jingni / rpms / kernel

Forked from rpms/kernel 5 years ago
Clone

8e4e27 import kernel-3.10.0-957.21.2.el7

Authored and Committed by centosrcm 5 years ago
    import kernel-3.10.0-957.21.2.el7
    
        
file modified
+1 -4
.gitignore CHANGED
@@ -1,8 +1,5 @@
1
1
SOURCES/kernel-abi-whitelists-957.tar.bz2
2
2
SOURCES/kernel-kabi-dw-957.tar.bz2
3
- SOURCES/linux-3.10.0-957.12.2.el7.tar.xz
3
+ SOURCES/linux-3.10.0-957.21.2.el7.tar.xz
4
4
SOURCES/rheldup3.x509
5
5
SOURCES/rhelkpatch1.x509
6
- SOURCES/centos-kpatch.x509
7
- SOURCES/centos-ldup.x509
8
- SOURCES/centos.cer
file modified
+1 -4
.kernel.metadata CHANGED
@@ -1,8 +1,5 @@
1
1
0f7aaf77a461acfa8354aeca16ae3ac89798143a SOURCES/kernel-abi-whitelists-957.tar.bz2
2
2
e01030ef3029e113eeff62bf9ea0dcf09b86d4e2 SOURCES/kernel-kabi-dw-957.tar.bz2
3
- fbff5dfb8f1cb37c08ea4f26d12bd606c53a2f19 SOURCES/linux-3.10.0-957.12.2.el7.tar.xz
3
+ 0e83f362f44febdbe1fc5fc1793a0985b715cbc2 SOURCES/linux-3.10.0-957.21.2.el7.tar.xz
4
4
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
5
5
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
6
- 5a7d05a8298cf38d43689470e8e43230d8add0f9 SOURCES/centos-kpatch.x509
7
- c61172887746663d3bdd9acaa263cbfacf99e8b3 SOURCES/centos-ldup.x509
8
- 6e9105eb51e55a46761838f289a917611cad8091 SOURCES/centos.cer
file modified
+1 -1
SOURCES/Makefile.common CHANGED
@@ -9,7 +9,7 @@ RPMVERSION:=3.10.0
9
9
# marker is git tag which we base off of for exporting patches
10
10
MARKER:=v3.10
11
11
PREBUILD:=
12
- BUILD:=957.12.2
12
+ BUILD:=957.21.2
13
13
DIST:=.el7
14
14
SPECFILE:=kernel.spec
15
15
RPM:=$(REDHAT)/rpm
SOURCES/centos-ca-secureboot.der DELETED
Binary file
SOURCES/centossecureboot001.crt DELETED
@@ -1,81 +0,0 @@
1
- Certificate:
2
- Data:
3
- Version: 3 (0x2)
4
- Serial Number:
5
- b6:16:15:71:72:fb:31:7e
6
- Signature Algorithm: sha256WithRSAEncryption
7
- Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org
8
- Validity
9
- Not Before: Aug 1 11:47:30 2018 GMT
10
- Not After : Dec 31 11:47:30 2037 GMT
11
- Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org
12
- Subject Public Key Info:
13
- Public Key Algorithm: rsaEncryption
14
- RSA Public Key: (2048 bit)
15
- Modulus (2048 bit):
16
- 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa:
17
- 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51:
18
- cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2:
19
- 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3:
20
- 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0:
21
- bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18:
22
- 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97:
23
- a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57:
24
- 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35:
25
- 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0:
26
- aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65:
27
- 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46:
28
- f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f:
29
- 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2:
30
- 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4:
31
- 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28:
32
- 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef:
33
- 94:0f
34
- Exponent: 65537 (0x10001)
35
- X509v3 extensions:
36
- X509v3 Basic Constraints: critical
37
- CA:FALSE
38
- X509v3 Key Usage:
39
- Digital Signature
40
- X509v3 Subject Key Identifier:
41
- F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29
42
- X509v3 Authority Key Identifier:
43
- keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3
44
-
45
- Signature Algorithm: sha256WithRSAEncryption
46
- 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c:
47
- dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da:
48
- 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b:
49
- 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a:
50
- 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e:
51
- b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef:
52
- f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f:
53
- 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56:
54
- a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30:
55
