From e64d00bc577ec4205112dbddebf40a64aae9eeca Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 21 Dec 2023 09:19:03 +0000 Subject: [PATCH 1/5] import EuroLinux kernel-5.14.0-362.13.1.el9_3 --- .gitignore | 6 +- .kernel.metadata | 6 +- SOURCES/Makefile.rhelver | 2 +- SOURCES/kernel-x86_64-debug-rhel.config | 1 + SOURCES/kernel-x86_64-rhel.config | 1 + SOURCES/kernel-x86_64-rt-debug-rhel.config | 1 + SOURCES/kernel-x86_64-rt-rhel.config | 1 + SPECS/kernel.spec | 150 +++++++++++++++++++-- 8 files changed, 151 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index 3d45550b1..7b5015e50 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -SOURCES/kernel-abi-stablelists-5.14.0-362.8.1.el9_3.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-362.8.1.el9_3.tar.bz2 -SOURCES/linux-5.14.0-362.8.1.el9_3.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2 +SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelima.x509 SOURCES/rhelima_centos.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 48d678da5..6575f4db6 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,6 +1,6 @@ -1c2b1687409ff0eaeeaef0a550bfba1fdf5759d2 SOURCES/kernel-abi-stablelists-5.14.0-362.8.1.el9_3.tar.bz2 -2d6ccc65ef328fc9872f1a420af331ab850fb1a6 SOURCES/kernel-kabi-dw-5.14.0-362.8.1.el9_3.tar.bz2 -83760acdd6b3494c5ed8cb87745a443aeb17c13e SOURCES/linux-5.14.0-362.8.1.el9_3.tar.xz +c4f5872f7005e90b19c5f9062b22b1f21827ef54 SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2 +b1d3fe4cf0e3d6db2cb96fc8dc3ccf21cf29b12d SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2 +471a92d317924954c13b85d2f4cb6fd598712ea3 SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509 61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 9a94053ef..5062d5257 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 3 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 362.8.1 +RHEL_RELEASE = 362.13.1 # # ZSTREAM diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index f727dd6b1..579f4cfc6 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -796,6 +796,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index 404b3ebac..b43a36332 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -796,6 +796,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/SOURCES/kernel-x86_64-rt-debug-rhel.config b/SOURCES/kernel-x86_64-rt-debug-rhel.config index 6aa26ce95..92aed4f61 100644 --- a/SOURCES/kernel-x86_64-rt-debug-rhel.config +++ b/SOURCES/kernel-x86_64-rt-debug-rhel.config @@ -811,6 +811,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/SOURCES/kernel-x86_64-rt-rhel.config b/SOURCES/kernel-x86_64-rt-rhel.config index d384132e4..faa4da965 100644 --- a/SOURCES/kernel-x86_64-rt-rhel.config +++ b/SOURCES/kernel-x86_64-rt-rhel.config @@ -811,6 +811,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index e1b227635..8547fa83a 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -161,15 +161,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 362.8.1 +%define pkgrelease 362.13.1 %define kversion 5 -%define tarfile_release 5.14.0-362.8.1.el9_3 +%define tarfile_release 5.14.0-362.13.1.el9_3 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 362.8.1%{?buildid}%{?dist} +%define specrelease 362.13.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-362.8.1.el9_3 +%define kabiversion 5.14.0-362.13.1.el9_3 # # End of genspec.sh variables @@ -622,6 +622,15 @@ Summary: The Linux kernel %define kernel_prereq coreutils, systemd >= 203-2, /usr/bin/kernel-install %define initrd_prereq dracut >= 027 +# EuroLinux override +# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast +# we have to change this here + +%define with_doc 1 +%global signkernel 0 +%global signmodules 0 + +# End of EuroLinux override Name: kernel License: GPLv2 and Redistributable, no modification permitted @@ -1245,11 +1254,11 @@ Summary: gcov graph and source files for coverage data collection.