rpms/kernel
9
4
Fork 6
Code Issues Pull Requests Releases Activity

Debrand for AlmaLinux OS

Browse Source 
Use AlmaLinux OS secure boot cert

Enable Btrfs support for all kernel variants

hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024

megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024

qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024

qla4xxx: bring back deprecated PCI ids

be2iscsi: bring back deprecated PCI ids

kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
This commit is contained in:
Eduard Abdullin 2026-05-20 02:07:10 +00:00 committed by root
parent 6a2023aeef
commit 83e336f23d
27 changed files with 188 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
1100-xfrm-esp-avoid-in-place-decrypt-shared-skb-frags.patch
View File

@ -1,77 +0,0 @@
From: Andrew Lukoshko <alukoshko@almalinux.org>
Subject: [PATCH AlmaLinux 10] xfrm: esp: avoid in-place decrypt on shared skb frags
Direct cherry-pick of upstream commit f4c50a4034e6 for AlmaLinux 10
(6.12 kernel).
Verified to apply with `patch -p1 -F0` (no offset, no fuzz, no rejects)
against kernel-6.12.0-124.55.1.el10_1.
ESP-in-UDP packets built from MSG_SPLICE_PAGES (pipe pages) look like
ordinary uncloned nonlinear skbs to ESP input, which takes the no-COW
fast path and decrypts in place over data that is not owned privately
by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG
matching TCP, and make ESP input fall back to skb_cow_data() when the
flag is present.
Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
Fixes: 7da0dde68486 ("ip, udp: Support MSG_SPLICE_PAGES")
Fixes: 6d8192bd69bb ("ip6, udp6: Support MSG_SPLICE_PAGES")
(cherry picked from commit f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4)
Signed-off-by: Andrew Lukoshko <alukoshko@almalinux.org>
---
net/ipv4/esp4.c | 3 ++-
net/ipv4/ip_output.c | 2 ++
net/ipv6/esp6.c | 3 ++-
net/ipv6/ip6_output.c | 2 ++
4 files changed, 8 insertions(+), 2 deletions(-)
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -908,7 +908,8 @@
nfrags = 1;
goto skip_cow;
- } else if (!skb_has_frag_list(skb)) {
+ } else if (!skb_has_frag_list(skb) &&
+ !skb_has_shared_frag(skb)) {
nfrags = skb_shinfo(skb)->nr_frags;
nfrags++;
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1236,6 +1236,8 @@
if (err < 0)
goto error;
copy = err;
+ if (!(flags & MSG_NO_SHARED_FRAGS))
+ skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
wmem_alloc_delta += copy;
} else if (!zc) {
int i = skb_shinfo(skb)->nr_frags;
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -950,7 +950,8 @@
nfrags = 1;
goto skip_cow;
- } else if (!skb_has_frag_list(skb)) {
+ } else if (!skb_has_frag_list(skb) &&
+ !skb_has_shared_frag(skb)) {
nfrags = skb_shinfo(skb)->nr_frags;
nfrags++;
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1769,6 +1769,8 @@
if (err < 0)
goto error;
copy = err;
+ if (!(flags & MSG_NO_SHARED_FRAGS))
+ skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
wmem_alloc_delta += copy;
} else if (!zc) {
int i = skb_shinfo(skb)->nr_frags;
--
2.43.0

