From 5928f6767f245953c556efce7e084a2b6602879b Mon Sep 17 00:00:00 2001 From: CKI KWF Bot Date: Fri, 9 Jan 2026 19:47:09 +0000 Subject: [PATCH] kernel-5.14.0-658.el9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fri Jan 09 2026 CKI KWF Bot [5.14.0-658.el9] - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (Mamatha Inamdar) [RHEL-104980] - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check (Cornelia Huck) [RHEL-131243] - KVM: arm64: nv: Don't advance PC when pending an SVE exception (Cornelia Huck) [RHEL-131243] - KVM: arm64: Don't access ICC_SRE_EL2 if GICv3 doesn't support v2 compatibility (Cornelia Huck) [RHEL-131243] - KVM: arm64: Fix kvm_vcpu_{set,is}_be() to deal with EL2 state (Cornelia Huck) [RHEL-131243] - rtla/timerlat_bpf: Stop tracing on user latency (Tomas Glozar) [RHEL-125445] - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (David Arcari) [RHEL-129862] - dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-129505] - dlm: check for undefined release_option values (Alexander Aring) [RHEL-127940] - dlm: handle release_option as unsigned (Alexander Aring) [RHEL-127940] - dlm: handle invalid lockspace member remove (Alexander Aring) [RHEL-127940] - dlm: add new flag DLM_RELEASE_RECOVER for dlm_lockspace_release (Alexander Aring) [RHEL-127940] - dlm: add new configfs entry release_recover for lockspace members (Alexander Aring) [RHEL-127940] - dlm: add new RELEASE_RECOVER uevent attribute for release_lockspace (Alexander Aring) [RHEL-127940] - dlm: use defines for force values in dlm_release_lockspace (Alexander Aring) [RHEL-127940] - dlm: check for defined force value in dlm_lockspace_release (Alexander Aring) [RHEL-127940] - dlm: disallow different configs nodeid storages (Alexander Aring) [RHEL-127940] - dlm: prevent NPD when writing a positive value to event_done (Alexander Aring) [RHEL-127940] {CVE-2025-23131} - bits: introduce fixed-type BIT_U*() (José Expósito) [RHEL-125803] - bits: introduce fixed-type GENMASK_U*() (José Expósito) [RHEL-125803] - bits: add comments and newlines to #if, #else and #endif directives (José Expósito) [RHEL-125803] - linux/bits.h: simplify GENMASK_INPUT_CHECK() (José Expósito) [RHEL-125803] - compiler.h: add const_true() (José Expósito) [RHEL-125803] - iopoll: Generalize read_poll_timeout() into poll_timeout_us() (José Expósito) [RHEL-125803] - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (José Expósito) [RHEL-125803] - PM: hibernate: Add pm_hibernation_mode_is_suspend() (José Expósito) [RHEL-125803] - overflow: add range_overflows() and range_end_overflows() (José Expósito) [RHEL-125803] - list: add list_last_entry_or_null() (José Expósito) [RHEL-125803] - redhat: Temporary stop adding 'kernel' component to SBAT (Li Tian) [RHEL-124584] - redhat: Switch to implicit enablement of CONFIG_EFI_SBAT_FILE (Li Tian) [RHEL-124584] - redhat: Add SBAT information to Linux kernel (Li Tian) [RHEL-124584] - x86/efi: Implement support for embedding SBAT data for x86 (Li Tian) [RHEL-124584] - efi: Fix .data section size calculations when .sbat is present (Li Tian) [RHEL-124584] - efi: Drop preprocessor directives from zboot.lds (Li Tian) [RHEL-124584] - efi: zboot specific mechanism for embedding SBAT section (Li Tian) [RHEL-124584] - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (David Thompson) [RHEL-104015] - mlxbf_gige: emit messages during open and probe failures (David Thompson) [RHEL-104015] - mlxbf_gige: disable RX filters until RX path initialized (David Thompson) [RHEL-104015] - mlxbf_gige: add support to display pause frame counters (David Thompson) [RHEL-104015] Resolves: RHEL-104015, RHEL-104980, RHEL-124584, RHEL-125445, RHEL-125803, RHEL-127940, RHEL-129505, RHEL-129862, RHEL-131243 Signed-off-by: CKI KWF Bot --- Makefile.rhelver | 2 +- kernel-aarch64-64k-debug-rhel.config | 1 + kernel-aarch64-64k-rhel.config | 1 + kernel-aarch64-debug-rhel.config | 1 + kernel-aarch64-rhel.config | 1 + kernel-aarch64-rt-64k-debug-rhel.config | 1 + kernel-aarch64-rt-64k-rhel.config | 1 + kernel-aarch64-rt-debug-rhel.config | 1 + kernel-aarch64-rt-rhel.config | 1 + kernel-ppc64le-debug-rhel.config | 1 + kernel-ppc64le-rhel.config | 1 + kernel-s390x-debug-rhel.config | 1 + kernel-s390x-rhel.config | 1 + kernel-s390x-zfcpdump-rhel.config | 1 + kernel-x86_64-debug-rhel.config | 1 + kernel-x86_64-rhel.config | 1 + kernel-x86_64-rt-debug-rhel.config | 1 + kernel-x86_64-rt-rhel.config | 1 + kernel.changelog | 42 +++++++++++++ kernel.sbat.template | 2 + kernel.spec | 81 +++++++++++++++++++------ sources | 6 +- 22 files changed, 129 insertions(+), 21 deletions(-) create mode 100644 kernel.sbat.template diff --git a/Makefile.rhelver b/Makefile.rhelver index 07dc4b552..4c17d129e 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 8 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 657 +RHEL_RELEASE = 658 # # ZSTREAM diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config index f1552317a..c45c33cbb 100644 --- a/kernel-aarch64-64k-debug-rhel.config +++ b/kernel-aarch64-64k-debug-rhel.config @@ -1805,6 +1805,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config index 3c29a3eab..b2ec26d74 100644 --- a/kernel-aarch64-64k-rhel.config +++ b/kernel-aarch64-64k-rhel.config @@ -1797,6 +1797,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 8b809ff00..db8ca5b4f 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -1803,6 +1803,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 2d9bfc8e2..b5f55bdd4 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -1795,6 +1795,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-rt-64k-debug-rhel.config b/kernel-aarch64-rt-64k-debug-rhel.config index 706b870a8..6816bf474 100644 --- a/kernel-aarch64-rt-64k-debug-rhel.config +++ b/kernel-aarch64-rt-64k-debug-rhel.config @@ -1847,6 +1847,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-rt-64k-rhel.config b/kernel-aarch64-rt-64k-rhel.config index 46b7cfdea..df5f566e5 100644 --- a/kernel-aarch64-rt-64k-rhel.config +++ b/kernel-aarch64-rt-64k-rhel.config @@ -1839,6 +1839,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config index 765f74621..53f363a50 100644 --- a/kernel-aarch64-rt-debug-rhel.config +++ b/kernel-aarch64-rt-debug-rhel.config @@ -1845,6 +1845,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config index 7787914d9..adeb13786 100644 --- a/kernel-aarch64-rt-rhel.config +++ b/kernel-aarch64-rt-rhel.config @@ -1837,6 +1837,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y # CONFIG_EFI_TEST is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index b349ef954..c7f660f9e 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -1549,6 +1549,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y # CONFIG_EFI_TEST is not set CONFIG_EFI_ZBOOT=y diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 174c4036c..d9a2653c9 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -1541,6 +1541,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y # CONFIG_EFI_TEST is not set CONFIG_EFI_ZBOOT=y diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 4434e36ab..73d40987c 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -1551,6 +1551,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y # CONFIG_EFI_TEST is not set CONFIG_EFI_ZBOOT=y diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 8f6c2dcd5..b89674731 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -1543,6 +1543,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y # CONFIG_EFI_TEST is not set CONFIG_EFI_ZBOOT=y diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 44e9c6c5b..4964b2560 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -1548,6 +1548,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_RCI2_TABLE is not set +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SOFT_RESERVE=y # CONFIG_EFI_TEST is not set CONFIG_EFI_ZBOOT=y diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 86d3837e1..73c21e83d 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -1663,6 +1663,7 @@ CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_EFI_RCI2_TABLE=y CONFIG_EFI_RUNTIME_MAP=y +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SECRET=m CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 36a817d90..0a992c285 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -1655,6 +1655,7 @@ CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_EFI_RCI2_TABLE=y CONFIG_EFI_RUNTIME_MAP=y +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SECRET=m CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index a2570e1ff..447046efc 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -1707,6 +1707,7 @@ CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_EFI_RCI2_TABLE=y CONFIG_EFI_RUNTIME_MAP=y +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SECRET=m CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 5e8495567..798d475ba 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -1699,6 +1699,7 @@ CONFIG_EFI_PARTITION=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_EFI_RCI2_TABLE=y CONFIG_EFI_RUNTIME_MAP=y +CONFIG_EFI_SBAT_FILE="" CONFIG_EFI_SECRET=m CONFIG_EFI_SOFT_RESERVE=y CONFIG_EFI_STUB=y diff --git a/kernel.changelog b/kernel.changelog index d5465d5f2..8c58e7a84 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,45 @@ +* Fri Jan 09 2026 CKI KWF Bot [5.14.0-658.el9] +- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (Mamatha Inamdar) [RHEL-104980] +- KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check (Cornelia Huck) [RHEL-131243] +- KVM: arm64: nv: Don't advance PC when pending an SVE exception (Cornelia Huck) [RHEL-131243] +- KVM: arm64: Don't access ICC_SRE_EL2 if GICv3 doesn't support v2 compatibility (Cornelia Huck) [RHEL-131243] +- KVM: arm64: Fix kvm_vcpu_{set,is}_be() to deal with EL2 state (Cornelia Huck) [RHEL-131243] +- rtla/timerlat_bpf: Stop tracing on user latency (Tomas Glozar) [RHEL-125445] +- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (David Arcari) [RHEL-129862] +- dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-129505] +- dlm: check for undefined release_option values (Alexander Aring) [RHEL-127940] +- dlm: handle release_option as unsigned (Alexander Aring) [RHEL-127940] +- dlm: handle invalid lockspace member remove (Alexander Aring) [RHEL-127940] +- dlm: add new flag DLM_RELEASE_RECOVER for dlm_lockspace_release (Alexander Aring) [RHEL-127940] +- dlm: add new configfs entry release_recover for lockspace members (Alexander Aring) [RHEL-127940] +- dlm: add new RELEASE_RECOVER uevent attribute for release_lockspace (Alexander Aring) [RHEL-127940] +- dlm: use defines for force values in dlm_release_lockspace (Alexander Aring) [RHEL-127940] +- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring) [RHEL-127940] +- dlm: disallow different configs nodeid storages (Alexander Aring) [RHEL-127940] +- dlm: prevent NPD when writing a positive value to event_done (Alexander Aring) [RHEL-127940] {CVE-2025-23131} +- bits: introduce fixed-type BIT_U*() (José Expósito) [RHEL-125803] +- bits: introduce fixed-type GENMASK_U*() (José Expósito) [RHEL-125803] +- bits: add comments and newlines to #if, #else and #endif directives (José Expósito) [RHEL-125803] +- linux/bits.h: simplify GENMASK_INPUT_CHECK() (José Expósito) [RHEL-125803] +- compiler.h: add const_true() (José Expósito) [RHEL-125803] +- iopoll: Generalize read_poll_timeout() into poll_timeout_us() (José Expósito) [RHEL-125803] +- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (José Expósito) [RHEL-125803] +- PM: hibernate: Add pm_hibernation_mode_is_suspend() (José Expósito) [RHEL-125803] +- overflow: add range_overflows() and range_end_overflows() (José Expósito) [RHEL-125803] +- list: add list_last_entry_or_null() (José Expósito) [RHEL-125803] +- redhat: Temporary stop adding 'kernel' component to SBAT (Li Tian) [RHEL-124584] +- redhat: Switch to implicit enablement of CONFIG_EFI_SBAT_FILE (Li Tian) [RHEL-124584] +- redhat: Add SBAT information to Linux kernel (Li Tian) [RHEL-124584] +- x86/efi: Implement support for embedding SBAT data for x86 (Li Tian) [RHEL-124584] +- efi: Fix .data section size calculations when .sbat is present (Li Tian) [RHEL-124584] +- efi: Drop preprocessor directives from zboot.lds (Li Tian) [RHEL-124584] +- efi: zboot specific mechanism for embedding SBAT section (Li Tian) [RHEL-124584] +- mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (David Thompson) [RHEL-104015] +- mlxbf_gige: emit messages during open and probe failures (David Thompson) [RHEL-104015] +- mlxbf_gige: disable RX filters until RX path initialized (David Thompson) [RHEL-104015] +- mlxbf_gige: add support to display pause frame counters (David Thompson) [RHEL-104015] +Resolves: RHEL-104015, RHEL-104980, RHEL-124584, RHEL-125445, RHEL-125803, RHEL-127940, RHEL-129505, RHEL-129862, RHEL-131243 + * Thu Jan 08 2026 CKI KWF Bot [5.14.0-657.el9] - powerpc/kexec: Enable SMT before waking offline CPUs (Mamatha Inamdar) [RHEL-137134] - dpll: zl3073x: Allow to configure phase offset averaging factor (CKI Backport Bot) [RHEL-118666] diff --git a/kernel.sbat.template b/kernel.sbat.template new file mode 100644 index 000000000..11f92833b --- /dev/null +++ b/kernel.sbat.template @@ -0,0 +1,2 @@ +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md +kernel.@SBAT_SUFFIX,1,Red Hat,kernel-core,@KVER,mailto:secalert@redhat.com diff --git a/kernel.spec b/kernel.spec index c865125f3..335598f27 100644 --- a/kernel.spec +++ b/kernel.spec @@ -114,6 +114,17 @@ Summary: The Linux kernel %global signkernel 0 %endif +# RHEL/CentOS/Fedora specific .SBAT entries +%if 0%{?centos} +%global sbat_suffix centos +%else +%if 0%{?fedora} +%global sbat_suffix fedora +%else +%global sbat_suffix rhel +%endif +%endif + # Sign modules on all arches %global signmodules 1 @@ -165,15 +176,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 657 +%define pkgrelease 658 %define kversion 5 -%define tarfile_release 5.14.0-657.el9 +%define tarfile_release 5.14.0-658.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 657%{?buildid}%{?dist} +%define specrelease 658%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-657.el9 +%define kabiversion 5.14.0-658.el9 # # End of genspec.sh variables @@ -880,6 +891,7 @@ Source80: generate_all_configs.sh Source81: process_configs.sh Source82: update_scripts.sh +Source83: kernel.sbat.template Source84: mod-internal.list Source85: mod-partner.list @@ -1681,6 +1693,9 @@ pathfix.py -i "%{__python3}" -p -n \ Documentation \ scripts/clang-tools +# SBAT data +sed -e s,@KVER,%{KVERREL}, -e s,@SBAT_SUFFIX,%{sbat_suffix}, %{SOURCE83} > kernel.sbat + # only deal with configs if we are going to build for the arch %ifnarch %nobuildarches @@ -1738,6 +1753,7 @@ cat secureboot.pem >> ../certs/rhel.pem %endif for i in *.config; do sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i + sed -i 's@CONFIG_EFI_SBAT_FILE=""@CONFIG_EFI_SBAT_FILE="kernel.sbat"@' $i done %endif %endif @@ -2377,26 +2393,16 @@ BuildKernel() { if [ "$Variant" != "rt" ] && [ "$Variant" != "rt-debug" ] && [ "$Variant" != "rt-64k" ] && [ "$Variant" != "rt-64k-debug" ]; then popd - # RHEL/CentOS specific .SBAT entries -%if 0%{?centos} - SBATsuffix="centos" -%else -%if 0%{?fedora} - SBATsuffix="fedora" -%else - SBATsuffix="rhel" -%endif -%endif SBAT=$(cat <<- EOF linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com + linux.%{sbat_suffix},1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com + kernel-uki-virt.%{sbat_suffix},1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com EOF ) ADDONS_SBAT=$(cat <<- EOF sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md - kernel-uki-virt-addons.$SBATsuffix,1,Red Hat,kernel-uki-virt-addons,$KernelVer,mailto:secalert@redhat.com + kernel-uki-virt-addons.%{sbat_suffix},1,Red Hat,kernel-uki-virt-addons,$KernelVer,mailto:secalert@redhat.com EOF ) @@ -3697,6 +3703,47 @@ fi # # %changelog +* Fri Jan 09 2026 CKI KWF Bot [5.14.0-658.el9] +- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (Mamatha Inamdar) [RHEL-104980] +- KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check (Cornelia Huck) [RHEL-131243] +- KVM: arm64: nv: Don't advance PC when pending an SVE exception (Cornelia Huck) [RHEL-131243] +- KVM: arm64: Don't access ICC_SRE_EL2 if GICv3 doesn't support v2 compatibility (Cornelia Huck) [RHEL-131243] +- KVM: arm64: Fix kvm_vcpu_{set,is}_be() to deal with EL2 state (Cornelia Huck) [RHEL-131243] +- rtla/timerlat_bpf: Stop tracing on user latency (Tomas Glozar) [RHEL-125445] +- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (David Arcari) [RHEL-129862] +- dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-129505] +- dlm: check for undefined release_option values (Alexander Aring) [RHEL-127940] +- dlm: handle release_option as unsigned (Alexander Aring) [RHEL-127940] +- dlm: handle invalid lockspace member remove (Alexander Aring) [RHEL-127940] +- dlm: add new flag DLM_RELEASE_RECOVER for dlm_lockspace_release (Alexander Aring) [RHEL-127940] +- dlm: add new configfs entry release_recover for lockspace members (Alexander Aring) [RHEL-127940] +- dlm: add new RELEASE_RECOVER uevent attribute for release_lockspace (Alexander Aring) [RHEL-127940] +- dlm: use defines for force values in dlm_release_lockspace (Alexander Aring) [RHEL-127940] +- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring) [RHEL-127940] +- dlm: disallow different configs nodeid storages (Alexander Aring) [RHEL-127940] +- dlm: prevent NPD when writing a positive value to event_done (Alexander Aring) [RHEL-127940] {CVE-2025-23131} +- bits: introduce fixed-type BIT_U*() (José Expósito) [RHEL-125803] +- bits: introduce fixed-type GENMASK_U*() (José Expósito) [RHEL-125803] +- bits: add comments and newlines to #if, #else and #endif directives (José Expósito) [RHEL-125803] +- linux/bits.h: simplify GENMASK_INPUT_CHECK() (José Expósito) [RHEL-125803] +- compiler.h: add const_true() (José Expósito) [RHEL-125803] +- iopoll: Generalize read_poll_timeout() into poll_timeout_us() (José Expósito) [RHEL-125803] +- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (José Expósito) [RHEL-125803] +- PM: hibernate: Add pm_hibernation_mode_is_suspend() (José Expósito) [RHEL-125803] +- overflow: add range_overflows() and range_end_overflows() (José Expósito) [RHEL-125803] +- list: add list_last_entry_or_null() (José Expósito) [RHEL-125803] +- redhat: Temporary stop adding 'kernel' component to SBAT (Li Tian) [RHEL-124584] +- redhat: Switch to implicit enablement of CONFIG_EFI_SBAT_FILE (Li Tian) [RHEL-124584] +- redhat: Add SBAT information to Linux kernel (Li Tian) [RHEL-124584] +- x86/efi: Implement support for embedding SBAT data for x86 (Li Tian) [RHEL-124584] +- efi: Fix .data section size calculations when .sbat is present (Li Tian) [RHEL-124584] +- efi: Drop preprocessor directives from zboot.lds (Li Tian) [RHEL-124584] +- efi: zboot specific mechanism for embedding SBAT section (Li Tian) [RHEL-124584] +- mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available (David Thompson) [RHEL-104015] +- mlxbf_gige: emit messages during open and probe failures (David Thompson) [RHEL-104015] +- mlxbf_gige: disable RX filters until RX path initialized (David Thompson) [RHEL-104015] +- mlxbf_gige: add support to display pause frame counters (David Thompson) [RHEL-104015] + * Thu Jan 08 2026 CKI KWF Bot [5.14.0-657.el9] - powerpc/kexec: Enable SMT before waking offline CPUs (Mamatha Inamdar) [RHEL-137134] - dpll: zl3073x: Allow to configure phase offset averaging factor (CKI Backport Bot) [RHEL-118666] diff --git a/sources b/sources index 6e3b68ad5..64b7bf968 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-657.el9.tar.xz) = 029676375c432161d4d2c100a2ee15eac3ed74d6877b35196dc8e391d62158acd9a9d71e21fe20b4dbfc40672fe421c7ce2d7a425a31cbe06e4f9d01646d84e6 -SHA512 (kernel-abi-stablelists-5.14.0-657.el9.tar.bz2) = 087005677f4e1e9b880d4432e6711b2e878dc58990087c208273a52543b25c174c7d3fdc83d4dd32f7d1a14f39421981fcbdc35f1de32ed2ddd5d1af48767589 -SHA512 (kernel-kabi-dw-5.14.0-657.el9.tar.bz2) = 8e9a211fac2c9e5ec4e0f118d56b7127ae311d846a97f4252923c717d9bec4d2b38c688622683342c3e89f9d1efe3cf115a4e5fda86a211963799d9e4c9a9f2a +SHA512 (linux-5.14.0-658.el9.tar.xz) = b727a2a90a7bef9dd19d006fa871d6ca765ddd51e76873cf188594e423cf0f6ad72b069effa1c6cff6cc639714ccf942ff0dd855c2722dd0e3559a033f29cb71 +SHA512 (kernel-abi-stablelists-5.14.0-658.el9.tar.bz2) = f834e9d1c3da3e224768a02fa72e133105aabd89de951477567a78c2793160cd1f98cc359ab658cbd222959bcbe368771404c35f2cf07ff4c4a252faf9ed3d9f +SHA512 (kernel-kabi-dw-5.14.0-658.el9.tar.bz2) = 489a9dea47626e8a89c82a500caa09bc76d8086f787ea2ebb7fbfab8c43c692288751e86e5543c90fc0313c1b6fa33b1f1a410465915cb7758ce50aec44244c6