
|
||||||
for mod in $(cat modules3.list)
|
while IFS= read -r mod
|
||||||
do
|
do
|
||||||
# get the path for the module
|
# get the path for the module
|
||||||
modpath=`grep /$mod modnames`
|
modpath=$(grep /"$mod" modnames)
|
||||||
[ -z "$modpath" ] && continue
|
[ -z "$modpath" ] && continue
|
||||||
echo $modpath >> dep.list
|
echo "$modpath" >> dep.list
|
||||||
done
|
done < modules3.list
|
||||||
|
|
||||||
sort -u dep.list > dep2.list
|
sort -u dep.list > dep2.list
|
||||||
|
|
||||||
if [ -n "$Dest" ]; then
|
if [ -n "$Dest" ]; then
|
||||||
# now move the modules into the $Dest directory
|
# now move the modules into the $Dest directory
|
||||||
for mod in `cat dep2.list`
|
while IFS= read -r mod
|
||||||
do
|
do
|
||||||
newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
|
newpath=$(dirname "$mod" | sed -e "s/kernel\\//$Dest\//")
|
||||||
mkdir -p $newpath
|
mkdir -p "$newpath"
|
||||||
mv $mod $newpath
|
mv "$mod" "$newpath"
|
||||||
echo $mod | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> $RpmDir/$ListName
|
echo "$mod" | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> "$RpmDir"/"$ListName"
|
||||||
done
|
done < dep2.list
|
||||||
fi
|
fi
|
||||||
|
|
||||||
popd
|
popd
|
||||||
@ -130,23 +132,33 @@ popd
|
|||||||
# target doesn't try to sign a non-existent file. This is kinda ugly, but
|
# target doesn't try to sign a non-existent file. This is kinda ugly, but
|
||||||
# so are the modules-* packages.
|
# so are the modules-* packages.
|
||||||
|
|
||||||
for mod in `cat ${Dir}/dep2.list`
|
while IFS= read -r mod
|
||||||
do
|
do
|
||||||
modfile=`basename $mod | sed -e 's/.ko/.mod/'`
|
modfile=$(basename "$mod" | sed -e 's/.ko/.mod/')
|
||||||
rm .tmp_versions/$modfile
|
rm .tmp_versions/"$modfile"
|
||||||
done
|
done < "$Dir"/dep2.list
|
||||||
|
|
||||||
if [ ! -n "$Dest" ]; then
|
if [ -z "$Dest" ]; then
|
||||||
sed -e "s|^.|${ModDir}|g" ${Dir}/dep2.list > $RpmDir/$ListName
|
sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName"
|
||||||
echo "./$RpmDir/$ListName created."
|
echo "./$RpmDir/$ListName created."
|
||||||
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
|
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
|
||||||
foreachp check_blacklist < $List
|
foreachp check_blacklist < "$List"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload
|
||||||
|
# even though most modern systems don't have a 3.5" floppy driver anymore
|
||||||
|
# this replaces the old die_floppy_die.patch which removed the PNP-id from
|
||||||
|
# the module
|
||||||
|
|
||||||
|
floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*)
|
||||||
|
if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then
|
||||||
|
blacklist "floppy"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# avoid an empty kernel-extra package
|
# avoid an empty kernel-extra package
|
||||||
echo "$ModDir/$OverrideDir" >> $RpmDir/$ListName
|
echo "$ModDir/$OverrideDir" >> "$RpmDir/$ListName"
|
||||||
|
|
||||||
pushd $Dir
|
pushd "$Dir"
|
||||||
rm modnames dep.list dep2.list req.list req2.list
|
rm modnames dep.list dep2.list req.list req2.list
|
||||||
rm "$ListName" modules2.list modules3.list
|
rm "$ListName" modules2.list modules3.list
|
||||||
popd
|
popd
|
@ -2,8 +2,6 @@
|
|||||||
a3d.ko
|
a3d.ko
|
||||||
act200l-sir.ko
|
act200l-sir.ko
|
||||||
actisys-sir.ko
|
actisys-sir.ko
|
||||||
act_mpls.ko
|
|
||||||
act_ct.ko
|
|
||||||
adi.ko
|
adi.ko
|
||||||
aer_inject.ko
|
aer_inject.ko
|
||||||
af_802154.ko
|
af_802154.ko
|
||||||
@ -17,7 +15,6 @@ avm_cs.ko
|
|||||||
avmfritz.ko
|
avmfritz.ko
|
||||||
ax25.ko
|
ax25.ko
|
||||||
b1.ko
|
b1.ko
|
||||||
bareudp.ko
|
|
||||||
