Compare commits

..

No commits in common. 'c9' and 'i9_5-fuzzing' have entirely different histories.

6
.gitignore vendored

@ -1,6 +1,6 @@
SOURCES/kernel-abi-stablelists-5.14.0-503.19.1.el9_5.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-503.19.1.el9_5.tar.bz2
SOURCES/linux-5.14.0-503.19.1.el9_5.tar.xz
SOURCES/kernel-abi-stablelists-5.14.0-503.15.1.el9_5.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-503.15.1.el9_5.tar.bz2
SOURCES/linux-5.14.0-503.15.1.el9_5.tar.xz
SOURCES/nvidiagpuoot001.x509
SOURCES/rheldup3.x509
SOURCES/rhelima.x509

@ -1,6 +1,6 @@
a614816812a77eadc37c3e71e3b794d58ee62596 SOURCES/kernel-abi-stablelists-5.14.0-503.19.1.el9_5.tar.bz2
3125e053f6237338119f6f6c32eb3144b0fcbff3 SOURCES/kernel-kabi-dw-5.14.0-503.19.1.el9_5.tar.bz2
cb25584103dd0b8aa392bac6d1dbf713dc975219 SOURCES/linux-5.14.0-503.19.1.el9_5.tar.xz
0745a2f1ce0dbe34af88664c34bc1ba095963134 SOURCES/kernel-abi-stablelists-5.14.0-503.15.1.el9_5.tar.bz2
74957b7466e5e0d320bfc3f11c66dc921d0735ef SOURCES/kernel-kabi-dw-5.14.0-503.15.1.el9_5.tar.bz2
dfb2a0bb9ddcec0961bb0c4c32c8306761417e26 SOURCES/linux-5.14.0-503.15.1.el9_5.tar.xz
4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509

@ -0,0 +1,122 @@
From e6b210caa51bc33c46d5acfae198645a9914fa32 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Mon, 30 Sep 2024 13:13:37 +0000
Subject: [PATCH] Enable all disabled pci devices by moving to unmaintained
---
kernel/rh_messages.h | 94 ++++++++++++++++++++++----------------------
1 file changed, 47 insertions(+), 47 deletions(-)
diff --git a/kernel/rh_messages.h b/kernel/rh_messages.h
index b798ad5d4..c59853b47 100644
--- a/kernel/rh_messages.h
+++ b/kernel/rh_messages.h
@@ -141,6 +141,53 @@ static const struct pci_device_id rh_deprecated_pci_devices[] = {
};
static const struct pci_device_id rh_disabled_pci_devices[] = {
+ {0} /* Terminating entry */
+};
+
+static const struct pci_device_id rh_unmaintained_pci_devices[] = {
+ { 0x10df, 0xe220, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x10df, 0x0724, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x10df, 0xe200, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x10df, 0xf011, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x10df, 0xf015, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x10df, 0xf100, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x10df, 0xfc40, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x005b, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0071, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0073, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0079, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1003, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1004, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1005, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1006, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1007, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1008, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1009, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x100a, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x100b, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x100c, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x100d, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x100e, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x100f, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0x1010, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x15B3, 0xA2DC, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x006E, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0080, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0081, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0082, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0083, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0084, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0085, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0086, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1000, 0x0087, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x177d, 0xa01e, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x177d, 0xa034, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x177d, 0x0011, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1077, 0x2031, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1077, 0x2532, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1077, 0x8031, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1924, 0x0803, PCI_ANY_ID, PCI_ANY_ID },
+ { 0x1924, 0x0813, PCI_ANY_ID, PCI_ANY_ID },
{ 0x1011, 0x0046, 0x103c, 0x10c2 },
{ 0x1011, 0x0046, 0x9005, 0x0364 },
{ 0x1011, 0x0046, 0x9005, 0x0365 },
@@ -293,51 +340,4 @@ static const struct pci_device_id rh_disabled_pci_devices[] = {
{0} /* Terminating entry */
};
-static const struct pci_device_id rh_unmaintained_pci_devices[] = {
- { 0x10df, 0xe220, PCI_ANY_ID, PCI_ANY_ID },
- { 0x10df, 0x0724, PCI_ANY_ID, PCI_ANY_ID },
- { 0x10df, 0xe200, PCI_ANY_ID, PCI_ANY_ID },
- { 0x10df, 0xf011, PCI_ANY_ID, PCI_ANY_ID },
- { 0x10df, 0xf015, PCI_ANY_ID, PCI_ANY_ID },
- { 0x10df, 0xf100, PCI_ANY_ID, PCI_ANY_ID },
- { 0x10df, 0xfc40, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x005b, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0071, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0073, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0079, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1003, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1004, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1005, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1006, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1007, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1008, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1009, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x100a, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x100b, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x100c, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x100d, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x100e, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x100f, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0x1010, PCI_ANY_ID, PCI_ANY_ID },
- { 0x15B3, 0xA2DC, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x006E, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0080, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0081, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0082, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0083, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0084, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0085, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0086, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1000, 0x0087, PCI_ANY_ID, PCI_ANY_ID },
- { 0x177d, 0xa01e, PCI_ANY_ID, PCI_ANY_ID },
- { 0x177d, 0xa034, PCI_ANY_ID, PCI_ANY_ID },
- { 0x177d, 0x0011, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1077, 0x2031, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1077, 0x2532, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1077, 0x8031, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1924, 0x0803, PCI_ANY_ID, PCI_ANY_ID },
- { 0x1924, 0x0813, PCI_ANY_ID, PCI_ANY_ID },
- {0} /* Terminating entry */
-};
-
#endif /* __RH_MESSAGES_H */
--
2.43.5

