From: Herbert Xu on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1304
NOTE: Truncated patchset since committer email 'herbert(a)gondor.apana.org.au'
does not match the submitter's GitLab public email address
'herbert.xu(a)redhat.com'.
Upstream: RHEL only
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1984784
The RHEL FIPS certification effort ran into an show-stopper with
/dev/urandom and getrandom(2) not being FIPS-compliant. At this
point there is no realistic chance of making them FIPS-compliant
upstream. It has also been deemed unrealistic to change user-space
to use the FIPS-compliant RNG through the Crypto API.
Therefore this patch series overrides /dev/*random as well as
getrandom(2) with the Crypto API RNG so that FIPS certification
can proceed.
Signed-off-by: Herbert Xu <herbert.xu(a)redhat.com>
---
crypto/rng.c | 73 ++++++++++++++++++++++++++++++-
drivers/char/random.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/random.h | 7 ++
3 files changed, 194 insertions(+), 1 deletions(-)
From: Waiman Long <longman(a)redhat.com>
redhat/configs: Enable CONFIG_MITIGATION_SLS for RHEL
Like Fedora, CONFIG_MITIGATION_SLS had been enabled for RHEL9 since
9.3. Update the kernel-ark setting to match current RHEL9 setting.
Signed-off-by: Waiman Long <longman(a)redhat.com>
diff --git a/redhat/configs/fedora/generic/x86/CONFIG_MITIGATION_SLS b/redhat/configs/common/generic/x86/CONFIG_MITIGATION_SLS
rename from redhat/configs/fedora/generic/x86/CONFIG_MITIGATION_SLS
rename to redhat/configs/common/generic/x86/CONFIG_MITIGATION_SLS
index blahblah..blahblah 100644
--- a/redhat/configs/fedora/generic/x86/CONFIG_MITIGATION_SLS
+++ b/redhat/configs/common/generic/x86/CONFIG_MITIGATION_SLS
diff --git a/redhat/configs/rhel/generic/x86/CONFIG_MITIGATION_SLS b/redhat/configs/rhel/generic/x86/CONFIG_MITIGATION_SLS
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/rhel/generic/x86/CONFIG_MITIGATION_SLS
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_MITIGATION_SLS is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3222
From: Tomas Henzl <thenzl(a)redhat.com>
aacraid:i driver disable
Upstream Status: RHEL only
Disable the aacraid driver in RHEL10
Signed-off-by: Tomas Henzl <thenzl(a)redhat.com>
diff --git a/redhat/configs/common/generic/CONFIG_SCSI_AACRAID b/redhat/configs/common/generic/CONFIG_SCSI_AACRAID
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_SCSI_AACRAID
+++ b/redhat/configs/common/generic/CONFIG_SCSI_AACRAID
@@ -1 +1 @@
-CONFIG_SCSI_AACRAID=m
+# CONFIG_SCSI_AACRAID is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3322
From: Don Zickus <dzickus(a)redhat.com>
Add wildcard macros -baseonly -gcov
There are multiple usecases for -baseonly and -gcov on various
targets in the Makefile. Instead of calling those targets out
repeatedly, lets generalize them a bit.
Allow adding -baseonly and -gcov to:
dist-rpm
dist-srpm
dist-brew
dist-koji
distg-brew
distg-koji
Gcov is useful for adding code coverage. Baseonly is useful to only
build the kernel for debugging purposes without userspace tools.
