kernel-5.12.14-0

* Wed Jun 30 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.12.14-0]
- Add CONFIG_SYSTEM_REVOCATION_LIST backported config option for 5.12.14 (Justin M. Forbes)
- can: bcm: delay release of struct bcm_op after synchronize_rcu (Thadeu Lima de Souza Cascardo)
Resolves: rhbz#

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>

Patchlist.changelog

@@ -1,3 +1,6 @@
+https://gitlab.com/cki-project/kernel-ark/-/commit/59fec098b4b0eb9bc766f12c40b85f8fc42cbb1d
+ 59fec098b4b0eb9bc766f12c40b85f8fc42cbb1d can: bcm: delay release of struct bcm_op after synchronize_rcu
+
 https://gitlab.com/cki-project/kernel-ark/-/commit/d6845a028944f7b9ee8fe7b5fe0239fa6c363c90
  d6845a028944f7b9ee8fe7b5fe0239fa6c363c90 Bluetooth: btqca: Don't modify firmware contents in-place
 

kernel-aarch64-debug-fedora.config

@@ -7111,6 +7111,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-aarch64-debug-rhel.config

@@ -5589,6 +5589,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-aarch64-fedora.config

@@ -7086,6 +7086,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-aarch64-rhel.config

@@ -5566,6 +5566,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-armv7hl-debug-fedora.config

@@ -7335,6 +7335,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-armv7hl-fedora.config

@@ -7311,6 +7311,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-armv7hl-lpae-debug-fedora.config

@@ -7093,6 +7093,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-armv7hl-lpae-fedora.config

@@ -7069,6 +7069,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-i686-debug-fedora.config

@@ -6382,6 +6382,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-i686-fedora.config

@@ -6358,6 +6358,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-ppc64le-debug-fedora.config

@@ -5979,6 +5979,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-ppc64le-debug-rhel.config

@@ -5395,6 +5395,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-ppc64le-fedora.config

@@ -5954,6 +5954,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-ppc64le-rhel.config

@@ -5376,6 +5376,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-s390x-debug-fedora.config

@@ -5917,6 +5917,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-s390x-debug-rhel.config

@@ -5335,6 +5335,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-s390x-fedora.config

@@ -5892,6 +5892,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-s390x-rhel.config

@@ -5316,6 +5316,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-s390x-zfcpdump-rhel.config

@@ -5350,6 +5350,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-x86_64-debug-fedora.config

@@ -6436,6 +6436,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-x86_64-debug-rhel.config

@@ -5620,6 +5620,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-x86_64-fedora.config

@@ -6412,6 +6412,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel-x86_64-rhel.config

@@ -5598,6 +5598,7 @@ CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
 CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SYSTEMPORT is not set
+# CONFIG_SYSTEM_REVOCATION_LIST is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSV68_PARTITION is not set

kernel.spec

@@ -106,7 +106,7 @@ Summary: The Linux kernel
 %define primary_target rhel
 %endif
 
-%define rpmversion 5.12.13
+%define rpmversion 5.12.14
 %define stableversion 5.12
 %define pkgrelease 200
 
@@ -623,7 +623,7 @@ BuildRequires: clang
 # exact git commit you can run
 #
 # xzcat -qq ${TARBALL} | git get-tar-commit-id
-Source0: linux-5.12.13.tar.xz
+Source0: linux-5.12.14.tar.xz
 
 Source1: Makefile.rhelver
 
@@ -1277,8 +1277,8 @@ ApplyOptionalPatch()
   fi
 }
 
-%setup -q -n kernel-5.12.13 -c
-mv linux-5.12.13 linux-%{KVERREL}
+%setup -q -n kernel-5.12.14 -c
+mv linux-5.12.14 linux-%{KVERREL}
 
 cd linux-%{KVERREL}
 cp -a %{SOURCE1} .
@@ -2792,6 +2792,10 @@ fi
 #
 #
 %changelog
+* Wed Jun 30 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.12.14-0]
+- Add CONFIG_SYSTEM_REVOCATION_LIST backported config option for 5.12.14 (Justin M. Forbes)
+- can: bcm: delay release of struct bcm_op after synchronize_rcu (Thadeu Lima de Souza Cascardo)
+
 * Wed Jun 16 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.12.11-0]
 - Bluetooth: btqca: Don't modify firmware contents in-place (Connor Abbott)
 

