From 845d97f89a9910b9ae7994faae18d1dec3b029f7 Mon Sep 17 00:00:00 2001 From: Jan Stancek Date: Thu, 17 Aug 2023 11:46:34 +0200 Subject: [PATCH] kernel-5.14.0-357.el9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Thu Aug 17 2023 Jan Stancek [5.14.0-357.el9] - drm/simpledrm: Support the XB24/AB24 format (Adam Jackson) [2231064] - Revert "PCI: tegra194: Enable support for 256 Byte payload" (Jennifer Berringer) [2210133] - Revert "drm/amd/display: edp do not add non-edid timings" (Mika Penttilä) [RHEL-846] - Revert "drm/amd/display: reallocate DET for dual displays with high pixel rate ratio" (Mika Penttilä) [RHEL-846] - drm/client: Fix memory leak in drm_client_modeset_probe (Mika Penttilä) [RHEL-846] - drm/client: Fix memory leak in drm_client_target_cloned (Mika Penttilä) [RHEL-846] - drm/atomic: Fix potential use-after-free in nonblocking commits (Mika Penttilä) [RHEL-846] - drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (Mika Penttilä) [RHEL-846] - drm/amd/pm: share the code around SMU13 pcie parameters update (Mika Penttilä) [RHEL-846] - drm/ttm: Don't leak a resource on swapout move error (Mika Penttilä) [RHEL-846] - drm/amdgpu: avoid restore process run into dead loop. (Mika Penttilä) [RHEL-846] - drm/amd/display: Correct `DMUB_FW_VERSION` macro (Mika Penttilä) [RHEL-846] - drm/amd/display: Fix 128b132b link loss handling (Mika Penttilä) [RHEL-846] - drm/amd/display: add a NULL pointer check (Mika Penttilä) [RHEL-846] - drm/amd: Disable PSR-SU on Parade 0803 TCON (Mika Penttilä) [RHEL-846] - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (Mika Penttilä) [RHEL-846] - drm/amd/display: disable seamless boot if force_odm_combine is enabled (Mika Penttilä) [RHEL-846] - drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (Mika Penttilä) [RHEL-846] - drm/amd/display: fix seamless odm transitions (Mika Penttilä) [RHEL-846] - drm/dp_mst: Clear MSG_RDY flag before sending new message (Mika Penttilä) [RHEL-846] - drm/atomic: Allow vblank-enabled + self-refresh "disable" (Mika Penttilä) [RHEL-846] - drm/amd/display: perform a bounds check before filling dirty rectangles (Mika Penttilä) [RHEL-846] - drm/nouveau: bring back blit subchannel for pre nv50 GPUs (Mika Penttilä) [RHEL-846] - drm/nouveau/disp/g94: enable HDMI (Mika Penttilä) [RHEL-846] - drm/nouveau/disp: fix HDMI on gt215+ (Mika Penttilä) [RHEL-846] - drm/i915: Fix one wrong caching mode enum usage (Mika Penttilä) [RHEL-846] - drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner (Mika Penttilä) [RHEL-846] - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (Mika Penttilä) [RHEL-846] - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (Mika Penttilä) [RHEL-846] - drm/panel: simple: Add connector_type for innolux_at043tn24 (Mika Penttilä) [RHEL-846] - drm/nouveau/acr: Abort loading ACR if no firmware was found (Mika Penttilä) [RHEL-846] - drm/amdgpu: add RAS POISON interrupt funcs for jpeg_v4_0 (Mika Penttilä) [RHEL-846] - drm/amdgpu: add RAS POISON interrupt funcs for jpeg_v2_6 (Mika Penttilä) [RHEL-846] - drm/amdgpu: separate ras irq from jpeg instance irq for UVD_POISON (Mika Penttilä) [RHEL-846] - drm/amdgpu: add RAS POISON interrupt funcs for vcn_v4_0 (Mika Penttilä) [RHEL-846] - drm/amdgpu: add RAS POISON interrupt funcs for vcn_v2_6 (Mika Penttilä) [RHEL-846] - drm/amdgpu: separate ras irq from vcn instance irq for UVD_POISON (Mika Penttilä) [RHEL-846] - drm/amdgpu: Move vcn ras block init to ras sw_init (Mika Penttilä) [RHEL-846] - drm/amdgpu: Move jpeg ras block init to ras sw_init (Mika Penttilä) [RHEL-846] - drm/amdgpu: Fix usage of UMC fill record in RAS (Mika Penttilä) [RHEL-846] - drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function. (Mika Penttilä) [RHEL-846] - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (Mika Penttilä) [RHEL-846] - drm/radeon: fix possible division-by-zero errors (Mika Penttilä) [RHEL-846] - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (Mika Penttilä) [RHEL-846] - drm/amdkfd: Fix potential deallocation of previously deallocated memory. (Mika Penttilä) [RHEL-846] - drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (Mika Penttilä) [RHEL-846] - drm/amd/display: Fix a test CalculatePrefetchSchedule() (Mika Penttilä) [RHEL-846] - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (Mika Penttilä) [RHEL-846] - drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec (Mika Penttilä) [RHEL-846] - drm/bridge: anx7625: Prevent endless probe loop (Mika Penttilä) [RHEL-846] - xdrm/nouveau: dispnv50: fix missing-prototypes warning (Mika Penttilä) [RHEL-846] - drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (Mika Penttilä) [RHEL-846] - drm/vkms: Fix RGB565 pixel conversion (Mika Penttilä) [RHEL-846] - drm: Add fixed-point helper to get rounded integer values (Mika Penttilä) [RHEL-846] - drm/vkms: isolate pixel conversion functionality (Mika Penttilä) [RHEL-846] - drm/panel: sharp-ls043t1le01: adjust mode settings (Mika Penttilä) [RHEL-846] - drm/vram-helper: fix function names in vram helper doc (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix THS_TRAILCNT computation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix TXTAGOCNT computation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix THS_ZEROCNT computation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix PLL target frequency (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: fix PLL parameters computation (Mika Penttilä) [RHEL-846] - drm/bridge: tc358768: always enable HS video mode (Mika Penttilä) [RHEL-846] - drm/bridge: ti-sn65dsi83: Fix enable error path (Mika Penttilä) [RHEL-846] - drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (Mika Penttilä) [RHEL-846] - drm/i915/guc/slpc: Provide sysfs for efficient freq (Mika Penttilä) [RHEL-846] - drm/i915/guc: More debug print updates - GuC SLPC (Mika Penttilä) [RHEL-846] - drm/amd/display: Explicitly specify update type per plane info change (Mika Penttilä) [RHEL-846] - radeon: avoid double free in ci_dpm_init() (Mika Penttilä) [RHEL-846] - drm/amd/display: fix is_timing_changed() prototype (Mika Penttilä) [RHEL-846] - drm/amd/display: Add logging for display MALL refresh setting (Mika Penttilä) [RHEL-846] - drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (Mika Penttilä) [RHEL-846] - drm/amd/display: Ensure vmin and vmax adjust for DCE (Mika Penttilä) [RHEL-846] - drm/amdgpu: Validate VM ioctl flags. (Mika Penttilä) [RHEL-846] - drm/amd/display: Do not update DRR while BW optimizations pending (Mika Penttilä) [RHEL-846] - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (Mika Penttilä) [RHEL-846] - udmabuf: revert 'Add support for mapping hugepages (v4)' (Mika Penttilä) [RHEL-846] - drm/amd/display: fix the system hang while disable PSR (Mika Penttilä) [RHEL-846] - drm/amd/display: Add wrapper to call planes and stream update (Mika Penttilä) [RHEL-846] - drm/amd/display: Use dc_update_planes_and_stream (Mika Penttilä) [RHEL-846] - drm/nouveau: add nv_encoder pointer check for NULL (Mika Penttilä) [RHEL-846] - drm/nouveau/dp: check for NULL nv_connector->native_mode (Mika Penttilä) [RHEL-846] - drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (Mika Penttilä) [RHEL-846] - drm/nouveau: don't detect DSM for non-NVIDIA device (Mika Penttilä) [RHEL-846] - drm/amdgpu: Modify indirect buffer packages for resubmission (Mika Penttilä) [RHEL-846] - drm/amdgpu: Implement gfx9 patch functions for resubmission (Mika Penttilä) [RHEL-846] - drm/amdgpu: Program gds backup address as zero if no gds allocated (Mika Penttilä) [RHEL-846] - drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled (Mika Penttilä) [RHEL-846] - drm/amdgpu: add missing radeon secondary PCI ID (Mika Penttilä) [RHEL-846] - drm/amd/pm: workaround for compute workload type on some skus (Mika Penttilä) [RHEL-846] - drm/amd: Tighten permissions on VBIOS flashing attributes (Mika Penttilä) [RHEL-846] - drm/amd: Make sure image is written to trigger VBIOS image update flow (Mika Penttilä) [RHEL-846] - drm/amd/display: edp do not add non-edid timings (Mika Penttilä) [RHEL-846] - drm/amd/display: limit DPIA link rate to HBR3 (Mika Penttilä) [RHEL-846] - drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (Mika Penttilä) [RHEL-846] - Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system" (Mika Penttilä) [RHEL-846] - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (Mika Penttilä) [RHEL-846] - drm: panel-orientation-quirks: Change Air's quirk to support Air Plus (Mika Penttilä) [RHEL-846] - drm/amd/display: add ODM case when looking for first split pipe (Mika Penttilä) [RHEL-846] - drm/amd/display: Reduce sdp bw after urgent to 90%% (Mika Penttilä) [RHEL-846] - drm/amd/pm: Fix power context allocation in SMU13 (Mika Penttilä) [RHEL-846] - drm/amd: Disallow s0ix without BIOS support again (Mika Penttilä) [RHEL-846] - drm/amdgpu: change reserved vram info print (Mika Penttilä) [RHEL-846] - drm/amdgpu: fix xclk freq on CHIP_STONEY (Mika Penttilä) [RHEL-846] - drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (Mika Penttilä) [RHEL-846] - drm/i915/gt: Use the correct error value when kernel_context() fails (Mika Penttilä) [RHEL-846] - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (Mika Penttilä) [RHEL-846] - drm/i915/selftests: Add some missing error propagation (Mika Penttilä) [RHEL-846] - drm/i915: Use 18 fast wake AUX sync len (Mika Penttilä) [RHEL-846] - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (Mika Penttilä) [RHEL-846] - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (Mika Penttilä) [RHEL-846] - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (Mika Penttilä) [RHEL-846] - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (Mika Penttilä) [RHEL-846] - drm/amd/pm: resolve reboot exception for si oland (Mika Penttilä) [RHEL-846] - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (Mika Penttilä) [RHEL-846] - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (Mika Penttilä) [RHEL-846] - drm/amdgpu: enable tmz by default for GC 11.0.1 (Mika Penttilä) [RHEL-846] - drm/amd/display: Only wait for blank completion if OTG active (Mika Penttilä) [RHEL-846] - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (Mika Penttilä) [RHEL-846] - drm/amdgpu: set gfx9 onwards APU atomics support to be true (Mika Penttilä) [RHEL-846] - drm/amdgpu/nv: update VCN 3 max HEVC encoding resolution (Mika Penttilä) [RHEL-846] - drm/amdgpu: Use the default reset when loading or reloading the driver (Mika Penttilä) [RHEL-846] - drm/amd/display: fix memleak in aconnector->timing_requested (Mika Penttilä) [RHEL-846] - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (Mika Penttilä) [RHEL-846] - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration (Mika Penttilä) [RHEL-846] - drm/i915: Disable DPLLs before disconnecting the TC PHY (Mika Penttilä) [RHEL-846] - drm/i915: Move shared DPLL