kernel-6.8.5-300

* Wed Apr 10 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) - redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) - Add CVE fix for 6.8.5 (Justin M. Forbes) - Linux v6.8.5 Resolves: Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2024-04-10 10:52:29 -05:00 · 2024-04-10 10:52:29 -05:00 · 100029c3e4
parent 3cafd70317
commit 100029c3e4
10 changed files with 56 additions and 69 deletions
--- a/kernel-x86_64-debug-fedora.config
+++ b/kernel-x86_64-debug-fedora.config
@ -274,7 +274,7 @@ CONFIG_AMD_PMF_DEBUG=y
 CONFIG_AMD_PMF=m
 CONFIG_AMD_PTDMA=m
 CONFIG_AMD_SFH_HID=m
-# CONFIG_AMDTEE is not set
+CONFIG_AMDTEE=m
 CONFIG_AMD_WBRF=y
 CONFIG_AMD_XGBE_DCB=y
 CONFIG_AMD_XGBE=m
@ -7279,6 +7279,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
 CONFIG_SPEAKUP_SYNTH_TXPRT=m
+# CONFIG_SPECTRE_BHI_AUTO is not set
+# CONFIG_SPECTRE_BHI_OFF is not set
+CONFIG_SPECTRE_BHI_ON=y
 CONFIG_SPECULATION_MITIGATIONS=y
 CONFIG_SPI_ALTERA_CORE=m
 CONFIG_SPI_ALTERA_DFL=m
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@ -230,7 +230,7 @@ CONFIG_AMD_PMF_DEBUG=y
 CONFIG_AMD_PMF=m
 CONFIG_AMD_PTDMA=m
 CONFIG_AMD_SFH_HID=m
-# CONFIG_AMDTEE is not set
+CONFIG_AMDTEE=m
 # CONFIG_AMD_WBRF is not set
 # CONFIG_AMD_XGBE_DCB is not set
 CONFIG_AMD_XGBE=m
@ -6508,6 +6508,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
 CONFIG_SPEAKUP_SYNTH_TXPRT=m
+# CONFIG_SPECTRE_BHI_AUTO is not set
+# CONFIG_SPECTRE_BHI_OFF is not set
+CONFIG_SPECTRE_BHI_ON=y
 CONFIG_SPECULATION_MITIGATIONS=y
 # CONFIG_SPI_ALTERA_CORE is not set
 # CONFIG_SPI_ALTERA is not set
--- a/kernel-x86_64-fedora.config
+++ b/kernel-x86_64-fedora.config
@ -274,7 +274,7 @@ CONFIG_AMD_PMC=m
 CONFIG_AMD_PMF=m
 CONFIG_AMD_PTDMA=m
 CONFIG_AMD_SFH_HID=m
-# CONFIG_AMDTEE is not set
+CONFIG_AMDTEE=m
 CONFIG_AMD_WBRF=y
 CONFIG_AMD_XGBE_DCB=y
 CONFIG_AMD_XGBE=m
@ -7249,6 +7249,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
 CONFIG_SPEAKUP_SYNTH_TXPRT=m
+# CONFIG_SPECTRE_BHI_AUTO is not set
+# CONFIG_SPECTRE_BHI_OFF is not set
+CONFIG_SPECTRE_BHI_ON=y
 CONFIG_SPECULATION_MITIGATIONS=y
 CONFIG_SPI_ALTERA_CORE=m
 CONFIG_SPI_ALTERA_DFL=m
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@ -230,7 +230,7 @@ CONFIG_AMD_PMC=m
 CONFIG_AMD_PMF=m
 CONFIG_AMD_PTDMA=m
 CONFIG_AMD_SFH_HID=m
-# CONFIG_AMDTEE is not set
+CONFIG_AMDTEE=m
 # CONFIG_AMD_WBRF is not set
 # CONFIG_AMD_XGBE_DCB is not set
 CONFIG_AMD_XGBE=m
@ -6484,6 +6484,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
 CONFIG_SPEAKUP_SYNTH_TXPRT=m
+# CONFIG_SPECTRE_BHI_AUTO is not set
