kernel-6.12.0-243.el10
* Fri Jun 26 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-243.el10]
- redhat: sign centos kernel and UKIs with 800 certs (Jan Stancek) [RHEL-178260]
- nvme: make nvme_add_ns{_head}_cdev return void (Utkarsh Singh) [RHEL-186079]
- nvme: fix crash and memory leak during invalid cdev teardown (Utkarsh Singh) [RHEL-186079]
- redhat/configs: disable CONFIG_PT_RECLAIM (Luiz Capitulino) [RHEL-185104]
- KVM: s390: Increase permitted SE header size to 1 MiB (Ramesh Chhetri) [RHEL-185661]
- net/sched: fix pedit partial COW leading to page cache corruption (CKI Backport Bot) [RHEL-177381] {CVE-2026-46331}
- crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm (Vladislav Dronov) [RHEL-176465]
- crypto: tegra - Fix dma_free_coherent size error (Vladislav Dronov) [RHEL-176465]
- crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin (Vladislav Dronov) [RHEL-176465]
- crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Vladislav Dronov) [RHEL-176465] {CVE-2026-31739}
- crypto: tegra - Use int type to store negative error codes (Vladislav Dronov) [RHEL-176465]
- crypto: tegra - Remove the use of dev_err_probe() (Vladislav Dronov) [RHEL-176465]
- crypto: tegra - use API helpers to setup fallback request (Vladislav Dronov) [RHEL-176465]
- crypto: tegra - remove unneeded crypto_engine_stop() call (Vladislav Dronov) [RHEL-176465]
- cxl/port: Fix use after free of parent_port in cxl_detach_ep() (Myron Stowe) [RHEL-180700] {CVE-2026-31530}
- s390/uv: Fix comment of uv_find_secret() function (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Fix memory leak with CCA cards used as accelerator (Mircea Dragan) [RHEL-136440]
- crypto: s390/paes - Refuse clear key material by default (Mircea Dragan) [RHEL-136440]
- s390/pkey: Support new xflag PKEY_XFLAG_NOCLEARKEY (Mircea Dragan) [RHEL-136440]
- crypto: skcipher - Add new helper function crypto_skcipher_tested (Mircea Dragan) [RHEL-136440]
- s390/crypto: Select crypto engine in Kconfig when PAES is chosen (Mircea Dragan) [RHEL-136440]
- s390/crypto: Extend protected key conversion retry loop (Mircea Dragan) [RHEL-136440]
- s390/crypto: Rework protected key AES for true asynch support (Mircea Dragan) [RHEL-136440]
- s390/cpacf: Rework cpacf_pcc() to return condition code (Mircea Dragan) [RHEL-136440]
- s390/pkey/crypto: Introduce xflags param for pkey in-kernel API (Mircea Dragan) [RHEL-136440]
- s390/pkey: Provide and pass xflags within pkey and zcrypt layers (Mircea Dragan) [RHEL-136440]
- s390/uv: Remove uv_get_secret_metadata function (Mircea Dragan) [RHEL-136440]
- s390/pkey: Use preallocated memory for retrieve of UV secret metadata (Mircea Dragan) [RHEL-136440]
- s390/pkey: Rework EP11 pkey handler to use stack for small memory allocs (Mircea Dragan) [RHEL-136440]
- s390/pkey: Rework CCA pkey handler to use stack for small memory allocs (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Rework ep11 misc functions to use cprb mempool (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Propagate xflags argument with cca_get_info() (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Rework ep11 findcard() implementation and callers (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Rework cca findcard() implementation and callers (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Remove CCA and EP11 card and domain info caches (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Remove unused functions from cca misc (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Introduce pre-allocated device status array for ep11 misc (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Introduce pre-allocated device status array for cca misc (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Introduce cprb mempool for ep11 misc functions (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Introduce cprb mempool for cca misc functions (Mircea Dragan) [RHEL-136440]
- s390/ap/zcrypt: New xflag parameter (Mircea Dragan) [RHEL-136440]
- s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb (Mircea Dragan) [RHEL-136440]
- s390/ap: Introduce ap message buffer pool (Mircea Dragan) [RHEL-136440]
- s390/ap/zcrypt: Rework AP message buffer allocation (Mircea Dragan) [RHEL-136440]
- s390/ap: Move response_type struct into ap_msg struct (Mircea Dragan) [RHEL-136440]
- ALSA: aloop: Fix peer runtime UAF during format-change stop (CKI Backport Bot) [RHEL-179311] {CVE-2026-46090}
- KVM: s390: vsie: Allow non-zarch guests (Mircea Dragan) [RHEL-136477]
- KVM: s390: Add KVM capability for ESA mode guests (Mircea Dragan) [RHEL-136477]
