kernel-6.10.6-200

* Mon Aug 19 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.6-0]
- Add to BugsFixed (Justin M. Forbes)
- selinux: revert our use of vma_is_initial_heap() (Paul Moore)
- Linux v6.10.6
Resolves:

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes 2024-08-19 07:30:16 -06:00
parent 57278db1e1
commit 66aa3fc503
No known key found for this signature in database
GPG Key ID: B8FA7924A4B1C140
5 changed files with 47 additions and 36 deletions

View File

@ -1,3 +1,6 @@
https://gitlab.com/cki-project/kernel-ark/-/commit/d42657488c703c24d1fffaecced0b3b82d30b393
d42657488c703c24d1fffaecced0b3b82d30b393 selinux: revert our use of vma_is_initial_heap()
https://gitlab.com/cki-project/kernel-ark/-/commit/3a19264d7608d1c0cb6adff9f45883887a30ba29 https://gitlab.com/cki-project/kernel-ark/-/commit/3a19264d7608d1c0cb6adff9f45883887a30ba29
3a19264d7608d1c0cb6adff9f45883887a30ba29 Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" 3a19264d7608d1c0cb6adff9f45883887a30ba29 Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error"

View File

@ -1,3 +1,9 @@
* Mon Aug 19 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.6-0]
- Add to BugsFixed (Justin M. Forbes)
- selinux: revert our use of vma_is_initial_heap() (Paul Moore)
- Linux v6.10.6
Resolves:
* Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0] * Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0]
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel) - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
- Linux v6.10.5 - Linux v6.10.5

View File

@ -160,18 +160,18 @@ Summary: The Linux kernel
# the --with-release option overrides this setting.) # the --with-release option overrides this setting.)
%define debugbuildsenabled 1 %define debugbuildsenabled 1
# define buildid .local # define buildid .local
%define specrpmversion 6.10.5 %define specrpmversion 6.10.6
%define specversion 6.10.5 %define specversion 6.10.6
%define patchversion 6.10 %define patchversion 6.10
%define pkgrelease 200 %define pkgrelease 200
%define kversion 6 %define kversion 6
%define tarfile_release 6.10.5 %define tarfile_release 6.10.6
# This is needed to do merge window version magic # This is needed to do merge window version magic
%define patchlevel 10 %define patchlevel 10
# This allows pkg_release to have configurable %%{?dist} tag # This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 200%{?buildid}%{?dist} %define specrelease 200%{?buildid}%{?dist}
# This defines the kabi tarball version # This defines the kabi tarball version
%define kabiversion 6.10.5 %define kabiversion 6.10.6
# If this variable is set to 1, a bpf selftests build failure will cause a # If this variable is set to 1, a bpf selftests build failure will cause a
# fatal kernel package build error # fatal kernel package build error
@ -4043,6 +4043,11 @@ fi\
# #
# #
%changelog %changelog
* Mon Aug 19 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.6-0]
- Add to BugsFixed (Justin M. Forbes)
- selinux: revert our use of vma_is_initial_heap() (Paul Moore)
- Linux v6.10.6
* Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0] * Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0]
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel) - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
- Linux v6.10.5 - Linux v6.10.5

