diff --git a/.gitignore b/.gitignore index 3b6af96..9089886 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ SOURCES/kernel-abi-stablelists-4.18.0-305.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-305.tar.bz2 -SOURCES/linux-4.18.0-305.17.1.el8_4.tar.xz +SOURCES/linux-4.18.0-305.19.1.el8_4.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index c990ec0..7234a2b 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,5 +1,5 @@ bf2922872b49aeeb6fe4cdb149d4061604ed7488 SOURCES/kernel-abi-stablelists-4.18.0-305.tar.bz2 4d18d659f47e29331ec86f06d9bd64b93dbac657 SOURCES/kernel-kabi-dw-4.18.0-305.tar.bz2 -961c83aab338c68f73da636e6eb838448fe7d03d SOURCES/linux-4.18.0-305.17.1.el8_4.tar.xz +33e3bf3a7da14e902867ecd2c2d10a70cb96dace SOURCES/linux-4.18.0-305.19.1.el8_4.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der deleted file mode 100644 index 44a2563..0000000 Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ diff --git a/SOURCES/centos-dup.x509 b/SOURCES/centos-dup.x509 deleted file mode 100644 index 9c65dd3..0000000 Binary files a/SOURCES/centos-dup.x509 and /dev/null differ diff --git a/SOURCES/centos-kpatch.x509 b/SOURCES/centos-kpatch.x509 deleted file mode 100644 index ca57a43..0000000 Binary files a/SOURCES/centos-kpatch.x509 and /dev/null differ diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem deleted file mode 100644 index 82ad817..0000000 --- a/SOURCES/centos.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0 -MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln -bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK -PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+ -RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc -4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9 -hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp -9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB -AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN -BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6 -8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5 -ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7 -04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq -KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf -ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um -OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0 -MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl -eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P -CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl -hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+ -lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2 -F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ -yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw -DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6 -mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG -SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl -NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5 -8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM -MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs -lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0 -9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W ------END CERTIFICATE----- diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der deleted file mode 100644 index e8216b1..0000000 Binary files a/SOURCES/centossecureboot001.der and /dev/null differ diff --git a/SOURCES/centossecureboot201.der b/SOURCES/centossecureboot201.der deleted file mode 100644 index ca3c134..0000000 Binary files a/SOURCES/centossecureboot201.der and /dev/null differ diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der deleted file mode 100644 index 42bdfcf..0000000 Binary files a/SOURCES/centossecurebootca2.der and /dev/null differ diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch deleted file mode 100644 index 5592a59..0000000 --- a/SOURCES/debrand-rh-i686-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700 -@@ -147,7 +147,7 @@ void main(void) - - /* Make sure we have all the proper CPU support */ - if (validate_cpu()) { -- puts("This processor is not supported in this version of RHEL.\n"); -+ puts("This processor is not supported in this version of CentOS Linux.\n"); - die(); - } - diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch deleted file mode 100644 index 74f2e15..0000000 --- a/SOURCES/debrand-rh_taint.