From 100029c3e47ee9a0bf7924c1fcba8d205c89f830 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 10 Apr 2024 10:52:29 -0500 Subject: [PATCH] kernel-6.8.5-300 * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) - redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) - Add CVE fix for 6.8.5 (Justin M. Forbes) - Linux v6.8.5 Resolves: Signed-off-by: Justin M. Forbes --- kernel-x86_64-debug-fedora.config | 5 ++- kernel-x86_64-debug-rhel.config | 5 ++- kernel-x86_64-fedora.config | 5 ++- kernel-x86_64-rhel.config | 5 ++- kernel-x86_64-rt-debug-rhel.config | 5 ++- kernel-x86_64-rt-rhel.config | 5 ++- kernel.changelog | 8 ++++ kernel.spec | 15 +++++-- patch-6.8-redhat.patch | 66 +++++------------------------- sources | 6 +-- 10 files changed, 56 insertions(+), 69 deletions(-) diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index b991e47a2..61a8eb43c 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -274,7 +274,7 @@ CONFIG_AMD_PMF_DEBUG=y CONFIG_AMD_PMF=m CONFIG_AMD_PTDMA=m CONFIG_AMD_SFH_HID=m -# CONFIG_AMDTEE is not set +CONFIG_AMDTEE=m CONFIG_AMD_WBRF=y CONFIG_AMD_XGBE_DCB=y CONFIG_AMD_XGBE=m @@ -7279,6 +7279,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m +# CONFIG_SPECTRE_BHI_AUTO is not set +# CONFIG_SPECTRE_BHI_OFF is not set +CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y CONFIG_SPI_ALTERA_CORE=m CONFIG_SPI_ALTERA_DFL=m diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 5ae6509bd..db28e89a2 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -230,7 +230,7 @@ CONFIG_AMD_PMF_DEBUG=y CONFIG_AMD_PMF=m CONFIG_AMD_PTDMA=m CONFIG_AMD_SFH_HID=m -# CONFIG_AMDTEE is not set +CONFIG_AMDTEE=m # CONFIG_AMD_WBRF is not set # CONFIG_AMD_XGBE_DCB is not set CONFIG_AMD_XGBE=m @@ -6508,6 +6508,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m +# CONFIG_SPECTRE_BHI_AUTO is not set +# CONFIG_SPECTRE_BHI_OFF is not set +CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index e5bed0509..0b0bea3d6 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -274,7 +274,7 @@ CONFIG_AMD_PMC=m CONFIG_AMD_PMF=m CONFIG_AMD_PTDMA=m CONFIG_AMD_SFH_HID=m -# CONFIG_AMDTEE is not set +CONFIG_AMDTEE=m CONFIG_AMD_WBRF=y CONFIG_AMD_XGBE_DCB=y CONFIG_AMD_XGBE=m @@ -7249,6 +7249,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m +# CONFIG_SPECTRE_BHI_AUTO is not set +# CONFIG_SPECTRE_BHI_OFF is not set +CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y CONFIG_SPI_ALTERA_CORE=m CONFIG_SPI_ALTERA_DFL=m diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index bc5751128..d636fe8f3 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -230,7 +230,7 @@ CONFIG_AMD_PMC=m CONFIG_AMD_PMF=m CONFIG_AMD_PTDMA=m CONFIG_AMD_SFH_HID=m -# CONFIG_AMDTEE is not set +CONFIG_AMDTEE=m # CONFIG_AMD_WBRF is not set # CONFIG_AMD_XGBE_DCB is not set CONFIG_AMD_XGBE=m @@ -6484,6 +6484,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m +# CONFIG_SPECTRE_BHI_AUTO is not set +# CONFIG_SPECTRE_BHI_OFF is not set +CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 5be70d2ad..871439c58 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -230,7 +230,7 @@ CONFIG_AMD_PMF_DEBUG=y CONFIG_AMD_PMF=m CONFIG_AMD_PTDMA=m CONFIG_AMD_SFH_HID=m -# CONFIG_AMDTEE is not set +CONFIG_AMDTEE=m # CONFIG_AMD_WBRF is not set # CONFIG_AMD_XGBE_DCB is not set CONFIG_AMD_XGBE=m @@ -6561,6 +6561,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m +# CONFIG_SPECTRE_BHI_AUTO is not set +# CONFIG_SPECTRE_BHI_OFF is not set +CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 29ec583f0..33b46cf14 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -230,7 +230,7 @@ CONFIG_AMD_PMC=m CONFIG_AMD_PMF=m CONFIG_AMD_PTDMA=m CONFIG_AMD_SFH_HID=m -# CONFIG_AMDTEE is not set +CONFIG_AMDTEE=m # CONFIG_AMD_WBRF is not set # CONFIG_AMD_XGBE_DCB is not set CONFIG_AMD_XGBE=m @@ -6537,6 +6537,9 @@ CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m +# CONFIG_SPECTRE_BHI_AUTO is not set +# CONFIG_SPECTRE_BHI_OFF is not set +CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel.changelog b/kernel.changelog index 46d12cc94..b3dcaaedb 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,11 @@ +* Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] +- Set