From 4e86a7e771972e274aa3db9df696816051586340 Mon Sep 17 00:00:00 2001
From: Peridot Bot <rockyautomation@rockylinux.org>
Date: Wed, 16 Oct 2024 07:18:30 +0000
Subject: [PATCH] import kernel-5.14.0-427.40.1.el9_4

---
 .kernel.checksum                           |  2 +-
 .kernel.metadata                           |  6 +-
 SOURCES/Makefile.rhelver                   |  2 +-
 SOURCES/kernel-x86_64-debug-rhel.config    |  1 +
 SOURCES/kernel-x86_64-rhel.config          |  1 +
 SOURCES/kernel-x86_64-rt-debug-rhel.config |  1 +
 SOURCES/kernel-x86_64-rt-rhel.config       |  1 +
 SPECS/kernel.spec                          | 66 +++++++++++++++++++---
 8 files changed, 68 insertions(+), 12 deletions(-)

diff --git a/.kernel.checksum b/.kernel.checksum
index 0fb4132..9cf1967 100644
--- a/.kernel.checksum
+++ b/.kernel.checksum
@@ -1 +1 @@
-373874595e731435b77b23b73c199b94b8eedb59950db2f188300876f6fafdfb
+2235e7bc44f5279f278b2a277bd82815aaf27a0411ec855aead13d50477fc878
diff --git a/.kernel.metadata b/.kernel.metadata
index c82a0e2..b66f3c2 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,6 +1,6 @@
-6cdb312f2dd823c5baa8a184f820f40333280376109c28a3969fef7ef5c0b543 SOURCES/kernel-abi-stablelists-5.14.0-427.37.1.el9_4.tar.bz2
-b609f6f5c913b46cb7cd70fe2592f15cd1a17e16876bf394b261ac43a1fbaf4c SOURCES/kernel-kabi-dw-5.14.0-427.37.1.el9_4.tar.bz2
-739d7f25e7f030189e0a5feea98e417413edf91c15896a4728d813dfd5861a41 SOURCES/linux-5.14.0-427.37.1.el9_4.tar.xz
+852acbc0e3b9f78afd2631d665e367b2c2f61577ae329cdd1192b7502d127733 SOURCES/kernel-abi-stablelists-5.14.0-427.40.1.el9_4.tar.bz2
+4346ba0a05d50d8dcc6755a7377b76ec634d2450ae3b5cd53ffcb4d1d85af286 SOURCES/kernel-kabi-dw-5.14.0-427.40.1.el9_4.tar.bz2
+2c1ce0360bf3c88ee9f6a10c1fad1dbe1a85ff781ca9a59b5c5531fcb0b3187b SOURCES/linux-5.14.0-427.40.1.el9_4.tar.xz
 ca3aa0979f9426736d382747bba165e71ea4c42a2fb736d78fd8a4c4b7b58ad4 SOURCES/nvidiagpuoot001.x509
 af61197112f29a3a52f3825d363fe3103dc98cad269763071ee86eb2aedc139b SOURCES/rheldup3.x509
 b466265282193c17b3256b199ecc3bdd986797b4a82ad841de4a132132e9f6ab SOURCES/rhelima.x509
diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver
index be20bfe..9e494fb 100644
--- a/SOURCES/Makefile.rhelver
+++ b/SOURCES/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 4
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 427.37.1
+RHEL_RELEASE = 427.40.1
 
