From 5ad8a8c7cd38f1d3e7a359c18c787acc38812212 Mon Sep 17 00:00:00 2001 From: Rado Vrbovsky Date: Wed, 27 Nov 2024 14:54:41 +0000 Subject: [PATCH] kernel-5.14.0-535.el9 * Wed Nov 27 2024 Rado Vrbovsky [5.14.0-535.el9] - redhat: create 'crashkernel=' addons for UKI (Vitaly Kuznetsov) [RHEL-33051] - redhat: avoid superfluous quotes in UKI cmdline addones (Vitaly Kuznetsov) [RHEL-33051] - x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y (Baoquan He) [RHEL-39727] - netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66855] {CVE-2024-50251} - cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66836] {CVE-2024-50226} - fs/netfs/fscache_cookie: add missing "n_accesses" check (CKI Backport Bot) [RHEL-57214] {CVE-2024-45000} - ACPI: sysfs: validate return type of _STR method (CKI Backport Bot) [RHEL-63262] {CVE-2024-49860} - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CKI Backport Bot) [RHEL-65117] {CVE-2024-50073} - ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-64453] {CVE-2024-49935} - ext4: avoid use-after-free in ext4_ext_show_leaf() (CKI Backport Bot) [RHEL-64591] {CVE-2024-49889} - kthread: unpark only parked kthread (Radostin Stoyanov) [RHEL-63788] {CVE-2024-50019} - irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66968] {CVE-2024-50192} - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66968] {CVE-2024-50192} - selftests: fib_nexthops: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] - selftests: router_mpath_nh_res: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] - selftests: router_mpath_nh: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] - selftests: router_mpath: Sleep after MZ (Ivan Vecera) [RHEL-68365] - net: nexthop: Increase weight to u16 (Ivan Vecera) [RHEL-68365] - net: nexthop: Add flag to assert that NHGRP reserved fields are zero (Ivan Vecera) [RHEL-68365] - mm, slub: avoid zeroing kmalloc redzone (Waiman Long) [RHEL-64035] {CVE-2024-49885} - mm/slub: avoid zeroing outside-object freepointer for single free (Waiman Long) [RHEL-64035] - slub, kasan: improve interaction of KASAN and slub_debug poisoning (Waiman Long) [RHEL-64035] - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CKI Backport Bot) [RHEL-64518] {CVE-2024-49959} - page_pool: export page_pool_disable_direct_recycling() (Felix Maurer) [RHEL-57765] - page_pool: fix &page_pool_params kdoc issues (Felix Maurer) [RHEL-57765] - xsk: use generic DMA sync shortcut instead of a custom one (Felix Maurer) [RHEL-57765] - page_pool: check for DMA sync shortcut earlier (Felix Maurer) [RHEL-57765] - page_pool: don't use driver-set flags field directly (Felix Maurer) [RHEL-57765] - page_pool: make sure frag API fields don't span between cachelines (Felix Maurer) [RHEL-57765] - page_pool: add DMA-sync-for-CPU inline helper (Felix Maurer) [RHEL-57765] - page_pool: constify some read-only function arguments (Felix Maurer) [RHEL-57765] - page_pool: try direct bulk recycling (Felix Maurer) [RHEL-57765] - page_pool: check for PP direct cache locality later (Felix Maurer) [RHEL-57765] - net: page_pool: factor out page_pool recycle check (Felix Maurer) [RHEL-57765] - net: page_pool: fix recycle stats for system page_pool allocator (Felix Maurer) [RHEL-57765] - page_pool: disable direct recycling based on pool->cpuid on destroy (Felix Maurer) [RHEL-57765] - scsi: lpfc: Update lpfc version to 14.4.0.5 (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Support loopback tests with VMID enabled (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Remove trailing space after \n newline (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Update lpfc version to 14.4.0.4 (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Update PRLO handling in direct attached topology (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Fix unintentional double clearing of vmid_flag (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Remove redundant vport assignment when building an abort request (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Update lpfc version to 14.4.0.3 (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (Dick Kennedy) [RHEL-53595] - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (Dick Kennedy) [RHEL-53595] - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (CKI Backport Bot) [RHEL-54875] {CVE-2024-43820} - ACPI: PRM: Clean up guid type in struct prm_handler_info (Mark Langsdorf) [RHEL-66520] {CVE-2024-50141} - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (CKI Backport Bot) [RHEL-66520] {CVE-2024-50141} - ext4: force disable fscrypt feature (Brian Foster) [RHEL-41061] - exfat: fix memory leak in exfat_load_bitmap() (CKI Backport Bot) [RHEL-63633] {CVE-2024-50013} - nbd: fix race between timeout and normal completion (Ming Lei) [RHEL-55992] - nfsd: map the EBADMSG to nfserr_io to avoid