69
1101-rxrpc-linearize-paged-frags.patch
View File

@ -1,69 +0,0 @@
From: Andrew Lukoshko <alukoshko@almalinux.org>
Subject: [PATCH AlmaLinux 10] rxrpc: linearize incoming DATA packet when it has paged frags
AlmaLinux-specific backport of the intent of the upstream rxrpc fix
posted at https://lore.kernel.org/all/afKV2zGR6rrelPC7@v4bel/ for the
"Dirty Frag" class of bugs (sibling to upstream commit f4c50a4034e6 in
the ESP/xfrm subsystem).
The upstream patch can not be cherry-picked against this 6.12 tree:
its target lines were introduced by upstream commit d0d5c0cd1e71
("rxrpc: Use skb_unshare() rather than skb_cow_data()") which is not
present here. The age-equivalent code path on AlmaLinux 10 is the
centralized skb_unshare() in net/rxrpc/io_thread.c that is run for
every DATA packet with a non-zero securityIndex before in-place
decryption.
skb_unshare() only handles cloned skbs. An skb that is non-cloned but
carries paged fragments (skb->data_len != 0) — e.g. pages attached via
udp_sendpage() / splice() / MSG_SPLICE_PAGES on a UDP socket carrying
rxrpc traffic — slips through and is decrypted in place over data the
skb does not own privately. With kernel-modules-partner installed
(rxrpc.ko enabled), this is exploitable.
Replace the unconditional skb_unshare() with skb_copy() whenever the
skb is cloned OR carries paged fragments. skb_copy() always returns a
freshly allocated linear skb, so subsequent in-place decryption only
touches kernel-owned memory. The original skb is consumed explicitly
(skb_unshare did this internally via consume_skb()).
Verified to apply with `patch -p1 -F0` (no offset, no fuzz, no
rejects) against kernel-6.12.0-124.55.1.el10_1.
Fixes: cac2661c53f3 ("rxrpc: Use skb_cow_data() in rxrpc_recvmsg_data()")
Signed-off-by: Andrew Lukoshko <alukoshko@almalinux.org>
---
net/rxrpc/io_thread.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/net/rxrpc/io_thread.c
+++ b/net/rxrpc/io_thread.c
@@ -235,16 +235,18 @@
* decryption.
*/
if (sp->hdr.securityIndex != 0) {
- skb = skb_unshare(skb, GFP_ATOMIC);
- if (!skb) {
- rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare_nomem);
- *_skb = NULL;
- return just_discard;
- }
+ if (skb_cloned(skb) || skb->data_len) {
+ struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
+
+ if (!nskb) {
+ rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare_nomem);
+ return just_discard;
+ }
- if (skb != *_skb) {
rxrpc_eaten_skb(*_skb, rxrpc_skb_eaten_by_unshare);
- *_skb = skb;
+ consume_skb(*_skb);
+ *_skb = nskb;
+ skb = nskb;
rxrpc_new_skb(skb, rxrpc_skb_new_unshared);
sp = rxrpc_skb(skb);
}
--
2.43.0

105
1102-net-skbuff-propagate-shared-frag-marker.patch
View File

@ -1,105 +0,0 @@
From: Eduard Abdullin <eabdullin@almalinux.org>
Subject: [PATCH AlmaLinux 10] net: skbuff: propagate shared-frag marker through frag-transfer helpers
Backport of upstream v3 patch posted at
https://lore.kernel.org/all/agW4vC0r8QOUKtRT@v4bel/
(sibling to upstream commit f4c50a4034e6 "xfrm: esp: avoid in-place
decrypt on shared skb frags").
Three frag-transfer helpers (__pskb_copy_fclone(), skb_try_coalesce(),
and skb_shift()) and the GRO accumulator helpers (skb_gro_receive()
and skb_gro_receive_list()) fail to propagate the SKBFL_SHARED_FRAG
bit in skb_shinfo()->flags when moving frag descriptors from source
to destination. As a result, the destination skb keeps a reference
to the same externally-owned or page-cache-backed pages while
reporting skb_has_shared_frag() as false.
The mismatch is harmful in any in-place writer that uses
skb_has_shared_frag() to decide whether shared pages must be detoured
through skb_cow_data(). ESP input is one such writer (esp4.c,
esp6.c). Combined with an nft 'dup to <local>' rule, an
nf_dup_ipv4() / xt_TEE caller, or ESP-over-UDP with UDP GRO, this
lets an unprivileged user write into the page cache of a root-owned
read-only file via authencesn-ESN stray writes (CVE-2026-46300,
"Fragnesia").
Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors
were actually moved from the source. skb_copy() and skb_copy_expand()
share skb_copy_header() too but linearize all paged data into freshly
allocated head storage and emerge with nr_frags == 0, so
skb_has_shared_frag() returns false on its own; they need no change.
The same omission exists in skb_gro_receive() and
skb_gro_receive_list(). The former moves the incoming skb's frag
descriptors into the accumulator's last sub-skb via two paths plus a
"merge:" fallback that chains the whole skb onto frag_list; the
latter chains the incoming skb whole onto p's frag_list. Downstream
skb_segment() reads only skb_shinfo(p)->flags, and skb_segment_list()
reuses each sub-skb's shinfo as the nskb -- both p and lp must carry
the marker.
Fixes: cef401de7be8 ("net: fix possible wrong checksum generation")
Fixes: f4c50a4034e6 ("xfrm: esp: avoid in-place decrypt on shared skb frags")
Reported-by: Sultan Alsawaf <sultan@kerneltoast.com>
Reported-by: William Bowling <vakzz@zellic.io>
Reported-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Eduard Abdullin <eabdullin@almalinux.org>
---
net/core/gro.c | 4 ++++
net/core/skbuff.c | 5 +++++
2 files changed, 9 insertions(+)
--- a/net/core/gro.c
+++ b/net/core/gro.c
@@ -213,10 +213,12 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb)
p->data_len += len;
p->truesize += delta_truesize;
p->len += len;
+ skb_shinfo(p)->flags |= skbinfo->flags & SKBFL_SHARED_FRAG;
if (lp != p) {
lp->data_len += len;
lp->truesize += delta_truesize;
lp->len += len;
+ skb_shinfo(lp)->flags |= skbinfo->flags & SKBFL_SHARED_FRAG;
}
NAPI_GRO_CB(skb)->same_flow = 1;
return 0;
@@ -244,6 +246,8 @@ int skb_gro_receive_list(struct sk_buff *p, struct sk_buff *skb)
p->truesize += skb->truesize;
p->len += skb->len;
+ skb_shinfo(p)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
+
NAPI_GRO_CB(skb)->same_flow = 1;
return 0;
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2123,6 +2123,7 @@ struct sk_buff *__pskb_copy_fclone(struct sk_buff *skb, int headroom,
skb_frag_ref(skb, i);
}
skb_shinfo(n)->nr_frags = i;
+ skb_shinfo(n)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
}
if (skb_has_frag_list(skb)) {
@@ -4198,6 +4199,8 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
tgt->ip_summed = CHECKSUM_PARTIAL;
skb->ip_summed = CHECKSUM_PARTIAL;
+ skb_shinfo(tgt)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
+
skb_len_add(skb, -shiftlen);
skb_len_add(tgt, shiftlen);
@@ -6028,6 +6031,8 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
from_shinfo->frags,
from_shinfo->nr_frags * sizeof(skb_frag_t));
to_shinfo->nr_frags += from_shinfo->nr_frags;
+ if (from_shinfo->nr_frags)
+ to_shinfo->flags |= from_shinfo->flags & SKBFL_SHARED_FRAG;
if (!skb_cloned(from))
from_shinfo->nr_frags = 0;
--
2.43.0

