From c34d21edd0f8861c05651b15c328ca0994e71e7f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 14 2019 17:23:07 +0000 Subject: import kernel-rt-4.18.0-80.1.2.rt9.145.el8_0 --- diff --git a/.gitignore b/.gitignore index 75a3fd9..fcacbc3 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/linux-4.18.0-80.rt9.138.el8.tar.xz +SOURCES/linux-4.18.0-80.1.2.rt9.145.el8_0.tar.xz diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index dbfffd5..b674187 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1 +1 @@ -e03fefa17e852aac3b079fb694812e1d32c70285 SOURCES/linux-4.18.0-80.rt9.138.el8.tar.xz +e32ecab6583ba6198c826869521856d2eb0e3182 SOURCES/linux-4.18.0-80.1.2.rt9.145.el8_0.tar.xz diff --git a/SOURCES/kernel-rt-aarch64-debug.config b/SOURCES/kernel-rt-aarch64-debug.config index c6057ea..edc89eb 100644 --- a/SOURCES/kernel-rt-aarch64-debug.config +++ b/SOURCES/kernel-rt-aarch64-debug.config @@ -2988,6 +2988,7 @@ CONFIG_FS_DAX=y CONFIG_FTRACE=y CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_SYSCALLS=y +CONFIG_FUJITSU_ERRATUM_010001=y CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_FUNCTION_TRACER=y CONFIG_FUSE_FS=m diff --git a/SOURCES/kernel-rt-aarch64.config b/SOURCES/kernel-rt-aarch64.config index 065ae14..4321757 100644 --- a/SOURCES/kernel-rt-aarch64.config +++ b/SOURCES/kernel-rt-aarch64.config @@ -3016,6 +3016,7 @@ CONFIG_FS_DAX=y CONFIG_FTRACE=y CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_SYSCALLS=y +CONFIG_FUJITSU_ERRATUM_010001=y CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_FUNCTION_TRACER=y CONFIG_FUSE_FS=m diff --git a/SOURCES/mod-extra-blacklist.sh b/SOURCES/mod-extra-blacklist.sh new file mode 100755 index 0000000..c705a6c --- /dev/null +++ b/SOURCES/mod-extra-blacklist.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +list="$1" +buildroot=${list%/*} + +blacklist() +{ + cat > "$buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + # This kernel module can be automatically loaded by non-root users. To + # enhance system security, the module is blacklisted by default to ensure + # system administrators make the module available for use as needed. + # See https://access.redhat.com/articles/3760101 for more details. + # + # Remove the blacklist by adding a comment # at the start of the line. + blacklist $1 +__EOF__ +} + +check_blacklist() +{ + if modinfo "$buildroot/$1" | grep -q '^alias:\s\+net-'; then + mod="${1##*/}" + mod="${mod%.ko*}" + echo "$mod has an alias that allows auto-loading. Blacklisting." + blacklist "$mod" + fi +} + +foreachp() +{ + P=$(nproc) + bgcount=0 + while read mod; do + $1 "$mod" & + + bgcount=$((bgcount + 1)) + if [ $bgcount -eq $P ]; then + wait -n + bgcount=$((bgcount - 1)) + fi + done + + wait +} + +[ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/" + +if [ -s $list ]; then + cat $list | foreachp check_blacklist + if ls $buildroot/etc/modprobe.d/* >& /dev/null ; then + echo "%defattr(-,root,root)" >> $list + echo "%config(noreplace) /etc/modprobe.d/*-blacklist.conf" >> $list + fi +else + # If modules-extra.list is empty the %files section will throw an + # error. Add a dummy entry to workaround the problem. + echo "%defattr(-,root,root)" >> $list +fi diff --git a/SOURCES/mod-extra.sh b/SOURCES/mod-extra.sh index d121bd0..fd555ba 100755 --- a/SOURCES/mod-extra.sh +++ b/SOURCES/mod-extra.sh @@ -1,17 +1,18 @@ #! /bin/bash -Dir=$1 -List=$2 +Rpmdir=$1 +Dir=$Rpmdir/$2 +List=$3 pushd $Dir rm -rf modnames find . -name "*.ko" -type f > modnames # Look through all of the modules, and throw any that have a dependency