warning (Olga Kornievskaia) [RHEL-63586] {CVE-2024-49875} - bpf: Use nla_ok() instead of checking nla_len directly (Petr Oros) [RHEL-57755] - devlink: use kvzalloc() to allocate devlink instance resources (Petr Oros) [RHEL-57755] - Documentation: Add documentation for eswitch attribute (Petr Oros) [RHEL-57755] - devlink: fix port new reply cmd type (Petr Oros) [RHEL-57755] - tools: ynl: add header guards for nlctrl (Petr Oros) [RHEL-57755] - devlink: Add comments to use netlink gen tool (Petr Oros) [RHEL-57755] - net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID (Petr Oros) [RHEL-57755] - netlink: specs: support generating code for genl socket priv (Petr Oros) [RHEL-57755] - tools: ynl: remove trailing semicolon (Petr Oros) [RHEL-57755] - netlink: specs: support unterminated-ok (Petr Oros) [RHEL-57755] - tools: ynl-gen: support using pre-defined values in attr checks (Petr Oros) [RHEL-57755] - ynl: samples: fix recycling rate calculation (Petr Oros) [RHEL-57755] - tools: ynl: Fix spelling mistake "Constructred" -> "Constructed" (Petr Oros) [RHEL-57755] - doc/netlink/specs: Add spec for nlctrl netlink family (Petr Oros) [RHEL-57755] - doc/netlink: Allow empty enum-name in ynl specs (Petr Oros) [RHEL-57755] - tools/net/ynl: Add nest-type-value decoding (Petr Oros) [RHEL-57755] - tools/net/ynl: Fix c codegen for array-nest (Petr Oros) [RHEL-57755] - tools/net/ynl: Fix extack decoding for netlink-raw (Petr Oros) [RHEL-57755] - tools: ynl: check for overflow of constructed messages (Petr Oros) [RHEL-57755] - tools: ynl: add --dbg-small-recv for easier kernel testing (Petr Oros) [RHEL-57755] - tools: ynl: support debug printing messages (Petr Oros) [RHEL-57755] - tools: ynl: allow setting recv() size (Petr Oros) [RHEL-57755] - tools: ynl: move the new line in NlMsg __repr__ (Petr Oros) [RHEL-57755] - tools: ynl: remove __pycache__ during clean (Petr Oros) [RHEL-57755] - tools: ynl: add distclean to .PHONY in all makefiles (Petr Oros) [RHEL-57755] - tools: ynl: rename make hardclean -> distclean (Petr Oros) [RHEL-57755] - genetlink: fit NLMSG_DONE into same read() as families (Petr Oros) [RHEL-57755] - netdev: let netlink core handle -EMSGSIZE errors (Petr Oros) [RHEL-57755] - netlink: handle EMSGSIZE errors in the core (Petr Oros) [RHEL-57755] - tools: ynl: use MSG_DONTWAIT for getting notifications (Petr Oros) [RHEL-57755] - tools: ynl: remove the libmnl dependency (Petr Oros) [RHEL-57755] - tools: ynl: stop using mnl socket helpers (Petr Oros) [RHEL-57755] - tools: ynl: switch away from MNL_CB_* (Petr Oros) [RHEL-57755] - tools: ynl: switch away from mnl_cb_t (Petr Oros) [RHEL-57755] - tools: ynl: stop using mnl_cb_run2() (Petr Oros) [RHEL-57755] - tools: ynl: use ynl_sock_read_msgs() for ACK handling (Petr Oros) [RHEL-57755] - tools: ynl: wrap recv() + mnl_cb_run2() into a single helper (Petr Oros) [RHEL-57755] - tools: ynl-gen: remove unused parse code (Petr Oros) [RHEL-57755] - tools: ynl: make yarg the first member of struct ynl_dump_state (Petr Oros) [RHEL-57755] - tools: ynl: create local ARRAY_SIZE() helper (Petr Oros) [RHEL-57755] - tools: ynl: create local nlmsg access helpers (Petr Oros) [RHEL-57755] - tools: ynl: create local for_each helpers (Petr Oros) [RHEL-57755] - tools: ynl: create local attribute helpers (Petr Oros) [RHEL-57755] - tools: ynl: give up on libmnl for auto-ints (Petr Oros) [RHEL-57755] - tools: ynl: protect from old OvS headers (Petr Oros) [RHEL-57755] - tools: ynl: fix header guards (Petr Oros) [RHEL-57755] - genetlink: make info in GENL_REQ_ATTR_CHECK() const (Petr Oros) [RHEL-57755] - tools: ynl: allow user to pass enum string instead of scalar value (Petr Oros) [RHEL-57755] - tools: ynl: process all scalar types encoding in single elif statement (Petr Oros) [RHEL-57755] - tools: ynl: allow user to specify flag attr with bool values (Petr Oros) [RHEL-57755] - tools: ynl: don't access uninitialized attr_space variable (Petr Oros) [RHEL-57755] - tools: ynl: add support for encoding multi-attr (Petr Oros) [RHEL-57755] - doc: netlink: specs: tc: add multi-attr to tc-taprio-sched-entry (Petr Oros) [RHEL-57755] - tools: ynl: correct typo and docstring (Petr Oros) [RHEL-57755] - Documentation: Fix counter name of mlx5 vnic reporter (Petr Oros) [RHEL-57755] - net: make dev_unreg_count global (Petr Oros) [RHEL-57755] - tools: ynl: auto-gen for all genetlink families (Petr Oros) [RHEL-57755] - tools: ynl: generate code for ovs families (Petr Oros) [RHEL-57755] - tools: ynl: include dpll and mptcp_pm in C codegen (Petr Oros) [RHEL-57755] - tools/net/ynl: Add type info to struct members in generated docs (Petr Oros) [RHEL-57755] - doc/netlink: Describe nested structs in netlink raw docs (Petr Oros) [RHEL-57755] - tools/net/ynl: Add support for nested structs (Petr Oros) [RHEL-57755] - tools/net/ynl: Move formatted_string method out of NlAttr (Petr Oros) [RHEL-57755] - tools/net/ynl: Rename _fixed_header_size() to _struct_size() (Petr Oros) [RHEL-57755] - tools/net/ynl: Combine struct decoding logic in ynl (Petr Oros) [RHEL-57755] - tools/net/ynl: Encode default values for binary blobs (Petr Oros) [RHEL-57755] - tools/net/ynl: Add support for encoding sub-messages (Petr Oros) [RHEL-57755] - tools/net/ynl: Refactor fixed header encoding into separate method (Petr Oros) [RHEL-57755] - doc/netlink: Describe sub-message selector resolution (Petr Oros) [RHEL-57755] - tools/net/ynl: Support sub-messages in nested attribute spaces (Petr Oros) [RHEL-57755] - netlink: Return unsigned value for nla_len() (Petr Oros) [RHEL-57755] - tools: ynl: move private definitions to a separate header (Petr Oros) [RHEL-57755] - tools: ynl: remove generated user space code from git (Petr Oros) [RHEL-57755] - ice: document RDMA devlink parameters (Petr Oros) [RHEL-57755] - tracing: devlink: Use static array for string in devlink_trap_report event (Petr Oros) [RHEL-57755] - net: get rid of rtnl_lock_unregistering() (Petr Oros) [RHEL-57755] - netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage. (Michal Schmidt) [RHEL-59089] - locking/local_lock: Add local nested BH locking infrastructure. (Michal Schmidt) [RHEL-59089] - locking/local_lock: Introduce guard definition for local_lock. (Michal Schmidt) [RHEL-59089] - vhost_vdpa: assign irq bypass producer token correctly (Cindy Lu) [RHEL-63364] {CVE-2024-47748} - nfsd: call cache_put if xdr_reserve_space returns NULL (Olga Kornievskaia) [RHEL-63382] {CVE-2024-47737} Resolves: RHEL-33051, RHEL-39727, RHEL-41061, RHEL-53595, RHEL-54875, RHEL-55992, RHEL-57214, RHEL-57755, RHEL-57765, RHEL-59089, RHEL-63262, RHEL-63364, RHEL-63382, RHEL-63586, RHEL-63633, RHEL-63788, RHEL-64035, RHEL-64453, RHEL-64518, RHEL-64591, RHEL-65117, RHEL-66520, RHEL-66836, RHEL-66855, RHEL-66968, RHEL-68365 Signed-off-by: Rado Vrbovsky --- Makefile.rhelver | 2 +- kernel.changelog | 151 +++++++++++++++++++++++++++++++++++++++++ kernel.spec | 158 +++++++++++++++++++++++++++++++++++++++++-- sources | 6 +- uki_addons.json | 30 ++++++++ uki_create_addons.py | 6 +- 6 files changed, 342 insertions(+), 11 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index cb76f63b2..9289eac2c 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 6 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 534 +RHEL_RELEASE = 535 # # ZSTREAM diff --git a/kernel.changelog b/kernel.changelog index ad2fe2aca..9ce576be3 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,154 @@ +* Wed Nov 27 2024 Rado Vrbovsky [5.14.0-535.el9] +- redhat: create 'crashkernel=' addons for UKI (Vitaly Kuznetsov) [RHEL-33051] +- redhat: avoid superfluous quotes in UKI cmdline addones (Vitaly Kuznetsov) [RHEL-33051] +- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y (Baoquan He) [RHEL-39727] +- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66855] {CVE-2024-50251} +- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66836] {CVE-2024-50226} +- fs/netfs/fscache_cookie: add missing "n_accesses" check (CKI Backport Bot) [RHEL-57214] {CVE-2024-45000} +- ACPI: sysfs: validate return type of _STR method (CKI Backport Bot) [RHEL-63262] {CVE-2024-49860} +- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CKI Backport Bot) [RHEL-65117] {CVE-2024-50073} +- ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-64453] {CVE-2024-49935} +- ext4: avoid use-after-free in ext4_ext_show_leaf() (CKI Backport Bot) [RHEL-64591] {CVE-2024-49889} +- kthread: unpark only parked kthread (Radostin Stoyanov) [RHEL-63788] {CVE-2024-50019} +- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66968] {CVE-2024-50192} +- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66968] {CVE-2024-50192} +- selftests: fib_nexthops: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] +- selftests: router_mpath_nh_res: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] +- selftests: router_mpath_nh: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] +- selftests: router_mpath: Sleep after MZ (Ivan Vecera) [RHEL-68365] +- net: nexthop: Increase weight to u16 (Ivan Vecera) [RHEL-68365] +- net: nexthop: Add flag to assert that NHGRP reserved fields are zero (Ivan Vecera) [RHEL-68365] +- mm, slub: avoid zeroing kmalloc redzone (Waiman Long) [RHEL-64035] {CVE-2024-49885} +- mm/slub: avoid zeroing outside-object freepointer for single free (Waiman Long) [RHEL-64035] +- slub, kasan: improve interaction of KASAN and slub_debug poisoning (Waiman Long) [RHEL-64035] +- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CKI Backport Bot) [RHEL-64518] {CVE-2024-49959} +- page_pool: export page_pool_disable_direct_recycling() (Felix Maurer) [RHEL-57765] +- page_pool: fix &page_pool_params kdoc issues (Felix Maurer) [RHEL-57765] +- xsk: use generic DMA sync shortcut instead of a custom one (Felix Maurer) [RHEL-57765] +- page_pool: check for DMA sync shortcut earlier (Felix Maurer) [RHEL-57765] +- page_pool: don't use driver-set flags field directly (Felix Maurer) [RHEL-57765] +- page_pool: make sure frag API fields don't span between cachelines (Felix Maurer) [RHEL-57765] +- page_pool: add DMA-sync-for-CPU inline helper (Felix Maurer) [RHEL-57765] +- page_pool: constify some read-only function arguments (Felix Maurer) [RHEL-57765] +- page_pool: try direct bulk recycling (Felix Maurer) [RHEL-57765] +- page_pool: check for PP direct cache locality later (Felix Maurer) [RHEL-57765] +- net: page_pool: factor out page_pool recycle check (Felix Maurer) [RHEL-57765] +- net: page_pool: fix recycle stats for system page_pool allocator (Felix Maurer) [RHEL-57765] +- page_pool: disable direct recycling based on pool->cpuid on destroy (Felix Maurer) [RHEL-57765] +- scsi: lpfc: Update lpfc version to 14.4.0.5 (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Support loopback tests with VMID enabled (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Remove trailing space after \n newline (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update lpfc version to 14.4.0.4 (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update PRLO handling in direct attached topology (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix unintentional double clearing of vmid_flag (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Remove redundant vport assignment when building an abort request (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update lpfc version to 14.4.0.3 (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (Dick Kennedy) [RHEL-53595] +- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (CKI Backport Bot) [RHEL-54875] {CVE-2024-43820} +- ACPI: PRM: Clean up guid type in struct prm_handler_info (Mark Langsdorf) [RHEL-66520] {CVE-2024-50141} +- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (CKI Backport Bot) [RHEL-66520] {CVE-2024-50141} +- ext4: force disable fscrypt feature (Brian Foster) [RHEL-41061] +- exfat: fix memory leak in exfat_load_bitmap() (CKI Backport Bot) [RHEL-63633] {CVE-2024-50013} +- nbd: fix race between timeout and normal completion (Ming Lei) [RHEL-55992] +- nfsd: map the EBADMSG to nfserr_io to avoid warning (Olga Kornievskaia) [RHEL-63586] {CVE-2024-49875} +- bpf: Use nla_ok() instead of checking nla_len directly (Petr Oros) [RHEL-57755] +- devlink: use kvzalloc() to allocate devlink instance resources (Petr Oros) [RHEL-57755] +- Documentation: Add documentation for eswitch attribute (Petr Oros) [RHEL-57755] +- devlink: fix port new reply cmd type (Petr Oros) [RHEL-57755] +- tools: ynl: add header guards for nlctrl (Petr Oros) [RHEL-57755] +- devlink: Add comments to use netlink gen tool (Petr Oros) [RHEL-57755] +- net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID (Petr Oros) [RHEL-57755] +- netlink: specs: support generating code for genl socket priv (Petr Oros) [RHEL-57755] +- tools: ynl: remove trailing semicolon (Petr Oros) [RHEL-57755] +- netlink: specs: support unterminated-ok (Petr Oros) [RHEL-57755] +- tools: ynl-gen: support using pre-defined values in attr checks (Petr Oros) [RHEL-57755] +- ynl: samples: fix recycling rate calculation (Petr Oros) [RHEL-57755] +- tools: ynl: Fix spelling mistake "Constructred" -> "Constructed" (Petr Oros) [RHEL-57755] +- doc/netlink/specs: Add spec for nlctrl netlink family (Petr Oros) [RHEL-57755] +- doc/netlink: Allow empty enum-name in ynl specs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add nest-type-value decoding (Petr Oros) [RHEL-57755] +- tools/net/ynl: Fix c codegen for array-nest (Petr Oros) [RHEL-57755] +- tools/net/ynl: Fix extack decoding for netlink-raw (Petr Oros) [RHEL-57755] +- tools: ynl: check for overflow of constructed messages (Petr Oros) [RHEL-57755] +- tools: ynl: add --dbg-small-recv for easier kernel testing (Petr Oros) [RHEL-57755] +- tools: ynl: support debug printing messages (Petr Oros) [RHEL-57755] +- tools: ynl: allow setting recv() size (Petr Oros) [RHEL-57755] +- tools: ynl: move the new line in NlMsg __repr__ (Petr Oros) [RHEL-57755] +- tools: ynl: remove __pycache__ during clean (Petr Oros) [RHEL-57755] +- tools: ynl: add distclean to .PHONY in all makefiles (Petr Oros) [RHEL-57755] +- tools: ynl: rename make hardclean -> distclean (Petr Oros) [RHEL-57755] +- genetlink: fit NLMSG_DONE into same read() as families (Petr Oros) [RHEL-57755] +- netdev: let netlink core handle -EMSGSIZE errors (Petr Oros) [RHEL-57755] +- netlink: handle EMSGSIZE errors in the core (Petr Oros) [RHEL-57755] +- tools: ynl: use MSG_DONTWAIT for getting notifications (Petr Oros) [RHEL-57755] +- tools: ynl: remove