\ %{nil} %package -n kernel-abi-stablelists -Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists +Summary: The EuroLinux kernel ABI symbol stablelists AutoReqProv: no %description -n kernel-abi-stablelists -The kABI package contains information pertaining to the Red Hat Enterprise -Linux kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the EuroLinux +kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -1258,8 +1267,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the Red Hat Enterprise -Linux kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the EuroLinux +kernel, suitable for the kabi-dw tool. %endif # @@ -1790,7 +1799,7 @@ done # Adjust FIPS module name for RHEL %if 0%{?rhel} for i in *.config; do - sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i + sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="EuroLinux %{rhel} - Kernel Cryptographic API"/' $i done %endif @@ -3754,6 +3763,127 @@ fi # # %changelog +* Tue Dec 19 2023 EuroLinux Autopatch + +* Fri Nov 24 2023 Jan Stancek [5.14.0-362.13.1.el9_3] +- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192} +- iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705] +- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15191 RHEL-15202 RHEL-15192 RHEL-15203] {CVE-2023-45871} +- bio-integrity: create multi-page bvecs in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714] +- bio-integrity: cleanup adding integrity pages to bip's bvec. (Ming Lei) [RHEL-15107 RHEL-13714] +- bio-integrity: update the payload size in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714] +- block: make bvec_try_merge_hw_page() non-static (Ming Lei) [RHEL-15107 RHEL-13714] +- block: don't pass a bio to bio_try_merge_hw_seg (Ming Lei) [RHEL-15107 RHEL-13714] +- block: move the bi_size update out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: downgrade a bio_full call in bio_add_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: move the bi_size overflow check in __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: move the bi_vcnt check out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: move the BIO_CLONED checks out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: use SECTOR_SHIFT bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: tidy up the bio full checks in bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714] +- block: kmsan: skip bio block merging logic for KMSAN (Ming Lei) [RHEL-15107 RHEL-13714] +- redhat: change builder image to rhel-9.3 (Michael Hofmann) +- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Add IBPB (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- objtool: Add objtool_types.h (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- objtool: Fix SEGFAULT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569} +- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-15799 2241234] +- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-14353 RHEL-13881] +- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5757 RHEL-3904] + +* Thu Nov 16 2023 Jan Stancek [5.14.0-362.12.1.el9_3] +- fs/smb/client: Reset password pointer to NULL (Scott Mayhew) [RHEL-11804 RHEL-11808 RHEL-11805 RHEL-11809] {CVE-2023-5345} + +* Thu Nov 09 2023 Herton R. Krzesinski [5.14.0-362.11.1.el9_3] +- mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (Donald Dutile) [RHEL-15277 RHEL-9198] +- qed: fix LL2 RX buffer allocation (Chris Leech) [RHEL-14496 RHEL-8466] +- fs/buffer.c: disable per-CPU buffer_head cache for isolated CPUs (Marcelo Tosatti) [RHEL-12101 2158709] + +* Thu Nov 02 2023 Jan Stancek [5.14.0-362.10.1.el9_3] +- perf/x86/amd: Do not WARN() on every IRQ (Michael Petlan) [RHEL-14363 RHEL-12341] +- keys: Fix linking a duplicate key to a keyring's assoc_array (Jay Shin) [RHEL-14058 RHEL-9908] +- vdpa/mlx5: Correct default number of queues when MQ is on (Laurent Vivier) [RHEL-12419 RHEL-7015] +- redhat: fix bug/zjira sort in the changelog (Herton R. Krzesinski) +- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [RHEL-10381 RHEL-10357] + +* Thu Oct 26 2023 Jan Stancek [5.14.0-362.9.1.el9_3] +- iavf: schedule a request immediately after add/delete vlan (Petr Oros) [RHEL-9460] +- iavf: add iavf_schedule_aq_request() helper (Petr Oros) [RHEL-9460] +- cgroup: always put cset in cgroup_css_set_put_fork (Jay Shin) [RHEL-14053] +- cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers (Jay Shin) [RHEL-14053] +- CI: Remove -rt suffix from kpet_tree_name