Signed-off-by: Don Zickus <dzickus(a)redhat.com>
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -297,6 +297,12 @@ dist-sources: dist-kabi dist-kabi-dup sources-rh
dist-test-patch: generate-testpatch-tmp
@mv $(TESTPATCH).tmp $(TESTPATCH);
+%-baseonly: RPMBUILDOPTS=--target $(MACH) --without debug --without debuginfo --without vdso_install --without bpftool --without perf --without tools --without selftests -bb
+%-baseonly: BUILDOPTS+=-debug -debuginfo -vdso_install -bpftool -perf -tools -selftests
+
+%-gcov: BUILDID=".gcov"
+%-gcov: BUILDOPTS+="+gcov"
+
do-rpmbuild: dist-sources
$(RPMBUILD) --define "_sourcedir $(SOURCES)" --define "_builddir $(RPM)/BUILD" --define "_srcrpmdir $(RPM)/SRPMS" --define "_rpmdir $(RPM)/RPMS" --define "_specdir $(RPM)/SPECS" --define "dist $(DIST)" $(RPMBUILDOPTS) $(RPM)/SOURCES/$(PACKAGE_NAME).spec
@@ -306,9 +312,9 @@ dist-all-rpms: dist-sources do-rpmbuild
dist-srpm: RPMBUILDOPTS=--nodeps -bs
dist-srpm: dist-sources do-rpmbuild
-dist-srpm-gcov: BUILDID=".gcov"
-dist-srpm-gcov: BUILDOPTS+="+gcov"
-dist-srpm-gcov: dist-srpm
+dist-srpm-%: dist-srpm
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
dist-rpms: RPMBUILDOPTS=--target $(MACH) -bb
dist-rpms: dist-sources do-rpmbuild
@@ -322,8 +328,7 @@ dist-prep: dist-sources do-rpmbuild
dist-perf: RPMBUILDOPTS=--without up --without smp --without zfcpdump --without debug --without doc --without headers --without --without doc --without debuginfo --target $(MACH) -bb
dist-perf: dist-sources do-rpmbuild
-dist-rpm-baseonly: RPMBUILDOPTS=--target $(MACH) --without debug --without debuginfo --without vdso_install --without bpftool --without perf --without tools -bb
-dist-rpm-baseonly: dist-sources do-rpmbuild
+dist-rpm-%: dist-sources do-rpmbuild
# unless you know what you're doing, you don't want to use the next four ones
dist-release-finish: setup-source
@@ -388,9 +393,25 @@ distg-koji: BUILD_FLAGS ?= $(KOJI_FLAGS) $(TEST_FLAGS)
dist-brew dist-koji: dist-%: dist-srpm
$* $(BUILD_PROFILE) build $(BUILD_FLAGS) $(BUILD_TARGET) $(SRPMS)/$(PACKAGE_NAME)-$(KVERSION)-$(PKGRELEASE)$(DIST).src.rpm $(OUTPUT_FILE)
+dist-brew-%: dist-brew
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
+dist-koji-%: dist-koji
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
distg-brew distg-koji: distg-%:
$* $(BUILD_PROFILE) build $(BUILD_FLAGS) $(BUILD_TARGET) "$(RHGITURL)?redhat/koji#$(RHGITCOMMIT)"
+distg-brew-%: dist-brew
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
+distg-koji-%: dist-koji
+ @# phony command to force this to be a target and not variable
+ @FOO=BAR
+
.PHONY: $(REDHAT)/rpm/SOURCES/$(PACKAGE_NAME).spec
$(REDHAT)/rpm/SOURCES/$(PACKAGE_NAME).spec:
@echo "dist-sources"
@@ -469,34 +490,30 @@ dist-full-help:
@echo 'Building targets:'
@echo ' All RPM/SRPM files will be put under the redhat/rpm/ directory.'
@echo ''
- @echo ' dist-srpm - Create a source RPM and put it into the redhat/rpm/SRPMS/'
+ @echo ' dist-srpm@ - Create a source RPM and put it into the redhat/rpm/SRPMS/'
@echo ' directory. See the dist-brew target for available options.'
- @echo ' dist-srpm-gcov - Create a source RPM with gcov enabled and put it into the'
- @echo ' redhat/rpm/SRPMS/ directory.'
- @echo ' dist-brew - Create a kernel SRPM and then call brew to build the'
+ @echo ' dist-brew@ - Create a kernel SRPM and then call brew to build the'
@echo ' created SRPM. Add BUILDOPTS="+<opt> -<opt> [...]" to'
@echo ' enable/disable build options.'
@echo ' Available <opt>s and their default values:' \
$$(sed -n -e 's/^%define with_\([^ \t]*\).*\?_without_.*/+\1/p' \
-e 's/^%define with_\([^ \t]*\).*\?_with_.*/-\1/p' kernel.spec.template | \
grep -v 'only$$') | fmt -80
- @echo ' dist-koji - Create a kernel SRPM and then call koji to build the'
+ @echo ' dist-koji@ - Create a kernel SRPM and then call koji to build the'
@echo ' created SRPM. See the dist-brew target for available'
@echo ' options.'
- @echo ' distg-brew - Pass HEAD of the current git branch to brew to build an'
+ @echo ' distg-brew@ - Pass HEAD of the current git branch to brew to build an'
@echo ' RPM set. Do not forget to push to the remote repository'
@echo ' first. Preceed make command by RHGITCOMMIT=<commitID>'
@echo ' specify commit ID to use.'
@echo ' To set the remote repo, invoke:'
@echo ' git config rhg.url git://<repo_path>'
- @echo ' distg-koji - Pass HEAD of the current git branch to koji to build an'
+ @echo ' distg-koji@ - Pass HEAD of the current git branch to koji to build an'
@echo ' RPM set. Do not forget to push to the remote repository'
@echo ' first. See the distg-brew target for options and'
@echo ' configuration.'
- @echo ' dist-rpms - Create the binary RPMS for the kernel.'
+ @echo ' dist-rpms@ - Create the binary RPMS for the kernel.'
@echo ' See the dist-brew target for available options.'
- @echo ' dist-rpm-baseonly - Create the binary RPMS for the kernel and modules'
- @echo ' (no userspace tools or debuginfo).'
@echo ' dist-kernel-<type> - Create binary RPMS for a particular kernel type.'
@echo ' Available <type>s:'\
$$(sed -n 's/^%define with_\([^ ]*only\).*/\1/p' kernel.spec.template)
@@ -524,6 +541,12 @@ dist-full-help:
@echo ' dist-rhel-configs - build ELN configs'
@echo ' dist-fedora-configs - build Fedora configs'
+ @echo ''
+ @echo 'Wildcard targets: [indicated by '@' above]'
+ @echo ' *-baseonly - builds only the kernel (disables userspace and debuginfo)'
+ @echo ' - Examples: dist-srpm-baseonly, dist-brew-baseonly'
+ @echo ' *-gcov - builds a kernel with gcov enabled'
+ @echo ' - Examples: dist-srpm-gcov, dist-brew-gcov'
@echo ''
@echo 'kABI targets:'
@echo ' dist-kabi - Create kABI stablelist files in redhat/kabi/kabi-rhel*/'
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1444
Hi, we tested your kernel and here are the results:
Overall result: PASSED
Merge: OK
Compile: OK
Test: OK
Tested-by: CKI Project <cki-project(a)redhat.com>
Kernel information:
Brew / Koji Task ID: 122671517
You can find all the details about the test run at
https://datawarehouse.cki-project.org/kcidb/checkouts/redhat:koji-122671517
If you find a failure unrelated to your changes, please ask the test maintainer to review it.
This will prevent the failures from being incorrectly reported in the future.
Please reply to this email if you have any questions about the tests that we
ran or if you have any suggestions on how to make future tests more effective.
,-. ,-.
( C ) ( K ) Continuous
`-',-.`-' Kernel
( I ) Integration
`-'
______________________________________________________________________________
From: Thomas Huth <thuth(a)redhat.com>
[redhat] Disable CONFIG_S390_HYPFS in the zfcpdump kernel
JIRA: https://issues.redhat.com/browse/RHEL-56069
Upstream Status: RHEL only
CONFIG_S390_HYPFS has been split from CONFIG_S390_HYPFS_FS (with "_FS" suffix)
in upstream commit 3325b4d857999 ("s390/hypfs: factor out filesystem code").
Since we have CONFIG_S390_HYPFS_FS disabled for the zfcpdump kernel on s390x,
we should use the same setting for the new CONFIG_S390_HYPFS, too.
Signed-off-by: Thomas Huth <thuth(a)redhat.com>
diff --git a/redhat/configs/rhel/generic/s390x/zfcpdump/CONFIG_S390_HYPFS b/redhat/configs/rhel/generic/s390x/zfcpdump/CONFIG_S390_HYPFS
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/rhel/generic/s390x/zfcpdump/CONFIG_S390_HYPFS
@@ -0,0 +1 @@
+# CONFIG_S390_HYPFS is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3333