From 83f40e0ddfabea30398668a81cb7a9720579d874 Mon Sep 17 00:00:00 2001 From: Jan Stancek Date: Fri, 9 Aug 2024 12:20:36 +0200 Subject: [PATCH] kernel-6.11.0-0.rc2.17.el10 * Fri Aug 09 2024 Jan Stancek [6.11.0-0.rc2.17.el10] - btrfs: avoid using fixed char array size for tree names (Qu Wenruo) - btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) - btrfs: emit a warning about space cache v1 being deprecated (Josef Bacik) - btrfs: fix qgroup reserve leaks in cow_file_range (Boris Burkov) - btrfs: implement launder_folio for clearing dirty page reserve (Boris Burkov) - btrfs: scrub: update last_physical after scrubbing one stripe (Qu Wenruo) - btrfs: factor out stripe length calculation into a helper (Qu Wenruo) - power: supply: qcom_battmgr: Ignore extra __le32 in info payload (Stephan Gerhold) - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (Neil Armstrong) - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) - power: supply: rt5033: Bring back i2c_set_clientdata (Nikita Travkin) - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) - platform/x86/intel/ifs: Initialize union ifs_status to zero (Kuppuswamy Sathyanarayanan) - platform/x86: msi-wmi-platform: Fix spelling mistakes (Luis Felipe Hernandez) - platform/x86/amd/pmf: Add new ACPI ID AMDI0107 (Shyam Sundar S K) - platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (Shyam Sundar S K) - platform/x86/amd: pmf: Add quirk for ROG Ally X (Luke D. Jones) - platform/x86: intel-vbtn: Protect ACPI notify handler against recursion (Hans de Goede) - selftests: ksft: Fix finished() helper exit code on skipped tests (Laura Nao) - mm, slub: do not call do_slab_free for kfence object (Rik van Riel) - redhat/configs: Disable gfs2 in rhel configs (Andrew Price) - redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) - redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) - Linux v6.11.0-0.rc2 Resolves: RHEL-29722 Signed-off-by: Jan Stancek --- Makefile.rhelver | 2 +- kernel-ppc64le-debug-rhel.config | 3 +- kernel-ppc64le-rhel.config | 3 +- kernel-s390x-debug-rhel.config | 3 +- kernel-s390x-rhel.config | 3 +- kernel-s390x-zfcpdump-rhel.config | 1 - kernel-x86_64-debug-rhel.config | 3 +- kernel-x86_64-rhel.config | 3 +- kernel-x86_64-rt-debug-rhel.config | 3 +- kernel-x86_64-rt-rhel.config | 3 +- kernel.changelog | 73 +++++++++++++- kernel.spec | 76 ++++++++++++++- sources | 6 +- uki_addons.json | 12 +++ uki_create_addons.py | 151 +++++++++++++++++++++++++++++ 15 files changed, 319 insertions(+), 26 deletions(-) create mode 100644 uki_addons.json create mode 100755 uki_create_addons.py diff --git a/Makefile.rhelver b/Makefile.rhelver index b447cc704..98d4761e0 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 0 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 16 +RHEL_RELEASE = 17 # # RHEL_REBASE_NUM diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index 655d3e8ee..b65e30fe2 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -1961,8 +1961,7 @@ CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set CONFIG_GENWQE=m CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=1 -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index a7e670879..ad1644682 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -1945,8 +1945,7 @@ CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set CONFIG_GENWQE=m CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=1 -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 5472f4182..a68adc896 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -1961,8 +1961,7 @@ CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set CONFIG_GENWQE=m CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=0 -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 21bfb967f..7e583bbe1 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -1945,8 +1945,7 @@ CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set CONFIG_GENWQE=m CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=0 -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 8171364b2..6f3011f89 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -1951,7 +1951,6 @@ CONFIG_GENEVE=m CONFIG_GENWQE=m CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=0 # CONFIG_GFS2_FS is not set -CONFIG_GFS2_FS_LOCKING_DLM=y # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 97d70aa8f..67883984b 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -2094,8 +2094,7 @@ CONFIG_GENERIC_ISA_DMA=y CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set # CONFIG_GENWQE is not set -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index f25647354..4f48ea59d 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -2078,8 +2078,7 @@ CONFIG_GENERIC_ISA_DMA=y CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set # CONFIG_GENWQE is not set -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 4f3323852..6d6c99668 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -2133,8 +2133,7 @@ CONFIG_GENERIC_ISA_DMA=y CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set # CONFIG_GENWQE is not set -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 2b31ddb6f..dadb8ff7f 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -2117,8 +2117,7 @@ CONFIG_GENERIC_ISA_DMA=y CONFIG_GENEVE=m # CONFIG_GEN_RTC is not set # CONFIG_GENWQE is not set -CONFIG_GFS2_FS_LOCKING_DLM=y -CONFIG_GFS2_FS=m +# CONFIG_GFS2_FS is not set # CONFIG_GIGABYTE_WMI is not set # CONFIG_GLOB_SELFTEST is not set CONFIG_GLOB=y diff --git a/kernel.changelog b/kernel.changelog index d1fdbf845..c3bcdef84 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,31 @@ +* Fri Aug 09 2024 Jan Stancek [6.11.0-0.rc2.17.el10] +- btrfs: avoid using fixed char array size for tree names (Qu Wenruo) +- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) +- btrfs: emit a warning about space cache v1 being deprecated (Josef Bacik) +- btrfs: fix qgroup reserve leaks in cow_file_range (Boris Burkov) +- btrfs: implement launder_folio for clearing dirty page reserve (Boris Burkov) +- btrfs: scrub: update last_physical after scrubbing one stripe (Qu Wenruo) +- btrfs: factor out stripe length calculation into a helper (Qu Wenruo) +- power: supply: qcom_battmgr: Ignore extra __le32 in info payload (Stephan Gerhold) +- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (Neil Armstrong) +- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) +- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) +- power: supply: rt5033: Bring back i2c_set_clientdata (Nikita Travkin) +- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) +- platform/x86/intel/ifs: Initialize union ifs_status to zero (Kuppuswamy Sathyanarayanan) +- platform/x86: msi-wmi-platform: Fix spelling mistakes (Luis Felipe Hernandez) +- platform/x86/amd/pmf: Add new ACPI ID AMDI0107 (Shyam Sundar S K) +- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (Shyam Sundar S K) +- platform/x86/amd: pmf: Add quirk for ROG Ally X (Luke D. Jones) +- platform/x86: intel-vbtn: Protect ACPI notify handler against recursion (Hans de Goede) +- selftests: ksft: Fix finished() helper exit code on skipped tests (Laura Nao) +- mm, slub: do not call do_slab_free for kfence object (Rik van Riel) +- redhat/configs: Disable gfs2 in rhel configs (Andrew Price) +- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) +- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) +- Linux v6.11.0-0.rc2 +Resolves: RHEL-29722 + * Tue Aug 06 2024 Jan Stancek [6.11.0-0.rc2.16.el10] - Linux 6.11-rc2 (Linus Torvalds) - profiling: remove profile=sleep support (Tetsuo Handa) @@ -156,6 +184,34 @@ - task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK (Linus Torvalds) Resolves: RHEL-29722 +* Fri Aug 09 2024 Jan Stancek [6.11.0-0.rc2.17.el10] +- btrfs: avoid using fixed char array size for tree names (Qu Wenruo) +- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) +- btrfs: emit a warning