From 14799620d56e2173487b8400e1edd5522b75dc74 Mon Sep 17 00:00:00 2001
From: Peridot Bot <rockyautomation@rockylinux.org>
Date: Tue, 12 Dec 2023 20:08:22 +0000
Subject: [PATCH] import kernel-5.14.0-362.13.1.el9_3

---
 .kernel.checksum                           |   2 +-
 .kernel.metadata                           |   8 +-
 SOURCES/Makefile.rhelver                   |   2 +-
 SOURCES/kernel-x86_64-debug-rhel.config    |   1 +
 SOURCES/kernel-x86_64-rhel.config          |   1 +
 SOURCES/kernel-x86_64-rt-debug-rhel.config |   1 +
 SOURCES/kernel-x86_64-rt-rhel.config       |   1 +
 SOURCES/rheldup3.x509                      | Bin 1198 -> 0 bytes
 SOURCES/rhelkpatch1.x509                   | Bin 1176 -> 0 bytes
 SPECS/kernel.spec                          | 129 ++++++++++++++++++++-
 10 files changed, 134 insertions(+), 11 deletions(-)
 delete mode 100644 SOURCES/rheldup3.x509
 delete mode 100644 SOURCES/rhelkpatch1.x509

diff --git a/.kernel.checksum b/.kernel.checksum
index c4bc1e8..6822122 100644
--- a/.kernel.checksum
+++ b/.kernel.checksum
@@ -1 +1 @@
-3eb3920a519e4f00377092782d3048fff7874dae6fdf0d822ec306571fd824ab
+f9c1aaf9eac23b82819f4b6629456658c54c550ccfa7d8b6b778a9d07f6212de
diff --git a/.kernel.metadata b/.kernel.metadata
index 40c9f95..facb788 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,8 +1,8 @@
-161a595e36da1ceb858fdf0fc0eff90ae7aeffe2a78e8b926192ececa749b6e7 SOURCES/uki-sb-cert-x86_64-centos.crt
 62b559ebabb8868030a6a182715e8b7dc0163044576357ac5c984ce53a7ecf8c SOURCES/uki-sb-cert-x86_64-rhel.crt
-d4e514e600ea40b7cdcf5a157813be1e83da3e27a7536eb7b5d0643e8340541f SOURCES/linux-5.14.0-362.8.1.el9_3.tar.xz
-4d41653a817c526354d46c86a32cb227e8bf7ca0a1232b44d3c9d45ee6ced9a2 SOURCES/kernel-abi-stablelists-5.14.0-362.8.1.el9_3.tar.bz2
-dd8282541257526952d97c3355843b94ccc1e441853380df3d2c27aa4c08dcd3 SOURCES/kernel-kabi-dw-5.14.0-362.8.1.el9_3.tar.bz2
+6a1fb5b4393f345f3c7e868d1da36109f71a056b085ed18a10929fb02b6bdcbc SOURCES/kernel-abi-stablelists-5.14.0-362.13.1.el9_3.tar.bz2
+8a9d6295aefe42d7c6e74661f1eff6ff11f41c0be6c023f82aa3a33157764a6c SOURCES/linux-5.14.0-362.13.1.el9_3.tar.xz
+135db43702bc3952804da6381a35706ecfbef054486fdfe8f6810a52100b4c7c SOURCES/kernel-kabi-dw-5.14.0-362.13.1.el9_3.tar.bz2
+161a595e36da1ceb858fdf0fc0eff90ae7aeffe2a78e8b926192ececa749b6e7 SOURCES/uki-sb-cert-x86_64-centos.crt
 af61197112f29a3a52f3825d363fe3103dc98cad269763071ee86eb2aedc139b SOURCES/rheldup3.x509
 b466265282193c17b3256b199ecc3bdd986797b4a82ad841de4a132132e9f6ab SOURCES/rhelima.x509
 535ad7cda08187bc7dc22c62456e10990a42d7f87d1c741454525d1035430ebe SOURCES/rhelima_centos.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index 9a94053..5062d52 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 3
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 362.8.1
+RHEL_RELEASE = 362.13.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config
index f727dd6..579f4cf 100644
--- a/SOURCES/kernel-x86_64-debug-rhel.config
+++ b/SOURCES/kernel-x86_64-debug-rhel.config
