From 5984d5bc43e45d7959b813f9a24e5f1349f8d4dd Mon Sep 17 00:00:00 2001
From: Jan Stancek <jstancek@redhat.com>
Date: Mon, 13 Nov 2023 10:48:05 +0100
Subject: [PATCH] kernel-5.14.0-385.el9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Mon Nov 13 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-385.el9]
- s390/qdio: fix do_sqbs() inline assembly constraint (Tobias Huschle) [RHEL-11201]
- s390/lcs: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
- s390/lcs: Convert sprintf to scnprintf (Tobias Huschle) [RHEL-11201]
- s390/ctcm: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
- s390/ctcm: Convert sprintf/snprintf to scnprintf (Tobias Huschle) [RHEL-11201]
- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-11201]
- s390/lcs: Remove FDDI option (Tobias Huschle) [RHEL-11201]
- nd_btt: Make BTT lanes preemptible (Tomas Glozar) [RHEL-9172]
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) [RHEL-15417]
- Revert "rcu: Permit start_poll_synchronize_rcu_expedited() to be invoked early" (Čestmír Kalina) [RHEL-14709]
- scsi: sd: Remove the number of forward declarations (Ewan D. Milne) [RHEL-14312]
- scsi: core: Report error list information in debugfs (Ewan D. Milne) [RHEL-14312]
- scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Remove unused extern declarations (Ewan D. Milne) [RHEL-14312]
- scsi: core: Fix legacy /proc parsing buffer overflow (Ewan D. Milne) [RHEL-14312]
- scsi: sd_zbc: Set zone limits before revalidating zones (Ewan D. Milne) [RHEL-14312]
- scsi: core: Improve warning message in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Replace scsi_target_block() with scsi_block_targets() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Don't wait for quiesce in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Don't wait for quiesce in scsi_stop_queue() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Merge scsi_internal_device_block() and device_block() (Ewan D. Milne) [RHEL-14312]
- scsi: sg: Increase number of devices (Ewan D. Milne) [RHEL-14312]
- scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT (Ewan D. Milne) [RHEL-14312]
- scsi: core: Support setting BLK_MQ_F_BLOCKING (Ewan D. Milne) [RHEL-14312]
- scsi: core: Rework scsi_host_block() (Ewan D. Milne) [RHEL-14312]
- scsi: core: Only kick the requeue list if necessary (Ewan D. Milne) [RHEL-14312]
- scsi: core: Use min() instead of open-coding it (Ewan D. Milne) [RHEL-14312]
- scsi: scsi_transport_fc: Remove unused 'desc_cnt' variable (Ewan D. Milne) [RHEL-14312]
- scsi: sr: Simplify the sr_open() function (Ewan D. Milne) [RHEL-14312]
- scsi: core: Improve scsi_vpd_inquiry() checks (Ewan D. Milne) [RHEL-14312]
- scsi: core: Fix a procfs host directory removal regression (Ewan D. Milne) [RHEL-14312]
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (Ewan D. Milne) [RHEL-14312]
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (Ewan D. Milne) [RHEL-14312]
- tcp: fix delayed ACKs for MSS boundary condition (Paolo Abeni) [RHEL-14348]
- tcp: fix quick-ack counting to count actual ACKs of new data (Paolo Abeni) [RHEL-14348]
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Paolo Abeni) [RHEL-14348]
- net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Paolo Abeni) [RHEL-14348]
- tcp: gso: really support BIG TCP (Paolo Abeni) [RHEL-14348]
- tcp: fix mishandling when the sack compression is deferred. (Paolo Abeni) [RHEL-14348]
- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-13881]
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Jose Ignacio Tornos Martinez) [RHEL-6358] {CVE-2023-31083}
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-8594] {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-8594] {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-8594] {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Add objtool_types.h (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- objtool: Fix SEGFAULT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
- livepatch: Make 'klp_stack_entries' static (Ryan Sullivan) [RHEL-2768]
- livepatch: Convert stack entries array to percpu (Ryan Sullivan) [RHEL-2768]
- livepatch: fix ELF typos (Ryan Sullivan) [RHEL-2768]