bas_gigaset.ko
|
bas_gigaset.ko
|
||||||
batman-adv.ko
|
batman-adv.ko
|
||||||
baycom_par.ko
|
baycom_par.ko
|
||||||
@ -72,7 +69,6 @@ iforce.ko
|
|||||||
interact.ko
|
interact.ko
|
||||||
ipddp.ko
|
ipddp.ko
|
||||||
ipx.ko
|
ipx.ko
|
||||||
ip_vs_mh.ko
|
|
||||||
isdn.ko
|
isdn.ko
|
||||||
joydump.ko
|
joydump.ko
|
||||||
kingsun-sir.ko
|
kingsun-sir.ko
|
||||||
@ -83,6 +79,7 @@ l2tp_core.ko
|
|||||||
l2tp_debugfs.ko
|
l2tp_debugfs.ko
|
||||||
l2tp_eth.ko
|
l2tp_eth.ko
|
||||||
l2tp_ip.ko
|
l2tp_ip.ko
|
||||||
|
l2tp_ip6.ko
|
||||||
l2tp_netlink.ko
|
l2tp_netlink.ko
|
||||||
l2tp_ppp.ko
|
l2tp_ppp.ko
|
||||||
lec.ko
|
lec.ko
|
||||||
@ -124,11 +121,9 @@ rds_tcp.ko
|
|||||||
rose.ko
|
rose.ko
|
||||||
sch_atm.ko
|
sch_atm.ko
|
||||||
sch_cbq.ko
|
sch_cbq.ko
|
||||||
sch_cbs.ko
|
|
||||||
sch_choke.ko
|
sch_choke.ko
|
||||||
sch_drr.ko
|
sch_drr.ko
|
||||||
sch_dsmark.ko
|
sch_dsmark.ko
|
||||||
sch_ets.ko
|
|
||||||
sch_gred.ko
|
sch_gred.ko
|
||||||
sch_mqprio.ko
|
sch_mqprio.ko
|
||||||
sch_multiq.ko
|
sch_multiq.ko
|
||||||
@ -139,6 +134,7 @@ sch_sfb.ko
|
|||||||
sch_teql.ko
|
sch_teql.ko
|
||||||
sctp.ko
|
sctp.ko
|
||||||
sctp_diag.ko
|
sctp_diag.ko
|
||||||
|
sctp_probe.ko
|
||||||
sidewinder.ko
|
sidewinder.ko
|
||||||
sja1000.ko
|
sja1000.ko
|
||||||
sja1000_platform.ko
|
sja1000_platform.ko
|
||||||
@ -192,7 +188,5 @@ wanrouter.ko
|
|||||||
warrior.ko
|
warrior.ko
|
||||||
whci.ko
|
whci.ko
|
||||||
wire.ko
|
wire.ko
|
||||||
xpad.ko
|
|
||||||
xt_u32.ko
|
|
||||||
yam.ko
|
yam.ko
|
||||||
zhenhua.ko
|
zhenhua.ko
|
@ -13,34 +13,19 @@ qos-test
|
|||||||
resource_kunit
|
resource_kunit
|
||||||
soc-topology-test
|
soc-topology-test
|
||||||
soc-utils-test
|
soc-utils-test
|
||||||
stackinit_kunit
|
|
||||||
string-stream-test
|
string-stream-test
|
||||||
test_linear_ranges
|
test_linear_ranges
|
||||||
test_bits
|
test_bits
|
||||||
test_kasan
|
test_kasan
|
||||||
|
time_test
|
||||||
fat_test
|
fat_test
|
||||||
|
lib_test
|
||||||
|
rational-test
|
||||||
test_list_sort
|
test_list_sort
|
||||||
slub_kunit
|
slub_kunit
|
||||||
memcpy_kunit
|
memcpy_kunit
|
||||||
time_test
|
|
||||||
drm_format_helper_test
|
|
||||||
drm_damage_helper_test
|
|
||||||
drm_cmdline_parser_test
|
|
||||||
drm_kunit_helpers
|
|
||||||
drm_rect_test
|
|
||||||
drm_format_test
|
|
||||||
drm_plane_helper_test
|
|
||||||
drm_dp_mst_helper_test
|
|
||||||
drm_framebuffer_test
|
|
||||||
drm_buddy_test
|
|
||||||
drm_mm_test
|
|
||||||
drm_connector_test
|
|
||||||
drm_managed_test
|
|
||||||
drm_modes_test
|
|
||||||
drm_probe_helper_test
|
|
||||||
lib_test
|
|
||||||
dev_addr_lists_test
|
dev_addr_lists_test
|
||||||
rational-test
|
kfence_test
|
||||||
test_hash
|
test_hash
|
||||||
locktorture
|
locktorture
|
||||||
mac80211_hwsim
|
mac80211_hwsim
|
||||||
@ -49,8 +34,6 @@ pktgen
|
|||||||
rcutorture
|
rcutorture
|
||||||
rocker
|
rocker
|
||||||
scftorture
|
scftorture
|
||||||
torture
|
|
||||||
test_bpf
|
|
||||||
test_klp_atomic_replace
|
test_klp_atomic_replace
|
||||||
test_klp_callbacks_demo
|
test_klp_callbacks_demo
|
||||||
test_klp_callbacks_demo2
|
test_klp_callbacks_demo2
|
||||||
@ -61,6 +44,21 @@ test_klp_shadow_vars
|
|||||||
test_klp_state
|
test_klp_state
|
||||||
test_klp_state2
|
test_klp_state2
|
||||||
test_klp_state3
|
test_klp_state3
|
||||||
|
torture
|
||||||
|
refscale
|
||||||
|
rcuscale
|
||||||
|
memcpy_kunit
|
||||||
|
dev_addr_lists_test
|
||||||
|
test_hash
|
||||||
|
test_bpf
|
||||||
|
stackinit_kunit
|
||||||
|
overflow_kunit
|
||||||
|
clk-gate_test
|
||||||
|
clk_test
|
||||||
|
mtty
|
||||||
test_hmm
|
test_hmm
|
||||||
test_vmalloc
|
test_vmalloc
|
||||||
mtty
|