@@ -796,6 +796,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config
index 404b3eb..b43a363 100644
--- a/SOURCES/kernel-x86_64-rhel.config
+++ b/SOURCES/kernel-x86_64-rhel.config
@@ -796,6 +796,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/SOURCES/kernel-x86_64-rt-debug-rhel.config b/SOURCES/kernel-x86_64-rt-debug-rhel.config
index 6aa26ce..92aed4f 100644
--- a/SOURCES/kernel-x86_64-rt-debug-rhel.config
+++ b/SOURCES/kernel-x86_64-rt-debug-rhel.config
@@ -811,6 +811,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/SOURCES/kernel-x86_64-rt-rhel.config b/SOURCES/kernel-x86_64-rt-rhel.config
index d384132..faa4da9 100644
--- a/SOURCES/kernel-x86_64-rt-rhel.config
+++ b/SOURCES/kernel-x86_64-rt-rhel.config
@@ -811,6 +811,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
 CONFIG_CPUMASK_KUNIT_TEST=m
 CONFIG_CPUMASK_OFFSTACK=y
 CONFIG_CPUSETS=y
+CONFIG_CPU_SRSO=y
 # CONFIG_CPU_THERMAL is not set
 CONFIG_CPU_UNRET_ENTRY=y
 # CONFIG_CRAMFS is not set
diff --git a/SOURCES/rheldup3.x509 b/SOURCES/rheldup3.x509
deleted file mode 100644
index 5df3b4f30de160efb9bd4dfbe9b831ee44a74007..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1198
zcmXqLVp(O-#4NOcnTe5!iId?z>lv<viu3FYc-c6$+C196^D;7WvoaW@8rmD!vN4CU
zFbkUnrKTu&B$g<+=9Q!t6%=I_rz-el=9N|`xD;iUr4}iK7NjJWq$&gy<);@V<|=4p
zr&cN$YZ@vUD8S9+WE2xFPEAhCNi8aIC`wJqNG#Dy&d)WF6X!KFF)%hZG_U|tW>Mn2
z#^wgbMy60My`0g+xCl7_7+D#Zn;82U44N3bn3@<H8J1-o<0`)PAbmBb;`YA8-H#fk
zh5p@V8dEj@#5^r|$BiMX-3PO)N}GG{XP;2;onrXm*xPGqc~8&eDa4E0Ke!U*c>dmh
z!vdG3|0;V$ZnEg5ajZEll2;mR@wL@urt`Or%zJ9C?VT(A$fkG62bt;r`OFi~EIb~l
z<&rtS<EK>8)w|#Kv!qQ3&uhNHe&*ln#F@XX?WP}(?tj|znsN2QnNwqA&i88Pl{7Wv
zi0s?jcw^SC@Kv5_e^1!5^_iCM5Bm`;kSTp@vLox+z|>RL4ozSE@7|Z)cYE5~15d9r
zf3ys?`QvqLy|vkD+xaIYkEDNf+^~1@42wPf|Bj`wzFB&D*6+hb6K-vvJ29i1VcUl0
zq@L&pdu28(wf5XsZoV(XoNK9e73=%N=^2Y-A5Mt7c1>x2z(sAPeYKwq_D1pMP0Z@+
z44ZCHD>8WrYvxnl{(Y9Y;!J7v%UEy6f7@i~%p&LVXWgfJLQL16Jb2BqOn&FtE8V3I
zn|J$960KOM=Y6DKzjm$3zHBW`iK{P}m>C%u7snbz8}I<rq^vL_<9`+=0|o<b5RadQ
zg_()H!9W(o;bReF5!oO9`9*Qko+8bgUs8?4i|=3jUe#bA50X}9kuVTzz^(u_2LKa5
zBSX@P#WI#rnZK4D`@cHp+q_v{vs;QzNaTy^vd>?$Wr62!1ty~%stq%KUk|UJQ?XL=
z?$;fAk4G{uU~63|QDu66e((pS#Qj{mWj-&Pce_tVMs-u$V&3WJc)wiGuq<P+VE@GQ
z^}z~81%nk5HS&BD9haTqTCP`d$mrg>Z@P0gI*S{A{9m&1>-)Wng7=FnNZr~SSADzE
z`FM5Za>G-0AsSCywAVQ9JizR7?q!%Tcl*z#XL3!Y%7=8$_x7!IcM#js)-=htyoX7>
z>ip!lieA5N{C;V0W#@@UtjqOcy&G=7S>^x8FLsLX+Tv8TI$u5)Pv(B7r+zP-z2(dP
zNL)O4a82vIH`9e5-h1||^w@{LheYd?i#}=m+Lpg~+S4mrH!aP6yzRWZTlTWaHMJVC
zyUyK`eCe}d$t=0@KT%tq*UtaGdtZF(ypw!B3mHQg7v`-?7jAjC_N793+P+-2;s%L3
xC$5SesqfmFyu<w0zNy`@Zn`To3-?@cvB-EL*xT1TbI~ks_H}~iS#NCr4*-zp0zLo$

diff --git a/SOURCES/rhelkpatch1.x509 b/SOURCES/rhelkpatch1.x509
deleted file mode 100644
index 0c774ba73bd27a421e59a2488cbf6f398fe03e2a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1176
zcmXqLVwqyl#PnwYGZP~d6DPyOSTUz>37k(1c-c6$+C196^D;7WvoaV&8JZXvu`!3T
zFbiu3rKTu&B$g<+=9Q!t6%=I_rz-el=9N|`WEUisBxfiTXQt<6=A|oSr&by&87ROF
z;$##PE>2BO%t<XOaVSbn$w(~GOU}<VkQ3(xnr>`tXkcM%VqzX8&TDLLU~FUx<<ivd
zCdNg`US(uuU~XdUXE11D>|$zSY-Cur_MUF}yRwy<27f+n7hK~wr6?mPn<FHn>p0ia