values (Nikolai Kondrashov) +- rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) [RHEL-12359] +- rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) [RHEL-12359] +- rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) [RHEL-12359] +- rbd: move rbd_dev_refresh() definition (Ilya Dryomov) [RHEL-12359] +- CI: Remove unused kpet_tree_family (Nikolai Kondrashov) + * Tue Oct 03 2023 Jan Stancek [5.14.0-362.8.1.el9_3] - Revert "cnic: don't pass bogus GFP_ flags to dma_alloc_coherent" (Chris Leech) [RHEL-2542] - Revert "dma-mapping: reject __GFP_COMP in dma_alloc_attrs" (Chris Leech) [RHEL-2542] From 410c5392a10901271cf46df7f7860df695ad8cd4 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 21 Dec 2023 13:28:44 +0300 Subject: [PATCH 2/5] Revert EuroLinux modifications --- SPECS/kernel.spec | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 8547fa83a..dffc93748 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -622,15 +622,6 @@ Summary: The Linux kernel %define kernel_prereq coreutils, systemd >= 203-2, /usr/bin/kernel-install %define initrd_prereq dracut >= 027 -# EuroLinux override -# Normaly this should be done in rpmmacros, but because the packages must be rebuildable with beast -# we have to change this here - -%define with_doc 1 -%global signkernel 0 -%global signmodules 0 - -# End of EuroLinux override Name: kernel License: GPLv2 and Redistributable, no modification permitted @@ -1254,11 +1245,11 @@ Summary: gcov graph and source files for coverage data collection.\ %{nil} %package -n kernel-abi-stablelists -Summary: The EuroLinux kernel ABI symbol stablelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists AutoReqProv: no %description -n kernel-abi-stablelists -The kABI package contains information pertaining to the EuroLinux -kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the Red Hat Enterprise +Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -1267,8 +1258,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the EuroLinux -kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the Red Hat Enterprise +Linux kernel, suitable for the kabi-dw tool. %endif # @@ -1799,7 +1790,7 @@ done # Adjust FIPS module name for RHEL %if 0%{?rhel} for i in *.config; do - sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="EuroLinux %{rhel} - Kernel Cryptographic API"/' $i + sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i done %endif @@ -3763,8 +3754,6 @@ fi # # %changelog -* Tue Dec 19 2023 EuroLinux Autopatch - * Fri Nov 24 2023 Jan Stancek [5.14.0-362.13.1.el9_3] - cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192} - iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705] From 7faa0ce098d5fb7fb6ef526d60c131279633c687 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 18 Jan 2024 14:40:48 +0300 Subject: [PATCH 3/5] Add almalinux(kernel-sig-key) provides to kernel-rt-core --- SPECS/kernel.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 1770a493b..d6e9d7a4f 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -1469,7 +1469,7 @@ Provides: installonlypkg(kernel)\ Requires: kernel-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %endif\ -%if "%{?1}" == ""\ +%if "%{1}" == "rt" || "%{?1}" == ""\ Provides: almalinux(kernel-sig-key) = 202303\ Conflicts: shim-ia32 <= 15.6-1.el9.alma\ Conflicts: shim-x64 <= 15.6-1.el9.alma\ From b20d235e6b530850c9bb3cf3511a590eac65ad68 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 26 Jan 2024 13:17:06 +0000 Subject: [PATCH 4/5] nvme-pci: add BOGUS_NID for Intel 0a54 device --- ...-add-BOGUS_NID-for-Intel-0a54-device.patch | 32 +++++++++++++++++++ SPECS/kernel.spec | 12 +++++-- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 SOURCES/0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch diff --git a/SOURCES/0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch b/SOURCES/0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch new file mode 100644 index 000000000..800e26f02 --- /dev/null +++ b/SOURCES/0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch @@ -0,0 +1,32 @@ +From 5c3f4066462a5f6cac04d3dd81c9f551fabbc6c7 Mon Sep 17 00:00:00 2001 +From: Keith Busch +Date: Thu, 12 Oct 2023 11:13:51 -0700 +Subject: [PATCH] nvme-pci: add BOGUS_NID for Intel 0a54 device + +These ones claim cmic and nmic capable, so need special consideration to ignore +their duplicate identifiers. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=217981 +Reported-by: welsh@cassens.com +Signed-off-by: Keith Busch +--- + drivers/nvme/host/pci.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c +index 347cb5daebc3..3f0c9ee09a12 100644 +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -3329,7 +3329,8 @@ static const struct pci_device_id nvme_id_table[] = { + { PCI_VDEVICE(INTEL, 0x0a54), /* Intel P4500/P4600 */ + .driver_data = NVME_QUIRK_STRIPE_SIZE | + NVME_QUIRK_DEALLOCATE_ZEROES | +- NVME_QUIRK_IGNORE_DEV_SUBNQN, }, ++ NVME_QUIRK_IGNORE_DEV_SUBNQN | ++ NVME_QUIRK_BOGUS_NID, }, + { PCI_VDEVICE(INTEL, 0x0a55), /* Dell Express Flash P4600 */ + .driver_data = NVME_QUIRK_STRIPE_SIZE | + NVME_QUIRK_DEALLOCATE_ZEROES, }, +-- +2.27.0 + diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index d6e9d7a4f..a293309a1 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -161,13 +161,13 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 362.13.1 +%define pkgrelease 362.13.2 %define kversion 5 %define tarfile_release 5.14.0-362.13.1.el9_3 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 362.13.1%{?buildid}%{?dist} +%define specrelease 362.13.2%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 5.14.0-362.13.1.el9_3 @@ -947,6 +947,9 @@ Source4002: gating.yaml Patch1: patch-%{patchversion}-redhat.patch %endif +# AlmaLinux patches +Patch1001: 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch + # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -1691,6 +1694,8 @@ cp -a %{SOURCE1} . ApplyOptionalPatch patch-%{patchversion}-redhat.patch %endif +ApplyPatch 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch + ApplyOptionalPatch linux-kernel-test.patch # END OF PATCH APPLICATIONS @@ -3736,6 +3741,9 @@ fi # # %changelog +* Fri Jan 26 2024 Andrew Lukoshko [5.14.0-362.13.2.el9_3] +- nvme-pci: add BOGUS_NID for Intel 0a54 device + * Fri Nov 24 2023 Jan Stancek [5.14.0-362.13.1.el9_3] - cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192} - iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705] From b163435e4d27ce8906c820dcc8abd4b10be86146 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 29 Jan 2024 14:15:32 +0300 Subject: [PATCH 5/5] Import EuroLinux kernel-5.14.0-362.18.1.el9_3 --- .gitignore | 6 +- .kernel.metadata | 6 +- SOURCES/Makefile.rhelver | 2 +- SOURCES/kernel-aarch64-64k-debug-rhel.config | 1 + SOURCES/kernel-aarch64-64k-rhel.config | 1 + SOURCES/kernel-aarch64-debug-rhel.config | 1 + SOURCES/kernel-aarch64-rhel.config | 1 + SOURCES/kernel-aarch64-rt-debug-rhel.config | 1 + SOURCES/kernel-aarch64-rt-rhel.config | 1 + SOURCES/kernel-ppc64le-debug-rhel.config | 1 + SOURCES/kernel-ppc64le-rhel.config | 1 + SOURCES/kernel-s390x-debug-rhel.config | 1 + SOURCES/kernel-s390x-rhel.config | 1 + SOURCES/kernel-s390x-zfcpdump-rhel.config | 1 + SOURCES/kernel-x86_64-debug-rhel.config | 1 + SOURCES/kernel-x86_64-rhel.config | 1 + SOURCES/kernel-x86_64-rt-debug-rhel.config | 1 + SOURCES/kernel-x86_64-rt-rhel.config | 1 + SPECS/kernel.spec | 134 ++++++++++++++++++- 19 files changed, 152 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 7b5015e50..4ea8105ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2 -SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-362.18.1.el9_3.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-362.18.1.el9_3.tar.bz2 +SOURCES/linux-5.14.0-362.18.1.el9_3.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelima.x509 SOURCES/rhelima_centos.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 6575f4db6..a441e4c5e 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,6 +1,6 @@ -c4f5872f7005e90b19c5f9062b22b1f21827ef54 SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2 -b1d3fe4cf0e3d6db2cb96fc8dc3ccf21cf29b12d SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2 -471a92d317924954c13b85d2f4cb6fd598712ea3 SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz +f823c58b7a797113dec1a2863f3efb9b13a5db01 SOURCES/kernel-abi-stablelists-5.14.0-362.18.1.el9_3.tar.bz2 +b1d3fe4cf0e3d6db2cb96fc8dc3ccf21cf29b12d SOURCES/kernel-kabi-dw-5.14.0-362.18.1.el9_3.tar.bz2 +4c7324ab3eed522ca5d7e0fcee0bfa891ef73328 SOURCES/linux-5.14.0-362.18.1.el9_3.