- KVM: s390: Add capability that forwards operation exceptions (Mircea Dragan) [RHEL-136477]
- KVM: s390: vsie: Accommodate ESA prefix pages (Mircea Dragan) [RHEL-136477]
- KVM: s390: vsie: Disable some bits when in ESA mode (Mircea Dragan) [RHEL-136477]
- KVM: s390: only deliver service interrupt with payload (Mircea Dragan) [RHEL-136477]
- KVM: s390: vsie: retry SIE when unable to get vsie_page (Mircea Dragan) [RHEL-136477]
- KVM: s390: vsie: Check alignment of BSCA header (Mircea Dragan) [RHEL-136477]
- rhashtable: Fix rhashtable_try_insert test (Herton R. Krzesinski) [RHEL-115002]
- rhashtable: Fix potential deadlock by moving schedule_work outside lock (Herton R. Krzesinski) [RHEL-115002]
Resolves: RHEL-115002, RHEL-136440, RHEL-136477, RHEL-176465, RHEL-177381, RHEL-178260, RHEL-179311, RHEL-180700, RHEL-185104, RHEL-185661, RHEL-186079
Signed-off-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
This commit is contained in:
parent
9c5d7f6daf
commit
9d01dd9ee3
@ -12,7 +12,7 @@ RHEL_MINOR = 3
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
RHEL_RELEASE = 242
|
||||
RHEL_RELEASE = 243
|
||||
|
||||
#
|
||||
# RHEL_REBASE_NUM
|
||||
|
||||
@ -5374,7 +5374,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5351,7 +5351,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5370,7 +5370,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5347,7 +5347,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5418,7 +5418,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5395,7 +5395,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5414,7 +5414,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -5391,7 +5391,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_QORIQ=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
CONFIG_PVPANIC_PCI=m
|
||||
|
||||
@ -4932,7 +4932,7 @@ CONFIG_PTP_1588_CLOCK_KVM=m
|
||||
CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -4911,7 +4911,7 @@ CONFIG_PTP_1588_CLOCK_KVM=m
|
||||
CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -4901,7 +4901,7 @@ CONFIG_PTP_1588_CLOCK_KVM=m
|
||||
CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -4880,7 +4880,7 @@ CONFIG_PTP_1588_CLOCK_KVM=m
|
||||
CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -4870,7 +4870,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PTP_S390=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -4849,7 +4849,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PTP_S390=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -4861,7 +4861,7 @@ CONFIG_PTP_1588_CLOCK_KVM=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
# CONFIG_PTP_S390 is not set
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_PVPANIC is not set
|
||||
# CONFIG_PVPANIC_MMIO is not set
|
||||
|
||||
@ -5208,7 +5208,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_VMW=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
CONFIG_PVH=y
|
||||
CONFIG_PVPANIC_MMIO=m
|
||||
|
||||
@ -5186,7 +5186,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_VMW=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
CONFIG_PVH=y
|
||||
CONFIG_PVPANIC_MMIO=m
|
||||
|
||||
@ -5252,7 +5252,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_VMW=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
CONFIG_PVH=y
|
||||
CONFIG_PVPANIC_MMIO=m
|
||||
|
||||
@ -5230,7 +5230,7 @@ CONFIG_PTP_1588_CLOCK_MOCK=m
|
||||
# CONFIG_PTP_1588_CLOCK_OCP is not set
|
||||
CONFIG_PTP_1588_CLOCK_VMW=m
|
||||
CONFIG_PTP_1588_CLOCK=y
|
||||
CONFIG_PT_RECLAIM=y
|
||||
# CONFIG_PT_RECLAIM is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
CONFIG_PVH=y
|
||||
CONFIG_PVPANIC_MMIO=m
|
||||
|
||||
@ -1,3 +1,65 @@
|
||||
* Fri Jun 26 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-243.el10]
|
||||
- redhat: sign centos kernel and UKIs with 800 certs (Jan Stancek) [RHEL-178260]
|
||||
- nvme: make nvme_add_ns{_head}_cdev return void (Utkarsh Singh) [RHEL-186079]
|
||||
- nvme: fix crash and memory leak during invalid cdev teardown (Utkarsh Singh) [RHEL-186079]
|
||||
- redhat/configs: disable CONFIG_PT_RECLAIM (Luiz Capitulino) [RHEL-185104]
|
||||
- KVM: s390: Increase permitted SE header size to 1 MiB (Ramesh Chhetri) [RHEL-185661]
|
||||
- net/sched: fix pedit partial COW leading to page cache corruption (CKI Backport Bot) [RHEL-177381] {CVE-2026-46331}
|
||||
- crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Fix dma_free_coherent size error (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Vladislav Dronov) [RHEL-176465] {CVE-2026-31739}
|
||||
