diff --git a/Makefile.rhelver b/Makefile.rhelver index c2930e3e8..3c64ec952 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 38 +RHEL_RELEASE = 40 # # RHEL_REBASE_NUM diff --git a/Patchlist.changelog b/Patchlist.changelog index 8b5846284..1d6d97a82 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,3 +1,6 @@ +https://gitlab.com/cki-project/kernel-ark/-/commit/4f35b86f59c38ce52c3ce5f22437f60885755008 + 4f35b86f59c38ce52c3ce5f22437f60885755008 pidfd: prevent creation of pidfds for kthreads + https://gitlab.com/cki-project/kernel-ark/-/commit/6425c2e128af3870617dd29da8110e7fa17b9ba9 6425c2e128af3870617dd29da8110e7fa17b9ba9 not upstream: Disable vdso getrandom when FIPS is enabled diff --git a/kernel.changelog b/kernel.changelog index 9f9978a0f..f5094a759 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,7 +1,15 @@ -* Tue Aug 20 2024 Fedora Kernel Team [6.11.0-0.rc4.6e4436539ae1.38] +* Thu Aug 22 2024 Fedora Kernel Team [6.11.0-0.rc4.872cf28b8df9.40] - Add weakdep support to the kernel spec (Justin M. Forbes) Resolves: +* Thu Aug 22 2024 Fedora Kernel Team [6.11.0-0.rc4.872cf28b8df9.39] +- Linux v6.11.0-0.rc4.872cf28b8df9 +Resolves: + +* Wed Aug 21 2024 Fedora Kernel Team [6.11.0-0.rc4.b311c1b497e5.38] +- Linux v6.11.0-0.rc4.b311c1b497e5 +Resolves: + * Tue Aug 20 2024 Fedora Kernel Team [6.11.0-0.rc4.6e4436539ae1.37] - fedora: disable CONFIG_DRM_WERROR (Patrick Talbert) - Linux v6.11.0-0.rc4.6e4436539ae1 diff --git a/kernel.spec b/kernel.spec index af1b6cee3..7b3220e6a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -163,13 +163,13 @@ Summary: The Linux kernel %define specrpmversion 6.11.0 %define specversion 6.11.0 %define patchversion 6.11 -%define pkgrelease 0.rc4.20240820git6e4436539ae1.38 +%define pkgrelease 0.rc4.20240822git872cf28b8df9.40 %define kversion 6 -%define tarfile_release 6.11-rc4-8-g6e4436539ae1 +%define tarfile_release 6.11-rc4-33-g872cf28b8df9 # This is needed to do merge window version magic %define patchlevel 11 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc4.20240820git6e4436539ae1.38%{?buildid}%{?dist} +%define specrelease 0.rc4.20240822git872cf28b8df9.40%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.11.0 @@ -4098,9 +4098,18 @@ fi\ # # %changelog -* Tue Aug 20 2024 Fedora Kernel Team [6.11.0-0.rc4.6e4436539ae1.38] +* Thu Aug 22 2024 Justin M. Forbes [6.11.0-0.rc4.20240822git872cf28b8df9.40] +- pidfd: prevent creation of pidfds for kthreads (Christian Brauner) + +* Thu Aug 22 2024 Fedora Kernel Team [6.11.0-0.rc4.872cf28b8df9.40] - Add weakdep support to the kernel spec (Justin M. Forbes) +* Thu Aug 22 2024 Fedora Kernel Team [6.11.0-0.rc4.872cf28b8df9.39] +- Linux v6.11.0-0.rc4.872cf28b8df9 + +* Wed Aug 21 2024 Fedora Kernel Team [6.11.0-0.rc4.b311c1b497e5.38] +- Linux v6.11.0-0.rc4.b311c1b497e5 + * Tue Aug 20 2024 Fedora Kernel Team [6.11.0-0.rc4.6e4436539ae1.37] - fedora: disable CONFIG_DRM_WERROR (Patrick Talbert) - Linux v6.11.0-0.rc4.6e4436539ae1 diff --git a/patch-6.11-redhat.patch b/patch-6.11-redhat.patch index 22a392ba3..81ba61f57 100644 --- a/patch-6.11-redhat.patch +++ b/patch-6.11-redhat.patch @@ -64,6 +64,7 @@ init/main.c | 3 + kernel/Makefile | 1 + kernel/bpf/syscall.c | 23 + + kernel/fork.c | 25 +- kernel/module/main.c | 13 + kernel/module/signing.c | 9 +- kernel/panic.c | 13 + @@ -78,7 +79,7 @@ security/lockdown/Kconfig | 13 + security/lockdown/lockdown.c | 1 + security/security.c | 12 + - 80 files changed, 2685 insertions(+), 258 deletions(-) + 81 files changed, 2688 insertions(+), 280 