@ -0,0 +1,39 @@
From ac6e3b155d35bfea32b1c3c6015a18b6e5046652 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Mon, 8 Apr 2024 13:17:47 +0000
Subject: [PATCH 2/4] Bring back deprecated pci ids to mptsas-mptspi driver
---
drivers/message/fusion/mptsas.c | 2 +-
drivers/message/fusion/mptspi.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
index 9d2f13f12..b25686049 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -5381,7 +5381,7 @@ static void mptsas_remove(struct pci_dev *pdev)
}
static struct pci_device_id mptsas_pci_table[] = {
-#ifdef CONFIG_RHEL_DIFFERENCES
+#ifdef CONFIG_ALMALINUX_DIFFERENCES
{ PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068,
PCI_VENDOR_ID_VMWARE, PCI_ANY_ID },
#else
diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c
index fd4a10b78..f9616de2a 100644
--- a/drivers/message/fusion/mptspi.c
+++ b/drivers/message/fusion/mptspi.c
@@ -1238,7 +1238,7 @@ static struct spi_function_template mptspi_transport_functions = {
*/
static struct pci_device_id mptspi_pci_table[] = {
-#ifdef CONFIG_RHEL_DIFFERENCES
+#ifdef CONFIG_ALMALINUX_DIFFERENCES
{ PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030,
PCI_VENDOR_ID_VMWARE, PCI_ANY_ID },
#else
--
2.27.0

@ -0,0 +1,51 @@
From f9ab10cebe6411dd26fec2ef354db2e527386b4f Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Mon, 8 Apr 2024 13:20:29 +0000
Subject: [PATCH 3/4] Bring back deprecated pci ids to hpsa driver
---
drivers/scsi/hpsa.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index bd5880cbd..060bd914a 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -82,9 +82,7 @@ MODULE_DESCRIPTION("Driver for HP Smart Array Controller version " \
HPSA_DRIVER_VERSION);
MODULE_VERSION(HPSA_DRIVER_VERSION);
MODULE_LICENSE("GPL");
-#ifndef CONFIG_RHEL_DIFFERENCES
MODULE_ALIAS("cciss");
-#endif
static int hpsa_simple_mode;
module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR);
@@ -93,6 +91,11 @@ MODULE_PARM_DESC(hpsa_simple_mode,
/* define the PCI info for the cards we can control */
static const struct pci_device_id hpsa_pci_device_id[] = {
+ {PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC, 0x103C, 0x3223},
+ {PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC, 0x103C, 0x3234},
+ {PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC, 0x103C, 0x3235},
+ {PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC, 0x103C, 0x3237},
+ {PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC, 0x103C, 0x323D},
{PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSE, 0x103C, 0x3241},
{PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSE, 0x103C, 0x3243},
{PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSE, 0x103C, 0x3245},
@@ -146,12 +149,10 @@ static const struct pci_device_id hpsa_pci_device_id[] = {
{PCI_VENDOR_ID_HP_3PAR, 0x0075, 0x1590, 0x007D},
{PCI_VENDOR_ID_HP_3PAR, 0x0075, 0x1590, 0x0088},
{PCI_VENDOR_ID_HP, 0x333f, 0x103c, 0x333f},
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_HP, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
{PCI_VENDOR_ID_COMPAQ, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
-#endif
{0,}
};
--
2.27.0

@ -0,0 +1,43 @@
From 091c13878c5d53a9ca8c78d8d3dc20598ff11c88 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Mon, 8 Apr 2024 13:22:27 +0000
Subject: [PATCH 4/4] Bring back deprecated pci ids to qla2xxx driver
---
drivers/scsi/qla2xxx/qla_os.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 036f26c42..1d7b684dc 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -8121,7 +8121,6 @@ static const struct pci_error_handlers qla2xxx_err_handler = {
};
static struct pci_device_id qla2xxx_pci_tbl[] = {
-#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2200) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2300) },
@@ -8134,18 +8133,13 @@ static struct pci_device_id qla2xxx_pci_tbl[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8432) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP5422) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP5432) },
-#endif
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2532) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2031) },
-#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8001) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8021) },
-#endif
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8031) },
-#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISPF001) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8044) },
-#endif
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2071) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2271) },
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2261) },
--
2.27.0

@ -0,0 +1,86 @@
From 0e54f93854865b95b50e8023645e423af634e4ec Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Tue, 9 Apr 2024 17:27:35 +0000
Subject: [PATCH 1/3] Bring back deprecated pci ids to lpfc driver
---
drivers/scsi/lpfc/lpfc_ids.h | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h
index 85fc52038..0b1616e93 100644
--- a/drivers/scsi/lpfc/lpfc_ids.h
+++ b/drivers/scsi/lpfc/lpfc_ids.h
@@ -24,7 +24,6 @@
#include <linux/pci.h>
const struct pci_device_id lpfc_id_table[] = {
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_FIREFLY,
@@ -55,13 +54,10 @@ const struct pci_device_id lpfc_id_table[] = {
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_HELIOS_DCSP,
PCI_ANY_ID, PCI_ANY_ID, },
-#endif
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BMID,
PCI_ANY_ID, PCI_ANY_ID, },
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BSMB,
PCI_ANY_ID, PCI_ANY_ID, },
-#endif
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_SCSP,
@@ -72,7 +68,6 @@ const struct pci_device_id lpfc_id_table[] = {
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZSMB,
PCI_ANY_ID, PCI_ANY_ID, },
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_TFLY,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LP101,
@@ -83,7 +78,6 @@ const struct pci_device_id lpfc_id_table[] = {
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LPE11000S,
PCI_ANY_ID, PCI_ANY_ID, },
-#endif
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT_MID,
@@ -96,7 +90,6 @@ const struct pci_device_id lpfc_id_table[] = {
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT_S,
PCI_ANY_ID, PCI_ANY_ID, },
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_PROTEUS_VF,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_PROTEUS_PF,
@@ -107,23 +100,18 @@ const struct pci_device_id lpfc_id_table[] = {
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_SERVERENGINE, PCI_DEVICE_ID_TOMCAT,
PCI_ANY_ID, PCI_ANY_ID, },
-#endif
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_FALCON,
PCI_ANY_ID, PCI_ANY_ID, },
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BALIUS,
PCI_ANY_ID, PCI_ANY_ID, },
-#endif
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FC,
PCI_ANY_ID, PCI_ANY_ID, },
-#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FCOE,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FC_VF,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FCOE_VF,
PCI_ANY_ID, PCI_ANY_ID, },
-#endif
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_G6_FC,
PCI_ANY_ID, PCI_ANY_ID, },
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_G7_FC,
--
2.27.0