55
1103-ptrace-require-cap-on-mm-less-task.patch
View File

@ -1,55 +0,0 @@
From: Andrew Lukoshko <alukoshko@almalinux.org>
Subject: [PATCH AlmaLinux 10s] ptrace: require CAP_SYS_PTRACE when task has no mm
kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd
("ptrace: slightly saner 'get_dumpable()' logic") posted at
https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
The upstream fix adds a 'user_dumpable:1' bit to task_struct and
caches the last dumpability in exit_mm() so __ptrace_may_access()
can require CAP_SYS_PTRACE when the target has no mm (e.g. kernel
threads or already-exited user tasks). That layout change to
task_struct breaks kABI on AlmaLinux 10s (the symtype
signature of struct task_struct is referenced by hundreds of
stablelist exports), so we cannot import the field/exit_mm hunks
as-is.
Take the minimal kABI-safe slice instead: when task->mm == NULL,
require CAP_SYS_PTRACE in init_user_ns unconditionally. This closes
the Qualys Security Advisory hole -- mm-less targets no longer pass
the dumpability check by default -- without touching task_struct or
exit.c. The only behavioural delta versus upstream is that a user
task that has already cleared its mm in exit_mm() (a dying/zombie
task) now also requires CAP_SYS_PTRACE to attach, instead of being
remembered as previously dumpable. Such targets are rarely ptraced
in practice.
Verified to apply with `patch -p1 -F0` (no offset, no fuzz, no rejects)
against kernel-6.12.0-227.el10.
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Andrew Lukoshko <alukoshko@almalinux.org>
---
kernel/ptrace.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -339,8 +339,11 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
smp_rmb();
mm = task->mm;
- if (mm &&
- ((get_dumpable(mm) != SUID_DUMP_USER) &&
- !ptrace_has_cap(mm->user_ns, mode)))
- return -EPERM;
+ if (mm) {
+ if ((get_dumpable(mm) != SUID_DUMP_USER) &&
+ !ptrace_has_cap(mm->user_ns, mode))
+ return -EPERM;
+ } else if (!ptrace_has_cap(&init_user_ns, mode)) {
+ return -EPERM;
+ }
return security_ptrace_access_check(task, mode);
--
2.43.0

2
Makefile.rhelver
View File

@ -12,7 +12,7 @@ RHEL_MINOR = 3
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 228
RHEL_RELEASE = 229
#
# RHEL_REBASE_NUM

1
kernel-aarch64-64k-debug-rhel.config
View File

@ -1485,6 +1485,7 @@ CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-64k-rhel.config
View File

@ -1477,6 +1477,7 @@ CONFIG_DEBUG_SHIRQ=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-debug-rhel.config
View File

@ -1483,6 +1483,7 @@ CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-rhel.config
View File

@ -1475,6 +1475,7 @@ CONFIG_DEBUG_SHIRQ=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-rt-64k-debug-rhel.config
View File

@ -1487,6 +1487,7 @@ CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-rt-64k-rhel.config
View File

@ -1479,6 +1479,7 @@ CONFIG_DEBUG_SHIRQ=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-rt-debug-rhel.config
View File

@ -1485,6 +1485,7 @@ CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-aarch64-rt-rhel.config
View File

@ -1477,6 +1477,7 @@ CONFIG_DEBUG_SHIRQ=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-ppc64le-debug-rhel.config
View File

