1
0
forked from rpms/kernel

Compare commits

..

5 Commits

Author SHA1 Message Date
c91222a086 Merge branch 'a9' into a9-ppc64le 2024-02-27 15:31:05 +03:00
a05eef1a2b Fix compilation error 2023-12-07 18:04:09 +03:00
d4e07315a1 Merge branch 'a9' into a9-ppc64le 2023-12-07 16:59:02 +03:00
2bb8a3f5fc Update PPC configs 2023-03-29 19:02:49 +02:00
c8588126da Enable KVM on ppc64le 2023-03-29 18:35:14 +02:00
9 changed files with 232 additions and 287 deletions

6
.gitignore vendored
View File

@ -1,6 +1,6 @@
SOURCES/kernel-abi-stablelists-5.14.0-362.24.1.el9_3.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-362.24.1.el9_3.tar.bz2
SOURCES/linux-5.14.0-362.24.1.el9_3.tar.xz
SOURCES/kernel-abi-stablelists-5.14.0-362.18.1.el9_3.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-362.18.1.el9_3.tar.bz2
SOURCES/linux-5.14.0-362.18.1.el9_3.tar.xz
SOURCES/rheldup3.x509
SOURCES/rhelima.x509
SOURCES/rhelima_centos.x509

View File

@ -1,6 +1,6 @@
6b3b73a0e5ee8afc75ff184e7579cf193d12e333 SOURCES/kernel-abi-stablelists-5.14.0-362.24.1.el9_3.tar.bz2
2dbea40d3654901f0bdc4bb48351f07d4590c1c4 SOURCES/kernel-kabi-dw-5.14.0-362.24.1.el9_3.tar.bz2
aa929675bd46443ba8d0036b9247514be09efc00 SOURCES/linux-5.14.0-362.24.1.el9_3.tar.xz
f823c58b7a797113dec1a2863f3efb9b13a5db01 SOURCES/kernel-abi-stablelists-5.14.0-362.18.1.el9_3.tar.bz2
b1d3fe4cf0e3d6db2cb96fc8dc3ccf21cf29b12d SOURCES/kernel-kabi-dw-5.14.0-362.18.1.el9_3.tar.bz2
4c7324ab3eed522ca5d7e0fcee0bfa891ef73328 SOURCES/linux-5.14.0-362.18.1.el9_3.tar.xz
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509
61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509

View File

@ -1,34 +0,0 @@
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 38ff119ab..11f4b1aab 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -10442,16 +10442,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE]));
switch (data->verdict.code) {
- default:
- switch (data->verdict.code & NF_VERDICT_MASK) {
- case NF_ACCEPT:
- case NF_DROP:
- case NF_QUEUE:
- break;
- default:
- return -EINVAL;
- }
- fallthrough;
+ case NF_ACCEPT:
+ case NF_DROP:
+ case NF_QUEUE:
+ break;
case NFT_CONTINUE:
case NFT_BREAK:
case NFT_RETURN:
@@ -10486,6 +10480,8 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
data->verdict.chain = chain;
break;
+ default:
+ return -EINVAL;
}
desc->len = sizeof(data->verdict);

View File

@ -12,7 +12,7 @@ RHEL_MINOR = 3
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 362.24.1
RHEL_RELEASE = 362.18.1
#
# ZSTREAM

View File

@ -0,0 +1,12 @@
diff -aruN linux-5.14.0-362.8.1.el9_3/arch/powerpc/kvm/book3s_64_vio_hv.c linux-5.14.0-362.8.1.el9_3.alma/arch/powerpc/kvm/book3s_64_vio_hv.c
--- linux-5.14.0-362.8.1.el9_3/arch/powerpc/kvm/book3s_64_vio_hv.c 2023-11-07 20:57:43
+++ linux-5.14.0-362.8.1.el9_3.alma/arch/powerpc/kvm/book3s_64_vio_hv.c 2023-12-07 17:59:41
@@ -488,7 +488,7 @@
/*
* used to check for invalidations in progress
*/
- mmu_seq = kvm->mmu_notifier_seq;
+ mmu_seq = kvm->mmu_invalidate_seq;
smp_rmb();
stt = kvmppc_find_table(vcpu->kvm, liobn);

