diff --git a/.gitignore b/.gitignore index 12d1285..50f8d98 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/linux-4.18.0-227.rt7.39.el8.tar.xz +SOURCES/linux-4.18.0-236.rt7.49.el8.tar.xz diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 9573989..dda0cfc 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1 +1 @@ -37020f44576e5192e34534873286a10e17f60696 SOURCES/linux-4.18.0-227.rt7.39.el8.tar.xz +c467e57c6c263f3aabd01da856360aa02c264317 SOURCES/linux-4.18.0-236.rt7.49.el8.tar.xz diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der deleted file mode 100644 index 44a2563..0000000 Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem deleted file mode 100644 index 82ad817..0000000 --- a/SOURCES/centos.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0 -MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln -bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK -PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+ -RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc -4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9 -hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp -9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB -AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN -BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6 -8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5 -ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7 -04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq -KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf -ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um -OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0 -MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl -eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P -CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl -hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+ -lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2 -F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ -yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw -DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6 -mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG -SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl -NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5 -8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM -MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs -lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0 -9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W ------END CERTIFICATE----- diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der deleted file mode 100644 index e8216b1..0000000 Binary files a/SOURCES/centossecureboot001.der and /dev/null differ diff --git a/SOURCES/centossecureboot201.der b/SOURCES/centossecureboot201.der deleted file mode 100644 index ca3c134..0000000 Binary files a/SOURCES/centossecureboot201.der and /dev/null differ diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der deleted file mode 100644 index 42bdfcf..0000000 Binary files a/SOURCES/centossecurebootca2.der and /dev/null differ diff --git a/SOURCES/kernel-rt-aarch64-debug.config b/SOURCES/kernel-rt-aarch64-debug.config index ea11406..c26bf62 100644 --- a/SOURCES/kernel-rt-aarch64-debug.config +++ b/SOURCES/kernel-rt-aarch64-debug.config @@ -2748,6 +2748,7 @@ CONFIG_CHECKPOINT_RESTORE=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHROME_PLATFORMS=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m diff --git a/SOURCES/kernel-rt-aarch64.config b/SOURCES/kernel-rt-aarch64.config index c3f340a..d4f3256 100644 --- a/SOURCES/kernel-rt-aarch64.config +++ b/SOURCES/kernel-rt-aarch64.config @@ -2812,6 +2812,7 @@ CONFIG_CHECKPOINT_RESTORE=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHROME_PLATFORMS=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m diff --git a/SOURCES/kernel-rt-ppc64le-debug.config b/SOURCES/kernel-rt-ppc64le-debug.config index 6e93769..fee218d 100644 --- a/SOURCES/kernel-rt-ppc64le-debug.config +++ b/SOURCES/kernel-rt-ppc64le-debug.config @@ -2437,6 +2437,7 @@ CONFIG_CHECKPOINT_RESTORE=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m CONFIG_CHR_DEV_ST=m diff --git a/SOURCES/kernel-rt-ppc64le.config b/SOURCES/kernel-rt-ppc64le.config index 175c4d9..f8182fd 100644 --- a/SOURCES/kernel-rt-ppc64le.config +++ b/SOURCES/kernel-rt-ppc64le.config @@ -2500,6 +2500,7 @@ CONFIG_CHECKPOINT_RESTORE=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m CONFIG_CHR_DEV_ST=m diff --git a/SOURCES/kernel-rt-s390x-debug.config b/SOURCES/kernel-rt-s390x-debug.config index 6b0be6a..c3f5d5d 100644 --- a/SOURCES/kernel-rt-s390x-debug.config +++ b/SOURCES/kernel-rt-s390x-debug.config @@ -2567,6 +2567,7 @@ CONFIG_CHECK_STACK=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m CONFIG_CHR_DEV_ST=m diff --git a/SOURCES/kernel-rt-s390x-zfcpdump.config b/SOURCES/kernel-rt-s390x-zfcpdump.config index 88587f5..d349879 100644 --- a/SOURCES/kernel-rt-s390x-zfcpdump.config +++ b/SOURCES/kernel-rt-s390x-zfcpdump.config @@ -2784,6 +2784,7 @@ CONFIG_CGROUP_SCHED=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CIFS=m CONFIG_CIFS_ACL=y CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y diff --git a/SOURCES/kernel-rt-s390x.config b/SOURCES/kernel-rt-s390x.config index e3295b5..420654d 100644 --- a/SOURCES/kernel-rt-s390x.config +++ b/SOURCES/kernel-rt-s390x.config @@ -2629,6 +2629,7 @@ CONFIG_CHECK_STACK=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m CONFIG_CHR_DEV_ST=m diff --git a/SOURCES/kernel-rt-x86_64-debug.config b/SOURCES/kernel-rt-x86_64-debug.config index 8453d09..0fb1717 100644 --- a/SOURCES/kernel-rt-x86_64-debug.config +++ b/SOURCES/kernel-rt-x86_64-debug.config @@ -93,8 +93,10 @@ # CONFIG_AK8975 is not set # CONFIG_AL3320A is not set # CONFIG_ALIENWARE_WMI is not set +# CONFIG_ALTERA_FREEZE_BRIDGE is not set # CONFIG_ALTERA_MBOX is not set # CONFIG_ALTERA_MSGDMA is not set +# CONFIG_ALTERA_PR_IP_CORE is not set # CONFIG_ALTERA_TSE is not set # CONFIG_AM2315 is not set # CONFIG_AMD8111_ETH is not set @@ -547,6 +549,18 @@ # CONFIG_FIRMWARE_EDID is not set # CONFIG_FMC is not set # CONFIG_FONTS is not set +# CONFIG_FPGA is not set +# CONFIG_FPGA_BRIDGE is not set +# CONFIG_FPGA_DFL is not set +# CONFIG_FPGA_DFL_AFU is not set +# CONFIG_FPGA_DFL_FME is not set +# CONFIG_FPGA_DFL_FME_BRIDGE is not set +# CONFIG_FPGA_DFL_FME_MGR is not set +# CONFIG_FPGA_DFL_FME_REGION is not set +# CONFIG_FPGA_DFL_PCI is not set +# CONFIG_FPGA_MGR_ALTERA_CVP is not set +# CONFIG_FPGA_MGR_ALTERA_PS_SPI is not set +# CONFIG_FPGA_REGION is not set # CONFIG_FRAME_POINTER is not set # CONFIG_FSCACHE_DEBUG is not set # CONFIG_FSCACHE_HISTOGRAM is not set @@ -2241,8 +2255,6 @@ CONFIG_AGP_VIA=y CONFIG_AIO=y CONFIG_ALIM1535_WDT=m CONFIG_ALIM7101_WDT=m -CONFIG_ALTERA_FREEZE_BRIDGE=m -CONFIG_ALTERA_PR_IP_CORE=m CONFIG_ALTERA_STAPL=m CONFIG_ALX=m CONFIG_AMD_IOMMU=y @@ -2546,6 +2558,7 @@ CONFIG_CHECKPOINT_RESTORE=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m CONFIG_CHR_DEV_ST=m @@ -3047,18 +3060,6 @@ CONFIG_FIXED_PHY=y CONFIG_FM10K=m CONFIG_FONT_SUPPORT=y CONFIG_FORTIFY_SOURCE=y -CONFIG_FPGA=m -CONFIG_FPGA_BRIDGE=m -CONFIG_FPGA_DFL=m -CONFIG_FPGA_DFL_AFU=m -CONFIG_FPGA_DFL_FME=m -CONFIG_FPGA_DFL_FME_BRIDGE=m -CONFIG_FPGA_DFL_FME_MGR=m -CONFIG_FPGA_DFL_FME_REGION=m -CONFIG_FPGA_DFL_PCI=m -CONFIG_FPGA_MGR_ALTERA_CVP=m -CONFIG_FPGA_MGR_ALTERA_PS_SPI=m -CONFIG_FPGA_REGION=m CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y diff --git a/SOURCES/kernel-rt-x86_64.config b/SOURCES/kernel-rt-x86_64.config index ebe8f4e..962b08d 100644 --- a/SOURCES/kernel-rt-x86_64.config +++ b/SOURCES/kernel-rt-x86_64.config @@ -99,8 +99,10 @@ # CONFIG_AK8975 is not set # CONFIG_AL3320A is not set # CONFIG_ALIENWARE_WMI is not set +# CONFIG_ALTERA_FREEZE_BRIDGE is not set # CONFIG_ALTERA_MBOX is not set # CONFIG_ALTERA_MSGDMA is not set +# CONFIG_ALTERA_PR_IP_CORE is not set # CONFIG_ALTERA_TSE is not set # CONFIG_AM2315 is not set # CONFIG_AMD8111_ETH is not set @@ -594,6 +596,18 @@ # CONFIG_FIRMWARE_EDID is not set # CONFIG_FMC is not set # CONFIG_FONTS is not set +# CONFIG_FPGA is not set +# CONFIG_FPGA_BRIDGE is not set +# CONFIG_FPGA_DFL is not set +# CONFIG_FPGA_DFL_AFU is not set +# CONFIG_FPGA_DFL_FME is not set +# CONFIG_FPGA_DFL_FME_BRIDGE is not set +# CONFIG_FPGA_DFL_FME_MGR is not set +# CONFIG_FPGA_DFL_FME_REGION is not set +# CONFIG_FPGA_DFL_PCI is not set +# CONFIG_FPGA_MGR_ALTERA_CVP is not set +# CONFIG_FPGA_MGR_ALTERA_PS_SPI is not set +# CONFIG_FPGA_REGION is not set # CONFIG_FRAME_POINTER is not set # CONFIG_FSCACHE_DEBUG is not set # CONFIG_FSCACHE_HISTOGRAM is not set @@ -2312,8 +2326,6 @@ CONFIG_AGP_VIA=y CONFIG_AIO=y CONFIG_ALIM1535_WDT=m CONFIG_ALIM7101_WDT=m -CONFIG_ALTERA_FREEZE_BRIDGE=m -CONFIG_ALTERA_PR_IP_CORE=m CONFIG_ALTERA_STAPL=m CONFIG_ALX=m CONFIG_AMD_IOMMU=y @@ -2609,6 +2621,7 @@ CONFIG_CHECKPOINT_RESTORE=y CONFIG_CHELSIO_IPSEC_INLINE=y CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_TLS_DEVICE=y CONFIG_CHR_DEV_SCH=m CONFIG_CHR_DEV_SG=m CONFIG_CHR_DEV_ST=m @@ -3069,18 +3082,6 @@ CONFIG_FIXED_PHY=y CONFIG_FM10K=m CONFIG_FONT_SUPPORT=y CONFIG_FORTIFY_SOURCE=y -CONFIG_FPGA=m -CONFIG_FPGA_BRIDGE=m -CONFIG_FPGA_DFL=m -CONFIG_FPGA_DFL_AFU=m -CONFIG_FPGA_DFL_FME=m -CONFIG_FPGA_DFL_FME_BRIDGE=m -CONFIG_FPGA_DFL_FME_MGR=m -CONFIG_FPGA_DFL_FME_REGION=m -CONFIG_FPGA_DFL_PCI=m -CONFIG_FPGA_MGR_ALTERA_CVP=m -CONFIG_FPGA_MGR_ALTERA_PS_SPI=m -CONFIG_FPGA_REGION=m CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y diff --git a/SOURCES/redhatsecureboot003.cer b/SOURCES/redhatsecureboot003.cer deleted file mode 100644 index 439b75b..0000000 Binary files a/SOURCES/redhatsecureboot003.cer and /dev/null differ diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer new file mode 100644 index 0000000..20e6604 Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer new file mode 100644 index 0000000..dfa7afb Binary files /dev/null and b/SOURCES/redhatsecureboot501.cer differ diff --git a/SOURCES/redhatsecurebootca2.cer b/SOURCES/redhatsecurebootca2.cer deleted file mode 100644 index 43502d6..0000000 Binary files a/SOURCES/redhatsecurebootca2.cer and /dev/null differ diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer new file mode 100644 index 0000000..b235400 Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer new file mode 100644 index 0000000..dfb0284 Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ diff --git a/SOURCES/secureboot_ppc.cer b/SOURCES/secureboot_ppc.cer new file mode 100644 index 0000000..2c0087d Binary files /dev/null and b/SOURCES/secureboot_ppc.cer differ diff --git a/SOURCES/secureboot_s390.cer b/SOURCES/secureboot_s390.cer new file mode 100644 index 0000000..137d385 Binary files /dev/null and b/SOURCES/secureboot_s390.cer differ diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 193747a..2af5fdf 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -14,12 +14,12 @@ # For a kernel released for public testing, released_kernel should be 1. # For internal testing builds during development, it should be 0. -%global released_kernel 0 +%global released_kernel 1 -%global distro_build 227 +%global distro_build 236 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 aarch64 +%ifarch x86_64 aarch64 s390x ppc64le %global signkernel 1 %else %global signkernel 0 @@ -42,13 +42,17 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 227.rt7.39.el8 +%define pkgrelease 236.rt7.49.el8 