diff --git a/.gitignore b/.gitignore index eee667e..796e2b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/linux-4.18.0-240.15.1.rt7.69.el8_3.tar.xz +SOURCES/linux-4.18.0-240.22.1.rt7.77.el8_3.tar.xz diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index f5a5331..43618f8 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1 +1 @@ -48c0d93629546a14a9b16198e15e437d44808030 SOURCES/linux-4.18.0-240.15.1.rt7.69.el8_3.tar.xz +112cccb146fca2a6b4e58029576c2df30890e7e1 SOURCES/linux-4.18.0-240.22.1.rt7.77.el8_3.tar.xz diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 572b16e..4ef2d05 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -42,10 +42,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 240.15.1.rt7.69.el8_3 +%define pkgrelease 240.22.1.rt7.77.el8_3 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 240.15.1.rt7.69%{?dist} +%define specrelease 240.22.1.rt7.77%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -53,10 +53,9 @@ # should not be exported to RPM provides %global __provides_exclude_from ^%{_libexecdir}/kselftests -# What parts do we want to build? We must build at least one kernel. -# These are the kernels that are built IF the architecture allows it. -# All should default to 1 (enabled) and be flipped to 0 (disabled) -# by later arch-specific checks. +# What parts do we want to build? These are the kernels that are built IF the +# architecture allows it. All should default to 1 (enabled) and be flipped to +# 0 (disabled) by later arch-specific checks. %define _with_kabidupchk 1 # The following build options are enabled by default. @@ -153,7 +152,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .69 +%global rtbuild .77 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -1188,39 +1187,22 @@ cp_vmlinux() eu-strip --remove-comment -o "$2" "$1" } -BuildKernel() { - MakeTarget=$1 - KernelImage=$2 - Flavour=$4 - DoVDSO=$3 - Flav=${Flavour:++${Flavour}} - InstallName=${5:-vmlinuz} +InitBuildVars() { + # Initialize the kernel .config file and create some variables that are + # needed for the actual build process. - DoModules=1 - if [ "$Flavour" = "zfcpdump" ]; then - DoModules=0 - fi + Flavour=$1 + Flav=${Flavour:++${Flavour}} - # Pick the right config file for the kernel we're building + # Pick the right kernel config file Config=%{name}-%{version}-%{_target_cpu}${Flavour:+-${Flavour}}.config DevelDir=/usr/src/kernels/%{KVERREL}${Flav} - # When the bootable image is just the ELF kernel, strip it. - # We already copy the unstripped file into the debuginfo package. - if [ "$KernelImage" = vmlinux ]; then - CopyKernel=cp_vmlinux - else - CopyKernel=cp - fi - KernelVer=%{version}-%{release}.%{_target_cpu}${Flav} - echo BUILDING A KERNEL FOR ${Flavour} %{_target_cpu}... # make sure EXTRAVERSION says what we want it to say perl -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}.%{_target_cpu}${Flav}/" Makefile - # and now to start the build process - %{make} -s %{?_smp_mflags} mrproper cp configs/$Config .config @@ -1237,6 +1219,32 @@ BuildKernel() { if [ "$Flavour" == "" ]; then KCFLAGS="$KCFLAGS %{?kpatch_kcflags}" fi +} + +BuildKernel() { + MakeTarget=$1 + KernelImage=$2 + Flavour=$4 + DoVDSO=$3 + Flav=${Flavour:++${Flavour}} + InstallName=${5:-vmlinuz} + + DoModules=1 + if [ "$Flavour" = "zfcpdump" ]; then + DoModules=0 + fi + + # When the bootable image is just the ELF kernel, strip it. + # We already copy the unstripped file into the debuginfo package. + if [ "$KernelImage" = vmlinux ]; then + CopyKernel=cp_vmlinux + else + CopyKernel=cp + fi + + InitBuildVars $Flavour + + echo BUILDING A KERNEL FOR ${Flavour} %{_target_cpu}... %{make} -s ARCH=$Arch oldnoconfig >/dev/null %{make} -s ARCH=$Arch V=1 %{?_smp_mflags} KCFLAGS="$KCFLAGS" WITH_GCOV="%{?with_gcov}" $MakeTarget %{?sparse_mflags} %{?kernel_mflags} @@ -1757,6 +1765,14 @@ BuildKernel %make_target %kernel_image %{with_vdso_install} zfcpdump BuildKernel %make_target %kernel_image %{with_vdso_install} %endif +%ifnarch noarch i686 +%if !%{with_debug} && !%{with_zfcpdump} && !