[rocky10_0] History Rebuild to kernel-6.12.0-55.19.1.el10_0 #394

PlaidCat · 2025-07-02T21:06:05Z

Download all unprocessed src.rpm
for each src,pm
- Find all commits in changelog up to last known tag ... in this case 6.12.0-55
- Re-play commits in reverse order (oldest in change log to newest) with git cherry-pick
- After replay replace ENTIRE code in branch with rpmbuild -bp from corresponding src.rpm.
- Tag Rebuild branch
Use New Local Build with prodman and test (note test results will be different than usual)

Checking Rebuild Commits for potentially missing commits:

kernel-6.12.0-55.19.1.el10_0

[jmaple@devbox kernel-src-tree]$ git push --follow-tags origin rocky10_0_rebuild
Enumerating objects: 119, done.
Counting objects: 100% (119/119), done.
Delta compression using up to 20 threads
Compressing objects: 100% (78/78), done.
Writing objects: 100% (87/87), 367.31 KiB | 3.57 MiB/s, done.
Total 87 (delta 75), reused 7 (delta 7), pack-reused 0 (from 0)
remote: Resolving deltas: 100% (75/75), completed with 31 local objects.
remote: Bypassed rule violations for refs/heads/rocky10_0_rebuild:
remote:
remote: - This branch must not contain merge commits.
remote:   Found 1 violation:
remote:
remote:   a16805f7810e3298ad5042c3d18dcfe4f5d24bbb
remote:
To github.com:ctrliq/kernel-src-tree.git
 * [new branch]                rocky10_0_rebuild -> rocky10_0_rebuild
 * [new tag]                   resf_kernel-6.12.0-55.19.1.el10_0 -> resf_kernel-6.12.0-55.19.1.el10_0
[jmaple@devbox kernel-src-tree]$ ^C
[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-6.12.0-55.19.1.el10_0/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 52012
Number of commits in rpm: 9
Number of commits matched with upstream: 5 (55.56%)
Number of commits in upstream but not in rpm: 52007
Number of commits NOT found in upstream: 4 (44.44%)

Rebuilding Kernel on Branch rocky10_0_rebuild_kernel-6.12.0-55.19.1.el10_0 for kernel-6.12.0-55.19.1.el10_0
Clean Cherry Picks: 5 (100.00%)
Empty Cherry Picks: 0 (0.00%)
_______________________________

__EMPTY COMMITS__________________________

__CHANGES NOT IN UPSTREAM________________
Porting to Rocky Linux 10, debranding and Rocky Linux branding'
Add partial riscv64 support for build root'
Provide basic VisionFive 2 support'
block/Kconfig: Allow selecting BLK_CGROUP_PUNT_BIO

Build

[jmaple@devbox code]$ egrep -B 5 -A 5 "\[TIMER\]|^Starting Build" kbuild.resf_kernel-6.12.0-55.19.1.el10_0.log
/mnt/code/kernel-src-tree-build
no .config file found, moving on
[TIMER]{MRPROPER}: 0s
x86_64 architecture detected, copying config
'configs/kernel-x86_64-rhel.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rocky10_0_rebuild-072c27213755"
Making olddefconfig
#
# configuration written to .config
#
Starting Build
  SYNC    include/config/auto.conf
  GEN     arch/x86/include/generated/asm/orc_hash.h
  WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
  WRAP    arch/x86/include/generated/uapi/asm/errno.h
  WRAP    arch/x86/include/generated/uapi/asm/fcntl.h
--
  LD [M]  net/qrtr/qrtr.ko
  BTF [M] net/hsr/hsr.ko
  LD [M]  net/qrtr/qrtr-mhi.ko
  BTF [M] net/qrtr/qrtr.ko
  BTF [M] net/qrtr/qrtr-mhi.ko
[TIMER]{BUILD}: 2099s
Making Modules
  SYMLINK /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/build
  INSTALL /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/modules.order
  INSTALL /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/modules.builtin
  INSTALL /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/modules.builtin.modinfo
--
  STRIP   /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/kernel/net/qrtr/qrtr-mhi.ko
  SIGN    /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/kernel/net/qrtr/qrtr-mhi.ko
  SIGN    /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/kernel/net/hsr/hsr.ko
  SIGN    /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+/kernel/net/qrtr/qrtr.ko
  DEPMOD  /lib/modules/6.12.0-rocky10_0_rebuild-072c27213755+
[TIMER]{MODULES}: 8s
Making Install
  INSTALL /boot
[TIMER]{INSTALL}: 18s
Checking kABI
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-6.12.0-rocky10_0_rebuild-072c27213755+ and Index to 2
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 0s
[TIMER]{BUILD}: 2099s
[TIMER]{MODULES}: 8s
[TIMER]{INSTALL}: 18s
[TIMER]{TOTAL} 2128s
Rebooting in 10 seconds