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 227.rt7.39%{?dist} +%define specrelease 236.rt7.49%{?dist} %define pkg_release %{specrelease}%{?buildid} +# libexec dir is not used by the linker, so the shared object there +# should not be exported to RPM provides +%global __provides_exclude_from ^%{_libexecdir}/kselftests + # What parts do we want to build? We must build at least one kernel. # These are the kernels that are built IF the architecture allows it. # All should default to 1 (enabled) and be flipped to 0 (disabled) @@ -148,7 +152,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .39 +%global rtbuild .49 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -213,6 +217,11 @@ %define with_kabidwchk 0 %endif +# selftests require bpftool to be built +%if %{with_selftests} +%define with_bpftool 1 +%endif + %ifnarch noarch %define with_kernel_abi_whitelists 0 %endif @@ -436,34 +445,44 @@ Source9: x509.genkey %if %{?released_kernel} -Source10: centossecurebootca2.der -Source11: centos-ca-secureboot.der -Source12: centossecureboot201.der -Source13: centossecureboot001.der +Source10: redhatsecurebootca5.cer +Source11: redhatsecurebootca3.cer +Source12: redhatsecureboot501.cer +Source13: redhatsecureboot301.cer +Source14: secureboot_s390.cer +Source15: secureboot_ppc.cer -%define secureboot_ca_0 %{SOURCE10} -%define secureboot_ca_1 %{SOURCE11} +%define secureboot_ca_0 %{SOURCE11} +%define secureboot_ca_1 %{SOURCE10} %ifarch x86_64 aarch64 -%define secureboot_key_0 %{SOURCE12} -%define pesign_name_0 centossecureboot201 -%define secureboot_key_1 %{SOURCE13} -%define pesign_name_1 centossecureboot001 +%define secureboot_key_0 %{SOURCE13} +%define pesign_name_0 redhatsecureboot301 +%define secureboot_key_1 %{SOURCE12} +%define pesign_name_1 redhatsecureboot501 +%endif +%ifarch s390x +%define secureboot_key_0 %{SOURCE14} +%define pesign_name_0 redhatsecureboot302 +%endif +%ifarch ppc64le +%define secureboot_key_0 %{SOURCE15} +%define pesign_name_0 redhatsecureboot303 %endif # released_kernel %else -Source11: centossecurebootca2.der -Source12: centos-ca-secureboot.der -Source13: centossecureboot201.der -Source14: centossecureboot001.der +Source11: redhatsecurebootca4.cer +Source12: redhatsecurebootca2.cer +Source13: redhatsecureboot401.cer +Source14: redhatsecureboot003.cer -%define secureboot_ca_0 %{SOURCE11} -%define secureboot_ca_1 %{SOURCE12} -%define secureboot_key_0 %{SOURCE13} -%define pesign_name_0 centossecureboot201 -%define secureboot_key_1 %{SOURCE14} -%define pesign_name_1 centossecureboot001 +%define secureboot_ca_0 %{SOURCE12} +%define secureboot_ca_1 %{SOURCE11} +%define secureboot_key_0 %{SOURCE14} +%define pesign_name_0 redhatsecureboot003 +%define secureboot_key_1 %{SOURCE13} +%define pesign_name_1 redhatsecureboot401 # released_kernel %endif @@ -520,8 +539,6 @@ Source400: mod-kvm.list Source2000: cpupower.service Source2001: cpupower.config -Source9000: centos.pem - ## Patches needed for building this package # empty final patch to facilitate testing of kernel patches @@ -532,8 +549,8 @@ Patch999999: linux-kernel-test.patch BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for CentOS. -It is based on upstream Linux at version %{version} and maintains kABI +This is the package which provides the Linux %{name} for Red Hat Enterprise +Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means this is not a %{version} kernel anymore: it includes several components which come @@ -541,7 +558,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in CentOS, enhancements for +updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc. # @@ -551,13 +568,14 @@ enterprise customers, etc. # macros defined above. # %define kernel_reqprovconf \ +Provides: kernel = %{rpmversion}-%{pkg_release}\ Provides: %{name} = %{rpmversion}-%{pkg_release}\ Provides: %{name}-%{_target_cpu} = %{rpmversion}-%{pkg_release}%{?1:+%{1}}\ Provides: kernel-drm-nouveau = 16\ Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ Requires(pre): %{kernel_prereq}\ Requires(pre): %{initrd_prereq}\ -Requires(pre): linux-firmware >= 20200512-98.gitb2cad6a2\ +Requires(pre): linux-firmware >= 20200619-99.git3890db36\ Requires(preun): systemd >= 200\ Conflicts: xfsprogs < 4.3.0-1\ Conflicts: xorg-x11-drv-vmmouse < 13.0.99\ @@ -726,6 +744,7 @@ This package provides debug information for package %{name}-tools. # with_tools %endif +%if !%{with_realtime} %if %{with_bpftool} %package -n bpftool @@ -747,13 +766,19 @@ This package provides debug information for the bpftool package. # with_bpftool %endif +%endif %if %{with_selftests} %package selftests-internal Summary: Kernel samples and selftests License: GPLv2 -Requires: binutils, bpftool, iproute-tc, nmap-ncat +Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3 +%if %{with_realtime} +Conflicts: kernel-selftests-internal +%else +Conflicts: kernel-rt-selftests-internal +%endif %description selftests-internal Kernel sample programs and selftests. @@ -775,12 +800,12 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-whitelists -Summary: The CentOS kernel ABI symbol whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n %{name}-abi-whitelists -The kABI package contains information pertaining to the CentOS -kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the Red Hat Enterprise +Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -789,8 +814,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the CentOS -kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the Red Hat Enterprise +Linux kernel, suitable for the kabi-dw tool. %endif # @@ -862,7 +887,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ %{nil} # @@ -1060,7 +1085,6 @@ ApplyOptionalPatch() } %setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c -cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} @@ -1491,7 +1515,6 @@ BuildKernel() { cp -a --parents tools/include/tools/le_byteshift.h $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ cp -a --parents arch/x86/purgatory/purgatory.c $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ cp -a --parents arch/x86/purgatory/stack.S $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ - cp -a --parents arch/x86/purgatory/string.c $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ cp -a --parents arch/x86/purgatory/setup-x86_64.S $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ cp -a --parents arch/x86/purgatory/entry64.S $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ cp -a --parents arch/x86/boot/string.h $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/ @@ -1795,17 +1818,27 @@ popd # Unfortunately, samples/bpf/Makefile expects that the headers are installed # in the source tree. We installed them previously to $RPM_BUILD_ROOT/usr # but there's no way to tell the Makefile to take them from there. -%{make} headers_install -%{make} -s ARCH=$Arch V=1 samples/bpf/ +%{make} %{?_smp_mflags} headers_install +%{make} %{?_smp_mflags} ARCH=$Arch V=1 samples/bpf/ + +# Prevent bpf selftests to build bpftool repeatedly: +export BPFTOOL=$(pwd)/tools/bpf/bpftool/bpftool + pushd tools/testing/selftests # We need to install here because we need to call make with ARCH set which # doesn't seem possible to do in the install section. -%{make} -s ARCH=$Arch V=1 TARGETS="bpf livepatch net net/mptcp netfilter" INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests install - -# Unfortunately, bpf `install` is broken. -# selftests use rsync to copy all attributes and file types -rsync -a bpf %{buildroot}%{_libexecdir}/kselftests +%{make} %{?_smp_mflags} ARCH=$Arch V=1 TARGETS="bpf livepatch net net/mptcp netfilter" FORCE_TARGETS=1 INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests install + +# 'make install' for bpf is broken and upstream refuses to fix it. +# Install the needed files manually. +for dir in bpf bpf/no_alu32; do + mkdir -p %{buildroot}%{_libexecdir}/kselftests/$dir + find $dir -maxdepth 1 -type f \( -executable -o -name '*.py' -o -name settings -o \ + -name '*.o' -exec sh -c 'readelf -h "{}" | grep -q "^ Machine:.*BPF"' \; \) -print0 | \ + xargs -0 cp -t %{buildroot}%{_libexecdir}/kselftests/$dir +done popd +export -n BPFTOOL %endif %if %{with_doc} @@ -2029,11 +2062,13 @@ install -m755 page_owner_sort %{buildroot}%{_bindir}/page_owner_sort popd %endif +%if !%{with_realtime} %if %{with_bpftool} pushd tools/bpf/bpftool %{bpftool_make} prefix=%{_prefix} bash_compdir=%{_sysconfdir}/bash_completion.d/ mandir=%{_mandir} install doc-install popd %endif +%endif %if %{with_selftests} pushd samples @@ -2397,6 +2432,7 @@ fi # with_tools %endif +%if !%{with_realtime} %if %{with_bpftool} %files -n bpftool %{_sbindir}/bpftool @@ -2418,6 +2454,7 @@ fi %defattr(-,root,root) %endif %endif +%endif %if %{with_selftests} %files selftests-internal @@ -2533,6 +2570,824 @@ fi # # %changelog +* Wed Sep 09 2020 Juri Lelli [4.18.0-236.rt7.49.el8] +- [crypto] pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862072] +- [security] integrity: Load certs from the EFI MOK config table (Lenny Szubowicz) [1868306] +- [security] integrity: Move import of MokListRT certs to a separate routine (Lenny Szubowicz) [1868306] +- [firmware] efi: Support for MOK variable config table (Lenny Szubowicz) [1868306] +- [kernel] Move to dual-signing to split signing keys up better (Frantisek Hrbata) [1837434] {CVE-2020-10713} +- [powerpc] pseries/hotplug-cpu: wait indefinitely for vCPU death (Michael Roth) [1856588] +- [powerpc] kvm: ppc: book3s hv: Rework secure mem slot dropping (Michael Roth) [1851259] +- [powerpc] kvm: ppc: book3s hv: Move kvmppc_svm_page_out up (Michael Roth) [1851259] +- [powerpc] kvm: ppc: book3s hv: Migrate hot plugged memory (Michael Roth) [1851259] +- [powerpc] kvm: ppc: book3s hv: In H_SVM_INIT_DONE, migrate remaining normal-GFNs to secure-GFNs (Michael Roth) [1851259] +- [powerpc] kvm: ppc: book3s hv: Track the state GFNs associated with secure VMs (Michael Roth) [1851259] +- [powerpc] kvm: ppc: book3s hv: Disable page merging in H_SVM_INIT_START (Michael Roth) [1851259] +- [powerpc] kvm: ppc: book3s hv: Fix function definition in book3s_hv_uvmem.c (Michael Roth) [1851259] +- [kernel] mmap locking api: initial implementation as rwsem wrappers (Michael Roth) [1851259] +- [mm] handle multiple owners of device private pages in migrate_vma (Michael Roth) [1851259] +- [mm] migrate.c: clean up useless code in migrate_vma_collect_pmd() (Michael Roth) [1851259] +- [mm] remove the unused MIGRATE_PFN_DEVICE flag (Michael Roth) [1851259] +- [powerpc] rhel: powerpc: kvm: Increase HDEC threshold to enter guest (David Gibson) [1733467] +- [netdrv] r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (Michal Schmidt) [1851966] +- [fs] ceph: fix inode number handling on arches with 32-bit ino_t (Jeff Layton) [1869679] +- [fs] ceph: don't allow setlease on cephfs (Jeff Layton) [1872382] +- [block] blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (Ming Lei) [1859628] + +* Thu Sep 03 2020 Juri Lelli [4.18.0-235.rt7.48.el8] +- [s390] scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Fence adapter status propagation for common statuses (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Move p-t-p port allocation to after xport data (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Fence fc_host updates during link-down handling (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Move fc_host updates during xport data handling into