kernel-6.11.0-0.rc3.20240813gitd74da846046a.31

* Tue Aug 13 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.d74da846046a.31] - fedora: disable CONFIG_DRM_WERROR (Patrick Talbert) Resolves: Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2024-08-13 17:22:36 -06:00 · 2024-08-13 17:22:36 -06:00 · bc4f18bce9
commit bc4f18bce9
parent bfcb15e1d8
6 changed files with 59 additions and 23 deletions
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@ -12,7 +12,7 @@ RHEL_MINOR = 99
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 30
+RHEL_RELEASE = 31

 #
 # RHEL_REBASE_NUM
--- a/Patchlist.changelog
+++ b/Patchlist.changelog
@ -1,3 +1,6 @@
+https://gitlab.com/cki-project/kernel-ark/-/commit/6425c2e128af3870617dd29da8110e7fa17b9ba9
+ 6425c2e128af3870617dd29da8110e7fa17b9ba9 not upstream: Disable vdso getrandom when FIPS is enabled
+
 https://gitlab.com/cki-project/kernel-ark/-/commit/6ae23a2899f457adcbd4e081dec7a49a62b5ec87
 6ae23a2899f457adcbd4e081dec7a49a62b5ec87 Add support to rh_waived cmdline boot parameter

--- a/kernel.changelog
+++ b/kernel.changelog
@ -1,7 +1,14 @@
-* Mon Aug 12 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.30]
+* Tue Aug 13 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.d74da846046a.31]
 - fedora: disable CONFIG_DRM_WERROR (Patrick Talbert)
 Resolves: 

+* Tue Aug 13 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.d74da846046a.30]
+- redhat: spec: add cachestat kselftest (Eric Chanudet)
+- redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov)
+- not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu)
+- Linux v6.11.0-0.rc3.d74da846046a
+Resolves: 
+
 * Mon Aug 12 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.29]
 - Linux v6.11.0-0.rc3
 Resolves: 
--- a/kernel.spec
+++ b/kernel.spec
@ -163,13 +163,13 @@ Summary: The Linux kernel
 %define specrpmversion 6.11.0
 %define specversion 6.11.0
 %define patchversion 6.11
-%define pkgrelease 0.rc3.30
+%define pkgrelease 0.rc3.20240813gitd74da846046a.31
 %define kversion 6
-%define tarfile_release 6.11-rc3
+%define tarfile_release 6.11-rc3-7-gd74da846046a
 # This is needed to do merge window version magic
 %define patchlevel 11
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 0.rc3.30%{?buildid}%{?dist}
+%define specrelease 0.rc3.20240813gitd74da846046a.31%{?buildid}%{?dist}
 # This defines the kabi tarball version
 %define kabiversion 6.11.0

@ -2676,6 +2676,11 @@ BuildKernel() {
 # signkernel
 %endif

+    # hmac sign the UKI for FIPS
+    KernelUnifiedImageHMAC="$KernelUnifiedImageDir/.$InstallName-virt.efi.hmac"
+    %{log_msg "hmac sign the UKI for FIPS"}
+    %{log_msg "Creating hmac file: $KernelUnifiedImageHMAC"}
+    (cd $KernelUnifiedImageDir && sha512hmac $InstallName-virt.efi) > $KernelUnifiedImageHMAC;

 # with_efiuki
 %endif
@ -3069,7 +3074,7 @@ pushd tools/testing/selftests
 %endif

 %{log_msg "main selftests compile"}
-%{make} %{?_smp_mflags} ARCH=$Arch V=1 TARGETS="bpf cgroup mm net net/forwarding net/mptcp netfilter tc-testing memfd drivers/net/bonding iommu" SKIP_TARGETS="" $force_targets INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests VMLINUX_H="${RPM_VMLINUX_H}" install
+%{make} %{?_smp_mflags} ARCH=$Arch V=1 TARGETS="bpf cgroup mm net net/forwarding net/mptcp netfilter tc-testing memfd drivers/net/bonding iommu cachestat" SKIP_TARGETS="" $force_targets INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests VMLINUX_H="${RPM_VMLINUX_H}" install