@ -0,0 +1,32 @@
From b4fdb240a1102876c03e0dbbef57758550e6e334 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Tue, 9 Apr 2024 17:35:14 +0000
Subject: [PATCH 2/3] Bring back deprecated pci ids to qla4xxx driver
---
drivers/scsi/qla4xxx/ql4_os.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index c72c44087..2dd7a9b0d 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -9865,7 +9865,6 @@ static struct pci_device_id qla4xxx_pci_tbl[] = {
.subvendor = PCI_ANY_ID,
.subdevice = PCI_ANY_ID,
},
-#ifndef CONFIG_RHEL_DIFFERENCES
{
.vendor = PCI_VENDOR_ID_QLOGIC,
.device = PCI_DEVICE_ID_QLOGIC_ISP8022,
@@ -9884,7 +9883,6 @@ static struct pci_device_id qla4xxx_pci_tbl[] = {
.subvendor = PCI_ANY_ID,
.subdevice = PCI_ANY_ID,
},
-#endif
{0, 0},
};
MODULE_DEVICE_TABLE(pci, qla4xxx_pci_tbl);
--
2.27.0

@ -0,0 +1,30 @@
From 3c0cc7c69970a50fae40e8f6376fd50eb053db2d Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Tue, 9 Apr 2024 17:36:30 +0000
Subject: [PATCH 3/3] Bring back deprecated pci ids to be2iscsi driver
---
drivers/scsi/be2iscsi/be_main.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c
index 9079d4d83..3b4778ac4 100644
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -384,13 +384,11 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc)
/*------------------- PCI Driver operations and data ----------------- */
static const struct pci_device_id beiscsi_pci_id_table[] = {
-#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(BE_VENDOR_ID, BE_DEVICE_ID1) },
{ PCI_DEVICE(BE_VENDOR_ID, BE_DEVICE_ID2) },
{ PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID1) },
{ PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID2) },
{ PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID3) },
-#endif
{ PCI_DEVICE(ELX_VENDOR_ID, OC_SKH_ID1) },
{ 0 }
};
--
2.27.0

@ -0,0 +1,51 @@
bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
device_add shall not be called multiple times as stated in its
documentation:
'Do not call this routine or device_register() more than once for
any device structure'
Syzkaller reports a bug as follows [1]:
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:33!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[...]
Call Trace:
<TASK>
__list_add include/linux/list.h:69 [inline]
list_add_tail include/linux/list.h:102 [inline]
kobj_kset_join lib/kobject.c:164 [inline]
kobject_add_internal+0x18f/0x8f0 lib/kobject.c:214
kobject_add_varg lib/kobject.c:358 [inline]
kobject_add+0x150/0x1c0 lib/kobject.c:410
device_add+0x368/0x1e90 drivers/base/core.c:3452
hci_conn_add_sysfs+0x9b/0x1b0 net/bluetooth/hci_sysfs.c:53
hci_le_cis_estabilished_evt+0x57c/0xae0 net/bluetooth/hci_event.c:6799
hci_le_meta_evt+0x2b8/0x510 net/bluetooth/hci_event.c:7110
hci_event_func net/bluetooth/hci_event.c:7440 [inline]
hci_event_packet+0x63d/0xfd0 net/bluetooth/hci_event.c:7495
hci_rx_work+0xae7/0x1230 net/bluetooth/hci_core.c:4007
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Link: https://syzkaller.appspot.com/bug?id=da3246e2d33afdb92d66bc166a0934c5b146404a
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: Hawkins Jiawei <yin31149@gmail.com>
---
diff -ruN linux-5.14.0-427.18.orig/net/bluetooth/hci_sysfs.c linux-5.14.0-427.18/net/bluetooth/hci_sysfs.c
--- linux-5.14.0-427.18.orig/net/bluetooth/hci_sysfs.c
+++ linux-5.14.0-427.18/net/bluetooth/hci_sysfs.c
@@ -48,6 +48,9 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
bt_dev_dbg(hdev, "conn %p", conn);
+ if (device_is_registered(&conn->dev))
+ return;
+
if (device_is_registered(&conn->dev))
return;

@ -0,0 +1,24 @@
From 05fe12c0546f92c86ebec7d4432e696486a22a05 Mon Sep 17 00:00:00 2001
From: tigro <tigro@msvsphere-os.ru>
Date: Wed, 9 Oct 2024 17:47:23 +0300
Subject: [PATCH] Added Inferit Compact support
---
sound/pci/hda/patch_conexant.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c
index e8209178d..995b6312e 100644
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -1085,6 +1085,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = {
SND_PCI_QUIRK(0x103c, 0x8457, "HP Z2 G4 mini", CXT_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x8458, "HP Z2 G4 mini premium", CXT_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN),
+ SND_PCI_QUIRK(0x14f1, 0x0226, "Inferit Compact", CXT_FIXUP_HP_GATE_MIC),
SND_PCI_QUIRK(0x14f1, 0x0265, "SWS JS201D", CXT_PINCFG_SWS_JS201D),
SND_PCI_QUIRK(0x152d, 0x0833, "OLPC XO-1.5", CXT_FIXUP_OLPC_XO),
SND_PCI_QUIRK(0x17aa, 0x20f2, "Lenovo T400", CXT_PINCFG_LENOVO_TP410),
--
2.46.2

@ -12,7 +12,7 @@ RHEL_MINOR = 5
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 503.19.1
RHEL_RELEASE = 503.15.1
#
# ZSTREAM
@ -34,7 +34,7 @@ RHEL_RELEASE = 503.19.1
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
# number will be incremented instead of the Y).
#
ZSTREAM ?= yes
ZSTREAM ?= no
#
# Early y+1 numbering