zO#<7tH0Rs=_y0FrZrPLN6%|z%*$g)6eBGQOC9APh#lLjbqcVo>yKIkDf|iOrauOH!
zXN=04zCVFu?E~=yg*}mikJ@c>j_>ID=+e$9T==)F_We`sQx%E6VtpA8xLPkgzGwdM
z;<FnIz8hRl`gKI1ar&(5hx`_KHZWYsU31KCW|T+4`RJghJsp8eo%~$(JA_)LPU{yL
zO+WYRAB+1p*+wtM)P8XVh1{cJ6Zf5-bY`vmvTHhhH$5V1d;f7P5BYL<>9cjJx1LvT
zRA95t**@{<WXGvf_s=>Lqu|dyEp);^hnSg>|M;YTZLipRcl-Yfp3`6Kk21N$#5%$3
z=t;d^b=jEe>3>csZDC|EtI6eGX3A$`&mP%j$yx5sna}0=<k2&pnV%U?*xvZ5_w|=f
z;=-&5XSSl24NG=M_2{T?(|xo<_=9NXcV$+8<(T_ZtJs#z*llTY{550ZiX$~=cz=iW
zO5J)m<>>O48d9cA%!~|-i(?I<4S0a5Pga<b@jnZb0fPZIh{w;u!py|pU?2<P@Ue)o
zi1=FkZS&hFarDD>J&T}6j6PQB`6mqILDI@B5(Z)o*cG6rbzlN$WDvi^+~avx_@(yD
zi6{BpWGBX~d@t^1|L!8IK+y!wQ0XblPMGv|{+@PzYc+?(uJY`snb+kCU#&HHx>;WK
z^!4Mp-&|K5D5=yv^^|SB-FAodX)_uhxL#%XyiEIl=tjR>&0DXQu2yfFbG;%j%(rPn
z?!Em9FQb+p>Fqw8_2FpG=X3gb_BZQ$&&})0pEI@c&eZvv1g3|tv(A1{Bw=)V6Gykn
z=?{UoU$IX!TEJa-<$LnXljRYGdF9M6Yl9|SQd^YEC1|ACvOy>4=D+NlS#wr-`m|?t
zN4EripRcU7^T(Xm|L6YiRpw;4U;g8<crTmjp1S`1%apeUY9Ei+Ef;on?@w}AK4<=F
z6RY-V&G#6VCwOxvc&@hmcy*Eex$-#4tCEe~JcW$0&-G_s5!=FQ8+LHQ>3iP1$FFkF
z^PXB_dOBN<PhQlr<VTL`(|gyxJj<W4^nSC;^mlsSe*D?xoH>VCciR7BQARQwXZ~CD
k<{3+z;?eg4Pxel|&g~RC;X;_4(PtO2eQRg^ILWgO0MaGw8~^|S

diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 90c7761..8334604 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -161,15 +161,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 362.8.1
+%define pkgrelease 362.13.1
 %define kversion 5
-%define tarfile_release 5.14.0-362.8.1.el9_3
+%define tarfile_release 5.14.0-362.13.1.el9_3
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 362.8.1%{?buildid}%{?dist}
+%define specrelease 362.13.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-362.8.1.el9_3
+%define kabiversion 5.14.0-362.13.1.el9_3
 
 #
 # End of genspec.sh variables
@@ -3753,9 +3753,128 @@ fi
 #
 #
 %changelog
-* Wed Dec 06 2023 Release Engineering <releng@rockylinux.org> - 5.14.0-362.8.1
+* Tue Dec 12 2023 Release Engineering <releng@rockylinux.org> - 5.14.0-362.13.1
 - Porting to 9.3, debranding and Rocky branding
 
+* Fri Nov 24 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.13.1.el9_3]
+- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192}
+- iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705]
+- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15191 RHEL-15202 RHEL-15192 RHEL-15203] {CVE-2023-45871}
+- bio-integrity: create multi-page bvecs in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
+- bio-integrity: cleanup adding integrity pages to bip's bvec. (Ming Lei) [RHEL-15107 RHEL-13714]
+- bio-integrity: update the payload size in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: make bvec_try_merge_hw_page() non-static (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: don't pass a bio to bio_try_merge_hw_seg (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the bi_size update out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: downgrade a bio_full call in bio_add_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the bi_size overflow check in __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the bi_vcnt check out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: move the BIO_CLONED checks out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: use SECTOR_SHIFT bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: tidy up the bio full checks in bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
