rpms/kernel
7
2
Fork 4
Code Issues Pull Requests Releases Activity

kernel-6.12.0-41.el10

Browse Source 
* Tue Jan 14 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-41.el10]
- netfilter: IDLETIMER: Fix for possible ABBA deadlock (Phil Sutter) [RHEL-70301]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-73194]
- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [RHEL-68691]
- sched/numa: fix memory leak due to the overwritten vma->numab_state (Phil Auld) [RHEL-67478]
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter) [RHEL-71827]
- NFSD: Mark exports of NFS as unsupported (Benjamin Coddington) [RHEL-50656]
- netdev-genl: Hold rcu_read_lock in napi_get (Paolo Abeni) [RHEL-73205]
- net: avoid potential UAF in default_operstate() (Paolo Abeni) [RHEL-73205] {CVE-2024-56635}
- net: defer final 'struct net' free in netns dismantle (Paolo Abeni) [RHEL-73205] {CVE-2024-56658}
- net: restrict SO_REUSEPORT to inet sockets (Paolo Abeni) [RHEL-73205]
- Revert "rtnetlink: add guard for RTNL" (Paolo Abeni) [RHEL-73205]
- netlink: fix false positive warning in extack during dumps (Paolo Abeni) [RHEL-73205] {CVE-2024-53212}
- tcp: check space before adding MPTCP SYN options (Paolo Abeni) [RHEL-73143]
- net: fix memory leak in tcp_conn_request() (Paolo Abeni) [RHEL-73143]
- Revert "udp: avoid calling sock_def_readable() if possible" (Paolo Abeni) [RHEL-73132]
- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [RHEL-69538]
- redhat: make kernel-debug-uki-virt installable without kernel-debug-core (Vitaly Kuznetsov) [RHEL-72983]
- KVM: arm64: Fix S1/S2 combination when FWB==1 and S2 has Device memory type (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add error handling in vgic_its_cache_translation (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Add tests for MMIO external abort injection (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Convert to kernel's ESR terminology (Shaoqin Huang) [RHEL-68039]
- tools: arm64: Grab a copy of esr.h from kernel (Shaoqin Huang) [RHEL-68039]
- KVM: selftests: Don't bother deleting memslots in KVM when freeing VMs (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add stronger type-checking to the ITS entry sizes (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Kill VGIC_MAX_PRIVATE definition (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Make vgic_get_irq() more robust (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Pass on SVE mapping failures (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't map 'kvm_vgic_global_state' at EL2 with pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Just advertise SEIS as 0 when emulating ICC_CTLR_EL1 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't retire aborted MMIO instruction (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Get rid of userspace_irqchip_in_use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize trap register values in hyp in pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize the hypervisor's VM state at EL2 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Move pkvm_vcpu_init_traps() to init_pkvm_hyp_vcpu() (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE (Shaoqin Huang) [RHEL-68039]
Resolves: RHEL-50656, RHEL-67478, RHEL-68039, RHEL-68691, RHEL-69538, RHEL-70301, RHEL-71827, RHEL-72983, RHEL-73132, RHEL-73143, RHEL-73194, RHEL-73205

Signed-off-by: Jan Stancek <jstancek@redhat.com>
This commit is contained in:
Jan Stancek 2025-01-14 08:37:39 +01:00
parent 36e6bad2c6
commit f38de42824
4 changed files with 98 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.rhelver
View File

@ -12,7 +12,7 @@ RHEL_MINOR = 0
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 40
RHEL_RELEASE = 41
#
# RHEL_REBASE_NUM

