From 3de7b4f3f01599c66c2deb2443e6985334a71732 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Thu, 11 Apr 2024 12:57:01 -0500 Subject: [PATCH 1/3] kernel-6.8.5-301 * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) - redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) - Add CVE fix for 6.8.5 (Justin M. Forbes) - Linux v6.8.5 Resolves: Signed-off-by: Justin M. Forbes --- Patchlist.changelog | 6 +++++ kernel.spec | 9 +++++-- patch-6.8-redhat.patch | 61 +++++++++++++++++++++++++++++++++++++++++- sources | 4 +-- 4 files changed, 75 insertions(+), 5 deletions(-) diff --git a/Patchlist.changelog b/Patchlist.changelog index f549dc760..cb33f640a 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,3 +1,9 @@ +"https://gitlab.com/cki-project/kernel-ark/-/commit"/e56840b5f971b4d0f4032f6f5ab95c0c5ba40f8e + e56840b5f971b4d0f4032f6f5ab95c0c5ba40f8e nouveau: fix devinit paths to only handle display on GSP. + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/252ea3336f8ee7551675d82e1899125aa6e730b6 + 252ea3336f8ee7551675d82e1899125aa6e730b6 Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit + "https://gitlab.com/cki-project/kernel-ark/-/commit"/9ba38d5f5c49d3f4a9e429d05aa73cb397db5071 9ba38d5f5c49d3f4a9e429d05aa73cb397db5071 Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" diff --git a/kernel.spec b/kernel.spec index 63cec8cd0..160b43fef 100644 --- a/kernel.spec +++ b/kernel.spec @@ -163,13 +163,13 @@ Summary: The Linux kernel %define specrpmversion 6.8.5 %define specversion 6.8.5 %define patchversion 6.8 -%define pkgrelease 300 +%define pkgrelease 301 %define kversion 6 %define tarfile_release 6.8.5 # This is needed to do merge window version magic %define patchlevel 8 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 300%{?buildid}%{?dist} +%define specrelease 301%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.8.5 @@ -3959,6 +3959,11 @@ fi\ # # %changelog +* Thu Apr 11 2024 Justin M. Forbes [6.8.5-301] +- nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) +- Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) +- Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka) + * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) diff --git a/patch-6.8-redhat.patch b/patch-6.8-redhat.patch index c0bfddf44..4fd8e20f7 100644 --- a/patch-6.8-redhat.patch +++ b/patch-6.8-redhat.patch @@ -13,6 +13,8 @@ drivers/firmware/efi/efi.c | 124 +++++++++++---- drivers/firmware/efi/secureboot.c | 38 +++++ drivers/firmware/sysfb.c | 18 ++- + .../gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 +- + drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 + drivers/hid/hid-rmi.c | 66 -------- drivers/hwtracing/coresight/coresight-etm4x-core.c | 19 +++ drivers/input/rmi4/rmi_driver.c | 124 +++++++++------ @@ -29,13 +31,14 @@ include/linux/security.h | 5 + kernel/module/main.c | 2 + kernel/module/signing.c | 9 +- + net/bluetooth/l2cap_core.c | 3 +- scripts/mod/modpost.c | 8 + scripts/tags.sh | 2 + security/integrity/platform_certs/load_uefi.c | 6 +- security/lockdown/Kconfig | 13 ++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 37 files changed, 671 insertions(+), 177 deletions(-) + 40 files changed, 681 insertions(+), 183 deletions(-) diff --git a/Makefile b/Makefile index f29a75b75861..90586379d1e8 100644 @@ -578,6 +581,48 @@ index 3c197db42c9d..16e4a2e90fae 