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -352,8 +352,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
CONFIG_BE2ISCSI=m
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3085,7 +3085,7 @@ CONFIG_MINIX_SUBPARTITION=y
CONFIG_MISC_FILESYSTEMS=y
CONFIG_MISC_RTSX_PCI=m
CONFIG_MISC_RTSX_USB=m
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m

@ -352,8 +352,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
CONFIG_BE2ISCSI=m
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3065,7 +3065,7 @@ CONFIG_MINIX_SUBPARTITION=y
CONFIG_MISC_FILESYSTEMS=y
CONFIG_MISC_RTSX_PCI=m
CONFIG_MISC_RTSX_USB=m
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m

@ -351,8 +351,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
# CONFIG_BE2ISCSI is not set
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3074,7 +3074,7 @@ CONFIG_MINIX_SUBPARTITION=y
CONFIG_MISC_FILESYSTEMS=y
# CONFIG_MISC_RTSX_PCI is not set
CONFIG_MISC_RTSX_USB=m
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m

@ -351,8 +351,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
# CONFIG_BE2ISCSI is not set
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3054,7 +3054,7 @@ CONFIG_MINIX_SUBPARTITION=y
CONFIG_MISC_FILESYSTEMS=y
# CONFIG_MISC_RTSX_PCI is not set
CONFIG_MISC_RTSX_USB=m
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m

@ -354,8 +354,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
# CONFIG_BE2ISCSI is not set
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3066,7 +3066,7 @@ CONFIG_MIGRATION=y
# CONFIG_MISC_FILESYSTEMS is not set
# CONFIG_MISC_RTSX_PCI is not set
CONFIG_MISC_RTSX_USB=m
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m

File diff suppressed because it is too large Load Diff

@ -381,8 +381,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
CONFIG_BE2ISCSI=m
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -1108,7 +1108,7 @@ CONFIG_DEFAULT_CUBIC=y
CONFIG_DEFAULT_FQ_CODEL=y
# CONFIG_DEFAULT_FQ is not set
CONFIG_DEFAULT_HOSTNAME="(none)"
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=140
CONFIG_DEFAULT_INIT=""
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_DEFAULT_NET_SCH="fq_codel"
@ -2714,7 +2714,10 @@ CONFIG_KALLSYMS=y
# CONFIG_KASAN is not set
# CONFIG_KASAN_MODULE_TEST is not set
# CONFIG_KASAN_VMALLOC is not set
# CONFIG_KCOV is not set
CONFIG_KCOV=y
CONFIG_KCOV_INSTRUMENT_ALL=y
CONFIG_KCOV_ENABLE_COMPARISONS=y
CONFIG_KCOV_IRQ_AREA_SIZE=0x40000
# CONFIG_KCSAN is not set
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
CONFIG_KDB_DEFAULT_ENABLE=0x0
@ -3255,7 +3258,7 @@ CONFIG_MITIGATION_SPECTRE_BHI=y
CONFIG_MITIGATION_SRSO=y
CONFIG_MITIGATION_UNRET_ENTRY=y
# CONFIG_MK8 is not set
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m
@ -4475,7 +4478,7 @@ CONFIG_RATIONAL_KUNIT_TEST=m
# CONFIG_RBTREE_TEST is not set
# CONFIG_RC_CORE is not set
# CONFIG_RCU_CPU_STALL_CPUTIME is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=60
CONFIG_RCU_CPU_STALL_TIMEOUT=100
# CONFIG_RCU_EQS_DEBUG is not set
CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0
# CONFIG_RCU_EXPERT is not set

@ -390,8 +390,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
CONFIG_BE2ISCSI=m
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3332,7 +3332,7 @@ CONFIG_MITIGATION_SPECTRE_BHI=y
CONFIG_MITIGATION_SRSO=y
CONFIG_MITIGATION_UNRET_ENTRY=y
# CONFIG_MK8 is not set
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_DEBUG=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m

@ -390,8 +390,8 @@ CONFIG_BCMGENET=m
# CONFIG_BCM_SBA_RAID is not set
# CONFIG_BCM_VK is not set
CONFIG_BE2ISCSI=m
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_LANCER=y
CONFIG_BE2NET=m
@ -3312,7 +3312,7 @@ CONFIG_MITIGATION_SPECTRE_BHI=y
CONFIG_MITIGATION_SRSO=y
CONFIG_MITIGATION_UNRET_ENTRY=y
# CONFIG_MK8 is not set
# CONFIG_MLX4_CORE_GEN2 is not set
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_DEBUG=y
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN=m