View File

@ -12,7 +12,6 @@
drivers/acpi/irq.c | 17 ++- drivers/acpi/irq.c | 17 ++-
drivers/acpi/scan.c | 9 ++ drivers/acpi/scan.c | 9 ++
drivers/ata/libahci.c | 18 +++ drivers/ata/libahci.c | 18 +++
drivers/ata/libata-scsi.c | 15 ++-
drivers/char/ipmi/ipmi_dmi.c | 15 +++ drivers/char/ipmi/ipmi_dmi.c | 15 +++
drivers/char/ipmi/ipmi_msghandler.c | 16 ++- drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
drivers/char/random.c | 122 +++++++++++++++++ drivers/char/random.c | 122 +++++++++++++++++
@ -41,10 +40,11 @@
security/lockdown/Kconfig | 13 ++ security/lockdown/Kconfig | 13 ++
security/lockdown/lockdown.c | 1 + security/lockdown/lockdown.c | 1 +
security/security.c | 12 ++ security/security.c | 12 ++
43 files changed, 802 insertions(+), 261 deletions(-) security/selinux/hooks.c | 12 +-
43 files changed, 800 insertions(+), 260 deletions(-)
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index f9badb79ae8f..4d0eadfc33a1 100644 index 361a70264e1f..eaf69484d4ce 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@ -617,32 +617,6 @@ index 83431aae74d8..f2a9c0d644af 100644
/* wait for engine to stop. This could be as long as 500 msec */ /* wait for engine to stop. This could be as long as 500 msec */
tmp = ata_wait_register(ap, port_mmio + PORT_CMD, tmp = ata_wait_register(ap, port_mmio + PORT_CMD,
PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500);
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 076fbeadce01..4e0847601103 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -941,8 +941,19 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc)
&sense_key, &asc, &ascq);
ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq);
} else {
- /* ATA PASS-THROUGH INFORMATION AVAILABLE */
- ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D);
+ /*
+ * ATA PASS-THROUGH INFORMATION AVAILABLE
+ *
+ * Note: we are supposed to call ata_scsi_set_sense(), which
+ * respects the D_SENSE bit, instead of unconditionally
+ * generating the sense data in descriptor format. However,
+ * because hdparm, hddtemp, and udisks incorrectly assume sense
+ * data in descriptor format, without even looking at the
+ * RESPONSE CODE field in the returned sense data (to see which
+ * format the returned sense data is in), we are stuck with
+ * being bug compatible with older kernels.
+ */
+ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D);
}
}
diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
index bbf7029e224b..cf7faa970dd6 100644 index bbf7029e224b..cf7faa970dd6 100644
--- a/drivers/char/ipmi/ipmi_dmi.c --- a/drivers/char/ipmi/ipmi_dmi.c
@ -1983,3 +1957,26 @@ index 8cee5b6c6e6d..489e25946bf9 100644
#ifdef CONFIG_PERF_EVENTS #ifdef CONFIG_PERF_EVENTS
/** /**
* security_perf_event_open() - Check if a perf event open is allowed * security_perf_event_open() - Check if a perf event open is allowed
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 55c78c318ccd..bfa61e005aac 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3852,7 +3852,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
if (default_noexec &&
(prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
int rc = 0;
- if (vma_is_initial_heap(vma)) {
+ /*
+ * We don't use the vma_is_initial_heap() helper as it has
+ * a history of problems and is currently broken on systems
+ * where there is no heap, e.g. brk == start_brk. Before
+ * replacing the conditional below with vma_is_initial_heap(),
+ * or something similar, please ensure that the logic is the
+ * same as what we have below or you have tested every possible
+ * corner case you can think to test.
+ */
+ if (vma->vm_start >= vma->vm_mm->start_brk &&
+ vma->vm_end <= vma->vm_mm->brk) {
rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
PROCESS__EXECHEAP, NULL);
} else if (!vma->vm_file && (vma_is_initial_stack(vma) ||

View File

@ -1,5 +1,5 @@
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
SHA512 (linux-6.10.5.tar.xz) = dfeefdd26d83e5302492e6664112a989b16ac5d9517cedbe9f67b2b7d95fc022142ce963a2f15eec80460620b4e01cbe1dafa03792b7e23ac5e7f4dcc8e91473 SHA512 (linux-6.10.6.tar.xz) = a6c956119cb28f659a56f37cd46869ccc7e0fcc17d6d90a83f1767cb052a2f52a5c69319568cadb97ffc29d9dfe875162eb59652b464084f42fb5af5983e172f
SHA512 (kernel-abi-stablelists-6.10.5.tar.xz) = 4613278147c9ec1265e7d17c4711cf078e7a8bd39e2287a801689479cb79b0a9d6f2ff01a681c729626df394a7e46e5ab2169305fecef9ddc389ec4c3e5d6bce SHA512 (kernel-abi-stablelists-6.10.6.tar.xz) = fd14e4707c266984f4dc41d2ae0b3b5c9f94029b8c078b25cdc6355a79f201bd57c1a0389e12b25950fac4ed3171f0ffcca980a7c4fb433786d833e8e5afb2a4
SHA512 (kernel-kabi-dw-6.10.5.tar.xz) = d3f44cfa453b446891cf6ba9f885f21980e13924f1c4749cb2887e0ef420c7ea41243aa32a871b10b98952b28515ca80d400b7811cc24716783b96fd1ed244f2 SHA512 (kernel-kabi-dw-6.10.6.tar.xz) = f089ef9577a153db66f2e5712ce8ae5e53e73c90eb73f2f751650b8dc0163c9394d5950959a7c18074656756ffc3b8a96bb50442641b8ce475eb28d8d3626c64