+# CONFIG_SPECTRE_BHI_OFF is not set
+CONFIG_SPECTRE_BHI_ON=y
 CONFIG_SPECULATION_MITIGATIONS=y
 # CONFIG_SPI_ALTERA_CORE is not set
 # CONFIG_SPI_ALTERA is not set
--- a/kernel-x86_64-rt-debug-rhel.config
+++ b/kernel-x86_64-rt-debug-rhel.config
@ -230,7 +230,7 @@ CONFIG_AMD_PMF_DEBUG=y
 CONFIG_AMD_PMF=m
 CONFIG_AMD_PTDMA=m
 CONFIG_AMD_SFH_HID=m
-# CONFIG_AMDTEE is not set
+CONFIG_AMDTEE=m
 # CONFIG_AMD_WBRF is not set
 # CONFIG_AMD_XGBE_DCB is not set
 CONFIG_AMD_XGBE=m
@ -6561,6 +6561,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
 CONFIG_SPEAKUP_SYNTH_TXPRT=m
+# CONFIG_SPECTRE_BHI_AUTO is not set
+# CONFIG_SPECTRE_BHI_OFF is not set
+CONFIG_SPECTRE_BHI_ON=y
 CONFIG_SPECULATION_MITIGATIONS=y
 # CONFIG_SPI_ALTERA_CORE is not set
 # CONFIG_SPI_ALTERA is not set
--- a/kernel-x86_64-rt-rhel.config
+++ b/kernel-x86_64-rt-rhel.config
@ -230,7 +230,7 @@ CONFIG_AMD_PMC=m
 CONFIG_AMD_PMF=m
 CONFIG_AMD_PTDMA=m
 CONFIG_AMD_SFH_HID=m
-# CONFIG_AMDTEE is not set
+CONFIG_AMDTEE=m
 # CONFIG_AMD_WBRF is not set
 # CONFIG_AMD_XGBE_DCB is not set
 CONFIG_AMD_XGBE=m
@ -6537,6 +6537,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
 CONFIG_SPEAKUP_SYNTH_TXPRT=m
+# CONFIG_SPECTRE_BHI_AUTO is not set
+# CONFIG_SPECTRE_BHI_OFF is not set
+CONFIG_SPECTRE_BHI_ON=y
 CONFIG_SPECULATION_MITIGATIONS=y
 # CONFIG_SPI_ALTERA_CORE is not set
 # CONFIG_SPI_ALTERA is not set
--- a/kernel.changelog
+++ b/kernel.changelog
@ -1,3 +1,11 @@
+* Wed Apr 10 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.8.5-0]
+- Set configs for SPECTRE_BHI (Justin M. Forbes)
+- Add AMD PMF bug (Justin M. Forbes)
+- redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari)
+- Add CVE fix for 6.8.5 (Justin M. Forbes)
+- Linux v6.8.5
+Resolves: 
+
 * Thu Apr 04 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.8.4-0]
 - Linux v6.8.4
 Resolves: 
--- a/kernel.spec
+++ b/kernel.spec
@ -160,18 +160,18 @@ Summary: The Linux kernel
 #  the --with-release option overrides this setting.)
 %define debugbuildsenabled 1
 # define buildid .local
-%define specrpmversion 6.8.4
-%define specversion 6.8.4
+%define specrpmversion 6.8.5
+%define specversion 6.8.5
 %define patchversion 6.8
 %define pkgrelease 300
 %define kversion 6
-%define tarfile_release 6.8.4
+%define tarfile_release 6.8.5
 # This is needed to do merge window version magic
 %define patchlevel 8
 # This allows pkg_release to have configurable %%{?dist} tag
 %define specrelease 300%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.8.4
+%define kabiversion 6.8.5