test_cpumask
|
||||||
|
iio-test-format
|
||||||
|
iio-test-rescale
|
||||||
|
cros_kunit
|
||||||
|
3
SOURCES/mod-partner.list
Normal file
3
SOURCES/mod-partner.list
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
afs
|
||||||
|
rxperf
|
||||||
|
rxrpc
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
# The modules_sign target checks for corresponding .o files for every .ko that
|
# The modules_sign target checks for corresponding .o files for every .ko that
|
||||||
# is signed. This doesn't work for package builds which re-use the same build
|
# is signed. This doesn't work for package builds which re-use the same build
|
||||||
# directory for every flavour, and the .config may change between flavours.
|
# directory for every variant, and the .config may change between variants.
|
||||||
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
|
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
|
||||||
# sign all .ko in the buildroot.
|
# sign all .ko in the buildroot.
|
||||||
|
|
||||||
@ -13,9 +13,9 @@ MODSECKEY=$1
|
|||||||
MODPUBKEY=$2
|
MODPUBKEY=$2
|
||||||
moddir=$3
|
moddir=$3
|
||||||
|
|
||||||
modules=`find $moddir -type f -name '*.ko'`
|
modules=$(find "$moddir" -type f -name '*.ko')
|
||||||
|
|
||||||
NPROC=`nproc`
|
NPROC=$(nproc)
|
||||||
[ -z "$NPROC" ] && NPROC=1
|
[ -z "$NPROC" ] && NPROC=1
|
||||||
|
|
||||||
# NB: this loop runs 2000+ iterations. Try to be fast.
|
# NB: this loop runs 2000+ iterations. Try to be fast.
|
||||||
@ -27,7 +27,7 @@ done
|
|||||||
" DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop.
|
" DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop.
|
||||||
|
|
||||||
RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
|
RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
|
||||||
if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
|
if [ "~Module signature appended~" != "$(tail -c 28 "$RANDOMMOD")" ]; then
|
||||||
echo "*****************************"
|
echo "*****************************"
|
||||||
echo "*** Modules are unsigned! ***"
|
echo "*** Modules are unsigned! ***"
|
||||||
echo "*****************************"
|
echo "*****************************"
|
||||||
|
@ -23,4 +23,4 @@ test "$procgroup" = 1 && exec xargs -r xz
|
|||||||
# xz has some startup cost. If files are really small,
|
# xz has some startup cost. If files are really small,
|
||||||
# this cost might be significant. To combat this,
|
# this cost might be significant. To combat this,
|
||||||
# process several files (in sequence) by each xz process via -n 16:
|
# process several files (in sequence) by each xz process via -n 16:
|
||||||
exec xargs -r -n 16 -P $procgroup xz
|
exec xargs -r -n 16 -P "$procgroup" xz
|
||||||
|
5
SOURCES/partial-kgcov-snip.config
Normal file
5
SOURCES/partial-kgcov-snip.config
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# kgcov
|
||||||
|
CONFIG_GCOV_KERNEL=y
|
||||||
|
CONFIG_GCOV_PROFILE_ALL=y
|
||||||
|
# CONFIG_GCOV_PROFILE_FTRACE is not set
|
||||||
|
# CONFIG_OPEN_DICE is not set
|
0
SOURCES/patch-5.14-redhat.patch
Normal file
0
SOURCES/patch-5.14-redhat.patch
Normal file
@ -3,14 +3,27 @@
|
|||||||
# This script takes the merged config files and processes them through oldconfig
|
# This script takes the merged config files and processes them through oldconfig
|
||||||
# and listnewconfig
|
# and listnewconfig
|
||||||
#
|
#
|
||||||
|
# Globally disable suggestion of appending '|| exit' or '|| return' to cd/pushd/popd commands
|
||||||
|
# shellcheck disable=SC2164
|
||||||
|
|
||||||
|
test -n "$RHTEST" && exit 0
|
||||||
|
|
||||||
usage()
|
usage()
|
||||||
{
|
{
|
||||||