- 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a:
56
- ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97:
57
- 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c:
58
- 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77:
59
- da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71:
60
- da:7f:89:1d
61
- -----BEGIN CERTIFICATE-----
62
- MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
63
- BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
64
- FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx
65
- NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg
66
- BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB
67
- AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4
68
- MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP
69
- f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2
70
- bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/
71
- VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR
72
- pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud
73
- EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb
74
- Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B
75
- AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G
76
- 1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV
77
- IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv
78
- 0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ
79
- +zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD
80
- bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ==
81
- -----END CERTIFICATE-----
SOURCES/debrand-rh-i686-cpu.patch DELETED
@@ -1,11 +0,0 @@
1
- --- a/arch/x86/boot/main.c 2014-06-04 10:05:04.000000000 -0700
2
- +++ b/arch/x86/boot/main.c 2014-07-09 12:54:40.000000000 -0700
3
- @@ -146,7 +146,7 @@ void main(void)
4
-
5
- /* Make sure we have all the proper CPU support */
6
- if (validate_cpu()) {
7
- - puts("This processor is unsupported in RHEL7.\n");
8
- + puts("This processor is unsupported in CentOS 7.\n");
9
- die();
10
- }
11
-
SOURCES/debrand-rh_taint.patch DELETED
@@ -1,25 +0,0 @@
1
- From 69c0d42cfa26515196896dea086857c2caccb6eb Mon Sep 17 00:00:00 2001
2
- From: Jim Perrin <jperrin@centos.org>
3
- Date: Thu, 19 Jun 2014 10:05:12 -0500
4
- Subject: [PATCH] branding patch for rh_taint
5
-
6
- ---
7
- kernel/rh_taint.c | 2 +-
8
- 1 file changed, 1 insertion(+), 1 deletion(-)
9
-
10
- diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c
11
- index 59a74b0..0708e15 100644
12
- --- a/kernel/rh_taint.c
13
- +++ b/kernel/rh_taint.c
14
- @@ -8,7 +8,7 @@
15
- void mark_hardware_unsupported(const char *msg)
16
- {
17
- /* Print one single message */
18
- - pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg);
19
- + pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg);
20
- }
21
- EXPORT_SYMBOL(mark_hardware_unsupported);
22
-
23
- --
24
- 1.8.3.1
25
-
SOURCES/debrand-single-cpu.patch DELETED
@@ -1,25 +0,0 @@
1
- From 66185f5c6f881847776702e3a7956c504400f4f2 Mon Sep 17 00:00:00 2001
2
- From: Jim Perrin <jperrin@centos.org>
3
- Date: Thu, 19 Jun 2014 09:53:13 -0500
4
- Subject: [PATCH] branding patch for single-cpu systems
5
-
6
- ---
7
- arch/x86/kernel/setup.c | 2 +-
8
- 1 file changed, 1 insertion(+), 1 deletion(-)
9
-
10
- diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
11
- index b289118..9d25982 100644
12
- --- a/arch/x86/kernel/setup.c
13
- +++ b/arch/x86/kernel/setup.c
14
- @@ -846,7 +846,7 @@ static void rh_check_supported(void)
15
- if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
16
- !x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) {
17
- pr_crit("Detected single cpu native boot.\n");
18
- - pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
19
- + pr_crit("Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information");
20
- }
21
-
22
- /* The RHEL7 kernel does not support this hardware. The kernel will
23
- --
24
- 1.8.3.1
25
-
file modified
+3 -3
SOURCES/x509.genkey CHANGED
@@ -5,9 +5,9 @@ prompt = no
5
5
x509_extensions = myexts
6
6
7
7
[ req_distinguished_name ]
8
- O = CentOS
9
- CN = CentOS Linux kernel signing key
10
- emailAddress = security@centos.org
8
+ O = Red Hat
9
+ CN = Red Hat Enterprise Linux kernel signing key
10
+ emailAddress = secalert@redhat.com
11
11
12
12
[ myexts ]
