From c15ab2234a6dc20152166e0a8642d905195b85d7 Mon Sep 17 00:00:00 2001 From: Jan Stancek Date: Thu, 15 Aug 2024 16:32:38 +0200 Subject: [PATCH] kernel-6.11.0-0.rc3.19.el10 * Thu Aug 15 2024 Jan Stancek [6.11.0-0.rc3.19.el10] - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) - binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) - ksmbd: override fsids for smb2_query_info() (Namjae Jeon) - ksmbd: override fsids for share path check (Namjae Jeon) - fedora: Enable AF8133J Magnetometer driver (Peter Robinson) - platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands (Gergo Koteles) - platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc (Gergo Koteles) - platform/x86: ideapad-laptop: introduce a generic notification chain (Gergo Koteles) - platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled (Shyam Sundar S K) - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) - redhat: spec: add cachestat kselftest (Eric Chanudet) - redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov) - not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu) - Linux v6.11.0-0.rc3 Resolves: RHEL-29722 Signed-off-by: Jan Stancek --- Makefile.rhelver | 2 +- kernel.changelog | 48 +++++++++++++++++++++++++++++++++++++++++++++++- kernel.spec | 32 +++++++++++++++++++++++++++----- sources | 6 +++--- 4 files changed, 78 insertions(+), 10 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index 0f107e462..067a0823b 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 0 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 18 +RHEL_RELEASE = 19 # # RHEL_REBASE_NUM diff --git a/kernel.changelog b/kernel.changelog index 4a68fe85f..2591c4cae 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,20 @@ +* Thu Aug 15 2024 Jan Stancek [6.11.0-0.rc3.19.el10] +- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) +- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) +- ksmbd: override fsids for smb2_query_info() (Namjae Jeon) +- ksmbd: override fsids for share path check (Namjae Jeon) +- fedora: Enable AF8133J Magnetometer driver (Peter Robinson) +- platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands (Gergo Koteles) +- platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc (Gergo Koteles) +- platform/x86: ideapad-laptop: introduce a generic notification chain (Gergo Koteles) +- platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled (Shyam Sundar S K) +- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) +- redhat: spec: add cachestat kselftest (Eric Chanudet) +- redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov) +- not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu) +- Linux v6.11.0-0.rc3 +Resolves: RHEL-29722 + * Tue Aug 13 2024 Jan Stancek [6.11.0-0.rc3.18.el10] - Linux 6.11-rc3 (Linus Torvalds) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) @@ -435,6 +452,23 @@ Resolves: RHEL-29722 - task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK (Linus Torvalds) Resolves: RHEL-29722 +* Thu Aug 15 2024 Jan Stancek [6.11.0-0.rc3.19.el10] +- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) +- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) +- ksmbd: override fsids for smb2_query_info() (Namjae Jeon) +- ksmbd: override fsids for share path check (Namjae Jeon) +- fedora: Enable AF8133J Magnetometer driver (Peter Robinson) +- platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands (Gergo Koteles) +- platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc (Gergo Koteles) +- platform/x86: ideapad-laptop: introduce a generic notification chain (Gergo Koteles) +- platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled (Shyam Sundar S K) +- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) +- redhat: spec: add cachestat kselftest (Eric Chanudet) +- redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov) +- not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu) +- Linux v6.11.0-0.rc3 +Resolves: + * Tue Aug 13 2024 Jan Stancek [6.11.0-0.rc3.18.el10] - Linux 6.11-rc3 (Linus Torvalds) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) @@ -684,7 +718,7 @@ Resolves: RHEL-29722 - new configs in drivers/phy (Izabela Bakollari) - Add support to rh_waived cmdline boot parameter (Ricardo Robaina) [RHEL-26170] - Linux v6.11.0-0.rc3 -Resolves: RHEL-26170 +Resolves: RHEL-29722 * Fri Aug 09 2024 Jan Stancek [6.11.0-0.rc2.17.el10] - btrfs: avoid using fixed char array size for tree names (Qu Wenruo) @@ -872,6 +906,18 @@ Resolves: RHEL-29722 - task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK (Linus Torvalds) Resolves: RHEL-29722 +* Wed Aug 14 2024 Fedora Kernel Team [6.11.0-0.rc3.6b0f8db921ab.31] +- fedora: Enable AF8133J Magnetometer driver (Peter Robinson) +- Linux v6.11.0-0.rc3.6b0f8db921ab +Resolves: + +* Tue Aug 13 2024 Fedora Kernel Team [6.11.0-0.rc3.d74da846046a.30] +- redhat: spec: add cachestat kselftest (Eric