 #
 # ZSTREAM
diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config
index b2c16b2..e1e821b 100644
--- a/SOURCES/kernel-x86_64-debug-rhel.config
+++ b/SOURCES/kernel-x86_64-debug-rhel.config
@@ -3230,6 +3230,7 @@ CONFIG_MINIX_SUBPARTITION=y
 CONFIG_MISC_FILESYSTEMS=y
 CONFIG_MISC_RTSX_PCI=m
 CONFIG_MISC_RTSX_USB=m
+CONFIG_MITIGATION_RFDS=y
 # CONFIG_MK8 is not set
 # CONFIG_MLX4_CORE_GEN2 is not set
 CONFIG_MLX4_EN_DCB=y
diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config
index dd9daae..8b91cf2 100644
--- a/SOURCES/kernel-x86_64-rhel.config
+++ b/SOURCES/kernel-x86_64-rhel.config
@@ -3210,6 +3210,7 @@ CONFIG_MINIX_SUBPARTITION=y
 CONFIG_MISC_FILESYSTEMS=y
 CONFIG_MISC_RTSX_PCI=m
 CONFIG_MISC_RTSX_USB=m
+CONFIG_MITIGATION_RFDS=y
 # CONFIG_MK8 is not set
 # CONFIG_MLX4_CORE_GEN2 is not set
 CONFIG_MLX4_EN_DCB=y
diff --git a/SOURCES/kernel-x86_64-rt-debug-rhel.config b/SOURCES/kernel-x86_64-rt-debug-rhel.config
index 489bb6c..59a0954 100644
--- a/SOURCES/kernel-x86_64-rt-debug-rhel.config
+++ b/SOURCES/kernel-x86_64-rt-debug-rhel.config
@@ -3287,6 +3287,7 @@ CONFIG_MINIX_SUBPARTITION=y
 CONFIG_MISC_FILESYSTEMS=y
 CONFIG_MISC_RTSX_PCI=m
 CONFIG_MISC_RTSX_USB=m
+CONFIG_MITIGATION_RFDS=y
 # CONFIG_MK8 is not set
 # CONFIG_MLX4_CORE_GEN2 is not set
 CONFIG_MLX4_DEBUG=y
diff --git a/SOURCES/kernel-x86_64-rt-rhel.config b/SOURCES/kernel-x86_64-rt-rhel.config
index 9e8e31f..8a2c158 100644
--- a/SOURCES/kernel-x86_64-rt-rhel.config
+++ b/SOURCES/kernel-x86_64-rt-rhel.config
@@ -3267,6 +3267,7 @@ CONFIG_MINIX_SUBPARTITION=y
 CONFIG_MISC_FILESYSTEMS=y
 CONFIG_MISC_RTSX_PCI=m
 CONFIG_MISC_RTSX_USB=m
+CONFIG_MITIGATION_RFDS=y
 # CONFIG_MK8 is not set
 # CONFIG_MLX4_CORE_GEN2 is not set
 CONFIG_MLX4_DEBUG=y
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 3b5e1e0..18d1887 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 427.37.1
+%define pkgrelease 427.40.1
 %define kversion 5
-%define tarfile_release 5.14.0-427.37.1.el9_4
+%define tarfile_release 5.14.0-427.40.1.el9_4
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 427.37.1%{?buildid}%{?dist}
+%define specrelease 427.40.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-427.37.1.el9_4
+%define kabiversion 5.14.0-427.40.1.el9_4
 
 #
 # End of genspec.sh variables
@@ -909,12 +909,12 @@ Source105: rocky-nvidiagpuoot101.x509
 Source115: rocky-nvidiagpuoot101-aarch64.x509
 
 %ifarch aarch64
-%define driver_cert %{SOURCE101}
+%define driver_cert %{SOURCE110}
 %define kpatch_cert %{SOURCE111}
 %define nvidia_cert %{SOURCE115}
 %else
 %define driver_cert %{SOURCE100}
-%define kpatch_cert %{SOURCE110}
+%define kpatch_cert %{SOURCE101}
 %define nvidia_cert %{SOURCE105}
 %endif
 
@@ -3735,10 +3735,62 @@ fi
 #
 #
 %changelog
-* Tue Sep 24 2024 Release Engineering <releng@rockylinux.org> - 5.14.0-427.37.1
+* Wed Oct 16 2024 Release Engineering <releng@rockylinux.org> - 5.14.0-427.40.1
 - Porting to 9.4, debranding and Rocky branding
 - Ensure aarch64 kernel is not compressed
 
