From a6a9c8a126c0914ac8af9916c6830f789d1de387 Mon Sep 17 00:00:00 2001 From: Eduard Abdullin Date: Tue, 4 Nov 2025 02:18:12 +0000 Subject: [PATCH] Debrand for AlmaLinux OS Use AlmaLinux OS secure boot cert Enable Btrfs support for all kernel variants hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024 qla4xxx: bring back deprecated PCI ids lpfc: bring back deprecated PCI ids be2iscsi: bring back deprecated PCI ids kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained --- Makefile.rhelver | 2 +- kernel-aarch64-64k-debug-rhel.config | 1 + kernel-aarch64-64k-rhel.config | 1 + kernel-aarch64-debug-rhel.config | 1 + kernel-aarch64-rhel.config | 1 + kernel-aarch64-rt-64k-debug-rhel.config | 1 + kernel-aarch64-rt-64k-rhel.config | 1 + kernel-aarch64-rt-debug-rhel.config | 1 + kernel-aarch64-rt-rhel.config | 1 + kernel-ppc64le-debug-rhel.config | 1 + kernel-ppc64le-rhel.config | 1 + kernel-riscv64-debug-rhel.config | 1 + kernel-riscv64-rhel.config | 1 + kernel-s390x-debug-rhel.config | 1 + kernel-s390x-rhel.config | 1 + kernel-s390x-zfcpdump-rhel.config | 1 + kernel-x86_64-debug-rhel.config | 1 + kernel-x86_64-rhel.config | 1 + kernel-x86_64-rt-debug-rhel.config | 1 + kernel-x86_64-rt-rhel.config | 1 + kernel.changelog | 94 +++++++++++++++++++++ kernel.spec | 107 ++++++++++++++++++++++-- sources | 6 +- 23 files changed, 217 insertions(+), 11 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index 104da07cd..fa30df117 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 2 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 150 +RHEL_RELEASE = 151 # # RHEL_REBASE_NUM diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config index d30f35ca0..8c122106f 100644 --- a/kernel-aarch64-64k-debug-rhel.config +++ b/kernel-aarch64-64k-debug-rhel.config @@ -2855,6 +2855,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config index 5dd45ae88..fe0bf37cd 100644 --- a/kernel-aarch64-64k-rhel.config +++ b/kernel-aarch64-64k-rhel.config @@ -2839,6 +2839,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index fdd81a254..091474513 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -2852,6 +2852,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 395e68375..ccce4fbcd 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -2836,6 +2836,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-rt-64k-debug-rhel.config b/kernel-aarch64-rt-64k-debug-rhel.config index 92fff6298..f83f58c05 100644 --- a/kernel-aarch64-rt-64k-debug-rhel.config +++ b/kernel-aarch64-rt-64k-debug-rhel.config @@ -2896,6 +2896,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-rt-64k-rhel.config b/kernel-aarch64-rt-64k-rhel.config index dbe4c4336..d0217c2b4 100644 --- a/kernel-aarch64-rt-64k-rhel.config +++ b/kernel-aarch64-rt-64k-rhel.config @@ -2880,6 +2880,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config index 46e75be7d..c0a7abb99 100644 --- a/kernel-aarch64-rt-debug-rhel.config +++ b/kernel-aarch64-rt-debug-rhel.config @@ -2893,6 +2893,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config index 56efb19c3..83378573c 100644 --- a/kernel-aarch64-rt-rhel.config +++ b/kernel-aarch64-rt-rhel.config @@ -2877,6 +2877,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index 7a96b7b1c..33cfea1ae 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -2534,6 +2534,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index a01e708e6..9bb26652e 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -2518,6 +2518,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-riscv64-debug-rhel.config b/kernel-riscv64-debug-rhel.config index fa5e2e5ec..abd3c8a4e 100644 --- a/kernel-riscv64-debug-rhel.config +++ b/kernel-riscv64-debug-rhel.config @@ -2513,6 +2513,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-riscv64-rhel.config b/kernel-riscv64-rhel.config index ca75ac6bb..beac8b54c 100644 --- a/kernel-riscv64-rhel.config +++ b/kernel-riscv64-rhel.config @@ -2497,6 +2497,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 54896e783..45ff76602 