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/kernel/rh_taint.c 2020-10-16 10:41:51.000000000 -0500 -+++ b/kernel/rh_taint.c 2020-11-19 10:50:24.853039167 -0600 -@@ -2,12 +2,12 @@ - #include - - /* -- * The following functions are used by Red Hat to indicate to users that -- * hardware and drivers are unsupported, or have limited support in RHEL major -+ * The following functions are used by CentOS Linux to indicate to users that -+ * hardware and drivers are unsupported, or have limited support in CentOS Linux major - * and minor releases. These functions output loud warning messages to the end - * user and should be USED WITH CAUTION. - * -- * Any use of these functions _MUST_ be documented in the RHEL Release Notes, -+ * Any use of these functions _MUST_ be documented in the CentOS Linux Release Notes, - * and have approval of management. - */ - -@@ -16,15 +16,15 @@ - * @msg: Hardware name, class, or type - * - * Called to mark a device, class of devices, or types of devices as not having -- * support in any RHEL minor release. This does not TAINT the kernel. Red Hat -- * will not fix bugs against this hardware in this minor release. Red Hat may -+ * support in any CentOS Linux minor release. This does not TAINT the kernel. CentOS Linux -+ * will not fix bugs against this hardware in this minor release. CentOS Linux may - * declare support in a future major or minor update release. This cannot be - * used to mark drivers unsupported. - */ - void mark_hardware_unsupported(const char *msg) - { - /* Print one single message */ -- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); -+ pr_crit("Warning: %s - this hardware has not undergone testing by CentOS Linux and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_unsupported); - -@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported) - * Called to minimize the support status of a previously supported device in - * a minor release. This does not TAINT the kernel. Marking hardware - * deprecated is usually done in conjunction with the hardware vendor. Future -- * RHEL major releases may not include this driver. Driver updates and fixes -+ * CentOS Linux major releases may not include this driver. Driver updates and fixes - * for this device will be limited to critical issues in future minor releases. - */ - void mark_hardware_deprecated(const char *msg) - { -- pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); -+ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this CentOS Linux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact CentOS Linux Support or your device's hardware vendor for additional information.\n", msg); - } - EXPORT_SYMBOL(mark_hardware_deprecated); - -@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated); - * - * Called to minimize the support status of a new driver. This does TAINT the - * kernel. Calling this function indicates that the driver or subsystem has -- * had limited testing and is not marked for full support within this RHEL -- * minor release. The next RHEL minor release may contain full support for -- * this driver. Red Hat does not guarantee that bugs reported against this -+ * had limited testing and is not marked for full support within this CentOS Linux -+ * minor release. The next CentOS Linux minor release may contain full support for -+ * this driver. CentOS Linux does not guarantee that bugs reported against this - * driver or subsystem will be resolved. - */ - void mark_tech_preview(const char *msg, struct module *mod) -@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview); - * mark_driver_unsupported - drivers that we know we don't want to support - * @name: the name of the driver - * -- * In some cases Red Hat has chosen to build a driver for internal QE -+ * In some cases CentOS Linux has chosen to build a driver for internal QE - * use. Use this function to mark those drivers as unsupported for - * customers. - */ - void mark_driver_unsupported(const char *name) - { -- pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", -+ pr_crit("Warning: %s - This driver has not undergone sufficient testing by CentOS Linux for this release and therefore cannot be used in production systems.\n", - name ? name : "kernel"); - } - EXPORT_SYMBOL(mark_driver_unsupported); diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch deleted file mode 100644 index b3eed51..0000000 --- a/SOURCES/debrand-single-cpu.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 -+++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 -@@ -900,7 +900,7 @@ static void rh_check_supported(void) - if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !guest && is_kdump_kernel()) { - pr_crit("Detected single cpu native boot.\n"); -- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In CentOS Linux 8, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); - } - - /* diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index dbfe9a7..b1bbe38 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = CentOS -CN = CentOS kernel signing key -emailAddress = security@centos.org +O = Red Hat +CN = Red Hat Enterprise Linux kernel signing key +emailAddress = secalert@redhat.com [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 295f138..d4cf505 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -19,7 +19,7 @@ %global distro_build 305 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 aarch64 +%ifarch x86_64 aarch64 s390x ppc64le %global signkernel 1 %else %global signkernel 0 @@ -42,10 +42,10 @@ # define buildid .local %define rpmversion 4.18.0 -%define pkgrelease 305.17.1.el8_4 +%define pkgrelease 305.19.1.el8_4 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 305.17.1%{?dist} +%define specrelease 305.19.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -445,34 +445,44 @@ Source9: x509.genkey %if %{?released_kernel} -Source10: centossecurebootca2.der -Source11: centos-ca-secureboot.der -Source12: centossecureboot201.der -Source13: centossecureboot001.der +Source10: redhatsecurebootca5.cer +Source11: redhatsecurebootca3.cer +Source12: redhatsecureboot501.cer +Source13: redhatsecureboot301.cer +Source14: secureboot_s390.cer +Source15: secureboot_ppc.cer %define secureboot_ca_0 %{SOURCE11} %define secureboot_ca_1 %{SOURCE10} %ifarch x86_64 aarch64 %define secureboot_key_0 %{SOURCE13} -%define pesign_name_0 centossecureboot001 +%define pesign_name_0 redhatsecureboot301 %define secureboot_key_1 %{SOURCE12} -%define pesign_name_1 centossecureboot201 +%define pesign_name_1 redhatsecureboot501 +%endif +%ifarch s390x +%define secureboot_key_0 %{SOURCE14} +%define pesign_name_0 redhatsecureboot302 +%endif +%ifarch ppc64le +%define secureboot_key_0 %{SOURCE15} +%define pesign_name_0 redhatsecureboot303 %endif # released_kernel %else -Source11: centossecurebootca2.der -Source12: centos-ca-secureboot.der -Source13: centossecureboot201.der -Source14: centossecureboot001.der +Source11: redhatsecurebootca4.cer +Source12: redhatsecurebootca2.cer +Source13: redhatsecureboot401.cer +Source14: redhatsecureboot003.cer %define secureboot_ca_0 %{SOURCE12} %define secureboot_ca_1 %{SOURCE11} %define secureboot_key_0 %{SOURCE14} -%define pesign_name_0 centossecureboot001 +%define pesign_name_0 redhatsecureboot003 %define secureboot_key_1 %{SOURCE13} -%define pesign_name_1 centossecureboot201 +%define pesign_name_1 redhatsecureboot401 # released_kernel %endif @@ -504,8 +514,8 @@ Source43: generate_bls_conf.sh Source44: mod-internal.list -Source100: centos-dup.x509 -Source101: centos-kpatch.x509 +Source100: rheldup3.x509 +Source101: rhelkpatch1.x509 %if %{with_kabichk} Source200: check-kabi @@ -533,12 +543,7 @@ Source2000: cpupower.service Source2001: cpupower.config Source2002: kvm_stat.logrotate -Source9000: centos.pem - ## Patches needed for building this package -Patch1000: debrand-single-cpu.patch -Patch1001: debrand-rh_taint.patch -Patch1002: debrand-rh-i686-cpu.patch # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -548,8 +553,8 @@ Patch999999: linux-kernel-test.patch BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for CentOS. -It is based on upstream Linux at version %{version} and maintains kABI +This is the package which provides the Linux %{name} for Red Hat Enterprise +Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means this is not a %{version} kernel anymore: it includes several components which come @@ -557,7 +562,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in CentOS, enhancements for +updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc. # @@ -798,14 +803,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-stablelists -Summary: The CentOS kernel ABI symbol stablelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists Group: System Environment/Kernel AutoReqProv: no Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release} Provides: %{name}-abi-whitelists %description -n %{name}-abi-stablelists -The kABI package contains information pertaining to the CentOS -kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the Red Hat Enterprise +Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -814,8 +819,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the CentOS -kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the Red Hat Enterprise +Linux kernel, suitable for the kabi-dw tool. %endif # @@ -887,7 +892,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ %{nil} # @@ -1085,14 +1090,10 @@ ApplyOptionalPatch() } %setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c -cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} -ApplyOptionalPatch debrand-single-cpu.patch -ApplyOptionalPatch debrand-rh_taint.patch -ApplyOptionalPatch debrand-rh-i686-cpu.patch ApplyOptionalPatch linux-kernel-test.patch # END OF PATCH APPLICATIONS @@ -2611,8 +2612,64 @@ fi # # %changelog -* Tue Sep 07 2021 CentOS Sources - 4.18.0-305.17.1.el8.centos -- Apply debranding changes +* Tue Sep 07 2021 Frantisek Hrbata [4.18.0-305.19.1.el8_4] +- libceph: allow addrvecs with a single NONE/blank address (Jeff Layton) [1996682 1972278] +- ice: Only