configs for SPECTRE_BHI (Justin M. Forbes) +- Add AMD PMF bug (Justin M. Forbes) +- redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) +- Add CVE fix for 6.8.5 (Justin M. Forbes) +- Linux v6.8.5 +Resolves: + * Thu Apr 04 2024 Justin M. Forbes [6.8.4-0] - Linux v6.8.4 Resolves: diff --git a/kernel.spec b/kernel.spec index 3a8aba750..63cec8cd0 100644 --- a/kernel.spec +++ b/kernel.spec @@ -160,18 +160,18 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 # define buildid .local -%define specrpmversion 6.8.4 -%define specversion 6.8.4 +%define specrpmversion 6.8.5 +%define specversion 6.8.5 %define patchversion 6.8 %define pkgrelease 300 %define kversion 6 -%define tarfile_release 6.8.4 +%define tarfile_release 6.8.5 # This is needed to do merge window version magic %define patchlevel 8 # This allows pkg_release to have configurable %%{?dist} tag %define specrelease 300%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.8.4 +%define kabiversion 6.8.5 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -3959,6 +3959,13 @@ fi\ # # %changelog +* Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] +- Set configs for SPECTRE_BHI (Justin M. Forbes) +- Add AMD PMF bug (Justin M. Forbes) +- redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) +- Add CVE fix for 6.8.5 (Justin M. Forbes) +- Linux v6.8.5 + * Thu Apr 04 2024 Justin M. Forbes [6.8.4-0] - Linux v6.8.4 diff --git a/patch-6.8-redhat.patch b/patch-6.8-redhat.patch index 53df79a17..c0bfddf44 100644 --- a/patch-6.8-redhat.patch +++ b/patch-6.8-redhat.patch @@ -7,14 +7,12 @@ drivers/acpi/irq.c | 17 +- drivers/acpi/scan.c | 9 ++ drivers/ata/libahci.c | 18 +++ - drivers/bluetooth/hci_qca.c | 13 +- drivers/char/ipmi/ipmi_dmi.c | 15 ++ drivers/char/ipmi/ipmi_msghandler.c | 16 +- drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 124 +++++++++++---- drivers/firmware/efi/secureboot.c | 38 +++++ drivers/firmware/sysfb.c | 18 ++- - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/hid/hid-rmi.c | 66 -------- drivers/hwtracing/coresight/coresight-etm4x-core.c | 19 +++ drivers/input/rmi4/rmi_driver.c | 124 +++++++++------ @@ -37,10 +35,10 @@ security/lockdown/Kconfig | 13 ++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 39 files changed, 674 insertions(+), 189 deletions(-) + 37 files changed, 671 insertions(+), 177 deletions(-) diff --git a/Makefile b/Makefile -index c436247d750c..fba81833741a 100644 +index f29a75b75861..90586379d1e8 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -125,7 +123,7 @@ index d1f3b56e7afc..eaefd0d7cfff 100644 /* boot_command_line has been already set up in early.c */ *cmdline_p = boot_command_line; diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 97dd70285741..efc3fbc9e9f3 100644 +index 3998109195da..cedcd208de44 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -20,6 +20,7 @@ @@ -136,7 +134,7 @@ index 97dd70285741..efc3fbc9e9f3 100644 #include #include #include -@@ -900,6 +901,13 @@ void __init setup_arch(char **cmdline_p) +@@ -901,6 +902,13 @@ void __init setup_arch(char **cmdline_p) if (efi_enabled(EFI_BOOT)) efi_init(); @@ -150,7 +148,7 @@ index 97dd70285741..efc3fbc9e9f3 100644 reserve_ibft_region(); x86_init.resources.dmi_setup(); -@@ -1063,19 +1071,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1065,19 +1073,7 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -282,37 +280,6 @@ index 1a63200ea437..a911e976a596 100644 /* wait for engine to stop. This could be as long as 500 msec */ tmp = ata_wait_register(ap, port_mmio + PORT_CMD, PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); -diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c -index 8a60ad7acd70..4ecbcb1644cc 100644 ---- a/drivers/bluetooth/hci_qca.c -+++ b/drivers/bluetooth/hci_qca.c -@@ -7,7 +7,6 @@ - * - * Copyright (C) 2007 Texas Instruments, Inc. - * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved. -- * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. - * - * Acknowledgements: - * This file is based on hci_ll.c, which was... -@@ -1904,17 +1903,7 @@ static int qca_setup(struct hci_uart *hu) - case QCA_WCN6750: - case QCA_WCN6855: - case QCA_WCN7850: -- -- /* Set BDA quirk bit for reading BDA