View File

@ -0,0 +1,190 @@
From eaaaed137eccb9e8f3a88f6297e214f53885196f Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@google.com>
Date: Mon, 6 Dec 2021 20:54:14 +0100
Subject: [PATCH] KVM: PPC: Avoid referencing userspace memory region in
memslot updates
For PPC HV, get the number of pages directly from the new memslot instead
of computing the same from the userspace memory region, and explicitly
check for !DELETE instead of inferring the same when toggling mmio_update.
The motivation for these changes is to avoid referencing the @mem param
so that it can be dropped in a future commit.
No functional change intended.
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Message-Id: <1e97fb5198be25f98ef82e63a8d770c682264cc9.1638817639.git.maciej.szmigiero@oracle.com>
---
arch/powerpc/include/asm/kvm_ppc.h | 4 ----
arch/powerpc/kvm/book3s.c | 6 ++----
arch/powerpc/kvm/book3s_hv.c | 12 +++---------
arch/powerpc/kvm/book3s_pr.c | 2 --
arch/powerpc/kvm/booke.c | 2 --
arch/powerpc/kvm/powerpc.c | 4 ++--
6 files changed, 7 insertions(+), 23 deletions(-)
diff --git a/arch/powerpc/include/asm/kvm_ppc.h b/arch/powerpc/include/asm/kvm_ppc.h
index b01760dd1374df..935c58dc38c493 100644
--- a/arch/powerpc/include/asm/kvm_ppc.h
+++ b/arch/powerpc/include/asm/kvm_ppc.h
@@ -200,12 +200,10 @@ extern void kvmppc_core_destroy_vm(struct kvm *kvm);
extern void kvmppc_core_free_memslot(struct kvm *kvm,
struct kvm_memory_slot *slot);
extern int kvmppc_core_prepare_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
const struct kvm_memory_slot *old,
struct kvm_memory_slot *new,
enum kvm_mr_change change);
extern void kvmppc_core_commit_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change);
@@ -275,12 +273,10 @@ struct kvmppc_ops {
int (*get_dirty_log)(struct kvm *kvm, struct kvm_dirty_log *log);
void (*flush_memslot)(struct kvm *kvm, struct kvm_memory_slot *memslot);
int (*prepare_memory_region)(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
const struct kvm_memory_slot *old,
struct kvm_memory_slot *new,
enum kvm_mr_change change);
void (*commit_memory_region)(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change);
diff --git a/arch/powerpc/kvm/book3s.c b/arch/powerpc/kvm/book3s.c
index 8250e8308674c7..6d525285dbe8f2 100644
--- a/arch/powerpc/kvm/book3s.c
+++ b/arch/powerpc/kvm/book3s.c
@@ -847,21 +847,19 @@ void kvmppc_core_flush_memslot(struct kvm *kvm, struct kvm_memory_slot *memslot)
}
int kvmppc_core_prepare_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
const struct kvm_memory_slot *old,
struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
- return kvm->arch.kvm_ops->prepare_memory_region(kvm, mem, old, new, change);
+ return kvm->arch.kvm_ops->prepare_memory_region(kvm, old, new, change);
}
void kvmppc_core_commit_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
- kvm->arch.kvm_ops->commit_memory_region(kvm, mem, old, new, change);
+ kvm->arch.kvm_ops->commit_memory_region(kvm, old, new, change);
}
bool kvm_unmap_gfn_range(struct kvm *kvm, struct kvm_gfn_range *range)
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index d7594d49d288a3..2b59ecc5f8c698 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4854,15 +4854,12 @@ static void kvmppc_core_free_memslot_hv(struct kvm_memory_slot *slot)
}
static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
const struct kvm_memory_slot *old,
struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
- unsigned long npages = mem->memory_size >> PAGE_SHIFT;
-
if (change == KVM_MR_CREATE) {
- new->arch.rmap = vzalloc(array_size(npages,
+ new->arch.rmap = vzalloc(array_size(new->npages,
sizeof(*new->arch.rmap)));
if (!new->arch.rmap)
return -ENOMEM;
@@ -4874,20 +4871,17 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
}
static void kvmppc_core_commit_memory_region_hv(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
- unsigned long npages = mem->memory_size >> PAGE_SHIFT;
-
/*
- * If we are making a new memslot, it might make
+ * If we are creating or modifying a memslot, it might make
* some address that was previously cached as emulated
* MMIO be no longer emulated MMIO, so invalidate
* all the caches of emulated MMIO translations.
*/
- if (npages)
+ if (change != KVM_MR_DELETE)
atomic64_inc(&kvm->arch.mmio_update);
/*
diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
index ffb559cf25f435..30426e8c8cf66b 100644
--- a/arch/powerpc/kvm/book3s_pr.c
+++ b/arch/powerpc/kvm/book3s_pr.c
@@ -1899,7 +1899,6 @@ static void kvmppc_core_flush_memslot_pr(struct kvm *kvm,
}
static int kvmppc_core_prepare_memory_region_pr(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
const struct kvm_memory_slot *old,
struct kvm_memory_slot *new,
enum kvm_mr_change change)
@@ -1908,7 +1907,6 @@ static int kvmppc_core_prepare_memory_region_pr(struct kvm *kvm,
}
static void kvmppc_core_commit_memory_region_pr(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
diff --git a/arch/powerpc/kvm/booke.c b/arch/powerpc/kvm/booke.c
index 93c2ac2bee0913..53b4c9597c303e 100644
--- a/arch/powerpc/kvm/booke.c
+++ b/arch/powerpc/kvm/booke.c
@@ -1821,7 +1821,6 @@ void kvmppc_core_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot)
}
int kvmppc_core_prepare_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
const struct kvm_memory_slot *old,
struct kvm_memory_slot *new,
enum kvm_mr_change change)
@@ -1830,7 +1829,6 @@ int kvmppc_core_prepare_memory_region(struct kvm *kvm,
}
void kvmppc_core_commit_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot *old,
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index e875874cf8367d..575140ecb23c82 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -703,7 +703,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
- return kvmppc_core_prepare_memory_region(kvm, mem, old, new, change);
+ return kvmppc_core_prepare_memory_region(kvm, old, new, change);
}
void kvm_arch_commit_memory_region(struct kvm *kvm,
@@ -712,7 +712,7 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
const struct kvm_memory_slot *new,
enum kvm_mr_change change)
{
- kvmppc_core_commit_memory_region(kvm, mem, old, new, change);
+ kvmppc_core_commit_memory_region(kvm, old, new, change);
}
void kvm_arch_flush_shadow_memslot(struct kvm *kvm,