100644 pd = sysfb_create_simplefb(si, &mode); if (!IS_ERR(pd)) goto unlock_mutex; +diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c +index 7bcbc4895ec2..271bfa038f5b 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c +@@ -25,6 +25,7 @@ + + #include + #include ++#include + + void + gm107_devinit_disable(struct nvkm_devinit *init) +@@ -33,10 +34,13 @@ gm107_devinit_disable(struct nvkm_devinit *init) + u32 r021c00 = nvkm_rd32(device, 0x021c00); + u32 r021c04 = nvkm_rd32(device, 0x021c04); + +- if (r021c00 & 0x00000001) +- nvkm_subdev_disable(device, NVKM_ENGINE_CE, 0); +- if (r021c00 & 0x00000004) +- nvkm_subdev_disable(device, NVKM_ENGINE_CE, 2); ++ /* gsp only wants to enable/disable display */ ++ if (!nvkm_gsp_rm(device->gsp)) { ++ if (r021c00 & 0x00000001) ++ nvkm_subdev_disable(device, NVKM_ENGINE_CE, 0); ++ if (r021c00 & 0x00000004) ++ nvkm_subdev_disable(device, NVKM_ENGINE_CE, 2); ++ } + if (r021c04 & 0x00000001) + nvkm_subdev_disable(device, NVKM_ENGINE_DISP, 0); + } +diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c +index 11b4c9c274a1..666eb93b1742 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c +@@ -41,6 +41,7 @@ r535_devinit_new(const struct nvkm_devinit_func *hw, + + rm->dtor = r535_devinit_dtor; + rm->post = hw->post; ++ rm->disable = hw->disable; + + ret = nv50_devinit_new_(rm, device, type, inst, pdevinit); + if (ret) diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c index d4af17fdba46..154f0403cbf4 100644 --- a/drivers/hid/hid-rmi.c @@ -1415,6 +1460,20 @@ index a2ff4242e623..f0d2be1ee4f1 100644 } int module_sig_check(struct load_info *info, int flags) +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c +index ab5a9d42fae7..706d2478ddb3 100644 +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -4054,8 +4054,7 @@ static int l2cap_connect_req(struct l2cap_conn *conn, + return -EPROTO; + + hci_dev_lock(hdev); +- if (hci_dev_test_flag(hdev, HCI_MGMT) && +- !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags)) ++ if (hci_dev_test_flag(hdev, HCI_MGMT)) + mgmt_device_connected(hdev, hcon, NULL, 0); + hci_dev_unlock(hdev); + diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 6568f8177e39..14d8237af366 100644 --- a/scripts/mod/modpost.c diff --git a/sources b/sources index 5d4ffa91b..b0c56b058 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 SHA512 (linux-6.8.5.tar.xz) = f956b83e80183f46fc9dc85d8735d27c6c1cc9eef7f93d5b7dfe297acafdb33e83cdc184689c2a12afac87c1c495c217ffba843ccaded7f88b35637db3b2d434 -SHA512 (kernel-abi-stablelists-6.8.5.tar.xz) = 305df0406f1e8516207fe77e8f77b0af116b2b97fdf87426068bb17405b3b9ad2f66d8c8042a5f94b050a980b8f7d752cd9e94b7f42aa74f3fe4594f40634388 -SHA512 (kernel-kabi-dw-6.8.5.tar.xz) = c3df1e59427f2612f0962471ec14469072968616eba69489d6a07bcbf1ee50ff47fd7184cfa42a6e328a038970bec94e4c9231cfafadd61d15a25846807dae51 +SHA512 (kernel-abi-stablelists-6.8.5.tar.xz) = 3f4a1776809941118d796908ee93df1732550220f1498b579c80db64384bc81dea3c4a6b4ad3c8b15dc83caddb74c591ff335a7cc9e846274f4c314a3a733123 +SHA512 (kernel-kabi-dw-6.8.5.tar.xz) = e38a0e3756b109a96dbe30e5956d2611420cbb0d7b46308cf78df0317ddd1163f92d8296bb79938a420740a3168eba967baa03b4e06a21eaa47830f3d7ec45ef From 3757f8eb1473f0e7380f84f8050c594ec72bee97 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Sat, 13 Apr 2024 09:34:24 -0500 Subject: [PATCH 2/3] kernel-6.8.6-300 * Sat Apr 13 2024 Justin M. Forbes [6.8.6-0] - nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) - Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) - Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka) - Linux v6.8.6 Resolves: Signed-off-by: Justin M. Forbes --- kernel.changelog | 7 +++++ kernel.spec | 15 ++++++----- patch-6.8-redhat.patch | 58 +++++------------------------------------- sources | 6 ++--- 4 files changed, 25 insertions(+), 61 deletions(-) diff --git a/kernel.changelog b/kernel.changelog index b3dcaaedb..236a866b1 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,10 @@ +* Sat Apr 13 2024 Justin M. Forbes [6.8.6-0] +- nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) +- Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) +- Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka) +- Linux v6.8.6 +Resolves: + * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) diff --git a/kernel.spec b/kernel.spec index 160b43fef..d5ed45deb 100644 --- a/kernel.spec +++ b/kernel.spec @@ -160,18 +160,18 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 # define buildid .local -%define specrpmversion 6.8.5 -%define specversion 6.8.5 +%define specrpmversion 6.8.6 +%define specversion 6.8.6 %define patchversion 6.8 -%define pkgrelease 301 +%define pkgrelease 300 %define kversion 6 -%define tarfile_release 6.8.5 +%define tarfile_release 6.8.6 # This is needed to do merge window version magic %define patchlevel 8 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 301%{?buildid}%{?dist} +%define specrelease 300%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.8.5 +%define kabiversion 6.8.6 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -3959,10 +3959,11 @@ fi\ # # %changelog -* Thu Apr 11 2024 Justin M. Forbes [6.8.5-301] +* Sat Apr 13 2024 Justin M. Forbes [6.8.6-0] - nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) - Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) - Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka) +- Linux v6.8.6 * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) diff --git a/patch-6.8-redhat.patch b/patch-6.8-redhat.patch index 4fd8e20f7..2515f7f6c 100644 --- a/patch-6.8-redhat.patch +++ b/patch-6.8-redhat.patch @@ -13,8 +13,6 @@ drivers/firmware/efi/efi.c | 124 +++++++++++---- drivers/firmware/efi/secureboot.c | 38 +++++ drivers/firmware/sysfb.c | 18 ++- - .../gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 +- - drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 + drivers/hid/hid-rmi.c | 66 -------- drivers/hwtracing/coresight/coresight-etm4x-core.c | 19 +++ drivers/input/rmi4/rmi_driver.c | 124 +++++++++------ @@ -38,10 +36,10 @@ security/lockdown/Kconfig | 13 ++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 40 files changed, 681 insertions(+), 183 deletions(-) + 38 files changed, 672 insertions(+), 179 deletions(-) diff --git a/Makefile b/Makefile -index f29a75b75861..90586379d1e8 100644 +index c426d47f4b7b..9e0540aa3691 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -581,48 +579,6 @@ index 3c197db42c9d..16e4a2e90fae 100644 pd = sysfb_create_simplefb(si, &mode); if (!IS_ERR(pd)) goto unlock_mutex; -diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c -index 7bcbc4895ec2..271bfa038f5b 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c -+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c -@@ -25,6 +25,7 @@ - - #include - #include -+#include - - void - gm107_devinit_disable(struct nvkm_devinit *init) -@@ -33,10 +34,13 @@ gm107_devinit_disable(struct nvkm_devinit *init) - u32 r021c00 = nvkm_rd32(device, 0x021c00); - u32 r021c04 = nvkm_rd32(device, 0x021c04); - -- if (r021c00 & 0x00000001) -- nvkm_subdev_disable(device, NVKM_ENGINE_CE, 0); -- if (r021c00 & 0x00000004) -- nvkm_subdev_disable(device, NVKM_ENGINE_CE, 2); -+ /* gsp only wants to enable/disable display */ -+ if (!nvkm_gsp_rm(device->gsp)) { -+ if (r021c00 & 0x00000001) -+ nvkm_subdev_disable(device, NVKM_ENGINE_CE, 0); -+ if (r021c00 & 0x00000004) -+ nvkm_subdev_disable(device, NVKM_ENGINE_CE, 2); -+ } - if (r021c04 & 0x00000001) - nvkm_subdev_disable(device, NVKM_ENGINE_DISP, 0); - } -diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c -index 11b4c9c274a1..666eb93b1742 100644 ---- a/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c -+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c -@@ -41,6 +41,7 @@ r535_devinit_new(const struct nvkm_devinit_func *hw, - - rm->dtor = r535_devinit_dtor; - rm->post = hw->post; -+ rm->disable = hw->disable; - - ret = nv50_devinit_new_(rm, device, type, inst, pdevinit); - if (ret) diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c index d4af17fdba46..154f0403cbf4 100644 --- a/drivers/hid/hid-rmi.c @@ -777,7 +733,7 @@ index 2e2cabc5f50a..8b44d990f978 100644 platform_driver_unregister(&etm4_platform_driver); etm4_pm_clear(); diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c -index 42eaebb3bf5c..7a35119c3144 100644 +index ef9ea295f9e0..0103334e8f32 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status, @@ -949,7 +905,7 @@ index 42eaebb3bf5c..7a35119c3144 100644 rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); -@@ -1219,9 +1237,15 @@ static int rmi_driver_probe(struct device *dev) +@@ -1223,9 +1241,15 @@ static int rmi_driver_probe(struct device *dev) } } @@ -1475,7 +1431,7 @@ index ab5a9d42fae7..706d2478ddb3 100644 hci_dev_unlock(hdev); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 6568f8177e39..14d8237af366 100644 +index ce686ebf5591..0d28efddb253 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -22,6 +22,7 @@ @@ -1486,7 +1442,7 @@ index 6568f8177e39..14d8237af366 100644 static bool module_enabled; /* Are we using CONFIG_MODVERSIONS? */ -@@ -1995,6 +1996,12 @@ static void write_buf(struct buffer *b, const char *fname) +@@ -1997,6 +1998,12 @@ static void write_buf(struct buffer *b, const char *fname) } } @@ -1499,7 +1455,7 @@ index 6568f8177e39..14d8237af366 100644 static void write_if_changed(struct buffer *b, const char *fname) { char *tmp; -@@ -2055,6 +2062,7 @@ static void write_mod_c_file(struct module *mod) +@@ -2057,6 +2064,7 @@ static void write_mod_c_file(struct module *mod) add_depends(&buf, mod); add_moddevtable(&buf, mod); add_srcversion(&buf, mod); diff --git a/sources b/sources index b0c56b058..f6708862d 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.8.5.tar.xz) = f956b83e80183f46fc9dc85d8735d27c6c1cc9eef7f93d5b7dfe297acafdb33e83cdc184689c2a12afac87c1c495c217ffba843ccaded7f88b35637db3b2d434 -SHA512 (kernel-abi-stablelists-6.8.5.tar.xz) = 3f4a1776809941118d796908ee93df1732550220f1498b579c80db64384bc81dea3c4a6b4ad3c8b15dc83caddb74c591ff335a7cc9e846274f4c314a3a733123 -SHA512 (kernel-kabi-dw-6.8.5.tar.xz) = e38a0e3756b109a96dbe30e5956d2611420cbb0d7b46308cf78df0317ddd1163f92d8296bb79938a420740a3168eba967baa03b4e06a21eaa47830f3d7ec45ef +SHA512 (linux-6.8.6.tar.xz) = 853928d4a18138453b122bb4131c2eb260b504974c2958000fbd9932761dc0302631e2f26d5c01b9c4fdcd2a89c8887714cfe634b84cf8f7fca20f984ad944d2 +SHA512 (kernel-abi-stablelists-6.8.6.tar.xz) = 5d67ad8ee96bf237d720ae4f4eaa9fa7452e81da693988c5c8e40675174814ada18948cf09790c73858a646c86c8756f8bde4cfee254370f634d381dc1c4147e +SHA512 (kernel-kabi-dw-6.8.6.tar.xz) = a12f7001bcbba4ee61d3f4779539a28728a3fe51361b21264a0625ad2e028ce6e1443cde4cd5c5402076c782e912b07c6d1fd56ea7a7cb8130c7d76e4cbd3d76 From 7d9eadb823c3d0003107e18491ffd2fe74a3991f Mon Sep 17 00:00:00 2001 From: Augusto Caringi Date: Wed, 17 Apr 2024 13:16:51 -0300 Subject: [PATCH 3/3] kernel-6.8.7-300 * Wed Apr 17 2024 Augusto Caringi [6.8.7-0] - redhat/configs: Enable CONFIG_MITIGATION_SPECTRE_BHI (Augusto Caringi) - Turn on XEN_BALLOON_MEMORY_HOTPLUG for Fedora (Justin M. Forbes) - Linux v6.8.7 Resolves: Signed-off-by: Augusto Caringi --- kernel-x86_64-debug-fedora.config | 5 ++--- kernel-x86_64-debug-rhel.config | 3 +-- kernel-x86_64-fedora.config | 5 ++--- kernel-x86_64-rhel.config | 3 +-- kernel-x86_64-rt-debug-rhel.config | 3 +-- kernel-x86_64-rt-rhel.config | 3 +-- kernel.changelog | 6 ++++++ kernel.spec | 13 +++++++++---- patch-6.8-redhat.patch | 21 +++------------------ sources | 6 +++--- 10 files changed, 29 insertions(+), 39 deletions(-) diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 61a8eb43c..5768e2d90 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -4084,6 +4084,7 @@ CONFIG_MISC_FILESYSTEMS=y CONFIG_MISC_RTSX_PCI=m CONFIG_MISC_RTSX_USB=m CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # CONFIG_MK8 is not set CONFIG_MKISS=m CONFIG_MLX4_CORE_GEN2=y @@ -7280,8 +7281,6 @@ CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m # CONFIG_SPECTRE_BHI_AUTO is not set -# CONFIG_SPECTRE_BHI_OFF is not set -CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y CONFIG_SPI_ALTERA_CORE=m CONFIG_SPI_ALTERA_DFL=m @@ -8774,7 +8773,7 @@ CONFIG_XDP_SOCKETS=y CONFIG_XEN_512GB=y CONFIG_XEN_ACPI_PROCESSOR=m CONFIG_XEN_BACKEND=y -# CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is not set +CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y CONFIG_XEN_BALLOON=y CONFIG_XEN_BLKDEV_BACKEND=m CONFIG_XEN_BLKDEV_FRONTEND=m diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index db28e89a2..e841332b4 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -3612,6 +3612,7 @@ CONFIG_MISC_FILESYSTEMS=y CONFIG_MISC_RTSX_PCI=m CONFIG_MISC_RTSX_USB=m CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set # CONFIG_MLX4_CORE is not set @@ -6509,8 +6510,6 @@ CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m # CONFIG_SPECTRE_BHI_AUTO is not set -# CONFIG_SPECTRE_BHI_OFF is not set -CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 0b0bea3d6..1b504d8c8 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -4058,6 +4058,7 @@ CONFIG_MISC_FILESYSTEMS=y CONFIG_MISC_RTSX_PCI=m CONFIG_MISC_RTSX_USB=m CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # CONFIG_MK8 is not set CONFIG_MKISS=m CONFIG_MLX4_CORE_GEN2=y @@ -7250,8 +7251,6 @@ CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m # CONFIG_SPECTRE_BHI_AUTO is not set -# CONFIG_SPECTRE_BHI_OFF is not set -CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y CONFIG_SPI_ALTERA_CORE=m CONFIG_SPI_ALTERA_DFL=m @@ -8744,7 +8743,7 @@ CONFIG_XDP_SOCKETS=y CONFIG_XEN_512GB=y CONFIG_XEN_ACPI_PROCESSOR=m CONFIG_XEN_BACKEND=y -# CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is not set +CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y CONFIG_XEN_BALLOON=y CONFIG_XEN_BLKDEV_BACKEND=m CONFIG_XEN_BLKDEV_FRONTEND=m diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index d636fe8f3..0bebccbc1 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -3592,6 +3592,7 @@ CONFIG_MISC_FILESYSTEMS=y CONFIG_MISC_RTSX_PCI=m CONFIG_MISC_RTSX_USB=m CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set # CONFIG_MLX4_CORE is not set @@ -6485,8 +6486,6 @@ CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m # CONFIG_SPECTRE_BHI_AUTO is not set -# CONFIG_SPECTRE_BHI_OFF is not set -CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 871439c58..226b0efe7 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -3657,6 +3657,7 @@ CONFIG_MISC_FILESYSTEMS=y CONFIG_MISC_RTSX_PCI=m CONFIG_MISC_RTSX_USB=m CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set # CONFIG_MLX4_CORE is not set @@ -6562,8 +6563,6 @@ CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m # CONFIG_SPECTRE_BHI_AUTO is not set -# CONFIG_SPECTRE_BHI_OFF is not set -CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 33b46cf14..cc3b7e4c2 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -3637,6 +3637,7 @@ CONFIG_MISC_FILESYSTEMS=y CONFIG_MISC_RTSX_PCI=m CONFIG_MISC_RTSX_USB=m CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set # CONFIG_MLX4_CORE is not set @@ -6538,8 +6539,6 @@ CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m # CONFIG_SPECTRE_BHI_AUTO is not set -# CONFIG_SPECTRE_BHI_OFF is not set -CONFIG_SPECTRE_BHI_ON=y CONFIG_SPECULATION_MITIGATIONS=y # CONFIG_SPI_ALTERA_CORE is not set # CONFIG_SPI_ALTERA is not set diff --git a/kernel.changelog b/kernel.changelog index 236a866b1..8e5a734e6 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,3 +1,9 @@ +* Wed Apr 17 2024 Augusto Caringi [6.8.7-0] +- redhat/configs: Enable CONFIG_MITIGATION_SPECTRE_BHI (Augusto Caringi) +- Turn on XEN_BALLOON_MEMORY_HOTPLUG for Fedora (Justin M. Forbes) +- Linux v6.8.7 +Resolves: + * Sat Apr 13 2024 Justin M. Forbes [6.8.6-0] - nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) - Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) diff --git a/kernel.spec b/kernel.spec index d5ed45deb..bb7d52365 100644 --- a/kernel.spec +++ b/kernel.spec @@ -160,18 +160,18 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 # define buildid .local -%define specrpmversion 6.8.6 -%define specversion 6.8.6 +%define specrpmversion 6.8.7 +%define specversion 6.8.7 %define patchversion 6.8 %define pkgrelease 300 %define kversion 6 -%define tarfile_release 6.8.6 +%define tarfile_release 6.8.7 # This is needed to do merge window version magic %define patchlevel 8 # This allows pkg_release to have configurable %%{?dist} tag %define specrelease 300%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.8.6 +%define kabiversion 6.8.7 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -3959,6 +3959,11 @@ fi\ # # %changelog +* Wed Apr 