about space cache v1 being deprecated (Josef Bacik) +- btrfs: fix qgroup reserve leaks in cow_file_range (Boris Burkov) +- btrfs: implement launder_folio for clearing dirty page reserve (Boris Burkov) +- btrfs: scrub: update last_physical after scrubbing one stripe (Qu Wenruo) +- btrfs: factor out stripe length calculation into a helper (Qu Wenruo) +- power: supply: qcom_battmgr: Ignore extra __le32 in info payload (Stephan Gerhold) +- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (Neil Armstrong) +- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) +- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) +- power: supply: rt5033: Bring back i2c_set_clientdata (Nikita Travkin) +- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) +- platform/x86/intel/ifs: Initialize union ifs_status to zero (Kuppuswamy Sathyanarayanan) +- platform/x86: msi-wmi-platform: Fix spelling mistakes (Luis Felipe Hernandez) +- platform/x86/amd/pmf: Add new ACPI ID AMDI0107 (Shyam Sundar S K) +- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (Shyam Sundar S K) +- platform/x86/amd: pmf: Add quirk for ROG Ally X (Luke D. Jones) +- platform/x86: intel-vbtn: Protect ACPI notify handler against recursion (Hans de Goede) +- selftests: ksft: Fix finished() helper exit code on skipped tests (Laura Nao) +- mm, slub: do not call do_slab_free for kfence object (Rik van Riel) +- redhat/configs: Disable gfs2 in rhel configs (Andrew Price) +- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) +- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) +- Linux v6.11.0-0.rc2 +Resolves: + * Tue Aug 06 2024 Jan Stancek [6.11.0-0.rc2.16.el10] - Linux 6.11-rc2 (Linus Torvalds) - profiling: remove profile=sleep support (Tetsuo Handa) @@ -312,7 +368,22 @@ Resolves: RHEL-29722 - printk: Add notation to console_srcu locking (John Ogness) - crypto: x86/aes-gcm: Disable FPU around skcipher_walk_done(). (Sebastian Andrzej Siewior) - task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK (Linus Torvalds) -Resolves: RHEL-29722, RHEL-52629 +Resolves: RHEL-29722 + +* Thu Aug 08 2024 Fedora Kernel Team [6.11.0-0.rc2.6a0e38264012.25] +- Linux v6.11.0-0.rc2.6a0e38264012 +Resolves: + +* Wed Aug 07 2024 Fedora Kernel Team [6.11.0-0.rc2.d4560686726f.24] +- Linux v6.11.0-0.rc2.d4560686726f +Resolves: + +* Tue Aug 06 2024 Fedora Kernel Team [6.11.0-0.rc2.b446a2dae984.23] +- redhat/configs: Disable gfs2 in rhel configs (Andrew Price) +- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) +- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) +- Linux v6.11.0-0.rc2.b446a2dae984 +Resolves: * Mon Aug 05 2024 Fedora Kernel Team [6.11.0-0.rc2.22] - rh_flags: fix failed when register_sysctl_sz rh_flags_table to kernel (Ricardo Robaina) [RHEL-52629] diff --git a/kernel.spec b/kernel.spec index 3febb6a8b..b177bcc98 100644 --- a/kernel.spec +++ b/kernel.spec @@ -163,15 +163,15 @@ Summary: The Linux kernel %define specrpmversion 6.11.0 %define specversion 6.11.0 %define patchversion 6.11 -%define pkgrelease 0.rc2.16 +%define pkgrelease 0.rc2.17 %define kversion 6 -%define tarfile_release 6.11.0-0.rc2.16.el10 +%define tarfile_release 6.11.0-0.rc2.17.el10 # This is needed to do merge window version magic %define patchlevel 11 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc2.16%{?buildid}%{?dist} +%define specrelease 0.rc2.17%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.11.0-0.rc2.16.el10 +%define kabiversion 6.11.0-0.rc2.17.el10 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -797,6 +797,8 @@ BuildRequires: lvm2 BuildRequires: systemd-boot-unsigned # For systemd-stub and systemd-pcrphase BuildRequires: systemd-udev >= 252-1 +# For UKI kernel cmdline addons +BuildRequires: systemd-ukify # For TPM operations in UKI initramfs BuildRequires: tpm2-tools # For UKI sb cert @@ -925,6 +927,9 @@ Source86: dracut-virt.conf Source87: flavors +Source151: uki_create_addons.py +Source152: uki_addons.json + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 Source102: nvidiagpuoot001.x509 @@ -1566,6 +1571,11 @@ Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\ Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\ Requires(pre): %{kernel_prereq}\ Requires(pre): systemd >= 254-1\ +%package %{?1:%{1}-}uki-virt-addons\ +Summary: %{variant_summary} unified kernel image addons for virtual machines\ +Provides: installonlypkg(kernel)\ +Requires: kernel%{?1:-%{1}}-uki-virt = %{specrpmversion}-%{release}\ +Requires(pre): systemd >= 254-1\ %endif\ %endif\ %if %{with_gcov}\ @@ -1705,31 +1715,49 @@ input and output, etc. %if %{with_up} && %{with_debug} && %{with_efiuki} %description debug-uki-virt Prebuilt debug unified kernel image for virtual machines. + +%description debug-uki-virt-addons +Prebuilt debug unified kernel image addons for virtual machines. %endif %if %{with_up_base} && %{with_efiuki} %description uki-virt Prebuilt default unified kernel image for virtual machines. + +%description uki-virt-addons +Prebuilt default unified kernel image addons for virtual machines. %endif %if %{with_arm64_16k} && %{with_debug} && %{with_efiuki} %description 16k-debug-uki-virt Prebuilt 16k debug unified kernel image for virtual machines. + +%description 16k-debug-uki-virt-addons +Prebuilt 16k debug unified kernel image addons for virtual machines. %endif %if %{with_arm64_16k_base} && %{with_efiuki} %description 16k-uki-virt Prebuilt 16k unified kernel image for virtual machines. + +%description 16k-uki-virt-addons +Prebuilt 16k unified kernel image addons for virtual machines. %endif %if %{with_arm64_64k} && %{with_debug} && %{with_efiuki} %description 64k-debug-uki-virt Prebuilt 64k debug unified kernel image for virtual machines. + +%description 64k-debug-uki-virt-addons +Prebuilt 64k debug unified kernel image addons for virtual machines. %endif %if %{with_arm64_64k_base} && %{with_efiuki} %description 64k-uki-virt Prebuilt 64k unified kernel image for virtual machines. + +%description 64k-uki-virt-addons +Prebuilt 64k unified kernel image addons for virtual machines. %endif %if %{with_ipaclones} @@ -2616,6 +2644,10 @@ BuildKernel() { --kernel-cmdline 'console=tty0 console=ttyS0' \ $KernelUnifiedImage + KernelAddonsDirOut="$KernelUnifiedImage.extra.d" + mkdir -p $KernelAddonsDirOut + python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDirOut virt %{primary_target} %{_target_cpu} + %if %{signkernel} %{log_msg "Sign the EFI UKI kernel"} %if 0%{?fedora}%{?eln} @@ -2637,6 +2669,12 @@ BuildKernel() { fi mv $KernelUnifiedImage.signed $KernelUnifiedImage + for addon in "$KernelAddonsDirOut"/*; do + %pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + rm -f $addon + mv $addon.signed $addon + done + # signkernel %endif @@ -3974,6 +4012,9 @@ fi\ /lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\ %attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ %ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\ +%{expand:%%files %{?3:%{3}-}uki-virt-addons}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi.extra.d/ \ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi.extra.d/*.addon.efi\ %endif\ %endif\ %if %{?3:1} %{!?3:0}\ @@ -4048,6 +4089,33 @@ fi\ # # %changelog +* Fri Aug 09 2024 Jan Stancek [6.11.0-0.rc2.17.el10] +- btrfs: avoid using fixed char array size for tree names (Qu Wenruo) +- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) +- btrfs: emit a warning about space cache v1 being deprecated (Josef Bacik) +- btrfs: fix qgroup reserve leaks in cow_file_range (Boris Burkov) +- btrfs: implement launder_folio for clearing dirty page reserve (Boris Burkov) +- btrfs: scrub: update last_physical after scrubbing one stripe (Qu Wenruo) +- btrfs: factor out stripe length calculation into a helper (Qu Wenruo) +- power: supply: qcom_battmgr: Ignore extra __le32 in info payload (Stephan Gerhold) +- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (Neil