disabling into CRTC disable hook (Mika Penttilä) [RHEL-846] - drm: fix drmm_mutex_init() (Mika Penttilä) [RHEL-846] - drm/amd/amdgpu: limit one queue per gang (Mika Penttilä) [RHEL-846] - drm/amd/pm: Fix output of pp_od_clk_voltage (Mika Penttilä) [RHEL-846] - drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (Mika Penttilä) [RHEL-846] - drm/amdgpu: don't enable secure display on incompatible platforms (Mika Penttilä) [RHEL-846] - drm/radeon: reintroduce radeon_dp_work_func content (Mika Penttilä) [RHEL-846] - drm/amd/display: Have Payload Properly Created After Resume (Mika Penttilä) [RHEL-846] - drm/amdgpu: reserve the old gc_11_0_*_mes.bin (Mika Penttilä) [RHEL-846] - drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (Mika Penttilä) [RHEL-846] - drm/amdgpu/gfx11: update gpu_clock_counter logic (Mika Penttilä) [RHEL-846] - drm/amdgpu: refine get gpu clock counter method (Mika Penttilä) [RHEL-846] - drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (Mika Penttilä) [RHEL-846] - drm/amdgpu/gfx10: Disable gfxoff before disabling powergating. (Mika Penttilä) [RHEL-846] - drm/amdgpu/gmc11: implement get_vbios_fb_size() (Mika Penttilä) [RHEL-846] - drm/amd/pm: fix possible power mode mismatch between driver and PMFW (Mika Penttilä) [RHEL-846] - drm/amdgpu: Enable IH retry CAM on GFX9 (Mika Penttilä) [RHEL-846] - drm/amdgpu: Fix sdma v4 sw fini error (Mika Penttilä) [RHEL-846] - drm/amd: Fix an out of bounds error in BIOS parser (Mika Penttilä) [RHEL-846] - drm/amd/display: Correct DML calculation to follow HW SPEC (Mika Penttilä) [RHEL-846] - drm/tegra: Avoid potential 32-bit integer overflow (Mika Penttilä) [RHEL-846] - drm/amd/display: fixed dcn30+ underflow issue (Mika Penttilä) [RHEL-846] - drm/amd/display: reallocate DET for dual displays with high pixel rate ratio (Mika Penttilä) [RHEL-846] - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (Mika Penttilä) [RHEL-846] - drm/amd/display: Enable HostVM based on rIOMMU active (Mika Penttilä) [RHEL-846] - drm/amd/display: enable DPG when disabling plane for phantom pipe (Mika Penttilä) [RHEL-846] - drm/amd/display: Correct DML calculation to align HW formula (Mika Penttilä) [RHEL-846] - drm/amd/display: populate subvp cmd info only for the top pipe (Mika Penttilä) [RHEL-846] - drm/displayid: add displayid_get_header() and check bounds better (Mika Penttilä) [RHEL-846] - drm/i915: taint kernel when force probing unsupported devices (Mika Penttilä) [RHEL-846] - drm/i915/dp: prevent potential div-by-zero (Mika Penttilä) [RHEL-846] - drm/i915: Fix NULL ptr deref by checking new_crtc_state (Mika Penttilä) [RHEL-846] - drm/i915/guc: Don't capture Gen8 regs on Xe devices (Mika Penttilä) [RHEL-846] - drm/sched: Check scheduler work queue before calling timeout handling (Mika Penttilä) [RHEL-846] - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (Mika Penttilä) [RHEL-846] - drm/nouveau/disp: More DP_RECEIVER_CAP_SIZE array fixes (Mika Penttilä) [RHEL-846] - drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (Mika Penttilä) [RHEL-846] - drm/fbdev-generic: prohibit potential out-of-bounds access (Mika Penttilä) [RHEL-846] - exfat: check if filename entries exceeds max filename length (Pavel Reichl) [2221611] {CVE-2023-4273} - RHEL only: mark io_uring tech preview (Jeff Moyer) [2217069] - RHEL only: disable io_uring by default (Jeff Moyer) [2217069] - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq (Jeff Moyer) [2217069] - io_uring: don't audit the capability check in io_uring_create() (Jeff Moyer) [2217069] - io_uring/net: clear msg_controllen on partial sendmsg retry (Jeff Moyer) [2217069] - io_uring/poll: serialize poll linked timer start with poll removal (Jeff Moyer) [2218611] {CVE-2023-3389} - io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr (Jeff Moyer) [2217069] - io_uring/net: save msghdr->msg_control for retries (Jeff Moyer) [2217069] - io_uring: wait interruptibly for request completions on exit (Jeff Moyer) [2217069] - io_uring: add a sysctl to disable io_uring system-wide (Jeff Moyer) [2217069] - io_uring: undeprecate epoll_ctl support (Jeff Moyer) [2217069] - io_uring/rsrc: use nospec'ed indexes (Jeff Moyer) [2217069] - selinux: implement the security_uring_cmd() LSM hook (Jeff Moyer) [2217069] - selinux: add support for the io_uring access controls (Jeff Moyer) [2217069] - selinux: log anon inode class name (Jeff Moyer) [2217069] - RHEL-only: revert RHEL add a boot parameter to enable io_uring (Jeff Moyer) [2217069] - RHEL-only: revert RHEL: io_uring: mark tech preview (Jeff Moyer) [2217069] - Documentation/x86: Fix backwards on/off logic about YMM support (Waiman Long) [2229875] {CVE-2022-40982} - KVM: Add GDS_NO support to KVM (Waiman Long) [2229875] {CVE-2022-40982} - redhat/configs/x86: Disable CONFIG_GDS_FORCE_MITIGATION (Waiman Long) [2229875] {CVE-2022-40982} - x86/speculation: Add Kconfig option for GDS (Waiman Long) [2229875] {CVE-2022-40982} - x86/speculation: Add force option to GDS mitigation (Waiman Long) [2229875] {CVE-2022-40982} - x86/speculation: Add Gather Data Sampling mitigation (Waiman Long) [2229875] {CVE-2022-40982} - x86/cpu: Switch to arch_cpu_finalize_init() (Waiman Long) [2229875] - init: Provide arch_cpu_finalize_init() (Waiman Long) [2229875] - x86/bugs: Use sysfs_emit() (Waiman Long) [2229875] - docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed (Waiman Long) [2229875] - arm64: correct the effect