in # our list into the list as well. -rm -rf dep.list dep2.list +rm -rf dep.list rm -rf req.list req2.list touch dep.list req.list -cp $2 . +cp $List . for dep in `cat modnames` do @@ -48,33 +49,12 @@ do # get the path for the module modpath=`grep /$mod modnames` ||: [ -z "$modpath" ] && continue; - echo $modpath >> dep.list + echo /lib/modules/$(basename $Dir)/${modpath#"./"} >> dep.list done -sort -u dep.list > dep2.list - -# now move the modules into the extra/ directory -for mod in `cat dep2.list` -do - newpath=`dirname $mod | sed -e 's/kernel\//extra\//'` - mkdir -p $newpath - mv $mod $newpath -done - -popd - -# If we're signing modules, we can't leave the .mod files for the .ko files -# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign' -# target doesn't try to sign a non-existent file. This is kinda ugly, but -# so is modules-extra. - -for mod in `cat ${Dir}/dep2.list` -do - modfile=`basename $mod | sed -e 's/.ko/.mod/'` - rm .tmp_versions/$modfile -done - -pushd $Dir -rm modnames dep.list dep2.list req.list req2.list +sort -u dep.list > $Rpmdir/modules-extra.list +rm modnames dep.list req.list req2.list rm mod-extra.list mod-extra2.list mod-extra3.list popd + +sed -i "s|^\/||g" $Rpmdir/modules-extra.list diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index 51b4432..330bcb9 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec @@ -7,10 +7,10 @@ Summary: The Linux kernel # For internal testing builds during development, it should be 0. %global released_kernel 1 -%global distro_build 80 +%global distro_build 80.1.1 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 +%ifarch x86_64 aarch64 %global signkernel 1 %else %global signkernel 0 @@ -33,10 +33,10 @@ Summary: The Linux kernel # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 80.rt9.138.el8 +%define pkgrelease 80.1.2.rt9.145.el8_0 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 80.rt9.138%{?dist} +%define specrelease 80.1.2.rt9.145%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -45,6 +45,7 @@ Summary: The Linux kernel # All should default to 1 (enabled) and be flipped to 0 (disabled) # by later arch-specific checks. +%define _with_kabidupchk 1 # The following build options are enabled by default. # Use either --without in your rpmbuild command or force values # to 0 in here to disable them. @@ -53,6 +54,8 @@ Summary: The Linux kernel %define with_up %{?_without_up: 0} %{?!_without_up: 1} # kernel-debug %define with_debug %{?_without_debug: 0} %{?!_without_debug: 1} +# kernel-doc +%define with_doc %{?_without_doc: 0} %{?!_without_doc: 1} # kernel-headers # realtime %define with_realtime %{?_without_realtime: 0} %{?!_without_realtime: 1} @@ -124,7 +127,7 @@ Summary: The Linux kernel # The preempt RT patch level %global rttag .rt9 # realtimeN -%global rtbuild .138 +%global rtbuild .145 %define with_headers 0 %define with_cross_headers 0 %define with_perf 0 @@ -178,6 +181,12 @@ Summary: The Linux kernel # Overrides for generic default options +# only package docs noarch +%ifnarch noarch +%define with_doc 0 +%define doc_build_fail true +%endif + # don't build noarch kernels or headers (duh) %ifarch noarch %define with_up 0 @@ -287,10 +296,13 @@ Requires: %{name}-modules-uname-r = %{KVERREL}%{?variant} # # List the packages used during the kernel build # -BuildRequires: kmod, patch, bash, tar, git +BuildRequires: kmod, patch, bash, sh-utils, tar, git BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter, perl-Carp, perl-devel, perl-generators, make, diffutils, gawk BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc, python3-devel