echo "process_configs.sh [ -n|-c|-t ] package_name kernel_version [cross_opts]"
|
# alphabetical order please
|
||||||
echo " -n: error on unset config options"
|
echo "process_configs.sh [ options ] package_name kernel_version"
|
||||||
|
echo " -a: report all errors, equivalent to [-c -n -w -i]"
|
||||||
echo " -c: error on mismatched config options"
|
echo " -c: error on mismatched config options"
|
||||||
|
echo " -i: continue on error"
|
||||||
|
echo " -n: error on unset config options"
|
||||||
echo " -t: test run, do not overwrite original config"
|
echo " -t: test run, do not overwrite original config"
|
||||||
echo " -w: error on misconfigured config options"
|
echo " -w: error on misconfigured config options"
|
||||||
|
echo " -z: commit new configs to pending directory"
|
||||||
|
echo ""
|
||||||
|
echo " A special CONFIG file tag, process_configs_known_broken can be added as a"
|
||||||
|
echo " comment to any CONFIG file. This tag indicates that there is no way to "
|
||||||
|
echo " fix a CONFIG's entry. This tag should only be used in extreme cases"
|
||||||
|
echo " and is not to be used as a workaround to solve CONFIG problems."
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -20,18 +33,27 @@ die()
|
|||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_cross_compile()
|
||||||
|
{
|
||||||
|
arch=$1
|
||||||
|
if [[ "$CC_IS_CLANG" -eq 1 ]]; then
|
||||||
|
echo "$arch"
|
||||||
|
else
|
||||||
|
echo "scripts/dummy-tools/"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# stupid function to find top of tree to do kernel make configs
|
# stupid function to find top of tree to do kernel make configs
|
||||||
switch_to_toplevel()
|
switch_to_toplevel()
|
||||||
{
|
{
|
||||||
path="$(pwd)"
|
path="$(pwd)"
|
||||||
while test -n "$path"
|
while test -n "$path"
|
||||||
do
|
do
|
||||||
test -d $path/firmware && \
|
test -e "$path"/MAINTAINERS && \
|
||||||
test -e $path/MAINTAINERS && \
|
test -d "$path"/drivers && \
|
||||||
test -d $path/drivers && \
|
|
||||||
break
|
break
|
||||||
|
|
||||||
path="$(dirname $path)"
|
path=$(dirname "$path")
|
||||||
done
|
done
|
||||||
|
|
||||||
test -n "$path" || die "Can't find toplevel"
|
test -n "$path" || die "Can't find toplevel"
|
||||||
@ -40,6 +62,9 @@ switch_to_toplevel()
|
|||||||
|
|
||||||
checkoptions()
|
checkoptions()
|
||||||
{
|
{
|
||||||
|
count=$3
|
||||||
|
variant=$4
|
||||||
|
|
||||||
/usr/bin/awk '
|
/usr/bin/awk '
|
||||||
|
|
||||||
/is not set/ {
|
/is not set/ {
|
||||||
@ -62,114 +87,324 @@ checkoptions()
|
|||||||
print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree";
|
print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
' $1 $2 > .mismatches
|
' "$1" "$2" > .mismatches"${count}"
|
||||||
|
|
||||||
if test -s .mismatches
|
checkoptions_error=false
|
||||||
|
if test -s .mismatches"${count}"
|
||||||
then
|
then
|
||||||
echo "Error: Mismatches found in configuration files"
|
while read -r LINE
|
||||||
cat .mismatches
|
do
|
||||||
exit 1
|
if find "${REDHAT}"/configs -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then
|
||||||
|
# This is a known broken config.
|
||||||
|
# See script help warning.
|
||||||
|
checkoptions_error=false
|
||||||
|
else
|
||||||
|
checkoptions_error=true
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done < .mismatches"${count}"
|
||||||
|
|
||||||
|
! $checkoptions_error && return
|
||||||
|
|
||||||
|
sed -i "1s/^/Error: Mismatches found in configuration files for ${arch} ${variant}\n/" .mismatches"${count}"
|
||||||
|
else
|
||||||
|
rm -f .mismatches"${count}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
parsenewconfigs()
|
||||||
|
{
|
||||||
|
tmpdir=$(mktemp -d)