View File

@ -2559,7 +2559,12 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
CONFIG_KUNIT=m
CONFIG_KUNIT_TEST=m
CONFIG_KVM_AMD_SEV=y
# CONFIG_KVM_BOOK3S_64 is not set
CONFIG_KVM_BOOK3S_64=m
CONFIG_KVM_BOOK3S_64_HV=m
# CONFIG_KVM_BOOK3S_64_PR is not set
# CONFIG_KVM_BOOK3S_HV_EXIT_TIMING is not set
CONFIG_KVM_BOOK3S_PR_POSSIBLE=y
CONFIG_KVM_XICS=y
CONFIG_KVM_GUEST=y
CONFIG_KVM_SMM=y
# CONFIG_KVM_XEN is not set

View File

@ -2539,7 +2539,12 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
CONFIG_KUNIT=m
CONFIG_KUNIT_TEST=m
CONFIG_KVM_AMD_SEV=y
# CONFIG_KVM_BOOK3S_64 is not set
CONFIG_KVM_BOOK3S_64=m
CONFIG_KVM_BOOK3S_64_HV=m
# CONFIG_KVM_BOOK3S_64_PR is not set
# CONFIG_KVM_BOOK3S_HV_EXIT_TIMING is not set
CONFIG_KVM_BOOK3S_PR_POSSIBLE=y
CONFIG_KVM_XICS=y
CONFIG_KVM_GUEST=y
CONFIG_KVM_SMM=y
# CONFIG_KVM_XEN is not set