45
kernel.changelog
View File

@ -1,3 +1,48 @@
* Tue Jan 14 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-41.el10]
- netfilter: IDLETIMER: Fix for possible ABBA deadlock (Phil Sutter) [RHEL-70301]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-73194]
- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [RHEL-68691]
- sched/numa: fix memory leak due to the overwritten vma->numab_state (Phil Auld) [RHEL-67478]
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter) [RHEL-71827]
- NFSD: Mark exports of NFS as unsupported (Benjamin Coddington) [RHEL-50656]
- netdev-genl: Hold rcu_read_lock in napi_get (Paolo Abeni) [RHEL-73205]
- net: avoid potential UAF in default_operstate() (Paolo Abeni) [RHEL-73205] {CVE-2024-56635}
- net: defer final 'struct net' free in netns dismantle (Paolo Abeni) [RHEL-73205] {CVE-2024-56658}
- net: restrict SO_REUSEPORT to inet sockets (Paolo Abeni) [RHEL-73205]
- Revert "rtnetlink: add guard for RTNL" (Paolo Abeni) [RHEL-73205]
- netlink: fix false positive warning in extack during dumps (Paolo Abeni) [RHEL-73205] {CVE-2024-53212}
- tcp: check space before adding MPTCP SYN options (Paolo Abeni) [RHEL-73143]
- net: fix memory leak in tcp_conn_request() (Paolo Abeni) [RHEL-73143]
- Revert "udp: avoid calling sock_def_readable() if possible" (Paolo Abeni) [RHEL-73132]
- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [RHEL-69538]
- redhat: make kernel-debug-uki-virt installable without kernel-debug-core (Vitaly Kuznetsov) [RHEL-72983]
- KVM: arm64: Fix S1/S2 combination when FWB==1 and S2 has Device memory type (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add error handling in vgic_its_cache_translation (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Add tests for MMIO external abort injection (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Convert to kernel's ESR terminology (Shaoqin Huang) [RHEL-68039]
- tools: arm64: Grab a copy of esr.h from kernel (Shaoqin Huang) [RHEL-68039]
- KVM: selftests: Don't bother deleting memslots in KVM when freeing VMs (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add stronger type-checking to the ITS entry sizes (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Kill VGIC_MAX_PRIVATE definition (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Make vgic_get_irq() more robust (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Pass on SVE mapping failures (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't map 'kvm_vgic_global_state' at EL2 with pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Just advertise SEIS as 0 when emulating ICC_CTLR_EL1 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't retire aborted MMIO instruction (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Get rid of userspace_irqchip_in_use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize trap register values in hyp in pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize the hypervisor's VM state at EL2 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Move pkvm_vcpu_init_traps() to init_pkvm_hyp_vcpu() (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE (Shaoqin Huang) [RHEL-68039]
Resolves: RHEL-50656, RHEL-67478, RHEL-68039, RHEL-68691, RHEL-69538, RHEL-70301, RHEL-71827, RHEL-72983, RHEL-73132, RHEL-73143, RHEL-73194, RHEL-73205
* Sun Jan 12 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-40.el10]
- selftests: netfilter: Stabilize rpath.sh (Phil Sutter) [RHEL-71139]
- redhat/configs: automotive: disable CONFIG_AIO (Davide Caratti) [RHEL-71905]