@ -1236,6 +1236,7 @@ CONFIG_DEBUG_STACKOVERFLOW=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
# CONFIG_DEBUG_VM_PGFLAGS is not set

1
kernel-ppc64le-rhel.config
View File

@ -1228,6 +1228,7 @@ CONFIG_DEBUG_STACKOVERFLOW=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-riscv64-debug-rhel.config
View File

@ -1245,6 +1245,7 @@ CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
# CONFIG_DEBUG_VM_PGFLAGS is not set

1
kernel-riscv64-rhel.config
View File

@ -1237,6 +1237,7 @@ CONFIG_DEBUG_SHIRQ=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

3
kernel-s390x-debug-rhel.config
View File

@ -1241,6 +1241,7 @@ CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
# CONFIG_DEBUG_VM_PGFLAGS is not set
@ -5432,7 +5433,7 @@ CONFIG_SCHED_TOPOLOGY_VERTICAL=y
CONFIG_SCHED_TOPOLOGY=y
CONFIG_SCHED_TRACER=y
CONFIG_SCLP_CONSOLE=y
# CONFIG_SCLP_OFB is not set
CONFIG_SCLP_OFB=y
CONFIG_SCLP_TTY=y
CONFIG_SCLP_VT220_CONSOLE=y
CONFIG_SCLP_VT220_TTY=y

3
kernel-s390x-rhel.config
View File

@ -1233,6 +1233,7 @@ CONFIG_DEBUG_SHIRQ=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
@ -5410,7 +5411,7 @@ CONFIG_SCHED_TOPOLOGY_VERTICAL=y
CONFIG_SCHED_TOPOLOGY=y
CONFIG_SCHED_TRACER=y
CONFIG_SCLP_CONSOLE=y
# CONFIG_SCLP_OFB is not set
CONFIG_SCLP_OFB=y
CONFIG_SCLP_TTY=y
CONFIG_SCLP_VT220_CONSOLE=y
CONFIG_SCLP_VT220_TTY=y

3
kernel-s390x-zfcpdump-rhel.config
View File

@ -1234,6 +1234,7 @@ CONFIG_DEBUG_SECTION_MISMATCH=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
@ -5424,7 +5425,7 @@ CONFIG_SCHED_TOPOLOGY_VERTICAL=y
CONFIG_SCHED_TOPOLOGY=y
CONFIG_SCHED_TRACER=y
CONFIG_SCLP_CONSOLE=y
# CONFIG_SCLP_OFB is not set
CONFIG_SCLP_OFB=y
CONFIG_SCLP_TTY=y
CONFIG_SCLP_VT220_CONSOLE=y
CONFIG_SCLP_VT220_TTY=y

1
kernel-x86_64-debug-rhel.config
View File

@ -1305,6 +1305,7 @@ CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
# CONFIG_DEBUG_VM_PGFLAGS is not set

1
kernel-x86_64-rhel.config
View File

@ -1297,6 +1297,7 @@ CONFIG_DEBUG_STACKOVERFLOW=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

1
kernel-x86_64-rt-debug-rhel.config
View File

@ -1307,6 +1307,7 @@ CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set
# CONFIG_DEBUG_VM_PGFLAGS is not set

1
kernel-x86_64-rt-rhel.config
View File

@ -1299,6 +1299,7 @@ CONFIG_DEBUG_STACKOVERFLOW=y
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_DEBUG_VFS is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_MAPLE_TREE is not set