- crypto: tegra - Use int type to store negative error codes (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Remove the use of dev_err_probe() (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - use API helpers to setup fallback request (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - remove unneeded crypto_engine_stop() call (Vladislav Dronov) [RHEL-176465]
|
||||
- cxl/port: Fix use after free of parent_port in cxl_detach_ep() (Myron Stowe) [RHEL-180700] {CVE-2026-31530}
|
||||
- s390/uv: Fix comment of uv_find_secret() function (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Fix memory leak with CCA cards used as accelerator (Mircea Dragan) [RHEL-136440]
|
||||
- crypto: s390/paes - Refuse clear key material by default (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Support new xflag PKEY_XFLAG_NOCLEARKEY (Mircea Dragan) [RHEL-136440]
|
||||
- crypto: skcipher - Add new helper function crypto_skcipher_tested (Mircea Dragan) [RHEL-136440]
|
||||
- s390/crypto: Select crypto engine in Kconfig when PAES is chosen (Mircea Dragan) [RHEL-136440]
|
||||
- s390/crypto: Extend protected key conversion retry loop (Mircea Dragan) [RHEL-136440]
|
||||
- s390/crypto: Rework protected key AES for true asynch support (Mircea Dragan) [RHEL-136440]
|
||||
- s390/cpacf: Rework cpacf_pcc() to return condition code (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey/crypto: Introduce xflags param for pkey in-kernel API (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Provide and pass xflags within pkey and zcrypt layers (Mircea Dragan) [RHEL-136440]
|
||||
- s390/uv: Remove uv_get_secret_metadata function (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Use preallocated memory for retrieve of UV secret metadata (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Rework EP11 pkey handler to use stack for small memory allocs (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Rework CCA pkey handler to use stack for small memory allocs (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework ep11 misc functions to use cprb mempool (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Propagate xflags argument with cca_get_info() (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework ep11 findcard() implementation and callers (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework cca findcard() implementation and callers (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Remove CCA and EP11 card and domain info caches (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Remove unused functions from cca misc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce pre-allocated device status array for ep11 misc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce pre-allocated device status array for cca misc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce cprb mempool for ep11 misc functions (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce cprb mempool for cca misc functions (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap/zcrypt: New xflag parameter (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap: Introduce ap message buffer pool (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap/zcrypt: Rework AP message buffer allocation (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap: Move response_type struct into ap_msg struct (Mircea Dragan) [RHEL-136440]
|
||||
- ALSA: aloop: Fix peer runtime UAF during format-change stop (CKI Backport Bot) [RHEL-179311] {CVE-2026-46090}
|
||||
- KVM: s390: vsie: Allow non-zarch guests (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: Add KVM capability for ESA mode guests (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: Add capability that forwards operation exceptions (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: Accommodate ESA prefix pages (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: Disable some bits when in ESA mode (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: only deliver service interrupt with payload (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: retry SIE when unable to get vsie_page (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: Check alignment of BSCA header (Mircea Dragan) [RHEL-136477]
|
||||
- rhashtable: Fix rhashtable_try_insert test (Herton R. Krzesinski) [RHEL-115002]
|
||||
- rhashtable: Fix potential deadlock by moving schedule_work outside lock (Herton R. Krzesinski) [RHEL-115002]
|
||||
Resolves: RHEL-115002, RHEL-136440, RHEL-136477, RHEL-176465, RHEL-177381, RHEL-178260, RHEL-179311, RHEL-180700, RHEL-185104, RHEL-185661, RHEL-186079
|
||||
|
||||
* Tue Jun 23 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-242.el10]
|
||||