- livepatch: Make kobj_type structures constant (Ryan Sullivan) [RHEL-2768]
- Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition (Ryan Sullivan) [RHEL-2768]
- module.h: Document klp_modinfo struct using kdoc (Ryan Sullivan) [RHEL-2768]
- livepatch,x86: Clear relocation targets on a module removal (Ryan Sullivan) [RHEL-2768]
- x86/module: remove unused code in __apply_relocate_add (Ryan Sullivan) [RHEL-2768]
Resolves: RHEL-7056, RHEL-11201, RHEL-13881, RHEL-14312, RHEL-14114, RHEL-14348, RHEL-14709, RHEL-15417, RHEL-2768, RHEL-6358, RHEL-8594, RHEL-9172

Signed-off-by: Jan Stancek <jstancek@redhat.com>
---
 Makefile.rhelver                   |   2 +-
 kernel-x86_64-debug-rhel.config    |   1 +
 kernel-x86_64-rhel.config          |   1 +
 kernel-x86_64-rt-debug-rhel.config |   1 +
 kernel-x86_64-rt-rhel.config       |   1 +
 kernel.spec                        | 129 ++++++++++++++++++++++++++++-
 sources                            |   6 +-
 7 files changed, 133 insertions(+), 8 deletions(-)

diff --git a/Makefile.rhelver b/Makefile.rhelver
index 68033e0..189956b 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 4
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 384
+RHEL_RELEASE = 385
 
 #
 # ZSTREAM
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config
index 681ceea..9b39020 100644
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@@ -801,6 +801,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index 2fec55f..89bf8c3 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -801,6 +801,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config
index 62981e4..e63c8a3 100644
--- a/kernel-x86_64-rt-debug-rhel.config
+++ b/kernel-x86_64-rt-debug-rhel.config
@@ -816,6 +816,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config
index e845627..9fade8c 100644
--- a/kernel-x86_64-rt-rhel.config
+++ b/kernel-x86_64-rt-rhel.config
@@ -816,6 +816,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/kernel.spec b/kernel.spec
index 24aafb4..b19f11c 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 384
+%define pkgrelease 385
 %define kversion 5
-%define tarfile_release 5.14.0-384.el9
+%define tarfile_release 5.14.0-385.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 384%{?buildid}%{?dist}
+%define specrelease 385%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-384.el9
+%define kabiversion 5.14.0-385.el9
 
 #
 # End of genspec.sh variables
@@ -3745,6 +3745,127 @@ fi
 #
 #
 %changelog
+* Mon Nov 13 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-385.el9]
+- s390/qdio: fix do_sqbs() inline assembly constraint (Tobias Huschle) [RHEL-11201]
+- s390/lcs: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
+- s390/lcs: Convert sprintf to scnprintf (Tobias Huschle) [RHEL-11201]
+- s390/ctcm: Convert sysfs sprintf to sysfs_emit (Tobias Huschle) [RHEL-11201]
+- s390/ctcm: Convert sprintf/snprintf to scnprintf (Tobias Huschle) [RHEL-11201]
+- s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-11201]
+- s390/lcs: Remove FDDI option (Tobias Huschle) [RHEL-11201]
+- nd_btt: Make BTT lanes preemptible (Tomas Glozar) [RHEL-9172]
+- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) [RHEL-15417]
+- Revert "rcu: Permit start_poll_synchronize_rcu_expedited() to be invoked early" (Čestmír Kalina) [RHEL-14709]
+- scsi: sd: Remove the number of forward declarations (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Report error list information in debugfs (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Remove unused extern declarations (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Fix legacy /proc parsing buffer overflow (Ewan D. Milne) [RHEL-14312]
+- scsi: sd_zbc: Set zone limits before revalidating zones (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Improve warning message in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Replace scsi_target_block() with scsi_block_targets() (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Don't wait for quiesce in scsi_device_block() (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Don't wait for quiesce in scsi_stop_queue() (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Merge scsi_internal_device_block() and device_block() (Ewan D. Milne) [RHEL-14312]