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -2521,6 +2521,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 15fcf3fcd..859b2cae1 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -2505,6 +2505,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 514f68609..91c50cb68 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -2510,6 +2510,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 76008372a..e70e52301 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -2717,6 +2717,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 0f2b59997..37a0e14f0 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -2701,6 +2701,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 72ed65c1c..fac676d7a 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -2758,6 +2758,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index ca164b19d..0097f557f 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -2742,6 +2742,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_DISABLE_HTABLE is not set +CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB=0 CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel.changelog b/kernel.changelog index 7bc57a00e..01d180021 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,97 @@ +* Mon Nov 03 2025 CKI KWF Bot [6.12.0-151.el10] +- redhat/configs: set CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB default value (Baoquan He) [RHEL-114162] +- kexec_file: use SHA-256 library API instead of crypto_shash API (Baoquan He) [RHEL-114162] +- crash: fix spelling mistake "crahskernel" -> "crashkernel" (Baoquan He) [RHEL-114162] +- ima: make the kexec extra memory configurable (Baoquan He) [RHEL-114162] +- ima: verify if the segment size has changed (Baoquan He) [RHEL-114162] +- ima: kexec: move IMA log copy from kexec load to execute (Baoquan He) [RHEL-114162] +- ima: kexec: define functions to copy IMA log at soft boot (Baoquan He) [RHEL-114162] +- ima: kexec: skip IMA segment validation after kexec soft reboot (Baoquan He) [RHEL-114162] +- kexec: define functions to map and unmap segments (Baoquan He) [RHEL-114162] +- ima: define and call ima_alloc_kexec_file_buf() (Baoquan He) [RHEL-114162] +- ima: rename variable the seq_file "file" to "ima_kexec_file" (Baoquan He) [RHEL-114162] +- ima: kexec: silence RCU list traversal warning (Baoquan He) [RHEL-114162] +- selftests/kexec: Add x86_64 selftest for kexec-jump and exception handling (Baoquan He) [RHEL-114162] +- x86/kexec: Invalidate GDT/IDT from relocate_kernel() instead of earlier (Baoquan He) [RHEL-114162] +- x86/kexec: Add 8250 MMIO serial port output (Baoquan He) [RHEL-114162] +- x86/kexec: Add 8250 serial port output (Baoquan He) [RHEL-114162] +- x86/early_printk: Harden early_serial (Baoquan He) [RHEL-114162] +- x86/boot: Mark start_secondary() with __noendbr (Baoquan He) [RHEL-114162] +- x86/kexec: Debugging support: Dump registers on exception (Baoquan He) [RHEL-114162] +- x86/kexec: Debugging support: Load an IDT and basic exception entry points (Baoquan He) [RHEL-114162] +- x86/kexec: Merge x86_32 and x86_64 code using macros from (Baoquan He) [RHEL-114162] +- kexec_core: accept unaccepted kexec segments' destination addresses (Baoquan He) [RHEL-114162] +- powerpc/crash: use generic crashkernel reservation (Baoquan He) [RHEL-114162] +- powerpc: insert System RAM resource to prevent crashkernel conflict (Baoquan He) [RHEL-114162] +- powerpc/crash: preserve user-specified memory limit (Baoquan He) [RHEL-114162] +- powerpc/crash: use generic APIs to locate memory hole for kdump (Baoquan He) [RHEL-114162] +- crash: let arch decide usable memory range in reserved area (Baoquan He) [RHEL-114162] +- crash: remove an unused argument from reserve_crashkernel_generic() (Baoquan He) [RHEL-114162] +- kexec: initialize ELF lowest address to ULONG_MAX (Baoquan He) [RHEL-114162] +- x86/kexec: Add relocate_kernel() debugging support: Load a GDT (Baoquan He) [RHEL-114162] +- printk: Check CON_SUSPEND when unblanking a console (Baoquan