View File

@ -161,16 +161,15 @@ Summary: The Linux kernel
# define buildid .local
%define specversion 5.14.0
%define patchversion 5.14
%define pkgrelease 362.24.2
%define pkgrelease 362.18.1
%define kversion 5
%define tarfile_release 5.14.0-362.24.1.el9_3
%define tarfile_release 5.14.0-362.18.1.el9_3
# This is needed to do merge window version magic
%define patchlevel 14
# This allows pkg_release to have configurable %%{?dist} tag
# alma patched to 362.24.2 but still using 362.24.1 sources plus patch file
%define specrelease 362.24.2%{?buildid}%{?dist}
%define specrelease 362.18.1%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 5.14.0-362.24.1.el9_3
%define kabiversion 5.14.0-362.18.1.el9_3
#
# End of genspec.sh variables
@ -628,7 +627,7 @@ Name: kernel
License: GPLv2 and Redistributable, no modification permitted
URL: https://www.kernel.org/
Version: %{specversion}
Release: %{pkg_release}
Release: %{pkg_release}.kvm
# DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD.
# SET %%nobuildarches (ABOVE) INSTEAD
%if 0%{?fedora}
@ -949,8 +948,10 @@ Patch1: patch-%{patchversion}-redhat.patch
%endif
# AlmaLinux patches
Patch100: eaaaed137eccb9e8f3a88f6297e214f53885196f.patch
Patch101: Rename-mmu_notifier_seq-to-mmu_invalidate_seq-in-book3s_64_vio_hv.patch
Patch1001: 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
Patch1002: CVE-2024-1086.patch
# empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
@ -1697,7 +1698,8 @@ ApplyOptionalPatch patch-%{patchversion}-redhat.patch
%endif
ApplyPatch 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
ApplyPatch CVE-2024-1086.patch
ApplyOptionalPatch eaaaed137eccb9e8f3a88f6297e214f53885196f.patch
ApplyOptionalPatch Rename-mmu_notifier_seq-to-mmu_invalidate_seq-in-book3s_64_vio_hv.patch
ApplyOptionalPatch linux-kernel-test.patch
@ -3744,241 +3746,6 @@ fi
#
#
%changelog
* Fri Mar 29 2024 Jonathan Wright <jonathan@almalinux.org> [5.14.0-362.24.2.el9_3]
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters {CVE-2024-1086}
* Thu Feb 15 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.24.1.el9_3]
- RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882]
- drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042}
- ceph: defer stopping mdsc delayed_work (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: never send metrics if disable_send_metrics is set (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: fix blindly expanding the readahead windows (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: add a dedicated private data for netfs rreq (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: try to dump the msgs when decoding fails (Xiubo Li) [RHEL-22256 RHEL-16415]
- ceph: only send metrics when the MDS rank is ready (Xiubo Li) [RHEL-22256 RHEL-16415]
- x86/boot: Ignore NMIs during very early boot (Derek Barbosa) [RHEL-24449 RHEL-9380]
- Documentation, mm/unaccepted: document accept_memory kernel parameter (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- proc/kcore: do not try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/kvm: Do not try to disable kvmclock if it was not enabled (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Mark TSC reliable (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- RHEL: kABI fixup for struct zone (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- RHEL: introduce NR_VM_ZONE_STAT_ITEMS_ACTUAL for kABI-preserving zone stats (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- RHEL: 9.3 kABI fixup for struct efi (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/mm: Fix enc_status_change_finish_noop() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/mm: Allow guest.enc_status_change_prepare() to fail (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/coco: Mark cc_platform_has() and descendants noinstr (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- virt: sevguest: Add CONFIG_CRYPTO dependency (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- mm/page_alloc: fix obsolete comment in deferred_pfn_valid() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/sev: Change npages to unsigned long in snp_accept_memory() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/unaccepted: Make sure unaccepted table is mapped (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/efi: Safely enable unaccepted memory in UEFI (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/sev: Add SNP-specific unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/sev: Use large PSC requests if applicable (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/sev: Allow for use of the early boot GHCB for PSC requests (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/sev: Fix calculation of end address based on number of pages (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Wrap exit reason with hcall_func() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Refactor try_accept_one() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/boot/compressed: Handle unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/libstub: Implement support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/x86: Get full memory map in allocate_e820() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- memblock tests: Fix compilation errors. (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- mm: Add support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/boot: Centralize __pa()/__va() definitions (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/boot: Add an