[rocky8_10] History rebuild for kernel-4.18.0-553.79.1.el8_10 #626

PlaidCat · 2025-10-14T21:29:52Z

General Process:

Download all unprocessed src.rpm
for each src,pm
- Find all commits in changelog up to last known tag ... in this case 4.18.0-553
- Re-play commits in revese order (oldest in change log to newest) with git cherry-pick
- After replay replace ENTIRE code in branch with rpmbuild -bp from corresponding src.rpm.
- Tag Rebuild branch
Do local build with https://github.com/ctrliq/kernel-src-tree/wiki/Kernel-Make,-KABI,-Install,-and-Reboot-script

Checking Rebuild Commits for Potentially missing commits:

kernel-4.18.0-553.78.1.el8_10

6e81cfe

[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-4.18.0-553.78.1.el8_10/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v4.18~1..kernel-mainline: 567757
Number of commits in rpm: 9
Number of commits matched with upstream: 2 (22.22%)
Number of commits in upstream but not in rpm: 567755
Number of commits NOT found in upstream: 7 (77.78%)

Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.78.1.el8_10 for kernel-4.18.0-553.78.1.el8_10
Clean Cherry Picks: 1 (50.00%)
Empty Cherry Picks: 1 (50.00%)
_______________________________

__EMPTY COMMITS__________________________
705c79101ccf9edea5a00d761491a03ced314210 smb: client: fix use-after-free in cifs_oplock_break

__CHANGES NOT IN UPSTREAM________________
Adding prod certs and changed cert date to 20210620
Adding Rocky secure boot certs
Fixing vmlinuz removal
Fixing UEFI CA path
Porting to 8.10, debranding and Rocky branding
Fixing pesign_key_name values
mm/migrate: set swap entry values of THP tail pages properly.

kernel-4.18.0-553.79.1.el8_10

f35ded7

[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-4.18.0-553.78.1.el8_10/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v4.18~1..kernel-mainline: 567757
Number of commits in rpm: 9
Number of commits matched with upstream: 2 (22.22%)
Number of commits in upstream but not in rpm: 567755
Number of commits NOT found in upstream: 7 (77.78%)

Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.78.1.el8_10 for kernel-4.18.0-553.78.1.el8_10
Clean Cherry Picks: 1 (50.00%)
Empty Cherry Picks: 1 (50.00%)
_______________________________

__EMPTY COMMITS__________________________
705c79101ccf9edea5a00d761491a03ced314210 smb: client: fix use-after-free in cifs_oplock_break

__CHANGES NOT IN UPSTREAM________________
Adding prod certs and changed cert date to 20210620
Adding Rocky secure boot certs
Fixing vmlinuz removal
Fixing UEFI CA path
Porting to 8.10, debranding and Rocky branding
Fixing pesign_key_name values
mm/migrate: set swap entry values of THP tail pages properly.
[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-4.18.0-553.79.1.el8_10/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v4.18~1..kernel-mainline: 567757
Number of commits in rpm: 8
Number of commits matched with upstream: 2 (25.00%)
Number of commits in upstream but not in rpm: 567755
Number of commits NOT found in upstream: 6 (75.00%)

Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.79.1.el8_10 for kernel-4.18.0-553.79.1.el8_10
Clean Cherry Picks: 2 (100.00%)
Empty Cherry Picks: 0 (0.00%)
_______________________________

__EMPTY COMMITS__________________________

__CHANGES NOT IN UPSTREAM________________
Adding prod certs and changed cert date to 20210620
Adding Rocky secure boot certs
Fixing vmlinuz removal
Fixing UEFI CA path
Porting to 8.10, debranding and Rocky branding
Fixing pesign_key_name values