 %ifarch %{klptestarches}
 	# kernel livepatching selftest test_modules will build against
@ -4013,6 +4018,7 @@ fi\
 /lib/modules/%{KVERREL}%{?3:+%{3}}/config\
 /lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\
 %attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\
+%attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/.%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi.hmac\
 %ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\
 %{expand:%%files %{?3:%{3}-}uki-virt-addons}\
 /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi.extra.d/ \
@ -4091,9 +4097,15 @@ fi\
 #
 #
 %changelog
-* Mon Aug 12 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.30]
+* Tue Aug 13 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.d74da846046a.31]
 - fedora: disable CONFIG_DRM_WERROR (Patrick Talbert)

+* Tue Aug 13 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.d74da846046a.30]
+- redhat: spec: add cachestat kselftest (Eric Chanudet)
+- redhat: hmac sign the UKI for FIPS (Vitaly Kuznetsov)
+- not upstream: Disable vdso getrandom when FIPS is enabled (Herbert Xu)
+- Linux v6.11.0-0.rc3.d74da846046a
+
 * Mon Aug 12 2024 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.11.0-0.rc3.29]
 - Linux v6.11.0-0.rc3

--- a/patch-6.11-redhat.patch
+++ b/patch-6.11-redhat.patch
@ -19,7 +19,7 @@
 drivers/ata/libahci.c                              |  18 +
 drivers/char/ipmi/ipmi_dmi.c                       |  15 +
 drivers/char/ipmi/ipmi_msghandler.c                |  16 +-
- drivers/char/random.c                              | 122 +++++
+ drivers/char/random.c                              | 126 ++++-
 drivers/firmware/efi/Makefile                      |   1 +
 drivers/firmware/efi/efi.c                         | 124 +++--
 drivers/firmware/efi/secureboot.c                  |  38 ++
@ -78,7 +78,7 @@
 security/lockdown/Kconfig                          |  13 +
 security/lockdown/lockdown.c                       |   1 +
 security/security.c                                |  12 +
- 80 files changed, 2682 insertions(+), 257 deletions(-)
+ 80 files changed, 2685 insertions(+), 258 deletions(-)

 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
 index 09126bb8cc9f..ee2984e46c06 100644
@ -947,10 +947,10 @@ index e12b531f5c2f..082707f8dff8 100644
 	rv = ipmi_register_driver();
 	mutex_unlock(&ipmi_interfaces_mutex);
 diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 87fe61295ea1..707f271e7728 100644
+index 87fe61295ea1..bc84784b9ecb 100644
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
-@@ -51,6 +51,7 @@
+@@ -51,9 +51,11 @@
 #include <linux/completion.h>
 #include <linux/uuid.h>
 #include <linux/uaccess.h>
@ -958,7 +958,11 @@ index 87fe61295ea1..707f271e7728 100644
 #include <linux/suspend.h>
 #include <linux/siphash.h>
 #include <linux/sched/isolation.h>
-@@ -322,6 +323,11 @@ static void crng_fast_key_erasure(u8 key[CHACHA_KEY_SIZE],
+#include <linux/fips.h>
+ #include <crypto/chacha.h>
+ #include <crypto/blake2s.h>
+ #ifdef CONFIG_VDSO_GETRANDOM
+@@ -322,6 +324,11 @@ static void crng_fast_key_erasure(u8 key[CHACHA_KEY_SIZE],
 	memzero_explicit(first_block, sizeof(first_block));
 }
 
@ -970,7 +974,17 @@ index 87fe61295ea1..707f271e7728 100644
 /*
  * This function returns a ChaCha state that you may use for generating
  * random data. It also returns up to 32 bytes on its own of random data
-@@ -755,6 +761,9 @@ static void __cold _credit_init_bits(size_t bits)
+@@ -735,7 +742,8 @@ static void __cold _credit_init_bits(size_t bits)
+ 			queue_work(system_unbound_wq, &set_ready);
+ 		atomic_notifier_call_chain(&random_ready_notifier, 0, NULL);
+ #ifdef CONFIG_VDSO_GETRANDOM
+-		WRITE_ONCE(_vdso_rng_data.is_ready, true);
+		if (!fips_enabled)
+			WRITE_ONCE(_vdso_rng_data.is_ready, true);
+ #endif
+ 		wake_up_interruptible(&crng_init_wait);
+ 		kill_fasync(&fasync, SIGIO, POLL_IN);
+@@ -755,6 +763,9 @@ static void __cold _credit_init_bits(size_t bits)
 }
 