of mitigations off on kpti (Waiman Long) [2229875] - x86/speculation: Add missing srbds=off to the mitigations= help text (Waiman Long) [2229875] - Documentation/ABI: Mention retbleed vulnerability info file for sysfs (Waiman Long) [2229875] - ABI: sysfs-devices-system-cpu: use cpuX instead of cpu# (Waiman Long) [2229875] - PCI: Fix runtime PM race with PME polling (Eric Auger) [2216699] - PCI/VPD: Add runtime power management to sysfs interface (Eric Auger) [2216699] - fuse: optional supplementary group in create requests (Miklos Szeredi) [2134128] - fuse: add request extension (Miklos Szeredi) [2134128] - redhat: Switch UKI to using its own SecureBoot cert (Vitaly Kuznetsov) [2225529] - redhat: Add RHEL specifc .sbat section to UKI (Vitaly Kuznetsov) [2225529] - xfrm: add NULL check in xfrm_update_ae_params (Daniel Mendes) [2218947] {CVE-2023-3772} - nvme-rdma: fix potential unbalanced freeze & unfreeze (Ming Lei) [2158750] - nvme-tcp: fix potential unbalanced freeze & unfreeze (Ming Lei) [2158750] - nvme: fix possible hang when removing a controller during error recovery (Ming Lei) [2158750] - crypto: rng - Fix lock imbalance in crypto_del_rng (Herbert Xu) [2229643] Resolves: rhbz#2134128, rhbz#2158750, rhbz#2210133, rhbz#2216699, rhbz#2217069, rhbz#2218611, rhbz#2218947, rhbz#2221611, rhbz#2225529, rhbz#2229643, rhbz#2229875, rhbz#2231064, RHEL-846 Signed-off-by: Jan Stancek --- Makefile.rhelver | 2 +- kernel-x86_64-debug-rhel.config | 1 + kernel-x86_64-rhel.config | 1 + kernel-x86_64-rt-debug-rhel.config | 1 + kernel-x86_64-rt-rhel.config | 1 + kernel.spec | 262 ++++++++++++++++++++++++++++- sources | 6 +- uki-sb-cert-x86_64-centos.crt | Bin 0 -> 914 bytes uki-sb-cert-x86_64-rhel.crt | Bin 0 -> 964 bytes 9 files changed, 265 insertions(+), 9 deletions(-) create mode 100644 uki-sb-cert-x86_64-centos.crt create mode 100644 uki-sb-cert-x86_64-rhel.crt diff --git a/Makefile.rhelver b/Makefile.rhelver index 49cc6b182..f70d2c66c 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 3 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 356 +RHEL_RELEASE = 357 # # ZSTREAM diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 7841ddfa2..e7d1df276 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -1741,6 +1741,7 @@ CONFIG_GACT_PROB=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set # CONFIG_GENERIC_ADC_BATTERY is not set # CONFIG_GENERIC_ADC_THERMAL is not set CONFIG_GENERIC_CPU=y diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index b7e59b4e9..7a281e973 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -1725,6 +1725,7 @@ CONFIG_GACT_PROB=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set # CONFIG_GENERIC_ADC_BATTERY is not set # CONFIG_GENERIC_ADC_THERMAL is not set CONFIG_GENERIC_CPU=y diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index d8156b85e..a0775fbdf 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -1787,6 +1787,7 @@ CONFIG_GACT_PROB=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set # CONFIG_GENERIC_ADC_BATTERY is not set # CONFIG_GENERIC_ADC_THERMAL is not set CONFIG_GENERIC_CPU=y diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 0845d6fcb..3cc3bd107 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -1771,6 +1771,7 @@ CONFIG_GACT_PROB=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set # CONFIG_GENERIC_ADC_BATTERY is not set # CONFIG_GENERIC_ADC_THERMAL is not set CONFIG_GENERIC_CPU=y diff --git a/kernel.spec b/kernel.spec index 43e1f87ce..0c3d74985 100755 --- a/kernel.spec +++ b/kernel.spec @@ -161,15 +161,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 356 +%define pkgrelease 357 %define kversion 5 -%define tarfile_release 5.14.0-356.el9 +%define tarfile_release 5.14.0-357.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 356%{?buildid}%{?dist} +%define specrelease 357%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-356.el9 +%define kabiversion 5.14.0-357.el9 # # End of genspec.sh variables @@ -906,6 +906,9 @@ Source100: rheldup3.x509 Source101: rhelkpatch1.x509 Source150: dracut-virt.conf +# Remove this when https://bugzilla.redhat.com/show_bug.cgi?id=2225009 gets resolved +Source151: uki-sb-cert-x86_64-centos.crt +Source152: uki-sb-cert-x86_64-rhel.crt Source200: check-kabi @@ -2431,15 +2434,52 @@ BuildKernel() { --kernel-cmdline 'console=tty0 console=ttyS0' \ $KernelUnifiedImage + # Add RH specific .SBAT entries + # First, we need to save the original .sbat from UKI + objcopy -O binary --only-section=.sbat $KernelUnifiedImage $KernelUnifiedImage.sbat + # Remove all trailing zero bytes from the file + sed -i 's/\x0.*$//' $KernelUnifiedImage.sbat + # Add RHEL/CentOS specific entries +%if 0%{?centos} + SBATsuffix="centos" +%else + SBATsuffix="rhel" +%endif + echo "linux,1,Red Hat,linux,$KernelVer,https://bugzilla.redhat.com/" >> $KernelUnifiedImage.sbat + echo "linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,https://bugzilla.redhat.com/" >> $KernelUnifiedImage.sbat + echo "kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,https://bugzilla.redhat.com/" >> $KernelUnifiedImage.sbat + # Remove the original .sbat section + objcopy --remove-section .sbat $KernelUnifiedImage + # Get the end of the last section + sbat_offt=$(objdump -h $KernelUnifiedImage | gawk 'NF==7 {size=strtonum("0x"$3); offset=strtonum("0x"$4)} END {print size + offset}') + # Align start of the new section to 512b + sbat_align=512 + sbat_offt=$((sbat_offt + "$sbat_align" - sbat_offt % "$sbat_align")) + # Add the new .sbat section + objcopy -v --add-section .sbat=$KernelUnifiedImage.sbat --set-section-alignment .sbat=$sbat_align \ + --change-section-vma .sbat=$sbat_offt $KernelUnifiedImage + rm -f $KernelUnifiedImage.sbat + %if %{signkernel} - %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} +%if 0%{?centos} + UKI_secureboot_name=centossecureboot204 + UKI_secureboot_cert=%{SOURCE151} +%else + UKI_secureboot_name=redhatsecureboot504 + UKI_secureboot_cert=%{SOURCE152} +%endif + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c $UKI_secureboot_cert -n $UKI_secureboot_name if [ ! -s $KernelUnifiedImage.signed ]; then echo "pesigning failed" exit 1 fi mv $KernelUnifiedImage.signed $KernelUnifiedImage + mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer + cp -a $UKI_secureboot_cert $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/secureboot-uki-%{_arch}.cer + # signkernel %endif @@ -3698,6 +3738,218 @@ fi # # %changelog +* Thu Aug 17 2023 Jan Stancek [5.14.0-357.el9] +- drm/simpledrm: Support the XB24/AB24 format (Adam Jackson) [2231064] +- Revert "PCI: tegra194: Enable support for 256 Byte payload" (Jennifer Berringer) [2210133] +- Revert "drm/amd/display: edp do not add non-edid timings" (Mika Penttilä) [RHEL-846] +- Revert "drm/amd/display: reallocate DET for dual displays with high pixel rate ratio" (Mika Penttilä) [RHEL-846] +- drm/client: Fix memory leak in drm_client_modeset_probe (Mika Penttilä) [RHEL-846] +- drm/client: Fix memory leak in drm_client_target_cloned (Mika Penttilä) [RHEL-846] +- drm/atomic: Fix potential use-after-free in nonblocking commits (Mika Penttilä) [RHEL-846] +- drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (Mika Penttilä) [RHEL-846] +- drm/amd/pm: share the code around SMU13 pcie parameters update (Mika Penttilä) [RHEL-846] +- drm/ttm: Don't leak a resource on swapout move error (Mika Penttilä) [RHEL-846] +- drm/amdgpu: avoid restore process run into dead loop. (Mika Penttilä) [RHEL-846] +- drm/amd/display: Correct `DMUB_FW_VERSION` macro (Mika Penttilä) [RHEL-846] +- drm/amd/display: Fix 128b132b link loss handling (Mika Penttilä) [RHEL-846] +- drm/amd/display: add a NULL pointer check (Mika Penttilä) [RHEL-846] +- drm/amd: Disable PSR-SU on Parade 0803 TCON (Mika Penttilä) [RHEL-846] +- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (Mika Penttilä) [RHEL-846] +- drm/amd/display: disable seamless boot if force_odm_combine is enabled (Mika Penttilä) [RHEL-846] +- drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (Mika Penttilä) [RHEL-846] +- drm/amd/display: fix seamless odm transitions (Mika Penttilä) [RHEL-846] +- drm/dp_mst: Clear MSG_RDY flag before sending new message (Mika Penttilä) [RHEL-846] +- drm/atomic: Allow vblank-enabled + self-refresh "disable" (Mika Penttilä) [RHEL-846] +- drm/amd/display: perform a bounds check before filling dirty rectangles (Mika Penttilä) [RHEL-846] +- drm/nouveau: bring back blit subchannel for pre nv50 GPUs (Mika Penttilä) [RHEL-846] +- drm/nouveau/disp/g94: enable HDMI (Mika Penttilä) [RHEL-846] +- drm/nouveau/disp: fix HDMI on gt215+ (Mika Penttilä) [RHEL-846] +- drm/i915: Fix one wrong caching mode enum usage (Mika Penttilä) [RHEL-846] +- drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner (Mika Penttilä) [RHEL-846] +- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (Mika Penttilä) [RHEL-846] +- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (Mika Penttilä) [RHEL-846] +- drm/panel: simple: Add connector_type for innolux_at043tn24 (Mika Penttilä) [RHEL-846] +- drm/nouveau/acr: Abort loading ACR if no firmware was found (Mika Penttilä) [RHEL-846] +- drm/amdgpu: add RAS POISON interrupt funcs for jpeg_v4_0 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: add RAS POISON interrupt funcs for jpeg_v2_6 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: separate ras irq from jpeg instance irq for UVD_POISON (Mika Penttilä) [RHEL-846] +- drm/amdgpu: add RAS POISON interrupt funcs for vcn_v4_0 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: add RAS POISON interrupt funcs for vcn_v2_6 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: separate ras irq from vcn instance irq for UVD_POISON (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Move vcn ras block init to ras sw_init (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Move jpeg ras block init to ras sw_init (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Fix usage of UMC fill record in RAS (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function. (Mika Penttilä) [RHEL-846] +- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (Mika Penttilä) [RHEL-846] +- drm/radeon: fix possible division-by-zero errors (Mika Penttilä) [RHEL-846] +- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (Mika Penttilä) [RHEL-846] +- drm/amdkfd: Fix potential deallocation of previously deallocated memory. (Mika Penttilä) [RHEL-846] +- drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (Mika Penttilä) [RHEL-846] +- drm/amd/display: Fix a test CalculatePrefetchSchedule() (Mika Penttilä) [RHEL-846] +- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (Mika Penttilä) [RHEL-846] +- drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec (Mika Penttilä) [RHEL-846] +- drm/bridge: anx7625: Prevent endless probe loop (Mika Penttilä) [RHEL-846] +- xdrm/nouveau: dispnv50: fix missing-prototypes