+* Fri Oct 04 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.40.1.el9_4]
+- gfs2: Fix NULL pointer dereference in gfs2_log_flush (CKI Backport Bot) [RHEL-51561 RHEL-51559] {CVE-2024-42079}
+- net: stmmac: Separate C22 and C45 transactions for xgmac (CKI Backport Bot) [RHEL-60274 RHEL-6297]
+- dmaengine: idxd: Check for driver name match before sva user feature (Jerry Snitselaar) [RHEL-47239 RHEL-44836 RHEL-46619]
+- ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-57609 RHEL-26722]
+- KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CKI Backport Bot) [RHEL-46428] {CVE-2024-39483}
+- vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-60567 RHEL-46609]
+- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-60567 RHEL-46609]
+- x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- redhat/configs: Enable x86 CONFIG_MITIGATION_RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- KVM/VMX: Move VERW closer to VMentry for MDS mitigation (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- x86/entry: Harden return-to-user (Prarit Bhargava) [RHEL-48713 RHEL-25415]
+- x86/entry: Optimize common_interrupt_return() (Prarit Bhargava) [RHEL-48713 RHEL-25415]
+- x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
+- sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-55112 RHEL-50682] {CVE-2024-42272}
+- sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) [RHEL-55112 RHEL-28816]
+- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CKI Backport Bot) [RHEL-41361] {CVE-2024-35989}
+- hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-42115 RHEL-37721] {CVE-2021-47385}
+
+* Fri Sep 27 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.39.1.el9_4]
+- mptcp: ensure snd_nxt is properly initialized on connect (cki-backport-bot) [RHEL-52474 RHEL-39867] {CVE-2024-36889}
+- ping: fix address binding wrt vrf (Antoine Tenart) [RHEL-57563 RHEL-50920]
+- net/mlx5: Add a timeout to acquire the command queue semaphore (Benjamin Poirier) [RHEL-44227 RHEL-44225] {CVE-2024-38556}
+- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48142 RHEL-48140] {CVE-2024-40959}
+- ionic: fix use after netif_napi_del() (Michal Schmidt) [RHEL-47636 RHEL-47634] {CVE-2024-39502}
+- ionic: clean interrupt before enabling queue to avoid credit race (Michal Schmidt) [RHEL-47636 RHEL-36065]
+- Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (Benjamin Poirier) [RHEL-42391 RHEL-24466] {CVE-2023-52658}
+- tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55075 RHEL-55074] {CVE-2024-42284}
+- x86: set FSRS automatically on AMD CPUs that have FSRM (Prarit Bhargava) [RHEL-56970 RHEL-25415]
+
+* Fri Sep 20 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.38.1.el9_4]
+- module: avoid allocation if module is already present and ready (Donald Dutile) [RHEL-52417]
+- module: move early sanity checks into a helper (Donald Dutile) [RHEL-52417]
+- module: extract patient module check into helper (Donald Dutile) [RHEL-52417]
+- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-58636 RHEL-39662]
+- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-58636 RHEL-39662]
+- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (cki-backport-bot) [RHEL-43472] {CVE-2024-36978}
+- netfilter: nft_flow_offload: release dst in case direct xmit path is used (Florian Westphal) [RHEL-38520 RHEL-33469]
+- netfilter: nft_flow_offload: reset dst in route object after setting up flow (Florian Westphal) [RHEL-38520 RHEL-33469] {CVE-2024-27403}
+- netfilter: flowtable: simplify route logic (Florian Westphal) [RHEL-38520 RHEL-33469]
+- net: psample: fix uninitialized metadata. (Adrian Moreno) [RHEL-56909]
+
 * Fri Sep 13 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.37.1.el9_4]
 - ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CKI Backport Bot) [RHEL-42783] {CVE-2024-26947}
 - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (Mamatha Inamdar) [RHEL-45537 RHEL-25055]
-- 
GitLab