- scsi: qla2xxx: Completely fix fcport double free (Ewan D. Milne) [RHEL-179758] {CVE-2026-43414}
|
||||
- sched/fair: Fix wakeup_preempt_fair() for not waking up task (Phil Auld) [RHEL-174703]
|
||||
|
||||
73
kernel.spec
73
kernel.spec
@ -179,15 +179,15 @@ Summary: The Linux kernel
|
||||
%define specrpmversion 6.12.0
|
||||
%define specversion 6.12.0
|
||||
%define patchversion 6.12
|
||||
%define pkgrelease 242
|
||||
%define pkgrelease 243
|
||||
%define kversion 6
|
||||
%define tarfile_release 6.12.0-242.el10
|
||||
%define tarfile_release 6.12.0-243.el10
|
||||
# This is needed to do merge window version magic
|
||||
%define patchlevel 12
|
||||
# This allows pkg_release to have configurable %%{?dist} tag
|
||||
%define specrelease 242%{?buildid}%{?dist}
|
||||
%define specrelease 243%{?buildid}%{?dist}
|
||||
# This defines the kabi tarball version
|
||||
%define kabiversion 6.12.0-242.el10
|
||||
%define kabiversion 6.12.0-243.el10
|
||||
|
||||
# If this variable is set to 1, a bpf selftests build failure will cause a
|
||||
# fatal kernel package build error
|
||||
@ -935,7 +935,7 @@ Source13: redhatsecureboot501.cer
|
||||
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
|
||||
|
||||
%if 0%{?centos}
|
||||
%define pesign_name_0 centossecureboot201
|
||||
%define pesign_name_0 centossecureboot801
|
||||
%else
|
||||
%ifarch x86_64 aarch64
|
||||
%define pesign_name_0 redhatsecureboot801
|
||||
@ -2846,7 +2846,7 @@ BuildKernel() {
|
||||
%pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
|
||||
%else
|
||||
%if 0%{?centos}
|
||||
UKI_secureboot_name=centossecureboot204
|
||||
UKI_secureboot_name=centossecureboot804
|
||||
UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer
|
||||
%else
|
||||
# RHEL only builds UKI for x86
|
||||
@ -4556,6 +4556,67 @@ fi\
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Jun 26 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-243.el10]
|
||||
- redhat: sign centos kernel and UKIs with 800 certs (Jan Stancek) [RHEL-178260]
|
||||
- nvme: make nvme_add_ns{_head}_cdev return void (Utkarsh Singh) [RHEL-186079]
|
||||
- nvme: fix crash and memory leak during invalid cdev teardown (Utkarsh Singh) [RHEL-186079]
|
||||
- redhat/configs: disable CONFIG_PT_RECLAIM (Luiz Capitulino) [RHEL-185104]
|
||||
- KVM: s390: Increase permitted SE header size to 1 MiB (Ramesh Chhetri) [RHEL-185661]
|
||||
- net/sched: fix pedit partial COW leading to page cache corruption (CKI Backport Bot) [RHEL-177381] {CVE-2026-46331}
|
||||
- crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Fix dma_free_coherent size error (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Vladislav Dronov) [RHEL-176465] {CVE-2026-31739}
|
||||
- crypto: tegra - Use int type to store negative error codes (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - Remove the use of dev_err_probe() (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - use API helpers to setup fallback request (Vladislav Dronov) [RHEL-176465]
|
||||
- crypto: tegra - remove unneeded crypto_engine_stop() call (Vladislav Dronov) [RHEL-176465]
|
||||
- cxl/port: Fix use after free of parent_port in cxl_detach_ep() (Myron Stowe) [RHEL-180700] {CVE-2026-31530}
|
||||
- s390/uv: Fix comment of uv_find_secret() function (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Fix memory leak with CCA cards used as accelerator (Mircea Dragan) [RHEL-136440]
|
||||
- crypto: s390/paes - Refuse clear key material by default (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Support new xflag PKEY_XFLAG_NOCLEARKEY (Mircea Dragan) [RHEL-136440]
|
||||
- crypto: skcipher - Add new helper function crypto_skcipher_tested (Mircea Dragan) [RHEL-136440]
|
||||
- s390/crypto: Select crypto engine in Kconfig when PAES is chosen (Mircea Dragan) [RHEL-136440]
|
||||
- s390/crypto: Extend protected key conversion retry loop (Mircea Dragan) [RHEL-136440]
|
||||
- s390/crypto: Rework protected key AES for true asynch support (Mircea Dragan) [RHEL-136440]
|
||||
- s390/cpacf: Rework cpacf_pcc() to return condition code (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey/crypto: Introduce xflags param for pkey in-kernel API (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Provide and pass xflags within pkey and zcrypt layers (Mircea Dragan) [RHEL-136440]
|
||||
- s390/uv: Remove uv_get_secret_metadata function (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Use preallocated memory for retrieve of UV secret metadata (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Rework EP11 pkey handler to use stack for small memory allocs (Mircea Dragan) [RHEL-136440]
|