|
||||||
|
|
||||||
|
# This awk script reads the output of make listnewconfig
|
||||||
|
# and puts it into CONFIG_FOO files. Using the output of
|
||||||
|
# listnewconfig is much easier to ensure we get the default
|
||||||
|
# output.
|
||||||
|
/usr/bin/awk -v BASE="$tmpdir" '
|
||||||
|
/is not set/ {
|
||||||
|
split ($0, a, "#");
|
||||||
|
split(a[2], b);
|
||||||
|
OUT_FILE=BASE"/"b[1];
|
||||||
|
print $0 >> OUT_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/=/ {
|
||||||
|
split ($0, a, "=");
|
||||||
|
OUT_FILE=BASE"/"a[1];
|
||||||
|
if (a[2] == "n")
|
||||||
|
print "# " a[1] " is not set" >> OUT_FILE;
|
||||||
|
else
|
||||||
|
print $0 >> OUT_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
|
' .newoptions
|
||||||
|
|
||||||
|
# This awk script parses the output of helpnewconfig.
|
||||||
|
# Each option is separated between ----- markers
|
||||||
|
# The goal is to put all the help text as a comment in
|
||||||
|
# each CONFIG_FOO file. Because of how awk works
|
||||||
|
# there's a lot of moving files around and catting to
|
||||||
|
# get what we need.
|
||||||
|
/usr/bin/awk -v BASE="$tmpdir" '
|
||||||
|
BEGIN { inpatch=0;
|
||||||
|
outfile="none";
|
||||||
|
symbol="none"; }
|
||||||
|
/^Symbol: .*$/ {
|
||||||
|
split($0, a, " ");
|
||||||
|
symbol="CONFIG_"a[2];
|
||||||
|
outfile=BASE "/fake_"symbol
|
||||||
|
}
|
||||||
|
/-----/ {
|
||||||
|
if (inpatch == 0) {
|
||||||
|
inpatch = 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (symbol != "none") {
|
||||||
|
system("cat " outfile " " BASE "/" symbol " > " BASE "/tmpf");
|
||||||
|
system("mv " BASE "/tmpf " BASE "/" symbol);
|
||||||
|
symbol="none"
|
||||||
|
}
|
||||||
|
outfile="none"
|
||||||
|
inpatch = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
!/-----/ {
|
||||||
|
if (inpatch == 1 && outfile != "none") {
|
||||||
|
print "# "$0 >> outfile;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
' .helpnewconfig
|
||||||
|
|
||||||
|
pushd "$tmpdir" &> /dev/null
|
||||||
|
rm fake_*
|
||||||
|
popd &> /dev/null
|
||||||
|
for f in "$tmpdir"/*; do
|
||||||
|
[[ -e "$f" ]] || break
|
||||||
|
cp "$f" "$SCRIPT_DIR/pending$FLAVOR/generic/"
|
||||||
|
done
|
||||||
|
|
||||||
|
rm -rf "$tmpdir"
|
||||||
|
}
|
||||||
|
|
||||||
|
function commit_new_configs()
|
||||||
|
{
|
||||||
|
# assume we are in $source_tree/configs, need to get to top level
|
||||||
|
pushd "$(switch_to_toplevel)" &>/dev/null
|
||||||
|
|
||||||
|
for cfg in "$SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}"*.config
|
||||||
|
do
|
||||||
|
arch=$(head -1 "$cfg" | cut -b 3-)
|
||||||
|
cfgtmp="${cfg}.tmp"
|
||||||
|
cfgorig="${cfg}.orig"
|
||||||
|
cat "$cfg" > "$cfgorig"
|
||||||
|
|
||||||
|
if [ "$arch" = "EMPTY" ]
|
||||||
|
then
|
||||||
|
# This arch is intentionally left blank
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
echo -n "Checking for new configs in $cfg ... "
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig
|
||||||
|
grep -E 'CONFIG_' .listnewconfig > .newoptions
|
||||||
|
if test -s .newoptions
|
||||||
|
then
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" helpnewconfig >& .helpnewconfig
|
||||||
|
parsenewconfigs
|
||||||
|
fi
|
||||||
|
rm .newoptions
|
||||||
|
echo "done"
|
||||||
|
done
|
||||||
|
|
||||||
|
git add "$SCRIPT_DIR/pending$FLAVOR"
|
||||||
|
git commit -m "[redhat] AUTOMATIC: New configs"
|
||||||
|
}
|
||||||
|
|
||||||
|
function process_config()
|
||||||
|
{
|
||||||
|
local cfg
|
||||||
|
local arch
|
||||||
|
local cfgtmp
|
||||||
|
local cfgorig
|
||||||
|
local count
|
||||||
|
local variant
|
||||||
|
|
||||||
|
cfg=$1
|
||||||
|
count=$2
|
||||||
|
|
||||||
|
arch=$(head -1 "$cfg" | cut -b 3-)
|
||||||
|
|
||||||
|
if [ "$arch" = "EMPTY" ]
|
||||||
|
then
|
||||||
|
# This arch is intentionally left blank
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
variant=$(basename "$cfg" | cut -d"-" -f3- | cut -d"." -f1)
|
||||||
|
|
||||||
|
cfgtmp="${cfg}.tmp"
|
||||||
|
cfgorig="${cfg}.orig"
|
||||||
|
cat "$cfg" > "$cfgorig"
|
||||||
|
|
||||||
|
echo "Processing $cfg ... "
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig"${count}"
|
||||||
|
grep -E 'CONFIG_' .listnewconfig"${count}" > .newoptions"${count}"
|
||||||
|
if test -n "$NEWOPTIONS" && test -s .newoptions"${count}"
|
||||||
|
then
|
||||||
|
echo "Found unset config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors"${count}"
|
||||||
|
cat .newoptions"${count}" >> .errors"${count}"
|
||||||
|
rm .newoptions"${count}"
|
||||||
|
RETURNCODE=1
|
||||||
|
fi
|
||||||
|
rm -f .newoptions"${count}"
|
||||||
|
|
||||||
|
grep -E 'config.*warning' .listnewconfig"${count}" > .warnings"${count}"
|
||||||
|
if test -n "$CHECKWARNINGS" && test -s .warnings"${count}"
|
||||||
|
then
|
||||||
|
echo "Found misconfigured config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors"${count}"
|
||||||
|
cat .warnings"${count}" >> .errors"${count}"
|
||||||
|
fi
|
||||||
|
rm .warnings"${count}"
|
||||||
|
|
||||||
|
rm .listnewconfig"${count}"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1
|
||||||
|
echo "# $arch" > "$cfgtmp"
|
||||||
|
cat "$cfgorig" >> "$cfgtmp"
|
||||||
|
if test -n "$CHECKOPTIONS"
|
||||||
|
then
|
||||||
|
checkoptions "$cfg" "$cfgtmp" "$count" "$variant"
|
||||||
|
fi
|
||||||
|
# if test run, don't overwrite original
|
||||||
|
if test -n "$TESTRUN"
|
||||||
|
then
|
||||||
|
rm -f "$cfgtmp"
|
||||||
|
else
|
||||||
|
mv "$cfgtmp" "$cfg"
|
||||||
|
fi
|
||||||
|
rm -f "$cfgorig"
|
||||||
|
echo "Processing $cfg complete"
|
||||||
|
}
|
||||||
|
|
||||||
function process_configs()
|
function process_configs()
|
||||||
{
|
{
|
||||||
# assume we are in $source_tree/configs, need to get to top level
|
# assume we are in $source_tree/configs, need to get to top level
|
||||||
pushd $(switch_to_toplevel) &>/dev/null
|
pushd "$(switch_to_toplevel)" &>/dev/null
|
||||||
|
|
||||||
for cfg in $SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}*.config
|
# The next line is throwaway code for transition to parallel
|
||||||
|
# processing. Leaving this line in place is harmless, but it can be
|
||||||
|
# removed the next time anyone updates this function.
|
||||||
|
[ -f .mismatches ] && rm -f .mismatches
|
||||||
|
|
||||||
|
count=0
|
||||||
|
for cfg in "$SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}"*.config
|
||||||
do
|
do
|
||||||
arch=$(head -1 $cfg | cut -b 3-)
|
if [ "$count" -eq 0 ]; then
|
||||||
cfgtmp="${cfg}.tmp"
|
# do the first one by itself so that tools are built
|
||||||
cfgorig="${cfg}.orig"
|
process_config "$cfg" "$count"
|
||||||
cat $cfg > $cfgorig
|
|
||||||
|
|
||||||
echo -n "Processing $cfg ... "
|
|
||||||
|
|
||||||
make ARCH=$arch ${CROSSOPTS} KCONFIG_CONFIG=$cfgorig listnewconfig >& .listnewconfig
|
|
||||||
grep -E 'CONFIG_' .listnewconfig > .newoptions
|
|
||||||
if test -n "$NEWOPTIONS" && test -s .newoptions
|
|
||||||
then
|
|
||||||
echo "Found unset config items, please set them to an appropriate value"
|
|
||||||
cat .newoptions
|
|
||||||
rm .newoptions
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
rm .newoptions
|
process_config "$cfg" "$count" &
|
||||||
|
waitpids[${count}]=$!
