From a9025b3e13df8a4f748542d9ea1e91ae845fd730 Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Tue, 27 Feb 2024 15:06:41 +0800
Subject: [PATCH 1/2] update to kernel-4.18.0-513.18.1.src.rpm

Signed-off-by: Zhao Hang <wb-zh951434@alibaba-inc.com>
---
 download                                      |   6 +-
 kernel.spec                                   | 218 ++++++++++++++++--
 ...es-causes-kernel-compilation-to-fail.patch |  11 -
 3 files changed, 197 insertions(+), 38 deletions(-)
 delete mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/download b/download
index a46cd2e..2695efc 100644
--- a/download
+++ b/download
@@ -1,3 +1,3 @@
-3aeb82d0f479dba60edcb89ced26479f  kernel-abi-stablelists-4.18.0-513.tar.bz2
-5b2eae229b93fa3dbf0eebd0e8d0e199  kernel-kabi-dw-4.18.0-513.tar.bz2
-a0664573a2bf07ebf83621b3381a6b4c  linux-4.18.0-513.9.1.el8_9.tar.xz
+ce1e246ad5a0f308763e9916f49cb0aa  kernel-abi-stablelists-4.18.0-513.tar.bz2
+3b72250caeb2cd72341729dc46acd753  kernel-kabi-dw-4.18.0-513.tar.bz2
+d9588f7041abacfad61db30a5baded17  linux-4.18.0-513.18.1.el8_9.tar.xz
diff --git a/kernel.spec b/kernel.spec
index dcb44ad..e3afa14 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,6 +1,5 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
-%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -38,11 +37,11 @@
 
 # define buildid .local
 
-%define rpmversion 4.18.0
-%define pkgrelease 513.9.1.el8_9
+%define specversion 4.18.0
+%define pkgrelease 513.18.1.el8_9
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 513.9.1%{anolis_release}%{?dist}
+%define specrelease 513.18.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -329,7 +328,7 @@ Name: kernel%{?variant}
 Group: System Environment/Kernel
 License: GPLv2 and Redistributable, no modification permitted
 URL: http://www.kernel.org/
-Version: %{rpmversion}
+Version: %{specversion}
 Release: %{pkg_release}
 Summary: The Linux kernel, based on version %{version}, heavily modified with backports
 %if %{with_realtime}
@@ -436,7 +435,7 @@ BuildRequires: xmlto
 BuildRequires: asciidoc
 %endif
 
-Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz
+Source0: linux-%{specversion}-%{pkgrelease}.tar.xz
 
 Source9: x509.genkey
 
@@ -523,8 +522,8 @@ Source211: Module.kabi_dup_ppc64le
 Source212: Module.kabi_dup_s390x
 Source213: Module.kabi_dup_x86_64
 
-Source300: kernel-abi-stablelists-%{rpmversion}-%{distro_build}.tar.bz2
-Source301: kernel-kabi-dw-%{rpmversion}-%{distro_build}.tar.bz2
+Source300: kernel-abi-stablelists-%{specversion}-%{distro_build}.tar.bz2
+Source301: kernel-kabi-dw-%{specversion}-%{distro_build}.tar.bz2
 %endif
 
 %if %{with_realtime}
@@ -545,7 +544,6 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
-Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -571,8 +569,8 @@ enterprise customers, etc.
 # macros defined above.
 #
 %define kernel_reqprovconf \
-Provides: %{name} = %{rpmversion}-%{pkg_release}\
-Provides: %{name}-%{_target_cpu} = %{rpmversion}-%{pkg_release}%{?1:+%{1}}\
+Provides: %{name} = %{specversion}-%{pkg_release}\
+Provides: %{name}-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:+%{1}}\
 Provides: kernel-drm-nouveau = 16\
 Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 Requires(pre): %{kernel_prereq}\
@@ -615,8 +613,8 @@ Group: Development/System
 Obsoletes: glibc-kernheaders < 3.0-46
 Provides: glibc-kernheaders = 3.0-46
 %if "0%{?variant}"
-Obsoletes: kernel-headers < %{rpmversion}-%{pkg_release}
-Provides: kernel-headers = %{rpmversion}-%{pkg_release}
+Obsoletes: kernel-headers < %{specversion}-%{pkg_release}
+Provides: kernel-headers = %{specversion}-%{pkg_release}
 %endif
 %description headers
 Kernel-headers includes the C header files that specify the interface
@@ -812,7 +810,7 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
-Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
+Obsoletes: %{name}-abi-whitelists < %{specversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
 The kABI package contains information pertaining to the Red Hat Enterprise
@@ -1097,13 +1095,12 @@ ApplyOptionalPatch()
   fi
 }
 