He) [RHEL-114162] +- printk: Rename console_start to console_resume (Baoquan He) [RHEL-114162] +- printk: Rename console_stop to console_suspend (Baoquan He) [RHEL-114162] +- printk: Rename resume_console to console_resume_all (Baoquan He) [RHEL-114162] +- printk: Rename suspend_console to console_suspend_all (Baoquan He) [RHEL-114162] +- crash: Remove KEXEC_CORE_NOTE_NAME (Baoquan He) [RHEL-114162] +- s390/crash: Use note name macros (Baoquan He) [RHEL-114162] +- s390/kdump: Provide is_kdump_kernel() implementation (Baoquan He) [RHEL-114162] +- crash: Use note name macros (Baoquan He) [RHEL-114162] +- proc/kcore: use percpu_rw_semaphore for kclist_lock (Baoquan He) [RHEL-114162] +- proc/kcore: don't walk list on every read (Baoquan He) [RHEL-114162] +- proc/kcore: mark proc entry as permanent (Baoquan He) [RHEL-114162] +- powerpc/crash: Use note name macros (Baoquan He) [RHEL-114162] +- binfmt_elf: Use note name macros (Baoquan He) [RHEL-114162] +- elf: Define note name macros (Baoquan He) [RHEL-114162] +- riscv: Allow ptrace control of the tagged address ABI (Baoquan He) [RHEL-114162] +- x86/kexec: Use typedef for relocate_kernel_fn function prototype (Baoquan He) [RHEL-114162] +- x86/kexec: Cope with relocate_kernel() not being at the start of the page (Baoquan He) [RHEL-114162] +- kexec_core: Add and update comments regarding the KEXEC_JUMP flow (Baoquan He) [RHEL-114162] +- x86/kexec: Mark machine_kexec() with __nocfi (Baoquan He) [RHEL-114162] +- x86/kexec: Fix location of relocate_kernel with -ffunction-sections (Baoquan He) [RHEL-114162] +- x86/kexec: Fix stack and handling of re-entry point for ::preserve_context (Baoquan He) [RHEL-114162] +- x86/kexec: Use correct swap page in swap_pages function (Baoquan He) [RHEL-114162] +- x86/kexec: Ensure preserve_context flag is set on return to kernel (Baoquan He) [RHEL-114162] +- x86/kexec: Disable global pages before writing to control page (Baoquan He) [RHEL-114162] +- x86: Fix build regression with CONFIG_KEXEC_JUMP enabled (Baoquan He) [RHEL-114162] +- x86/kexec: Mark relocate_kernel page as ROX instead of RWX (Baoquan He) [RHEL-114162] +- x86/kexec: Clean up register usage in relocate_kernel() (Baoquan He) [RHEL-114162] +- x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page (Baoquan He) [RHEL-114162] +- x86/kexec: Drop page_list argument from relocate_kernel() (Baoquan He) [RHEL-114162] +- x86/kexec: Add data section to relocate_kernel (Baoquan He) [RHEL-114162] +- x86/kexec: Move relocate_kernel to kernel .data section (Baoquan He) [RHEL-114162] +- x86/kexec: Invoke copy of relocate_kernel() instead of the original (Baoquan He) [RHEL-114162] +- x86/kexec: Copy control page into place in machine_kexec_prepare() (Baoquan He) [RHEL-114162] +- x86/kexec: Allocate PGD for x86_64 transition page tables separately (Baoquan He) [RHEL-114162] +- x86/kexec: Only swap pages for ::preserve_context mode (Baoquan He) [RHEL-114162] +- x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S (Baoquan He) [RHEL-114162] +- x86/kexec: Clean up and document register use in relocate_kernel_64.S (Baoquan He) [RHEL-114162] +- x86/kexec: Restore GDT on return from ::preserve_context kexec (Baoquan He) [RHEL-114162] +- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-44601] +- tmpfs: add support for multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- btrfs: convert to multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- ext4: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- xfs: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- Documentation: add a new file documenting multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- fs: add percpu counters for significant multigrain timestamp events (Carlos Maiolino) [RHEL-121527] +- fs: tracepoints around multigrain timestamp events (Carlos Maiolino) [RHEL-121527] +- fs: handle delegated timestamps in setattr_copy_mgtime (Carlos Maiolino) [RHEL-121527] +- fs: have setattr_copy handle multigrain timestamps appropriately (Carlos Maiolino) [RHEL-121527] +- fs: add infrastructure for multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- timekeeping: Add percpu counter for tracking floor swap events (Carlos Maiolino) [RHEL-121527] +- timekeeping: Add interfaces for handling timestamps with a floor value (Carlos Maiolino) [RHEL-121527] +- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Paolo Abeni) [RHEL-115580] +- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Paolo Abeni) [RHEL-115580] {CVE-2025-39955} +- tcp: fix __tcp_close() to only send RST when required (Paolo Abeni) [RHEL-115580] +- net: fix segmentation after TCP/UDP fraglist GRO (Paolo Abeni) [RHEL-115580] +- tcp: call tcp_measure_rcv_mss() for ooo packets (Paolo Abeni) [RHEL-115580] +- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Paolo Abeni) [RHEL-115580] +- tcp: fix passive TFO socket having invalid NAPI ID (Paolo Abeni) [RHEL-115580] +- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Paolo Abeni) [RHEL-115580] +- fs: writeback: fix use-after-free in __mark_inode_dirty() (CKI Backport Bot) [RHEL-117211] {CVE-2025-39866} +Resolves: RHEL-114162, RHEL-115580, RHEL-117211, RHEL-121527, RHEL-44601 + * Fri Oct 31 2025 CKI KWF Bot [6.12.0-150.el10] - redhat/configs: Re-enable Raspberry Pi support in automotive (Radu Rendec) [RHEL-122494] - spi: ljca: Remove Wentong's e-mail address (Mattijs Korpershoek) [RHEL-104570] diff --git a/kernel.spec b/kernel.spec index d02252c39..178638274 100644 --- a/kernel.spec +++ b/kernel.spec @@ -176,15 +176,15 @@ Summary: The Linux kernel %define specrpmversion 6.12.0 %define specversion 6.12.0 %define patchversion 6.12 -%define pkgrelease 150 +%define pkgrelease 151 %define kversion 6 -%define tarfile_release 6.12.0-150.el10 +%define tarfile_release 6.12.0-151.el10 # This is needed to do merge window version magic %define patchlevel 12 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 150%{?buildid}%{?dist} +%define specrelease 151%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.12.0-150.el10 +%define kabiversion 6.12.0-151.el10 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -4403,14 +4403,14 @@ fi\ # # %changelog -* Sat Nov 01 2025 Eduard Abdullin - 6.12.0-150 +* Tue Nov 04 2025 Eduard Abdullin - 6.12.0-151 - Debrand for AlmaLinux OS - Use AlmaLinux OS secure boot cert -* Sat Nov 01 2025 Neal Gompa - 6.12.0-150 +* Tue Nov 04 2025 Neal Gompa - 6.12.0-151 - Enable Btrfs support for all kernel variants -* Sat Nov 01 2025 Andrew Lukoshko - 6.12.0-150 +* Tue Nov 04 2025 Andrew Lukoshko - 6.12.0-151 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024 @@ -4421,6 +4421,99 @@ fi\ - kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained +* Mon Nov 03 2025 CKI KWF Bot [6.12.0-151.el10] +- redhat/configs: set CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB default value (Baoquan He) [RHEL-114162] +- kexec_file: use SHA-256 library API instead of crypto_shash API (Baoquan He) [RHEL-114162] +- crash: fix spelling mistake "crahskernel" -> "crashkernel" (Baoquan He) [RHEL-114162] +- ima: make the kexec extra memory configurable (Baoquan He) [RHEL-114162] +- ima: verify if the segment size has changed (Baoquan He) [RHEL-114162] +- ima: kexec: move IMA log copy from kexec load to execute (Baoquan He) [RHEL-114162] +- ima: kexec: define functions to copy IMA log at soft boot (Baoquan He) [RHEL-114162] +- ima: kexec: skip IMA segment validation after kexec soft reboot (Baoquan He) [RHEL-114162] +- kexec: define functions to map and unmap segments (Baoquan He) [RHEL-114162] +- ima: define and call ima_alloc_kexec_file_buf() (Baoquan He) [RHEL-114162] +- ima: rename variable the seq_file "file" to "ima_kexec_file" (Baoquan He) [RHEL-114162] +- ima: kexec: silence RCU list traversal warning (Baoquan He) [RHEL-114162] +- selftests/kexec: Add x86_64 selftest for kexec-jump and exception handling (Baoquan He) [RHEL-114162] +- x86/kexec: Invalidate GDT/IDT from relocate_kernel() instead of earlier (Baoquan