||||
- s390/pkey: Rework CCA pkey handler to use stack for small memory allocs (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework ep11 misc functions to use cprb mempool (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Locate ep11_domain_query_info onto the stack instead of kmalloc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Propagate xflags argument with cca_get_info() (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework cca misc functions kmallocs to use the cprb mempool (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework ep11 findcard() implementation and callers (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework cca findcard() implementation and callers (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Remove CCA and EP11 card and domain info caches (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Remove unused functions from cca misc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce pre-allocated device status array for ep11 misc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce pre-allocated device status array for cca misc (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Rework zcrypt function zcrypt_device_status_mask_ext (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce cprb mempool for ep11 misc functions (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Introduce cprb mempool for cca misc functions (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap/zcrypt: New xflag parameter (Mircea Dragan) [RHEL-136440]
|
||||
- s390/zcrypt: Avoid alloc and copy of ep11 targets if kernelspace cprb (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap: Introduce ap message buffer pool (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap/zcrypt: Rework AP message buffer allocation (Mircea Dragan) [RHEL-136440]
|
||||
- s390/ap: Move response_type struct into ap_msg struct (Mircea Dragan) [RHEL-136440]
|
||||
- ALSA: aloop: Fix peer runtime UAF during format-change stop (CKI Backport Bot) [RHEL-179311] {CVE-2026-46090}
|
||||
- KVM: s390: vsie: Allow non-zarch guests (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: Add KVM capability for ESA mode guests (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: Add capability that forwards operation exceptions (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: Accommodate ESA prefix pages (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: Disable some bits when in ESA mode (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: only deliver service interrupt with payload (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: retry SIE when unable to get vsie_page (Mircea Dragan) [RHEL-136477]
|
||||
- KVM: s390: vsie: Check alignment of BSCA header (Mircea Dragan) [RHEL-136477]
|
||||
- rhashtable: Fix rhashtable_try_insert test (Herton R. Krzesinski) [RHEL-115002]
|
||||
- rhashtable: Fix potential deadlock by moving schedule_work outside lock (Herton R. Krzesinski) [RHEL-115002]
|
||||
|
||||
* Tue Jun 23 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-242.el10]
|
||||
- scsi: qla2xxx: Completely fix fcport double free (Ewan D. Milne) [RHEL-179758] {CVE-2026-43414}
|
||||
- sched/fair: Fix wakeup_preempt_fair() for not waking up task (Phil Auld) [RHEL-174703]
|
||||
|
||||
6
sources
6
sources
@ -1,5 +1,5 @@
|
||||
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
|
||||
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
|
||||
SHA512 (linux-6.12.0-242.el10.tar.xz) = 21653c4674b20fae2496ae9e5234a8b676eae203a63e343b30be0592555c352957615a025c9953cbb7bb0baab6045276067f9fcd9fa765c252cdcdc11de03fc3
|
||||
SHA512 (kernel-abi-stablelists-6.12.0-242.el10.tar.xz) = 660f66c2165273662ce2ff6e330471dfb09a68db3f6f70c34da26b90add67e35d6420af1c0bd067caafe920438c7203a858e96fc85f37ed990c7050c8236c612
|
||||
SHA512 (kernel-kabi-dw-6.12.0-242.el10.tar.xz) = afe60cf86c90c93191580b946b9588284643c7b8cf5c33865428aed751e27d8f3b0b2f5fa56c55f1fb4e9a677b1de632abe1c2f3f6e980aa4558117ff74219e2
|
||||
SHA512 (linux-6.12.0-243.el10.tar.xz) = 2ce9cf073ea764d37aab4c5d3b6538354ae6cf592ee3989d3ab0de000050654d69f772926eedfde4416624e62010c9062cb7491d4b6f626bb4ca912dd119c16f
|
||||
SHA512 (kernel-abi-stablelists-6.12.0-243.el10.tar.xz) = 75bf8baea14638efcaeb098b6885495e1c9e56efbc41c5502d533f2d91f7a3feef208ead35e43583cffb522c1ec2d3be3d0ad6599e7e60d537b2c32e467d2bcb
|
||||
SHA512 (kernel-kabi-dw-6.12.0-243.el10.tar.xz) = 75171cd9317a98599dc91604138ca9f56710c26890b2f0a07413e190dfe664160edb651348afc4d21c7caf497bc1fb9335d12b13214c54b323ee3a776711bf9a
|
||||
|
||||
Loading…
Reference in New Issue
Block a user