From b00c932ac61b855f87a7ddd4e9e73d730c64e626 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Sat, 25 Feb 2023 17:34:30 -0600 Subject: [PATCH] kernel-6.1.14-100 * Sat Feb 25 2023 Justin M. Forbes [6.1.14-0] - Linux v6.1.14 Resolves: Signed-off-by: Justin M. Forbes --- kernel.spec | 9 ++++++--- patch-6.1-redhat.patch | 45 ++---------------------------------------- sources | 6 +++--- 3 files changed, 11 insertions(+), 49 deletions(-) diff --git a/kernel.spec b/kernel.spec index cf6bce360..34c75b7ad 100755 --- a/kernel.spec +++ b/kernel.spec @@ -124,17 +124,17 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 # define buildid .local -%define specversion 6.1.13 +%define specversion 6.1.14 %define patchversion 6.1 %define pkgrelease 100 %define kversion 6 -%define tarfile_release 6.1.13 +%define tarfile_release 6.1.14 # This is needed to do merge window version magic %define patchlevel 1 # This allows pkg_release to have configurable %%{?dist} tag %define specrelease 100%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 6.1.13 +%define kabiversion 6.1.14 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -3178,6 +3178,9 @@ fi # # %changelog +* Sat Feb 25 2023 Justin M. Forbes [6.1.14-0] +- Linux v6.1.14 + * Wed Feb 22 2023 Justin M. Forbes [6.1.13-0] - Linux v6.1.13 diff --git a/patch-6.1-redhat.patch b/patch-6.1-redhat.patch index ee73eb8c5..f7afc9bf6 100644 --- a/patch-6.1-redhat.patch +++ b/patch-6.1-redhat.patch @@ -8,8 +8,6 @@ arch/x86/include/asm/pgtable_areas.h | 8 +- arch/x86/kernel/hw_breakpoint.c | 2 +- arch/x86/kernel/setup.c | 22 ++-- - arch/x86/kvm/vmx/nested.c | 11 ++ - arch/x86/kvm/vmx/vmx.c | 6 +- arch/x86/mm/cpu_entry_area.c | 46 +++++++- drivers/acpi/apei/hest.c | 8 ++ drivers/acpi/irq.c | 17 ++- @@ -40,10 +38,10 @@ security/lockdown/Kconfig | 13 +++ security/lockdown/lockdown.c | 1 + security/security.c | 6 + - 42 files changed, 534 insertions(+), 190 deletions(-) + 40 files changed, 519 insertions(+), 188 deletions(-) diff --git a/Makefile b/Makefile -index e51356b982f9..38e5ed779572 100644 +index 3e82a3224362..9dd0648927cf 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -234,45 +232,6 @@ index 892609cde4a2..ad9aa11ba3a0 100644 reserve_initrd(); -diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c -index 10c63b1bf92f..df8995977ec2 100644 ---- a/arch/x86/kvm/vmx/nested.c -+++ b/arch/x86/kvm/vmx/nested.c -@@ -4767,6 +4767,17 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, - - vmx_switch_vmcs(vcpu, &vmx->vmcs01); - -+ /* -+ * If IBRS is advertised to the vCPU, KVM must flush the indirect -+ * branch predictors when transitioning from L2 to L1, as L1 expects -+ * hardware (KVM in this case) to provide separate predictor modes. -+ * Bare metal isolates VMX root (host) from VMX non-root (guest), but -+ * doesn't isolate different VMCSs, i.e. in this case, doesn't provide -+ * separate modes for L2 vs L1. -+ */ -+ if (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) -+ indirect_branch_prediction_barrier(); -+ - /* Update any VMCS fields that might have changed while L2 ran */ - vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr); - vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr); -diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c -index 4ae248e87f5e..95ed874fbbcc 100644 ---- a/arch/x86/kvm/vmx/vmx.c -+++ b/arch/x86/kvm/vmx/vmx.c -@@ -1348,8 +1348,10 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, - - /* - * No indirect branch prediction barrier needed when switching -- * the active VMCS within a guest, e.g. on nested VM-Enter. -- * The L1 VMM can protect itself with retpolines, IBPB or IBRS. -+ * the active VMCS within a vCPU, unless IBRS is advertised to -+ * the vCPU. To minimize the number of IBPBs executed, KVM -+ * performs IBPB on nested VM-Exit (a single nested transition -+ * may switch the active VMCS multiple times). - */ - if (!buddy || WARN_ON_ONCE(buddy->vmcs != prev)) - indirect_branch_prediction_barrier(); diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c index 6c2f1b76a0b6..20844cf141fb 100644 --- a/arch/x86/mm/cpu_entry_area.c diff --git a/sources b/sources index ef4017dc4..540378f74 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-6.1.13.tar.xz) = 3bc9f550d1ab0fe39585c1df1a9ea0b155ec170fb3d65f08449fcbbdf239b3266b088fc4f47f057f181d0282ff28aa20bd7d7c5b4b35cffb555372ef826ee96a -SHA512 (kernel-abi-stablelists-6.1.13.tar.bz2) = db07c81a5c0a9a5dde00476662b0774f8d951a5b1b98cd45c2b2d132cb93cb18c8e2efe858202232ca25a83762318f27b7584c14fc659b0d818becfebb693d22 -SHA512 (kernel-kabi-dw-6.1.13.tar.bz2) = 98d52d05e6aa6fee9bd0e7af48d25ebd9dd8a71988d9f260414eb138f3259957ba404317106d720b515165d0826ef1e075d30cc5bce635a475f0fea4b0c6b90b +SHA512 (linux-6.1.14.tar.xz) = 3ed9f882ccfb10bc3deb27a111d49afb9b171e740d75169c94415474a2945331b97e85b05573064e4a052ebcdd124e001e6b22694aaee1035ecd52a0e5e325c0 +SHA512 (kernel-abi-stablelists-6.1.14.tar.bz2) = cf72d128c4ae9c1eb075fac3604d90bf4e48e61bb987c7df0e73b4dfb5329dd54b0117422b90516d7bbe266f097835facb619bd66958a7cb45b1f2fcc0584dd9 +SHA512 (kernel-kabi-dw-6.1.14.tar.bz2) = 221c668cffd283f69df51282dbfcf923f1be8cf12d8b094892da4aa8995a900fc7a0494e962322383f3069acf4beba0d8fbcb98c36342cf3e34be9614337c40a