He) [RHEL-114162] +- x86/kexec: Add 8250 MMIO serial port output (Baoquan He) [RHEL-114162] +- x86/kexec: Add 8250 serial port output (Baoquan He) [RHEL-114162] +- x86/early_printk: Harden early_serial (Baoquan He) [RHEL-114162] +- x86/boot: Mark start_secondary() with __noendbr (Baoquan He) [RHEL-114162] +- x86/kexec: Debugging support: Dump registers on exception (Baoquan He) [RHEL-114162] +- x86/kexec: Debugging support: Load an IDT and basic exception entry points (Baoquan He) [RHEL-114162] +- x86/kexec: Merge x86_32 and x86_64 code using macros from (Baoquan He) [RHEL-114162] +- kexec_core: accept unaccepted kexec segments' destination addresses (Baoquan He) [RHEL-114162] +- powerpc/crash: use generic crashkernel reservation (Baoquan He) [RHEL-114162] +- powerpc: insert System RAM resource to prevent crashkernel conflict (Baoquan He) [RHEL-114162] +- powerpc/crash: preserve user-specified memory limit (Baoquan He) [RHEL-114162] +- powerpc/crash: use generic APIs to locate memory hole for kdump (Baoquan He) [RHEL-114162] +- crash: let arch decide usable memory range in reserved area (Baoquan He) [RHEL-114162] +- crash: remove an unused argument from reserve_crashkernel_generic() (Baoquan He) [RHEL-114162] +- kexec: initialize ELF lowest address to ULONG_MAX (Baoquan He) [RHEL-114162] +- x86/kexec: Add relocate_kernel() debugging support: Load a GDT (Baoquan He) [RHEL-114162] +- printk: Check CON_SUSPEND when unblanking a console (Baoquan He) [RHEL-114162] +- printk: Rename console_start to console_resume (Baoquan He) [RHEL-114162] +- printk: Rename console_stop to console_suspend (Baoquan He) [RHEL-114162] +- printk: Rename resume_console to console_resume_all (Baoquan He) [RHEL-114162] +- printk: Rename suspend_console to console_suspend_all (Baoquan He) [RHEL-114162] +- crash: Remove KEXEC_CORE_NOTE_NAME (Baoquan He) [RHEL-114162] +- s390/crash: Use note name macros (Baoquan He) [RHEL-114162] +- s390/kdump: Provide is_kdump_kernel() implementation (Baoquan He) [RHEL-114162] +- crash: Use note name macros (Baoquan He) [RHEL-114162] +- proc/kcore: use percpu_rw_semaphore for kclist_lock (Baoquan He) [RHEL-114162] +- proc/kcore: don't walk list on every read (Baoquan He) [RHEL-114162] +- proc/kcore: mark proc entry as permanent (Baoquan He) [RHEL-114162] +- powerpc/crash: Use note name macros (Baoquan He) [RHEL-114162] +- binfmt_elf: Use note name macros (Baoquan He) [RHEL-114162] +- elf: Define note name macros (Baoquan He) [RHEL-114162] +- riscv: Allow ptrace control of the tagged address ABI (Baoquan He) [RHEL-114162] +- x86/kexec: Use typedef for relocate_kernel_fn function prototype (Baoquan He) [RHEL-114162] +- x86/kexec: Cope with relocate_kernel() not being at the start of the page (Baoquan He) [RHEL-114162] +- kexec_core: Add and update comments regarding the KEXEC_JUMP flow (Baoquan He) [RHEL-114162] +- x86/kexec: Mark machine_kexec() with __nocfi (Baoquan He) [RHEL-114162] +- x86/kexec: Fix location of relocate_kernel with -ffunction-sections (Baoquan He) [RHEL-114162] +- x86/kexec: Fix stack and handling of re-entry point for ::preserve_context (Baoquan He) [RHEL-114162] +- x86/kexec: Use correct swap page in swap_pages function (Baoquan He) [RHEL-114162] +- x86/kexec: Ensure preserve_context flag is set on return to kernel (Baoquan He) [RHEL-114162] +- x86/kexec: Disable global pages before writing to control page (Baoquan He) [RHEL-114162] +- x86: Fix build regression with CONFIG_KEXEC_JUMP enabled (Baoquan He) [RHEL-114162] +- x86/kexec: Mark relocate_kernel page as ROX instead of RWX (Baoquan He) [RHEL-114162] +- x86/kexec: Clean up register usage in relocate_kernel() (Baoquan He) [RHEL-114162] +- x86/kexec: Eliminate writes through kernel mapping of relocate_kernel page (Baoquan He) [RHEL-114162] +- x86/kexec: Drop page_list argument from relocate_kernel() (Baoquan He) [RHEL-114162] +- x86/kexec: Add data section to relocate_kernel (Baoquan He) [RHEL-114162] +- x86/kexec: Move relocate_kernel to kernel .data