@ -1,76 +1,3 @@
* Fri Dec 06 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.19.1.el9_5]
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66462 RHEL-66461] {CVE-2024-50142}
- xfrm: fix one more kernel-infoleak in algo dumping (CKI Backport Bot) [RHEL-65960] {CVE-2024-50110}
- Revert "Merge: [qed] softlockup triggered by ethtool -d [rhel-9.5.z]" (Lucas Zampieri) [RHEL-61705]
- tracing/hwlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468] {CVE-2024-49866}
- tracing/timerlat: Drop interface_lock in stop_kthread() (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (Tomas Glozar) [RHEL-69468]
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61416 RHEL-60255]
Resolves: RHEL-61416, RHEL-61705, RHEL-65960, RHEL-66462, RHEL-69468
* Tue Dec 03 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.18.1.el9_5]
- bpf: Fix a kernel verifier crash in stacksafe() (CKI Backport Bot) [RHEL-66097 RHEL-66098] {CVE-2024-45020}
- bpf: Fix a sdiv overflow issue (CKI Backport Bot) [RHEL-64598 RHEL-64597] {CVE-2024-49888}
- bpf: Fix out-of-bounds write in trie_get_next_key() (CKI Backport Bot) [RHEL-66877] {CVE-2024-50262}
- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CKI Backport Bot) [RHEL-63331] {CVE-2024-47675}
- nfsd: ensure that nfsd4_fattr_args.context is zeroed out (Jay Shin) [RHEL-58884 RHEL-58883] {CVE-2024-46697}
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Jon Maloy) [RHEL-65872] {CVE-2024-50115}
- net: tighten bad gso csum offset check in virtio_net_hdr (Guillaume Nault) [RHEL-67683]
- udp: fix receiving fraglist GSO packets (Guillaume Nault) [RHEL-67683]
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CKI Backport Bot) [RHEL-66804] {CVE-2024-50255}
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (Bastien Nocera) [RHEL-66321] {CVE-2024-50124}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-50125}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-27398}
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CKI Backport Bot) [RHEL-44173] {CVE-2024-38564}
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CKI Backport Bot) [RHEL-66365] {CVE-2024-50148}
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CKI Backport Bot) [RHEL-57716 RHEL-36374] {CVE-2024-27399}
Resolves: RHEL-44173, RHEL-57716, RHEL-58884, RHEL-63331, RHEL-64598, RHEL-65872, RHEL-65928, RHEL-66097, RHEL-66321, RHEL-66365, RHEL-66804, RHEL-66877, RHEL-67683
* Thu Nov 28 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.17.1.el9_5]
- arm64: probes: Remove broken LDR (literal) uprobe support (CKI Backport Bot) [RHEL-66046] {CVE-2024-50099}
- qed: put cond_resched() in qed_dmae_operation_wait() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow the callee of qed_mcp_nvm_read() to sleep (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: put cond_resched() in qed_grc_dump_ctx_data() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: make 'ethtool -d' 10 times faster (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow sleep in qed_mcp_trace_dump() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- sched/numa: Fix the potential null pointer dereference in task_numa_work() (CKI Backport Bot) [RHEL-66810] {CVE-2024-50223}
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- perf/x86/intel/uncore: Support HBM and CXL PMON counters (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Cleanup unused unit structure (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Support per PMU cpumask (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Save the unit control address of all units (Michael Petlan) [RHEL-65856]
Resolves: RHEL-61705, RHEL-65856, RHEL-66046, RHEL-66810, RHEL-66969
* Thu Nov 21 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.16.1.el9_5]
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-64902 RHEL-55873]
- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Steve Best) [RHEL-65436 RHEL-27748] {CVE-2024-26615}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66856] {CVE-2024-50251}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CKI Backport Bot) [RHEL-65401] {CVE-2024-49949}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-58761 RHEL-54768] {CVE-2024-43854}
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net (Joel Savitz) [RHEL-62824 RHEL-57703]
- iommu: Restore lost return in iommu_report_device_fault() (CKI Backport Bot) [RHEL-67364] {CVE-2024-44994}
- net: ena: Extend customer metrics reporting support (Kamal Heib) [RHEL-66933 RHEL-59968]
- net: ena: Add ENA Express metrics support (Kamal Heib) [RHEL-66933 RHEL-59968]
- xsk: fix batch alloc API on non-coherent systems (Felix Maurer) [RHEL-59884 RHEL-58954]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66106] {CVE-2024-46695}
- PCI/AER: Disable AER service on suspend (Lenny Szubowicz) [RHEL-67037 RHEL-22265]
- ACPI: PM: s2idle: Evaluate all Low-Power S0 Idle _DSM functions (Mark Langsdorf) [RHEL-67037 RHEL-54149]
- mptcp: fallback when MPTCP opts are dropped after 1st data (CKI Backport Bot) [RHEL-62216 RHEL-62218]
- cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: fix setting policy current frequency value (David Arcari) [RHEL-61469 RHEL-45016]
- netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58545] {CVE-2024-45018}
Resolves: RHEL-58545, RHEL-58761, RHEL-59884, RHEL-61469, RHEL-62216, RHEL-62824, RHEL-64902, RHEL-65401, RHEL-65436, RHEL-66106, RHEL-66856, RHEL-66933, RHEL-67037, RHEL-67364
* Thu Nov 14 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.15.1.el9_5]
- USB: serial: mos7840: fix crash on resume (Desnes Nunes) [RHEL-65484 RHEL-59050] {CVE-2024-42244}
- attr: block mode changes of symlinks (CKI Backport Bot) [RHEL-61231 RHEL-60822]

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

@ -1,11 +1,11 @@
{
"virt": {
"common": {
"fips-disable.addon": [
"fips=0\n"
],
"fips-enable.addon": [
"fips=1\n"
],
"fips-disable.addon": [
"fips=0\n"
]
}
}

@ -5,9 +5,9 @@ prompt = no
x509_extensions = myexts
[ req_distinguished_name ]
O = The CentOS Project
CN = CentOS Stream kernel signing key
emailAddress = security@centos.org
O = NCSD LLC
CN = MSVSphere kernel signing key
emailAddress = security@msvsphere.ru
[ myexts ]
basicConstraints=critical,CA:FALSE

@ -5,9 +5,9 @@ prompt = no
x509_extensions = myexts
[ req_distinguished_name ]
O = Red Hat
CN = Red Hat Enterprise Linux kernel signing key
emailAddress = secalert@redhat.com
O = NCSD LLC
CN = MSVSphere kernel signing key
emailAddress = security@msvsphere.ru
[ myexts ]
basicConstraints=critical,CA:FALSE