KSelfTests

[jmaple@devbox code]$ ls kselftest.6.12.0-rocky10_0_rebuild-ddc9a4ae48f1+.log kselftest.6.12.0-rocky10_0_rebuild-072c27213755+.log | while read line; do echo $line; grep '^ok ' $line | wc -l ; done
kselftest.6.12.0-rocky10_0_rebuild-072c27213755+.log
498
kselftest.6.12.0-rocky10_0_rebuild-ddc9a4ae48f1+.log
498

jira LE-3504 Rebuild_History Non-Buildable kernel-6.12.0-55.19.1.el10_0 commit-author Paul Greenwalt <[email protected]> commit 59f4d59 E830 adds hardware support to prevent the VF from overflowing the PF mailbox with VIRTCHNL messages. E830 will use the hardware feature (ICE_F_MBX_LIMIT) instead of the software solution ice_is_malicious_vf(). To prevent a VF from overflowing the PF, the PF sets the number of messages per VF that can be in the PF's mailbox queue (ICE_MBX_OVERFLOW_WATERMARK). When the PF processes a message from a VF, the PF decrements the per VF message count using the E830_MBX_VF_DEC_TRIG register. Signed-off-by: Paul Greenwalt <[email protected]> Reviewed-by: Alexander Lobakin <[email protected]> Tested-by: Rafal Romanowski <[email protected]> Signed-off-by: Tony Nguyen <[email protected]> (cherry picked from commit 59f4d59) Signed-off-by: Jonathan Maple <[email protected]>

jira LE-3504 cve CVE-2025-21883 Rebuild_History Non-Buildable kernel-6.12.0-55.19.1.el10_0 commit-author Marcin Szycik <[email protected]> commit 79990cf If ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees all VFs without removing them from snapshot PF-VF mailbox list, leading to list corruption. Reproducer: devlink dev eswitch set $PF1_PCI mode switchdev ip l s $PF1 up ip l s $PF1 promisc on sleep 1 echo 1 > /sys/class/net/$PF1/device/sriov_numvfs sleep 1 echo 1 > /sys/class/net/$PF1/device/sriov_numvfs Trace (minimized): list_add corruption. next->prev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330). kernel BUG at lib/list_debug.c:29! RIP: 0010:__list_add_valid_or_report+0xa6/0x100 ice_mbx_init_vf_info+0xa7/0x180 [ice] ice_initialize_vf_entry+0x1fa/0x250 [ice] ice_sriov_configure+0x8d7/0x1520 [ice] ? __percpu_ref_switch_mode+0x1b1/0x5d0 ? __pfx_ice_sriov_configure+0x10/0x10 [ice] Sometimes a KASAN report can be seen instead with a similar stack trace: BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100 VFs are added to this list in ice_mbx_init_vf_info(), but only removed in ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is also being called in other places where VFs are being removed (including ice_free_vfs() itself). Fixes: 8cd8a6b ("ice: move VF overflow message count into struct ice_mbx_vf_info") Reported-by: Sujai Buvaneswaran <[email protected]> Closes: https://lore.kernel.org/intel-wired-lan/PH0PR11MB50138B635F2E5CEB7075325D961F2@PH0PR11MB5013.namprd11.prod.outlook.com Reviewed-by: Martyna Szapar-Mudlaw <[email protected]> Signed-off-by: Marcin Szycik <[email protected]> Reviewed-by: Simon Horman <[email protected]> Tested-by: Sujai Buvaneswaran <[email protected]> Signed-off-by: Tony Nguyen <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> (cherry picked from commit 79990cf) Signed-off-by: Jonathan Maple <[email protected]>