|
||||||
grep -E 'config.*warning' .listnewconfig > .warnings
|
((count++))
|
||||||
if test -n "$CHECKWARNINGS" && test -s .warnings
|
while [ "$(jobs | grep -c Running)" -ge "$RHJOBS" ]; do :; done
|
||||||
then
|
|
||||||
echo "Found misconfigured config items, please set them to an appropriate value"
|
|
||||||
cat .warnings
|
|
||||||
rm .warnings
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
rm .warnings
|
|
||||||
|
|
||||||
rm .listnewconfig
|
|
||||||
|
|
||||||
make ARCH=$arch ${CROSSOPTS} KCONFIG_CONFIG=$cfgorig oldnoconfig > /dev/null || exit 1
|
|
||||||
echo "# $arch" > ${cfgtmp}
|
|
||||||
cat "${cfgorig}" >> ${cfgtmp}
|
|
||||||
if test -n "$CHECKOPTIONS"
|
|
||||||
then
|
|
||||||
checkoptions $cfg $cfgtmp
|
|
||||||
fi
|
|
||||||
# if test run, don't overwrite original
|
|
||||||
if test -n "$TESTRUN"
|
|
||||||
then
|
|
||||||
rm ${cfgtmp}
|
|
||||||
else
|
|
||||||
mv ${cfgtmp} ${cfg}
|
|
||||||
fi
|
|
||||||
rm ${cfgorig}
|
|
||||||
echo "done"
|
|
||||||
done
|
done
|
||||||
|
for pid in ${waitpids[*]}; do
|
||||||
|
wait ${pid}
|
||||||
|
done
|
||||||
|
|
||||||
rm "$SCRIPT_DIR"/*.config*.old
|
rm "$SCRIPT_DIR"/*.config*.old
|
||||||
|
|
||||||
|
if ls .errors* 1> /dev/null 2>&1; then
|
||||||
|
RETURNCODE=1
|
||||||
|
cat .errors*
|
||||||
|
rm .errors* -f
|
||||||
|
fi
|
||||||
|
if ls .mismatches* 1> /dev/null 2>&1; then
|
||||||
|
RETURNCODE=1
|
||||||
|
cat .mismatches*
|
||||||
|
rm .mismatches* -f
|
||||||
|
fi
|
||||||
|
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
echo "Processed config files are in $SCRIPT_DIR"
|
[ $RETURNCODE -eq 0 ] && echo "Processed config files are in $SCRIPT_DIR"
|
||||||
}
|
}
|
||||||
|
|
||||||
NEWOPTIONS=""
|
|
||||||
CHECKOPTIONS=""
|
CHECKOPTIONS=""
|
||||||
CHECKWARNINGS=""
|
NEWOPTIONS=""
|
||||||
TESTRUN=""
|
TESTRUN=""
|
||||||
|
CHECKWARNINGS=""
|
||||||
|
MAKEOPTS=""
|
||||||
|
CC_IS_CLANG=0
|
||||||
|
|
||||||
|
RETURNCODE=0
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]
|
while [[ $# -gt 0 ]]
|
||||||
do
|
do
|
||||||
key="$1"
|
key="$1"
|
||||||
case $key in
|
case $key in
|
||||||
|
-a)
|
||||||
|
CHECKOPTIONS="x"
|
||||||
|
NEWOPTIONS="x"
|
||||||
|
CHECKWARNINGS="x"
|
||||||
|
;;
|
||||||
|
-c)
|
||||||
|
CHECKOPTIONS="x"
|
||||||
|
;;
|
||||||
-h)
|
-h)
|
||||||
usage
|
usage
|
||||||
;;
|
;;
|
||||||
-n)
|
-n)
|
||||||
NEWOPTIONS="x"
|
NEWOPTIONS="x"
|
||||||
;;
|
;;
|
||||||
-c)
|
|
||||||
CHECKOPTIONS="x"
|
|
||||||
;;
|
|
||||||
-t)
|
-t)
|
||||||
TESTRUN="x"
|
TESTRUN="x"
|
||||||
;;
|
;;
|
||||||
-w)
|
-w)
|
||||||
CHECKWARNINGS="x"
|
CHECKWARNINGS="x"
|
||||||
;;
|
;;
|
||||||
|
-z)
|
||||||
|
COMMITNEWCONFIGS="x"
|
||||||
|
;;
|
||||||
|
-m)
|
||||||
|
shift
|
||||||
|
if [ "$1" = "CC=clang" ] || [ "$1" = "LLVM=1" ]; then
|
||||||
|
CC_IS_CLANG=1
|
||||||
|
fi
|
||||||
|
MAKEOPTS="$MAKEOPTS $1"
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
break;;
|
break;;
|
||||||
esac
|
esac
|
||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
PACKAGE_NAME="${1:-kernel}" # defines the package name used
|
KVERREL="$(test -n "$1" && echo "-$1" || echo "")"
|
||||||
KVERREL="$(test -n "$2" && echo "-$2" || echo "")"
|
FLAVOR="$(test -n "$2" && echo "-$2" || echo "-ark")"
|
||||||
CROSSOPTS="$3"
|
# shellcheck disable=SC2015
|
||||||
SCRIPT="$(readlink -f $0)"
|
SCRIPT=$(readlink -f "$0")
|
||||||
OUTPUT_DIR="$PWD"
|
SCRIPT_DIR=$(dirname "$SCRIPT")
|
||||||
SCRIPT_DIR="$(dirname $SCRIPT)"