@ -165,15 +165,15 @@ Summary: The Linux kernel
# define buildid .local
%define specversion 5.14.0
%define patchversion 5.14
%define pkgrelease 503.19.1
%define pkgrelease 503.15.1
%define kversion 5
%define tarfile_release 5.14.0-503.19.1.el9_5
%define tarfile_release 5.14.0-503.15.1.el9_5
# This is needed to do merge window version magic
%define patchlevel 14
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 503.19.1%{?buildid}%{?dist}
%define specrelease 503.15.1%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 5.14.0-503.19.1.el9_5
%define kabiversion 5.14.0-503.15.1.el9_5
#
# End of genspec.sh variables
@ -185,7 +185,6 @@ Summary: The Linux kernel
# should not be exported to RPM provides
%global __provides_exclude_from ^%{_libexecdir}/kselftests
%define _with_kabidupchk 1
%define _with_kabidupchk 1
# The following build options are enabled by default, but may become disabled
# by later architecture-specific checks. These can also be disabled by using
@ -202,24 +201,25 @@ Summary: The Linux kernel
# kernel-64k (aarch64 kernel with 64K page_size)
%define with_arm64_64k %{?_without_arm64_64k: 0} %{?!_without_arm64_64k: 1}
# kernel-rt (x86_64 and aarch64 only PREEMPT_RT enabled kernel)
%define with_realtime %{?_without_realtime: 0} %{?!_without_realtime: 1}
%define with_realtime 0
# kernel-doc
%define with_doc %{?_without_doc: 0} %{?!_without_doc: 1}
# kernel-headers
%define with_headers %{?_without_headers: 0} %{?!_without_headers: 1}
%define with_cross_headers %{?_without_cross_headers: 0} %{?!_without_cross_headers: 1}
# perf
%define with_perf %{?_without_perf: 0} %{?!_without_perf: 1}
#%%define with_perf %%{?_without_perf: 0} %%{?!_without_perf: 1}
%define with_perf 0
# tools
%define with_tools %{?_without_tools: 0} %{?!_without_tools: 1}
%define with_tools 0
# bpf tool
%define with_bpftool %{?_without_bpftool: 0} %{?!_without_bpftool: 1}
%define with_bpftool 0
# kernel-debuginfo
%define with_debuginfo %{?_without_debuginfo: 0} %{?!_without_debuginfo: 1}
# kernel-abi-stablelists
%define with_kernel_abi_stablelists %{?_without_kernel_abi_stablelists: 0} %{?!_without_kernel_abi_stablelists: 1}
# internal samples and selftests
%define with_selftests %{?_without_selftests: 0} %{?!_without_selftests: 1}
%define with_selftests 0
#
# Additional options for user-friendly one-off kernel building:
#
@ -232,7 +232,9 @@ Summary: The Linux kernel
# Only build the realtime kernel (--with rtonly):
%define with_rtonly %{?_with_rtonly: 1} %{?!_with_rtonly: 0}
# Control whether we perform a compat. check against published ABI.
%define with_kabichk %{?_without_kabichk: 0} %{?!_without_kabichk: 1}
%define with_kabichk 0
# Temporarily disable kabi checks until RC.
%define with_kabichk 0
# Control whether we perform a compat. check against DUP ABI.
%define with_kabidupchk %{?_with_kabidupchk: 1} %{?!_with_kabidupchk: 0}
#
@ -254,7 +256,7 @@ Summary: The Linux kernel
%define with_release %{?_with_release: 1} %{?!_with_release: 0}
# verbose build, i.e. no silent rules and V=1
%define with_verbose %{?_with_verbose: 1} %{?!_with_verbose: 0}
%define with_verbose 0
#
# check for mismatched config options
@ -438,14 +440,14 @@ Summary: The Linux kernel
%define with_selftests 0
%endif
%ifnarch noarch
%ifnarch x86_64
%define with_kernel_abi_stablelists 0
%endif
# Overrides for generic default options
# only package docs noarch
%ifnarch noarch
%ifnarch x86_64
%define with_doc 0
%define doc_build_fail true
%endif
@ -630,7 +632,8 @@ Name: kernel
License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib
URL: https://www.kernel.org/
Version: %{specversion}
Release: %{pkg_release}
Release: %{pkg_release}.inferit.0.fuzzing
# DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD.
# SET %%nobuildarches (ABOVE) INSTEAD
%if 0%{?fedora}
@ -652,7 +655,8 @@ Provides: installonlypkg(kernel)
#
BuildRequires: kmod, bash, coreutils, tar, git-core, which
BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter, perl-Carp, perl-devel, perl-generators, make, diffutils, gawk, %compression
BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc, bison, flex, gcc-c++
BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc, bison, flex, gcc-c++, gcc-plugin-annobin
#BuildRequires: gcc-toolset-12-gcc, gcc-toolset-12-gcc-c++, gcc-toolset-12-gcc-plugin-annobin
BuildRequires: net-tools, hostname, bc, elfutils-devel
BuildRequires: dwarves
BuildRequires: python3-devel
@ -792,11 +796,7 @@ BuildRequires: tpm2-tools
# For Azure CVM specific udev rules
BuildRequires: WALinuxAgent-cvm
# For UKI sb cert
%if 0%{?centos}
BuildRequires: centos-sb-certs >= 9.0-23
%else
BuildRequires: redhat-sb-certs >= 9.4-0.1
%endif
BuildRequires: sphere-sb-certs >= 9.4-0.1
%endif
# Because this is the kernel, it's hard to get a single upstream URL
@ -822,20 +822,7 @@ Source2: kernel.changelog
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
%if 0%{?centos}
%define pesign_name_0 centossecureboot201
%else
%ifarch x86_64 aarch64
%define pesign_name_0 redhatsecureboot501
%endif
%ifarch s390x
%define pesign_name_0 redhatsecureboot302
%endif
%ifarch ppc64le
%define pesign_name_0 redhatsecureboot701
%endif
%endif
%define pesign_name_0 spheresecureboot001
# signkernel
%endif
@ -914,19 +901,13 @@ Source84: mod-internal.list
Source85: mod-partner.list
Source86: mod-kvm.list
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
Source102: rhelimaca1.x509
Source103: rhelima.x509
Source104: rhelima_centos.x509
Source105: nvidiagpuoot001.x509
Source100: msvspheredup1.x509
Source101: msvspherepatch1.x509
Source102: msvsphereca1.x509
Source103: msvsphereima.x509
#Source105: nvidiagpuoot001.x509
%if 0%{?centos}
%define ima_signing_cert %{SOURCE104}
%else
%define ima_signing_cert %{SOURCE103}
%endif
%define ima_cert_name ima.cer
Source150: dracut-virt.conf
@ -974,6 +955,21 @@ Source4002: gating.yaml
Patch1: patch-%{patchversion}-redhat.patch
%endif
# Bring back deprecated PCI ids #CFHack #CFHack2024
Patch2001: 0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch
Patch2002: 0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch
Patch2003: 0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch
Patch2004: 0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
Patch2005: 0005-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch
Patch2006: 0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch
Patch2007: 0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
# Backported by Inferit
Patch3001: 0101-patch-5.14-bluetooth-hci_sysfs-Fix-attempting-to-call-device_ad.patch
# Inferit hardware support
Patch3101: 0201-5.14.0-mic-fix.patch
# empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
@ -1016,6 +1012,7 @@ AutoProv: yes\
%package doc
Summary: Various documentation bits found in the kernel source
Group: Documentation
BuildArch: noarch
%description doc
This package contains documentation files from the kernel
source. Various bits of information about the Linux kernel and the
@ -1249,11 +1246,12 @@ Summary: gcov graph and source files for coverage data collection.\
%{nil}
%package -n kernel-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
Summary: The MSVSphere kernel ABI symbol stablelists
AutoReqProv: no
BuildArch: noarch
%description -n kernel-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise
Linux kernel ABI, including lists of kernel symbols that are needed by
The kABI package contains information pertaining to the MSVSphere
kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base}
@ -1262,8 +1260,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel
AutoReqProv: no
%description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise
Linux kernel, suitable for the kabi-dw tool.
The package contains data describing the current ABI of the MSVSphere
kernel, suitable for the kabi-dw tool.
%endif
#
@ -1362,7 +1360,7 @@ Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
This package provides kernel modules for the %{?2:%{2} }kernel package for MSVSphere internal usage.\
%{nil}
%if %{with_realtime}
@ -1484,6 +1482,11 @@ Provides: installonlypkg(kernel)\
Requires: kernel-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\
Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\
%endif\
%if "%{1}" == "rt" || "%{?1}" == ""\
Provides: msvsphere(kernel-sig-key) = 202310\
Conflicts: shim-ia32 <= 15.6-1.el9.inferit\
Conflicts: shim-x64 <= 15.6-1.el9.inferit\
%endif\
%{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\
%if %{?1:1} %{!?1:0} \
%{expand:%%kernel_meta_package %{?1:%{1}}}\
@ -1542,7 +1545,7 @@ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-partner\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat partners usage.\
This package provides kernel modules for the %{?2:%{2} }kernel package for MSVSphere partners usage.\
%{nil}
# Now, each variant package.
@ -1711,6 +1714,17 @@ cp -a %{SOURCE1} .
%if !%{nopatches}
ApplyPatch 0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch
ApplyPatch 0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch
ApplyPatch 0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch
ApplyPatch 0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch
ApplyPatch 0005-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch
ApplyPatch 0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch
ApplyPatch 0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch
ApplyPatch 0101-patch-5.14-bluetooth-hci_sysfs-Fix-attempting-to-call-device_ad.patch
ApplyPatch 0201-5.14.0-mic-fix.patch
ApplyOptionalPatch patch-%{patchversion}-redhat.patch
%endif
@ -1744,6 +1758,9 @@ pathfix.py -i "%{__python3} %{py3_shbang_opts}" -p -n \
Documentation \
scripts/clang-tools
# Is it necessary?
sed -i 's/GCC_VERSION >= 120000/GCC_VERSION >= 110000/' lib/Kconfig.debug
# only deal with configs if we are going to build for the arch
%ifnarch %nobuildarches
@ -1791,8 +1808,7 @@ done
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
openssl x509 -inform der -in %{SOURCE102} -out rhelimaca1.pem
openssl x509 -inform der -in %{SOURCE105} -out nvidiagpuoot001.pem
cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem nvidiagpuoot001.pem > ../certs/rhel.pem
cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem > ../certs/rhel.pem
%if %{signkernel}
%ifarch s390x ppc64le
openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem
@ -1808,7 +1824,7 @@ done
# Adjust FIPS module name for RHEL
%if 0%{?rhel}
for i in *.config; do
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="MSVSphere %{rhel} - Kernel Cryptographic API"/' $i
done
%endif
@ -1831,12 +1847,7 @@ RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh %{primary_target}
# against a flavour of it (eg. centos not rhel), thus override it here if
# necessary
if [ "%{primary_target}" == "rhel" ]; then
%if 0%{?centos}
echo "Updating scripts/sources to centos version"
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh centos
%else
echo "Not updating scripts/sources to centos version"
%endif
fi
# end of kernel config
@ -2454,14 +2465,17 @@ BuildKernel() {
# RHEL/CentOS specific .SBAT entries
%if 0%{?centos}
SBATsuffix="centos"
SBATsuffix="rhel"
%else
SBATsuffix="rhel"
%endif
SBAT=$(cat <<- EOF
linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
linux,1,MSVSphere,$KernelVer,mailto:security@msvsphere-os.ru
linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
linux.$SBATsuffix,1,MSVSphere,$KernelVer,mailto:security@msvsphere-os.ru
kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com
kernel-uki-virt.$SBATsuffix,1,MSVSphere,kernel-uki-virt,$KernelVer,mailto:security@msvsphere-os.ru
EOF
)
@ -2489,9 +2503,11 @@ BuildKernel() {
%if %{signkernel}
%if 0%{?centos}
UKI_secureboot_name=centossecureboot204
UKI_secureboot_name=spheresecureboot001
UKI_secureboot_cert=%{SOURCE151}
%else
UKI_secureboot_name=redhatsecureboot504
UKI_secureboot_name=spheresecureboot001
UKI_secureboot_cert=%{SOURCE152}
%endif
UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer
@ -2586,7 +2602,7 @@ BuildKernel() {
# prune junk from kernel-devel
find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
# MSVSphere UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%if %{signkernel}
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
@ -3792,74 +3808,12 @@ fi
#
#
%changelog
* Fri Dec 06 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.19.1.el9_5]
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66462 RHEL-66461] {CVE-2024-50142}
- xfrm: fix one more kernel-infoleak in algo dumping (CKI Backport Bot) [RHEL-65960] {CVE-2024-50110}
- Revert "Merge: [qed] softlockup triggered by ethtool -d [rhel-9.5.z]" (Lucas Zampieri) [RHEL-61705]
- tracing/hwlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468] {CVE-2024-49866}
- tracing/timerlat: Drop interface_lock in stop_kthread() (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (Tomas Glozar) [RHEL-69468]
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61416 RHEL-60255]
* Tue Dec 03 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.18.1.el9_5]
- bpf: Fix a kernel verifier crash in stacksafe() (CKI Backport Bot) [RHEL-66097 RHEL-66098] {CVE-2024-45020}
- bpf: Fix a sdiv overflow issue (CKI Backport Bot) [RHEL-64598 RHEL-64597] {CVE-2024-49888}
- bpf: Fix out-of-bounds write in trie_get_next_key() (CKI Backport Bot) [RHEL-66877] {CVE-2024-50262}
- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CKI Backport Bot) [RHEL-63331] {CVE-2024-47675}
- nfsd: ensure that nfsd4_fattr_args.context is zeroed out (Jay Shin) [RHEL-58884 RHEL-58883] {CVE-2024-46697}
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Jon Maloy) [RHEL-65872] {CVE-2024-50115}
- net: tighten bad gso csum offset check in virtio_net_hdr (Guillaume Nault) [RHEL-67683]
- udp: fix receiving fraglist GSO packets (Guillaume Nault) [RHEL-67683]
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CKI Backport Bot) [RHEL-66804] {CVE-2024-50255}
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (Bastien Nocera) [RHEL-66321] {CVE-2024-50124}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-50125}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-27398}
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CKI Backport Bot) [RHEL-44173] {CVE-2024-38564}
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CKI Backport Bot) [RHEL-66365] {CVE-2024-50148}
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CKI Backport Bot) [RHEL-57716 RHEL-36374] {CVE-2024-27399}
* Thu Nov 28 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.17.1.el9_5]
- arm64: probes: Remove broken LDR (literal) uprobe support (CKI Backport Bot) [RHEL-66046] {CVE-2024-50099}
- qed: put cond_resched() in qed_dmae_operation_wait() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow the callee of qed_mcp_nvm_read() to sleep (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: put cond_resched() in qed_grc_dump_ctx_data() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: make 'ethtool -d' 10 times faster (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow sleep in qed_mcp_trace_dump() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- sched/numa: Fix the potential null pointer dereference in task_numa_work() (CKI Backport Bot) [RHEL-66810] {CVE-2024-50223}
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- perf/x86/intel/uncore: Support HBM and CXL PMON counters (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Cleanup unused unit structure (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Support per PMU cpumask (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Save the unit control address of all units (Michael Petlan) [RHEL-65856]
* Thu Nov 21 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.16.1.el9_5]
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-64902 RHEL-55873]
- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Steve Best) [RHEL-65436 RHEL-27748] {CVE-2024-26615}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66856] {CVE-2024-50251}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CKI Backport Bot) [RHEL-65401] {CVE-2024-49949}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-58761 RHEL-54768] {CVE-2024-43854}
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net (Joel Savitz) [RHEL-62824 RHEL-57703]
- iommu: Restore lost return in iommu_report_device_fault() (CKI Backport Bot) [RHEL-67364] {CVE-2024-44994}
- net: ena: Extend customer metrics reporting support (Kamal Heib) [RHEL-66933 RHEL-59968]
- net: ena: Add ENA Express metrics support (Kamal Heib) [RHEL-66933 RHEL-59968]
- xsk: fix batch alloc API on non-coherent systems (Felix Maurer) [RHEL-59884 RHEL-58954]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66106] {CVE-2024-46695}
- PCI/AER: Disable AER service on suspend (Lenny Szubowicz) [RHEL-67037 RHEL-22265]
- ACPI: PM: s2idle: Evaluate all Low-Power S0 Idle _DSM functions (Mark Langsdorf) [RHEL-67037 RHEL-54149]
- mptcp: fallback when MPTCP opts are dropped after 1st data (CKI Backport Bot) [RHEL-62216 RHEL-62218]
- cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: fix setting policy current frequency value (David Arcari) [RHEL-61469 RHEL-45016]
- netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58545] {CVE-2024-45018}
* Thu Dec 5 2024 Eduard Basov <ebasov@msvsphere-os.ru> - 5.14.0-503.15.1.inferit.0.fuzzing
- Rebuild for MSVSphere 9.5
- Added 1289 new options for debug conf
- Enable fuzzing options:
https://github.com/google/syzkaller/blob/master/docs/linux/kernel_configs.md
- Disable rt, perf, tools, bpftool, selftests, kabi check
* Thu Nov 14 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-503.15.1.el9_5]
- USB: serial: mos7840: fix crash on resume (Desnes Nunes) [RHEL-65484 RHEL-59050] {CVE-2024-42244}
@ -24730,6 +24684,17 @@ fi
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-29685]
- ice: fix enabling RX VLAN filtering (Petr Oros) [RHEL-28837]
* Thu Apr 11 2024 Arkady L. Shane <tigro@msvsphere-os.ru> [5.14.0-438.el9]
- AlmaLinux patches
* hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
* mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
* qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
* qla4xxx: bring back deprecated PCI ids
* lpfc: bring back deprecated PCI ids
* be2iscsi: bring back deprecated PCI ids
* nvme *pci: add BOGUS_NID for Intel 0a54 device
* kernel/rh_messages.h: empty rh_disabled_pci_devices and rh_unmaintained_pci_devices lists
* Wed Apr 10 2024 Lucas Zampieri <lzampier@redhat.com> [5.14.0-438.el9]
- ipmi: Remove usage of the deprecated ida_simple_xx() API (Tony Camuso) [RHEL-25927]
- ipmi: Use regspacings passed as a module parameter (Tony Camuso) [RHEL-25927]

Loading…
Cancel
Save