fenced function (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Move shost updates during xconfig data handling into fenced function (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: fix fc_host attributes that should be unknown on local link down (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: expose fabric name as common fc_host sysfs attribute (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: add diagnostics buffer for exchange config data (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: diagnostics buffer caching and use for exchange port data (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: signal incomplete or error for sync exchange config/port data (Claudio Imbrenda) [1872799] +- [s390] scsi: zfcp: Fix use-after-free in request timeout handlers (Claudio Imbrenda) [1872796] +- [tools] selftests/powerpc: Update the stack expansion test (Gustavo Duarte) [1869755] +- [mm] powerpc: Allow 4224 bytes of stack expansion for the signal frame (Gustavo Duarte) [1869755] +- [tools] selftests/powerpc: Add test of stack expansion logic (Gustavo Duarte) [1869755] +- [mm] mm: check that mm is still valid in madvise() (Jeff Moyer) [1874560] +- [block] block: virtio_blk: fix handling single range discard request (Ming Lei) [1842035] +- [block] block: respect queue limit of max discard segment (Ming Lei) [1842035] +- [fs] io_uring: Fix NULL pointer dereference in loop_rw_iter() (Jeff Moyer) [1854649] +- [fs] io_uring: return locked and pinned page accounting (Jeff Moyer) [1854649] +- [fs] io_uring: always allow drain/link/hardlink/async sqe flags (Jeff Moyer) [1854649] +- [fs] io_uring: ensure double poll additions work with both request types (Jeff Moyer) [1854649] +- [fs] io_uring: fix recvmsg memory leak with buffer selection (Jeff Moyer) [1854649] +- [fs] io_uring: fix missing msg_name assignment (Jeff Moyer) [1854649] +- [fs] io_uring: fix memleak in io_sqe_files_register() (Jeff Moyer) [1854649] +- [fs] io_uring: account user memory freed when exit has been queued (Jeff Moyer) [1854649] +- [fs] io_uring: fix memleak in __io_sqe_files_update() (Jeff Moyer) [1854649] +- [fs] io_uring: fix regression with always ignoring signals in io_cqring_wait() (Jeff Moyer) [1854649] +- [fs] io_uring: use signal based task_work running (Jeff Moyer) [1854649] +- [kernel] task_work: teach task_work_add() to do signal_wake_up() (Jeff Moyer) [1854649] +- [fs] io_uring: fix missing ->mm on exit (Jeff Moyer) [1854649] +- [fs] io_uring: fix potential use after free on fallback request free (Jeff Moyer) [1854649] +- [fs] io_uring: fix req->work corruption (Jeff Moyer) [1854649] +- [fs] io_uring: fix NULL-mm for linked reqs (Jeff Moyer) [1854649] +- [fs] io_uring: fix current->mm NULL dereference on exit (Jeff Moyer) [1854649] +- [fs] io_uring: fix hanging iopoll in case of -EAGAIN (Jeff Moyer) [1854649] +- [fs] io_uring: fix io_sq_thread no schedule when busy (Jeff Moyer) [1854649] +- [fs] io_uring: fix possible race condition against REQ_F_NEED_CLEANUP (Jeff Moyer) [1854649] +- [fs] io_uring: reap poll completions while waiting for refs to drop on exit (Jeff Moyer) [1854649] +- [fs] io_uring: acquire 'mm' for task_work for SQPOLL (Jeff Moyer) [1854649] +- [fs] io_uring: add memory barrier to synchronize io_kiocb's result and iopoll_completed (Jeff Moyer) [1854649] +- [fs] io_uring: don't fail links for EAGAIN error in IOPOLL mode (Jeff Moyer) [1854649] +- [fs] io_uring: fix io_kiocb.flags modification race in IOPOLL mode (Jeff Moyer) [1854649] +- [fs] io_uring: allow O_NONBLOCK async retry (Jeff Moyer) [1854649] +- [fs] io_uring: use kvfree() in io_sqe_buffer_register() (Jeff Moyer) [1854649] +- [fs] io_uring: validate the full range of provided buffers for access (Jeff Moyer) [1854649] +- [fs] io_uring: re-set iov base/len for buffer select retry (Jeff Moyer) [1854649] +- [fs] io_uring: fix {SQ, IO}POLL with unsupported opcodes (Jeff Moyer) [1854649] +- [fs] io_uring: disallow close of ring itself (Jeff Moyer) [1854649] +- [fs] io_uring: fix overflowed reqs cancellation (Jeff Moyer) [1854649] +- [fs] io_uring: fix flush req->refs underflow (Jeff Moyer) [1854649] +- [fs] io_uring: async task poll trigger cleanup (Jeff Moyer) [1854649] +- [fs] io_uring: allow POLL_ADD with double poll_wait() users (Jeff Moyer) [1854649] +- [fs] io_uring: remove 'fd is io_uring' from close path (Jeff Moyer) [1854649] +- [nvme] nvme: allow retry for requests with REQ_FAILFAST_TRANSPORT set (Mike Snitzer) [1843515] +- [nvme] nvme: decouple basic ANA log page re-read support from native multipathing (Mike Snitzer) [1843515] +- [nvme] nvme: update failover handling to work with REQ_FAILFAST_TRANSPORT (Mike Snitzer) [1843515] +- [nvme] nvme: Return BLK_STS_TARGET if the DNR bit is set (Mike Snitzer) [1843515] +- [nvme] nvme: redirect commands on dying queue (Mike Snitzer) [1843515] +- [nvme] nvme: just check the status code type in nvme_is_path_error (Mike Snitzer) [1843515] +- [nvme] nvme: refactor command completion (Mike Snitzer) [1843515] +- [nvme] nvme-multipath: do not reset on unknown status (Mike Snitzer) [1843515] +- [nvme] Revert "nvme: allow ANA support to be independent of native multipathing" (Mike Snitzer) [1843515] +- [nvme] Revert "nvme-multipath: do not reset on unknown status" (Mike Snitzer) [1843515] +- [mm] mm, THP, swap: fix allocating cluster for swapfile by mistake (Gao Xiang) [1855474] +- [net] sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (Marcelo Leitner) [1866391] +- [net] netfilter: conntrack: allow sctp hearbeat after connection re-use (Florian Westphal) [1865798] +- [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859472] {CVE-2020-14331} +- [scsi] Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (Nilesh Javali) [1866744] +- [scsi] Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Check if FW supports MQ before enabling (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Reduce noisy debug message (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Fix login timeout (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Flush I/O on zone disable (Nilesh Javali) [1866744] +- [scsi] scsi: qla2xxx: Flush all sessions on zone disable (Nilesh Javali) [1866744] +- [tools] bpf: selftests: global_funcs: Check err_str before strstr (Yauheni Kaliuta) [1873163] +- [netdrv] net/mlx5e: E-Switch, Specify flow_source for rule with no in_port (Alaa Hleihel) [1869602] +- [netdrv] net/mlx5e: E-Switch, Add misc bit when misc fields changed for mirroring (Alaa Hleihel) [1869602] +- [tools] selftests/bpf: test for map update access from within EXT programs (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] +- [tools] selftests/bpf: test for checking return code for the extended prog (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] +- [tools] selftests/bpf: Add test for freplace program with write access (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] +- [net] bpf: verifier: use target program's type for access verifications (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] +- [scsi] scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (Dick Kennedy) [1871223] +- [scsi] scsi: lpfc: Fix LUN loss after cable pull (Dick Kennedy) [1871223] +- [infiniband] RDMA/bnxt_re: Do not add user qps to flushlist (Selvin Xavier) [1858674] +- [fs] NFSv4.0 allow nconnect for v4.0 (Benjamin Coddington) [1842746] +- [mm] mm/vunmap: add cond_resched() in vunmap_pmd_range (Rafael Aquini) [1871710] +- [s390] s390/bpf: Maintain 8-byte stack alignment (Jiri Olsa) [1871040] + +* Thu Aug 27 2020 Juri Lelli [4.18.0-234.rt7.47.el8] +- redhat: Rebuild kernel-rt due to missing pesign tag (Juri Lelli) [https://bugzilla.redhat.com/1873169] + +- [redhat] redhat: Rebuild kernel-rt due to missing pesign tag (Juri Lelli) [1873169] + +* Thu Aug 20 2020 Clark Williams [4.18.0-234.rt7.46.el8] +- [netdrv] vrf: Fix IPv6 with qdisc and xfrm (Sabrina Dubroca) [1868565] +- [netdrv] vrf: make sure skb->data contains ip header to make routing (Sabrina Dubroca) [1868565] +- [netdrv] vrf: Check skb for XFRM_TRANSFORMED flag (Sabrina Dubroca) [1868565] +- [net] Do not clear the sock TX queue in sk_set_socket() (Andrea Claudi) [1850421] +- [net] Use RCU_INIT_POINTER() to set sk_wq (Andrea Claudi) [1850421] +- [net] netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c. (Florian Westphal) [1862384] +- [net] netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. (Florian Westphal) [1862384] +- [net] netfilter: ipset: Fix an error code in ip_set_sockfn_get() (Florian Westphal) [1862384] +- [net] netfilter: nft_set_rbtree: Don't account for expired elements on insertion (Florian Westphal) [1862384] +- [net] netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (Florian Westphal) [1862384] +- [net] netfilter: nft_set_rbtree: Detect partial overlaps on insertion (Florian Westphal) [1862384] +- [net] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (Florian Westphal) [1862384] +- [net] netfilter: nf_tables: fix nat hook table deletion (Florian Westphal) [1862384] +- [net] netfilter: ipset: call ip_set_free() instead of kfree() (Florian Westphal) [1862384] +- [net] netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers. (Florian Westphal) [1862384] +- [net] netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers. (Florian Westphal) [1862384] +- [net] netfilter: nft_set_pipapo: Disable preemption before getting per-CPU pointer (Florian Westphal) [1862384] +- [net] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported (Florian Westphal) [1862384] +- [net] netfilter: conntrack: comparison of unsigned in cthelper confirmation (Florian Westphal) [1862384] +- [net] netfilter: conntrack: refetch conntrack after nf_conntrack_update() (Florian Westphal) [1862384] +- [net] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update (Florian Westphal) [1862384] +- [net] netfilter: conntrack: make conntrack userspace helpers work again (Florian Westphal) [1862384] +- [net] netfilter: nfnetlink_cthelper: unbreak userspace helper support (Florian Westphal) [1862384] +- [net] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build (Florian Westphal) [1862384] +- [net] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code (Florian Westphal) [1862384] +- [net] netfilter: nft_set_bitmap: initialize set element extension in lookups (Florian Westphal) [1862384] +- [net] netfilter: nft_fwd_netdev: validate family and chain type (Florian Westphal) [1862384] +- [net] netfilter: nft_payload: add missing attribute validation for payload csum flags (Florian Westphal) [1862384] +- [net] netfilter: cthelper: add missing attribute validation for cthelper (Florian Westphal) [1862384] +- [net] netfilter: ipset: Fix forceadd evaluation path (Florian Westphal) [1862384] +- [net] netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() (Florian Westphal) [1862384] +- [net] netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (Florian Westphal) [1862384] +- [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1862384] +- [arm64] kvm: arm64: Don't inherit exec permission across page-table levels (Andrew Jones) [1869297] +- [arm64] kvm: arm64: Flush the instruction cache if not unmapping the VM on reboot (Andrew Jones) [1869297] +- [s390] s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (Claudio Imbrenda) [1868927] +- [fs] chardev: Avoid potential use-after-free in 'chrdev_open()' (Vladis