78
kernel.changelog
View File

@ -1,3 +1,81 @@
* Mon May 18 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-229.el10]
- ptrace: slightly saner 'get_dumpable()' logic (Ricardo Robaina) [RHEL-176448] {CVE-2026-46333}
- mm/page_alloc: clear page->private in free_pages_prepare() (Rafael Aquini) [RHEL-174757] {CVE-2026-43303}
- mm: thp: deny THP for files on anonymous inodes (Rafael Aquini) [RHEL-171616] {CVE-2026-23375}
- anon_inode: rework assertions (Rafael Aquini) [RHEL-171616]
- vfs: use the new debug macros in inode_set_cached_link() (Rafael Aquini) [RHEL-171616]
- vfs: catch invalid modes in may_open() (Rafael Aquini) [RHEL-171616]
- vfs: add initial support for CONFIG_DEBUG_VFS (Rafael Aquini) [RHEL-171616]
- fs: add S_ANON_INODE (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add open() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add exec() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add chmod() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add chown() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests: add file SLAB_TYPESAFE_BY_RCU recycling stressor (Rafael Aquini) [RHEL-171616]
- anon_inode: raise SB_I_NODEV and SB_I_NOEXEC (Rafael Aquini) [RHEL-171616]
- pidfs: use anon_inode_setattr() (Rafael Aquini) [RHEL-171616]
- anon_inode: explicitly block ->setattr() (Rafael Aquini) [RHEL-171616]
- pidfs: use anon_inode_getattr() (Rafael Aquini) [RHEL-171616]
- anon_inode: use a proper mode internally (Rafael Aquini) [RHEL-171616]
- coccinelle: kmalloc_obj: Remove default GFP_KERNEL arg (Michal Schmidt) [RHEL-174796]
- default_gfp(): avoid using the "newfangled" __VA_OPT__ trick (Michal Schmidt) [RHEL-174796]
- add default_gfp() helper macro and use it in the new *alloc_obj() helpers (Michal Schmidt) [RHEL-174796]
- coccinelle: Add kmalloc_objs conversion script (Michal Schmidt) [RHEL-174796]
- slab.h: disable completely broken overflow handling in flex allocations (Michal Schmidt) [RHEL-174796]
- slab: Introduce kmalloc_flex() and family (Michal Schmidt) [RHEL-174796]
- compiler_types: Introduce __flex_counter() and family (Michal Schmidt) [RHEL-174796]
- checkpatch: Suggest kmalloc_obj family for sizeof allocations (Michal Schmidt) [RHEL-174796]
- slab: Introduce kmalloc_obj() and family (Michal Schmidt) [RHEL-174796]
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (David Marlin) [RHEL-172460]
- Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (David Marlin) [RHEL-172460 RHEL-172865] {CVE-2026-31772}
- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (David Marlin) [RHEL-172460]
- Bluetooth: SMP: force responder MITM requirements before building the pairing response (David Marlin) [RHEL-172460]
- Bluetooth: MGMT: validate mesh send advertising payload length (David Marlin) [RHEL-172460]
- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (David Marlin) [RHEL-172460]
- Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (David Marlin) [RHEL-172460]
- Bluetooth: MGMT: validate LTK enc_size on load (David Marlin) [RHEL-172460 RHEL-172580] {CVE-2026-43020}
- Bluetooth: hci_h4: Fix race during initialization (David Marlin) [RHEL-172460]
- Bluetooth: hci_event: move wake reason storage into validated event handlers (David Marlin) [RHEL-172460]
- Bluetooth: SCO: fix race conditions in sco_sock_connect() (David Marlin) [RHEL-172460 RHEL-172607] {CVE-2026-43023}
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (David Marlin) [RHEL-172460]
- Bluetooth: hci_sync: annotate data-races around hdev->req_status (David Marlin) [RHEL-172460]
- Bluetooth: hci_qca: Migrate to serdev specific shutdown function (David Marlin) [RHEL-172460]
- Bluetooth: hci_aml: Migrate to serdev specific shutdown function (David Marlin) [RHEL-172460]
- Bluetooth: hci_qca: Enable HFP hardware offload for WCN6855 and WCN7850 (David Marlin) [RHEL-172460]
- Bluetooth: hci_qca: Refactor HFP hardware offload capability handling (David Marlin) [RHEL-172460]
- Bluetooth: btusb: Remove duplicate entry for 0x13d3/0x3618 (David Marlin) [RHEL-172460]
- Bluetooth: btintel: Remove unneeded CONFIG_PM* #ifdef's (David Marlin) [RHEL-172460]
- Bluetooth: btnxpuart: Remove unneeded CONFIG_PM ifdef (David Marlin) [RHEL-172460]
- Bluetooth: btintel_pcie: Remove unnecessary check before kfree_skb() (David Marlin) [RHEL-172460]
- Bluetooth: btusb: Reject autosuspend if discovery is active (David Marlin) [RHEL-172460]
- Bluetooth: hci_core: Export hci_discovery_active (David Marlin) [RHEL-172460]
- Bluetooth: btusb: Use pm_ptr instead of #ifdef CONFIG_PM (David Marlin) [RHEL-172460]
- Bluetooth: Fix using PHYs bitfields as PHY value (David Marlin) [RHEL-172460]
- Bluetooth: btqca: Add WCN6855 firmware priority selection feature (David Marlin) [RHEL-172460]
- Bluetooth: btqca: move WCN7850 workaround to the caller (David Marlin) [RHEL-172460]
- Bluetooth: btmtksdio: Use pm_ptr instead of #ifdef CONFIG_PM (David Marlin) [RHEL-172460]
- Bluetooth: hci_bcm4377: Use generic power management (David Marlin) [RHEL-172460]
- xfrm: esp: avoid in-place decrypt on shared skb frags (CKI Backport Bot) [RHEL-174522] {CVE-2026-43284}
- redhat/configs: enable CONFIG_SCLP_OFB for s390x (Jan Polensky) [RHEL-170705]
- iommu/arm-smmu-v3: Fix typos introduced by arm_smmu_invs (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Do not continue in __arm_smmu_domain_inv_range() (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Perform per-domain invalidations using arm_smmu_invs (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Add arm_smmu_invs based arm_smmu_domain_inv_range() (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Populate smmu_domain->invs when attaching masters (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Pre-allocate a per-master invalidation array (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Introduce a per-domain arm_smmu_invs array (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Add an inline arm_smmu_domain_free() (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Explicitly set smmu_domain->stage for SVA (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Add a missing dma_wmb() for hitless STE update (Jerry Snitselaar) [RHEL-88961]
- sort.h: hoist cmp_int() into generic header file (Jerry Snitselaar) [RHEL-88961]
- lib/sort.c: add _nonatomic() variants with cond_resched() (Jerry Snitselaar) [RHEL-88961]
- lib/list_sort: clarify comparison function requirements in list_sort() (Jerry Snitselaar) [RHEL-88961]
- lib/sort: clarify comparison function requirements in sort_r() (Jerry Snitselaar) [RHEL-88961]
- cgroup/cpuset: Skip security check for hotplug induced v1 task migration (Waiman Long) [RHEL-160958]
- cgroup/cpuset: Simplify setsched decision check in task iteration loop of cpuset_can_attach() (Waiman Long) [RHEL-160958]
- blk-cgroup: wait for blkcg cleanup before initializing new disk (Ming Lei) [RHEL-93825]
Resolves: RHEL-160958, RHEL-170705, RHEL-171616, RHEL-172460, RHEL-172580, RHEL-172607, RHEL-172865, RHEL-174522, RHEL-174757, RHEL-174796, RHEL-176448, RHEL-88961, RHEL-93825
* Thu May 14 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-228.el10]
- dpaa2-switch: validate num_ifs to prevent out-of-bounds write (CKI Backport Bot) [RHEL-174253] {CVE-2026-43205}
- dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero (CKI Backport Bot) [RHEL-174253] {CVE-2026-43205}