13
13
basicConstraints=critical,CA:FALSE
file modified
+126 -57
SPECS/kernel.spec CHANGED
@@ -14,10 +14,10 @@ Summary: The Linux kernel
14
14
%global distro_build 957
15
15
16
16
%define rpmversion 3.10.0
17
- %define pkgrelease 957.12.2.el7
17
+ %define pkgrelease 957.21.2.el7
18
18
19
19
# allow pkg_release to have configurable %%{?dist} tag
20
- %define specrelease 957.12.2%{?dist}
20
+ %define specrelease 957.21.2%{?dist}
21
21
22
22
%define pkg_release %{specrelease}%{?buildid}
23
23
@@ -280,7 +280,7 @@ Summary: The Linux kernel
280
280
# problems with the newer kernel or lack certain things that make
281
281
# integration in the distro harder than needed.
282
282
#
283
- %define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 3.13.1-201, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3, shim-x64 < 12-2
283
+ %define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 3.13.1-201, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3
284
284
285
285
# We moved the drm include files into kernel-headers, make sure there's
286
286
# a recent enough libdrm-devel on the system that doesn't have those.
@@ -395,16 +395,16 @@ Source10: sign-modules
395
395
Source11: x509.genkey
396
396
Source12: extra_certificates
397
397
%if %{?released_kernel}
398
- Source13: centos-ca-secureboot.der
399
- Source14: centossecureboot001.crt
400
- %define pesign_name centossecureboot001
398
+ Source13: securebootca.cer
399
+ Source14: secureboot.cer
400
+ %define pesign_name redhatsecureboot301
401
401
%else
402
- Source13: centos-ca-secureboot.der
403
- Source14: centossecureboot001.crt
404
- %define pesign_name centossecureboot001
402
+ Source13: redhatsecurebootca2.cer
403
+ Source14: redhatsecureboot003.cer
404
+ %define pesign_name redhatsecureboot003
405
405
%endif
406
- Source15: centos-ldup.x509
407
- Source16: centos-kpatch.x509
406
+ Source15: rheldup3.x509
407
+ Source16: rhelkpatch1.x509
408
408
409
409
Source18: check-kabi
410
410
@@ -446,9 +446,6 @@ Source9999: lastcommit.stat
446
446
447
447
# empty final patch to facilitate testing of kernel patches
448
448
Patch999999: linux-kernel-test.patch
449
- Patch1000: debrand-single-cpu.patch
450
- Patch1001: debrand-rh_taint.patch
451
- Patch1002: debrand-rh-i686-cpu.patch
452
449
453
450
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
454
451
@@ -621,11 +618,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
621
618
%endif
622
619
623
620
%package -n kernel-abi-whitelists
624
- Summary: The CentOS Linux kernel ABI symbol whitelists
621
+ Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists
625
622
Group: System Environment/Kernel
626
623
AutoReqProv: no
627
624
%description -n kernel-abi-whitelists
628
- The kABI package contains information pertaining to the CentOS
625
+ The kABI package contains information pertaining to the Red Hat Enterprise
629
626
Linux kernel ABI, including lists of kernel symbols that are needed by
630
627
external Linux kernel modules, and a yum plugin to aid enforcement.
631
628
@@ -778,9 +775,6 @@ cd linux-%{KVRA}
778
775
cp $RPM_SOURCE_DIR/kernel-%{version}-*.config .