jira LE-3504 Rebuild_History Non-Buildable kernel-6.12.0-55.19.1.el10_0 commit-author Marcin Szycik <[email protected]> commit 5c07be9 As part of switchdev environment setup, uplink VSI is configured as default for both Tx and Rx. Default Rx VSI is also used by promiscuous mode. If promisc mode is enabled and an attempt to enter switchdev mode is made, the setup will fail because Rx VSI is already configured as default (rule exists). Reproducer: devlink dev eswitch set $PF1_PCI mode switchdev ip l s $PF1 up ip l s $PF1 promisc on echo 1 > /sys/class/net/$PF1/device/sriov_numvfs In switchdev setup, use ice_set_dflt_vsi() instead of plain ice_cfg_dflt_vsi(), which avoids repeating setting default VSI for Rx if it's already configured. Fixes: 50d6202 ("ice: default Tx rule instead of to queue") Reported-by: Sujai Buvaneswaran <[email protected]> Closes: https://lore.kernel.org/intel-wired-lan/PH0PR11MB50138B635F2E5CEB7075325D961F2@PH0PR11MB5013.namprd11.prod.outlook.com Reviewed-by: Martyna Szapar-Mudlaw <[email protected]> Signed-off-by: Marcin Szycik <[email protected]> Reviewed-by: Simon Horman <[email protected]> Tested-by: Sujai Buvaneswaran <[email protected]> Signed-off-by: Tony Nguyen <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> (cherry picked from commit 5c07be9) Signed-off-by: Jonathan Maple <[email protected]>

jira LE-3504 cve CVE-2025-21961 Rebuild_History Non-Buildable kernel-6.12.0-55.19.1.el10_0 commit-author Taehee Yoo <[email protected]> commit 9f7b2aa When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb() passes incorrect truesize argument to xdp_update_skb_shared_info(). The truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo->nr_frags but the skb_shared_info was wiped by napi_build_skb() before. So it stores sinfo->nr_frags before bnxt_xdp_build_skb() and use it instead of getting skb_shared_info from xdp_get_shared_info_from_buff(). Splat looks like: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590 Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3 RIP: 0010:skb_try_coalesce+0x504/0x590 Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff <0f> 0b e99 RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287 RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0 RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003 RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900 R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740 R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? __warn+0x84/0x130 ? skb_try_coalesce+0x504/0x590 ? report_bug+0x18a/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? skb_try_coalesce+0x504/0x590 inet_frag_reasm_finish+0x11f/0x2e0 ip_defrag+0x37a/0x900 ip_local_deliver+0x51/0x120 ip_sublist_rcv_finish+0x64/0x70 ip_sublist_rcv+0x179/0x210 ip_list_rcv+0xf9/0x130 How to reproduce: <Node A> ip link set $interface1 xdp obj xdp_pass.o ip link set $interface1 mtu 9000 up ip a a 10.0.0.1/24 dev $interface1 <Node B> ip link set $interfac2 mtu 9000 up ip a a 10.0.0.2/24 dev $interface2 ping 10.0.0.1 -s 65000 Following ping.py patch adds xdp-mb-pass case. so ping.py is going to be able to reproduce this issue. Fixes: 1dc4c55 ("bnxt: adding bnxt_xdp_build_skb to build skb from multibuffer xdp_buff") Signed-off-by: Taehee Yoo <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> (cherry picked from commit 9f7b2aa) Signed-off-by: Jonathan Maple <[email protected]>

