From c331c4d2bc4df52e9b9e87cc3b8b97a49862adaf Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Fri, 18 Apr 2025 09:56:53 +0800
Subject: [PATCH 1/2] [CVE]update to kernel-4.18.0-553.50.1

to #IC1HCY

update to kernel-4.18.0-553.50.1 for CVE-2024-53150 CVE-2024-53241

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 download                                      |  4 +-
 gating.yaml                                   | 23 ++++----
 kernel.spec                                   | 54 ++++++++++++++++---
 ...es-causes-kernel-compilation-to-fail.patch | 11 ----
 4 files changed, 63 insertions(+), 29 deletions(-)
 delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/download b/download
index b18e6d6..12c4640 100644
--- a/download
+++ b/download
@@ -1,3 +1,3 @@
-31635da7a27932ecbffcbf1146017324  kernel-abi-stablelists-4.18.0-553.tar.bz2
+bd2ec3ec1bacbd9253b0c49893cb63a3  kernel-abi-stablelists-4.18.0-553.tar.bz2
 559191ff3ea6f1f91b7d06563f479e39  kernel-kabi-dw-4.18.0-553.tar.bz2
-69f6504c34c49047f58af485d1c60803  linux-4.18.0-553.46.1.el8_10.tar.xz
+169a38fea8f80333d11aa18237e2aa81  linux-4.18.0-553.50.1.el8_10.tar.xz
diff --git a/gating.yaml b/gating.yaml
index 65c0ef0..7e16237 100644
--- a/gating.yaml
+++ b/gating.yaml
@@ -3,12 +3,17 @@ product_versions:
   - rhel-8
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: cki.tier1-aarch64.functional}
-  - !PassingTestCaseRule {test_case_name: cki.tier1-ppc64le.functional}
-  - !PassingTestCaseRule {test_case_name: cki.tier1-s390x.functional}
-  - !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional}
-  - !PassingTestCaseRule {test_case_name: s1-aws-ci_x86_64.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: s1-aws-ci_aarch64.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: s1-azure-ci_x86_64.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: s1-azure-ci_aarch64.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: s1-gcp-ci.brew-build.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-aarch64.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-debug-x86_64.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-ppc64le.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-s390x.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-x86_64.tier1.functional}
+excluded_packages: [kernel-rt]
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-rt-debug-x86_64.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.kernel-rt-x86_64.tier1.functional}
+packages: [kernel-rt]
diff --git a/kernel.spec b/kernel.spec
index ef6a29a..369b977 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,6 +1,5 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
-%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -39,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.46.1.el8_10
+%define pkgrelease 553.50.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.46.1%{anolis_release}%{?dist}
+%define specrelease 553.50.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -545,7 +544,6 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
-Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1103,7 +1101,6 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
-%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2699,8 +2696,51 @@ fi
 #
 #
 %changelog
-* Thu Mar 27 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.46.1.0.1
-- kernel:repair dwarves causes kernel compilation to fail
+* Thu Apr 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.50.1.el8_10]
+- perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() (Michael Petlan) [RHEL-82119]
+- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Jarod Wilson) [RHEL-86737] {CVE-2024-53150}
+- scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83052]
+- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-85852]
+- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-85852]
+- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-85852]
+
+* Thu Apr 03 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.49.1.el8_10]
+- net/mlx5: Fix error path in multi-packet WQE transmit (CKI Backport Bot) [RHEL-84244]
+- redhat: drop Y issues from changelog (Jan Stancek)
+- md/md-bitmap: fix writing non bitmap changes local to RHEL (Nigel Croxon) [RHEL-80673]
+- md/md-bitmap: fix writing non bitmap pages (Nigel Croxon) [RHEL-80673]
+- md-bitmap: use %%pD to print the file name in md_bitmap_file_kick (Nigel Croxon) [RHEL-80673]
+- md-bitmap: initialize variables at declaration time in md_bitmap_file_unmap (Nigel Croxon) [RHEL-80673]
+- md-bitmap: set BITMAP_WRITE_ERROR in write_sb_page (Nigel Croxon) [RHEL-80673]
+- raid1: update discard granularity when adding new disk (Nigel Croxon) [RHEL-71499]
+- x86/xen: remove hypercall page (Vitaly Kuznetsov) [RHEL-70666] {CVE-2024-53241}
+- x86/xen: use new hypercall functions instead of hypercall page (Vitaly Kuznetsov) [RHEL-70666] {CVE-2024-53241}
+
+* Thu Mar 27 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.48.1.el8_10]
+- rhel-8.10: gate kernel on kernel-qe tests results not cki ones (Bruno Goncalves)
+- gfs2: skip if we cannot defer delete (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: remove redundant warnings (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: minor evict fix (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Prevent inode creation race (2) (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Fix additional unlikely request cancelation race (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Fix request cancelation bug (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Check for empty queue in run_queue (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Remove more dead code in add_to_queue (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: remove dead code in add_to_queue (Su Hui) [RHEL-76208]
+- gfs2: Remove LM_FLAG_PRIORITY flag (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Add GLF_PENDING_REPLY flag (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Remove and replace gfs2_glock_queue_work (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: do_xmote fixes (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Clear flags when withdraw prevents xmote (Bob Peterson) [RHEL-76208]
+- gfs2: fix a deadlock on withdraw-during-mount (Bob Peterson) [RHEL-76208]
+- gfs2: gfs2_evict_inode clarification (Andreas Gruenbacher) [RHEL-76208]
+- gfs2: Remove misleading comments in gfs2_evict_inode (Andreas Gruenbacher) [RHEL-76208]
+
+* Thu Mar 20 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.47.1.el8_10]
+- nfs: don't invalidate dentries on transient errors (Scott Mayhew) [RHEL-78136]
+- ethtool: runtime-resume netdev parent before ethtool ioctl ops (John J Coleman) [RHEL-78156]
+- bpf: Use raw_spinlock_t in ringbuf (Viktor Malik) [RHEL-79911] {CVE-2024-50138}
 