+- block: kmsan: skip bio block merging logic for KMSAN (Ming Lei) [RHEL-15107 RHEL-13714]
+- redhat: change builder image to rhel-9.3 (Michael Hofmann)
+- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Add objtool_types.h (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- objtool: Fix SEGFAULT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
+- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-15799 2241234]
+- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-14353 RHEL-13881]
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5757 RHEL-3904]
+
+* Thu Nov 16 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.12.1.el9_3]
+- fs/smb/client: Reset password pointer to NULL (Scott Mayhew) [RHEL-11804 RHEL-11808 RHEL-11805 RHEL-11809] {CVE-2023-5345}
+
+* Thu Nov 09 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-362.11.1.el9_3]
+- mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (Donald Dutile) [RHEL-15277 RHEL-9198]
+- qed: fix LL2 RX buffer allocation (Chris Leech) [RHEL-14496 RHEL-8466]
+- fs/buffer.c: disable per-CPU buffer_head cache for isolated CPUs (Marcelo Tosatti) [RHEL-12101 2158709]
+
+* Thu Nov 02 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.10.1.el9_3]
+- perf/x86/amd: Do not WARN() on every IRQ (Michael Petlan) [RHEL-14363 RHEL-12341]
+- keys: Fix linking a duplicate key to a keyring's assoc_array (Jay Shin) [RHEL-14058 RHEL-9908]
+- vdpa/mlx5: Correct default number of queues when MQ is on (Laurent Vivier) [RHEL-12419 RHEL-7015]
+- redhat: fix bug/zjira sort in the changelog (Herton R. Krzesinski)
+- ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [RHEL-10381 RHEL-10357]
+
+* Thu Oct 26 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.9.1.el9_3]
+- iavf: schedule a request immediately after add/delete vlan (Petr Oros) [RHEL-9460]
+- iavf: add iavf_schedule_aq_request() helper (Petr Oros) [RHEL-9460]
+- cgroup: always put cset in cgroup_css_set_put_fork (Jay Shin) [RHEL-14053]
+- cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers (Jay Shin) [RHEL-14053]
+- CI: Remove -rt suffix from kpet_tree_name values (Nikolai Kondrashov)
+- rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) [RHEL-12359]
+- rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) [RHEL-12359]
+- rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) [RHEL-12359]
+- rbd: move rbd_dev_refresh() definition (Ilya Dryomov) [RHEL-12359]
+- CI: Remove unused kpet_tree_family (Nikolai Kondrashov)
+
 * Tue Oct 03 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.8.1.el9_3]
 - Revert "cnic: don't pass bogus GFP_ flags to dma_alloc_coherent" (Chris Leech) [RHEL-2542]
 - Revert "dma-mapping: reject __GFP_COMP in dma_alloc_attrs" (Chris Leech) [RHEL-2542]
-- 
GitLab