 
@ -980,7 +994,7 @@ index 87fe61295ea1..707f271e7728 100644
 /**********************************************************************
  *
  * Entropy collection routines.
-@@ -972,6 +981,19 @@ void __init add_bootloader_randomness(const void *buf, size_t len)
+@@ -972,6 +983,19 @@ void __init add_bootloader_randomness(const void *buf, size_t len)
 		credit_init_bits(len * 8);
 }
 
@ -1000,7 +1014,7 @@ index 87fe61295ea1..707f271e7728 100644
 #if IS_ENABLED(CONFIG_VMGENID)
 static BLOCKING_NOTIFIER_HEAD(vmfork_chain);
 
-@@ -1381,6 +1403,7 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags
+@@ -1381,6 +1405,7 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags
 {
 	struct iov_iter iter;
 	int ret;
@ -1008,7 +1022,7 @@ index 87fe61295ea1..707f271e7728 100644
 
 	if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE))
 		return -EINVAL;
-@@ -1392,6 +1415,21 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags
+@@ -1392,6 +1417,21 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags
 	if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM))
 		return -EINVAL;
 
@ -1030,7 +1044,7 @@ index 87fe61295ea1..707f271e7728 100644
 	if (!crng_ready() && !(flags & GRND_INSECURE)) {
 		if (flags & GRND_NONBLOCK)
 			return -EAGAIN;
-@@ -1412,6 +1450,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait)
+@@ -1412,6 +1452,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait)
 	return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM;
 }
 
@ -1043,7 +1057,7 @@ index 87fe61295ea1..707f271e7728 100644
 static ssize_t write_pool_user(struct iov_iter *iter)
 {
 	u8 block[BLAKE2S_BLOCK_SIZE];
-@@ -1552,7 +1596,58 @@ static int random_fasync(int fd, struct file *filp, int on)
+@@ -1552,7 +1598,58 @@ static int random_fasync(int fd, struct file *filp, int on)
 	return fasync_helper(fd, filp, on, &fasync);
 }
 
@ -1102,7 +1116,7 @@ index 87fe61295ea1..707f271e7728 100644
 	.read_iter = random_read_iter,
 	.write_iter = random_write_iter,
 	.poll = random_poll,
-@@ -1565,6 +1660,7 @@ const struct file_operations random_fops = {
+@@ -1565,6 +1662,7 @@ const struct file_operations random_fops = {
 };
 
 const struct file_operations urandom_fops = {
@ -1110,7 +1124,7 @@ index 87fe61295ea1..707f271e7728 100644
 	.read_iter = urandom_read_iter,
 	.write_iter = random_write_iter,
 	.unlocked_ioctl = random_ioctl,
-@@ -1575,6 +1671,32 @@ const struct file_operations urandom_fops = {
+@@ -1575,6 +1673,32 @@ const struct file_operations urandom_fops = {
 	.splice_write = iter_file_splice_write,
 };
 
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (linux-6.11-rc3.tar.xz) = d87de5c563d9157e46b7311f131d0b897207c32e013da59634c239ed94d69b249152bb12aa33ac6a147d3645abae945b28b3d5b299f9636fd299ed1861fd8057
-SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = 091e5aacef72390008a31f74d9155d516ccf24a2d8764c6eb0ff13232d61587dd31d2c8c851a519b89916dc4d00a175dd7287ffd8735cc3e0625e006c0acd18a
-SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = 1a8f7b1df20a140c8237cbad506a616cc6d65c56888844566645c4f3dc49de2655a8dd74f8ee568ed38172b695aee21815495cf68a92a462e75fc53b7f02e996
+SHA512 (linux-6.11-rc3-7-gd74da846046a.tar.xz) = e97b4235025b51feab6dfa68b6fcb65c9771335c4cfbfcbe2d7f2551ff4551878a65d3c510853514f2ac65844d3c73ddd310e5ce872a390e3f3070561f6e1dc6
+SHA512 (kernel-abi-stablelists-6.11.0.tar.xz) = 47cb5d861240c448815e19af435dd101d5a2366ecca30b8dbe35066d6b3c4dcda21589d30695ed69e045593392bb3dfca9265aa236d787a5073950e3e7c89618
+SHA512 (kernel-kabi-dw-6.11.0.tar.xz) = 2451593786a6faebef58b6a03269a93e14674a1b60b56f63e86b113db2e59072e02533dfcfa18a08c3d37074830e8bdccf55fc7a77eebc93f6a7106be7b6e20f