efi.h header for the decompressor (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Drop flags from __tdx_hypercall() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Disable NOTIFY_ENABLES (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- cpuidle, tdx: Make TDX code noinstr clean (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- x86/tdx: Remove TDX_HCALL_ISSUE_STI (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- mm: add pageblock_aligned() macro (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: memmap: Disregard bogus entries instead of returning them (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: memmap: Move manipulation routines into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: memmap: Move EFI fake memmap support into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: install boot-time memory map as config table (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: remove DT dependency from generic stub (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: unify initrd loading between architectures (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: remove pointless goto kludge (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: libstub: drop pointless get_memory_map() call (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/libstub: move efi_system_table global var into separate object (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi/x86: libstub: remove unused variable (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- efi: Correct comment on efi_memmap_alloc (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- drivers: fix typo in firmware/efi/memmap.c (Paolo Bonzini) [RHEL-20808 RHEL-10059]
- netfilter: nf_tables: skip set commit for deleted/destroyed sets (Phil Sutter) [RHEL-20683 RHEL-20686 RHEL-20214 RHEL-20217] {CVE-2024-0193}
- redhat: add missing -rt JIRAs (Jan Stancek)
* Thu Feb 08 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.23.1.el9_3]
- iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Jerry Snitselaar) [RHEL-19382 RHEL-11590]
- arm64/smmu: use TLBI ASID when invalidating entire range (Jerry Snitselaar) [RHEL-19382 RHEL-11590]
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20701 RHEL-20709 RHEL-19722 RHEL-19961] {CVE-2023-6817}
- netfilter: nf_tables: split async and sync catchall in two functions (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: remove catchall element in GC sync path (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: expose opaque set element as struct nft_elem_priv (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: work around newrule after chain binding (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: disallow rule removal from chain binding (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: flush pending destroy work before netlink notifier (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244}
- netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244}
- netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244}
- netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: skip bound chain in netns release path (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix underflow in chain reference counter (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: reject unbound chain set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: reject unbound anonymous set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: fix underflow in object reference counter (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: drop map element references from preparation phase (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: validate variable length element extension (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: relax set/map validation checks (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-22131 RHEL-1720]
- netfilter: nf_tables: upfront validation of data via nft_data_init() (Florian Westphal) [RHEL-22131 RHEL-1720]
- rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-23863 RHEL-21939]
- ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop (Jaroslav Kysela) [RHEL-24033 RHEL-13724]
- platform/x86/intel-uncore-freq: Return error on write frequency (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-freq: Add client processors (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-freq: add Emerald Rapids support (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-freq: Prevent driver loading in guests (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (David Arcari) [RHEL-15751 2177013]
- Documentation: admin-guide: pm: Document uncore frequency scaling (David Arcari) [RHEL-15751 2177013]
- platform/x86/intel-uncore-freq: Split common and enumeration part (David Arcari) [RHEL-15751 2177013]
- platform/x86/intel/uncore-freq: Display uncore current frequency (David Arcari) [RHEL-15751 2177013]
- platform/x86/intel/uncore-freq: Use sysfs API to create attributes (David Arcari) [RHEL-15751 2177013]
- platform/x86/intel/uncore-freq: Move to uncore-frequency folder (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (David Arcari) [RHEL-15751 2177013]
- platform/x86: intel-uncore-frequency: Move to intel sub-directory (David Arcari) [RHEL-15751 2177013]
- Revert "platform/x86: intel-uncore-freq: add Emerald Rapids support" (David Arcari) [RHEL-15751 2177013]
- iommu/iova: Manage the depot list size (Jay Shin) [RHEL-21517 RHEL-11148]
- iommu/iova: Make the rcache depot scale better (Jay Shin) [RHEL-21517 RHEL-11148]