the libmnl dependency (Petr Oros) [RHEL-57755] +- tools: ynl: stop using mnl socket helpers (Petr Oros) [RHEL-57755] +- tools: ynl: switch away from MNL_CB_* (Petr Oros) [RHEL-57755] +- tools: ynl: switch away from mnl_cb_t (Petr Oros) [RHEL-57755] +- tools: ynl: stop using mnl_cb_run2() (Petr Oros) [RHEL-57755] +- tools: ynl: use ynl_sock_read_msgs() for ACK handling (Petr Oros) [RHEL-57755] +- tools: ynl: wrap recv() + mnl_cb_run2() into a single helper (Petr Oros) [RHEL-57755] +- tools: ynl-gen: remove unused parse code (Petr Oros) [RHEL-57755] +- tools: ynl: make yarg the first member of struct ynl_dump_state (Petr Oros) [RHEL-57755] +- tools: ynl: create local ARRAY_SIZE() helper (Petr Oros) [RHEL-57755] +- tools: ynl: create local nlmsg access helpers (Petr Oros) [RHEL-57755] +- tools: ynl: create local for_each helpers (Petr Oros) [RHEL-57755] +- tools: ynl: create local attribute helpers (Petr Oros) [RHEL-57755] +- tools: ynl: give up on libmnl for auto-ints (Petr Oros) [RHEL-57755] +- tools: ynl: protect from old OvS headers (Petr Oros) [RHEL-57755] +- tools: ynl: fix header guards (Petr Oros) [RHEL-57755] +- genetlink: make info in GENL_REQ_ATTR_CHECK() const (Petr Oros) [RHEL-57755] +- tools: ynl: allow user to pass enum string instead of scalar value (Petr Oros) [RHEL-57755] +- tools: ynl: process all scalar types encoding in single elif statement (Petr Oros) [RHEL-57755] +- tools: ynl: allow user to specify flag attr with bool values (Petr Oros) [RHEL-57755] +- tools: ynl: don't access uninitialized attr_space variable (Petr Oros) [RHEL-57755] +- tools: ynl: add support for encoding multi-attr (Petr Oros) [RHEL-57755] +- doc: netlink: specs: tc: add multi-attr to tc-taprio-sched-entry (Petr Oros) [RHEL-57755] +- tools: ynl: correct typo and docstring (Petr Oros) [RHEL-57755] +- Documentation: Fix counter name of mlx5 vnic reporter (Petr Oros) [RHEL-57755] +- net: make dev_unreg_count global (Petr Oros) [RHEL-57755] +- tools: ynl: auto-gen for all genetlink families (Petr Oros) [RHEL-57755] +- tools: ynl: generate code for ovs families (Petr Oros) [RHEL-57755] +- tools: ynl: include dpll and mptcp_pm in C codegen (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add type info to struct members in generated docs (Petr Oros) [RHEL-57755] +- doc/netlink: Describe nested structs in netlink raw docs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add support for nested structs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Move formatted_string method out of NlAttr (Petr Oros) [RHEL-57755] +- tools/net/ynl: Rename _fixed_header_size() to _struct_size() (Petr Oros) [RHEL-57755] +- tools/net/ynl: Combine struct decoding logic in ynl (Petr Oros) [RHEL-57755] +- tools/net/ynl: Encode default values for binary blobs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add support for encoding sub-messages (Petr Oros) [RHEL-57755] +- tools/net/ynl: Refactor fixed header encoding into separate method (Petr Oros) [RHEL-57755] +- doc/netlink: Describe sub-message selector resolution (Petr Oros) [RHEL-57755] +- tools/net/ynl: Support sub-messages in nested attribute spaces (Petr Oros) [RHEL-57755] +- netlink: Return unsigned value for nla_len() (Petr Oros) [RHEL-57755] +- tools: ynl: move private definitions to a separate header (Petr Oros) [RHEL-57755] +- tools: ynl: remove generated user space code from git (Petr Oros) [RHEL-57755] +- ice: document RDMA devlink parameters (Petr Oros) [RHEL-57755] +- tracing: devlink: Use static array for string in devlink_trap_report event (Petr Oros) [RHEL-57755] +- net: get rid of rtnl_lock_unregistering() (Petr Oros) [RHEL-57755] +- netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage. (Michal Schmidt) [RHEL-59089] +- locking/local_lock: Add local nested BH locking infrastructure. (Michal Schmidt) [RHEL-59089] +- locking/local_lock: Introduce guard definition for local_lock. (Michal Schmidt) [RHEL-59089] +- vhost_vdpa: assign irq bypass producer token correctly (Cindy Lu) [RHEL-63364] {CVE-2024-47748} +- nfsd: call cache_put if xdr_reserve_space returns NULL (Olga Kornievskaia) [RHEL-63382] {CVE-2024-47737} +Resolves: RHEL-33051, RHEL-39727, RHEL-41061, RHEL-53595, RHEL-54875, RHEL-55992, RHEL-57214, RHEL-57755, RHEL-57765, RHEL-59089, RHEL-63262, RHEL-63364, RHEL-63382, RHEL-63586, RHEL-63633, RHEL-63788, RHEL-64035, RHEL-64453, RHEL-64518, RHEL-64591, RHEL-65117, RHEL-66520, RHEL-66836, RHEL-66855, RHEL-66968, RHEL-68365 + * Mon Nov 25 2024 Rado Vrbovsky [5.14.0-534.el9] - block: fix integer overflow in BLKSECDISCARD (Ming Lei) [RHEL-64512] {CVE-2024-49994} - fsnotify: clear PARENT_WATCHED flags lazily (CKI Backport Bot) [RHEL-62134] {CVE-2024-47660} diff --git a/kernel.spec b/kernel.spec index 3f0713b9a..badc87c08 100755 --- a/kernel.spec +++ b/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 534 +%define pkgrelease 535 %define kversion 5 -%define tarfile_release 5.14.0-534.el9 +%define tarfile_release 5.14.0-535.