|
|
||||||
|
# Config options for RHEL should target the pending-ark directory, not pending-common.
|
||||||
|
if [ "$FLAVOR" = "-rhel" ]
|
||||||
|
then
|
||||||
|
FLAVOR="-ark"
|
||||||
|
fi
|
||||||
|
|
||||||
# to handle this script being a symlink
|
# to handle this script being a symlink
|
||||||
cd $SCRIPT_DIR
|
cd "$SCRIPT_DIR"
|
||||||
|
|
||||||
process_configs
|
if test -n "$COMMITNEWCONFIGS"; then
|
||||||
|
commit_new_configs
|
||||||
|
else
|
||||||
|
process_configs
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit $RETURNCODE
|
||||||
|
@ -3,19 +3,10 @@
|
|||||||
---
|
---
|
||||||
inspections:
|
inspections:
|
||||||
abidiff: off
|
abidiff: off
|
||||||
addedfiles: off
|
|
||||||
badfuncs: off
|
|
||||||
changedfiles: off
|
|
||||||
kmidiff: off
|
kmidiff: off
|
||||||
kmod: off
|
|
||||||
manpage: off
|
|
||||||
movedfiles: off
|
|
||||||
permissions: off
|
|
||||||
removedfiles: off
|
|
||||||
rpmdeps: off
|
|
||||||
upstream: off
|
upstream: off
|
||||||
|
|
||||||
elf:
|
badfuncs:
|
||||||
ignore:
|
ignore:
|
||||||
- /usr/libexec/ksamples/*
|
- /usr/libexec/ksamples/*
|
||||||
- /usr/libexec/kselftests/*
|
- /usr/libexec/kselftests/*
|
||||||
@ -24,17 +15,23 @@ emptyrpm:
|
|||||||
expected_empty:
|
expected_empty:
|
||||||
- kernel
|
- kernel
|
||||||
- kernel-debug
|
- kernel-debug
|
||||||
|
- kernel-debug-devel-matched
|
||||||
|
- kernel-devel-matched
|
||||||
|
- kernel-lpae
|
||||||
- kernel-zfcpdump
|
- kernel-zfcpdump
|
||||||
|
- kernel-zfcpdump-devel-matched
|
||||||
- kernel-zfcpdump-modules
|
- kernel-zfcpdump-modules
|
||||||
|
|
||||||
|
patches:
|
||||||
|
ignore_list:
|
||||||
|
- linux-kernel-test.patch
|
||||||
|
- patch-5.14-redhat.patch
|
||||||
|
|
||||||
specname:
|
specname:
|
||||||
match: prefix
|
match: prefix
|
||||||
primary: filename
|
primary: filename
|
||||||
|
|
||||||
patches:
|
runpath:
|
||||||
ignore_list:
|
|
||||||
- linux-kernel-test.patch
|
|
||||||
|
|
||||||
types:
|
|
||||||
ignore:
|
ignore:
|
||||||
- /usr/src/kernel/*
|
- /usr/libexec/kselftests/bpf/urandom_read
|
||||||
|
- /usr/libexec/kselftests/bpf/no_alu32/urandom_read
|
||||||
|
12
SOURCES/update_scripts.sh
Executable file
12
SOURCES/update_scripts.sh
Executable file
@ -0,0 +1,12 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
TARGET="$1"
|
||||||
|
|
||||||
|
for i in "$RPM_SOURCE_DIR"/*."$TARGET"; do
|
||||||
|
NEW=${i%.$TARGET}
|
||||||
|
cp "$i" "$(basename "$NEW")"
|
||||||
|
done
|
@ -5,9 +5,9 @@ prompt = no
|
|||||||
x509_extensions = myexts
|
x509_extensions = myexts
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
O = Red Hat
|
O = AlmaLinux
|
||||||
CN = Red Hat Enterprise Linux kernel signing key
|
CN = AlmaLinux kernel signing key
|
||||||
emailAddress = secalert@redhat.com
|
emailAddress = security@almalinux.org
|
||||||
|
|
||||||
[ myexts ]
|
[ myexts ]
|
||||||
basicConstraints=critical,CA:FALSE
|
basicConstraints=critical,CA:FALSE
|
16
SOURCES/x509.genkey.rhel
Normal file
16
SOURCES/x509.genkey.rhel
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
[ req ]
|
||||||
|
default_bits = 3072
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
prompt = no
|
||||||
|
x509_extensions = myexts
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
O = AlmaLinux
|
||||||
|
CN = AlmaLinux kernel signing key
|
||||||
|
emailAddress = security@almalinux.org
|
||||||
|
|
||||||
|
[ myexts ]
|
||||||
|
basicConstraints=critical,CA:FALSE
|
||||||
|
keyUsage=digitalSignature
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid
|
172871
SPECS/kernel.spec
Normal file → Executable file
172871
SPECS/kernel.spec
Normal file → Executable file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user