jira LE-3504 cve CVE-2025-22104 Rebuild_History Non-Buildable kernel-6.12.0-55.19.1.el10_0 commit-author Nick Child <[email protected]> commit d93a6ca Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of 8 then a read buffer overflow was possible. Therefore, create a new ibmvnic function that loops over a buffer and calls hex_dump_to_buffer instead. This patch address KASAN reports like the one below: ibmvnic 30000003 env3: Login Buffer: ibmvnic 30000003 env3: 01000000af000000 <...> ibmvnic 30000003 env3: 2e6d62692e736261 ibmvnic 30000003 env3: 65050003006d6f63 ================================================================== BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic] Read of size 8 at addr c0000001331a9aa8 by task ip/17681 <...> Allocated by task 17681: <...> ibmvnic_login+0x2f0/0xffc [ibmvnic] ibmvnic_open+0x148/0x308 [ibmvnic] __dev_open+0x1ac/0x304 <...> The buggy address is located 168 bytes inside of allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf) <...> ================================================================= ibmvnic 30000003 env3: 000000000033766e Fixes: 032c5e8 ("Driver for IBM System i/p VNIC protocol") Signed-off-by: Nick Child <[email protected]> Reviewed-by: Dave Marquardt <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> (cherry picked from commit d93a6ca) Signed-off-by: Jonathan Maple <[email protected]>

Rebuild_History BUILDABLE Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% Number of commits in upstream range v6.12~1..kernel-mainline: 52012 Number of commits in rpm: 9 Number of commits matched with upstream: 5 (55.56%) Number of commits in upstream but not in rpm: 52007 Number of commits NOT found in upstream: 4 (44.44%) Rebuilding Kernel on Branch rocky10_0_rebuild_kernel-6.12.0-55.19.1.el10_0 for kernel-6.12.0-55.19.1.el10_0 Clean Cherry Picks: 5 (100.00%) Empty Cherry Picks: 0 (0.00%) _______________________________ Full Details Located here: ciq/ciq_backports/kernel-6.12.0-55.19.1.el10_0/rebuild.details.txt Includes: * git commit header above * Empty Commits with upstream SHA * RPM ChangeLog Entries that could not be matched Individual Empty Commit failures contained in the same containing directory. The git message for empty commits will have the path for the failed commit. File names are the first 8 characters of the upstream SHA

thefossguy-ciq

🚤

bmastbergen

🥌

PlaidCat added 6 commits July 2, 2025 02:01

PlaidCat requested review from jdieter, juphoff, kerneltoast, bmastbergen, thefossguy-ciq and shreeya-patel98 July 2, 2025 21:06

PlaidCat self-assigned this Jul 2, 2025

thefossguy-ciq approved these changes Jul 3, 2025

View reviewed changes

bmastbergen approved these changes Jul 3, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[rocky10_0] History Rebuild to kernel-6.12.0-55.19.1.el10_0 #394

[rocky10_0] History Rebuild to kernel-6.12.0-55.19.1.el10_0 #394

Uh oh!

PlaidCat commented Jul 2, 2025

Uh oh!

thefossguy-ciq left a comment

Uh oh!

bmastbergen left a comment

Uh oh!

Uh oh!

[rocky10_0] History Rebuild to kernel-6.12.0-55.19.1.el10_0 #394

Are you sure you want to change the base?

[rocky10_0] History Rebuild to kernel-6.12.0-55.19.1.el10_0 #394

Uh oh!

Conversation

PlaidCat commented Jul 2, 2025

Checking Rebuild Commits for potentially missing commits:

kernel-6.12.0-55.19.1.el10_0

Build

KSelfTests

Uh oh!

thefossguy-ciq left a comment

Choose a reason for hiding this comment

Uh oh!

bmastbergen left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!