Dronov) [1866324] {CVE-2020-0305} +- [net] net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus (Nitesh Narayan Lal) [1868433] +- [x86] Revert "x86/intel: Disable HPET on Intel Ice Lake platforms" (David Arcari) [1868405] +- [kernel] sched: Fix race against ptrace_freeze_trace() (Oleg Nesterov) [1862560] +- [kernel] sched: Fix loadavg accounting race (Oleg Nesterov) [1862560] +- [kernel] kernel/sched/: remove caller signal_pending branch predictions (Oleg Nesterov) [1862560] +- [kernel] locking/spinlock, sched/core: Clarify requirements for smp_mb__after_spinlock() (Oleg Nesterov) [1862560] +- [nvme] nvme: multipath: round-robin: eliminate "fallback" variable (Gopal Tiwari) [1868443] +- [nvme] nvme: multipath: round-robin: fix single non-optimized path case (Gopal Tiwari) [1868443] +- [nvme] nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (Gopal Tiwari) [1868443] +- [nvme] nvme-multipath: fix logic for non-optimized paths (Gopal Tiwari) [1868443] +- [tools] selftests/bpf: Fix segmentation fault in test_progs (Yauheni Kaliuta) [1868494] +- [pci] hv: Fix a timing issue which causes kdump to fail occasionally (Mohammed Gamal) [1861960] +- [hv] hv: vmbus: Only notify Hyper-V for die events that are oops (Vitaly Kuznetsov) [1868131] +- [x86] kvm: nsvm: Correctly set the shadow NPT root level in its MMU role (Vitaly Kuznetsov) [1845507] +- [x86] kvm: x86: drop superfluous mmu_check_root() from fast_pgd_switch() (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: use nested_svm_load_cr3() on guest->host switch (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: implement nested_svm_load_cr3() and use it for host->guest switch (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: move kvm_set_cr3() after nested_svm_uninit_mmu_context() (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: introduce nested_svm_load_cr3()/nested_npt_enabled() (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: prepare to handle errors from enter_svm_guest_mode() (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: reset nested_run_pending upon nested_svm_vmrun_msrpm() failure (Vitaly Kuznetsov) [1845507] +- [x86] kvm: mmu: stop dereferencing vcpu->arch.mmu to get the context for MMU init (Vitaly Kuznetsov) [1845507] +- [x86] kvm: nsvm: split kvm_init_shadow_npt_mmu() from kvm_init_shadow_mmu() (Vitaly Kuznetsov) [1845507] +- [security] selinux: compute genfs symlink context in case of CephFS (Ondrej Mosnacek) [1865800] +- [fs] ceph: set sec_context xattr on symlink creation (Ondrej Mosnacek) [1861509] +- [tools] selftests: bpf: define SO_RCVTIMEO and SO_SNDTIMEO properly for ppc64le (Jiri Benc) [1860386] +- [tools] bpf: Sync RHEL version of asm-generic/socket.h to tools/ (Jiri Benc) [1860386] +- [tools] selftests: bpf: skip tests not working on RHEL (Jiri Benc) [1866908] +- [tools] Revert "selftests: bpf: disable test_lwt_seg6local" (Jiri Benc) [1866908] +- [tools] Revert "bpf: selftests: remove test_bpftool_build.sh from TEST_PROGS" (Jiri Benc) [1866908] +- [tools] selftests: add option to skip specific tests in RHEL (Jiri Benc) [1866908] +- [tools] selftests: bpf: switch off timeout (Jiri Benc) [1866908] +- [tools] selftest/firmware: Add selftest timeout in settings (Jiri Benc) [1866908] +- [tools] selftests/harness: Limit step counter reporting (Jiri Benc) [1866908] +- [tools] selftests/harness: Clean up kern-doc for fixtures (Jiri Benc) [1866908] +- [tools] selftests: fix condition in run_tests (Jiri Benc) [1866908] +- [tools] selftests: do not use .ONESHELL (Jiri Benc) [1866908] +- [tools] selftests/harness: Report skip reason (Jiri Benc) [1866908] +- [tools] selftests/harness: Display signed values correctly (Jiri Benc) [1866908] +- [tools] selftests/harness: Refactor XFAIL into SKIP (Jiri Benc) [1866908] +- [tools] selftests/harness: Switch to TAP output (Jiri Benc) [1866908] +- [tools] selftests: Add header documentation and helpers (Jiri Benc) [1866908] +- [tools] kselftest: fix TAP output for skipped tests (Jiri Benc) [1866908] +- [tools] kselftest: ksft_test_num return type should be unsigned (Jiri Benc) [1866908] +- [tools] selftests: introduce gen_tar Makefile target (Jiri Benc) [1866908] +- [tools] kselftest: add fixture variants (Jiri Benc) [1866908] +- [tools] kselftest: run tests by fixture (Jiri Benc) [1866908] +- [tools] kselftest: create fixture objects (Jiri Benc) [1866908] +- [tools] kselftest: factor out list manipulation to a helper (Jiri Benc) [1866908] +- [tools] selftests: add build/cross-build dependency check script (Jiri Benc) [1866908] +- [tools] kselftest/runner: allow to properly deliver signals to tests (Jiri Benc) [1866908] +- [tools] selftests/harness: fix spelling mistake "SIGARLM" -> "SIGALRM" (Jiri Benc) [1866908] +- [tools] selftests: enforce local header dependency in lib.mk (Jiri Benc) [1866908] +- [tools] selftests/harness: Handle timeouts cleanly (Jiri Benc) [1866908] +- [tools] selftests/harness: Move test child waiting logic (Jiri Benc) [1866908] +- [tools] selftests: Fix kselftest O=objdir build from cluttering top level objdir (Jiri Benc) [1866908] +- [tools] selftests: allow detection of build failures (Jiri Benc) [1866908] +- [tools] selftests: fix build behaviour on targets' failures (Jiri Benc) [1866908] +- [tools] kselftest: Support old perl versions (Jiri Benc) [1866908] +- [tools] kselftest/runner: Print new line in print of timeout log (Jiri Benc) [1866908] +- [tools] selftests: Fix dangling documentation references to kselftest_module.sh (Jiri Benc) [1866908] +- [tools] kselftest: Fix NULL INSTALL_PATH for TARGETS runlist (Jiri Benc) [1866908] +- [tools] selftests: Move kselftest_module.sh into kselftest/ (Jiri Benc) [1866908] +- [tools] selftests: gen_kselftest_tar.sh: Do not clobber kselftest/ (Jiri Benc) [1866908] +- [tools] selftests/kselftest/runner.sh: Add 45 second timeout per test (Jiri Benc) [1866908] +- [tools] kselftest: exclude failed TARGETS from runlist (Jiri Benc) [1866908] +- [tools] kselftest: add capability to skip chosen TARGETS (Jiri Benc) [1866908] +- [tools] selftests: Add kselftest-all and kselftest-install targets (Jiri Benc) [1866908] +- [tools] selftests: use "$(MAKE)" instead of "make" (Jiri Benc) [1866908] +- [tools] kselftest: save-and-restore errno to allow for m formatting (Jiri Benc) [1866908] +- [tools] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 481 (Jiri Benc) [1866908] +- [tools] selftests/harness: Allow test to configure timeout (Jiri Benc) [1866908] +- [tools] selftests: avoid KBUILD_OUTPUT dir cluttering with selftest objects (Jiri Benc) [1866908] +- [tools] selftests: fix bpf build/test workflow regression when KBUILD_OUTPUT is set (Jiri Benc) [1866908] +- [tools] selftests: fix install target to use default install path (Jiri Benc) [1866908] +- [tools] selftests: build and run gpio when output directory is the src dir (Jiri Benc) [1866908] +- [documentation] doc: kselftest: Fix KBUILD_OUTPUT usage instructions (Jiri Benc) [1866908] +- [tools] selftests: fix headers_install circular dependency (Jiri Benc) [1866908] +- [tools] selftests/harness: Add 30 second timeout per test (Jiri Benc) [1866908] +- [tools] kselftest: Add test module framework header (Jiri Benc) [1866908] +- [tools] kselftest: Add test runner creation script (Jiri Benc) [1866908] +- [tools] selftests/harness: Update named initializer syntax (Jiri Benc) [1866908] +- [tools] selftest: include stdio.h in kselftest.h (Jiri Benc) [1866908] +- [tools] selftests: do not macro-expand failed assertion expressions (Jiri Benc) [1866908] +- [documentation] Documentation/dev-tools: clean up kselftest.rst (Jiri Benc) [1866908] +- [documentation] doc: dev-tools: kselftest.rst: update config file location (Jiri Benc) [1866908] +- [documentation] doc: dev-tools: kselftest.rst: update contributing new tests (Jiri Benc) [1866908] + +* Tue Aug 18 2020 Clark Williams [4.18.0-233.rt7.45.el8] +- [fs] nfs: ensure correct writeback errors are returned on close() (Scott Mayhew) [1849424] +- [netdrv] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (Dean Nelson) [1824858] +- [crypto] crypto: ecc - SP800-56A rev 3 local public key validation (Herbert Xu) [1855817] +- [crypto] crypto: dh - SP800-56A rev 3 local public key validation (Herbert Xu) [1855817] +- [crypto] crypto: dh - check validity of Z before export (Herbert Xu) [1855817] +- [lib] lib/mpi: Add mpi_sub_ui() (Herbert Xu) [1855817] +- [crypto] crypto: ecdh - check validity of Z before export (Herbert Xu) [1855817] +- [netdrv] net: thunderx: initialize VF's mailbox mutex before first usage (Dean Nelson) [1866827] +- [kernel] timers: Lower base clock forwarding threshold (Phil Auld) [1833096] +- [kernel] timers: Remove must_forward_clk (Phil Auld) [1833096] +- [kernel] timers: Spare timer softirq until next expiry (Phil Auld) [1833096] +- [kernel] timers: Expand clk forward logic beyond nohz (Phil Auld) [1833096] +- [kernel] timers: Reuse next expiry cache after nohz exit (Phil Auld) [1833096] +- [kernel] timers: Always keep track of next expiry (Phil Auld) [1833096] +- [kernel] timers: Optimize _next_timer_interrupt() level iteration (Phil Auld) [1833096] +- [kernel] timers: Add comments about calc_index() ceiling work (Phil Auld) [1833096] +- [kernel] timers: Move trigger_dyntick_cpu() to enqueue_timer() (Phil Auld) [1833096] +- [kernel] timers: Use only bucket expiry for base->next_expiry value (Phil Auld) [1833096] +- [kernel] timers: Preserve higher bits of expiration on index calculation (Phil Auld) [1833096] +- [kernel] timer: Fix wheel index calculation on last level (Phil Auld) [1833096] +- [kernel] timer: Prevent base->clk from moving backward (Phil Auld) [1833096] +- [kernel] timer: Read jiffies once when forwarding base clk (Phil Auld) [1833096] +- [powerpc] powerpc/64: Update Speculation_Store_Bypass in /proc//status (Gustavo Duarte) [1773868] +- [scsi] scsi: virtio-scsi: Correctly handle the case where all LUNs are unplugged (Maxim Levitsky) [1756093] +- [kvm] kvm: x86: replace kvm_spec_ctrl_test_value with runtime test on the host (Maxim Levitsky) [1853447] +- [kvm] x86/kvm: Move context tracking where it belongs (Nitesh Narayan Lal) [1854011] +- [scsi] scsi: megaraid_sas: Clear affinity hint (Tomas Henzl) [1828351] +- [netdrv] revert "vxlan: fix tos value before xmit" (Andrea Claudi) [1862166] +- [net] udp: Copy has_conns in reuseport_grow(). (Marcelo Leitner) [1867160] +- [net] dev: Defer free of skbs in flush_backlog (Marcelo Leitner) [1867160] +- [include] net: core: reduce recursion limit value (Marcelo Leitner) [1867160] +- [netdrv] pppoe: only process PADT targeted at local interfaces (Andrea Claudi) [1866850] +- [net] espintcp: count packets dropped in espintcp_rcv (Sabrina Dubroca) [1866393] +- [net] espintcp: handle short messages instead of breaking the encap socket (Sabrina Dubroca) [1866393] +- [net] espintcp: recv() should return 0 when the peer socket is closed (Sabrina Dubroca) [1866393] +- [net] espintcp: support non-blocking sends (Sabrina Dubroca) [1866393] +- [net] mptcp: be careful on subflow creation (Davide Caratti) [1862200] +- [net] mptcp: fix bogus sendmsg() return code under pressure (Davide Caratti) [1862200] +- [net] mptcp: fix joined subflows with unblocking sk (Davide Caratti) [1862200] +- [net] subflow: explicitly check for plain tcp rsk (Davide Caratti) [1862200] +- [net] mptcp: silence warning in subflow_data_ready() (Davide Caratti) [1862200] +- [net] mptcp: fix race