Build

[jmaple@devbox code]$ egrep -B 5 -A 5 "\[TIMER\]|^Starting Build" $(ls -t kbuild* | head -n1)
/mnt/code/kernel-src-tree-build
Running make mrproper...
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
[TIMER]{MRPROPER}: 5s
x86_64 architecture detected, copying config
'configs/kernel-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rocky8_10_rebuild-f35ded7732d4"
Making olddefconfig
--
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf  --syncconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_64_x32.h
  SYSTBL  arch/x86/include/generated/asm/syscalls_64.h
--
  LD [M]  sound/usb/usx2y/snd-usb-usx2y.ko
  LD [M]  sound/virtio/virtio_snd.ko
  LD [M]  sound/x86/snd-hdmi-lpe-audio.ko
  LD [M]  sound/xen/snd_xen_front.ko
  LD [M]  virt/lib/irqbypass.ko
[TIMER]{BUILD}: 1481s
Making Modules
  INSTALL arch/x86/crypto/blowfish-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx2.ko
  INSTALL arch/x86/crypto/camellia-x86_64.ko
--
  INSTALL sound/virtio/virtio_snd.ko
  INSTALL sound/x86/snd-hdmi-lpe-audio.ko
  INSTALL sound/xen/snd_xen_front.ko
  INSTALL virt/lib/irqbypass.ko
  DEPMOD  4.18.0-rocky8_10_rebuild-f35ded7732d4+
[TIMER]{MODULES}: 19s
Making Install
sh ./arch/x86/boot/install.sh 4.18.0-rocky8_10_rebuild-f35ded7732d4+ arch/x86/boot/bzImage \
        System.map "/boot"
[TIMER]{INSTALL}: 20s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-4.18.0-rocky8_10_rebuild-f35ded7732d4+ and Index to 2
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 5s
[TIMER]{BUILD}: 1481s
[TIMER]{MODULES}: 19s
[TIMER]{INSTALL}: 20s
[TIMER]{TOTAL} 1531s
Rebooting in 10 seconds

KselfTests

[jmaple@devbox code]$ ~/workspace/auto_kernel_history_rebuild/Rocky10/rocky10/code/get_kselftest_diff.sh
kselftest.4.18.0-rocky8_10_rebuild-259a119c67fe+.log
206
kselftest.4.18.0-rocky8_10_rebuild-9adc78b934b8+.log
207
kselftest.4.18.0-rocky8_10_rebuild-6e81cfe76a48+.log
207
kselftest.4.18.0-rocky8_10_rebuild-f35ded7732d4+.log
207
Before: kselftest.4.18.0-rocky8_10_rebuild-6e81cfe76a48+.log
After: kselftest.4.18.0-rocky8_10_rebuild-f35ded7732d4+.log
Diff:
No differences found.

jira LE-4375 cve CVE-2025-39730 Rebuild_History Non-Buildable kernel-4.18.0-553.78.1.el8_10 commit-author Trond Myklebust <[email protected]> commit ef93a68 The function needs to check the minimal filehandle length before it can access the embedded filehandle. Reported-by: zhangjian <[email protected]> Fixes: 20fa190 ("nfs: add export operations") Signed-off-by: Trond Myklebust <[email protected]> (cherry picked from commit ef93a68) Signed-off-by: Jonathan Maple <[email protected]>

jira LE-4375 cve CVE-2025-38527 Rebuild_History Non-Buildable kernel-4.18.0-553.78.1.el8_10 commit-author Wang Zhaolong <[email protected]> commit 705c791 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-4.18.0-553.78.1.el8_10/705c7910.failed A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileInfo_put(cfile) cifsFileInfo_put_final() cifs_sb_deactive() [last ref, start releasing sb] kill_sb() kill_anon_super() generic_shutdown_super() evict_inodes() dispose_list() evict() destroy_inode() call_rcu(&inode->i_rcu, i_callback) spin_lock(&cinode->open_file_lock) <- OK [later] i_callback() cifs_free_inode() kmem_cache_free(cinode) spin_unlock(&cinode->open_file_lock) <- UAF cifs_done_oplock_break(cinode) <- UAF The issue occurs when umount has already released its reference to the superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this releases the last reference, triggering the immediate cleanup of all inodes under RCU. However, cifs_oplock_break() continues to access the cinode after this point, resulting in use-after-free. Fix this by holding an extra reference to the superblock during the entire oplock break operation. This ensures that the superblock and its inodes remain valid until the oplock break completes. Link: https://bugzilla.kernel.org/show_bug.cgi?id=220309 Fixes: b98749c ("CIFS: keep FileInfo handle live during oplock break") Reviewed-by: Paulo Alcantara (Red Hat) <[email protected]> Signed-off-by: Wang Zhaolong <[email protected]> Signed-off-by: Steve French <[email protected]> (cherry picked from commit 705c791) Signed-off-by: Jonathan Maple <[email protected]> # Conflicts: # fs/cifs/file.c