105
kernel.spec
View File

@ -179,15 +179,15 @@ Summary: The Linux kernel
%define specrpmversion 6.12.0
%define specversion 6.12.0
%define patchversion 6.12
%define pkgrelease 228
%define pkgrelease 229
%define kversion 6
%define tarfile_release 6.12.0-228.el10
%define tarfile_release 6.12.0-229.el10
# This is needed to do merge window version magic
%define patchlevel 12
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 228%{?buildid}%{?dist}
%define specrelease 229%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 6.12.0-228.el10
%define kabiversion 6.12.0-229.el10
# If this variable is set to 1, a bpf selftests build failure will cause a
# fatal kernel package build error
@ -1143,10 +1143,6 @@ Patch2007: 0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
Patch2008: 0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch
Patch2009: 0009-Bring-back-deprecated-pci-ids-to-mpt3sas-driver.patch
Patch2010: 0001-Keep-fs-btrfs-files-in-modules-package.patch
Patch1100: 1100-xfrm-esp-avoid-in-place-decrypt-shared-skb-frags.patch
Patch1101: 1101-rxrpc-linearize-paged-frags.patch
Patch1102: 1102-net-skbuff-propagate-shared-frag-marker.patch
Patch1103: 1103-ptrace-require-cap-on-mm-less-task.patch
# END OF PATCH DEFINITIONS
@ -2042,10 +2038,6 @@ ApplyPatch 0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
ApplyPatch 0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch
ApplyPatch 0009-Bring-back-deprecated-pci-ids-to-mpt3sas-driver.patch
ApplyPatch 0001-Keep-fs-btrfs-files-in-modules-package.patch
ApplyPatch 1100-xfrm-esp-avoid-in-place-decrypt-shared-skb-frags.patch
ApplyPatch 1101-rxrpc-linearize-paged-frags.patch
ApplyPatch 1102-net-skbuff-propagate-shared-frag-marker.patch
ApplyPatch 1103-ptrace-require-cap-on-mm-less-task.patch
%{log_msg "End of patch applications"}
# END OF PATCH APPLICATIONS
@ -4560,20 +4552,14 @@ fi\
#
#
%changelog
* Tue May 19 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-228
- xfrm: esp: avoid in-place decrypt on shared skb frags (CVE-2026-43284)
- rxrpc: linearize incoming DATA packet when it has paged frags (CVE-2026-43500)
- net: skbuff: propagate shared-frag marker through frag-transfer helpers
- ptrace: require CAP_SYS_PTRACE on mm-less tasks (kABI-safe Qualys fix)
* Sat May 16 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-228
* Wed May 20 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-229
- Debrand for AlmaLinux OS
- Use AlmaLinux OS secure boot cert
* Sat May 16 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-228
* Wed May 20 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-229
- Enable Btrfs support for all kernel variants
* Sat May 16 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-228
* Wed May 20 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-229
- hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
- mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
- megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@ -4583,6 +4569,83 @@ fi\
- kernel/rh_messages.h: enable all disabled pci devices by moving to
unmaintained
* Mon May 18 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-229.el10]
- ptrace: slightly saner 'get_dumpable()' logic (Ricardo Robaina) [RHEL-176448] {CVE-2026-46333}
- mm/page_alloc: clear page->private in free_pages_prepare() (Rafael Aquini) [RHEL-174757] {CVE-2026-43303}
- mm: thp: deny THP for files on anonymous inodes (Rafael Aquini) [RHEL-171616] {CVE-2026-23375}
- anon_inode: rework assertions (Rafael Aquini) [RHEL-171616]
- vfs: use the new debug macros in inode_set_cached_link() (Rafael Aquini) [RHEL-171616]
- vfs: catch invalid modes in may_open() (Rafael Aquini) [RHEL-171616]
- vfs: add initial support for CONFIG_DEBUG_VFS (Rafael Aquini) [RHEL-171616]
- fs: add S_ANON_INODE (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add open() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add exec() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add chmod() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests/filesystems: add chown() test for anonymous inodes (Rafael Aquini) [RHEL-171616]
- selftests: add file SLAB_TYPESAFE_BY_RCU recycling stressor (Rafael Aquini) [RHEL-171616]
- anon_inode: raise SB_I_NODEV and SB_I_NOEXEC (Rafael Aquini) [RHEL-171616]
- pidfs: use anon_inode_setattr() (Rafael Aquini) [RHEL-171616]
- anon_inode: explicitly block ->setattr() (Rafael Aquini) [RHEL-171616]
- pidfs: use anon_inode_getattr() (Rafael Aquini) [RHEL-171616]
- anon_inode: use a proper mode internally (Rafael Aquini) [RHEL-171616]
- coccinelle: kmalloc_obj: Remove default GFP_KERNEL arg (Michal Schmidt) [RHEL-174796]
- default_gfp(): avoid using the "newfangled" __VA_OPT__ trick (Michal Schmidt) [RHEL-174796]
- add default_gfp() helper macro and use it in the new *alloc_obj() helpers (Michal Schmidt) [RHEL-174796]
- coccinelle: Add kmalloc_objs conversion script (Michal Schmidt) [RHEL-174796]
- slab.h: disable completely broken overflow handling in flex allocations (Michal Schmidt) [RHEL-174796]
- slab: Introduce kmalloc_flex() and family (Michal Schmidt) [RHEL-174796]
- compiler_types: Introduce __flex_counter() and family (Michal Schmidt) [RHEL-174796]
- checkpatch: Suggest kmalloc_obj family for sizeof allocations (Michal Schmidt) [RHEL-174796]
- slab: Introduce kmalloc_obj() and family (Michal Schmidt) [RHEL-174796]
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (David Marlin) [RHEL-172460]
- Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (David Marlin) [RHEL-172460 RHEL-172865] {CVE-2026-31772}
- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (David Marlin) [RHEL-172460]
- Bluetooth: SMP: force responder MITM requirements before building the pairing response (David Marlin) [RHEL-172460]
- Bluetooth: MGMT: validate mesh send advertising payload length (David Marlin) [RHEL-172460]
- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (David Marlin) [RHEL-172460]
- Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (David Marlin) [RHEL-172460]
- Bluetooth: MGMT: validate LTK enc_size on load (David Marlin) [RHEL-172460 RHEL-172580] {CVE-2026-43020}
- Bluetooth: hci_h4: Fix race during initialization (David Marlin) [RHEL-172460]
- Bluetooth: hci_event: move wake reason storage into validated event handlers (David Marlin) [RHEL-172460]
- Bluetooth: SCO: fix race conditions in sco_sock_connect() (David Marlin) [RHEL-172460 RHEL-172607] {CVE-2026-43023}
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (David Marlin) [RHEL-172460]
- Bluetooth: hci_sync: annotate data-races around hdev->req_status (David Marlin) [RHEL-172460]
- Bluetooth: hci_qca: Migrate to serdev specific shutdown function (David Marlin) [RHEL-172460]
- Bluetooth: hci_aml: Migrate to serdev specific shutdown function (David Marlin) [RHEL-172460]
- Bluetooth: hci_qca: Enable HFP hardware offload for WCN6855 and WCN7850 (David Marlin) [RHEL-172460]
- Bluetooth: hci_qca: Refactor HFP hardware offload capability handling (David Marlin) [RHEL-172460]
- Bluetooth: btusb: Remove duplicate entry for 0x13d3/0x3618 (David Marlin) [RHEL-172460]
- Bluetooth: btintel: Remove unneeded CONFIG_PM* #ifdef's (David Marlin) [RHEL-172460]
- Bluetooth: btnxpuart: Remove unneeded CONFIG_PM ifdef (David Marlin) [RHEL-172460]
- Bluetooth: btintel_pcie: Remove unnecessary check before kfree_skb() (David Marlin) [RHEL-172460]
- Bluetooth: btusb: Reject autosuspend if discovery is active (David Marlin) [RHEL-172460]
- Bluetooth: hci_core: Export hci_discovery_active (David Marlin) [RHEL-172460]
- Bluetooth: btusb: Use pm_ptr instead of #ifdef CONFIG_PM (David Marlin) [RHEL-172460]
- Bluetooth: Fix using PHYs bitfields as PHY value (David Marlin) [RHEL-172460]
- Bluetooth: btqca: Add WCN6855 firmware priority selection feature (David Marlin) [RHEL-172460]
- Bluetooth: btqca: move WCN7850 workaround to the caller (David Marlin) [RHEL-172460]
- Bluetooth: btmtksdio: Use pm_ptr instead of #ifdef CONFIG_PM (David Marlin) [RHEL-172460]
- Bluetooth: hci_bcm4377: Use generic power management (David Marlin) [RHEL-172460]
- xfrm: esp: avoid in-place decrypt on shared skb frags (CKI Backport Bot) [RHEL-174522] {CVE-2026-43284}
- redhat/configs: enable CONFIG_SCLP_OFB for s390x (Jan Polensky) [RHEL-170705]
- iommu/arm-smmu-v3: Fix typos introduced by arm_smmu_invs (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Do not continue in __arm_smmu_domain_inv_range() (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Perform per-domain invalidations using arm_smmu_invs (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Add arm_smmu_invs based arm_smmu_domain_inv_range() (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Populate smmu_domain->invs when attaching masters (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Pre-allocate a per-master invalidation array (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Introduce a per-domain arm_smmu_invs array (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Add an inline arm_smmu_domain_free() (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Explicitly set smmu_domain->stage for SVA (Jerry Snitselaar) [RHEL-88961]
- iommu/arm-smmu-v3: Add a missing dma_wmb() for hitless STE update (Jerry Snitselaar) [RHEL-88961]
- sort.h: hoist cmp_int() into generic header file (Jerry Snitselaar) [RHEL-88961]
- lib/sort.c: add _nonatomic() variants with cond_resched() (Jerry Snitselaar) [RHEL-88961]
- lib/list_sort: clarify comparison function requirements in list_sort() (Jerry Snitselaar) [RHEL-88961]
- lib/sort: clarify comparison function requirements in sort_r() (Jerry Snitselaar) [RHEL-88961]
- cgroup/cpuset: Skip security check for hotplug induced v1 task migration (Waiman Long) [RHEL-160958]
- cgroup/cpuset: Simplify setsched decision check in task iteration loop of cpuset_can_attach() (Waiman Long) [RHEL-160958]
- blk-cgroup: wait for blkcg cleanup before initializing new disk (Ming Lei) [RHEL-93825]
* Thu May 14 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-228.el10]
- dpaa2-switch: validate num_ifs to prevent out-of-bounds write (CKI Backport Bot) [RHEL-174253] {CVE-2026-43205}
- dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero (CKI Backport Bot) [RHEL-174253] {CVE-2026-43205}