in subflow_data_ready() (Davide Caratti) [1862200] +- [net] mptcp: fix memory leak in mptcp_subflow_create_socket() (Davide Caratti) [1862200] +- [net] mptcp: don't leak msk in token container (Davide Caratti) [1862200] +- [net] ipv4: Silence suspicious RCU usage warning (Guillaume Nault) [1866430] +- [net] devinet: fix memleak in inetdev_init() (Guillaume Nault) [1866430] +- [net] ipip: fix wrong address family in init error path (Guillaume Nault) [1866430] +- [net] inet_csk: Fix so_reuseport bind-address cache in tb->fast* (Guillaume Nault) [1866430] +- [net] ipmr: Add lockdep expression to ipmr_for_each_table macro (Guillaume Nault) [1866430] +- [net] ipmr: Fix RCU list debugging warning (Guillaume Nault) [1866430] +- [net] tcp: make sure listeners don't initialize congestion-control state (Paolo Abeni) [1865904] +- [net] sched: The error lable position is corrected in ct_init_module (Davide Caratti) [1865890] +- [net] sched: cls_api: fix nooffloaddevcnt warning dmesg log (Davide Caratti) [1865890] +- [net] tls: fix race condition causing kernel panic (Sabrina Dubroca) [1861756] +- [net] tls: free record only on encryption error (Sabrina Dubroca) [1861756] +- [net] tls: fix encryption error checking (Sabrina Dubroca) [1861756] +- [net] l2tp: add sk_family checks to l2tp_validate_socket (Guillaume Nault) [1861453] +- [net] l2tp: do not use inet_hash()/inet_unhash() (Guillaume Nault) [1861453] +- [net] tipc: allow to build NACK message in link timeout function (Xin Long) [1860877] +- [net] tipc: fix retransmission on unicast links (Xin Long) [1860877] +- [net] tipc: fix NULL pointer dereference in tipc_disc_rcv() (Xin Long) [1860877] +- [net] tipc: remove set but not used variable 'prev' (Xin Long) [1860877] +- [net] tipc: call tsk_set_importance from tipc_topsrv_create_listener (Xin Long) [1860877] +- [net] tipc: add support for broadcast rcv stats dumping (Xin Long) [1860877] +- [net] tipc: enable broadcast retrans via unicast (Xin Long) [1860877] +- [net] tipc: add back link trace events (Xin Long) [1860877] +- [net] tipc: introduce Gap ACK blocks for broadcast link (Xin Long) [1860877] +- [net] tipc: block BH before using dst_cache (Xin Long) [1860877] +- [net] tipc: fix partial topology connection closure (Xin Long) [1860877] +- [net] xfrm: policy: match with both mark and mask on user interfaces (Xin Long) [1854116] +- [scsi] scsi: dh: Add Fujitsu device to devinfo and dh lists (Ewan Milne) [1861418] +- [x86] kvm: Set KVM_SOFT_MAX_VCPUS to 1024 (Eduardo Habkost) [1856996] +- [md] dm integrity: fix integrity recalculation that is improperly skipped (Mike Snitzer) [1860160] +- [netdrv] ibmvnic: Fix IRQ mapping disposal in error path (Steve Best) [1867498] +- [infiniband] IB/hfi1: Do not destroy link_wq when the device is shut down (Kamal Heib) [1858392] +- [infiniband] IB/hfi1: Do not destroy hfi1_wq when the device is shut down (Kamal Heib) [1858392] +- [netdrv] Revert "net/broadcom: Clean broadcom code from driver versions" (Jonathan Toppins) [1867146] +- [net] devmap: Use bpf_map_area_alloc() for allocating hash buckets (Jiri Benc) [1842380] +- [kernel] kexec_file: Correctly output debugging information for the PT_LOAD ELF header (Lianbo Jiang) [1861186] +- [kernel] kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [1861186] +- [x86] x86/crash: Correct the address boundary of function parameters (Lianbo Jiang) [1861186] +- [fs] ceph: handle zero-length feature mask in session messages (Jeff Layton) [1866018] +- [s390] s390/bpf: Tolerate not converging code shrinking (Yauheni Kaliuta) [1857120] +- [s390] s390/bpf: Use brcl for jumping to exit_ip if necessary (Yauheni Kaliuta) [1857120] +- [s390] s390/bpf: Fix sign extension in branch_ku (Yauheni Kaliuta) [1857120] +- [tools] selftests: bpf: test_kmod.sh: Fix running out of srctree (Yauheni Kaliuta) [1857120] +- [lib] bpf: revert "test_bpf: Flag tests that cannot be jited on s390" (Yauheni Kaliuta) [1857120] +- [kernel] uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned (Oleg Nesterov) [1848596] + +* Mon Aug 10 2020 Juri Lelli [4.18.0-232.rt7.44.el8] +- [fs] nfs: nfs_file_write() should check for writeback errors (Scott Mayhew) [1852788] +- [s390] s390/cpum_cf, perf: change DFLT_CCERROR counter name (Philipp Rudo) [1865794] +- [net] net/smc: unique reason code for exceeded max dmb count (Philipp Rudo) [1865792] +- [s390] s390/ism: indicate correct error reason in ism_alloc_dmb() (Philipp Rudo) [1865792] +- [net] net/smc: fix dmb buffer shortage (Philipp Rudo) [1865792] +- [net] net/smc: put slot when connection is killed (Philipp Rudo) [1865792] +- [net] net/smc: fix restoring of fallback changes (Philipp Rudo) [1865792] +- [net] net/smc: remove freed buffer from list (Philipp Rudo) [1865792] +- [net] net/smc: do not call dma sync for unmapped memory (Philipp Rudo) [1865792] +- [net] net/smc: fix handling of delete link requests (Philipp Rudo) [1865792] +- [net] net/smc: move add link processing for new device into llc layer (Philipp Rudo) [1865792] +- [net] net/smc: drop out-of-flow llc response messages (Philipp Rudo) [1865792] +- [net] net/smc: protect smc ib device initialization (Philipp Rudo) [1865792] +- [net] net/smc: fix link lookup for new rdma connections (Philipp Rudo) [1865792] +- [net] net/smc: clear link during SMC client link down processing (Philipp Rudo) [1865792] +- [net] net/smc: handle unexpected response types for confirm link (Philipp Rudo) [1865792] +- [net] net/smc: switch smcd_dev_list spinlock to mutex (Philipp Rudo) [1865792] +- [net] net/smc: fix sleep bug in smc_pnet_find_roce_resource() (Philipp Rudo) [1865792] +- [net] net/smc: fix work request handling (Philipp Rudo) [1865792] +- [net] net/smc: separate LLC wait queues for flow and messages (Philipp Rudo) [1865792] +- [net] net/smc: pre-fetch send buffer outside of send_lock (Philipp Rudo) [1865792] +- [nvme] nvme-fc: set max_segments to lldd max value (Ewan Milne) [1853181] +- [powerpc] ppc64/kexec_file: enable early kernel's OPAL calls (Diego Domingos) [1829715] +- [powerpc] ppc64/kexec_file: fix kexec load failure with lack of memory hole (Diego Domingos) [1829715] +- [powerpc] ppc64/kexec_file: add appropriate regions for memory reserve map (Diego Domingos) [1829715] +- [powerpc] ppc64/kexec_file: prepare elfcore header for crashing kernel (Diego Domingos) [1829715] +- [powerpc] ppc64/kexec_file: setup backup region for kdump kernel (Diego Domingos) [1829715] +- [powerpc] ppc64/kexec_file: restrict memory usage of kdump kernel (Diego Domingos) [1829715] +- [mm] powerpc/drmem: make lmb walk a bit more flexible (Diego Domingos) [1829715] +- [powerpc] ppc64/kexec_file: avoid stomping memory used by special regions (Diego Domingos) [1829715] +- [powerpc] powerpc/kexec_file: add helper functions for getting memory ranges (Diego Domingos) [1829715] +- [powerpc] powerpc/kexec_file: mark PPC64 specific code (Diego Domingos) [1829715] +- [kernel] kexec_file: allow archs to handle special regions while locating memory hole (Diego Domingos) [1829715] +- [netdrv] net/mlx5e: CT: Support restore ipv6 tunnel (Alaa Hleihel) [1862975] +- [netdrv] ionic: unlock queue mutex in error path (Jonathan Toppins) [1854270] +- [netdrv] ionic: use mutex to protect queue operations (Jonathan Toppins) [1854270] +- [net] xfrm: esp6: fix the location of the transport header with encapsulation (Sabrina Dubroca) [1857653] +- [net] ipv4: fill fl4_icmp_{type, code} in ping_v4_sendmsg (Sabrina Dubroca) [1861324] +- [netdrv] geneve: fix an uninitialized value in geneve_changelink() (Sabrina Dubroca) [1860945] +- [net] ip_tunnel: fix use-after-free in ip_tunnel_lookup() (Sabrina Dubroca) [1860945] +- [netdrv] vxlan: Avoid infinite loop when suppressing NS messages with invalid options (Sabrina Dubroca) [1860945] +- [tools] selftests: mptcp: capture pcap on both sides (Hangbin Liu) [1859880] +- [tools] selftests/net: report etf errors correctly (Hangbin Liu) [1859880] +- [tools] selftests: net: ip_defrag: ignore EPERM (Hangbin Liu) [1859880] +- [tools] selftests: forwarding: pedit_dsfield: Check counter value (Hangbin Liu) [1859880] +- [tools] selftests: net: tcp_mmap: fix SO_RCVLOWAT setting (Hangbin Liu) [1859880] +- [tools] selftests: net: tcp_mmap: clear whole tcp_zerocopy_receive struct (Hangbin Liu) [1859880] +- [tools] selftests: A few improvements to fib_nexthops.sh (Hangbin Liu) [1859880] +- [tools] selftests: Add tests for vrf and xfrms (Hangbin Liu) [1859880] +- [tools] selftests: pmtu: implement IPIP, SIT and ip6tnl PMTU discovery tests (Hangbin Liu) [1859880] +- [tools] selftests/net/forwarding: define libs as TEST_PROGS_EXTENDED (Hangbin Liu) [1859880] +- [tools] selftests/net/forwarding: add Makefile to install tests (Hangbin Liu) [1859880] +- [tools] selftests: nft_concat_range: Move option for 'list ruleset' before command (Hangbin Liu) [1859880] +- [tools] selftests: netfilter: use randomized netns names (Hangbin Liu) [1859880] +- [tools] kselftests: netfilter: fix leftover net/net-next merge conflict (Hangbin Liu) [1859880] +- [tools] selftests: netfilter: missing error check when setting up veth interface (Hangbin Liu) [1859880] +- [net] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket (Xin Long) [1860673] +- [net] sctp: check assoc before SCTP_ADDR_{MADE_PRIM, ADDED} event (Xin Long) [1860673] +- [net] sctp: fix typo sctp_ulpevent_nofity_peer_addr_change (Xin Long) [1860673] +- [net] sctp: Fix spelling in Kconfig help (Xin Long) [1860673] +- [net] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (Xin Long) [1860673] +- [net] sctp: Don't add the shutdown timer if its already been added (Xin Long) [1860673] +- [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1860673] +- [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1860673] +- [net] ip6_vti: use IS_REACHABLE to avoid some compile errors (Xin Long) [1840976 1835075] +- [net] xfrm: interface: use IS_REACHABLE to avoid some compile errors (Xin Long) [1840976 1835075] +- [net] xfrm: interface: not xfrmi_ipv6/ipip_handler twice (Xin Long) [1840976 1835075] +- [net] ip6_vti: not register vti_ipv6_handler twice (Xin Long) [1840976 1835075] +- [net] ip_vti: not register vti_ipip_handler twice (Xin Long) [1840976 1835075] +- [net] xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler (Xin Long) [1840976 1835075] +- [net] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler (Xin Long) [1840976 1835075] +- [net] ipcomp: assign if_id to child tunnel from parent tunnel (Xin Long) [1840976 1835075] +- [net] ip6_vti: support IP6IP tunnel processing (Xin Long) [1840976 1835075] +- [net] ip6_vti: support IP6IP6 tunnel processing with .cb_handler (Xin Long) [1840976 1835075] +- [net] ip_vti: support IPIP6 tunnel processing (Xin Long) [1840976 1835075] +- [net] ip_vti: support IPIP tunnel processing with .cb_handler (Xin Long) [1840976 1835075] +- [net] tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels (Xin Long) [1840976 1835075] +- [net] tunnel4: add cb_handler to struct xfrm_tunnel (Xin Long) [1840976 1835075] +- [net] xfrm: add is_ipip to struct xfrm_input_afinfo (Xin Long) [1840976 1835075] +- [net] tunnel6: support for IPPROTO_MPLS (Xin Long) [1840976 1835075] +- [net] virtio_vsock: Enhance connection semantics (Stefano Garzarella) [1861735] +- [net] virtio_vsock: Fix race condition in virtio_transport_recv_pkt (Stefano Garzarella) [1858135] +- [net] vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (Stefano