From 56d04f7e49da925d17785eaad94acb4cbd27004f Mon Sep 17 00:00:00 2001 From: Jan200101 Date: Wed, 21 Aug 2024 20:31:55 +0200 Subject: kernel 6.10.6 --- SOURCES/patch-6.10-redhat.patch | 55 +++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 29 deletions(-) (limited to 'SOURCES/patch-6.10-redhat.patch') diff --git a/SOURCES/patch-6.10-redhat.patch b/SOURCES/patch-6.10-redhat.patch index ae6051c..01f9da9 100644 --- a/SOURCES/patch-6.10-redhat.patch +++ b/SOURCES/patch-6.10-redhat.patch @@ -12,7 +12,6 @@ drivers/acpi/irq.c | 17 ++- drivers/acpi/scan.c | 9 ++ drivers/ata/libahci.c | 18 +++ - drivers/ata/libata-scsi.c | 15 ++- drivers/char/ipmi/ipmi_dmi.c | 15 +++ drivers/char/ipmi/ipmi_msghandler.c | 16 ++- drivers/char/random.c | 122 +++++++++++++++++ @@ -41,10 +40,11 @@ security/lockdown/Kconfig | 13 ++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 43 files changed, 802 insertions(+), 261 deletions(-) + security/selinux/hooks.c | 12 +- + 43 files changed, 800 insertions(+), 260 deletions(-) diff --git a/Makefile b/Makefile -index f9badb79ae8f..4d0eadfc33a1 100644 +index 361a70264e1f..eaf69484d4ce 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -617,32 +617,6 @@ index 83431aae74d8..f2a9c0d644af 100644 /* wait for engine to stop. This could be as long as 500 msec */ tmp = ata_wait_register(ap, port_mmio + PORT_CMD, PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); -diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c -index 076fbeadce01..4e0847601103 100644 ---- a/drivers/ata/libata-scsi.c -+++ b/drivers/ata/libata-scsi.c -@@ -941,8 +941,19 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) - &sense_key, &asc, &ascq); - ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq); - } else { -- /* ATA PASS-THROUGH INFORMATION AVAILABLE */ -- ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D); -+ /* -+ * ATA PASS-THROUGH INFORMATION AVAILABLE -+ * -+ * Note: we are supposed to call ata_scsi_set_sense(), which -+ * respects the D_SENSE bit, instead of unconditionally -+ * generating the sense data in descriptor format. However, -+ * because hdparm, hddtemp, and udisks incorrectly assume sense -+ * data in descriptor format, without even looking at the -+ * RESPONSE CODE field in the returned sense data (to see which -+ * format the returned sense data is in), we are stuck with -+ * being bug compatible with older kernels. -+ */ -+ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); - } - } - diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c index bbf7029e224b..cf7faa970dd6 100644 --- a/drivers/char/ipmi/ipmi_dmi.c @@ -1983,3 +1957,26 @@ index 8cee5b6c6e6d..489e25946bf9 100644 #ifdef CONFIG_PERF_EVENTS /** * security_perf_event_open() - Check if a perf event open is allowed +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index 55c78c318ccd..bfa61e005aac 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -3852,7 +3852,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, + if (default_noexec && + (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { + int rc = 0; +- if (vma_is_initial_heap(vma)) { ++ /* ++ * We don't use the vma_is_initial_heap() helper as it has ++ * a history of problems and is currently broken on systems ++ * where there is no heap, e.g. brk == start_brk. Before ++ * replacing the conditional below with vma_is_initial_heap(), ++ * or something similar, please ensure that the logic is the ++ * same as what we have below or you have tested every possible ++ * corner case you can think to test. ++ */ ++ if (vma->vm_start >= vma->vm_mm->start_brk && ++ vma->vm_end <= vma->vm_mm->brk) { + rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, + PROCESS__EXECHEAP, NULL); + } else if (!vma->vm_file && (vma_is_initial_stack(vma) || -- cgit v1.2.3