diff --git a/Makefile.rhelver b/Makefile.rhelver index 68033e0..189956b 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 4 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 384 +RHEL_RELEASE = 385 # # ZSTREAM diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 681ceea..9b39020 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -801,6 +801,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 2fec55f..89bf8c3 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -801,6 +801,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 62981e4..e63c8a3 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -816,6 +816,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index e845627..9fade8c 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -816,6 +816,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPUMASK_KUNIT_TEST=m CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUSETS=y +CONFIG_CPU_SRSO=y # CONFIG_CPU_THERMAL is not set CONFIG_CPU_UNRET_ENTRY=y # CONFIG_CRAMFS is not set diff --git a/kernel.spec b/kernel.spec index 24aafb4..b19f11c 100755 --- a/kernel.spec +++ b/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 384 +%define pkgrelease 385 %define kversion 5 -%define tarfile_release 5.14.0-384.el9 +%define tarfile_release 5.14.0-385.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 384%{?buildid}%{?dist} +%define specrelease 385%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-384.el9 +%define kabiversion 5.14.0-385.el9 # # End of genspec.sh variables @@ -3745,6 +3745,127 @@ fi # # %changelog +* Mon Nov 13 2023 Jan Stancek [5.14.0-385.el9] +- s390/qdio: fix do_sqbs() inline assembly constraint (Tobias Huschle) [RHEL-11201] +- s390/lcs: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201] +- s390/lcs: Convert sprintf to scnprintf (Tobias Huschle) [RHEL-11201] +- s390/ctcm: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201] +- s390/ctcm: Convert sprintf/snprintf to scnprintf (Tobias Huschle) [RHEL-11201] +- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-11201] +- s390/lcs: Remove FDDI option (Tobias Huschle) [RHEL-11201] +- nd_btt: Make BTT lanes preemptible (Tomas Glozar) [RHEL-9172] +- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) [RHEL-15417] +- Revert "rcu: Permit start_poll_synchronize_rcu_expedited() to be invoked early" (Čestmír Kalina) [RHEL-14709] +- scsi: sd: Remove the number of forward declarations (Ewan D. Milne) [RHEL-14312] +- scsi: core: Report error list information in debugfs (Ewan D. Milne) [RHEL-14312] +- scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Ewan D. Milne) [RHEL-14312] +- scsi: core: Remove unused extern declarations (Ewan D. Milne) [RHEL-14312] +- scsi: core: Fix legacy /proc parsing buffer overflow (Ewan D. Milne) [RHEL-14312] +- scsi: sd_zbc: Set zone limits before revalidating zones (Ewan D. Milne) [RHEL-14312] +- scsi: core: Improve warning message in scsi_device_block() (Ewan D. Milne) [RHEL-14312] +- scsi: core: Replace scsi_target_block() with scsi_block_targets() (Ewan D. Milne) [RHEL-14312] +- scsi: core: Don't wait for quiesce in scsi_device_block() (Ewan D. Milne) [RHEL-14312] +- scsi: core: Don't wait for quiesce in scsi_stop_queue() (Ewan D. Milne) [RHEL-14312] +- scsi: core: Merge scsi_internal_device_block() and device_block() (Ewan D. Milne) [RHEL-14312] +- scsi: sg: Increase number of devices (Ewan D. Milne) [RHEL-14312] +- scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT (Ewan D. Milne) [RHEL-14312] +- scsi: core: Support setting BLK_MQ_F_BLOCKING (Ewan D. Milne) [RHEL-14312] +- scsi: core: Rework scsi_host_block() (Ewan D. Milne) [RHEL-14312] +- scsi: core: Only kick the requeue list if necessary (Ewan D. Milne) [RHEL-14312] +- scsi: core: Use