779
776
780
777
ApplyOptionalPatch linux-kernel-test.patch
781
- ApplyOptionalPatch debrand-single-cpu.patch
782
- ApplyOptionalPatch debrand-rh_taint.patch
783
- ApplyOptionalPatch debrand-rh-i686-cpu.patch
784
778
785
779
# Any further pre-build tree manipulations happen here.
786
780
@@ -1757,44 +1751,119 @@ fi
1757
1751
%kernel_variant_files %{with_kdump} kdump
1758
1752
1759
1753
%changelog
1760
- * Tue May 14 2019 CentOS Sources <bugs@centos.org> - 3.10.0-957.12.2.el7
1761
- - Apply debranding changes
1762
-
1763
- * Fri Apr 19 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.12.2.el7]
1764
- - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1765
- - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1766
- - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1767
- - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1768
- - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1769
- - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1770
- - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1771
- - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1772
- - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1773
- - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1774
- - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1775
- - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1776
- - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1777
- - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1778
- - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1779
- - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1780
- - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1781
- - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1782
- - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1783
- - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1784
- - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1785
- - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1786
- - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1787
- - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1788
- - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1789
- - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1790
- - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1791
- - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1792
- - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1793
- - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1794
- - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
1795
- - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1796
- - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1797
- - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
1754
+ * Tue May 28 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.2.el7]
1755
+ - [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633]
1756
+
1757
+ * Thu May 23 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.1.el7]
1758
+ - [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1759
+ - [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1760
+
1761
+ * Wed May 15 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.20.1.el7]
1762
+ - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1763
+ - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1764
+ - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1765
+ - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1766
+ - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1767
+ - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1768
+ - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1769
+ - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1770
+ - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1771
+ - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1772
+ - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1773
+ - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1774
+ - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1775
+ - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1776
+ - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1777
+ - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1778
+ - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1779
+ - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1780
+ - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1781
+ - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1782
+ - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1783
+ - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1784
+ - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1785
+ - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1786
+ - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1787
+ - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1788
+ - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1789
+ - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1790
+ - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1791
+ - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1792
+ - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1793
+ - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1794
+ - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
1795
+ - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1796
+ - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1797
+ - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
1798
+
1799
+ * Fri Apr 26 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.19.1.el7]
1800
+ - [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929]
1801
+ - [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348]
1802
+ - [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348]
1803
+ - [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749]
1804
+ - [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405]
1805
+ - [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405]
1806
+ - [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405]
1807
+ - [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236]
1808
+ - [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236]
1809
+ - [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236]
1810
+ - [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307]
1811
+ - [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454]
1812
+ - [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535]
1813
+ - [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466]
1814
+ - [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149]
1815
+ - [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149]
1816
+ - [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293]
1817
+ - [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
1818
+ - [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
1819
+ - [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435]
1820
+ - [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435]
1821
+ - [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435]
1822
+ - [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435]
1823
+ - [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523]
1824
+ - [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428]
1825
+
1826
+ * Tue Apr 23 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.18.1.el7]
1827
+ - [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825]
1828
+
1829
+ * Mon Apr 15 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.17.1.el7]
1830
+ - [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906]
1831
+
1832
+ * Thu Apr 11 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.16.1.el7]
1833
+ - [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427]
1834
+ - [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427]
1835
+ - [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427]
1836
+ - [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427]
1837
+ - [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427]
1838
+ - [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427]
1839
+ - [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427]
1840
+ - [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421]
1841
+ - [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049]
1842
+ - [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227]
1843
+ - [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705]
1844
+ - [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887]
1845
+ - [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180]
1846
+ - [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855]
1847
+ - [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292]
1848
+ - [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203]
1849
+
1850
+ * Thu Mar 28 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.15.1.el7]
1851
+ - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780]
1852
+ - [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462]
1853
+
1854
+ * Tue Mar 26 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.14.1.el7]
1855
+ - [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001]
1856
+ - [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001]
1857
+ - [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001]
1858
+ - [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001]
1859
+ - [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001]
1860
+ - [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001]
1861
+ - [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001]
1862
+ - [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001]
1863
+ - [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001]
1864
+
1865
+ * Thu Mar 21 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.13.1.el7]
1866
+ - [drm] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer (Ben Skeggs) [1690761 1669098]
1798
1867
1799
1868
* Wed Mar 20 2019 Jan Stancek <jstancek@redhat.com> [3.10.0-957.12.1.el7]
1800
1869
- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]