Rebuild rocky8_10 with kernel-4.18.0-553.82.1.el8_10

Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v4.18~1..kernel-mainline: 567757
Number of commits in rpm: 155
Number of commits matched with upstream: 145 (93.55%)
Number of commits in upstream but not in rpm: 567612
Number of commits NOT found in upstream: 10 (6.45%)

Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.82.1.el8_10 for kernel-4.18.0-553.82.1.el8_10
Clean Cherry Picks: 74 (51.03%)
Empty Cherry Picks: 71 (48.97%)
_______________________________

Full Details Located here:
ciq/ciq_backports/kernel-4.18.0-553.82.1.el8_10/rebuild.details.txt

Includes:
* git commit header above
* Empty Commits with upstream SHA
* RPM ChangeLog Entries that could not be matched

Individual Empty Commit failures contained in the same containing directory.
The git message for empty commits will have the path for the failed commit.
File names are the first 8 characters of the upstream SHA

Author: PlaidCat

Documentation/admin-guide/kernel-parameters.txt

@@ -4757,6 +4757,20 @@
 	rhash_entries=	[KNL,NET]
 			Set number of hash buckets for route cache
 
+	rh_waived=
+			Enable waived items in RHEL.
+
+			Some specific features, or security mitigations, can be
+			waived (toggled on/off) on demand in RHEL.  However,
+			waiving any of these items should be used judiciously,
+			as it generally means the system might end up being
+			considered insecure or even out-of-scope for support.
+
+			Format: <item-1>,<item-2>...<item-n>
+
+			Use 'rh_waived' to enable all waived features listed at
+			Documentation/admin-guide/rh-waived-features.rst
+
 	ring3mwait=disable
 			[KNL] Disable ring 3 MONITOR/MWAIT feature on supported
 			CPUs.

Documentation/admin-guide/rh-waived-items.rst

@@ -0,0 +1,35 @@
+.. _rh_waived_items:
+
+====================
+Red Hat Waived Items
+====================
+
+Waived Items is a mechanism offered by Red Hat which allows customers to "waive"
+and utilize features that are not enabled by default as these are considered as
+unmaintained, insecure, rudimentary, or deprecated, but are shipped with the
+RHEL kernel for customer's convinience only.
+Waived Items can range from features that can be enabled on demand to specific
+security mitigations that can be disabled on demand.
+
+To explicitly "waive" any of these items, RHEL offers the ``rh_waived``
+kernel boot parameter. To allow set of waived items, append
+``rh_waived=<item name>,...,<item name>`` to the kernel
+cmdline.
+Appending ``rh_waived=features`` will waive all features listed below,
+and appending ``rh_waived=cves`` will waive all security mitigations
+listed below.
+
+The waived items listed in the next session follow the pattern below:
+
+- item name
+        item description
+
+List of Red Hat Waived Items
+============================
+
+- CVE-2025-38085
+        Waiving this mitigation can help with addressing perceived performace
+        degradation on some workloads utilizing huge-pages [1] at the expense
+        of re-introducing conditions to allow for the data race that leads to
+        the enumerated common vulnerability.
+        [1] https://access.redhat.com/solutions/7132440

Makefile.rhelver

@@ -12,7 +12,7 @@ RHEL_MINOR = 10
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 553.81.1
+RHEL_RELEASE = 553.82.1
 
 #
 # ZSTREAM

ciq/ciq_backports/kernel-4.18.0-553.82.1.el8_10/rebuild.details.txt

@@ -0,0 +1,97 @@
+Rebuild_History BUILDABLE
+Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
+Number of commits in upstream range v4.18~1..kernel-mainline: 567757
+Number of commits in rpm: 155
+Number of commits matched with upstream: 145 (93.55%)
+Number of commits in upstream but not in rpm: 567612
+Number of commits NOT found in upstream: 10 (6.45%)
+
+Rebuilding Kernel on Branch rocky8_10_rebuild_kernel-4.18.0-553.82.1.el8_10 for kernel-4.18.0-553.82.1.el8_10
+Clean Cherry Picks: 74 (51.03%)
+Empty Cherry Picks: 71 (48.97%)
+_______________________________
+
+__EMPTY COMMITS__________________________
+3fcc2b887a1ba4c1f45319cd8c54daa263ecbc36 ext4: refactor ext4_da_map_blocks()
+acf795dc161f3cf481db20f05db4250714e375e5 ext4: convert to exclusive lock while inserting delalloc extents
+8e4e5cdf2fdeb99445a468b6b6436ad79b9ecb30 ext4: factor out a common helper to query extent map
+0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c ext4: check the extent status again before inserting delalloc block
+402e38e6b71f5739119ca3107f375e112d63c7c5 ext4: prevent stale extent cache entries caused by concurrent I/O writeback
+f5456b5d67cf812fd31fe3e130ca216b2e0908e5 gfs2: Clean up revokes on normal withdraws
+e320050eb75e914aa5e12de2a9ab830c9a2ce311 gfs2: No more gfs2_find_jhead caching
+183eea2ee5ba968ca7c31f04a0f01fd3e5c1d014 cifs: reconnect only the connection and not smb session where possible
+080dc5e5656c1cc1cdefb501b9b645a07519f763 cifs: take cifs_tcp_ses_lock for status checks
+1913e1116a3174648cf2e6faedf29204f31cc438 cifs: fix hang on cifs_get_next_mid()
+73f9bfbe3d818bb52266d5c9f3ba57d97842ffe7 cifs: maintain a state machine for tcp/smb/tcon sessions
+bda487ac4bebf871255cc6f23e16f702cea0ca7c cifs: avoid race during socket reconnect between send and recv
+3663c9045f51a7ad635a0785adef07c21b79b560 cifs: check reconnects for channels of active tcons too
+a05885ce13bd5ec9602551e32dfb1a4f26bfa542 cifs: fix the connection state transitions with multichannel
+88b024f556fcd5bf1288c6333016f576cfa5f539 cifs: protect all accesses to chan_* with chan_lock
+8a409cda978e212661b8c032e1b08b3b0b0f9d36 cifs: remove unused variable ses_selected
+c1604da708d345a1ca1cf6a5537d503b14aa4787 cifs: make status checks in version independent callers
+47de760655f329ce4b3d3e6276557220956d8c38 cifs: update tcpStatus during negotiate and sess setup
+ba978e83255a759a4a07257a46ca6396a8b81787 cifs: cifs_ses_mark_for_reconnect should also update reconnect bits
+a81da65fbae6436e1e2f415532b8aacc3274d840 cifs: call cifs_reconnect when a connection is marked
+52492ff5c583036306bc422a83e246c971af387a cifs: call helper functions for marking channels for reconnect
+2a05137a0575b7d1006bdf4c1beeee9e391e22a0 cifs: mark sessions for reconnection in helper function
+e3ee9fb22652f228225c352bd4fabec330cac5f0 smb3: fix incorrect session setup check for multiuser mounts
+dca65818c80cf06e0f08ba2cf94060a5236e73c2 cifs: use a different reconnect helper for non-cifsd threads
+fdf59eb548e51bce81382c39f1a5fd4cb9403b78 smb3: cleanup and clarify status of tree connections
+687127c81ad32c8900a3fedbc7ed8f686ca95855 cifs: fix potential race with cifsd thread
+fb39d30e227233498c8debe6a9fe3e7cf575c85f cifs: force new session setup and tcon for dfs
+1a6a41d4cedd9b302e2200e6f0e3c44dbbe13689 cifs: do not use tcpStatus after negotiate completes
+a96c94481f5993eac2271f9fb4d009b7dc076c24 cifs: fix incorrect use of list iterator after the loop
+dd3cd8709ed5f4ae8998e0cd44c05bd26bc879e8 cifs: use new enum for ses_status
+5752bf645f9dd7db600651f726eb04a97c9f597f cifs: avoid parallel session setups on same channel
+cc391b694ff085f62f133e6b8f864d43a8e69dfd cifs: fix potential deadlock in direct reclaim
+8da33fd11c05b7c64ef6456970f2fce61851806e cifs: avoid deadlocks while updating iface
+af3a6d1018f02c6dc8388f1f3785a559c7ab5961 cifs: update cifs_ses::ip_addr after failover
+50bd7d5a647bdf533575111c5335f49707c2ce2f cifs: fix race condition with delayed threads