 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@ -3959,6 +3959,13 @@ fi\
 #
 #
 %changelog
+* Wed Apr 10 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.8.5-0]
+- Set configs for SPECTRE_BHI (Justin M. Forbes)
+- Add AMD PMF bug (Justin M. Forbes)
+- redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari)
+- Add CVE fix for 6.8.5 (Justin M. Forbes)
+- Linux v6.8.5
+
 * Thu Apr 04 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.8.4-0]
 - Linux v6.8.4

--- a/patch-6.8-redhat.patch
+++ b/patch-6.8-redhat.patch
@ -7,14 +7,12 @@
 drivers/acpi/irq.c                                 |  17 +-
 drivers/acpi/scan.c                                |   9 ++
 drivers/ata/libahci.c                              |  18 +++
- drivers/bluetooth/hci_qca.c                        |  13 +-
 drivers/char/ipmi/ipmi_dmi.c                       |  15 ++
 drivers/char/ipmi/ipmi_msghandler.c                |  16 +-
 drivers/firmware/efi/Makefile                      |   1 +
 drivers/firmware/efi/efi.c                         | 124 +++++++++++----
 drivers/firmware/efi/secureboot.c                  |  38 +++++
 drivers/firmware/sysfb.c                           |  18 ++-
- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c         |   2 +
 drivers/hid/hid-rmi.c                              |  66 --------
 drivers/hwtracing/coresight/coresight-etm4x-core.c |  19 +++
 drivers/input/rmi4/rmi_driver.c                    | 124 +++++++++------
@ -37,10 +35,10 @@
 security/lockdown/Kconfig                          |  13 ++
 security/lockdown/lockdown.c                       |   1 +
 security/security.c                                |  12 ++
- 39 files changed, 674 insertions(+), 189 deletions(-)
+ 37 files changed, 671 insertions(+), 177 deletions(-)

 diff --git a/Makefile b/Makefile
-index c436247d750c..fba81833741a 100644
+index f29a75b75861..90586379d1e8 100644
 --- a/Makefile
 +++ b/Makefile
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@ -125,7 +123,7 @@ index d1f3b56e7afc..eaefd0d7cfff 100644
 	/* boot_command_line has been already set up in early.c */
 	*cmdline_p = boot_command_line;
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 97dd70285741..efc3fbc9e9f3 100644
+index 3998109195da..cedcd208de44 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
@@ -20,6 +20,7 @@
@ -136,7 +134,7 @@ index 97dd70285741..efc3fbc9e9f3 100644
 #include <linux/usb/xhci-dbgp.h>
 #include <linux/static_call.h>
 #include <linux/swiotlb.h>
-@@ -900,6 +901,13 @@ void __init setup_arch(char **cmdline_p)
+@@ -901,6 +902,13 @@ void __init setup_arch(char **cmdline_p)
 	if (efi_enabled(EFI_BOOT))
 		efi_init();
 
@ -150,7 +148,7 @@ index 97dd70285741..efc3fbc9e9f3 100644
 	reserve_ibft_region();
 	x86_init.resources.dmi_setup();
 
-@@ -1063,19 +1071,7 @@ void __init setup_arch(char **cmdline_p)
+@@ -1065,19 +1073,7 @@ void __init setup_arch(char **cmdline_p)
 	/* Allocate bigger log buffer */
 	setup_log_buf(1);
 
@ -282,37 +280,6 @@ index 1a63200ea437..a911e976a596 100644
 	/* wait for engine to stop. This could be as long as 500 msec */
 	tmp = ata_wait_register(ap, port_mmio + PORT_CMD,
 				PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500);
-diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
-index 8a60ad7acd70..4ecbcb1644cc 100644
--- a/drivers/bluetooth/hci_qca.c
-+++ b/drivers/bluetooth/hci_qca.c
-@@ -7,7 +7,6 @@
-  *
-  *  Copyright (C) 2007 Texas Instruments, Inc.
-  *  Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved.
- *  Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-  *
-  *  Acknowledgements:
-  *  This file is based on hci_ll.c, which was...
-@@ -1904,17 +1903,7 @@ static int qca_setup(struct hci_uart *hu)
- 	case QCA_WCN6750:
- 	case QCA_WCN6855:
- 	case QCA_WCN7850:
-
-		/* Set BDA quirk bit for reading BDA value from fwnode property
-		 * only if that property exist in DT.
-		 */
-		if (fwnode_property_present(dev_fwnode(hdev->dev.parent), "local-bd-address")) {
-			set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
-			bt_dev_info(hdev, "setting quirk bit to read BDA from fwnode later");
-		} else {
-			bt_dev_dbg(hdev, "local-bd-address` is not present in the devicetree so not setting quirk bit for BDA");
-		}
-
-+		set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
- 		hci_set_aosp_capable(hdev);
- 
- 		ret = qca_read_soc_version(hdev, &ver, soc_type);
 diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
 index bbf7029e224b..cf7faa970dd6 100644
 --- a/drivers/char/ipmi/ipmi_dmi.c
@ -611,19 +578,6 @@ index 3c197db42c9d..16e4a2e90fae 100644
 		pd = sysfb_create_simplefb(si, &mode);
 		if (!IS_ERR(pd))
 			goto unlock_mutex;
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
-index 94bdb5fa6ebc..1fbaf7b81d69 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
-@@ -4524,6 +4524,8 @@ int amdgpu_device_prepare(struct drm_device *dev)
- 	if (r)
- 		goto unprepare;
- 
-+	flush_delayed_work(&adev->gfx.gfx_off_delay_work);
-+
- 	for (i = 0; i < adev->num_ip_blocks; i++) {
- 		if (!adev->ip_blocks[i].status.valid)
- 			continue;
 diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
 index d4af17fdba46..154f0403cbf4 100644
 --- a/drivers/hid/hid-rmi.c
@ -970,7 +924,7 @@ index 42eaebb3bf5c..7a35119c3144 100644
 	if (data->f01_container->dev.driver) {
 		/* Driver already bound, so enable ATTN now. */
 diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
-index cd1210026ac5..448d146c6757 100644
+index ad33161f2374..a4bca95d8322 100644
 --- a/drivers/iommu/iommu.c
 +++ b/drivers/iommu/iommu.c
@@ -8,6 +8,7 @@
@ -1045,7 +999,7 @@ index eff7f5df08e2..b58145ce7775 100644
  * Intersil/Techwell TW686[4589]-based video capture cards have an empty (zero)
  * class code.  Fix it.
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index d5d3eea006c1..583d0fa2877d 100644
+index 35200a7a7355..738378291882 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
@@ -118,6 +118,14 @@ static const char *sd_cache_types[] = {
@ -1462,7 +1416,7 @@ index a2ff4242e623..f0d2be1ee4f1 100644
 