Chanudet) +- redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov) +- not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu) +- Linux v6.11.0-0.rc3.d74da846046a +Resolves: + * Mon Aug 12 2024 Fedora Kernel Team [6.11.0-0.rc3.29] - Linux v6.11.0-0.rc3 Resolves: diff --git a/kernel.spec b/kernel.spec index 063f60a15..7104f9f50 100644 --- a/kernel.spec +++ b/kernel.spec @@ -163,15 +163,15 @@ Summary: The Linux kernel %define specrpmversion 6.11.0 %define specversion 6.11.0 %define patchversion 6.11 -%define pkgrelease 0.rc3.18 +%define pkgrelease 0.rc3.19 %define kversion 6 -%define tarfile_release 6.11.0-0.rc3.18.el10 +%define tarfile_release 6.11.0-0.rc3.19.el10 # This is needed to do merge window version magic %define patchlevel 11 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc3.18%{?buildid}%{?dist} +%define specrelease 0.rc3.19%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.11.0-0.rc3.18.el10 +%define kabiversion 6.11.0-0.rc3.19.el10 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -2678,6 +2678,11 @@ BuildKernel() { # signkernel %endif + # hmac sign the UKI for FIPS + KernelUnifiedImageHMAC="$KernelUnifiedImageDir/.$InstallName-virt.efi.hmac" + %{log_msg "hmac sign the UKI for FIPS"} + %{log_msg "Creating hmac file: $KernelUnifiedImageHMAC"} + (cd $KernelUnifiedImageDir && sha512hmac $InstallName-virt.efi) > $KernelUnifiedImageHMAC; # with_efiuki %endif @@ -3071,7 +3076,7 @@ pushd tools/testing/selftests %endif %{log_msg "main selftests compile"} -%{make} %{?_smp_mflags} ARCH=$Arch V=1 TARGETS="bpf cgroup mm net net/forwarding net/mptcp netfilter tc-testing memfd drivers/net/bonding iommu" SKIP_TARGETS="" $force_targets INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests VMLINUX_H="${RPM_VMLINUX_H}" install +%{make} %{?_smp_mflags} ARCH=$Arch V=1 TARGETS="bpf cgroup mm net net/forwarding net/mptcp netfilter tc-testing memfd drivers/net/bonding iommu cachestat" SKIP_TARGETS="" $force_targets INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests VMLINUX_H="${RPM_VMLINUX_H}" install %ifarch %{klptestarches} # kernel livepatching selftest test_modules will build against @@ -4015,6 +4020,7 @@ fi\ /lib/modules/%{KVERREL}%{?3:+%{3}}/config\ /lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\ %attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/.%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi.hmac\ %ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\ %{expand:%%files %{?3:%{3}-}uki-virt-addons}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi.extra.d/ \ @@ -4093,6 +4099,22 @@ fi\ # # %changelog +* Thu Aug 15 2024 Jan Stancek [6.11.0-0.rc3.19.el10] +- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) +- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) +- ksmbd: override fsids for smb2_query_info() (Namjae Jeon) +- ksmbd: override fsids for share path check (Namjae Jeon) +- fedora: Enable AF8133J Magnetometer driver (Peter Robinson) +- platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands (Gergo Koteles) +- platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc (Gergo Koteles) +- platform/x86: ideapad-laptop: introduce a generic notification chain (Gergo Koteles) +- platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled (Shyam Sundar S K) +- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) +- redhat: spec: add cachestat kselftest (Eric Chanudet) +- redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov) +- not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu) +- Linux v6.11.0-0.rc3 + * Tue Aug 13 2024 Jan Stancek [6.11.0-0.rc3.18.el10] - Linux 6.11-rc3 (Linus Torvalds) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) diff --git a/sources b/sources index 26480e6de..0e354ea66 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.11.0-0.rc3.18.el10.tar.xz) = 85d5084d467b70271fa93f3a5137b892531e1bd2a0ff905b015ca6aaa799f45af58935cbec9b080851b980af73354c2d4008824f777b54158cefa1c527bff551 -SHA512 (kernel-abi-stablelists-6.11.0-0.rc3.18.el10.tar.xz) = 6bb9705bd8a3e451632d24caa30d568213d73c2bddd52a5d6cb2c0245a8446c4a50afd65a8bd59c08ac93a5dc9938e0e927e08506862a70de7d8af7307d89673 -SHA512 (kernel-kabi-dw-6.11.0-0.rc3.18.el10.tar.xz) = 058c2398b34608007996d39831d61d82b546674d7b9475e7b5c92f473f70be941be32db4024d6ee0df2571345cacd318f2d72144d561f24b0526e4fb0308cdcc +SHA512 (linux-6.11.0-0.rc3.19.el10.tar.xz) = 313ce1f6cc4fcad3b82c86eee8fd62041ef9cfb72454c5b2019bd5962577778ae4b796bfeb0815a5438144834a4a850813ebfbf98785665cd55b2897ece55dc4 +SHA512 (kernel-abi-stablelists-6.11.0-0.rc3.19.el10.tar.xz) = e82cc2b8b003e4ec483754c96f7d629a9747414efd7d59d9df7b57984ccf5372470fda8a10b1d8e54c756e3c2b27d9b5e12d42f62dc974f45badc52dd5355c4e +SHA512 (kernel-kabi-dw-6.11.0-0.rc3.19.el10.tar.xz) = 058c2398b34608007996d39831d61d82b546674d7b9475e7b5c92f473f70be941be32db4024d6ee0df2571345cacd318f2d72144d561f24b0526e4fb0308cdcc