Garzarella) [1861762] +- [vhost] vsock/virtio: fix multiple packet delivery to monitoring devices (Stefano Garzarella) [1861762] +- [vhost] vsock: fix packet delivery order to monitoring devices (Stefano Garzarella) [1861762] +- [vhost] vsock: accept only packets with the right dst_cid (Stefano Garzarella) [1861762] +- [vhost] vsock: refuse CID assigned to the guest->host transport (Stefano Garzarella) [1861762] +- [vhost] vsock: switch to a mutex for vhost_vsock_hash (Stefano Garzarella) [1861762] +- [net] vsock: fix timeout in vsock_accept() (Stefano Garzarella) [1861762] +- [net] vsock: Simplify '__vsock_release()' (Stefano Garzarella) [1861762] +- [netdrv] net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (Alaa Hleihel) [1859477] +- [netdrv] net/mlx5e: Modify uplink state on interface up/down (Alaa Hleihel) [1861720 1859477] +- [netdrv] net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup (Alaa Hleihel) [1859477 1856660] +- [netdrv] ixgbe: Add ethtool support to enable 2.5 and 5.0 Gbps support (Ken Cox) [1835962] +- [x86] x86/purgatory: Add -fno-stack-protector (Lianbo Jiang) [1857528] +- [x86] x86/purgatory: Fail the build if purgatory.ro has missing symbols (Lianbo Jiang) [1857528] +- [x86] x86/purgatory: Do not use __builtin_memcpy and __builtin_memset (Lianbo Jiang) [1857528] +- [x86] x86/boot: Provide KASAN compatible aliases for string routines (Lianbo Jiang) [1857528] +- [x86] x86/purgatory: Disable various profiling and sanitizing options (Lianbo Jiang) [1857528] +- [x86] x86/boot: Restrict header scope to make Clang happy (Lianbo Jiang) [1857528] + +* Sat Aug 08 2020 Juri Lelli [4.18.0-231.rt7.43.el8] +- [x86] x86/entry/64: Update comments and sanity tests for create_gap (Jiri Olsa) [1850831] +- [x86] x86/alternatives: add missing insn.h include (Jiri Olsa) [1850831] +- [x86] x86/alternatives: Teach text_poke_bp() to emulate instructions (Jiri Olsa) [1850831] +- [x86] x86/paravirt: Standardize 'insn_buff' variable names (Jiri Olsa) [1850831] +- [x86] x86_64: Allow breakpoints to emulate call instructions (Jiri Olsa) [1850831] +- [x86] x86_64: Add gap to int3 to allow for call emulation (Jiri Olsa) [1850831] +- [x86] x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (Jiri Olsa) [1850831] +- [nvme] nvme: add a Identify Namespace Identification Descriptor list quirk (Gopal Tiwari) [1862136] +- [nvme] nvme: fix identify error status silent ignore (Gopal Tiwari) [1862136] +- [nvme] nvme: fix possible hang when ns scanning fails during error recovery (Gopal Tiwari) [1862136] +- [nvme] nvme: refactor nvme_identify_ns_descs error handling (Gopal Tiwari) [1862136] +- [infiniband] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (Kamal Heib) [1850314] +- [powerpc] powerpc/pseries: PCIE PHB reset (Steve Best) [1747345] +- [drm] drm/nouveau/kms: Handle -EINPROGRESS in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms: Fix runtime PM leak in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms: Invert conditionals in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms: Use pm_runtime_put_autosuspend() in hpd_work (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms/fbcon: Use pm_runtime_put_autosuspend() in suspend work (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms/fbcon: Fix pm_runtime calls in nouveau_fbcon_output_poll_changed() (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms/fbcon: Correct pm_runtime calls in nouveau_fbcon_release() (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms: Fix rpm leak in nouveau_connector_hotplug() (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms: Handle -EINPROGRESS in nouveau_connector_hotplug() (Lyude Paul) [1827812] +- [drm] drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (Lyude Paul) [1827812] +- [drm] drm/nouveau/kms/tu102: wait for core update to complete when assigning windows (Lyude Paul) [1827812] +- [drm] drm/nouveau/disp/gm200-: fix regression from HDA SOR selection changes (Lyude Paul) [1827812] +- [drm] drm/amd/powerplay: fix a crash when overclocking Vega M (Lyude Paul) [1827812] +- [drm] drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (Lyude Paul) [1827812] +- [drm] drm/amdgpu: fix preemption unit test (Lyude Paul) [1827812] +- [drm] drm/amdgpu/gfx10: fix race condition for kiq (Lyude Paul) [1827812] +- [drm] drm/amd/display: add dmcub check on RENOIR (Lyude Paul) [1827812] +- [drm] drm/amd/display: Check DMCU Exists Before Loading (Lyude Paul) [1827812] +- [drm] drm/nouveau/nouveau: fix page fault on device private memory (Lyude Paul) [1827812] +- [drm] drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (Lyude Paul) [1827812] +- [drm] drm/i915/perf: Use GTT when saving/restoring engine GPR (Lyude Paul) [1827812] +- [drm] drm/i915/gvt: Fix two CFL MMIO handling caused by regression (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Only swap to a random sibling once upon creation (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Ignore irq enabling on the virtual engines (Lyude Paul) [1827812] +- [drm] drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2 (Lyude Paul) [1827812] +- [drm] drm/amdgpu/display: create fake mst encoders ahead of time (v4) (Lyude Paul) [1827812] +- [drm] drm/amd/display: handle failed allocation during stream construction (Lyude Paul) [1827812] +- [drm] drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (Lyude Paul) [1827812] +- [drm] drm/amdgpu/powerplay: Modify SMC message name for setting power profile mode (Lyude Paul) [1827812] +- [drm] drm/i915: Also drop vm.ref along error paths for vma construction (Lyude Paul) [1827812] +- [drm] drm/i915: Drop vm.ref for duplicate vma on construction (Lyude Paul) [1827812] +- [drm] drm/amdgpu: asd function needs to be unloaded in suspend phase (Lyude Paul) [1827812] +- [drm] drm/amdgpu: add TMR destory function for psp (Lyude Paul) [1827812] +- [drm] drm/amdgpu: don't do soft recovery if gpu_recovery=0 (Lyude Paul) [1827812] +- [drm] drm/i915: Skip stale object handle for debugfs per-file-stats (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Pin the rings before marking active (Lyude Paul) [1827812] +- [drm] drm/radeon: fix double free (Lyude Paul) [1827812] +- [drm] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (Lyude Paul) [1827812] +- [drm] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (Lyude Paul) [1827812] +- [iommu] iommu/vt-d: Don't apply gfx quirks to untrusted devices (Lyude Paul) [1827812] +- [drm] drm/tegra: hub: Do not enable orphaned window group (Lyude Paul) [1827812] +- [drm] drm/ttm: Fix dma_fence refcnt leak when adding move fence (Lyude Paul) [1827812] +- [drm] drm/ttm: Fix dma_fence refcnt leak in ttm_bo_vm_fault_reserved (Lyude Paul) [1827812] +- [drm] drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (Lyude Paul) [1827812] +- [drm] drm/amdgpu: use u rather than d for sclk/mclk (Lyude Paul) [1827812] +- [drm] drm/amd/display: Only revalidate bandwidth on medium and fast updates (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Mark timeline->cacheline as destroyed after rcu grace period (Lyude Paul) [1827812] +- [drm] drm/amd/display: Fix ineffective setting of max bpc property (Lyude Paul) [1827812] +- [drm] drm/amd/display: Fix incorrectly pruned modes with deep color (Lyude Paul) [1827812] +- [drm] drm/amdgpu: add fw release for sdma v5_0 (Lyude Paul) [1827812] +- [drm] drm/radeon: fix fb_div check in ni_init_smc_spll_table() (Lyude Paul) [1827812] +- [drm] drm/amd: fix potential memleak in err branch (Lyude Paul) [1827812] +- [drm] drm/amd/display: Enable output_bpc property on all outputs (Lyude Paul) [1827812] +- [drm] drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (Lyude Paul) [1827812] +- [drm] Revert "drm/amd/display: disable dcn20 abm feature for bring up" (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Move gen4 GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Move vlv GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Move ilk GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Move snb GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Move ivb GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Move hsw GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] +- [drm] drm/i915/gt: Incrementally check for rewinding (Lyude Paul) [1827812] +- [drm] drm/i915/tc: fix the reset of ln0 (Lyude Paul) [1827812] +- [drm] drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (Lyude Paul) [1827812] +- [drm] drm/amd/display: Use kvfree() to free coeff in build_regamma() (Lyude Paul) [1827812] +- [drm] drm/amdkfd: Use correct major in devcgroup check (Lyude Paul) [1827812] +- [drm] drm/connector: notify userspace on hotplug after register complete (Lyude Paul) [1827812] +- [drm] drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (Lyude Paul) [1827812] +- [drm] drm/i915/gem: Avoid iterating an empty list (Lyude Paul) [1827812] +- [drm] drm/i915: Fix AUX power domain toggling across TypeC mode resets (Lyude Paul) [1827812] +- [drm] drm/dp_mst: Increase ACT retry timeout to 3s (Lyude Paul) [1827812] +- [drm] drm/ast: Don't check new mode if CRTC is being disabled (Lyude Paul) [1827812] +- [drm] drm/amdgpu: Replace invalid device ID with a valid device ID (Lyude Paul) [1827812] +- [drm] drm/amdgpu/display: use blanked rather than plane state for sync groups (Lyude Paul) [1827812] +- [drm] drm/qxl: Use correct notify port address when creating cursor ring (Lyude Paul) [1827812] +- [drm] drm/dp_mst: Reformat drm_dp_check_act_status() a bit (Lyude Paul) [1827812] +- [drm] drm/ast: fix missing break in switch statement for format->cppcase 4 (Lyude Paul) [1827812] +- [drm] drm/amd/display: Revalidate bandwidth before commiting DC updates (Lyude Paul) [1827812] +- [drm] drm/nouveau: gr/gk20a: Use firmware version 0 (Lyude Paul) [1827812] +- [drm] drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode (Lyude Paul) [1827812] +- [drm] drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (Lyude Paul) [1827812] +- [drm] drm/amd/display: Do not disable pipe split if mode is not supported (Lyude Paul) [1827812] +- [drm] drm/amd/display: dmcu wait loop calculation is incorrect in RV (Lyude Paul) [1827812] +- [drm] drm/amd/display: Correct updating logic of dcn21's pipe VM flags (Lyude Paul) [1827812] +- [drm] drm/ast: Allocate initial CRTC state of the correct size (Lyude Paul) [1827812] +- [drm] drm/hisilicon: Enforce 128-byte stride alignment to fix the hardware limitation (Lyude Paul) [1827812] +- [drm] drm/dp: Lenovo X13 Yoga OLED panel brightness fix (Lyude Paul) [1827812] +- [drm] drm/i915/dpcd_bl: Unbreak enable_dpcd_backlight modparam (Lyude Paul) [1827812] +- [drm] drm/i915: Force DPCD backlight mode for some Dell CML 2020 panels (Lyude Paul) [1827812] +- [drm] drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel (Lyude Paul) [1827812] +- [drm] drm/dp: Introduce EDID-based quirks (Lyude Paul) [1827812] +- [drm] drm/amdgpu: Init data to avoid oops while reading pp_num_states (Lyude Paul) [1827812] +- [drm] drm/amd/display: fix virtual signal dsc setup (Lyude Paul) [1827812] +- [drm] drm/amd/display: Force watermark value propagation (Lyude Paul) [1827812] +- [drm] drm: bridge: adv7511: Extend list of audio sample rates (Lyude Paul) [1827812] +- [drm] drm/amdgpu: fix and cleanup amdgpu_gem_object_close v4 (Lyude Paul) [1827812] +- [drm] drm/vkms: Hold gem object while still in-use (Lyude