Rebuild_History BUILDABLE Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% Number of commits in upstream range v4.18~1..kernel-mainline: 567757 Number of commits in rpm: 9 Number of commits matched with upstream: 2 (22.22%) Number of commits in upstream but not in rpm: 567755 Number of commits NOT found in upstream: 7 (77.78%) Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.78.1.el8_10 for kernel-4.18.0-553.78.1.el8_10 Clean Cherry Picks: 1 (50.00%) Empty Cherry Picks: 1 (50.00%) _______________________________ Full Details Located here: ciq/ciq_backports/kernel-4.18.0-553.78.1.el8_10/rebuild.details.txt Includes: * git commit header above * Empty Commits with upstream SHA * RPM ChangeLog Entries that could not be matched Individual Empty Commit failures contained in the same containing directory. The git message for empty commits will have the path for the failed commit. File names are the first 8 characters of the upstream SHA

jira LE-4405 cve CVE-2022-50228 Rebuild_History Non-Buildable kernel-4.18.0-553.79.1.el8_10 commit-author Maciej S. Szmigiero <[email protected]> commit f17c31c Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct for KVM internally generated injections). kernel BUG at arch/x86/kvm/svm/svm.c:3386! invalid opcode: 0000 [#1] SMP CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd] Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53 RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0 RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000 FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0 Call Trace: <TASK> inject_pending_event+0x2f7/0x4c0 [kvm] kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm] kvm_vcpu_ioctl+0x26d/0x650 [kvm] __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae </TASK> Fixes: 219b65d ("KVM: SVM: Improve nested interrupt injection") Cc: [email protected] Co-developed-by: Sean Christopherson <[email protected]> Signed-off-by: Sean Christopherson <[email protected]> Signed-off-by: Maciej S. Szmigiero <[email protected]> Message-Id: <35426af6e123cbe91ec7ce5132ce72521f02b1b5.1651440202.git.maciej.szmigiero@oracle.com> Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit f17c31c) Signed-off-by: Jonathan Maple <[email protected]>

jira LE-4405 cve CVE-2023-53305 Rebuild_History Non-Buildable kernel-4.18.0-553.79.1.el8_10 commit-author Zhengping Jiang <[email protected]> commit f752a0b Fix potential use-after-free in l2cap_le_command_rej. Signed-off-by: Zhengping Jiang <[email protected]> Signed-off-by: Luiz Augusto von Dentz <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]> (cherry picked from commit f752a0b) Signed-off-by: Jonathan Maple <[email protected]>

Rebuild_History BUILDABLE Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% Number of commits in upstream range v4.18~1..kernel-mainline: 567757 Number of commits in rpm: 8 Number of commits matched with upstream: 2 (25.00%) Number of commits in upstream but not in rpm: 567755 Number of commits NOT found in upstream: 6 (75.00%) Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.79.1.el8_10 for kernel-4.18.0-553.79.1.el8_10 Clean Cherry Picks: 2 (100.00%) Empty Cherry Picks: 0 (0.00%) _______________________________ Full Details Located here: ciq/ciq_backports/kernel-4.18.0-553.79.1.el8_10/rebuild.details.txt Includes: * git commit header above * Empty Commits with upstream SHA * RPM ChangeLog Entries that could not be matched Individual Empty Commit failures contained in the same containing directory. The git message for empty commits will have the path for the failed commit. File names are the first 8 characters of the upstream SHA

PlaidCat added 6 commits October 11, 2025 06:01

PlaidCat requested a review from a team October 14, 2025 21:29

PlaidCat self-assigned this Oct 14, 2025

jdieter approved these changes Oct 15, 2025

View reviewed changes

shreeya-patel98 approved these changes Oct 15, 2025

View reviewed changes

PlaidCat merged commit f35ded7 into rocky8_10 Oct 15, 2025
2 checks passed

PlaidCat deleted the rocky8_10_rebuild branch October 15, 2025 14:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[rocky8_10] History rebuild for kernel-4.18.0-553.79.1.el8_10 #626

[rocky8_10] History rebuild for kernel-4.18.0-553.79.1.el8_10 #626

Uh oh!

PlaidCat commented Oct 14, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

[rocky8_10] History rebuild for kernel-4.18.0-553.79.1.el8_10 #626

[rocky8_10] History rebuild for kernel-4.18.0-553.79.1.el8_10 #626

Uh oh!

Conversation

PlaidCat commented Oct 14, 2025

Checking Rebuild Commits for Potentially missing commits:

kernel-4.18.0-553.78.1.el8_10

kernel-4.18.0-553.79.1.el8_10

Build

KselfTests

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants