diff options
Diffstat (limited to 'SOURCES')
26 files changed, 55 insertions, 4 deletions
diff --git a/SOURCES/Patchlist.changelog b/SOURCES/Patchlist.changelog index beb8d9d..129bcda 100644 --- a/SOURCES/Patchlist.changelog +++ b/SOURCES/Patchlist.changelog @@ -1,3 +1,6 @@ +https://gitlab.com/cki-project/kernel-ark/-/commit/59fec098b4b0eb9bc766f12c40b85f8fc42cbb1d + 59fec098b4b0eb9bc766f12c40b85f8fc42cbb1d can: bcm: delay release of struct bcm_op after synchronize_rcu + https://gitlab.com/cki-project/kernel-ark/-/commit/d6845a028944f7b9ee8fe7b5fe0239fa6c363c90 d6845a028944f7b9ee8fe7b5fe0239fa6c363c90 Bluetooth: btqca: Don't modify firmware contents in-place diff --git a/SOURCES/futex2.patch b/SOURCES/futex2.patch index 482b6c1..d3c2247 100644 --- a/SOURCES/futex2.patch +++ b/SOURCES/futex2.patch @@ -1428,7 +1428,7 @@ index d6a2efbfa488..69866f98f287 100644 + } + + key->pointer = futex_get_inode_uuid(inode); -+ key->index = (unsigned long)basepage_index(tail); ++ key->index = (unsigned long)page_index(tail); + key->offset |= FUT_OFF_INODE; + + rcu_read_unlock(); diff --git a/SOURCES/kernel-aarch64-debug-fedora.config b/SOURCES/kernel-aarch64-debug-fedora.config index b15a69d..b19458f 100644 --- a/SOURCES/kernel-aarch64-debug-fedora.config +++ b/SOURCES/kernel-aarch64-debug-fedora.config @@ -7114,6 +7114,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-aarch64-debug-rhel.config b/SOURCES/kernel-aarch64-debug-rhel.config index d2fb3d8..98213bd 100644 --- a/SOURCES/kernel-aarch64-debug-rhel.config +++ b/SOURCES/kernel-aarch64-debug-rhel.config @@ -5592,6 +5592,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-aarch64-fedora.config b/SOURCES/kernel-aarch64-fedora.config index 6c747d8..7fa3844 100644 --- a/SOURCES/kernel-aarch64-fedora.config +++ b/SOURCES/kernel-aarch64-fedora.config @@ -7089,6 +7089,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-aarch64-rhel.config b/SOURCES/kernel-aarch64-rhel.config index 1d40824..9097006 100644 --- a/SOURCES/kernel-aarch64-rhel.config +++ b/SOURCES/kernel-aarch64-rhel.config @@ -5569,6 +5569,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-armv7hl-debug-fedora.config b/SOURCES/kernel-armv7hl-debug-fedora.config index 13c0dfa..8d161ec 100644 --- a/SOURCES/kernel-armv7hl-debug-fedora.config +++ b/SOURCES/kernel-armv7hl-debug-fedora.config @@ -7338,6 +7338,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-armv7hl-fedora.config b/SOURCES/kernel-armv7hl-fedora.config index e4aa888..27b4f7c 100644 --- a/SOURCES/kernel-armv7hl-fedora.config +++ b/SOURCES/kernel-armv7hl-fedora.config @@ -7314,6 +7314,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-armv7hl-lpae-debug-fedora.config b/SOURCES/kernel-armv7hl-lpae-debug-fedora.config index 46ebd88..c7b11c1 100644 --- a/SOURCES/kernel-armv7hl-lpae-debug-fedora.config +++ b/SOURCES/kernel-armv7hl-lpae-debug-fedora.config @@ -7096,6 +7096,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-armv7hl-lpae-fedora.config b/SOURCES/kernel-armv7hl-lpae-fedora.config index 21022df..69e30c9 100644 --- a/SOURCES/kernel-armv7hl-lpae-fedora.config +++ b/SOURCES/kernel-armv7hl-lpae-fedora.config @@ -7072,6 +7072,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-i686-debug-fedora.config b/SOURCES/kernel-i686-debug-fedora.config index b51710c..6262127 100644 --- a/SOURCES/kernel-i686-debug-fedora.config +++ b/SOURCES/kernel-i686-debug-fedora.config @@ -6385,6 +6385,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-i686-fedora.config b/SOURCES/kernel-i686-fedora.config index c12a3f6..14324c4 100644 --- a/SOURCES/kernel-i686-fedora.config +++ b/SOURCES/kernel-i686-fedora.config @@ -6361,6 +6361,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-ppc64le-debug-fedora.config b/SOURCES/kernel-ppc64le-debug-fedora.config index de1f853..27bf633 100644 --- a/SOURCES/kernel-ppc64le-debug-fedora.config +++ b/SOURCES/kernel-ppc64le-debug-fedora.config @@ -5982,6 +5982,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-ppc64le-debug-rhel.config b/SOURCES/kernel-ppc64le-debug-rhel.config index 73110f6..1be5ccb 100644 --- a/SOURCES/kernel-ppc64le-debug-rhel.config +++ b/SOURCES/kernel-ppc64le-debug-rhel.config @@ -5398,6 +5398,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-ppc64le-fedora.config b/SOURCES/kernel-ppc64le-fedora.config index e55626d..54660a6 100644 --- a/SOURCES/kernel-ppc64le-fedora.config +++ b/SOURCES/kernel-ppc64le-fedora.config @@ -5957,6 +5957,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-ppc64le-rhel.config b/SOURCES/kernel-ppc64le-rhel.config index 644695a..9794b92 100644 --- a/SOURCES/kernel-ppc64le-rhel.config +++ b/SOURCES/kernel-ppc64le-rhel.config @@ -5379,6 +5379,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-s390x-debug-fedora.config b/SOURCES/kernel-s390x-debug-fedora.config index 8a4b742..18731f2 100644 --- a/SOURCES/kernel-s390x-debug-fedora.config +++ b/SOURCES/kernel-s390x-debug-fedora.config @@ -5920,6 +5920,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-s390x-debug-rhel.config b/SOURCES/kernel-s390x-debug-rhel.config index 2cd5788..c7c92a4 100644 --- a/SOURCES/kernel-s390x-debug-rhel.config +++ b/SOURCES/kernel-s390x-debug-rhel.config @@ -5338,6 +5338,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-s390x-fedora.config b/SOURCES/kernel-s390x-fedora.config index 50e601a..55ef949 100644 --- a/SOURCES/kernel-s390x-fedora.config +++ b/SOURCES/kernel-s390x-fedora.config @@ -5895,6 +5895,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-s390x-rhel.config b/SOURCES/kernel-s390x-rhel.config index 172a6be..6e2ecc4 100644 --- a/SOURCES/kernel-s390x-rhel.config +++ b/SOURCES/kernel-s390x-rhel.config @@ -5319,6 +5319,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-s390x-zfcpdump-rhel.config b/SOURCES/kernel-s390x-zfcpdump-rhel.config index 29b0324..61c4aa7 100644 --- a/SOURCES/kernel-s390x-zfcpdump-rhel.config +++ b/SOURCES/kernel-s390x-zfcpdump-rhel.config @@ -5353,6 +5353,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-x86_64-debug-fedora.config b/SOURCES/kernel-x86_64-debug-fedora.config index 65a0a44..fd6494d 100644 --- a/SOURCES/kernel-x86_64-debug-fedora.config +++ b/SOURCES/kernel-x86_64-debug-fedora.config @@ -6439,6 +6439,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index c9eb334..357438f 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -5623,6 +5623,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-x86_64-fedora.config b/SOURCES/kernel-x86_64-fedora.config index 363ffe6..333d932 100644 --- a/SOURCES/kernel-x86_64-fedora.config +++ b/SOURCES/kernel-x86_64-fedora.config @@ -6415,6 +6415,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index 0db54ef..03868b7 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -5601,6 +5601,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SYSTEMPORT is not set +# CONFIG_SYSTEM_REVOCATION_LIST is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSV68_PARTITION is not set diff --git a/SOURCES/patch-5.12-redhat.patch b/SOURCES/patch-5.12-redhat.patch index 1b712c1..a9acb22 100644 --- a/SOURCES/patch-5.12-redhat.patch +++ b/SOURCES/patch-5.12-redhat.patch @@ -36,12 +36,13 @@ include/linux/security.h | 5 + kernel/crash_core.c | 28 ++++- kernel/module_signing.c | 9 +- + net/can/bcm.c | 6 + security/integrity/platform_certs/load_uefi.c | 6 +- security/lockdown/Kconfig | 13 +++ security/lockdown/lockdown.c | 1 + security/security.c | 6 + security/selinux/hooks.c | 3 +- - 43 files changed, 641 insertions(+), 185 deletions(-) + 44 files changed, 647 insertions(+), 185 deletions(-) diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst index 75a9dd98e76e..3ff3291551f9 100644 @@ -66,7 +67,7 @@ index 75a9dd98e76e..3ff3291551f9 100644 Boot into System Kernel diff --git a/Makefile b/Makefile -index d2fe36db78ae..0fb6443bd3a7 100644 +index 433f164f9ee0..56a62bea0db1 100644 --- a/Makefile +++ b/Makefile @@ -495,6 +495,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE @@ -1537,8 +1538,32 @@ index 8723ae70ea1f..fb2d773498c2 100644 + } + return ret; } +diff --git a/net/can/bcm.c b/net/can/bcm.c +index f3e4d9528fa3..c67916020e63 100644 +--- a/net/can/bcm.c ++++ b/net/can/bcm.c +@@ -785,6 +785,7 @@ static int bcm_delete_rx_op(struct list_head *ops, struct bcm_msg_head *mh, + bcm_rx_handler, op); + + list_del(&op->list); ++ synchronize_rcu(); + bcm_remove_op(op); + return 1; /* done */ + } +@@ -1533,6 +1534,11 @@ static int bcm_release(struct socket *sock) + REGMASK(op->can_id), + bcm_rx_handler, op); + ++ } ++ ++ synchronize_rcu(); ++ ++ list_for_each_entry_safe(op, next, &bo->rx_ops, list) { + bcm_remove_op(op); + } + diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c -index ee4b4c666854..eff9ff593405 100644 +index f290f78c3f30..d3e7ae04f5be 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, |