[rocky10_1] History Rebuild to kernel-6.12.0-124.21.1.el10_1 #784

PlaidCat · 2025-12-20T00:29:54Z

Download all unprocessed src.rpm
for each src,pm
- Find all commits in changelog up to last known tag ... in this case 6.12.0-124
- Re-play commits in reverse order (oldest in change log to newest) with git cherry-pick
- After replay replace ENTIRE code in branch with rpmbuild -bp from corresponding src.rpm.
- Tag Rebuild branch

Checking Rebuild Commits for potentially missing commits:

kernel-6.12.0-124.21.1.el10_1

[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 79692
Number of commits in rpm: 5
Number of commits matched with upstream: 2 (40.00%)
Number of commits in upstream but not in rpm: 79690
Number of commits NOT found in upstream: 3 (60.00%)

Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.21.1.el10_1 for kernel-6.12.0-124.21.1.el10_1
Clean Cherry Picks: 1 (50.00%)
Empty Cherry Picks: 1 (50.00%)
_______________________________

__EMPTY COMMITS__________________________
c28f922c9dcee0e4876a2c095939d77fe7e15116 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

__CHANGES NOT IN UPSTREAM________________
Porting to Rocky Linux 10, debranding and Rocky Linux branding'
Add partial riscv64 support for build root'
Provide basic VisionFive 2 support'

Build

[jmaple@devbox code]$ egrep -B 5 -A 5 "\[TIMER\]|^Starting Build" $(ls -t kbuild* | head -n1)
/mnt/code/kernel-src-tree-build
Running make mrproper...
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
  CLEAN   include/config include/generated
[TIMER]{MRPROPER}: 6s
x86_64 architecture detected, copying config
'configs/kernel-x86_64-rhel.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rocky10_1_rebuild-245246c9e83e"
Making olddefconfig
--
  HOSTCC  scripts/kconfig/util.o
  HOSTLD  scripts/kconfig/conf
#
# configuration written to .config
#
Starting Build
  GEN     arch/x86/include/generated/asm/orc_hash.h
  WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
  WRAP    arch/x86/include/generated/uapi/asm/errno.h
  WRAP    arch/x86/include/generated/uapi/asm/fcntl.h
  WRAP    arch/x86/include/generated/uapi/asm/ioctl.h
--
  LD [M]  virt/lib/irqbypass.ko
  BTF [M] net/hsr/hsr.ko
  BTF [M] net/qrtr/qrtr.ko
  BTF [M] net/qrtr/qrtr-mhi.ko
  BTF [M] virt/lib/irqbypass.ko
[TIMER]{BUILD}: 1950s
Making Modules
  SYMLINK /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/build
  INSTALL /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/modules.order
  INSTALL /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/modules.builtin
  INSTALL /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/modules.builtin.modinfo
--
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/kernel/virt/lib/irqbypass.ko
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/kernel/net/qrtr/qrtr-mhi.ko
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/kernel/net/qrtr/qrtr.ko
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+/kernel/net/rfkill/rfkill.ko
  DEPMOD  /lib/modules/6.12.0-rocky10_1_rebuild-245246c9e83e+
[TIMER]{MODULES}: 11s
Making Install
  INSTALL /boot
[TIMER]{INSTALL}: 16s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-6.12.0-rocky10_1_rebuild-245246c9e83e+ and Index to 2
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 6s
[TIMER]{BUILD}: 1950s
[TIMER]{MODULES}: 11s
[TIMER]{INSTALL}: 16s
[TIMER]{TOTAL} 1988s
Rebooting in 10 seconds

KSelfTests

[jmaple@devbox code]$ ~/workspace/auto_kernel_history_rebuild/Rocky10/rocky10/code/get_kselftest_diff.sh
kselftest.6.12.0-rocky10_1_rebuild-b4012b5e082b+.log
459
kselftest.6.12.0-rocky10_1_rebuild-9d275943aea7+.log
459
kselftest.6.12.0-rocky10_1_rebuild-9d22118ca70f+.log
458
kselftest.6.12.0-rocky10_1_rebuild-245246c9e83e+.log
459
Before: kselftest.6.12.0-rocky10_1_rebuild-9d22118ca70f+.log
After: kselftest.6.12.0-rocky10_1_rebuild-245246c9e83e+.log
Diff:
+ok 2 selftests: seccomp: seccomp_benchmark
-ok 7 selftests: timers: raw_skew # SKIP
+ok 7 selftests: timers: raw_skew