warning (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (Mika Penttilä) [RHEL-846] +- drm/vkms: Fix RGB565 pixel conversion (Mika Penttilä) [RHEL-846] +- drm: Add fixed-point helper to get rounded integer values (Mika Penttilä) [RHEL-846] +- drm/vkms: isolate pixel conversion functionality (Mika Penttilä) [RHEL-846] +- drm/panel: sharp-ls043t1le01: adjust mode settings (Mika Penttilä) [RHEL-846] +- drm/vram-helper: fix function names in vram helper doc (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix THS_TRAILCNT computation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix TXTAGOCNT computation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix THS_ZEROCNT computation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix PLL target frequency (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: fix PLL parameters computation (Mika Penttilä) [RHEL-846] +- drm/bridge: tc358768: always enable HS video mode (Mika Penttilä) [RHEL-846] +- drm/bridge: ti-sn65dsi83: Fix enable error path (Mika Penttilä) [RHEL-846] +- drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (Mika Penttilä) [RHEL-846] +- drm/i915/guc/slpc: Provide sysfs for efficient freq (Mika Penttilä) [RHEL-846] +- drm/i915/guc: More debug print updates - GuC SLPC (Mika Penttilä) [RHEL-846] +- drm/amd/display: Explicitly specify update type per plane info change (Mika Penttilä) [RHEL-846] +- radeon: avoid double free in ci_dpm_init() (Mika Penttilä) [RHEL-846] +- drm/amd/display: fix is_timing_changed() prototype (Mika Penttilä) [RHEL-846] +- drm/amd/display: Add logging for display MALL refresh setting (Mika Penttilä) [RHEL-846] +- drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (Mika Penttilä) [RHEL-846] +- drm/amd/display: Ensure vmin and vmax adjust for DCE (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Validate VM ioctl flags. (Mika Penttilä) [RHEL-846] +- drm/amd/display: Do not update DRR while BW optimizations pending (Mika Penttilä) [RHEL-846] +- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (Mika Penttilä) [RHEL-846] +- udmabuf: revert 'Add support for mapping hugepages (v4)' (Mika Penttilä) [RHEL-846] +- drm/amd/display: fix the system hang while disable PSR (Mika Penttilä) [RHEL-846] +- drm/amd/display: Add wrapper to call planes and stream update (Mika Penttilä) [RHEL-846] +- drm/amd/display: Use dc_update_planes_and_stream (Mika Penttilä) [RHEL-846] +- drm/nouveau: add nv_encoder pointer check for NULL (Mika Penttilä) [RHEL-846] +- drm/nouveau/dp: check for NULL nv_connector->native_mode (Mika Penttilä) [RHEL-846] +- drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (Mika Penttilä) [RHEL-846] +- drm/nouveau: don't detect DSM for non-NVIDIA device (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Modify indirect buffer packages for resubmission (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Implement gfx9 patch functions for resubmission (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Program gds backup address as zero if no gds allocated (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled (Mika Penttilä) [RHEL-846] +- drm/amdgpu: add missing radeon secondary PCI ID (Mika Penttilä) [RHEL-846] +- drm/amd/pm: workaround for compute workload type on some skus (Mika Penttilä) [RHEL-846] +- drm/amd: Tighten permissions on VBIOS flashing attributes (Mika Penttilä) [RHEL-846] +- drm/amd: Make sure image is written to trigger VBIOS image update flow (Mika Penttilä) [RHEL-846] +- drm/amd/display: edp do not add non-edid timings (Mika Penttilä) [RHEL-846] +- drm/amd/display: limit DPIA link rate to HBR3 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (Mika Penttilä) [RHEL-846] +- Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system" (Mika Penttilä) [RHEL-846] +- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (Mika Penttilä) [RHEL-846] +- drm: panel-orientation-quirks: Change Air's quirk to support Air Plus (Mika Penttilä) [RHEL-846] +- drm/amd/display: add ODM case when looking for first split pipe (Mika Penttilä) [RHEL-846] +- drm/amd/display: Reduce sdp bw after urgent to 90%% (Mika Penttilä) [RHEL-846] +- drm/amd/pm: Fix power context allocation in SMU13 (Mika Penttilä) [RHEL-846] +- drm/amd: Disallow s0ix without BIOS support again (Mika Penttilä) [RHEL-846] +- drm/amdgpu: change reserved vram info print (Mika Penttilä) [RHEL-846] +- drm/amdgpu: fix xclk freq on CHIP_STONEY (Mika Penttilä) [RHEL-846] +- drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (Mika Penttilä) [RHEL-846] +- drm/i915/gt: Use the correct error value when kernel_context() fails (Mika Penttilä) [RHEL-846] +- drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (Mika Penttilä) [RHEL-846] +- drm/i915/selftests: Add some missing error propagation (Mika Penttilä) [RHEL-846] +- drm/i915: Use 18 fast wake AUX sync len (Mika Penttilä) [RHEL-846] +- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (Mika Penttilä) [RHEL-846] +- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (Mika Penttilä) [RHEL-846] +- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (Mika Penttilä) [RHEL-846] +- drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (Mika Penttilä) [RHEL-846] +- drm/amd/pm: resolve reboot exception for si oland (Mika Penttilä) [RHEL-846] +- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (Mika Penttilä) [RHEL-846] +- drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: enable tmz by default for GC 11.0.1 (Mika Penttilä) [RHEL-846] +- drm/amd/display: Only wait for blank completion if OTG active (Mika Penttilä) [RHEL-846] +- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (Mika Penttilä) [RHEL-846] +- drm/amdgpu: set gfx9 onwards APU atomics support to be true (Mika Penttilä) [RHEL-846] +- drm/amdgpu/nv: update VCN 3 max HEVC encoding resolution (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Use the default reset when loading or reloading the driver (Mika Penttilä) [RHEL-846] +- drm/amd/display: fix memleak in aconnector->timing_requested (Mika Penttilä) [RHEL-846] +- drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (Mika Penttilä) [RHEL-846] +- drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration (Mika Penttilä) [RHEL-846] +- drm/i915: Disable DPLLs before disconnecting the TC PHY (Mika Penttilä) [RHEL-846] +- drm/i915: Move shared DPLL disabling into CRTC disable hook (Mika Penttilä) [RHEL-846] +- drm: fix drmm_mutex_init() (Mika Penttilä) [RHEL-846] +- drm/amd/amdgpu: limit one queue per gang (Mika Penttilä) [RHEL-846] +- drm/amd/pm: Fix output of pp_od_clk_voltage (Mika Penttilä) [RHEL-846] +- drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: don't enable secure display on incompatible platforms (Mika Penttilä) [RHEL-846] +- drm/radeon: reintroduce radeon_dp_work_func content (Mika Penttilä) [RHEL-846] +- drm/amd/display: Have Payload Properly Created After Resume (Mika Penttilä) [RHEL-846] +- drm/amdgpu: reserve the old gc_11_0_*_mes.bin (Mika Penttilä) [RHEL-846] +- drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (Mika Penttilä) [RHEL-846] +- drm/amdgpu/gfx11: update gpu_clock_counter logic (Mika Penttilä) [RHEL-846] +- drm/amdgpu: refine get gpu clock counter method (Mika Penttilä) [RHEL-846] +- drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (Mika Penttilä) [RHEL-846] +- drm/amdgpu/gfx10: Disable gfxoff before disabling powergating. (Mika Penttilä) [RHEL-846] +- drm/amdgpu/gmc11: implement get_vbios_fb_size() (Mika Penttilä) [RHEL-846] +- drm/amd/pm: fix possible power mode mismatch between driver and PMFW (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Enable IH retry CAM on GFX9 (Mika Penttilä) [RHEL-846] +- drm/amdgpu: Fix sdma v4 sw fini error (Mika Penttilä) [RHEL-846] +- drm/amd: Fix an out of bounds error in BIOS parser (Mika Penttilä) [RHEL-846] +- drm/amd/display: Correct DML calculation to follow HW SPEC (Mika Penttilä) [RHEL-846] +- drm/tegra: Avoid potential 32-bit integer overflow (Mika Penttilä) [RHEL-846] +- drm/amd/display: fixed dcn30+ underflow issue (Mika Penttilä) [RHEL-846] +- drm/amd/display: reallocate DET for dual displays with high pixel rate ratio (Mika Penttilä) [RHEL-846] +- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (Mika Penttilä) [RHEL-846] +- drm/amd/display: Enable HostVM based on rIOMMU active (Mika Penttilä) [RHEL-846] +- drm/amd/display: enable DPG when disabling plane for phantom pipe (Mika Penttilä) [RHEL-846] +- drm/amd/display: Correct DML calculation to align HW formula (Mika Penttilä) [RHEL-846] +- drm/amd/display: populate subvp cmd info only for the top pipe (Mika Penttilä) [RHEL-846] +- drm/displayid: add displayid_get_header() and check bounds better (Mika Penttilä) [RHEL-846] +- drm/i915: taint kernel when force probing unsupported devices (Mika Penttilä) [RHEL-846] +- drm/i915/dp: prevent potential div-by-zero (Mika Penttilä) [RHEL-846] +- drm/i915: Fix NULL ptr deref by checking new_crtc_state (Mika Penttilä) [RHEL-846] +- drm/i915/guc: Don't capture Gen8 regs on Xe devices (Mika Penttilä) [RHEL-846] +- drm/sched: Check scheduler work queue before calling timeout handling (Mika Penttilä) [RHEL-846] +- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (Mika Penttilä) [RHEL-846] +- drm/nouveau/disp: More DP_RECEIVER_CAP_SIZE array fixes (Mika Penttilä) [RHEL-846] +- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (Mika Penttilä) [RHEL-846] +- drm/fbdev-generic: prohibit potential out-of-bounds access (Mika Penttilä) [RHEL-846] +- exfat: check if filename entries exceeds max filename length (Pavel Reichl) [2221611] {CVE-2023-4273} +- RHEL only: mark io_uring tech preview (Jeff Moyer) [2217069] +- RHEL only: disable io_uring by default (Jeff Moyer) [2217069] +- io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq (Jeff Moyer) [2217069] +- io_uring: don't audit the capability check in io_uring_create() (Jeff Moyer) [2217069] +- io_uring/net: clear msg_controllen on partial sendmsg retry (Jeff Moyer) [2217069] +- io_uring/poll: serialize poll linked timer start with poll removal (Jeff Moyer) [2218611] {CVE-2023-3389} +- io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr (Jeff Moyer) [2217069] +- io_uring/net: save msghdr->msg_control for retries (Jeff Moyer) [2217069] +- io_uring: wait interruptibly for request completions on exit (Jeff Moyer) [2217069] +- io_uring: add a sysctl to disable io_uring system-wide (Jeff Moyer) [2217069] +- io_uring: undeprecate epoll_ctl support (Jeff Moyer) [2217069] +- io_uring/rsrc: use nospec'ed indexes (Jeff Moyer) [2217069] +- selinux: implement the security_uring_cmd() LSM hook (Jeff Moyer) [2217069] +- selinux: add support for the io_uring access controls (Jeff Moyer) [2217069] +- selinux: log anon inode class name (Jeff Moyer) [2217069] +- RHEL-only: revert RHEL add a boot parameter to enable io_uring (Jeff Moyer) [2217069] +- RHEL-only: revert RHEL: io_uring: mark tech preview (Jeff Moyer) [2217069] +- Documentation/x86: Fix backwards on/off logic about YMM support (Waiman Long) [2229875] {CVE-2022-40982} +- KVM: Add GDS_NO support to KVM (Waiman Long) [2229875] {CVE-2022-40982} +- redhat/configs/x86: Disable CONFIG_GDS_FORCE_MITIGATION (Waiman Long) [2229875] {CVE-2022-40982} +- x86/speculation: Add Kconfig option for GDS (Waiman Long) [2229875] {CVE-2022-40982} +- x86/speculation: Add force option to GDS mitigation (Waiman Long) [2229875] {CVE-2022-40982} +- x86/speculation: Add Gather Data Sampling mitigation (Waiman Long) [2229875] {CVE-2022-40982} +- x86/cpu: Switch to arch_cpu_finalize_init() (Waiman Long) [2229875] +- init: Provide arch_cpu_finalize_init() (Waiman Long) [2229875] +- x86/bugs: Use sysfs_emit() (Waiman Long) [2229875] +- docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed (Waiman Long) [2229875] +- arm64: correct the effect of mitigations off on kpti (Waiman Long) [2229875] +- x86/speculation: Add missing srbds=off to the mitigations= help text (Waiman Long) [2229875] +- Documentation/ABI: Mention retbleed vulnerability info file for sysfs (Waiman Long) [2229875] +- ABI: sysfs-devices-system-cpu: use cpuX instead of cpu# (Waiman Long) [2229875] +- PCI: Fix runtime PM race with PME polling (Eric Auger) [2216699] +- PCI/VPD: Add runtime power management to sysfs interface (Eric Auger) [2216699] +- fuse: optional supplementary group in create requests (Miklos Szeredi) [2134128] +- fuse: add request extension (Miklos Szeredi) [2134128] +- redhat: Switch UKI to using its own SecureBoot cert (Vitaly Kuznetsov) [2225529] +- redhat: Add RHEL specifc .sbat section to UKI (Vitaly Kuznetsov) [2225529] +- xfrm: add NULL check in xfrm_update_ae_params (Daniel Mendes) [2218947] {CVE-2023-3772} +- nvme-rdma: fix potential unbalanced freeze & unfreeze (Ming Lei) [2158750] +- nvme-tcp: fix potential unbalanced freeze & unfreeze (Ming Lei) [2158750] +- nvme: fix possible hang when removing a controller during error recovery (Ming Lei) [2158750] +- crypto: rng - Fix lock imbalance in crypto_del_rng (Herbert Xu) [2229643] + * Wed Aug 16 2023 Jan Stancek [5.14.0-356.el9] - i2c: tegra: Allocate DMA memory for DMA engine (Steve Best) [2228576] - i2c: tegra: Add GPCDMA support (Steve Best) [2228576] diff --git a/sources b/sources index 02ddf01ac..77f05236d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-356.el9.tar.xz) = 3cc8669366e252fa7a867d7551d1408d357bec0b64934c7ff78d130cb182d420ac7fc0f29b9b2f7ae981757d3eebf87aa2187241994f2e58537d129ed3e00825 -SHA512 (kernel-abi-stablelists-5.14.0-356.el9.tar.bz2) = ae00522c667aebdc0ce4347ca0bdd75726fe7e444da2fc9939fbb89600e4dd88ae8784a138dc9d2259e276e63bebfc3dc826b1744bad704caab022aa998f539f -SHA512 (kernel-kabi-dw-5.14.0-356.el9.tar.bz2) = 119e820407c58c1868a04aa69c969a881bd672f0f7111a8b382a7369bc89e57667faab180be0b4932dbfbfeb25267787c56fb155dba1ccb244922a7a130d187b +SHA512 (linux-5.14.0-357.el9.tar.xz) = 0d82359a4d1543accb22cffbb5c38c7016aa3e82a90cbef53a7f997eeb0f1b6feb58aa26382afd5fb6880cb45dd7cb8c1769162316e13eead94203f12b1e3cad +SHA512 (kernel-abi-stablelists-5.14.0-357.el9.tar.bz2) = d9a0f4d773afb7ffc4a3512941cc37064583b5fd82e02696d62efb53252249acbd1ba51bf04ca619039aedbfe2a6349fa180179b9af5f752a6267177a67447ff +SHA512 (kernel-kabi-dw-5.14.0-357.el9.tar.bz2) = 119e820407c58c1868a04aa69c969a881bd672f0f7111a8b382a7369bc89e57667faab180be0b4932dbfbfeb25267787c56fb155dba1ccb244922a7a130d187b diff --git a/uki-sb-cert-x86_64-centos.crt b/uki-sb-cert-x86_64-centos.crt new file mode 100644 index 0000000000000000000000000000000000000000..fd967e558aa573d1151e87be51e71d8f9938dc60 GIT binary patch literal 914 zcmXqLV(v3&Vk%p}%*4pV#K|!E5X+6d<=G+zylk9WZ60mkc^MhGSs4u63>6II*qB3E zn0dsVQ}asvgB5~PlS_+I6`b<(OB9?P6^sm(3>4s+I2px+i$Mx9ODY|bfg19Q_413- z4dldmjf@S<4b2Tr42%uTqQrTPEes6dTmxT2bput1J#tv=3C>K<%gjqxFfuS9%DN^- zC1js4vNA9?G4eAQG%<29H8C)&UUr91)nlQ9;6=`Aqa8B)^O(8I+S|-?R9v(YwI6``UR6c^sS;U~2q zyvAv3{l}+^&z^3$^8D258(m9}g+ZAC4=~VWg&7(DvoIMj z81R93{2(3+GZTA*ff$Id3gYt^aItY{voW%=vNJOq$b!WASj1RFq&^*HxL>l(a<4>4 z+ZA`UpFG-W$_DZvX=N4(1F;5?0*3mT3Uh?AAG(*kdQ+V{&G57DDde~TrZQmMFfx>` z+bEu_Tx9q%Xr6;5i-dylqtic^9sYDYI_jlUkeTyot?<+(vI`$fT9~vzdAq2hoA&y7 z_hzu3Ibo~2YG!iQ(Gv zBHP(I`#|lI=lofh_(eUFK1MFFZ|}}$`gA}0-k+&FZv>t^TGq<{rg`C_DE+6tEGv)Y Nq$RhD)hMPb0svCTTkrq? literal 0 HcmV?d00001 diff --git a/uki-sb-cert-x86_64-rhel.crt b/uki-sb-cert-x86_64-rhel.crt new file mode 100644 index 0000000000000000000000000000000000000000..dfeccf644b3c147c6a91fd4170f759ffb7d86405 GIT binary patch literal 964 zcmXqLVm@Hd#I#}oGZP~d6DPygP|MB7r^zlf;AP{~YV&CO&dbQi&B|a9ZzyIU!p0oR z!o|ZIl$xU8kyxUm;F*`KXQ*f(4-#kQk${RT1g9pK7NsgU<>!|uI6Eqs8Y&qmz)j<1 z6ca8^O-{^7Eh=#+N=?Z~EYVBO&oz(}=QT1mFf%qVG%+?cFpd)EHMTG?G&F~D4bpHr zK*K-{;sAMU4hYUn&&$k9S1>g&A<7+1j7rFUXJlnyZerwTFlb`rVrpV!WLP~x_4{UV ziHj2t{mNWpaJJ`$YsGSYgB_m?HpM7apRLo6sZM|MF=GA&WAVP%dp2#Wi#l}ibk38_ zHrlTk^orEV5AX?u{?kkBxjmn)zVL}s(;MGg+C?XpABuk+d@1yMAj8)Vd&PGL*}pXJ ztbYAC?W>pmmIJIBSB{#_TNJQ#>w}PI%Y!6-+gg-Oz4Bz+17A+jC>FidjB znyS>!#LURRxVXZg%zy_N>axO&jQ?4f3>XafKs{X#8(CJc?`JNIJDUq zSy|bcnGIw?;(RP(EFzzJAIGIV$eZ`4aFwNa-?{JWnz}N;X-QU@MZ!R=LF7#S(&ri( zyFC3S&)%ECJ<+9X*8G0txB;e1VB9b=tbEN^wtpqN?IY)@4O1R^MCcx!B)TAGJ>zBX zAO7j##@Ba#*R(z+@68tTM{||x+oaQZA974ShFAz*Ox{{^;ixF5sj~R24;J5BTng*1 zH!%h=WlQa!%yWwU*G6W;4g1e|`p7g%n*}N;FdUi8J%7?f-2(QEwYgpI_D?b~-n1zx zb<*k&MrJ;@_PmpyIq%j2wZx@{nYs* zt-3;LGi&Z<(WJHMW?3HuAH2|Lb-vtMIpMNH|B=EeGE*9i+FIHA9o