patch-5.12-redhat.patch

@@ -36,12 +36,13 @@
  include/linux/security.h                           |   5 +
  kernel/crash_core.c                                |  28 ++++-
  kernel/module_signing.c                            |   9 +-
+ net/can/bcm.c                                      |   6 +
  security/integrity/platform_certs/load_uefi.c      |   6 +-
  security/lockdown/Kconfig                          |  13 +++
  security/lockdown/lockdown.c                       |   1 +
  security/security.c                                |   6 +
  security/selinux/hooks.c                           |   3 +-
- 43 files changed, 641 insertions(+), 185 deletions(-)
+ 44 files changed, 647 insertions(+), 185 deletions(-)
 
 diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst
 index 75a9dd98e76e..3ff3291551f9 100644
@@ -66,7 +67,7 @@ index 75a9dd98e76e..3ff3291551f9 100644
 
  Boot into System Kernel
 diff --git a/Makefile b/Makefile
-index d2fe36db78ae..0fb6443bd3a7 100644
+index 433f164f9ee0..56a62bea0db1 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -495,6 +495,7 @@ KBUILD_AFLAGS   := -D__ASSEMBLY__ -fno-PIE
@@ -1537,8 +1538,32 @@ index 8723ae70ea1f..fb2d773498c2 100644
 +	}
 +	return ret;
  }
+diff --git a/net/can/bcm.c b/net/can/bcm.c
+index f3e4d9528fa3..c67916020e63 100644
+--- a/net/can/bcm.c
++++ b/net/can/bcm.c
+@@ -785,6 +785,7 @@ static int bcm_delete_rx_op(struct list_head *ops, struct bcm_msg_head *mh,
+ 						  bcm_rx_handler, op);
+
+ 			list_del(&op->list);
++			synchronize_rcu();
+ 			bcm_remove_op(op);
+ 			return 1; /* done */
+ 		}
+@@ -1533,6 +1534,11 @@ static int bcm_release(struct socket *sock)
+ 					  REGMASK(op->can_id),
+ 					  bcm_rx_handler, op);
+
++	}
++
++	synchronize_rcu();
++
++	list_for_each_entry_safe(op, next, &bo->rx_ops, list) {
+ 		bcm_remove_op(op);
+ 	}
+
 diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
-index ee4b4c666854..eff9ff593405 100644
+index f290f78c3f30..d3e7ae04f5be 100644
 --- a/security/integrity/platform_certs/load_uefi.c
 +++ b/security/integrity/platform_certs/load_uefi.c
 @@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,

sources

@@ -1,3 +1,3 @@
-SHA512 (linux-5.12.13.tar.xz) = 3ef6475eefadd9e929750517f74129ecdcfb266c8e855ec0a4988260d699fea4c779201cc00335a3d52a855a7d69ab2791c735e9d4c1c4574b71ce077b9f6828
-SHA512 (kernel-abi-whitelists-5.12.13-200.tar.bz2) = 9c4430cff40e7a07c8aa31a3cb022400a57319e6270cd0ea374185544ebe99a874ae60c5e6485a267a02f8fdff573749b4c24d78d977e494edbe069049ec5b43
-SHA512 (kernel-kabi-dw-5.12.13-200.tar.bz2) = f6d3a3143201ba025be24c4c6cb28497b4f55eba987373183766eac3d783b8732489cf42d6bed523593ca637b1f8d836941cf185eca78b8f73da436298ff7044
+SHA512 (linux-5.12.14.tar.xz) = c5c5e8c11c4ad5bc72a476665b62afd65175ee631ec7af9a002e097ac2dd01a1c485d5f58cb85be4b236bbf02570852fa321000f71f1f2b18ec75866af7792da
+SHA512 (kernel-abi-whitelists-5.12.14-200.tar.bz2) = 72df9273ef959394b301774caa56c94156b466bc1770400ddddcf06b0a3ff72a049af26184fb74aba560d8d92da22eb1cd24bb48d3db773e5b80ec0cbd6858eb
+SHA512 (kernel-kabi-dw-5.12.14-200.tar.bz2) = 4770204e7c20b43f6fa3b611580b6eb83897b0a6e8e65997eb68c2e128981e2a9329635e9798cf5c28bd6fed8f6afd31def86bfc6fdcf20cfa281c7e2b5c7cdf