1
0
forked from rpms/kernel

kernel-5.14.0-385.el9

* Mon Nov 13 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-385.el9]
- s390/qdio: fix do_sqbs() inline assembly constraint (Tobias Huschle) [RHEL-11201]
- s390/lcs: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
- s390/lcs: Convert sprintf to scnprintf (Tobias Huschle) [RHEL-11201]
- s390/ctcm: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
- s390/ctcm: Convert sprintf/snprintf to scnprintf (Tobias Huschle) [RHEL-11201]
- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-11201]
- s390/lcs: Remove FDDI option (Tobias Huschle) [RHEL-11201]
- nd_btt: Make BTT lanes preemptible (Tomas Glozar) [RHEL-9172]
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) [RHEL-15417]
- Revert "rcu: Permit start_poll_synchronize_rcu_expedited() to be invoked early" (Čestmír Kalina) [RHEL-14709]
- scsi: sd: Remove the number of forward declarations (Ewan D. Milne) [RHEL-14312]
- scsi: core: Report error list information in debugfs (Ewan D. Milne) [RHEL-14312]
- scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Remove unused extern declarations (Ewan D. Milne) [RHEL-14312]
- scsi: core: Fix legacy /proc parsing buffer overflow (Ewan D. Milne) [RHEL-14312]
- scsi: sd_zbc: Set zone limits before revalidating zones (Ewan D. Milne) [RHEL-14312]
- scsi: core: Improve warning message in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Replace scsi_target_block() with scsi_block_targets() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Don't wait for quiesce in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Don't wait for quiesce in scsi_stop_queue() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Merge scsi_internal_device_block() and device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: sg: Increase number of devices (Ewan D. Milne) [RHEL-14312]
- scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT (Ewan D. Milne) [RHEL-14312]
- scsi: core: Support setting BLK_MQ_F_BLOCKING (Ewan D. Milne) [RHEL-14312]
- scsi: core: Rework scsi_host_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Only kick the requeue list if necessary (Ewan D. Milne) [RHEL-14312]
- scsi: core: Use min() instead of open-coding it (Ewan D. Milne) [RHEL-14312]
- scsi: scsi_transport_fc: Remove unused 'desc_cnt' variable (Ewan D. Milne) [RHEL-14312]
- scsi: sr: Simplify the sr_open() function (Ewan D. Milne) [RHEL-14312]
- scsi: core: Improve scsi_vpd_inquiry() checks (Ewan D. Milne) [RHEL-14312]
- scsi: core: Fix a procfs host directory removal regression (Ewan D. Milne) [RHEL-14312]
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (Ewan D. Milne) [RHEL-14312]
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (Ewan D. Milne) [RHEL-14312]
- tcp: fix delayed ACKs for MSS boundary condition (Paolo Abeni) [RHEL-14348]
- tcp: fix quick-ack counting to count actual ACKs of new data (Paolo Abeni) [RHEL-14348]
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Paolo Abeni) [RHEL-14348]
- net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Paolo Abeni) [RHEL-14348]
- tcp: gso: really support BIG TCP (Paolo Abeni) [RHEL-14348]
- tcp: fix mishandling when the sack compression is deferred. (Paolo Abeni) [RHEL-14348]
- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-13881]
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Jose Ignacio Tornos Martinez) [RHEL-6358] {CVE-2023-31083}
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-8594] {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-8594] {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-8594] {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Add objtool_types.h (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Fix SEGFAULT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- livepatch: Make 'klp_stack_entries' static (Ryan Sullivan) [RHEL-2768]
- livepatch: Convert stack entries array to percpu (Ryan Sullivan) [RHEL-2768]
- livepatch: fix ELF typos (Ryan Sullivan) [RHEL-2768]
- livepatch: Make kobj_type structures constant (Ryan Sullivan) [RHEL-2768]
- Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition (Ryan Sullivan) [RHEL-2768]
- module.h: Document klp_modinfo struct using kdoc (Ryan Sullivan) [RHEL-2768]
- livepatch,x86: Clear relocation targets on a module removal (Ryan Sullivan) [RHEL-2768]
- x86/module: remove unused code in __apply_relocate_add (Ryan Sullivan) [RHEL-2768]
Resolves: RHEL-7056, RHEL-11201, RHEL-13881, RHEL-14312, RHEL-14114, RHEL-14348, RHEL-14709, RHEL-15417, RHEL-2768, RHEL-6358, RHEL-8594, RHEL-9172

Signed-off-by: Jan Stancek <jstancek@redhat.com>
This commit is contained in:
Jan Stancek 2023-11-13 10:48:05 +01:00
parent 8c61637379
commit 5984d5bc43
7 changed files with 133 additions and 8 deletions