17 2024 Augusto Caringi [6.8.7-0] +- redhat/configs: Enable CONFIG_MITIGATION_SPECTRE_BHI (Augusto Caringi) +- Turn on XEN_BALLOON_MEMORY_HOTPLUG for Fedora (Justin M. Forbes) +- Linux v6.8.7 + * Sat Apr 13 2024 Justin M. Forbes [6.8.6-0] - nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) - Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) diff --git a/patch-6.8-redhat.patch b/patch-6.8-redhat.patch index 2515f7f6c..1bafd381e 100644 --- a/patch-6.8-redhat.patch +++ b/patch-6.8-redhat.patch @@ -29,17 +29,16 @@ include/linux/security.h | 5 + kernel/module/main.c | 2 + kernel/module/signing.c | 9 +- - net/bluetooth/l2cap_core.c | 3 +- scripts/mod/modpost.c | 8 + scripts/tags.sh | 2 + security/integrity/platform_certs/load_uefi.c | 6 +- security/lockdown/Kconfig | 13 ++ security/lockdown/lockdown.c | 1 + security/security.c | 12 ++ - 38 files changed, 672 insertions(+), 179 deletions(-) + 37 files changed, 671 insertions(+), 177 deletions(-) diff --git a/Makefile b/Makefile -index c426d47f4b7b..9e0540aa3691 100644 +index e6c0a00722ea..ac70a1596394 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -233,7 +232,7 @@ index 1687483ff319..390b67f19181 100644 return ctx.rc; } diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c -index 617f3e0e963d..92d9066ab4c2 100644 +index eb4ca85d16ff..be8278b39b22 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -1757,6 +1757,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device) @@ -1416,20 +1415,6 @@ index a2ff4242e623..f0d2be1ee4f1 100644 } int module_sig_check(struct load_info *info, int flags) -diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index ab5a9d42fae7..706d2478ddb3 100644 ---- a/net/bluetooth/l2cap_core.c -+++ b/net/bluetooth/l2cap_core.c -@@ -4054,8 +4054,7 @@ static int l2cap_connect_req(struct l2cap_conn *conn, - return -EPROTO; - - hci_dev_lock(hdev); -- if (hci_dev_test_flag(hdev, HCI_MGMT) && -- !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags)) -+ if (hci_dev_test_flag(hdev, HCI_MGMT)) - mgmt_device_connected(hdev, hcon, NULL, 0); - hci_dev_unlock(hdev); - diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index ce686ebf5591..0d28efddb253 100644 --- a/scripts/mod/modpost.c diff --git a/sources b/sources index f6708862d..97cd31b71 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6 -SHA512 (linux-6.8.6.tar.xz) = 853928d4a18138453b122bb4131c2eb260b504974c2958000fbd9932761dc0302631e2f26d5c01b9c4fdcd2a89c8887714cfe634b84cf8f7fca20f984ad944d2 -SHA512 (kernel-abi-stablelists-6.8.6.tar.xz) = 5d67ad8ee96bf237d720ae4f4eaa9fa7452e81da693988c5c8e40675174814ada18948cf09790c73858a646c86c8756f8bde4cfee254370f634d381dc1c4147e -SHA512 (kernel-kabi-dw-6.8.6.tar.xz) = a12f7001bcbba4ee61d3f4779539a28728a3fe51361b21264a0625ad2e028ce6e1443cde4cd5c5402076c782e912b07c6d1fd56ea7a7cb8130c7d76e4cbd3d76 +SHA512 (linux-6.8.7.tar.xz) = 6874dd6a8a022437bbdfd89af6b923f77807c1bd411a26ad27a01a8e828c5de868a661cf9d4ddb2672530140ac38c1202a1bf70ad26e1572bb898164e139c633 +SHA512 (kernel-abi-stablelists-6.8.7.tar.xz) = 83653234220ecd4d0f82bbb0284ae986375f997548dbbf124764e3a222f6680640b5a943b8b17ecdcc7f23d8a0c57d91a37095c987e2c9ac2c6410ae4cef213a +SHA512 (kernel-kabi-dw-6.8.7.tar.xz) = 9d7cb1017cd70aa3fc56ec6235350e09dd56739b03e6f171b36d1052c247f7ef9cbae6c41d5452c4d151f1163b9a0dfec71d140a96700a0acffddde95d17046d