+d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8 cifs: avoid use of global locks for high contention data
+aea02fc40a7fa6ac2c16e3c3a6f1d0fd7e6faaba cifs: fix wrong unlock before return from cifs_tree_connect()
+68ed14496b032b0c9ef21b38ee45c6c8f3a18ff1 cifs: remove unused server parameter from calc_smb_size()
+e909d054bdea75ef1ec48c18c5936affdaecbb2c cifs: Fix xid leak in cifs_ses_add_channel()
+23d9b9b757e8007204d8f71448ab55d5ef2ae8e5 cifs: avoid unnecessary iteration of tcp sessions
+25cf01b7c9200d6ace5a59125d8166435dd9dea7 cifs: set correct status of tcon ipc when reconnecting
+39a154fc2d172a3a5865e5a9fa2a2983eb7a99ac cifs: protect access of TCP_Server_Info::{dstaddr,hostname}
+3c0070f54b3128de498c2dd9934a21f0dd867111 cifs: prevent data race in smb2_reconnect()
+0e9bd27b2a635d54665fcc1d6398a5f6aeb6b0cb cifs: get rid of dns resolve worker
+ea90708d3cf3d0d92c02afe445ad463fb3c6bf10 cifs: use the least loaded channel for sending requests
+df57109bd50b9ed6911f3c2aa914189fe4c1fe2c cifs: use tcon allocation functions even for dummy tcon
+e77978de4765229e09c8fabcf4f8419ff367317f cifs: update ip_addr for ses only for primary chan setup
+1bcd548d935a33c6fc58331405eb1b82fd6150de cifs: prevent data race in cifs_reconnect_tcon()
+05ce0448c3f36febd8db0ee0e9e16557f3ab5ee8 cifs: generate signkey for the channel that's reconnecting
+bc962159e8e326af634a506508034a375bf2b858 cifs: avoid race conditions with parallel reconnects
+c24bb1a87dc3f2d77d410eaac2c6a295961bf50e cifs: fix missing unload_nls() in smb2_reconnect()
+6cc041e90c178955219dcee4030bd5423f800f10 cifs: avoid races in parallel reconnects in smb1
+4f5d5b33fc400911d6e1f49095522b361d9cbe13 cifs: double lock in cifs_reconnect_tcon()
+943fb67b090212f1d3789eb7796b1c9045c62fd6 cifs: missing lock when updating session status
+5bff9f741af60b143a5ae73417a8ec47fd5ff2f4 cifs: protect session status check in smb2_reconnect()
+326a8d04f147e2bf393f6f9cdb74126ee6900607 cifs: do all necessary checks for credits within or before locking
+99f280700b4cc02d5f141b8d15f8e9fad0418f65 cifs: fix session state check in reconnect to avoid use-after-free issue
+ff7d80a9f2711bf3d9fe1cfb70b3fd15c50584b7 cifs: fix session state transition to avoid use-after-free issue
+c3326a61cdbf3ce1273d9198b6cbf90965d7e029 cifs: reconnect helper should set reconnect for the right channel
+d9a6d78096056a3cb5c5f07a730ab92f2f9ac4e6 cifs: force interface update before a fresh session setup
+0c51cc6f2cb0108e7d49805f6e089cd85caab279 cifs: handle cases where a channel is closed
+a6d8fb54a515f0546ffdb7870102b1238917e567 cifs: distribute channels across interfaces based on speed
+fa1d0508bdd4a68c5e40f85f635712af8c12f180 cifs: account for primary channel in the interface list
+7257bcf3bdc785eabc4eef1f329a59815b032508 cifs: cifs_chan_is_iface_active should be called with chan_lock held
+78e727e58e54efca4c23863fbd9e16e9d2d83f81 cifs: update iface_last_update on each query-and-update
+24a9799aa8efecd0eb55a75e35f9d8e6400063aa smb: client: fix UAF in smb2_reconnect_server()
+343d7fe6df9e247671440a932b6a73af4fa86d95 smb: client: fix use-after-free of signing key
+c1846893991f3b4ec8a0cc12219ada153f0814d6 cifs: update dstaddr whenever channel iface is updated
+711741f94ac3cf9f4e3aa73aa171e76d188c0819 smb: client: fix potential deadlock when reconnecting channels
+66d590b828b1fd9fa337047ae58fe1c4c6f43609 cifs: deal with the channel loading lag while picking channels
+9d5eff7821f6d70f7d1b4d8a60680fba4de868a7 cifs: reset iface weights when we cannot find a candidate
+
+__CHANGES NOT IN UPSTREAM________________
+Adding prod certs and changed cert date to 20210620
+Adding Rocky secure boot certs
+Fixing vmlinuz removal
+Fixing UEFI CA path
+Porting to 8.10, debranding and Rocky branding
+Fixing pesign_key_name values
+smb: client: fix missing timestamp updates after utime(2)
+mm: hugetlb: conditionally disable tlb_remove_table_sync_one() in huge_pmd_unshare()
+kernel: extend rh_waived to cope better with the CVE mitigations case
+Add support to rh_waived cmdline boot parameter