View File

@ -12,7 +12,7 @@ RHEL_MINOR = 4
# #
# Use this spot to avoid future merge conflicts. # Use this spot to avoid future merge conflicts.
# Do not trim this comment. # Do not trim this comment.
RHEL_RELEASE = 384 RHEL_RELEASE = 385
# #
# ZSTREAM # ZSTREAM

View File

@ -801,6 +801,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_KUNIT_TEST=m
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
CONFIG_CPUSETS=y CONFIG_CPUSETS=y
CONFIG_CPU_SRSO=y
# CONFIG_CPU_THERMAL is not set # CONFIG_CPU_THERMAL is not set
CONFIG_CPU_UNRET_ENTRY=y CONFIG_CPU_UNRET_ENTRY=y
# CONFIG_CRAMFS is not set # CONFIG_CRAMFS is not set

View File

@ -801,6 +801,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_KUNIT_TEST=m
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
CONFIG_CPUSETS=y CONFIG_CPUSETS=y
CONFIG_CPU_SRSO=y
# CONFIG_CPU_THERMAL is not set # CONFIG_CPU_THERMAL is not set
CONFIG_CPU_UNRET_ENTRY=y CONFIG_CPU_UNRET_ENTRY=y
# CONFIG_CRAMFS is not set # CONFIG_CRAMFS is not set

View File

@ -816,6 +816,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_KUNIT_TEST=m
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
CONFIG_CPUSETS=y CONFIG_CPUSETS=y
CONFIG_CPU_SRSO=y
# CONFIG_CPU_THERMAL is not set # CONFIG_CPU_THERMAL is not set
CONFIG_CPU_UNRET_ENTRY=y CONFIG_CPU_UNRET_ENTRY=y
# CONFIG_CRAMFS is not set # CONFIG_CRAMFS is not set

View File

@ -816,6 +816,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_KUNIT_TEST=m
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
CONFIG_CPUSETS=y CONFIG_CPUSETS=y
CONFIG_CPU_SRSO=y
# CONFIG_CPU_THERMAL is not set # CONFIG_CPU_THERMAL is not set
CONFIG_CPU_UNRET_ENTRY=y CONFIG_CPU_UNRET_ENTRY=y
# CONFIG_CRAMFS is not set # CONFIG_CRAMFS is not set