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509 61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index 5062d5257..c7ea6d519 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 3 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 362.13.1 +RHEL_RELEASE = 362.18.1 # # ZSTREAM diff --git a/SOURCES/kernel-aarch64-64k-debug-rhel.config b/SOURCES/kernel-aarch64-64k-debug-rhel.config index d83f8fcfb..aa8633ead 100644 --- a/SOURCES/kernel-aarch64-64k-debug-rhel.config +++ b/SOURCES/kernel-aarch64-64k-debug-rhel.config @@ -1340,6 +1340,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-aarch64-64k-rhel.config b/SOURCES/kernel-aarch64-64k-rhel.config index a80be717d..c15f59677 100644 --- a/SOURCES/kernel-aarch64-64k-rhel.config +++ b/SOURCES/kernel-aarch64-64k-rhel.config @@ -1332,6 +1332,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-aarch64-debug-rhel.config b/SOURCES/kernel-aarch64-debug-rhel.config index 2ff146abd..3f3a0e688 100644 --- a/SOURCES/kernel-aarch64-debug-rhel.config +++ b/SOURCES/kernel-aarch64-debug-rhel.config @@ -1337,6 +1337,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-aarch64-rhel.config b/SOURCES/kernel-aarch64-rhel.config index bc3337966..123349686 100644 --- a/SOURCES/kernel-aarch64-rhel.config +++ b/SOURCES/kernel-aarch64-rhel.config @@ -1329,6 +1329,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-aarch64-rt-debug-rhel.config b/SOURCES/kernel-aarch64-rt-debug-rhel.config index 5cbfe89a7..0d15cd39b 100644 --- a/SOURCES/kernel-aarch64-rt-debug-rhel.config +++ b/SOURCES/kernel-aarch64-rt-debug-rhel.config @@ -1354,6 +1354,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPM_WATCHDOG is not set # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set diff --git a/SOURCES/kernel-aarch64-rt-rhel.config b/SOURCES/kernel-aarch64-rt-rhel.config index d495c0a64..59a928c64 100644 --- a/SOURCES/kernel-aarch64-rt-rhel.config +++ b/SOURCES/kernel-aarch64-rt-rhel.config @@ -1346,6 +1346,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPM_WATCHDOG is not set # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set diff --git a/SOURCES/kernel-ppc64le-debug-rhel.config b/SOURCES/kernel-ppc64le-debug-rhel.config index 2a3c805da..651fde34a 100644 --- a/SOURCES/kernel-ppc64le-debug-rhel.config +++ b/SOURCES/kernel-ppc64le-debug-rhel.config @@ -1126,6 +1126,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-ppc64le-rhel.config b/SOURCES/kernel-ppc64le-rhel.config index 632558943..7b22e1b4b 100644 --- a/SOURCES/kernel-ppc64le-rhel.config +++ b/SOURCES/kernel-ppc64le-rhel.config @@ -1118,6 +1118,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-s390x-debug-rhel.config b/SOURCES/kernel-s390x-debug-rhel.config index 563bbf887..fb7b4531b 100644 --- a/SOURCES/kernel-s390x-debug-rhel.config +++ b/SOURCES/kernel-s390x-debug-rhel.config @@ -1133,6 +1133,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-s390x-rhel.config b/SOURCES/kernel-s390x-rhel.config index aae2ed025..bec945bb3 100644 --- a/SOURCES/kernel-s390x-rhel.config +++ b/SOURCES/kernel-s390x-rhel.config @@ -1125,6 +1125,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-s390x-zfcpdump-rhel.config b/SOURCES/kernel-s390x-zfcpdump-rhel.config index d7a86649d..bcc83f049 100644 --- a/SOURCES/kernel-s390x-zfcpdump-rhel.config +++ b/SOURCES/kernel-s390x-zfcpdump-rhel.config @@ -1131,6 +1131,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set # CONFIG_DRAGONRISE_FF is not set CONFIG_DRM_AMD_ACP=y diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index 579f4cfc6..841473515 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -1203,6 +1203,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set CONFIG_DPTF_PCH_FIVR=m CONFIG_DPTF_POWER=m diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index b43a36332..bae157a2b 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -1195,6 +1195,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPS310 is not set CONFIG_DPTF_PCH_FIVR=m CONFIG_DPTF_POWER=m diff --git a/SOURCES/kernel-x86_64-rt-debug-rhel.config b/SOURCES/kernel-x86_64-rt-debug-rhel.config index 92aed4f61..3ac9b86c6 100644 --- a/SOURCES/kernel-x86_64-rt-debug-rhel.config +++ b/SOURCES/kernel-x86_64-rt-debug-rhel.config @@ -1222,6 +1222,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPM_WATCHDOG is not set # CONFIG_DPS310 is not set CONFIG_DPTF_PCH_FIVR=m diff --git a/SOURCES/kernel-x86_64-rt-rhel.config b/SOURCES/kernel-x86_64-rt-rhel.config index faa4da965..82ac878c9 100644 --- a/SOURCES/kernel-x86_64-rt-rhel.config +++ b/SOURCES/kernel-x86_64-rt-rhel.config @@ -1214,6 +1214,7 @@ CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m # CONFIG_DP83869_PHY is not set CONFIG_DP83TC811_PHY=m +CONFIG_DPLL=y # CONFIG_DPM_WATCHDOG is not set # CONFIG_DPS310 is not set CONFIG_DPTF_PCH_FIVR=m diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index dffc93748..9c156f8f1 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -161,15 +161,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 362.13.1 +%define pkgrelease 362.18.1 %define kversion 5 -%define tarfile_release 5.14.0-362.13.1.el9_3 +%define tarfile_release 5.14.0-362.18.1.el9_3 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 362.13.1%{?buildid}%{?dist} +%define specrelease 362.18.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-362.13.1.el9_3 +%define kabiversion 5.14.0-362.18.1.el9_3 # # End of genspec.sh variables @@ -3754,6 +3754,132 @@ fi # # %changelog +* Wed Jan 03 2024 Jan Stancek [5.14.0-362.18.1.el9_3] +- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545} +- rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/hwnoise: Reduce runtime to 75%% (John Kacur) [RHEL-18360 RHEL-10079] +- rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079] +- rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079] +- rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079] +- rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079] +- rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079] +- rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079] +- ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941] +- fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} +- fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} +- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812} +- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015} +- md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455] +- dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} +- dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} +- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283} +- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592] +- tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592] +- md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718] +- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166} + +* Wed Dec 20 2023 Jan Stancek [5.14.0-362.17.1.el9_3] +- netfilter: nf_tables: skip bound chain on rule flush (Florian Westphal) [RHEL-10111 RHEL-10113 RHEL-10112 RHEL-10114] {CVE-2023-3777} +- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18553 RHEL-18968 RHEL-6654 RHEL-7239] {CVE-2022-41858} +- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19358 RHEL-19400 RHEL-6832 RHEL-7244] {CVE-2023-2176} +- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19358 RHEL-19400 RHEL-6832 RHEL-7244] {CVE-2023-2176} +- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-17263 RHEL-17265 RHEL-17264 RHEL-17266] {CVE-2023-4622} + +* Thu Dec 14 2023 Jan Stancek [5.14.0-362.16.1.el9_3] +- tracing/timerlat: Add user-space interface (Chris White) [RHEL-18927 RHEL-14932] +- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-18927 RHEL-14932] +- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-18927 RHEL-14932] +- tracing/timerlat: Always wakeup the timerlat thread (John Kacur) [RHEL-18356 RHEL-16305] +- tracing: Rename kvfree_rcu() to kvfree_rcu_mightsleep() (John Kacur) [RHEL-18356 RHEL-16305] +- tracing/osnoise: Fix notify new tracing_max_latency (John Kacur) [RHEL-18356 RHEL-16305] +- tracing/timerlat: Notify new max thread latency (John Kacur) [RHEL-18356 RHEL-16305] +- tracing/osnoise: set several trace_osnoise.c variables storage-class-specifier to static (John Kacur) [RHEL-18356 RHEL-16305] +- trace/osnoise: make use of the helper function kthread_run_on_cpu() (John Kacur) [RHEL-18356 RHEL-16305] +- tracing: Switch to kvfree_rcu() API (John Kacur) [RHEL-18356 RHEL-16305] +- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep() (Waiman Long) [RHEL-18356 RHEL-16305] +- x86/sev: Check for user-space IOIO pointing to kernel space (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813} +- x86/sev: Check IOBM for IOIO exceptions from user-space (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813} +- x86/sev: Disable MMIO emulation from user mode (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813} +- hwmon: (ina3221) Add support for channel summation disable (Steve Best) [RHEL-17898 RHEL-1899] +- ice: reset first in crash dump kernels (Petr Oros) [RHEL-17613 RHEL-15698] +- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) [RHEL-17571 2229975] +- net: fix net device address assign type (Michal Schmidt) [RHEL-17279 RHEL-6368] +- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17279 RHEL-6368] +- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} +- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633} + +* Thu Dec 07 2023 Jan Stancek [5.14.0-362.15.1.el9_3] +- drm/mgag200: Flush the cache to improve latency (Jocelyn Falempe) [RHEL-16560] +- sched/fair: Make the BW replenish timer expire in hardirq context for PREEMPT_RT (Valentin Schneider) [RHEL-16842 RHEL-7232] +- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623} +- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623} + +* Fri Dec 01 2023 Jan Stancek [5.14.0-362.14.1.el9_3] +- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8436 RHEL-8454 RHEL-8437 RHEL-8455] {CVE-2023-42753} +- sctp: update hb timer immediately after users change hb_interval (Xin Long) [RHEL-14301 RHEL-14179] +- sctp: update transport state when processing a dupcook packet (Xin Long) [RHEL-14301 RHEL-14179] +- netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long) [RHEL-14301 RHEL-14179] +- sctp: annotate data-races around sk->sk_wmem_queued (Xin Long) [RHEL-14301 RHEL-14179] +- cifs: fix missing unload_nls() in smb2_reconnect() (Scott Mayhew) [RHEL-16477 RHEL-11577] +- cifs: avoid race conditions with parallel reconnects (Scott Mayhew) [RHEL-16477 RHEL-11577] +- cifs: update ip_addr for ses only for primary chan setup (Scott Mayhew) [RHEL-16477 RHEL-11577] +- cifs: prevent data race in cifs_reconnect_tcon() (Scott Mayhew) [RHEL-16477 RHEL-11577] +- cifs: prevent data race in smb2_reconnect() (Scott Mayhew) [RHEL-16477 RHEL-11577] +- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11487 RHEL-11491 RHEL-11488 RHEL-11492] {CVE-2023-5178} +- Enable CONFIG_DPLL (Petr Oros) [RHEL-15800 2232515] +- ice: implement dpll interface to control cgu (Petr Oros) [RHEL-15800 2232515] +- ice: add admin commands to access cgu configuration (Petr Oros) [RHEL-15800 2232515] +- netdev: expose DPLL pin handle for netdevice (Petr Oros) [RHEL-15800 2232515] +- dpll: netlink: Add DPLL framework base functions (Petr Oros) [RHEL-15800 2232515] +- dpll: core: Add DPLL framework base functions (Petr Oros) [RHEL-15800 2232515] +- dpll: spec: Add Netlink spec in YAML (Petr Oros) [RHEL-15800 2232515] +- dpll: documentation on DPLL subsystem interface (Petr Oros) [RHEL-15800 2232515] +- ice: do not re-enable miscellaneous interrupt until thread_fn completes (Petr Oros) [RHEL-15806 2229762] +- ice: trigger PFINT_OICR_TSYN_TX interrupt instead of polling (Petr Oros) [RHEL-15806 2229762] +- ice: introduce ICE_TX_TSTAMP_WORK enumeration (Petr Oros) [RHEL-15806 2229762] +- mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() (Rafael Aquini) [RHEL-11589 RHEL-2466] +- sched/fair: Block nohz tick_stop when cfs bandwidth in use (Phil Auld) [RHEL-8701 2208016] +- sched, cgroup: Restore meaning to hierarchical_quota (Phil Auld) [RHEL-8701 2208016] + * Fri Nov 24 2023 Jan Stancek [5.14.0-362.13.1.el9_3] - cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192} - iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705]