%{with_up} +# If only building the user space tools, then initialize the build environment +# and some variables so that the various userspace tools can be built. +InitBuildVars +%endif +%endif + %global perf_make \ make EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags}" %{?cross_opts} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 LIBBPF_DYNAMIC=1 prefix=%{_prefix} PYTHON=%{__python3} %if %{with_perf} @@ -2571,6 +2587,99 @@ fi # # %changelog +* Fri Mar 26 2021 Fernando Pacheco [4.18.0-240.22.1.rt7.77.el8_3] +- futex: Handle faults correctly for PI futexes (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Simplify fixup_pi_state_owner() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Use pi_state_update_owner() in put_pi_state() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Provide and use pi_state_update_owner() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Replace pointless printk in fixup_owner() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Ensure the correct return value from futex_lock_pi() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Don't enable IRQs unconditionally in put_pi_state() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Fix incorrect should_fail_futex() handling (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Consistently use fshared as boolean (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Remove needless goto's (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- futex: Remove put_futex_key() (Waiman Long) [1924639 1924640] {CVE-2021-3347} +- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930836 1930837] {CVE-2021-27364} +- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930859 1930860] {CVE-2021-27365} +- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1940425 1930811] {CVE-2021-27363} + +* Thu Mar 18 2021 Fernando Pacheco [4.18.0-240.21.1.rt7.76.el8_3] +- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (Paolo Bonzini) [1939013 1912448] +- gfs2: Fix deadlock between gfs2_{create_inode, inode_lookup} and delete_work_func (Andreas Gruenbacher) [1937109 1903190] +- gfs2: Don't call cancel_delayed_work_sync from within delete work function (Andreas Gruenbacher) [1937109 1903190] +- gfs2: Only access gl_delete for iopen glocks (Andreas Gruenbacher) [1937109 1903190] +- gfs2: Don't sleep during glock hash walk (Andreas Gruenbacher) [1937109 1903190] +- [netdrv] net/mlx5e: Add missing set of destination vport flags in termtbl create (Alaa Hleihel) [1924689 1851700] +- [tools] tools arch x86: Sync asm/cpufeatures.h with the kernel sources (David Arcari) [1929740 1916478] +- [x86] x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [1929740 1916478] + +* Tue Mar 16 2021 Fernando Pacheco [4.18.0-240.20.1.rt7.75.el8_3] +- fix regression in "epoll: Keep a reference on files added to the check list" (Carlos Maiolino) [1920779 1920780] {CVE-2020-0466} +- do_epoll_ctl(): clean the failure exits up a bit (Carlos Maiolino) [1920779 1920780] {CVE-2020-0466} +- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [1920779 1920780] {CVE-2020-0466} +- [kernel] sched/features: Distinguish between NORMAL and DEADLINE hrtick (Juri Lelli) [1930735 1912118] +- [kernel] sched/features: Fix hrtick reprogramming (Juri Lelli) [1930735 1912118] +- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Vitaly Kuznetsov) [1932199 1887216] +- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (Vitaly Kuznetsov) [1932199 1887216] +- iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu (Vitaly Kuznetsov) [1932199 1887216] +- net/vmw_vsock: fix NULL pointer dereference (Jon Maloy) [1925601 1925602] {CVE-2021-26708} +- net/vmw_vsock: improve locking in vsock_connect_timeout() (Jon Maloy) [1925601 1925602] {CVE-2021-26708} +- vsock: fix locking in vsock_shutdown() (Jon Maloy) [1925601 1925602] {CVE-2021-26708} +- vsock: fix the race conditions in multi-transport support (Jon Maloy) [1925601 1925602] {CVE-2021-26708} +- [base] mm: don't panic when links can't be created in sysfs (Baoquan He) [1930168 1890171] +- mm: don't rely on system state to detect hot-plug operations (Baoquan He) [1930168 1890171] +- mm: replace memmap_context by meminit_context (Baoquan He) [1930168 1890171] +- [tools] kvm: nvmx: check for invalid hdr.vmx.flags (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nvmx: check for required but missing VMCS12 in KVM_SET_NESTED_STATE (Paolo Bonzini) [1923281 1904128] +- [tools] selftests: kvm: do not set guest mode flag (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: svm: Fix offset computation bug in __sev_dbg_decrypt() (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nvmx: Sync unsync'd vmcs02 state to vmcs12 on migration (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: get smi pending status correctly (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: Add more protection against undefined behavior in rsvd_bits() (Paolo Bonzini) [1923281 1904128] +- [documentation] kvm: Forbid the use of tagged userspace addresses for memslots (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nsvm: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nsvm: mark vmcb as dirty when forcingly leaving the guest mode (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: nsvm: correctly restore nested_run_pending on migration (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: fix shift out of bounds reported by UBSAN (Paolo Bonzini) [1923281 1904128] +- [x86] kvm: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (Paolo Bonzini) [1923281 1904128] +- [target] scsi: target: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900466 1900467] {CVE-2020-28374} +- scsi: qla2xxx: Fix mailbox Ch erroneous error (Nilesh Javali) [1924222 1894578] +- [net] fix iteration for sctp transport seq_files (Xin Long) [1927521 1916824] +- [scsi] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (Dick Kennedy) [1927921 1887549] +- [mm] mm, oom: remove oom_lock from oom_reaper (Waiman Long) [1929738 1873759] + +* Fri Mar 12 2021 Fernando Pacheco [4.18.0-240.19.1.rt7.74.el8_3] +- audit: trigger accompanying records when no rules present (Richard Guy Briggs) [1907520 1896480] +- revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") (Richard Guy Briggs) [1907520 1896480] +- audit: issue CWD record to accompany LSM_AUDIT_DATA_* records (Richard Guy Briggs) [1907520 1896480] +- audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs (Richard Guy Briggs) [1907520 1896480] +- redhat: use tags from git notes for zstream to generate changelog (Frantisek Hrbata) + +* Mon Mar 01 2021 Chris White [4.18.0-240.18.1.rt7.73.el8_3] +- [scsi] scsi: fnic: Do not call 'scsi_done()' for unhandled commands (Govindarajulu Varadarajan) [1925186 1870397] +- [target] scsi: target: iscsi: Fix cmd abort fabric stop race (Maurizio Lombardi) [1918354 1908215] +- [target] scsi: target: Modify core_tmr_abort_task() (Maurizio Lombardi) [1918363 1880395] +- [s390] s390/crypto: add arch_get_random_long() support (Vladis Dronov) [1915816 1904274] + +* Wed Feb 17 2021 Fernando Pacheco [4.18.0-240.17.1.rt7.72.el8_3] +- [mm] mm/slub: fix panic in slab_alloc_node() (Oleksandr Natalenko) [1925511 1921056] +- [s390] s390/early: improve machine detection (Claudio Imbrenda) [1925508 1896307] +- [infiniband] RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (Kamal Heib) [1924691 1903992] + +* Mon Feb 15 2021 Fernando Pacheco [4.18.0-240.16.1.rt7.71.el8_3] +- [rt] ptrace: fix ptrace_unfreeze_traced() race with rt-lock (Oleg Nesterov) [1925308 1889875] + +* Wed Feb 10 2021 Fernando Pacheco [4.18.0-240.16.1.rt7.70.el8_3] +- [netdrv] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats() (Alaa Hleihel) [1921060 1870593] +- [net] tcp: Fix potential use-after-free due to double kfree() (Florian Westphal) [1915529 1915164] +- [net] tcp: fix race condition when creating child sockets from syncookies (Florian Westphal) [1915529 1915164] +- [x86] kvm: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [1906438 1882793] + * Wed Feb 03 2021 Chris White [4.18.0-240.15.1.rt7.69.el8_3] - [x86] kvm: svm: Initialize prev_ga_tag before use (Vitaly Kuznetsov) [1919885 1909254] - [net] tls: move mark_tech_preview to tls_init (Sabrina Dubroca) [1918743 1907477]