min() instead of open-coding it (Ewan D. Milne) [RHEL-14312] +- scsi: scsi_transport_fc: Remove unused 'desc_cnt' variable (Ewan D. Milne) [RHEL-14312] +- scsi: sr: Simplify the sr_open() function (Ewan D. Milne) [RHEL-14312] +- scsi: core: Improve scsi_vpd_inquiry() checks (Ewan D. Milne) [RHEL-14312] +- scsi: core: Fix a procfs host directory removal regression (Ewan D. Milne) [RHEL-14312] +- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (Ewan D. Milne) [RHEL-14312] +- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (Ewan D. Milne) [RHEL-14312] +- tcp: fix delayed ACKs for MSS boundary condition (Paolo Abeni) [RHEL-14348] +- tcp: fix quick-ack counting to count actual ACKs of new data (Paolo Abeni) [RHEL-14348] +- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Paolo Abeni) [RHEL-14348] +- net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Paolo Abeni) [RHEL-14348] +- tcp: gso: really support BIG TCP (Paolo Abeni) [RHEL-14348] +- tcp: fix mishandling when the sack compression is deferred. (Paolo Abeni) [RHEL-14348] +- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-13881] +- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Jose Ignacio Tornos Martinez) [RHEL-6358] {CVE-2023-31083} +- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-8594] {CVE-2023-20588} +- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-8594] {CVE-2023-20593} +- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-8594] {CVE-2023-20588} +- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Add IBPB (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- objtool: Add objtool_types.h (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- objtool: Fix SEGFAULT (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-8594] {CVE-2023-20569} +- livepatch: Make 'klp_stack_entries' static (Ryan Sullivan) [RHEL-2768] +- livepatch: Convert stack entries array to percpu (Ryan Sullivan) [RHEL-2768] +- livepatch: fix ELF typos (Ryan Sullivan) [RHEL-2768] +- livepatch: Make kobj_type structures constant (Ryan Sullivan) [RHEL-2768] +- Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition (Ryan Sullivan) [RHEL-2768] +- module.h: Document klp_modinfo struct using kdoc (Ryan Sullivan) [RHEL-2768] +- livepatch,x86: Clear relocation targets on a module removal (Ryan Sullivan) [RHEL-2768] +- x86/module: remove unused code in __apply_relocate_add (Ryan Sullivan) [RHEL-2768] + * Thu Nov 09 2023 Scott Weaver [5.14.0-384.el9] - perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717} - perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717} diff --git a/sources b/sources index 006a8ba..d8d98f6 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-384.el9.tar.xz) = cc49819f6a6afdb402eb49717cebfd757d9b84b864657b5e123ed0df3015dae1736ffa04d1ac5275885850f76f383e2fdbc06e05b8be4c851cfd1b1da940185d -SHA512 (kernel-abi-stablelists-5.14.0-384.el9.tar.bz2) = 7212da35f24714dd8896d7a4b2325f66b3960951c04514003f42cacf901979646de19e0fdafb8cf93f29d61e4e7187f3f3fee3dd48f28b4fce4bf18a1f4b49ef -SHA512 (kernel-kabi-dw-5.14.0-384.el9.tar.bz2) = b15bbc7c73df4809ffc16239984ea731c8ae1f233ce2a857cbe5bf7ad23a38c373c9db2cdb6552bd41eed27c6a9fbcfb30d1a3d4d1f3e2f7ed03cc56a8b778fc +SHA512 (linux-5.14.0-385.el9.tar.xz) = 5bf2d56172efd2c678c689058a750c874a3a2731ec639d1710e240603a5b3b619766704f703b060df8644028e3a803472459f553808f93faa963dd09e5fd7a2b +SHA512 (kernel-abi-stablelists-5.14.0-385.el9.tar.bz2) = baf9c2bfb843a2c950bf1c3578d87bfdd6946c388f41650e74de3e43321b91f954280ca62bd372840a5ec47c58a84167e43445c2ae99904a54dfd51d30526670 +SHA512 (kernel-kabi-dw-5.14.0-385.el9.tar.bz2) = 3bc50566f89eafd18aedadb1739f8c9736a61870fa7af0bc1c29c06653187e010a389ccdac85b7263245c689ed1da15bce42a54110f21e7ae9619db9d279e6b5