jira KERNEL-386 cve CVE-2025-39984 Rebuild_History Non-Buildable kernel-6.12.0-124.21.1.el10_1 commit-author Wang Liang <wangliang74@huawei.com> commit 1091860 The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in napi_frags_skb net/core/gro.c:723 [inline] BUG: KASAN: slab-use-after-free in napi_gro_frags+0x6e/0x1030 net/core/gro.c:758 Read of size 8 at addr ffff88802ef22c18 by task syz.0.17/6079 CPU: 0 UID: 0 PID: 6079 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 skb_reset_mac_header include/linux/skbuff.h:3150 [inline] napi_frags_skb net/core/gro.c:723 [inline] napi_gro_frags+0x6e/0x1030 net/core/gro.c:758 tun_get_user+0x28cb/0x3e20 drivers/net/tun.c:1920 tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 6079: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:330 [inline] __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:558 kasan_mempool_unpoison_object include/linux/kasan.h:388 [inline] napi_skb_cache_get+0x37b/0x6d0 net/core/skbuff.c:295 __alloc_skb+0x11e/0x2d0 net/core/skbuff.c:657 napi_alloc_skb+0x84/0x7d0 net/core/skbuff.c:811 napi_get_frags+0x69/0x140 net/core/gro.c:673 tun_napi_alloc_frags drivers/net/tun.c:1404 [inline] tun_get_user+0x77c/0x3e20 drivers/net/tun.c:1784 tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 6079: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:243 [inline] __kasan_slab_free+0x5b/0x80 mm/kasan/common.c:275 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2422 [inline] slab_free mm/slub.c:4695 [inline] kmem_cache_free+0x18f/0x400 mm/slub.c:4797 skb_pp_cow_data+0xdd8/0x13e0 net/core/skbuff.c:969 netif_skb_check_for_xdp net/core/dev.c:5390 [inline] netif_receive_generic_xdp net/core/dev.c:5431 [inline] do_xdp_generic+0x699/0x11a0 net/core/dev.c:5499 tun_get_user+0x2523/0x3e20 drivers/net/tun.c:1872 tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f After commit e6d5dbd ("xdp: add multi-buff support for xdp running in generic mode"), the original skb may be freed in skb_pp_cow_data() when XDP program was attached, which was allocated in tun_napi_alloc_frags(). However, the napi->skb still point to the original skb, update it after XDP process. Reported-by: syzbot+64e24275ad95a915a313@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=64e24275ad95a915a313 Fixes: e6d5dbd ("xdp: add multi-buff support for xdp running in generic mode") Signed-off-by: Wang Liang <wangliang74@huawei.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Link: https://patch.msgid.link/20250917113919.3991267-1-wangliang74@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 1091860) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

…ight userns jira KERNEL-386 cve CVE-2025-38499 Rebuild_History Non-Buildable kernel-6.12.0-124.21.1.el10_1 Rebuild_CHGLOG: - CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129282] {CVE-2025-38499} Rebuild_FUZZ: 87.43% commit-author Al Viro <viro@zeniv.linux.org.uk> commit c28f922 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/c28f922c.failed What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above. Reviewed-by: Christian Brauner <brauner@kernel.org> Reported-by: "Orlando, Noah" <Noah.Orlando@deshaw.com> Fixes: 427215d ("ovl: prevent private clone if bind mount is not allowed") Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit c28f922) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # fs/namespace.c

Rebuild_History BUILDABLE Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% Number of commits in upstream range v6.12~1..kernel-mainline: 79692 Number of commits in rpm: 5 Number of commits matched with upstream: 2 (40.00%) Number of commits in upstream but not in rpm: 79690 Number of commits NOT found in upstream: 3 (60.00%) Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.21.1.el10_1 for kernel-6.12.0-124.21.1.el10_1 Clean Cherry Picks: 1 (50.00%) Empty Cherry Picks: 1 (50.00%) _______________________________ Full Details Located here: ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/rebuild.details.txt Includes: * git commit header above * Empty Commits with upstream SHA * RPM ChangeLog Entries that could not be matched Individual Empty Commit failures contained in the same containing directory. The git message for empty commits will have the path for the failed commit. File names are the first 8 characters of the upstream SHA

PlaidCat added 3 commits December 19, 2025 16:07

PlaidCat requested review from a team December 20, 2025 00:29

PlaidCat self-assigned this Dec 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[rocky10_1] History Rebuild to kernel-6.12.0-124.21.1.el10_1 #784

[rocky10_1] History Rebuild to kernel-6.12.0-124.21.1.el10_1 #784

Uh oh!

PlaidCat commented Dec 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

[rocky10_1] History Rebuild to kernel-6.12.0-124.21.1.el10_1 #784

Are you sure you want to change the base?

[rocky10_1] History Rebuild to kernel-6.12.0-124.21.1.el10_1 #784

Uh oh!

Conversation

PlaidCat commented Dec 20, 2025

Checking Rebuild Commits for potentially missing commits:

kernel-6.12.0-124.21.1.el10_1

Build

KSelfTests

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants