diff --git a/0005-haoc-kernel.patch b/0005-haoc-kernel.patch index a806487..b317a9c 100644 --- a/0005-haoc-kernel.patch +++ b/0005-haoc-kernel.patch @@ -1,10 +1,12 @@ -From a3cc0e70fa60f315c3bfc79c040bd603ed6317f3 Mon Sep 17 00:00:00 2001 +From 9300ee48dcae94da558c5b58205656e6ff8adb80 Mon Sep 17 00:00:00 2001 From: liuzh Date: Thu, 12 Dec 2024 02:23:00 +0000 -Subject: [PATCH] Publish k1 x86 code on 6.6.0-67.0.0 +Subject: [PATCH] Publish k1 x86 and Arm64 code on 6.6.0-69.0.0 internal branch: ptdesc-test4 internal commit: 1aaccdb + + disable KOI. --- .gitignore | 4 + Makefile | 7 + @@ -379,7 +381,7 @@ index ee377cec01f3..7b354f051344 100644 KBUILD_CPPFLAGS := -D__KERNEL__ KBUILD_RUSTFLAGS := $(rust_common_flags) \ diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 9da9d58f1c02..cd15ba85864b 100644 +index 9da9d58f1c02..730fb3c9a889 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1776,6 +1776,41 @@ config UNMAP_KERNEL_AT_EL0 @@ -409,7 +411,7 @@ index 9da9d58f1c02..cd15ba85864b 100644 + depends on ARM64 + depends on ARM64_VA_BITS_48 + depends on ARM64_4K_PAGES -+ def_bool y ++ def_bool n + +config IEE_SELINUX_P + depends on IEE @@ -425,7 +427,7 @@ index 9da9d58f1c02..cd15ba85864b 100644 bool "Mitigate Spectre style attacks against branch history" if EXPERT default y diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig -index b152d1ffb547..5e68208c0a72 100644 +index fc6053a500db..633b5c411662 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -89,6 +89,7 @@ CONFIG_BPF_JIT_DEFAULT_ON=y @@ -436,7 +438,7 @@ index b152d1ffb547..5e68208c0a72 100644 # end of BPF subsystem CONFIG_PREEMPT_NONE_BUILD=y -@@ -1388,7 +1389,7 @@ CONFIG_NETFILTER_NETLINK_ACCT=m +@@ -1389,7 +1390,7 @@ CONFIG_NETFILTER_NETLINK_ACCT=m CONFIG_NETFILTER_NETLINK_QUEUE=m CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m @@ -445,7 +447,7 @@ index b152d1ffb547..5e68208c0a72 100644 CONFIG_NF_LOG_SYSLOG=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y -@@ -1419,7 +1420,7 @@ CONFIG_NF_CT_NETLINK=m +@@ -1420,7 +1421,7 @@ CONFIG_NF_CT_NETLINK=m CONFIG_NF_CT_NETLINK_TIMEOUT=m CONFIG_NF_CT_NETLINK_HELPER=m CONFIG_NETFILTER_NETLINK_GLUE_CT=y @@ -454,7 +456,7 @@ index b152d1ffb547..5e68208c0a72 100644 CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_FTP=m CONFIG_NF_NAT_IRC=m -@@ -1623,7 +1624,7 @@ CONFIG_IP_VS_PE_SIP=m +@@ -1624,7 +1625,7 @@ CONFIG_IP_VS_PE_SIP=m # # IP: Netfilter Configuration # @@ -463,7 +465,7 @@ index b152d1ffb547..5e68208c0a72 100644 CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m CONFIG_NF_TABLES_IPV4=y -@@ -1695,7 +1696,7 @@ CONFIG_IP6_NF_TARGET_MASQUERADE=m +@@ -1696,7 +1697,7 @@ CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration @@ -12511,10 +12513,10 @@ index 76ae4a3131ba..b3b962fcc3f8 100644 case BPF_STX | BPF_ATOMIC | BPF_W: case BPF_STX | BPF_ATOMIC | BPF_DW: diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index df023e1cb5dd..f791ba71b796 100644 +index a6bbe6029121..d307e6ec992a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1548,6 +1548,25 @@ config AMD_MEM_ENCRYPT +@@ -1549,6 +1549,25 @@ config AMD_MEM_ENCRYPT This requires an AMD processor that supports Secure Memory Encryption (SME). @@ -12540,7 +12542,7 @@ index df023e1cb5dd..f791ba71b796 100644 # Common NUMA Features config NUMA bool "NUMA Memory Allocation and Scheduler Support" -@@ -2466,6 +2485,12 @@ source "kernel/livepatch/Kconfig" +@@ -2468,6 +2487,12 @@ source "kernel/livepatch/Kconfig" endmenu @@ -12548,7 +12550,7 @@ index df023e1cb5dd..f791ba71b796 100644 +config KOI + bool "Config for Kernel Module Isolation" + depends on X86_64 -+ def_bool y ++ def_bool n + config CC_HAS_SLS def_bool $(cc-option,-mharden-sls=all) @@ -14536,7 +14538,7 @@ index dc3576303f1a..d528f34a0541 100644 /* Offset for fields in aria_ctx */ BLANK(); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index b66364429f98..563de5754f3d 100644 +index 26d7a26ef2d2..9519b6ff2530 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -68,6 +68,10 @@ @@ -14550,7 +14552,7 @@ index b66364429f98..563de5754f3d 100644 u32 elf_hwcap2 __read_mostly; /* Number of siblings per CPU package */ -@@ -403,11 +407,18 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c) +@@ -406,11 +410,18 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c) static const unsigned long cr4_pinned_mask = X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | X86_CR4_FSGSBASE | X86_CR4_CET; @@ -14569,7 +14571,7 @@ index b66364429f98..563de5754f3d 100644 unsigned long bits_missing = 0; set_register: -@@ -422,6 +433,7 @@ void native_write_cr0(unsigned long val) +@@ -425,6 +436,7 @@ void native_write_cr0(unsigned long val) /* Warn after we've set the missing bits. */ WARN_ONCE(bits_missing, "CR0 WP bit went missing!?\n"); } diff --git a/haoc-kernel.spec b/haoc-kernel.spec index 8367e70..5bb13e4 100644 --- a/haoc-kernel.spec +++ b/haoc-kernel.spec @@ -40,13 +40,13 @@ rm -f test_openEuler_sign.ko test_openEuler_sign.ko.sig %global upstream_version 6.6 %global upstream_sublevel 0 -%global devel_release 67 +%global devel_release 69 %global maintenance_release .0.0 -%global pkg_release .72 +%global pkg_release .76 %global openeuler_lts 1 %global openeuler_major 2403 -%global openeuler_minor 0 +%global openeuler_minor 1 # # Support input parameter to overwrite the preceding version numbers. @@ -107,6 +107,10 @@ Source16: sign-modules-openeuler Source18: check-kabi Source20: Module.kabi_aarch64 Source21: Module.kabi_x86_64 +Source22: Module.kabi_ext1_aarch64 +Source23: Module.kabi_ext1_x86_64 +Source24: Module.kabi_ext2_aarch64 +Source25: Module.kabi_ext2_x86_64 %endif Source200: mkgrub-menu-aarch64.sh @@ -1092,8 +1096,116 @@ fi %endif %changelog -* Tue Dec 17 2024 Liu Zhehui - 6.6.0-67.0.0.72 -- update HAOC to 6.6.0-67.0.0 +* Fri Dec 20 2024 Liu Zhehui - 6.6.0-69.0.0.76 +- update HAOC to 6.6.0-69.0.0 +* Thu Dec 19 2024 ZhangPeng - 6.6.0-69.0.0.75 +- !14221 KABI for cgroup +- cgroup: add more reserve kabi +- cgroup/cpuset: Prevent UAF in proc_cpuset_show() +- cgroup: Move rcu_head up near the top of cgroup_root +- cgroup: Make operations on the cgroup root_list RCU safe +- Revert "cgroup: fix uaf when proc_cpuset_show" +- !14220 fs: Allow fine-grained control of folio sizes +- fs: Allow fine-grained control of folio sizes +- !12108 include/msi: modify kabi size of msi_desc +- include/msi: modify kabi size of msi_desc +- !14195 [OLK-6.6]Hygon: Enable CONFIG_CMA by default on X86 architecture +- x86/Kconfig: Select CONFIG_CMA if CONFIG_HYGON_CSV=y +- x86/config: Enable CONFIG_CMA by default in openeuler_defconfig +- !14215 iommu: Reserve extra KABI entry for struct iopf_group +- iommu: Reserve extra KABI entry for struct iopf_group +- !14223 v2 kabi: net: reserve space for xdp subsystem related structure +- kabi: net: reserve space for xdp subsystem related structure +- !14224 net/kabi: Reserve space for net structures +- net/kabi: Reserve space for net structures +- !14236 v2 statx: kabi: KABI reservation for kstat +- statx: kabi: KABI reservation for kstat +- !14218 seq_file: kabi: KABI reservation for seq_file +- seq_file: kabi: KABI reservation for seq_file +- !14203 tcp: Fix use-after-free of nreq in reqsk_timer_handler(). +- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). +- !14191 nfs: fix the loss of superblock's initialized flags +- nfs: fix the loss of superblock's initialized flags + +* Wed Dec 18 2024 Liu Yanze - 6.6.0-68.0.0.74 +- kabi: add kabi_ext2 list for checking +- kernel.spec: fix with_kabichk on non-arm64 platform + +* Tue Dec 17 2024 Xie XiuQi - 6.6.0-68.0.0.73 +- kabi: add kabi_ext1 list for checking +- check-kabi: fix kabi check failed when no namespace +- kernel.spec: fix with_kabichk on non-arm64 platform + +* Tue Dec 17 2024 ZhangPeng - 6.6.0-68.0.0.72 +- !14161 drm/rockchip: vop: Fix a dereferenced before check warning +- drm/rockchip: vop: Fix a dereferenced before check warning +- !14143 KVM:arm64:Add a kvm parameter to control guest wfi trapping +- KVM:arm64:Add a kvm parameter to control guest wfi trapping +- !14177 v2 kabi: restrict the KABI fix to a specific architecture and dist +- kabi: enable KABI_COMPAT series by default on x86_64 & ARM64 +- kabi: restrict the KABI fix to a specific architecture and dist +- !14151 CVE-2024-53142 +- initramfs: avoid filename buffer overrun +- !14183 mm/dynamic_pool: use __GENKSYMS__ to revert the kabi change +- mm/dynamic_pool: use __GENKSYMS__ to revert the kabi change +- !13999 add iommu support for loongarch +- LoongArch: add iommu support +- LoongArch: Fix cpu hotplug issue +- !13998 Synchronization with patch for loongarch virtualization +- LoongArch: Fix AP booting issue in VM mode +- LoongArch: KVM: Remove unnecessary CSR register saving during enter guest +- LoongArch: KVM: Remove undefined a6 argument comment for kvm_hypercall() +- LoongArch: KVM: Add vcpu mapping from physical cpuid +- LoongArch: KVM: Remove unnecessary definition of KVM_PRIVATE_MEM_SLOTS +- LoongArch: KVM: Add cpucfg area for kvm hypervisor +- LoongArch: KVM: Add KVM hypercalls documentation for LoongArch +- LoongArch: KVM: Implement function kvm_para_has_feature() +- LoongArch: KVM: Enable paravirt feature control from VMM +- LoongArch: KVM: Add PMU support for guest +- LoongArch: KVM: Add vm migration support for LBT registers +- LoongArch: KVM: Add Binary Translation extension support +- LoongArch: KVM: Add VM feature detection function +- LoongArch: Revert qspinlock to test-and-set simple lock on VM +- LoongArch: KVM: Invalidate guest steal time address on vCPU reset +- KVM: Discard zero mask with function kvm_dirty_ring_reset +- perf kvm: Add kvm-stat for loongarch64 +- LoongArch: KVM: Add PV steal time support in guest side +- LoongArch: KVM: Add PV steal time support in host side +- LoongArch: KVM: always make pte young in page map's fast path +- LoongArch: KVM: Mark page accessed and dirty with page ref added +- LoongArch: KVM: Add dirty bitmap initially all set support +- LoongArch: KVM: Add memory barrier before update pmd entry +- LoongArch: KVM: Discard dirty page tracking on readonly memslot +- LoongArch: KVM: Select huge page only if secondary mmu supports it +- LoongArch: KVM: Delay secondary mmu tlb flush until guest entry +- LoongArch: KVM: Sync pending interrupt when getting ESTAT from user mode +- LoongArch: KVM: Add mmio trace events support +- LoongArch: KVM: Add software breakpoint support +- LoongArch: KVM: Add PV IPI support on guest side +- LoongArch: KVM: Add PV IPI support on host side +- !14163 LeapIOraid: Remove Unnecessary header file references: version.h +- LeapIOraid: Remove Unnecessary header file references: version.h +- !13997 Add interrupt controller emulation in the kernel +- LoongArch: KVM: Add irqfd support +- LoongArch: KVM: Add PCHPIC user mode read and write functions +- LoongArch: KVM: Add PCHPIC read and write functions +- LoongArch: KVM: Add PCHPIC device support +- LoongArch: KVM: Add EXTIOI user mode read and write functions +- LoongArch: KVM: Add EXTIOI read and write functions +- LoongArch: KVM: Add EXTIOI device support +- LoongArch: KVM: Add IPI user mode read and write function +- LoongArch: KVM: Add IPI read and write function +- LoongArch: KVM: Add IPI device support +- LoongArch: KVM: Add iocsr and mmio bus simulation in kernel +- !14111 LeapIOraid: Fix the compilation warnings in LeapIOraid driver in loongarch64 +- LeapIOraid: Fix the compilation warnings in LeapIOraid driver in loongarch64 +- !14162 LeapIOraid: Fix too many invalid interruptes in arm64 +- LeapIOraid: Fix too many invalid interruptes in arm64 +- !11509 [OLK-6.6] Enhanced Hygon processor's processing capabilities for large memory copying +- mm: Enhanced copy capabilities for Hygon processor +- !14155 drm/amd/display: Adjust VSDB parser for replay feature +- drm/amd/display: Adjust VSDB parser for replay feature + * Fri Dec 13 2024 ZhangPeng - 6.6.0-67.0.0.71 - !14144 [6.6] [Feature] : update patches for sw64 architecture - sw64: fix compile errors