Armstrong) +- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) +- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) +- power: supply: rt5033: Bring back i2c_set_clientdata (Nikita Travkin) +- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) +- platform/x86/intel/ifs: Initialize union ifs_status to zero (Kuppuswamy Sathyanarayanan) +- platform/x86: msi-wmi-platform: Fix spelling mistakes (Luis Felipe Hernandez) +- platform/x86/amd/pmf: Add new ACPI ID AMDI0107 (Shyam Sundar S K) +- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (Shyam Sundar S K) +- platform/x86/amd: pmf: Add quirk for ROG Ally X (Luke D. Jones) +- platform/x86: intel-vbtn: Protect ACPI notify handler against recursion (Hans de Goede) +- selftests: ksft: Fix finished() helper exit code on skipped tests (Laura Nao) +- mm, slub: do not call do_slab_free for kfence object (Rik van Riel) +- redhat/configs: Disable gfs2 in rhel configs (Andrew Price) +- redhat/uki_addons/virt: add common FIPS addon (Emanuele Giuseppe Esposito) +- redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons (Emanuele Giuseppe Esposito) +- Linux v6.11.0-0.rc2 + * Tue Aug 06 2024 Jan Stancek [6.11.0-0.rc2.16.el10] - Linux 6.11-rc2 (Linus Torvalds) - profiling: remove profile=sleep support (Tetsuo Handa) diff --git a/sources b/sources index ebd29462a..f68784b08 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.11.0-0.rc2.16.el10.tar.xz) = ec00b14d35928348ebb9e6463cdf02336b03efe26ab7a056077e0652210837d033910c7e6f706dfba8135d73caea62682c5447fc47852859517b29f2797194c8 -SHA512 (kernel-abi-stablelists-6.11.0-0.rc2.16.el10.tar.xz) = b5a236b165da1baa176ca5ef0eb1422d1c9d8b923848de7548c0ae141de60cb331c245c3977d62611c02bedd8b0f41a1f6406c6de4aaa0b08074c840378c1385 -SHA512 (kernel-kabi-dw-6.11.0-0.rc2.16.el10.tar.xz) = 058c2398b34608007996d39831d61d82b546674d7b9475e7b5c92f473f70be941be32db4024d6ee0df2571345cacd318f2d72144d561f24b0526e4fb0308cdcc +SHA512 (linux-6.11.0-0.rc2.17.el10.tar.xz) = fa1ad63d0ce729ad4ac702e89d2b901f30c7e135235f98a40961b371cfde93a6015cb3eb77d93b734df667d7d064f4f06109fb1cfd5b5fb55b6c445169b5e6ca +SHA512 (kernel-abi-stablelists-6.11.0-0.rc2.17.el10.tar.xz) = 8318cfdbeb63f51fc0f7d4254b1eb05bcb6f125b155fa3abda18d42cd052715aa6836256cc44b02282a5a1ebab73d8e8ef4f7dd5abfcc1339e9ecae1a1c5ecb6 +SHA512 (kernel-kabi-dw-6.11.0-0.rc2.17.el10.tar.xz) = 058c2398b34608007996d39831d61d82b546674d7b9475e7b5c92f473f70be941be32db4024d6ee0df2571345cacd318f2d72144d561f24b0526e4fb0308cdcc diff --git a/uki_addons.json b/uki_addons.json new file mode 100644 index 000000000..d82dc87d6 --- /dev/null +++ b/uki_addons.json @@ -0,0 +1,12 @@ +{ + "virt": { + "common": { + "fips-disable.addon": [ + "fips=0\n" + ], + "fips-enable.addon": [ + "fips=1\n" + ] + } + } +} \ No newline at end of file diff --git a/uki_create_addons.py b/uki_create_addons.py new file mode 100755 index 000000000..e30d43b2a --- /dev/null +++ b/uki_create_addons.py @@ -0,0 +1,151 @@ +#!/usr/bin/env python3 +# +# This script inspects a given json proving a list of addons, and +# creates an addon for each key/value pair matching the given uki, distro and +# arch provided in input. +# +# Usage: python uki_create_addons.py input_json out_dir uki distro arch +# +# This tool requires the systemd-ukify and systemd-boot packages. +# +# Addon file +#----------- +# Each addon terminates with .addon +# Each addon contains only two types of lines: +# Lines beginning with '#' are description and thus ignored +# All other lines are command line to be added. +# The name of the end resulting addon is taken from the json hierarchy. +# For example, and addon in json['virt']['rhel']['x86_64']['hello.addon'] will +# result in an UKI addon file generated in out_dir called +# hello-virt.rhel.x86_64.addon.efi +# +# The common key, present in any sub-dict in the provided json (except the leaf dict) +# is used as place for default addons when the same