section (Baoquan He) [RHEL-114162] +- x86/kexec: Invoke copy of relocate_kernel() instead of the original (Baoquan He) [RHEL-114162] +- x86/kexec: Copy control page into place in machine_kexec_prepare() (Baoquan He) [RHEL-114162] +- x86/kexec: Allocate PGD for x86_64 transition page tables separately (Baoquan He) [RHEL-114162] +- x86/kexec: Only swap pages for ::preserve_context mode (Baoquan He) [RHEL-114162] +- x86/kexec: Use named labels in swap_pages in relocate_kernel_64.S (Baoquan He) [RHEL-114162] +- x86/kexec: Clean up and document register use in relocate_kernel_64.S (Baoquan He) [RHEL-114162] +- x86/kexec: Restore GDT on return from ::preserve_context kexec (Baoquan He) [RHEL-114162] +- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-44601] +- tmpfs: add support for multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- btrfs: convert to multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- ext4: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- xfs: switch to multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- Documentation: add a new file documenting multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- fs: add percpu counters for significant multigrain timestamp events (Carlos Maiolino) [RHEL-121527] +- fs: tracepoints around multigrain timestamp events (Carlos Maiolino) [RHEL-121527] +- fs: handle delegated timestamps in setattr_copy_mgtime (Carlos Maiolino) [RHEL-121527] +- fs: have setattr_copy handle multigrain timestamps appropriately (Carlos Maiolino) [RHEL-121527] +- fs: add infrastructure for multigrain timestamps (Carlos Maiolino) [RHEL-121527] +- timekeeping: Add percpu counter for tracking floor swap events (Carlos Maiolino) [RHEL-121527] +- timekeeping: Add interfaces for handling timestamps with a floor value (Carlos Maiolino) [RHEL-121527] +- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Paolo Abeni) [RHEL-115580] +- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Paolo Abeni) [RHEL-115580] {CVE-2025-39955} +- tcp: fix __tcp_close() to only send RST when required (Paolo Abeni) [RHEL-115580] +- net: fix segmentation after TCP/UDP fraglist GRO (Paolo Abeni) [RHEL-115580] +- tcp: call tcp_measure_rcv_mss() for ooo packets (Paolo Abeni) [RHEL-115580] +- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Paolo Abeni) [RHEL-115580] +- tcp: fix passive TFO socket having invalid NAPI ID (Paolo Abeni) [RHEL-115580] +- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Paolo Abeni) [RHEL-115580] +- fs: writeback: fix use-after-free in __mark_inode_dirty() (CKI Backport Bot) [RHEL-117211] {CVE-2025-39866} + * Fri Oct 31 2025 CKI KWF Bot [6.12.0-150.el10] - redhat/configs: Re-enable Raspberry Pi support in automotive (Radu Rendec) [RHEL-122494] - spi: ljca: Remove Wentong's e-mail address (Mattijs Korpershoek) [RHEL-104570] diff --git a/sources b/sources index 797937cf0..cf67ccb40 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.12.0-150.el10.tar.xz) = e9f081bac97871dc2e8789483bc2b737f0299115d7d24a2175ea5a302c1a6700fec0691064305dc41d0c8db0ca7df031306e100282e80241d1c34ab5388a6d5f -SHA512 (kernel-abi-stablelists-6.12.0-150.el10.tar.xz) = 8323bd906b4e4fa2f9b6e0208d844d7df2f98dca8e8b5c6e8185ef714b832ec9eb58aef106562b9ab3bf47f4e090c7e875a176d24961eb289d759de84ea76f34 -SHA512 (kernel-kabi-dw-6.12.0-150.el10.tar.xz) = c4fc19d2b2a6bdafaeed660fcc205261468b8a965858667aee180e9de26b7aab08abfdcbb6c602ab6fbe3cd803bc1500dca168a8fffeea25137608c999b2c576 +SHA512 (linux-6.12.0-151.el10.tar.xz) = ffa7eaf342c21f654d267d6aeb8a139c3f9d8c66258ac76030d5e6840cee46764c56e3f52ec584a0be1c8a6cea47fc57f0474a6014690a20bd4472268e0f7763 +SHA512 (kernel-abi-stablelists-6.12.0-151.el10.tar.xz) = d229f0519ba12cb8b93af9fed88ae3ce6783e5e9b3ca038af5607c7fda20f4e3cfc4226cb14162e24981adcee021a684e5debaf9b139748ce16f296265e8999c +SHA512 (kernel-kabi-dw-6.12.0-151.el10.tar.xz) = 911ad565c772fd1a229c2cb5cbb8f863479f5695794d942536600e1dff7d449239c5b5191067184bd29cb66ed2ef29662638aa4d5014c156682e49808bc9e7f5