6
sources
View File

@ -1,5 +1,5 @@
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
SHA512 (linux-6.12.0-228.el10.tar.xz) = acb07fc6ad1538a3012140aafebbbea7b9c2c3c0bdaaa96cd4f7f7c479c21e35ad4cfb867d7702fd9aab624001fdb9b68b46671efd2b2f86b5cd782f34b3115b
SHA512 (kernel-abi-stablelists-6.12.0-228.el10.tar.xz) = a06e3c88ba6cc7d606b7ed54ef517b5840d8783dde5352a948386e6eba34b9a1316fd8c4453451f61fa540fe586845590edf5c16ae6a96665ad648742952857f
SHA512 (kernel-kabi-dw-6.12.0-228.el10.tar.xz) = 2ea83a14500520555caa081ce597da3c8e1352ba32e41fc2c53838ff0bc0092c6aaf0ea0ea29d9b0fea8dafe71d24a6b6ef6b1df726a21ddfa9b9a47d0c7003b
SHA512 (linux-6.12.0-229.el10.tar.xz) = 822e1318e5b666ed87980ca2919f9d3293f0af290661cd39e1ffd48107a7990d2e25abf39c8e067395071efdd9abc12940a8f5acdfab583dbcea391bf9350581
SHA512 (kernel-abi-stablelists-6.12.0-229.el10.tar.xz) = dad0e0efef7d969a1c2a61efd28b39b629c73702bdab334f4ba9c4c2c88804e25a406a913fc9b0adcf107243f8a9345a007a431f683f57c888167415b55bd213
SHA512 (kernel-kabi-dw-6.12.0-229.el10.tar.xz) = d01f2a455fc84f269e0b23f1ae233ae0d6e789155b479dce9622fe985bdaefe04020434be2c0c662bd870021b9a9677b92f19bcb917da5a35ff5d7db5f857725