Paul) [1827812] +- [drm] drm/amd/display: Not doing optimize bandwidth if flip pending (Lyude Paul) [1827812] +- [drm] drm/amd/display: remove invalid dc_is_hw_initialized function (Lyude Paul) [1827812] +- [drm] drm/amd/display: DP training to set properly SCRAMBLING_DISABLE (Lyude Paul) [1827812] +- [drm] drm/edid: Add Oculus Rift S to non-desktop list (Lyude Paul) [1827812] +- [drm] drm/amd/display: Fix potential integer wraparound resulting in a hang (Lyude Paul) [1827812] +- [drm] drm/amd/display: Added locking for atomic update stream and update planes (Lyude Paul) [1827812] +- [drm] drm/amd/display: Indicate dsc updates explicitly (Lyude Paul) [1827812] +- [drm] drm/amd/display: Split program front end part that occur outside lock (Lyude Paul) [1827812] +- [drm] drm/amd/display: drop cursor position check in atomic test (Lyude Paul) [1827812] +- [drm] drm/amd/amdgpu: Update update_config() logic (Lyude Paul) [1827812] +- [drm] drm/amdgpu: Use GEM obj reference for KFD BOs (Lyude Paul) [1827812] +- [drm] drm/amd/powerplay: perform PG ungate prior to CG ungate (Lyude Paul) [1827812] +- [drm] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate (Lyude Paul) [1827812] +- [drm] drm/i915: Propagate error from completed fences (Lyude Paul) [1827812] +- [drm] drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (Lyude Paul) [1827812] +- [drm] drm/amd/display: Prevent dpcd reads with passive dongles (Lyude Paul) [1827812] +- [drm] drm/amd/display: fix counter in wait_for_no_pipes_pending (Lyude Paul) [1827812] +- [gpu] vgaarb: Keep adding VGA device in queue (Lyude Paul) [1827812] + +* Mon Aug 03 2020 Juri Lelli [4.18.0-230.rt7.42.el8] +- [net] openvswitch: fixes potential deadlock in dp cleanup code (Eelco Chaudron) [1845662] +- [net] openvswitch: reorder masks array based on usage (Eelco Chaudron) [1845662] +- [net] openvswitch: ovs_ct_exit to be done under ovs_lock (Eelco Chaudron) [1860853] +- [net] ip6_gre: fix null-ptr-deref in ip6gre_init_net() (Hangbin Liu) [1860221] +- [net] ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (Hangbin Liu) [1860221] +- [net] mld: fix memory leak in ipv6_mc_destroy_dev() (Hangbin Liu) [1860221] +- [net] ipv6: Fix suspicious RCU usage warning in ip6mr (Hangbin Liu) [1860221] +- [net] ip6mr: Fix RCU list debugging warning (Hangbin Liu) [1860221] +- [net] revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" (Hangbin Liu) [1860221] +- [netdrv] macsec: avoid to set wrong mtu (Sabrina Dubroca) [1860944] +- [netdrv] team: fix hang in team_mode_get() (Hangbin Liu) [1860219] +- [include] xfrm: Fix crash when the hold queue is used. (Xin Long) [1860672] +- [net] xfrm: policy: fix IPv6-only espintcp compilation (Xin Long) [1860672] +- [net] xfrm: esp6: fix encapsulation header offset computation (Xin Long) [1860672] +- [net] xfrm: Fix double ESP trailer insertion in IPsec crypto offload. (Xin Long) [1860672] +- [net] esp4: improve xfrm4_beet_gso_segment() to be more readable (Xin Long) [1860672] +- [net] xfrm interface: don't take extra reference to netdev (Xin Long) [1860672] +- [net] xfrm interface: fix oops when deleting a x-netns interface (Xin Long) [1860672] +- [net] xfrm: remove the unnecessary .net_exit for xfrmi (Xin Long) [1860672] +- [net] xfrm: Always set XFRM_TRANSFORMED in xfrm{4, 6}_output_finish (Xin Long) [1860672] +- [include] xfrm: fix error in comment (Xin Long) [1860672] +- [net] sctp: shrink stream outq when fails to do addstream reconf (Xin Long) [1853535] +- [net] sctp: shrink stream outq only when new outcnt < old outcnt (Xin Long) [1853535] +- [net] tipc: fix kernel WARNING in tipc_msg_append() (Xin Long) [1844377] +- [net] tipc: fix NULL pointer dereference in streaming (Xin Long) [1844377] +- [net] tipc: add test for Nagle algorithm effectiveness (Xin Long) [1844377] +- [net] tipc: fix failed service subscription deletion (Xin Long) [1844377] +- [net] tipc: fix memory leak in service subscripting (Xin Long) [1844377] +- [net] tipc: fix large latency in smart Nagle streaming (Xin Long) [1844377] +- [net] mptcp: add receive buffer auto-tuning (Florian Westphal) [1858276] +- [tools] selftests: mptcp: add option to specify size of file to transfer (Florian Westphal) [1858276] +- [net] mptcp: fallback in case of simultaneous connect (Florian Westphal) [1858276] +- [net] mptcp: improve fallback to TCP (Florian Westphal) [1858276] +- [net] mptcp: fix unblocking connect() (Florian Westphal) [1858276] +- [net] mptcp: cache msk on MP_JOIN init_req (Florian Westphal) [1858276] +- [net] mptcp: remove msk from the token container at destruction time. (Florian Westphal) [1858276] +- [net] mptcp: fix races between shutdown and recvmsg (Florian Westphal) [1858276] +- [net] mptcp: fix race between MP_JOIN and close (Florian Westphal) [1858276] +- [net] mptcp: drop MPTCP_PM_MAX_ADDR (Florian Westphal) [1858276] +- [net] mptcp: bugfix for RM_ADDR option parsing (Florian Westphal) [1858276] +- [net] mptcp: drop MP_JOIN request sock on syn cookies (Florian Westphal) [1858276] +- [net] mptcp: avoid NULL-ptr derefence on fallback (Florian Westphal) [1858276] +- [net] mptcp: drop sndr_key in mptcp_syn_options (Florian Westphal) [1858276] +- [net] mptcp: MPTCP_HMAC_TEST should depend on MPTCP (Florian Westphal) [1858276] +- [net] mptcp: fix DSS map generation on fin retransmission (Florian Westphal) [1858276] +- [net] inet_connection_sock: clear inet_num out of destroy helper (Florian Westphal) [1858276] +- [net] mptcp: fix NULL ptr dereference in MP_JOIN error path (Florian Westphal) [1858276] +- [net] mptcp: avoid blocking in tcp_sendpages (Florian Westphal) [1858276] +- [net] mptcp: break and restart in case mptcp sndbuf is full (Florian Westphal) [1858276] +- [net] l2tp: remove skb_dst_set() from l2tp_xmit_skb() (Xin Long) [1832799] +- [net] rtnetlink: prevent underflows in do_setvfinfo() (Davide Caratti) [1854740] +- [net] netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag (Phil Sutter) [1847553] +- [net] netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type (Phil Sutter) [1847553] +- [net] openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (Lorenzo Bianconi) [1851888] +- [tools] selftests: forwarding: mirror_lib: Use mausezahn (Davide Caratti) [1816443] +- [x86] perf/x86/rapl: Add Ice Lake RAPL support (Michael Petlan) [1841266] +- [arm64] arm64/mm: enable HugeTLB migration (Donghai Qiao) [1758717] +- [scsi] scsi: core: Run queue in case of I/O resource contention failure (Ewan Milne) [1854958] +- [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1850563] +- [netdrv] net: qed: fix buffer overflow on ethtool -d (Manish Chopra) [1858915] +- [x86] sched/cputime: Improve cputime_adjust() (Oleg Nesterov) [1859977] +- [kernel] uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression (Oleg Nesterov) [1855390] +- [x86] x86/asm: Fix MWAITX C-state hint value (Vladis Dronov) [1767064] +- [x86] x86/kexec: Fill in acpi_rsdp_addr from the first kernel (Kairui Song) [1684462] +- [x86] x86/kexec: Don't setup EFI info if EFI runtime is not enabled (Kairui Song) [1684462] +- [vfio] vfio/pci: fix racy on error and request eventfd ctx (Alex Williamson) [1858346] +- [platform] platform/x86: ISST: Increase timeout (Prarit Bhargava) [1854682] +- [mm] x86/mm: split vmalloc_sync_all() (Al Stone) [1851547] +- [acpi] ACPI: watchdog: Fix gas->access_width usage (Al Stone) [1851547] +- [acpi] ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (Al Stone) [1851547] + +* Fri Jul 31 2020 Juri Lelli [4.18.0-229.rt7.41.el8] +- [rt] Revert "[fs] eventfd: track eventfd_signal() recursion depth" (Juri Lelli) [https://bugzilla.redhat.com/1852298] +- [virt] kvm: x86: take as_id into account when checking PGD (Vitaly Kuznetsov) [1615704] +- [arm64] kvm: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (Andrew Jones) [1855788] +- [arm64] kvm: arm64: pmu: Fix per-CPU access in preemptible context (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Fix kvm_reset_vcpu() return code being incorrect with SVE (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Annotate hyp NMI-related functions as __always_inline (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Remove host_cpu_context member from vcpu structure (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Move hyp_symbol_addr() to kvm_asm.h (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Handle PtrAuth traps early (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Save the host's PtrAuth keys in non-preemptible context (Andrew Jones) [1855788] +- [arm64] kvm: arm64: Stop save/restoring ACTLR_EL1 (Andrew Jones) [1855788] +- [kernel] firmware: smccc: Update link to latest SMCCC specification (Andrew Jones) [1855788] +- [kernel] arm/arm64: smccc-1.1: Handle function result as parameters (Andrew Jones) [1855788] +- [kernel] arm/arm64: smccc-1.1: Make return values unsigned long (Andrew Jones) [1855788] +- [video] Revert "hyperv_fb: Fix hibernation for the deferred IO feature" (Mohammed Gamal) [1858755] +- [netdrv] net/mlx5e: CT: Map 128 bits labels to 32 bit map ID (Alaa Hleihel) [1859540] +- [security] ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime (Bruno Meneguele) [1847219] +- [scsi] scsi: lpfc: NVMe remote port devloss_tmo from lldd (Dick Kennedy) [1859344] +- [netdrv] net/mlx5e: Disable devlink port support for non-switchdev mode (Alaa Hleihel) [1858501 1852904 1849623] +- [tools] perf powerpc: Don't ignore sym-handling.c file (Michael Petlan) [1858133] +- [fs] ext4: reserve revoke credits in __ext4_new_inode (Lukas Czerner) [1856760] +- [include] jbd2: make jbd2_handle_buffer_credits() handle reserved handles (Lukas Czerner) [1856760] +- [fs] jbd2: avoid leaking transaction credits when unreserving handle (Lukas Czerner) [1856760] +- [fs] jbd2: Fine tune estimate of necessary descriptor blocks (Lukas Czerner) [1856760] +- [fs] jbd2: Provide trace event for handle restarts (Lukas Czerner) [1856760] +- [fs] ext4: Reserve revoke credits for freed blocks (Lukas Czerner) [1856760] +- [fs] jbd2: Make credit checking more strict (Lukas Czerner) [1856760] +- [fs] jbd2: Rename h_buffer_credits to h_total_credits (Lukas Czerner) [1856760] +- [fs] jbd2: add missing tracepoint for reserved handle (Lukas Czerner) [1856760] +- [fs] jbd2: Reserve space for revoke descriptor blocks (Lukas Czerner) [1856760] +- [fs] jbd2: Drop jbd2_space_needed() (Lukas Czerner) [1856760] +- [fs] jbd2: remove repeated assignments in __jbd2_log_wait_for_space() (Lukas Czerner) [1856760] +- [fs] jbd2: Account descriptor blocks into t_outstanding_credits (Lukas Czerner) [1856760] +- [include] jbd2: update locking documentation for transaction_t (Lukas Czerner) [1856760] +- [fs] jbd2: Factor out common parts of stopping and restarting a handle (Lukas Czerner) [1856760] +- [fs] jbd2: Drop pointless wakeup from jbd2_journal_stop() (Lukas Czerner) [1856760] +- [fs] jbd2: Drop pointless check from jbd2_journal_stop() (Lukas Czerner) [1856760] +- [fs] jbd2: Reorganize jbd2_journal_stop() (Lukas Czerner) [1856760] +- [fs] ext4, jbd2: Provide accessor function for handle credits (Lukas Czerner) [1856760] +- [fs] ext4: Provide function to handle transaction restarts (Lukas Czerner) [1856760] +- [fs] ext4: Avoid unnecessary revokes in ext4_alloc_branch() (Lukas Czerner) [1856760] +- [fs] ext4: Use ext4_journal_extend() instead of jbd2_journal_extend() (Lukas Czerner) [1856760] +- [fs] jbd2: Completely fill journal descriptor