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 534%{?buildid}%{?dist} +%define specrelease 535%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-534.el9 +%define kabiversion 5.14.0-535.el9 # # End of genspec.sh variables @@ -3813,6 +3813,156 @@ fi # # %changelog +* Wed Nov 27 2024 Rado Vrbovsky [5.14.0-535.el9] +- redhat: create 'crashkernel=' addons for UKI (Vitaly Kuznetsov) [RHEL-33051] +- redhat: avoid superfluous quotes in UKI cmdline addones (Vitaly Kuznetsov) [RHEL-33051] +- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y (Baoquan He) [RHEL-39727] +- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66855] {CVE-2024-50251} +- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66836] {CVE-2024-50226} +- fs/netfs/fscache_cookie: add missing "n_accesses" check (CKI Backport Bot) [RHEL-57214] {CVE-2024-45000} +- ACPI: sysfs: validate return type of _STR method (CKI Backport Bot) [RHEL-63262] {CVE-2024-49860} +- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CKI Backport Bot) [RHEL-65117] {CVE-2024-50073} +- ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-64453] {CVE-2024-49935} +- ext4: avoid use-after-free in ext4_ext_show_leaf() (CKI Backport Bot) [RHEL-64591] {CVE-2024-49889} +- kthread: unpark only parked kthread (Radostin Stoyanov) [RHEL-63788] {CVE-2024-50019} +- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66968] {CVE-2024-50192} +- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66968] {CVE-2024-50192} +- selftests: fib_nexthops: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] +- selftests: router_mpath_nh_res: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] +- selftests: router_mpath_nh: Test 16-bit next hop weights (Ivan Vecera) [RHEL-68365] +- selftests: router_mpath: Sleep after MZ (Ivan Vecera) [RHEL-68365] +- net: nexthop: Increase weight to u16 (Ivan Vecera) [RHEL-68365] +- net: nexthop: Add flag to assert that NHGRP reserved fields are zero (Ivan Vecera) [RHEL-68365] +- mm, slub: avoid zeroing kmalloc redzone (Waiman Long) [RHEL-64035] {CVE-2024-49885} +- mm/slub: avoid zeroing outside-object freepointer for single free (Waiman Long) [RHEL-64035] +- slub, kasan: improve interaction of KASAN and slub_debug poisoning (Waiman Long) [RHEL-64035] +- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CKI Backport Bot) [RHEL-64518] {CVE-2024-49959} +- page_pool: export page_pool_disable_direct_recycling() (Felix Maurer) [RHEL-57765] +- page_pool: fix &page_pool_params kdoc issues (Felix Maurer) [RHEL-57765] +- xsk: use generic DMA sync shortcut instead of a custom one (Felix Maurer) [RHEL-57765] +- page_pool: check for DMA sync shortcut earlier (Felix Maurer) [RHEL-57765] +- page_pool: don't use driver-set flags field directly (Felix Maurer) [RHEL-57765] +- page_pool: make sure frag API fields don't span between cachelines (Felix Maurer) [RHEL-57765] +- page_pool: add DMA-sync-for-CPU inline helper (Felix Maurer) [RHEL-57765] +- page_pool: constify some read-only function arguments (Felix Maurer) [RHEL-57765] +- page_pool: try direct bulk recycling (Felix Maurer) [RHEL-57765] +- page_pool: check for PP direct cache locality later (Felix Maurer) [RHEL-57765] +- net: page_pool: factor out page_pool recycle check (Felix Maurer) [RHEL-57765] +- net: page_pool: fix recycle stats for system page_pool allocator (Felix Maurer) [RHEL-57765] +- page_pool: disable direct recycling based on pool->cpuid on destroy (Felix Maurer) [RHEL-57765] +- scsi: lpfc: Update lpfc version to 14.4.0.5 (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Support loopback tests with VMID enabled (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Remove trailing space after \n newline (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update lpfc version to 14.4.0.4 (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update PRLO handling in direct attached topology (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix unintentional double clearing of vmid_flag (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Remove redundant vport assignment when building an abort request (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Update lpfc version to 14.4.0.3 (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (Dick Kennedy) [RHEL-53595] +- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (Dick Kennedy) [RHEL-53595] +- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (CKI Backport Bot) [RHEL-54875] {CVE-2024-43820} +- ACPI: PRM: Clean up guid type in struct prm_handler_info (Mark Langsdorf) [RHEL-66520] {CVE-2024-50141} +- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (CKI Backport Bot) [RHEL-66520] {CVE-2024-50141} +- ext4: force disable fscrypt feature (Brian Foster) [RHEL-41061] +- exfat: fix memory leak in exfat_load_bitmap() (CKI Backport Bot) [RHEL-63633] {CVE-2024-50013} +- nbd: fix race between timeout and normal completion (Ming Lei) [RHEL-55992] +- nfsd: map the EBADMSG to nfserr_io to avoid warning (Olga Kornievskaia) [RHEL-63586] {CVE-2024-49875} +- bpf: Use nla_ok() instead of checking nla_len directly (Petr Oros) [RHEL-57755] +- devlink: use kvzalloc() to allocate devlink instance resources (Petr Oros) [RHEL-57755] +- Documentation: Add documentation for eswitch attribute (Petr Oros) [RHEL-57755] +- devlink: fix port new reply cmd type (Petr Oros) [RHEL-57755] +- tools: ynl: add header guards for nlctrl (Petr Oros) [RHEL-57755] +- devlink: Add comments to use netlink gen tool (Petr Oros) [RHEL-57755] +- net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID (Petr Oros) [RHEL-57755] +- netlink: specs: support generating code for genl socket priv (Petr Oros) [RHEL-57755] +- tools: ynl: remove trailing semicolon (Petr Oros) [RHEL-57755] +- netlink: specs: support unterminated-ok (Petr Oros) [RHEL-57755] +- tools: ynl-gen: support using pre-defined values in attr checks (Petr Oros) [RHEL-57755] +- ynl: samples: fix recycling rate calculation (Petr Oros) [RHEL-57755] +- tools: ynl: Fix spelling mistake "Constructred" -> "Constructed" (Petr Oros) [RHEL-57755] +- doc/netlink/specs: Add spec for nlctrl netlink family (Petr Oros) [RHEL-57755] +- doc/netlink: Allow empty enum-name in ynl specs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add nest-type-value decoding (Petr Oros) [RHEL-57755] +- tools/net/ynl: Fix c codegen for array-nest (Petr Oros) [RHEL-57755] +- tools/net/ynl: Fix extack decoding for netlink-raw (Petr Oros) [RHEL-57755] +- tools: ynl: check for overflow of constructed messages (Petr Oros) [RHEL-57755] +- tools: ynl: add --dbg-small-recv for easier kernel testing (Petr Oros) [RHEL-57755] +- tools: ynl: support debug printing messages (Petr Oros) [RHEL-57755] +- tools: ynl: allow setting recv() size (Petr Oros) [RHEL-57755] +- tools: ynl: move the new line in NlMsg __repr__ (Petr Oros) [RHEL-57755] +- tools: ynl: remove __pycache__ during clean (Petr Oros) [RHEL-57755] +- tools: ynl: add distclean to .PHONY in all makefiles (Petr Oros) [RHEL-57755] +- tools: ynl: rename make hardclean -> distclean (Petr Oros) [RHEL-57755] +- genetlink: fit NLMSG_DONE into same read() as families (Petr Oros) [RHEL-57755] +- netdev: let netlink core handle -EMSGSIZE errors (Petr Oros) [RHEL-57755] +- netlink: handle EMSGSIZE errors in the core (Petr Oros) [RHEL-57755] +- tools: ynl: use MSG_DONTWAIT for getting notifications (Petr Oros) [RHEL-57755] +- tools: ynl: remove the libmnl dependency (Petr Oros) [RHEL-57755] +- tools: ynl: stop using mnl socket helpers (Petr Oros) [RHEL-57755] +- tools: ynl: switch away from MNL_CB_* (Petr Oros) [RHEL-57755] +- tools: ynl: switch away from mnl_cb_t (Petr Oros) [RHEL-57755] +- tools: ynl: stop using mnl_cb_run2() (Petr Oros) [RHEL-57755] +- tools: ynl: use ynl_sock_read_msgs() for ACK handling (Petr Oros) [RHEL-57755] +- tools: ynl: wrap recv() + mnl_cb_run2() into a single helper (Petr Oros) [RHEL-57755] +- tools: ynl-gen: remove unused parse code (Petr Oros) [RHEL-57755] +- tools: ynl: make yarg the first member of struct ynl_dump_state (Petr Oros) [RHEL-57755] +- tools: ynl: create local ARRAY_SIZE() helper (Petr Oros) [RHEL-57755] +- tools: ynl: create local nlmsg access helpers (Petr Oros) [RHEL-57755] +- tools: ynl: create local for_each helpers (Petr Oros) [RHEL-57755] +- tools: ynl: create local attribute helpers (Petr Oros) [RHEL-57755] +- tools: ynl: give up on libmnl for auto-ints (Petr Oros) [RHEL-57755] +- tools: ynl: protect from old OvS headers (Petr Oros) [RHEL-57755] +- tools: ynl: fix header guards (Petr Oros) [RHEL-57755] +- genetlink: make info in GENL_REQ_ATTR_CHECK() const (Petr Oros) [RHEL-57755] +- tools: ynl: allow user to pass enum string instead of scalar value (Petr Oros) [RHEL-57755] +- tools: ynl: process all scalar types encoding in single elif statement (Petr Oros) [RHEL-57755] +- tools: ynl: allow user to specify flag attr with bool values (Petr Oros) [RHEL-57755] +- tools: ynl: don't access uninitialized attr_space variable (Petr Oros) [RHEL-57755] +- tools: ynl: add support for encoding multi-attr (Petr Oros) [RHEL-57755] +- doc: netlink: specs: tc: add multi-attr to tc-taprio-sched-entry (Petr Oros) [RHEL-57755] +- tools: ynl: correct typo and docstring (Petr Oros) [RHEL-57755] +- Documentation: Fix counter name of mlx5 vnic reporter (Petr Oros) [RHEL-57755] +- net: make dev_unreg_count global (Petr Oros) [RHEL-57755] +- tools: ynl: auto-gen for all genetlink families (Petr Oros) [RHEL-57755] +- tools: ynl: generate code for ovs families (Petr