Merge branch 'c9' into a9

.gitignore

@@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-362.8.1.el9_3.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-362.8.1.el9_3.tar.bz2
-SOURCES/linux-5.14.0-362.8.1.el9_3.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2
+SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelima.x509
 SOURCES/rhelima_centos.x509

.kernel.metadata

@@ -1,3 +1,3 @@
-1c2b1687409ff0eaeeaef0a550bfba1fdf5759d2 SOURCES/kernel-abi-stablelists-5.14.0-362.8.1.el9_3.tar.bz2
-2d6ccc65ef328fc9872f1a420af331ab850fb1a6 SOURCES/kernel-kabi-dw-5.14.0-362.8.1.el9_3.tar.bz2
-83760acdd6b3494c5ed8cb87745a443aeb17c13e SOURCES/linux-5.14.0-362.8.1.el9_3.tar.xz
+c4f5872f7005e90b19c5f9062b22b1f21827ef54 SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2
+b1d3fe4cf0e3d6db2cb96fc8dc3ccf21cf29b12d SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2
+471a92d317924954c13b85d2f4cb6fd598712ea3 SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz

SOURCES/Makefile.rhelver

@@ -12,7 +12,7 @@ RHEL_MINOR = 3
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 362.8.1
+RHEL_RELEASE = 362.13.1
 
 #
 # ZSTREAM

SOURCES/kernel-x86_64-debug-rhel.config

@@ -796,6 +796,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set

SOURCES/kernel-x86_64-rhel.config

@@ -796,6 +796,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set

SOURCES/kernel-x86_64-rt-debug-rhel.config

@@ -811,6 +811,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set

SOURCES/kernel-x86_64-rt-rhel.config

@@ -811,6 +811,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set

SPECS/kernel.spec

@@ -161,15 +161,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 362.8.1
+%define pkgrelease 362.13.1
 %define kversion 5
-%define tarfile_release 5.14.0-362.8.1.el9_3
+%define tarfile_release 5.14.0-362.13.1.el9_3
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 362.8.1%{?buildid}%{?dist}
+%define specrelease 362.13.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-362.8.1.el9_3
+%define kabiversion 5.14.0-362.13.1.el9_3
 
 #
 # End of genspec.sh variables
@@ -3736,6 +3736,125 @@ fi
 #
 #
 %changelog
+* Fri Nov 24 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.13.1.el9_3]
+- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192}
+- iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705]
+- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15191 RHEL-15202 RHEL-15192 RHEL-15203] {CVE-2023-45871}
+- bio-integrity: create multi-page bvecs in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
+- bio-integrity: cleanup adding integrity pages to bip's bvec. (Ming Lei) [RHEL-15107 RHEL-13714]
+- bio-integrity: update the payload size in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: make bvec_try_merge_hw_page() non-static (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: don't pass a bio to bio_try_merge_hw_seg (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the bi_size update out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: downgrade a bio_full call in bio_add_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the bi_size overflow check in __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the bi_vcnt check out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the BIO_CLONED checks out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: use SECTOR_SHIFT bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: tidy up the bio full checks in bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: kmsan: skip bio block merging logic for KMSAN (Ming Lei) [RHEL-15107 RHEL-13714]
+- redhat: change builder image to rhel-9.3 (Michael Hofmann)
+- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Add objtool_types.h (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Fix SEGFAULT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-15799 2241234]
+- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-14353 RHEL-13881]
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5757 RHEL-3904]
+
+* Thu Nov 16 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.12.1.el9_3]
+- fs/smb/client: Reset password pointer to NULL (Scott Mayhew) [RHEL-11804 RHEL-11808 RHEL-11805 RHEL-11809] {CVE-2023-5345}
+
+* Thu Nov 09 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-362.11.1.el9_3]
+- mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (Donald Dutile) [RHEL-15277 RHEL-9198]
+- qed: fix LL2 RX buffer allocation (Chris Leech) [RHEL-14496 RHEL-8466]
+- fs/buffer.c: disable per-CPU buffer_head cache for isolated CPUs (Marcelo Tosatti) [RHEL-12101 2158709]
+
+* Thu Nov 02 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.10.1.el9_3]
+- perf/x86/amd: Do not WARN() on every IRQ (Michael Petlan) [RHEL-14363 RHEL-12341]
+- keys: Fix linking a duplicate key to a keyring's assoc_array (Jay Shin) [RHEL-14058 RHEL-9908]
+- vdpa/mlx5: Correct default number of queues when MQ is on (Laurent Vivier) [RHEL-12419 RHEL-7015]
+- redhat: fix bug/zjira sort in the changelog (Herton R. Krzesinski)
+- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [RHEL-10381 RHEL-10357]
+
+* Thu Oct 26 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.9.1.el9_3]
+- iavf: schedule a request immediately after add/delete vlan (Petr Oros) [RHEL-9460]
+- iavf: add iavf_schedule_aq_request() helper (Petr Oros) [RHEL-9460]
+- cgroup: always put cset in cgroup_css_set_put_fork (Jay Shin) [RHEL-14053]
+- cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers (Jay Shin) [RHEL-14053]
+- CI: Remove -rt suffix from kpet_tree_name values (Nikolai Kondrashov)
+- rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) [RHEL-12359]
+- rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) [RHEL-12359]
+- rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) [RHEL-12359]
+- rbd: move rbd_dev_refresh() definition (Ilya Dryomov) [RHEL-12359]
+- CI: Remove unused kpet_tree_family (Nikolai Kondrashov)
+
 * Tue Oct 03 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.8.1.el9_3]
 - Revert "cnic: don't pass bogus GFP_ flags to dma_alloc_coherent" (Chris Leech) [RHEL-2542]
 - Revert "dma-mapping: reject __GFP_COMP in dma_alloc_attrs" (Chris Leech) [RHEL-2542]