blocks (Lukas Czerner) [1856760] +- [fs] jbd2: Fixup stale comment in commit code (Lukas Czerner) [1856760] +- [include] jbd2: Fix possible overflow in jbd2_log_space_left() (Lukas Czerner) [1856760] +- [fs] ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (Lukas Czerner) [1856760] +- [fs] ext4: remove set but not used variable 'es' in ext4_jbd2.c (Lukas Czerner) [1856760] +- [fs] ext4: remove set but not used variable 'es' (Lukas Czerner) [1856760] +- [fs] ext4: save all error info in save_error_info() and drop ext4_set_errno() (Lukas Czerner) [1856760] +- [fs] ext4: save the error code which triggered an ext4_error() in the superblock (Lukas Czerner) [1856760] +- [fs] jbd2: clean __jbd2_journal_abort_hard() and __journal_abort_soft() (Lukas Czerner) [1856760] +- [fs] ext4: stop overwrite the errcode in ext4_setup_super (Lukas Czerner) [1856760] +- [fs] ext4: fix partial cluster initialization when splitting extent (Lukas Czerner) [1856760] +- [fs] ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Lukas Czerner) [1856760] +- [fs] ext4: fix race between ext4_sync_parent() and rename() (Lukas Czerner) [1856760] +- [fs] ext4: clean up ext4_ext_convert_to_initialized() error handling (Lukas Czerner) [1856760] +- [fs] ext4: clean up GET_BLOCKS_PRE_IO error handling (Lukas Czerner) [1856760] +- [fs] ext4: fix error pointer dereference (Lukas Czerner) [1856760] +- [fs] ext4: Avoid freeing inodes on dirty list (Lukas Czerner) [1856760] +- [fs] writeback: Export inode_io_list_del() (Lukas Czerner) [1856760] +- [fs] ext4: fix buffer_head refcnt leak when ext4_iget() fails (Lukas Czerner) [1856760] +- [fs] ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (Lukas Czerner) [1856760] +- [fs] ext4: fix a style issue in fs/ext4/acl.c (Lukas Czerner) [1856760] +- [fs] ext4: fix return-value types in several function comments (Lukas Czerner) [1856760] +- [fs] ext4: use non-movable memory for superblock readahead (Lukas Czerner) [1856760] +- [fs] ext4: fix incorrect group count in ext4_fill_super error message (Lukas Czerner) [1856760] +- [fs] ext4: fix incorrect inodes per group in error message (Lukas Czerner) [1856760] +- [fs] ext4: avoid ENOSPC when avoiding to reuse recently deleted inodes (Lukas Czerner) [1856760] +- [fs] ext4: fix a data race at inode->i_disksize (Lukas Czerner) [1856760] +- [fs] ext4: fix a data race at inode->i_blocks (Lukas Czerner) [1856760] +- [fs] ext4: clean up error return for convert_initialized_extent() (Lukas Czerner) [1856760] +- [fs] ext4: force buffer up-to-date while marking it dirty (Lukas Czerner) [1856760] +- [fs] ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (Lukas Czerner) [1856760] +- [fs] ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (Lukas Czerner) [1856760] +- [fs] ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (Lukas Czerner) [1856760] +- [fs] ext4: fix potential race between s_flex_groups online resizing and access (Lukas Czerner) [1856760] +- [fs] ext4: fix potential race between s_group_info online resizing and access (Lukas Czerner) [1856760] +- [fs] ext4: fix potential race between online resizing and write operations (Lukas Czerner) [1856760] +- [fs] ext4: add cond_resched() to __ext4_find_entry() (Lukas Czerner) [1856760] +- [fs] ext4: fix a data race in EXT4_I(inode)->i_disksize (Lukas Czerner) [1856760] +- [fs] ext4: fix checksum errors with indexed dirs (Lukas Czerner) [1856760] +- [fs] ext4: simplify checking quota limits in ext4_statfs() (Lukas Czerner) [1856760] +- [fs] ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (Lukas Czerner) [1856760] +- [fs] ext4: don't assume that mmp_nodename/bdevname have NUL (Lukas Czerner) [1856760] +- [fs] jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (Lukas Czerner) [1856760] +- [fs] ext4, jbd2: ensure panic when aborting with zero errno (Lukas Czerner) [1856760] +- [fs] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (Lukas Czerner) [1856760] +- [fs] jbd2_seq_info_next should increase position index (Lukas Czerner) [1856760] +- [fs] ext4,jbd2: fix comment and code style (Lukas Czerner) [1856760] +- [fs] ext4: fix extent_status trace points (Lukas Czerner) [1856760] +- [fs] ext4: fix extent_status fragmentation for plain files (Lukas Czerner) [1856760] +- [fs] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (Lukas Czerner) [1856760] +- [fs] ext4: fix some nonstandard indentation in extents.c (Lukas Czerner) [1856760] +- [fs] ext4: fix documentation for ext4_ext_try_to_merge() (Lukas Czerner) [1856760] +- [fs] ext4: avoid fetching btime in ext4_getattr() unless requested (Lukas Czerner) [1856760] +- [fs] ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT (Lukas Czerner) [1856760] +- [fs] ext4: optimize __ext4_check_dir_entry() (Lukas Czerner) [1856760] +- [fs] ext4: check for directory entries too close to block end (Lukas Czerner) [1856760] +- [fs] ext4: fix a bug in ext4_wait_for_tail_page_commit (Lukas Czerner) [1856760] +- [fs] jbd2: Fix statistics for the number of logged blocks (Lukas Czerner) [1856760] +- [fs] ext4: Fix ext4_should_journal_data() for EA inodes (Lukas Czerner) [1856760] +- [fs] ext4: Fix credit estimate for final inode freeing (Lukas Czerner) [1856760] +- [fs] ext4: Do not iput inode under running transaction (Lukas Czerner) [1856760] +- [fs] ext4: Move marking of handle as sync to ext4_add_nondir() (Lukas Czerner) [1856760] +- [fs] ext4: update direct I/O read lock pattern for IOCB_NOWAIT (Lukas Czerner) [1856760] +- [fs] jbd2: flush_descriptor(): Do not decrease buffer head's ref count (Lukas Czerner) [1856760] +- [fs] ext4: fix prefetchw of NULL page (Lukas Czerner) [1856760] +- [fs] ext4: check for non-zero journal inum in ext4_calculate_overhead (Lukas Czerner) [1814574] +- [fs] ext4: do not commit super on read-only bdev (Lukas Czerner) [1814574] +- [kernel] isolcpus: Affine unbound kernel threads to housekeeping cpus (Marcelo Tosatti) [1791930] +- [kernel] kthread: Switch to cpu_possible_mask (Marcelo Tosatti) [1791930] +- [scsi] scsi: lpfc: Quieten some printks (Dick Kennedy) [1859338] +- [scsi] Revert "scsi: lpfc: Fix scsi host template for SLI3 vports" (Dick Kennedy) [1851189] +- [md] dm mpath: use double checked locking in fast path (Mike Snitzer) [1848651] +- [md] dm mpath: rename current_pgpath to pgpath in multipath_prepare_ioctl (Mike Snitzer) [1848651] +- [md] dm mpath: rework __map_bio() (Mike Snitzer) [1848651] +- [md] dm mpath: factor out multipath_queue_bio (Mike Snitzer) [1848651] +- [md] dm mpath: push locking down to must_push_back_rq() (Mike Snitzer) [1848651] +- [md] dm mpath: take m->lock spinlock when testing QUEUE_IF_NO_PATH (Mike Snitzer) [1848651] +- [md] dm mpath: changes from initial m->flags locking audit (Mike Snitzer) [1848651] +- [md] dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Mike Snitzer) [1848651] +- [md] dm: do not use waitqueue for request-based DM (Mike Snitzer) [1848651] +- [block] blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() (Mike Snitzer) [1848651] +- [powerpc] powerpc/fadump: fix race between pstore write and fadump crash trigger (Steve Best) [1820109] +- [tools] libbpf: Fix probe code to return EPERM if encountered (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1856592] +- [tools] tools selftests/bpf: Fix vmlinux test for kprobe and trampoline probes (Jiri Olsa) [1855778] +- [net] net: Restrict receive packets queuing to housekeeping CPUs (Nitesh Narayan Lal) [1844520] +- [pci] PCI: Restrict probe functions to housekeeping CPUs (Nitesh Narayan Lal) [1844520] +- [lib] lib: Restrict cpumask_local_spread to houskeeping CPUs (Nitesh Narayan Lal) [1844520] + +* Mon Jul 27 2020 Juri Lelli [4.18.0-228.rt7.40.el8] +- [tools] selftests/powerpc: Purge extra count_pmc() calls of ebb selftests (Desnes Augusto Nunes do Rosario) [1739769] +- [netdrv] bonding: symmetric ICMP transmit (Jarod Wilson) [1760293] +- [netdrv] bonding: balance ICMP echoes in layer3+4 mode (Jarod Wilson) [1760362] +- [powerpc] powerpc/vas: Report proper error code for address translation failure (Steve Best) [1858160] +- [infiniband] IB/hfi1: Fix module use count flaw due to leftover module put calls (Kamal Heib) [1858388] +- [gpu] vgaarb: Add support for 64-bit frame buffer address (Karol Herbst) [1735217] +- [netdrv] ionic: centralize queue reset code (Jonathan Toppins) [1857851] +- [s390] s390/qeth: support net namespaces for L3 devices (Philipp Rudo) [1857311] +- [s390] s390/qeth: implement smarter resizing of the RX buffer pool (Philipp Rudo) [1857311] +- [s390] s390/qeth: refactor buffer pool code (Philipp Rudo) [1857311] +- [s390] s390/qeth: use page pointers to manage RX buffer pool (Philipp Rudo) [1857311] +- [s390] s390/qeth: cancel RX reclaim work earlier (Philipp Rudo) [1857311] +- [s390] s390/qeth: handle error when backing RX buffer (Philipp Rudo) [1857311] +- [s390] s390/qeth: don't reset default_out_queue (Philipp Rudo) [1857311] +- [s390] s390/qdio: fill SBALEs with absolute addresses (Philipp Rudo) [1857311] +- [s390] s390/qeth: fix off-by-one in RX copybreak check (Philipp Rudo) [1857311] +- [s390] s390/qeth: vnicc Fix EOPNOTSUPP precedence (Philipp Rudo) [1857311] +- [s390] s390/qeth: consolidate QDIO queue setup (Philipp Rudo) [1857311] +- [s390] s390/pci: Fix s390_mmio_read/write with MIO (Philipp Rudo) [1857315] +- [s390] scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (Philipp Rudo) [1857312] +- [net] net/smc: tolerate future SMCD versions (Philipp Rudo) [1854992] +- [fs] ext4: use RCU API in debug_print_tree (Lukas Czerner) [1837777] +- [fs] ext4: fix potential use after free after remounting with noblock_validity (Lukas Czerner) [1837777] +- [fs] ext4: add cond_resched() to ext4_protect_reserved_inode (Lukas Czerner) [1837777] +- [fs] fibmap: Reject negative block numbers (Carlos Maiolino) [1687121] +- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837310] {CVE-2020-12888} +- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837310] {CVE-2020-12888} +- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837310] {CVE-2020-12888} +- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837310] {CVE-2020-12888} +- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837310] {CVE-2020-12888} +- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837310] {CVE-2020-12888} +- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837310] {CVE-2020-12888} +- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843441] {CVE-2020-10757} +- [x86] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (Waiman Long) [1847396 1846029] {CVE-2020-10768} +- [x86] x86/speculation: Prevent rogue cross-process SSBD shutdown (Waiman Long) [1847358 1846029] {CVE-2020-10766} +- [x86] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (Waiman Long) [1847379 1846029] {CVE-2020-10767} +- [x86] x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline (Waiman Long) [1846029] +- [arm64] Return ENODEV when the selected speculation misfeature is unsupported (Waiman Long) [1846029] +- [x86] x86/speculation: Add support for STIBP always-on preferred mode (Waiman Long) [1846029] +- [x86] x86/speculation: Change misspelled STIPB to STIBP (Waiman Long) [1846029] + * Tue Jul 21 2020 Juri Lelli [4.18.0-227.rt7.39.el8] - [powerpc] powernv/iov: Ensure the pdn for VFs always contains a valid PE number (David Gibson) [1848235] - [powerpc] don't use ioremap_prot() nor __ioremap() unless really needed (Greg Kurz) [1855957]