lock to update netdev dev_addr (Michal Schmidt) [2000129 1995868] +- ice: don't remove netdev->dev_addr from uc sync list (Ken Cox) [2000130 1961018] + +* Fri Sep 03 2021 Frantisek Hrbata [4.18.0-305.18.1.el8_4] +- mfd: intel-lpss: Use devm_ioremap_uc for MMIO (Steve Best) [1989560 1986715] +- lib: devres: add a helper function for ioremap_uc (Steve Best) [1989560 1986715] +- ceph: fix test for whether we can skip read when writing beyond EOF (Jeff Layton) [1996680 1971101] +- arm64: memory: Add missing brackets to untagged_addr() macro (Chris von Recklinghausen) [1997998 1955809] +- arm64: tags: Preserve tags for addresses translated via TTBR1 (Chris von Recklinghausen) [1997998 1955809] +- arm64: entry: Move ct_user_exit before any other exception (Chris von Recklinghausen) [1997998 1955809] +- arm64: memory: Implement __tag_set() as common function (Chris von Recklinghausen) [1997998 1955809] +- arm64: mm: Really fix sparse warning in untagged_addr() (Chris von Recklinghausen) [1997998 1955809] +- arm64: untag user pointers in access_ok and __uaccess_mask_ptr (Chris von Recklinghausen) [1997998 1955809] +- arm64/mm: fix variable 'tag' set but not used (Chris von Recklinghausen) [1997998 1955809] +- arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (Chris von Recklinghausen) [1997998 1955809] +- arm64: compat: Add separate CP15 trapping hook (Chris von Recklinghausen) [1997998 1955809] +- arm64: don't restore GPRs when context tracking (Chris von Recklinghausen) [1997998 1955809] +- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985429 1985430] {CVE-2021-3656} +- KVM: SVM: add module param to control the #SMI interception (Jon Maloy) [1985429 1985430] {CVE-2021-3656} +- tty: Don't hold ldisc lock in tty_reopen() if ldisc present (Waiman Long) [1997999 1968271] +- tty/ldsem: Add lockdep asserts for ldisc_sem (Waiman Long) [1997999 1968271] +- tty: Simplify tty->count math in tty_reopen() (Waiman Long) [1997999 1968271] +- tty: Don't block on IO when ldisc change is pending (Waiman Long) [1997999 1968271] +- tty: Hold tty_ldisc_lock() during tty_reopen() (Waiman Long) [1997999 1968271] +- tty: Drop tty->count on tty_reopen() failure (Waiman Long) [1997999 1968271] +- [s390] s390/vtime: fix increased steal time accounting (Claudio Imbrenda) [1988386 1963075] +- XArray: Fix splitting to non-zero orders (Chris von Recklinghausen) [1997997 1946304] +- XArray: Fix split documentation (Chris von Recklinghausen) [1997997 1946304] +- ima: extend boot_aggregate with kernel measurements (Bruno Meneguele) [1997766 1977422] +- ceph: reduce contention in ceph_check_delayed_caps() (Jeff Layton) [1995862 1953430] +- ice: Stop processing VF messages during teardown (Ken Cox) [1997538 1986451] +- iavf: Set RSS LUT and key in reset handle path (Ken Cox) [1997536 1910853] +- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985412 1985413] {CVE-2021-3653} +- scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() (Steve Best) [1969792 1941180] +- [s390] s390/dasd: add missing discipline function (Claudio Imbrenda) [1995206 1981804] +- serial_core: switch to ->[sg]et_serial() (Artem Savkov) [1993872 1952415] +- net/mlx5e: Fix mapping of ct_label zero (Jan Stancek) [1983681 1915308] +- drm/qxl: add lock asserts to qxl_bo_vmap_locked + qxl_bo_vunmap_locked (Lyude Paul) [1992839 1907341] +- drm/qxl: rework cursor plane (Lyude Paul) [1992839 1907341] +- drm/qxl: move shadow handling to new qxl_prepare_shadow() (Lyude Paul) [1992839 1907341] +- drm/qxl: fix monitors object vmap (Lyude Paul) [1992839 1907341] +- drm/qxl: fix prime vmap (Lyude Paul) [1992839 1907341] +- drm/qxl: rename qxl_bo_kmap -> qxl_bo_vmap_locked (Lyude Paul) [1992839 1907341] +- drm/qxl: fix lockdep issue in qxl_alloc_release_reserved (Lyude Paul) [1992839 1907341] +- drm/qxl: use ttm bo priorities (Lyude Paul) [1992839 1907341] +- drm/qxl: more fence wait rework (Lyude Paul) [1992839 1907341] +- drm/qxl: properly handle device init failures (Lyude Paul) [1992839 1907341] +- drm/qxl: allocate dumb buffers in ram (Lyude Paul) [1992839 1907341] +- drm/qxl: simplify qxl_fence_wait (Lyude Paul) [1992839 1907341] +- drm/qxl: properly free qxl releases (Lyude Paul) [1992839 1907341] +- drm/qxl: handle shadow in primary destroy (Lyude Paul) [1992839 1907341] +- drm/qxl: properly pin/unpin shadow (Lyude Paul) [1992839 1907341] +- drm/qxl: release shadow on shutdown (Lyude Paul) [1992839 1907341] +- drm/qxl: unpin release objects (Lyude Paul) [1992839 1907341] +- drm/qxl: use drmm_mode_config_init (Lyude Paul) [1992839 1907341] +- qxl/ttm: drop the unusued no wait flag to reserve function (Lyude Paul) [1992839 1907341] * Mon Aug 30 2021 Jan Stancek [4.18.0-305.17.1.el8_4] - ucounts: Move max_time_namespace according to ucount_type (Alex Gladkov) [1998002 1982954]