Oros) [RHEL-57755] +- tools: ynl: include dpll and mptcp_pm in C codegen (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add type info to struct members in generated docs (Petr Oros) [RHEL-57755] +- doc/netlink: Describe nested structs in netlink raw docs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add support for nested structs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Move formatted_string method out of NlAttr (Petr Oros) [RHEL-57755] +- tools/net/ynl: Rename _fixed_header_size() to _struct_size() (Petr Oros) [RHEL-57755] +- tools/net/ynl: Combine struct decoding logic in ynl (Petr Oros) [RHEL-57755] +- tools/net/ynl: Encode default values for binary blobs (Petr Oros) [RHEL-57755] +- tools/net/ynl: Add support for encoding sub-messages (Petr Oros) [RHEL-57755] +- tools/net/ynl: Refactor fixed header encoding into separate method (Petr Oros) [RHEL-57755] +- doc/netlink: Describe sub-message selector resolution (Petr Oros) [RHEL-57755] +- tools/net/ynl: Support sub-messages in nested attribute spaces (Petr Oros) [RHEL-57755] +- netlink: Return unsigned value for nla_len() (Petr Oros) [RHEL-57755] +- tools: ynl: move private definitions to a separate header (Petr Oros) [RHEL-57755] +- tools: ynl: remove generated user space code from git (Petr Oros) [RHEL-57755] +- ice: document RDMA devlink parameters (Petr Oros) [RHEL-57755] +- tracing: devlink: Use static array for string in devlink_trap_report event (Petr Oros) [RHEL-57755] +- net: get rid of rtnl_lock_unregistering() (Petr Oros) [RHEL-57755] +- netfilter: br_netfilter: Use nested-BH locking for brnf_frag_data_storage. (Michal Schmidt) [RHEL-59089] +- locking/local_lock: Add local nested BH locking infrastructure. (Michal Schmidt) [RHEL-59089] +- locking/local_lock: Introduce guard definition for local_lock. (Michal Schmidt) [RHEL-59089] +- vhost_vdpa: assign irq bypass producer token correctly (Cindy Lu) [RHEL-63364] {CVE-2024-47748} +- nfsd: call cache_put if xdr_reserve_space returns NULL (Olga Kornievskaia) [RHEL-63382] {CVE-2024-47737} + * Mon Nov 25 2024 Rado Vrbovsky [5.14.0-534.el9] - block: fix integer overflow in BLKSECDISCARD (Ming Lei) [RHEL-64512] {CVE-2024-49994} - fsnotify: clear PARENT_WATCHED flags lazily (CKI Backport Bot) [RHEL-62134] {CVE-2024-47660} diff --git a/sources b/sources index 374dd1277..c6540bcc3 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-534.el9.tar.xz) = 300813ee446fead3d0cb775c40be3ccc005cc027575c7cf02e85d863e4dc2c2a0587a170c6c21455900fb0a7b3dada8a402a9d21bd02376e89ae75d5062ce35c -SHA512 (kernel-abi-stablelists-5.14.0-534.el9.tar.bz2) = 73d3aa685d7daed1ba989896c3462bb6f861ae7bbb29242e04d28d921bd7c807b4bcb9b9cd5c1c9ed26e36f01451a509b4177544c55ad2fd07d32515bbfb8a12 -SHA512 (kernel-kabi-dw-5.14.0-534.el9.tar.bz2) = 3d08f838767b27b87724fed347ce3be63fce15e5eded0576121c474d14db4a6d07895b350c635e343d5522ac237dfd982d1f39b8480c4129f4eb79f6a64115cb +SHA512 (linux-5.14.0-535.el9.tar.xz) = b091016d3cb6fc02d3461313cb46b1788b59ee32dcd7438156eb3979b7683a59e1a87fe6ec5de1a8ef84b3e11f96f86733149bcaf5dfc7562e844dcd5742a10e +SHA512 (kernel-abi-stablelists-5.14.0-535.el9.tar.bz2) = 4878ac6d4f54ce4cb011d25859a2b007e330252caf514fab432fe0c7574bdbf48bd621436d3288c084d36718cff6d37ff24e477661747760c14796ea8b61a954 +SHA512 (kernel-kabi-dw-5.14.0-535.el9.tar.bz2) = 3d08f838767b27b87724fed347ce3be63fce15e5eded0576121c474d14db4a6d07895b350c635e343d5522ac237dfd982d1f39b8480c4129f4eb79f6a64115cb diff --git a/uki_addons.json b/uki_addons.json index d82dc87d6..8c2aebc64 100644 --- a/uki_addons.json +++ b/uki_addons.json @@ -7,6 +7,36 @@ "fips-enable.addon": [ "fips=1\n" ] + }, + "rhel": { + "aarch64": { + "crashkernel-default.addon": [ + "crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M\n" + ] + } } + }, + "common": { + "crashkernel-1536M.addon": [ + "crashkernel=1536M\n" + ], + "crashkernel-192M.addon": [ + "crashkernel=192M\n" + ], + "crashkernel-1G.addon": [ + "crashkernel=1G\n" + ], + "crashkernel-256M.addon": [ + "crashkernel=256M\n" + ], + "crashkernel-2G.addon": [ + "crashkernel=2G\n" + ], + "crashkernel-512M.addon": [ + "crashkernel=512M\n" + ], + "crashkernel-default.addon": [ + "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n" + ] } } \ No newline at end of file diff --git a/uki_create_addons.py b/uki_create_addons.py index e30d43b2a..f94af88d5 100755 --- a/uki_create_addons.py +++ b/uki_create_addons.py @@ -126,10 +126,10 @@ def create_addons(out_dir): out_path = os.path.join(out_dir, uki_addon.name) cmd = [ f'{UKIFY_PATH}', 'build', - f'--cmdline="{uki_addon.cmdline}"', - f'--output={out_path}'] + '--cmdline', uki_addon.cmdline, + '--output', out_path] if addon_sbat_string: - cmd.append('--sbat="' + addon_sbat_string.rstrip() +'"') + cmd.extend(['--sbat', addon_sbat_string.rstrip()]) subprocess.check_call(cmd, text=True)