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 09126bb8cc9f..ee2984e46c06 100644 @@ -2340,10 +2341,10 @@ index a14f6013e316..6c20453fdf76 100644 error_proc: diff --git a/fs/erofs/super.c b/fs/erofs/super.c -index 32ce5b35e1df..eb0d6e5822fd 100644 +index 6cb5c8916174..34b899ab37bb 100644 --- a/fs/erofs/super.c +++ b/fs/erofs/super.c -@@ -595,6 +595,9 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) +@@ -581,6 +581,9 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) { struct inode *inode; struct erofs_sb_info *sbi = EROFS_SB(sb); @@ -2353,7 +2354,7 @@ index 32ce5b35e1df..eb0d6e5822fd 100644 int err; sb->s_magic = EROFS_SUPER_MAGIC; -@@ -701,6 +704,12 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) +@@ -687,6 +690,12 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) return err; erofs_info(sb, "mounted with root inode @ nid %llu.", sbi->root_nid); @@ -3328,6 +3329,50 @@ index bf6c5f685ea2..649f2fccaddd 100644 *(int *)table->data = unpriv_enable; } +diff --git a/kernel/fork.c b/kernel/fork.c +index 18bdc87209d0..cc760491f201 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -2053,23 +2053,10 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re + */ + int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) + { +- if (!pid) +- return -EINVAL; +- +- scoped_guard(rcu) { +- struct task_struct *tsk; +- +- if (flags & PIDFD_THREAD) +- tsk = pid_task(pid, PIDTYPE_PID); +- else +- tsk = pid_task(pid, PIDTYPE_TGID); +- if (!tsk) +- return -EINVAL; ++ bool thread = flags & PIDFD_THREAD; + +- /* Don't create pidfds for kernel threads for now. */ +- if (tsk->flags & PF_KTHREAD) +- return -EINVAL; +- } ++ if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) ++ return -EINVAL; + + return __pidfd_prepare(pid, flags, ret); + } +@@ -2416,12 +2403,6 @@ __latent_entropy struct task_struct *copy_process( + if (clone_flags & CLONE_PIDFD) { + int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + +- /* Don't create pidfds for kernel threads for now. */ +- if (args->kthread) { +- retval = -EINVAL; +- goto bad_fork_free_pid; +- } +- + /* Note that no task has been attached to @pid yet. */ + retval = __pidfd_prepare(pid, flags, &pidfile); + if (retval < 0) diff --git a/kernel/module/main.c b/kernel/module/main.c index 71396e297499..29e469418075 100644 --- a/kernel/module/main.c diff --git a/sources b/sources index cfa7b3a61..bc6f779d9 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-6.11-rc4-8-g6e4436539ae1.tar.xz) = a970dd078f688e415e7ae0779a13904e0a56f621ec53d50c1d5c77133da149e412f4d1e69d86a6c8a2245b1c2e9f134ce6891238adab8a0ae0fe4809ac9e169c -SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = 78a838fc472bfeb5f0e182ccd7c91098373df4b189e56ba487ad26e883f66090297bc0991952b5309a6d9d76c4c2e935d66b44c4a68964462227ea0fa8b9843e -SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = 9b28bd11a126809d49ff48c3fa326d494e31fc07683ccaa00e4e0cc31bcfdc055a4099d784a0a0a9d23171d552fbdc3ab5323934a09b46c94d9500b7bc47b70c +SHA512 (linux-6.11-rc4-33-g872cf28b8df9.tar.xz) = 8af1587b74bf678727a10cea1276077baa99f7a1ee5b4a6b0adb5dfe50b3a97659b3b2e473090b5f9052b4fe0f27787ee1cdd109a7f7874a008d4848c73f86ba +SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = 1998c3bc649c1711bab6e2f19619de86cba7d4b299af642662156a907bbdfbff2d49469f94ef0072311888b8b7a41a0fa7e092d5a2253c648330849306547295 +SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = eede5a0987ad29a1dab1ff1122b54efe4232b1f4d1dc0e2753cda48353df0b3a22e92ecbec285e929d5abade07d9ac9cea47309a6bbec69111920d99dd3f0f5a