diff --git a/Patchlist.changelog b/Patchlist.changelog index dfa2e4f87..b93cf591a 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,3 +1,6 @@ +https://gitlab.com/cki-project/kernel-ark/-/commit/d42657488c703c24d1fffaecced0b3b82d30b393 + d42657488c703c24d1fffaecced0b3b82d30b393 selinux: revert our use of vma_is_initial_heap() + https://gitlab.com/cki-project/kernel-ark/-/commit/3a19264d7608d1c0cb6adff9f45883887a30ba29 3a19264d7608d1c0cb6adff9f45883887a30ba29 Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" diff --git a/kernel.changelog b/kernel.changelog index f8bfb2e9b..0a0213f77 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,9 @@ +* Mon Aug 19 2024 Justin M. Forbes [6.10.6-0] +- Add to BugsFixed (Justin M. Forbes) +- selinux: revert our use of vma_is_initial_heap() (Paul Moore) +- Linux v6.10.6 +Resolves: + * Wed Aug 14 2024 Justin M. Forbes [6.10.5-0] - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel) - Linux v6.10.5 diff --git a/kernel.spec b/kernel.spec index 015b3015a..5646a08a1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -160,18 +160,18 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 # define buildid .local -%define specrpmversion 6.10.5 -%define specversion 6.10.5 +%define specrpmversion 6.10.6 +%define specversion 6.10.6 %define patchversion 6.10 %define pkgrelease 200 %define kversion 6 -%define tarfile_release 6.10.5 +%define tarfile_release 6.10.6 # This is needed to do merge window version magic %define patchlevel 10 # This allows pkg_release to have configurable %%{?dist} tag %define specrelease 200%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.10.5 +%define kabiversion 6.10.6 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -4043,6 +4043,11 @@ fi\ # # %changelog +* Mon Aug 19 2024 Justin M. Forbes [6.10.6-0] +- Add to BugsFixed (Justin M. Forbes) +- selinux: revert our use of vma_is_initial_heap() (Paul Moore) +- Linux v6.10.6 + * Wed Aug 14 2024 Justin M. Forbes [6.10.5-0] - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel) - Linux v6.10.5 diff --git a/patch-6.10-redhat.patch b/patch-6.10-redhat.patch index ae6051c24..01f9da936 100644 --- a/patch-6.10-redhat.patch +++ b/patch-6.10-redhat.patch @@ -12,7 +12,6 @@ drivers/acpi/irq.c | 17 ++- drivers/acpi/scan.c | 9 ++ drivers/ata/libahci.c | 18 +++ - drivers/ata/libata-scsi.c | 15 ++- drivers/char/ipmi/ipmi_dmi.c | 15 +++ drivers/char/ipmi/ipmi_msghandler.c | 16 ++- drivers/char/random.c | 122 +++++++++++++++++ @@ -41,10 +40,11 @@ security/lockdown/Kconfig | 13 ++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 43 files changed, 802 insertions(+), 261 deletions(-) + security/selinux/hooks.c | 12 +- + 43 files changed, 800 insertions(+), 260 deletions(-) diff --git a/Makefile b/Makefile -index f9badb79ae8f..4d0eadfc33a1 100644 +index 361a70264e1f..eaf69484d4ce 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -617,32 +617,6 @@ index 83431aae74d8..f2a9c0d644af 100644 /* wait for engine to stop. This could be as long as 500 msec */ tmp = ata_wait_register(ap, port_mmio + PORT_CMD, PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); -diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c -index 076fbeadce01..4e0847601103 100644 ---- a/drivers/ata/libata-scsi.c -+++ b/drivers/ata/libata-scsi.c -@@ -941,8 +941,19 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) - &sense_key, &asc, &ascq); - ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq); - } else { -- /* ATA PASS-THROUGH INFORMATION AVAILABLE */ -- ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D); -+ /* -+ * ATA PASS-THROUGH INFORMATION AVAILABLE -+ * -+ * Note: we are supposed to call ata_scsi_set_sense(), which -+ * respects the D_SENSE bit, instead of unconditionally -+ * generating the sense data in descriptor format. However, -+ * because hdparm, hddtemp, and udisks incorrectly assume sense -+ * data in descriptor format, without even looking at the -+ * RESPONSE CODE field in the returned sense data (to see which -+ * format the returned sense data is in), we are stuck with -+ * being bug compatible with older kernels. -+ */ -+ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); - } - } - diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c index bbf7029e224b..cf7faa970dd6 100644 --- a/drivers/char/ipmi/ipmi_dmi.c @@ -1983,3 +1957,26 @@ index 8cee5b6c6e6d..489e25946bf9 100644 #ifdef CONFIG_PERF_EVENTS /** * security_perf_event_open() - Check if a perf event open is allowed +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index 55c78c318ccd..bfa61e005aac 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -3852,7 +3852,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, + if (default_noexec && + (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { + int rc = 0; +- if (vma_is_initial_heap(vma)) { ++ /* ++ * We don't use the vma_is_initial_heap() helper as it has ++ * a history of problems and is currently broken on systems ++ * where there is no heap, e.g. brk == start_brk. Before ++ * replacing the conditional below with vma_is_initial_heap(), ++ * or something similar, please ensure that the logic is the ++ * same as what we have below or you have tested every possible ++ * corner case you can think to test. ++ */ ++ if (vma->vm_start >= vma->vm_mm->start_brk && ++ vma->vm_end <= vma->vm_mm->brk) { + rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, + PROCESS__EXECHEAP, NULL); + } else if (!vma->vm_file && (vma_is_initial_stack(vma) || diff --git a/sources b/sources index a74d45a90..251c4289b 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.10.5.tar.xz) = dfeefdd26d83e5302492e6664112a989b16ac5d9517cedbe9f67b2b7d95fc022142ce963a2f15eec80460620b4e01cbe1dafa03792b7e23ac5e7f4dcc8e91473 -SHA512 (kernel-abi-stablelists-6.10.5.tar.xz) = 4613278147c9ec1265e7d17c4711cf078e7a8bd39e2287a801689479cb79b0a9d6f2ff01a681c729626df394a7e46e5ab2169305fecef9ddc389ec4c3e5d6bce -SHA512 (kernel-kabi-dw-6.10.5.tar.xz) = d3f44cfa453b446891cf6ba9f885f21980e13924f1c4749cb2887e0ef420c7ea41243aa32a871b10b98952b28515ca80d400b7811cc24716783b96fd1ed244f2 +SHA512 (linux-6.10.6.tar.xz) = a6c956119cb28f659a56f37cd46869ccc7e0fcc17d6d90a83f1767cb052a2f52a5c69319568cadb97ffc29d9dfe875162eb59652b464084f42fb5af5983e172f +SHA512 (kernel-abi-stablelists-6.10.6.tar.xz) = fd14e4707c266984f4dc41d2ae0b3b5c9f94029b8c078b25cdc6355a79f201bd57c1a0389e12b25950fac4ed3171f0ffcca980a7c4fb433786d833e8e5afb2a4 +SHA512 (kernel-kabi-dw-6.10.6.tar.xz) = f089ef9577a153db66f2e5712ce8ae5e53e73c90eb73f2f751650b8dc0163c9394d5950959a7c18074656756ffc3b8a96bb50442641b8ce475eb28d8d3626c64