 * Thu Mar 13 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.46.1.el8_10]
 - s390/pci: Fix handling of isolated VFs (Mete Durlu) [RHEL-81934]
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
deleted file mode 100644
index 74f4020..0000000
--- a/repair-dwarves-causes-kernel-compilation-to-fail.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
-+++ Makefile	2023-02-22 15:37:33.069118145 +0800
-@@ -378,7 +378,7 @@
- STRIP		= $(CROSS_COMPILE)strip
- OBJCOPY		= $(CROSS_COMPILE)objcopy
- OBJDUMP		= $(CROSS_COMPILE)objdump
--PAHOLE		= pahole
-+PAHOLE		= pahole --skip_encoding_btf_enum64
- RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
- LEX		= flex
- YACC		= bison
-- 
Gitee


From 30b404509f65bec00c88e44ecc69bf578e946ab6 Mon Sep 17 00:00:00 2001
From: liuxiaoping <lxp01404969@alibaba-inc.com>
Date: Wed, 22 Feb 2023 15:53:19 +0800
Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail

---
 kernel.spec                                           |  8 +++++++-
 ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/kernel.spec b/kernel.spec
index 369b977..fc58263 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,5 +1,6 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
+%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -41,7 +42,7 @@
 %define pkgrelease 553.50.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.50.1%{?dist}
+%define specrelease 553.50.1%{anolis_release}%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -544,6 +545,7 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
+Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
+%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2696,6 +2699,9 @@ fi
 #
 #
 %changelog
+* Fri Apr 18 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-553.50.1.0.1
+- kernel:repair dwarves causes kernel compilation to fail
+
 * Thu Apr 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.50.1.el8_10]
 - perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() (Michael Petlan) [RHEL-82119]
 - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Jarod Wilson) [RHEL-86737] {CVE-2024-53150}
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
new file mode 100644
index 0000000..74f4020
--- /dev/null
+++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch
@@ -0,0 +1,11 @@
+--- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
++++ Makefile	2023-02-22 15:37:33.069118145 +0800
+@@ -378,7 +378,7 @@
+ STRIP		= $(CROSS_COMPILE)strip
+ OBJCOPY		= $(CROSS_COMPILE)objcopy
+ OBJDUMP		= $(CROSS_COMPILE)objdump
+-PAHOLE		= pahole
++PAHOLE		= pahole --skip_encoding_btf_enum64
+ RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
+ LEX		= flex
+ YACC		= bison
-- 
Gitee