40560a510e
* Fri Aug 05 2022 Patrick Talbert <ptalbert@redhat.com> [5.14.0-143.el9]
- sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed (Waiman Long) [2104946]
- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- um: Add missing apply_returns() (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: emulate: do not adjust size of fastop and setcc subroutines (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- efi/x86: use naked RET on mixed mode call wrapper (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Remove apostrophe typo (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Mark retbleed_strings static (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/static_call: Serialize __static_call_fixup() properly (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Disable RRSBA behavior (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kexec: Disable RET on kexec (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- redhat/configs: Add new mitigation configs for RetBleed CVEs (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retbleed: Add fine grained Kconfig knobs (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Enumerate BTC_NO (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/common: Stamp out the stepping madness (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: VMX: Prevent RSB underflow before vmenter (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Fill RSB on vmexit for IBRS (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: VMX: Fix IBRS handling after vmexit (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: VMX: Convert launched argument to flags (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: VMX: Flatten __vmx_vcpu_run() (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Remove x86_spec_ctrl_mask (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Fix SPEC_CTRL write on SMT state change (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Fix firmware entry SPEC_CTRL handling (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Add Spectral Chicken (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do IBPB fallback check only once (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add retbleed=ibpb (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/xen: Add UNTRAIN_RET (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/xen: Rename SYS* entry points (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Update Retpoline validation (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- intel_idle: Disable IBRS during long idle (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report Intel retbleed vulnerability (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Optimize SPEC_CTRL MSR writes (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/entry: Add kernel IBRS implementation (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Enable STIBP for JMP2RET (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add AMD retbleed= boot parameter (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report AMD retbleed vulnerability (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: skip non-text sections when adding return-thunk sites (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Add magic AMD return-thunk (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Treat .text.__x86.* as noinstr (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/entry: Avoid very early RET (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Use return-thunk in asm code (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/sev: Avoid using __x86_return_thunk (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix SETcc emulation for return thunks (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bpf: Use alternative RET encoding (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/ftrace: Use alternative RET encoding (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86,static_call: Use alternative RET encoding (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86,objtool: Create .return_sites (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Undo return-thunk damage (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Use -mfunction-return (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Swizzle retpoline thunk (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Cleanup some #ifdefery (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm/vmx: Make noinstr clean (Waiman Long) [2090231] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/entry: Fix register corruption in compat syscall (Waiman Long) [2090231]