addon is not defined deep +# in the hierarchy. For example, if we define test.addon (text: 'test1\n') in +# json['common']['test.addon'] = ['test1\n'] and another test.addon (text: test2) in +# json['virt']['common']['test.addon'] = ['test2'], any other uki except virt +# will have a test.addon.efi with text "test1", and virt will have a +# test.addon.efi with "test2" +# +# sbat.conf +#---------- +# This dict is containing the sbat string for *all* addons being created. +# This dict is optional, but when used has to be put in a sub-dict with +# { 'sbat' : { 'sbat.conf' : ['your text here'] }} +# It follows the same syntax as the addon files, meaning '#' is comment and +# the rest is taken as sbat string and feed to ukify. + +import os +import sys +import json +import collections +import subprocess + + +UKIFY_PATH = '/usr/lib/systemd/ukify' + +def usage(err): + print(f'Usage: {os.path.basename(__file__)} input_json output_dir uki distro arch') + print(f'Error:{err}') + sys.exit(1) + +def check_clean_arguments(input_json, out_dir): + # Remove end '/' + if out_dir[-1:] == '/': + out_dir = out_dir[:-1] + if not os.path.isfile(input_json): + usage(f'input_json {input_json} is not a file, or does not exist!') + if not os.path.isdir(out_dir): + usage(f'out_dir_dir {out_dir} is not a dir, or does not exist!') + return out_dir + +UKICmdlineAddon = collections.namedtuple('UKICmdlineAddon', ['name', 'cmdline']) +uki_addons_list = [] +uki_addons = {} +addon_sbat_string = None + +def parse_lines(lines, rstrip=True): + cmdline = '' + for l in lines: + l = l.lstrip() + if not l: + continue + if l[0] == '#': + continue + # rstrip is used only for addons cmdline, not sbat.conf, as it replaces + # return lines with spaces. + if rstrip: + l = l.rstrip() + ' ' + cmdline += l + if cmdline == '': + return '' + return cmdline + +def parse_all_addons(in_obj): + global addon_sbat_string + + for el in in_obj.keys(): + # addon found: copy it in our global dict uki_addons + if el.endswith('.addon'): + uki_addons[el] = in_obj[el] + + if 'sbat' in in_obj and 'sbat.conf' in in_obj['sbat']: + # sbat.conf found: override sbat with the most specific one found + addon_sbat_string = parse_lines(in_obj['sbat']['sbat.conf'], rstrip=False) + +def recursively_find_addons(in_obj, folder_list): + # end of recursion, leaf directory. Search all addons here + if len(folder_list) == 0: + parse_all_addons(in_obj) + return + + # first, check for common folder + if 'common' in in_obj: + parse_all_addons(in_obj['common']) + + # second, check if there is a match with the searched folder + if folder_list[0] in in_obj: + folder_next = in_obj[folder_list[0]] + folder_list = folder_list[1:] + recursively_find_addons(folder_next, folder_list) + +def parse_in_json(in_json, uki_name, distro, arch): + with open(in_json, 'r') as f: + in_obj = json.load(f) + recursively_find_addons(in_obj, [uki_name, distro, arch]) + + for addon_name, cmdline in uki_addons.items(): + addon_name = addon_name.replace(".addon","") + addon_full_name = f'{addon_name}-{uki_name}.{distro}.{arch}.addon.efi' + cmdline = parse_lines(cmdline).rstrip() + if cmdline: + uki_addons_list.append(UKICmdlineAddon(addon_full_name, cmdline)) + +def create_addons(out_dir): + for uki_addon in uki_addons_list: + out_path = os.path.join(out_dir, uki_addon.name) + cmd = [ + f'{UKIFY_PATH}', 'build', + f'--cmdline="{uki_addon.cmdline}"', + f'--output={out_path}'] + if addon_sbat_string: + cmd.append('--sbat="' + addon_sbat_string.rstrip() +'"') + + subprocess.check_call(cmd, text=True) + +if __name__ == "__main__": + argc = len(sys.argv) - 1 + if argc != 5: + usage('too few or too many parameters!') + + input_json = sys.argv[1] + out_dir = sys.argv[2] + uki_name = sys.argv[3] + distro = sys.argv[4] + arch = sys.argv[5] + + out_dir = check_clean_arguments(input_json, out_dir) + parse_in_json(input_json, uki_name, distro, arch) + create_addons(out_dir) + +