 int module_sig_check(struct load_info *info, int flags)
 diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 267b9a0a3abc..12612f58ca58 100644
+index 6568f8177e39..14d8237af366 100644
 --- a/scripts/mod/modpost.c
 +++ b/scripts/mod/modpost.c
@@ -22,6 +22,7 @@
@ -1473,7 +1427,7 @@ index 267b9a0a3abc..12612f58ca58 100644
 
 static bool module_enabled;
 /* Are we using CONFIG_MODVERSIONS? */
-@@ -1992,6 +1993,12 @@ static void write_buf(struct buffer *b, const char *fname)
+@@ -1995,6 +1996,12 @@ static void write_buf(struct buffer *b, const char *fname)
 	}
 }
 
@ -1486,7 +1440,7 @@ index 267b9a0a3abc..12612f58ca58 100644
 static void write_if_changed(struct buffer *b, const char *fname)
 {
 	char *tmp;
-@@ -2052,6 +2059,7 @@ static void write_mod_c_file(struct module *mod)
+@@ -2055,6 +2062,7 @@ static void write_mod_c_file(struct module *mod)
 	add_depends(&buf, mod);
 	add_moddevtable(&buf, mod);
 	add_srcversion(&buf, mod);
--- a/6
+++ b/6
@ -1,5 +1,5 @@
 SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
 SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
-SHA512 (linux-6.8.4.tar.xz) = 364d68a76abc1eb7360e155bfae7431d9b1d88289b053c9d06eca685e7ba38100663b43d4e4c274635baaa8fe85cabb25e0d397dbe81010a5f6848b183fdcac3
-SHA512 (kernel-abi-stablelists-6.8.4.tar.xz) = 4c2b4ea557d1554161db6290e4d400d07db316f6f47775b06e3a2a8c3568e654f7bc8ca5bc7af3118ee403cc57ba5f18a276eb946ab4b9088f6efedfdce7cf3c
-SHA512 (kernel-kabi-dw-6.8.4.tar.xz) = 44aa3771a2523baaa928fb7d340f0945c24da559d1eff2a03f31fb8b5b0c4f366fac30cba5ae60c28a5884b88db51f4f83c512455062b8aa0451efb78d182452
+SHA512 (linux-6.8.5.tar.xz) = f956b83e80183f46fc9dc85d8735d27c6c1cc9eef7f93d5b7dfe297acafdb33e83cdc184689c2a12afac87c1c495c217ffba843ccaded7f88b35637db3b2d434
+SHA512 (kernel-abi-stablelists-6.8.5.tar.xz) = 305df0406f1e8516207fe77e8f77b0af116b2b97fdf87426068bb17405b3b9ad2f66d8c8042a5f94b050a980b8f7d752cd9e94b7f42aa74f3fe4594f40634388
+SHA512 (kernel-kabi-dw-6.8.5.tar.xz) = c3df1e59427f2612f0962471ec14469072968616eba69489d6a07bcbf1ee50ff47fd7184cfa42a6e328a038970bec94e4c9231cfafadd61d15a25846807dae51