View File

@ -165,15 +165,15 @@ Summary: The Linux kernel
# define buildid .local # define buildid .local
%define specversion 5.14.0 %define specversion 5.14.0
%define patchversion 5.14 %define patchversion 5.14
%define pkgrelease 384 %define pkgrelease 385
%define kversion 5 %define kversion 5
%define tarfile_release 5.14.0-384.el9 %define tarfile_release 5.14.0-385.el9
# This is needed to do merge window version magic # This is needed to do merge window version magic
%define patchlevel 14 %define patchlevel 14
# This allows pkg_release to have configurable %%{?dist} tag # This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 384%{?buildid}%{?dist} %define specrelease 385%{?buildid}%{?dist}
# This defines the kabi tarball version # This defines the kabi tarball version
%define kabiversion 5.14.0-384.el9 %define kabiversion 5.14.0-385.el9
# #
# End of genspec.sh variables # End of genspec.sh variables
@ -3745,6 +3745,127 @@ fi
# #
# #
%changelog %changelog
* Mon Nov 13 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-385.el9]
- s390/qdio: fix do_sqbs() inline assembly constraint (Tobias Huschle) [RHEL-11201]
- s390/lcs: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
- s390/lcs: Convert sprintf to scnprintf (Tobias Huschle) [RHEL-11201]
- s390/ctcm: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
- s390/ctcm: Convert sprintf/snprintf to scnprintf (Tobias Huschle) [RHEL-11201]
- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-11201]
- s390/lcs: Remove FDDI option (Tobias Huschle) [RHEL-11201]
- nd_btt: Make BTT lanes preemptible (Tomas Glozar) [RHEL-9172]
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) [RHEL-15417]
- Revert "rcu: Permit start_poll_synchronize_rcu_expedited() to be invoked early" (Čestmír Kalina) [RHEL-14709]
- scsi: sd: Remove the number of forward declarations (Ewan D. Milne) [RHEL-14312]
- scsi: core: Report error list information in debugfs (Ewan D. Milne) [RHEL-14312]
- scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Remove unused extern declarations (Ewan D. Milne) [RHEL-14312]
- scsi: core: Fix legacy /proc parsing buffer overflow (Ewan D. Milne) [RHEL-14312]
- scsi: sd_zbc: Set zone limits before revalidating zones (Ewan D. Milne) [RHEL-14312]
- scsi: core: Improve warning message in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Replace scsi_target_block() with scsi_block_targets() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Don't wait for quiesce in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Don't wait for quiesce in scsi_stop_queue() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Merge scsi_internal_device_block() and device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: sg: Increase number of devices (Ewan D. Milne) [RHEL-14312]
- scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT (Ewan D. Milne) [RHEL-14312]
- scsi: core: Support setting BLK_MQ_F_BLOCKING (Ewan D. Milne) [RHEL-14312]
- scsi: core: Rework scsi_host_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Only kick the requeue list if necessary (Ewan D. Milne) [RHEL-14312]
- scsi: core: Use min() instead of open-coding it (Ewan D. Milne) [RHEL-14312]
- scsi: scsi_transport_fc: Remove unused 'desc_cnt' variable (Ewan D. Milne) [RHEL-14312]
- scsi: sr: Simplify the sr_open() function (Ewan D. Milne) [RHEL-14312]
- scsi: core: Improve scsi_vpd_inquiry() checks (Ewan D. Milne) [RHEL-14312]
- scsi: core: Fix a procfs host directory removal regression (Ewan D. Milne) [RHEL-14312]
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (Ewan D. Milne) [RHEL-14312]
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (Ewan D. Milne) [RHEL-14312]
- tcp: fix delayed ACKs for MSS boundary condition (Paolo Abeni) [RHEL-14348]
- tcp: fix quick-ack counting to count actual ACKs of new data (Paolo Abeni) [RHEL-14348]
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Paolo Abeni) [RHEL-14348]
- net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Paolo Abeni) [RHEL-14348]
- tcp: gso: really support BIG TCP (Paolo Abeni) [RHEL-14348]
- tcp: fix mishandling when the sack compression is deferred. (Paolo Abeni) [RHEL-14348]
- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-13881]
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Jose Ignacio Tornos Martinez) [RHEL-6358] {CVE-2023-31083}
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-8594] {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-8594] {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-8594] {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Add objtool_types.h (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Fix SEGFAULT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- livepatch: Make 'klp_stack_entries' static (Ryan Sullivan) [RHEL-2768]
- livepatch: Convert stack entries array to percpu (Ryan Sullivan) [RHEL-2768]
- livepatch: fix ELF typos (Ryan Sullivan) [RHEL-2768]
- livepatch: Make kobj_type structures constant (Ryan Sullivan) [RHEL-2768]
- Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition (Ryan Sullivan) [RHEL-2768]
- module.h: Document klp_modinfo struct using kdoc (Ryan Sullivan) [RHEL-2768]
- livepatch,x86: Clear relocation targets on a module removal (Ryan Sullivan) [RHEL-2768]
- x86/module: remove unused code in __apply_relocate_add (Ryan Sullivan) [RHEL-2768]
* Thu Nov 09 2023 Scott Weaver <scweaver@redhat.com> [5.14.0-384.el9] * Thu Nov 09 2023 Scott Weaver <scweaver@redhat.com> [5.14.0-384.el9]
- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717} - perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717}
- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717} - perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717}

View File

@ -1,3 +1,3 @@
SHA512 (linux-5.14.0-384.el9.tar.xz) = cc49819f6a6afdb402eb49717cebfd757d9b84b864657b5e123ed0df3015dae1736ffa04d1ac5275885850f76f383e2fdbc06e05b8be4c851cfd1b1da940185d SHA512 (linux-5.14.0-385.el9.tar.xz) = 5bf2d56172efd2c678c689058a750c874a3a2731ec639d1710e240603a5b3b619766704f703b060df8644028e3a803472459f553808f93faa963dd09e5fd7a2b
SHA512 (kernel-abi-stablelists-5.14.0-384.el9.tar.bz2) = 7212da35f24714dd8896d7a4b2325f66b3960951c04514003f42cacf901979646de19e0fdafb8cf93f29d61e4e7187f3f3fee3dd48f28b4fce4bf18a1f4b49ef SHA512 (kernel-abi-stablelists-5.14.0-385.el9.tar.bz2) = baf9c2bfb843a2c950bf1c3578d87bfdd6946c388f41650e74de3e43321b91f954280ca62bd372840a5ec47c58a84167e43445c2ae99904a54dfd51d30526670
SHA512 (kernel-kabi-dw-5.14.0-384.el9.tar.bz2) = b15bbc7c73df4809ffc16239984ea731c8ae1f233ce2a857cbe5bf7ad23a38c373c9db2cdb6552bd41eed27c6a9fbcfb30d1a3d4d1f3e2f7ed03cc56a8b778fc SHA512 (kernel-kabi-dw-5.14.0-385.el9.tar.bz2) = 3bc50566f89eafd18aedadb1739f8c9736a61870fa7af0bc1c29c06653187e010a389ccdac85b7263245c689ed1da15bce42a54110f21e7ae9619db9d279e6b5