54
kernel.spec
View File

@ -162,15 +162,15 @@ Summary: The Linux kernel
%define specrpmversion 6.12.0
%define specversion 6.12.0
%define patchversion 6.12
%define pkgrelease 40
%define pkgrelease 41
%define kversion 6
%define tarfile_release 6.12.0-40.el10
%define tarfile_release 6.12.0-41.el10
# This is needed to do merge window version magic
%define patchlevel 12
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 40%{?buildid}%{?dist}
%define specrelease 41%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 6.12.0-40.el10
%define kabiversion 6.12.0-41.el10
# If this variable is set to 1, a bpf selftests build failure will cause a
# fatal kernel package build error
@ -1659,7 +1659,7 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{
%package %{?1:%{1}-}uki-virt\
Summary: %{variant_summary} unified kernel image for virtual machines\
Provides: installonlypkg(kernel)\
Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\
Provides: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\
Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:+%{1}}}\
Requires(pre): %{kernel_prereq}\
Requires(pre): systemd >= 254-1\
@ -4300,6 +4300,50 @@ fi\
#
#
%changelog
* Tue Jan 14 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-41.el10]
- netfilter: IDLETIMER: Fix for possible ABBA deadlock (Phil Sutter) [RHEL-70301]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-73194]
- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [RHEL-68691]
- sched/numa: fix memory leak due to the overwritten vma->numab_state (Phil Auld) [RHEL-67478]
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter) [RHEL-71827]
- NFSD: Mark exports of NFS as unsupported (Benjamin Coddington) [RHEL-50656]
- netdev-genl: Hold rcu_read_lock in napi_get (Paolo Abeni) [RHEL-73205]
- net: avoid potential UAF in default_operstate() (Paolo Abeni) [RHEL-73205] {CVE-2024-56635}
- net: defer final 'struct net' free in netns dismantle (Paolo Abeni) [RHEL-73205] {CVE-2024-56658}
- net: restrict SO_REUSEPORT to inet sockets (Paolo Abeni) [RHEL-73205]
- Revert "rtnetlink: add guard for RTNL" (Paolo Abeni) [RHEL-73205]
- netlink: fix false positive warning in extack during dumps (Paolo Abeni) [RHEL-73205] {CVE-2024-53212}
- tcp: check space before adding MPTCP SYN options (Paolo Abeni) [RHEL-73143]
- net: fix memory leak in tcp_conn_request() (Paolo Abeni) [RHEL-73143]
- Revert "udp: avoid calling sock_def_readable() if possible" (Paolo Abeni) [RHEL-73132]
- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [RHEL-69538]
- redhat: make kernel-debug-uki-virt installable without kernel-debug-core (Vitaly Kuznetsov) [RHEL-72983]
- KVM: arm64: Fix S1/S2 combination when FWB==1 and S2 has Device memory type (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add error handling in vgic_its_cache_translation (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Add tests for MMIO external abort injection (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: selftests: Convert to kernel's ESR terminology (Shaoqin Huang) [RHEL-68039]
- tools: arm64: Grab a copy of esr.h from kernel (Shaoqin Huang) [RHEL-68039]
- KVM: selftests: Don't bother deleting memslots in KVM when freeing VMs (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add stronger type-checking to the ITS entry sizes (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Kill VGIC_MAX_PRIVATE definition (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic: Make vgic_get_irq() more robust (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Pass on SVE mapping failures (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't map 'kvm_vgic_global_state' at EL2 with pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Just advertise SEIS as 0 when emulating ICC_CTLR_EL1 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Don't retire aborted MMIO instruction (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Get rid of userspace_irqchip_in_use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize trap register values in hyp in pKVM (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Initialize the hypervisor's VM state at EL2 (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Move pkvm_vcpu_init_traps() to init_pkvm_hyp_vcpu() (Shaoqin Huang) [RHEL-68039]
- KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE (Shaoqin Huang) [RHEL-68039]
* Sun Jan 12 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-40.el10]
- selftests: netfilter: Stabilize rpath.sh (Phil Sutter) [RHEL-71139]
- redhat/configs: automotive: disable CONFIG_AIO (Davide Caratti) [RHEL-71905]

6
sources
View File

@ -1,5 +1,5 @@
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
SHA512 (linux-6.12.0-40.el10.tar.xz) = fd036f52c23fcf65974b100b54e2ddfdce9139d923058025216a338fe5952467f125d472cffaf451f8e23268839c373324ea7fd0e789af97aad7a80c0dd18265
SHA512 (kernel-abi-stablelists-6.12.0-40.el10.tar.xz) = 50236d609f682e8af9e90dd453bb30ac3e859e3ccc26948bee0e17e33289441288127eeebc56712888d1345d8ae3d730e05e81444b41442a286a29dcd4a305e6
SHA512 (kernel-kabi-dw-6.12.0-40.el10.tar.xz) = fded83376b56df7cb4c5e79cd53f35164980429fbd707954c3aca8e372ba226664c84cdf805ca3b14b994f16cd61ee9a47d16f2a5c5c88decdd59303a2231ffb
SHA512 (linux-6.12.0-41.el10.tar.xz) = af128077b40c4167d512158541f7f34d2ab0857465c89585bab0b390f088a9f269e0a13de856a231968bc982b4afe47343063d76e84a6c8782448ca38a7d4a1a
SHA512 (kernel-abi-stablelists-6.12.0-41.el10.tar.xz) = 13ebe1dac82ab02efc0c24f791c4a920057c650817ff3c1f1f7aeaa72744a88815b4d08beba466230d32118a9a09f0b185a199e9cd8f15926ea65f890eef373a
SHA512 (kernel-kabi-dw-6.12.0-41.el10.tar.xz) = 04db766bc8abd75b27eb18f13acb36fda60bcc70860d20a8fe380a1ccff301574850f4f2b15fb5b32ae7b15b2d4c5ef0bf47eca130d9c18349cb7d5c1abe49f7