BuildRequires: net-tools, hostname, bc, bison, flex, elfutils-devel +%if %{with_doc} +BuildRequires: xmlto, asciidoc, python3-sphinx +%endif %if %{with_sparse} BuildRequires: sparse %endif @@ -327,7 +339,6 @@ BuildConflicts: rpm < 4.13.0.1-19 %undefine _unique_debug_srcs %undefine _debugsource_packages %undefine _debuginfo_subpackages -%undefine _include_gdb_index %global _find_debuginfo_opts -r %global _missing_build_ids_terminate_build 1 %global _no_recompute_build_ids 1 @@ -372,6 +383,7 @@ Source14: redhatsecureboot003.cer Source16: mod-extra.list Source17: mod-extra.sh Source18: mod-sign.sh +Source19: mod-extra-blacklist.sh Source90: filter-x86_64.sh Source93: filter-aarch64.sh Source96: filter-ppc64le.sh @@ -450,6 +462,19 @@ AutoReq: no\ AutoProv: yes\ %{nil} + +%package doc +Summary: Various documentation bits found in the kernel source +Group: Documentation +%description doc +This package contains documentation files from the kernel +source. Various bits of information about the Linux kernel and the +device drivers shipped with it are documented in these files. + +You'll want to install this package if you need a reference to the +options that can be passed to Linux kernel modules at load time. + + %package headers Summary: Header files for the Linux kernel for use by glibc Group: Development/System @@ -506,7 +531,7 @@ This package provides debug information for the perf package. # symlinks because of the trailing nonmatching alternation and # the leading .*, because of find-debuginfo.sh's buggy handling # of matching the pattern against the symlinks file. -%{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '.*%%{_bindir}/perf(\.debug)?|.*%%{_libexecdir}/perf-core/.*|.*%%{_libdir}/traceevent/plugins/.*|XXX' -o perf-debuginfo.list} +%{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '.*%%{_bindir}/perf(\.debug)?|.*%%{_libexecdir}/perf-core/.*|.*%%{_libdir}/traceevent/plugins/.*|.*%%{_libdir}/libperf-jvmti.so(\.debug)?|XXX' -o perf-debuginfo.list} %package -n python3-perf Summary: Python bindings for apps which will manipulate perf events @@ -925,7 +950,8 @@ pathfix.py -i %{__python3} -p -n \ scripts/bloat-o-meter \ tools/perf/tests/attr.py \ tools/perf/scripts/python/stat-cpi.py \ - tools/perf/scripts/python/sched-migration.py + tools/perf/scripts/python/sched-migration.py \ + Documentation # only deal with configs if we are going to build for the arch %ifnarch %nobuildarches @@ -1059,12 +1085,22 @@ BuildKernel() { fi %if %{signkernel} # Sign the image if we're using EFI - %pesign -s -i $KernelImage -o vmlinuz.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} + # aarch64 kernels are gziped EFI images + KernelExtension=${KernelImage##*.} + if [ "$KernelExtension" == "gz" ]; then + SignImage=${KernelImage%.*} + else + SignImage=$KernelImage + fi + %pesign -s -i $SignImage -o vmlinuz.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} if [ ! -s vmlinuz.signed ]; then echo "pesigning failed" exit 1 fi - mv vmlinuz.signed $KernelImage + mv vmlinuz.signed $SignImage + if [ "$KernelExtension" == "gz" ]; then + gzip -f9 $SignImage + fi %endif $CopyKernel $KernelImage \ $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer @@ -1114,7 +1150,6 @@ BuildKernel() { mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/build (cd $RPM_BUILD_ROOT/lib/modules/$KernelVer ; ln -s build source) # dirs for additional modules per module-init-tools, kbuild/modules.txt - mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates # first copy everything @@ -1321,9 +1356,6 @@ BuildKernel() { rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep} popd - # Call the modules-extra script to move things around - %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16} - # # Generate the kernel-core and kernel-modules files lists # @@ -1335,8 +1367,23 @@ BuildKernel() { mkdir restore cp -r lib/modules/$KernelVer/* restore/. - # don't include anything going into k-m-e in the file lists - rm -rf lib/modules/$KernelVer/extra + # Call the modules-extra script to move things around. Note cleanup below. + %{SOURCE17} $RPM_BUILD_ROOT /lib/modules/$KernelVer %{SOURCE16} + # Blacklist net autoloadable modules in modules-extra + %{SOURCE19} $RPM_BUILD_ROOT/modules-extra.list + cat $RPM_BUILD_ROOT/modules-extra.list | xargs rm -f + + # If we're signing modules, we can't leave the .mod files for the .ko files + # we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign' + # target doesn't try to sign a non-existent file. This is kinda ugly, but + # so is modules-extra. + popd + for mod in `cat $RPM_BUILD_ROOT/modules-extra.list` + do + modfile=`basename $mod | sed -e 's/.ko/.mod/'` + [ -f "$modfile" ] && rm .tmp_versions/$modfile + done + pushd $RPM_BUILD_ROOT if [ $DoModules -eq 1 ]; then # Find all the module files and filter them out into the core and @@ -1360,6 +1407,8 @@ BuildKernel() { # Ensure important files/directories exist to let the packaging succeed echo '%%defattr(-,-,-)' > modules.list echo '%%defattr(-,-,-)' > k-d.list + # This overwrites anything created by %{SOURCE19} + echo '%%defattr(-,-,-)' > modules-extra.list mkdir -p lib/modules/$KernelVer/kernel # Add files usually created by make modules, needed to prevent errors # thrown by depmod during package installation @@ -1387,11 +1436,14 @@ BuildKernel() { sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list > ../%{name}${Flavour:+-${Flavour}}-modules.list sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list > ../%{name}${Flavour:+-${Flavour}}-core.list sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >> ../%{name}${Flavour:+-${Flavour}}-core.list + sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules-extra.list >> ../%{name}${Flavour:+-${Flavour}}-modules-extra.list # Cleanup rm -f $RPM_BUILD_ROOT/k-d.list rm -f $RPM_BUILD_ROOT/modules.list rm -f $RPM_BUILD_ROOT/module-dirs.list + # Cleanup file created by %{SOURCE17} + rm -f $RPM_BUILD_ROOT/modules-extra.list %if %{signmodules} if [ $DoModules -eq 1 ]; then @@ -1511,6 +1563,15 @@ pushd tools/testing/selftests popd %endif +%if %{with_doc} +# Make the HTML pages. +make htmldocs || %{doc_build_fail} + +# sometimes non-world-readable files sneak into the kernel source tree +chmod -R a=rX Documentation +find Documentation -type d | xargs chmod u+w +%endif + # In the modsign case, we do 3 things. 1) We check the "flavour" and hard # code the value in the following invocations. This is somewhat sub-optimal # but we're doing this inside of an RPM macro and it isn't as easy as it @@ -1574,6 +1635,15 @@ popd cd linux-%{KVERREL} +%if %{with_doc} +docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{rpmversion} + +# copy the source over +mkdir -p $docdir +tar -h -f - --exclude=man --exclude='.*' -c Documentation | tar xf - -C $docdir + +%endif # with_doc + # We have to do the headers install before the tools install because the # kernel headers_install will remove any header files in /usr/include that # it doesn't install itself. @@ -1907,6 +1977,15 @@ fi %endif %endif +# only some architecture builds need kernel-doc +%if %{with_doc} +%files doc +%defattr(-,root,root) +%{_datadir}/doc/kernel-doc-%{rpmversion}/Documentation/* +%dir %{_datadir}/doc/kernel-doc-%{rpmversion}/Documentation +%dir %{_datadir}/doc/kernel-doc-%{rpmversion} +%endif + %if %{with_perf} %files -n perf %defattr(-,root,root) @@ -1935,9 +2014,8 @@ fi %endif # with_perf %if %{with_tools} -%files -n kernel-tools -%defattr(-,root,root) %ifarch %{cpupowerarchs} +%defattr(-,root,root) %files -n %{name}-tools -f cpupower.lang %{_bindir}/cpupower %ifarch x86_64 @@ -1953,6 +2031,9 @@ fi %{_bindir}/turbostat %{_mandir}/man8/turbostat* %endif +%else # !cpupowerarchs +%files -n kernel-tools +%defattr(-,root,root) %endif # cpupowerarchs %{_bindir}/tmon %{_bindir}/iio_event_monitor @@ -2077,9 +2158,7 @@ fi %defattr(-,root,root)\ %defverify(not mtime)\ /usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ -%{expand:%%files %{?3:%{3}-}modules-extra}\ -%defattr(-,root,root)\ -/lib/modules/%{KVERREL}%{?3:+%{3}}/extra\ +%{expand:%%files -f %{name}-%{?3:%{3}-}modules-extra.list %{?3:%{3}-}modules-extra}\ %if %{with_debuginfo}\ %ifnarch noarch\ %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ @@ -2122,6 +2201,69 @@ fi # # %changelog +* Thu May 09 2019 Clark Williams [4.18.0-80.1.2.rt9.145.el8_0] +- [rt] kernel-rt-4.18.0-80.1.2.rt9.144.el8_0 (Clark Williams) +- [rhel-rt] fix incorrect build number (Clark Williams) +- [rt] kernel-rt-4.18.0-80.1.2.rt9.144.el8_0 (Clark Williams) +- [rt] kernel-rt-4.18.0-80.1.2.rt9.143.el8_0 (Clark Williams) +- [rt] kernel-rt-4.18.0-80.1.2.rt9.142.el8_0.test (Clark Williams) +- [rt] kernel-rt-4.18.0-80.1.2.rt9.141.el8_0.test (Clark Williams) +- [netdrv] qed: Fix qed_mcp_halt|resume() (Manish Chopra) [1704184 1697310] +- [cpufreq] cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency (Prarit Bhargava) [1706739 1696131] +- [acpi] ACPI / CPPC: Fix guaranteed performance handling (Prarit Bhargava) [1706739 1696131] +- [arm64] arm64: Add workaround for Fujitsu A64FX erratum 010001 (Mark Langsdorf) [1700902 1666951] +- [s390] vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem (Cornelia Huck) [1700290 1686044] +- [netdrv] net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (Alaa Hleihel) [1700289 1651509] +- [netdrv] net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames (Alaa Hleihel) [1700289 1651509] +- [pci] PCI: pciehp: Fix re-enabling the slot marked for safe removal (Myron Stowe) [1700288 1695922] + +* Wed May 08 2019 Clark Williams [4.18.0-80.1.2.rt9.144.el8_0] +- [rt] kernel-rt-4.18.0-80.1.2.rt9.143.el8_0 (Clark Williams) +- [rt] kernel-rt-4.18.0-80.1.2.rt9.142.el8_0.test (Clark Williams) + +* Wed May 08 2019 Clark Williams [4.18.0-80.1.2.rt9.142.el8_0.test] +- [rt] kernel-rt-4.18.0-80.1.2.rt9.141.el8_0.test (Clark Williams) + +* Thu May 02 2019 Clark Williams [4.18.0-80.1.2.rt9.141.el8_0] +- [rt] kernel-rt-4.18.0-80.1.2.rt9.140.el8_0 (Clark Williams) + +* Thu May 02 2019 Clark Williams [4.18.0-80.1.2.rt9.140.el8_0] +- [rt] kernel-rt-4.18.0-80.1.2.rt9.139.el8_0 (Clark Williams) +- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [include] locking/atomics, asm-generic: Move some macros from to a new file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} +- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126} + +* Wed May 01 2019 Clark Williams [4.18.0-80.1.1.rt9.139.el8_0] +- [rt] kernel-rt-4.18.0-80.1.1.rt9.138.el8_0 (Clark Williams) +- [zstream] switch to zstream (Frantisek Hrbata) + * Fri Mar 15 2019 Clark Williams [4.18.0-80.rt9.138.el8] - [rt] kernel-rt-4.18.0-80.rt9.137.el8 (Clark Williams) [1503308]