+- scsi: sg: Increase number of devices (Ewan D. Milne) [RHEL-14312]
+- scsi: sd: sd_zbc: Use PAGE_SECTORS_SHIFT (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Support setting BLK_MQ_F_BLOCKING (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Rework scsi_host_block() (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Only kick the requeue list if necessary (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Use min() instead of open-coding it (Ewan D. Milne) [RHEL-14312]
+- scsi: scsi_transport_fc: Remove unused 'desc_cnt' variable (Ewan D. Milne) [RHEL-14312]
+- scsi: sr: Simplify the sr_open() function (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Improve scsi_vpd_inquiry() checks (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Fix a procfs host directory removal regression (Ewan D. Milne) [RHEL-14312]
+- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (Ewan D. Milne) [RHEL-14312]
+- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (Ewan D. Milne) [RHEL-14312]
+- tcp: fix delayed ACKs for MSS boundary condition (Paolo Abeni) [RHEL-14348]
+- tcp: fix quick-ack counting to count actual ACKs of new data (Paolo Abeni) [RHEL-14348]
+- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Paolo Abeni) [RHEL-14348]
+- net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Paolo Abeni) [RHEL-14348]
+- tcp: gso: really support BIG TCP (Paolo Abeni) [RHEL-14348]
+- tcp: fix mishandling when the sack compression is deferred. (Paolo Abeni) [RHEL-14348]
+- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-13881]
+- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Jose Ignacio Tornos Martinez) [RHEL-6358] {CVE-2023-31083}
+- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-8594] {CVE-2023-20588}
+- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-8594] {CVE-2023-20593}
+- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-8594] {CVE-2023-20588}
+- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- objtool: Add objtool_types.h (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- objtool: Fix SEGFAULT (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-8594] {CVE-2023-20569}
+- livepatch: Make 'klp_stack_entries' static (Ryan Sullivan) [RHEL-2768]
+- livepatch: Convert stack entries array to percpu (Ryan Sullivan) [RHEL-2768]
+- livepatch: fix ELF typos (Ryan Sullivan) [RHEL-2768]
+- livepatch: Make kobj_type structures constant (Ryan Sullivan) [RHEL-2768]
+- Documentation: livepatch: module-elf-format: Remove local klp_modinfo definition (Ryan Sullivan) [RHEL-2768]
+- module.h: Document klp_modinfo struct using kdoc (Ryan Sullivan) [RHEL-2768]
+- livepatch,x86: Clear relocation targets on a module removal (Ryan Sullivan) [RHEL-2768]
+- x86/module: remove unused code in __apply_relocate_add (Ryan Sullivan) [RHEL-2768]
+
 * Thu Nov 09 2023 Scott Weaver <scweaver@redhat.com> [5.14.0-384.el9]
 - perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717}
 - perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-14984] {CVE-2023-5717}
diff --git a/sources b/sources
index 006a8ba..d8d98f6 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-384.el9.tar.xz) = cc49819f6a6afdb402eb49717cebfd757d9b84b864657b5e123ed0df3015dae1736ffa04d1ac5275885850f76f383e2fdbc06e05b8be4c851cfd1b1da940185d
-SHA512 (kernel-abi-stablelists-5.14.0-384.el9.tar.bz2) = 7212da35f24714dd8896d7a4b2325f66b3960951c04514003f42cacf901979646de19e0fdafb8cf93f29d61e4e7187f3f3fee3dd48f28b4fce4bf18a1f4b49ef
-SHA512 (kernel-kabi-dw-5.14.0-384.el9.tar.bz2) = b15bbc7c73df4809ffc16239984ea731c8ae1f233ce2a857cbe5bf7ad23a38c373c9db2cdb6552bd41eed27c6a9fbcfb30d1a3d4d1f3e2f7ed03cc56a8b778fc
+SHA512 (linux-5.14.0-385.el9.tar.xz) = 5bf2d56172efd2c678c689058a750c874a3a2731ec639d1710e240603a5b3b619766704f703b060df8644028e3a803472459f553808f93faa963dd09e5fd7a2b
+SHA512 (kernel-abi-stablelists-5.14.0-385.el9.tar.bz2) = baf9c2bfb843a2c950bf1c3578d87bfdd6946c388f41650e74de3e43321b91f954280ca62bd372840a5ec47c58a84167e43445c2ae99904a54dfd51d30526670
+SHA512 (kernel-kabi-dw-5.14.0-385.el9.tar.bz2) = 3bc50566f89eafd18aedadb1739f8c9736a61870fa7af0bc1c29c06653187e010a389ccdac85b7263245c689ed1da15bce42a54110f21e7ae9619db9d279e6b5