- x86/entry: Remove skip_r11rcx (Waiman Long) [2090231]
- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Waiman Long) [2090231]
- x86/entry: Simplify entry_INT80_compat() (Waiman Long) [2090231]
- x86/entry: Don't call error_entry() for XENPV (Waiman Long) [2090231]
- x86/entry: Move CLD to the start of the idtentry macro (Waiman Long) [2090231]
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (Waiman Long) [2090231]
- x86/entry: Switch the stack after error_entry() returns (Waiman Long) [2090231]
- x86/traps: Use pt_regs directly in fixup_bad_iret() (Waiman Long) [2090231]
- x86/retpoline: Add ANNOTATE_NOENDBR for retpolines (Waiman Long) [2090231]
- x86/static_call: Add ANNOTATE_NOENDBR to static call trampoline (Waiman Long) [2090231]
- objtool: Fix SLS validation for kcov tail-call replacement (Waiman Long) [2090231]
- x86,static_call: Fix __static_call_return0 for i386 (Waiman Long) [2090231]
- crypto: x86/poly1305 - Fixup SLS (Waiman Long) [2090231]
- kvm/emulate: Fix SETcc emulation for ENDBR (Waiman Long) [2090231]
- x86/ibt: Annotate text references (Waiman Long) [2090231]
- x86/alternative: Simplify int3_selftest_ip (Waiman Long) [2090231]
- x86/ibt,kvm: Add ENDBR to fastops (Waiman Long) [2090231]
- x86/ibt,entry: Sprinkle ENDBR dust (Waiman Long) [2090231]
- x86/ibt,xen: Sprinkle the ENDBR (Waiman Long) [2090231]
- x86/entry: Cleanup PARAVIRT (Waiman Long) [2090231]
- x86/ibt: Add ANNOTATE_NOENDBR (Waiman Long) [2090231]
- redhat/configs: Disable CONFIG_X86_KERNEL_IBT (Waiman Long) [2090231]
- x86/ibt: Base IBT bits (Waiman Long) [2090231]
- objtool,efi: Update __efi64_thunk annotation (Waiman Long) [2090231]
- objtool: Fix truncated string warning (Waiman Long) [2090231]
- redhat/configs: Disable CONFIG_SLS (Waiman Long) [2090231]
- x86: Add straight-line-speculation mitigation (Waiman Long) [2090231]
- x86/alternative: Relax text_poke_bp() constraint (Waiman Long) [2090231]
- objtool: Add straight-line-speculation validation (Waiman Long) [2090231]
- x86: Prepare inline-asm for straight-line-speculation (Waiman Long) [2090231]
- x86: Prepare asm files for straight-line-speculation (Waiman Long) [2090231]
- x86/mce: Reduce number of machine checks taken during recovery (Waiman Long) [2090231]
- x86/lib/atomic64_386_32: Rename things (Waiman Long) [2090231]
- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Waiman Long) [2090231]
- x86: Move RETPOLINE*_CFLAGS to arch Makefile (Waiman Long) [2090231]
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (Waiman Long) [2090231]
- x86/entry: Use the correct fence macro after swapgs in kernel CR3 (Waiman Long) [2090231]
- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (Waiman Long) [2090231]
- objtool: Fix pv_ops noinstr validation (Waiman Long) [2090231]
- static_call,x86: Robustify trampoline patching (Waiman Long) [2090231]
- x86/xen: switch initial pvops IRQ functions to dummy ones (Waiman Long) [2090231]
- bpf,x86: Respect X86_FEATURE_RETPOLINE* (Waiman Long) [2090231]
- x86/alternative: Add debug prints to apply_retpolines() (Waiman Long) [2090231]
- x86/alternative: Try inline spectre_v2=retpoline,amd (Waiman Long) [2090231]
- x86/alternative: Handle Jcc __x86_indirect_thunk_\reg (Waiman Long) [2090231]
- x86/alternative: Implement .retpoline_sites support (Waiman Long) [2090231]
- x86/retpoline: Create a retpoline thunk array (Waiman Long) [2090231]
- x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (Waiman Long) [2090231]
- x86/asm: Fixup odd GEN-for-each-reg.h usage (Waiman Long) [2090231]
- x86/asm: Fix register order (Waiman Long) [2090231]
- x86/retpoline: Remove unused replacement symbols (Waiman Long) [2090231]
- objtool,x86: Replace alternatives with .retpoline_sites (Waiman Long) [2090231]
- objtool: Shrink struct instruction (Waiman Long) [2090231]
- objtool: Explicitly avoid self modifying code in .altinstr_replacement (Waiman Long) [2090231]
- objtool: Classify symbols (Waiman Long) [2090231]
- objtool: Remove reloc symbol type checks in get_alt_entry() (Waiman Long) [2090231]
- objtool: print out the symbol type when complaining about it (Waiman Long) [2090231]
- objtool: Teach get_alt_entry() about more relocation types (Waiman Long) [2090231]
- kbuild: reuse $(cmd_objtool) for cmd_cc_lto_link_modules (Waiman Long) [2090231]
- kbuild: detect objtool update without using .SECONDEXPANSION (Waiman Long) [2090231]
- kbuild: factor out OBJECT_FILES_NON_STANDARD check into a macro (Waiman Long) [2090231]
- kbuild: store the objtool command in *.cmd files (Waiman Long) [2090231]
- kbuild: rename __objtool_obj and reuse it for cmd_cc_lto_link_modules (Waiman Long) [2090231]
- kbuild: move objtool_args back to scripts/Makefile.build (Waiman Long) [2090231]
- x86/mce: Drop copyin special case for #MC (Waiman Long) [2090231]
- objtool: Support pv_opsindirect calls for noinstr (Waiman Long) [2090231]
- x86/xen: Rework the xen_{cpu,irq,mmu}_opsarrays (Waiman Long) [2090231]
- objtool: Handle __sanitize_cov*() tail calls (Waiman Long) [2090231]
- objtool: Introduce CFI hash (Waiman Long) [2090231]
- kbuild: clean up objtool_args slightly (Waiman Long) [2090231]
- kbuild: remove stale *.symversions (Waiman Long) [2090231]
- kbuild: remove unused quiet_cmd_update_lto_symversions (Waiman Long) [2090231]
- kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG (Waiman Long) [2090231]
- Makefile: remove stale cc-option checks (Waiman Long) [2090231]
- x86/build: Remove stale cc-option checks (Waiman Long) [2090231]
- xen: assume XENFEAT_mmu_pt_update_preserve_ad being set for pv guests (Waiman Long) [2090231]
- dmaengine: idxd: Fixup upstream merge conflict resolution (Jerry Snitselaar) [2100482]
- dmaengine: idxd: skip clearing device context when device is read-only (Jerry Snitselaar) [2100482]
- dmaengine: idxd: add RO check for wq max_transfer_size write (Jerry Snitselaar) [2100482]
- dmaengine: idxd: add RO check for wq max_batch_size write (Jerry Snitselaar) [2100482]
- dmaengine: idxd: fix device cleanup on disable (Jerry Snitselaar) [2100482]
- Revert "dmaengine: idxd: Separate user and kernel pasid enabling" (Jerry Snitselaar) [2100482]
Resolves: rhbz#2104946, rhbz#2090231, rhbz#2100482
Signed-off-by: Patrick Talbert <ptalbert@redhat.com>
68 lines
2.3 KiB
Makefile
68 lines
2.3 KiB
Makefile
RHEL_MAJOR = 9
|
|
RHEL_MINOR = 1
|
|
|
|
#
|
|
# RHEL_RELEASE
|
|
# -------------
|
|
#
|
|
# Represents build number in 'release' part of RPM's name-version-release.
|
|
# name is <package_name>, e.g. kernel
|
|
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
|
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
RHEL_RELEASE = 143
|
|
|
|
#
|
|
# ZSTREAM
|
|
# -------
|
|
#
|
|
# This variable controls whether we use zstream numbering or not for the
|
|
# package release. The zstream release keeps the build number of the last
|
|
# build done for ystream for the Beta milestone, and increments a second
|
|
# number for each build. The third number is used for branched builds
|
|
# (eg.: for builds with security fixes or hot fixes done outside of the
|
|
# batch release process).
|
|
#
|
|
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
|
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
|
# where X is the build number. With ZSTREAM set to "yes", we will have
|
|
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
|
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
|
# build number and Z will always be 1 except if you're doing a branched build
|
|
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
|
# number will be incremented instead of the Y).
|
|
#
|
|
ZSTREAM ?= no
|
|
|
|
#
|
|
# Early y+1 numbering
|
|
# --------------------
|
|
#
|
|
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
|
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
|
# is incremented with each build starting from 1. After merge from y,
|
|
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
|
#
|
|
# Example:
|
|
#
|
|
# rhel8.0 rhel-8.1
|
|
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
|
# kernel-4.18.0-58.2.el8
|
|
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
|
# kernel-4.18.0-60.el8
|
|
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
|
#
|
|
#
|
|
# Use this spot to avoid future merge conflicts.
|
|
# Do not trim this comment.
|
|
EARLY_YSTREAM ?= no
|
|
EARLY_YBUILD:=
|
|
EARLY_YRELEASE:=
|
|
ifneq ("$(ZSTREAM)", "yes")
|
|
ifeq ("$(EARLY_YSTREAM)","yes")
|
|
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
|
endif
|
|
endif
|