- drm/amd/pm: Fix error of MACO flag setting code (Michel Dänzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927]
- drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Dänzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927]
* Thu Feb 01 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.22.1.el9_3]
- usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope (Desnes Nunes) [RHEL-21838 RHEL-14573]
- KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX (Paolo Bonzini) [RHEL-20415 RHEL-16384]
- KVM: SVM: Fix TSC_AUX virtualization setup (Paolo Bonzini) [RHEL-20415 RHEL-16384]
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (Paolo Bonzini) [RHEL-20415 RHEL-16384]
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22094 RHEL-22097 RHEL-19066 RHEL-19067] {CVE-2024-0646}
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21664 RHEL-21669 RHEL-18992 RHEL-18993] {CVE-2023-6606}
- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936]
- NFSv4.1: fix zero value filehandle in post open getattr (Jeffrey Layton) [RHEL-22284 RHEL-7936]
- NFSv4.1: fix pnfs MDS=DS session trunking (Jeffrey Layton) [RHEL-22284 RHEL-7936]
- NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936]
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
- ice: dpll: fix phase offset value (Petr Oros) [RHEL-17652 RHEL-15789]
- dpll: netlink/core: change pin frequency set behavior (Petr Oros) [RHEL-17652 RHEL-15789]
- ice: dpll: implement phase related callbacks (Petr Oros) [RHEL-17652 RHEL-15789]
- dpll: netlink/core: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789]
- dpll: spec: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789]
- dpll: docs: add support for pin signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789]
- netlink: specs: remove redundant type keys from attributes in subsets (Petr Oros) [RHEL-17652 RHEL-15789]
- md/raid6: use valid sector values to determine if an I/O should wait on the reshape (Nigel Croxon) [RHEL-20933 RHEL-17276]
* Thu Jan 25 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.21.1.el9_3]
- x86/microcode: do not cache microcode if it will not be used (Paolo Bonzini) [RHEL-21567 RHEL-16225]
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Remove hv_isolation_type_en_snp (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350]
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (Vitaly Kuznetsov) [RHEL-21441 2176350]
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
- Drivers: hv: vmbus: Support fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Add smp support for SEV-SNP guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Add VTL specific structs and hypercalls (Vitaly Kuznetsov) [RHEL-21441 2176350]
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Set Virtual Trust Level in VMBus init message (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/hyperv: Add sev-snp enlightened guest static key (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/tdx: Add more registers to struct tdx_hypercall_args (Vitaly Kuznetsov) [RHEL-21441 2176350]
- x86/tdx: Fix typo in comment in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350]
- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19105 RHEL-18054]
- NFS: Use parent's objective cred in nfs_access_login_time() (Jay Shin) [RHEL-22147 RHEL-16024]
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17887 RHEL-2412]
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610}
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610}
- x86/sev: Do not handle #VC for DR7 read/write (Paolo Bonzini) [RHEL-21885 RHEL-15069]
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Paolo Bonzini) [RHEL-21885 RHEL-15069]
* Thu Jan 18 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.20.1.el9_3]
- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-11980 RHEL-2833]
- x86/microcode/AMD: Rip out static buffers (David Arcari) [RHEL-14590 RHEL-10030]
- x86/microcode/AMD: Load late on both threads too (David Arcari) [RHEL-14590 RHEL-10030]
- x86/microcode/amd: Remove unneeded pointer arithmetic (David Arcari) [RHEL-14590 RHEL-10030]
- x86/microcode/AMD: Get rid of __find_equiv_id() (David Arcari) [RHEL-14590 RHEL-10030]
- docs: move x86 documentation into Documentation/arch/ (David Arcari) [RHEL-14590 RHEL-10030]
- x86/microcode/AMD: Handle multiple glued containers properly (David Arcari) [RHEL-14590 RHEL-10030]
- mm: Fix copy_from_user_nofault(). (Waiman Long) [RHEL-18946 RHEL-18440]
- redhat: rewrite genlog and support Y- tags (Jan Stancek)
* Wed Jan 10 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.19.1.el9_3]
- redhat: fix kernel changelog entry for RHEL-16560 (Jan Stancek)
- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717}
- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717}
* Wed Jan 03 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.18.1.el9_3]
- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545}
- rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079]
@ -4076,7 +3843,7 @@ fi
- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
* Thu Dec 07 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.15.1.el9_3]
- drm/mgag200: Flush the cache to improve latency (Jocelyn Falempe) [RHEL-16560 RHEL-16556]
- drm/mgag200: Flush the cache to improve latency (Jocelyn Falempe) [RHEL-16560]
- sched/fair: Make the BW replenish timer expire in hardirq context for PREEMPT_RT (Valentin Schneider) [RHEL-16842 RHEL-7232]
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623}