value from fwnode property -- * only if that property exist in DT. -- */ -- if (fwnode_property_present(dev_fwnode(hdev->dev.parent), "local-bd-address")) { -- set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); -- bt_dev_info(hdev, "setting quirk bit to read BDA from fwnode later"); -- } else { -- bt_dev_dbg(hdev, "local-bd-address` is not present in the devicetree so not setting quirk bit for BDA"); -- } -- -+ set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - hci_set_aosp_capable(hdev); - - ret = qca_read_soc_version(hdev, &ver, soc_type); diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c index bbf7029e224b..cf7faa970dd6 100644 --- a/drivers/char/ipmi/ipmi_dmi.c @@ -611,19 +578,6 @@ index 3c197db42c9d..16e4a2e90fae 100644 pd = sysfb_create_simplefb(si, &mode); if (!IS_ERR(pd)) goto unlock_mutex; -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c -index 94bdb5fa6ebc..1fbaf7b81d69 100644 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c -@@ -4524,6 +4524,8 @@ int amdgpu_device_prepare(struct drm_device *dev) - if (r) - goto unprepare; - -+ flush_delayed_work(&adev->gfx.gfx_off_delay_work); -+ - for (i = 0; i < adev->num_ip_blocks; i++) { - if (!adev->ip_blocks[i].status.valid) - continue; diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c index d4af17fdba46..154f0403cbf4 100644 --- a/drivers/hid/hid-rmi.c @@ -970,7 +924,7 @@ index 42eaebb3bf5c..7a35119c3144 100644 if (data->f01_container->dev.driver) { /* Driver already bound, so enable ATTN now. */ diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c -index cd1210026ac5..448d146c6757 100644 +index ad33161f2374..a4bca95d8322 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -8,6 +8,7 @@ @@ -1045,7 +999,7 @@ index eff7f5df08e2..b58145ce7775 100644 * Intersil/Techwell TW686[4589]-based video capture cards have an empty (zero) * class code. Fix it. diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index d5d3eea006c1..583d0fa2877d 100644 +index 35200a7a7355..738378291882 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -118,6 +118,14 @@ static const char *sd_cache_types[] = { @@ -1462,7 +1416,7 @@ index a2ff4242e623..f0d2be1ee4f1 100644 int module_sig_check(struct load_info *info, int flags) diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 267b9a0a3abc..12612f58ca58 100644 +index 6568f8177e39..14d8237af366 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -22,6 +22,7 @@ @@ -1473,7 +1427,7 @@ index 267b9a0a3abc..12612f58ca58 100644 static bool module_enabled; /* Are we using CONFIG_MODVERSIONS? */ -@@ -1992,6 +1993,12 @@ static void write_buf(struct buffer *b, const char *fname) +@@ -1995,6 +1996,12 @@ static void write_buf(struct buffer *b, const char *fname) } } @@ -1486,7 +1440,7 @@ index 267b9a0a3abc..12612f58ca58 100644 static void write_if_changed(struct buffer *b, const char *fname) { char *tmp; -@@ -2052,6 +2059,7 @@ static void write_mod_c_file(struct module *mod) +@@ -2055,6 +2062,7 @@ static void write_mod_c_file(struct module *mod) add_depends(&buf, mod); add_moddevtable(&buf, mod); add_srcversion(&buf, mod); diff --git a/sources b/sources index 1833dc6c9..5d4ffa91b 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.8.4.tar.xz) = 364d68a76abc1eb7360e155bfae7431d9b1d88289b053c9d06eca685e7ba38100663b43d4e4c274635baaa8fe85cabb25e0d397dbe81010a5f6848b183fdcac3 -SHA512 (kernel-abi-stablelists-6.8.4.tar.xz) = 4c2b4ea557d1554161db6290e4d400d07db316f6f47775b06e3a2a8c3568e654f7bc8ca5bc7af3118ee403cc57ba5f18a276eb946ab4b9088f6efedfdce7cf3c -SHA512 (kernel-kabi-dw-6.8.4.tar.xz) = 44aa3771a2523baaa928fb7d340f0945c24da559d1eff2a03f31fb8b5b0c4f366fac30cba5ae60c28a5884b88db51f4f83c512455062b8aa0451efb78d182452 +SHA512 (linux-6.8.5.tar.xz) = f956b83e80183f46fc9dc85d8735d27c6c1cc9eef7f93d5b7dfe297acafdb33e83cdc184689c2a12afac87c1c495c217ffba843ccaded7f88b35637db3b2d434 +SHA512 (kernel-abi-stablelists-6.8.5.tar.xz) = 305df0406f1e8516207fe77e8f77b0af116b2b97fdf87426068bb17405b3b9ad2f66d8c8042a5f94b050a980b8f7d752cd9e94b7f42aa74f3fe4594f40634388 +SHA512 (kernel-kabi-dw-6.8.5.tar.xz) = c3df1e59427f2612f0962471ec14469072968616eba69489d6a07bcbf1ee50ff47fd7184cfa42a6e328a038970bec94e4c9231cfafadd61d15a25846807dae51