-%setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c
-mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
+%setup -q -n %{name}-%{specversion}-%{pkgrelease} -c
+mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
-%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -1187,7 +1184,7 @@ done
 %endif
 
 cp %{SOURCE42} .
-./process_configs.sh -w -c %{name} %{rpmversion} %{?cross_opts}
+./process_configs.sh -w -c %{name} %{specversion} %{?cross_opts}
 
 # end of kernel config
 %endif
@@ -1993,7 +1990,7 @@ find Documentation -type d | xargs chmod u+w
 cd linux-%{KVERREL}
 
 %if %{with_doc}
-docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}
+docdir=$RPM_BUILD_ROOT%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}
 
 # copy the source over
 mkdir -p $docdir
@@ -2470,9 +2467,9 @@ fi
 %if %{with_doc}
 %files doc
 %defattr(-,root,root)
-%{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation/*
-%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}/Documentation
-%dir %{_datadir}/doc/kernel-doc-%{rpmversion}-%{pkgrelease}
+%{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation/*
+%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}/Documentation
+%dir %{_datadir}/doc/kernel-doc-%{specversion}-%{pkgrelease}
 %endif
 
 %if %{with_perf}
@@ -2699,8 +2696,181 @@ fi
 #
 #
 %changelog
-* Tue Dec 26 2023 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-513.9.1.0.1
-- kernel:repair dwarves causes kernel compilation to fail
+* Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]
+- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
+- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
+- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
+- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
+- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
+- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
+- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
+- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007]
+- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817}
+
+* Thu Jan 25 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.17.1.el8_9]
+- redhat: rewrite genlog and support Y- tags (Jan Stancek)
+- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606}
+- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410]
+- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944]
+- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128]
+
+* Thu Jan 18 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.16.1.el8_9]
+- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142]
+- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142]
+- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142]
+- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142]
+- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142]
+- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142]
+- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
+- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
+- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244]
+- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073}
+- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831]
+- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055]
+
+* Thu Jan 11 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.15.1.el8_9]
+- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244]
+- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244]
+- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
+- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
+- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
+- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
+
+* Thu Jan 04 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.14.1.el8_9]
+- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19452 RHEL-6567] {CVE-2022-3545}
+- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (David Marlin) [RHEL-18999 RHEL-1231] {CVE-2023-40283}
+- md/raid5: release batch_last before waiting for another stripe_head (Nigel Croxon) [RHEL-12284 RHEL-9875]
+
+* Thu Dec 21 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.13.1.el8_9]
+- Fix double fget() in vhost_net_set_backend() (Jon Maloy) [RHEL-13212 RHEL-7162] {CVE-2023-1838}
+- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19462 RHEL-6429] {CVE-2023-2166}
+- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
+- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
+- net: fix net device address assign type (Michal Schmidt) [RHEL-17296 RHEL-6383]
+- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17296 RHEL-6383]
+- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
+- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
+- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18583 RHEL-6655] {CVE-2022-41858}
+
+* Thu Dec 14 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.12.1.el8_9]
+- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
+- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
+- net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
+- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
+- net/tls: Remove the context from the list in tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
+- tls: Fix context leak on tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
+- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15187 RHEL-15188] {CVE-2023-45871}
+
+* Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9]
+- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)
+- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]
+- KVM: x86: Add SBPB support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- KVM: x86: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/CPU/AMD: Remove amd_get_topology_early() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Add IBPB (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/microcode/AMD: Load late on both threads too (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86/returnthunk: Allow different return thunks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- x86: Sanitize linker script (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- objtool: Fix .return_sites generation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
+- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
+
+* Fri Nov 24 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.10.1.el8_9]
+- pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (Scott Mayhew) [RHEL-16407 RHEL-4969]
+- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
+- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
+- KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Peter Xu) [RHEL-15121 RHEL-7210]
+- netfilter: conntrack: Fix gre tunneling over ipv6 (Florian Westphal) [RHEL-15259 RHEL-12497]
+- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8443 RHEL-8444] {CVE-2023-42753}
+- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-15096 RHEL-15023]
+- redhat: change builder image to rhel-8.9 (Michael Hofmann)
+- net: openvswitch: add support for l4 symmetric hashing (Antoine Tenart) [RHEL-12746 RHEL-10498]
+- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16388 RHEL-2574] {CVE-2023-4622}
 
 * Thu Nov 16 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.9.1.el8_9]
 - ice: reset first in crash dump kernels (Petr Oros) [2244625 2139761]
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
deleted file mode 100644
index 74f4020..0000000
--- a/repair-dwarves-causes-kernel-compilation-to-fail.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
-+++ Makefile	2023-02-22 15:37:33.069118145 +0800
-@@ -378,7 +378,7 @@
- STRIP		= $(CROSS_COMPILE)strip
- OBJCOPY		= $(CROSS_COMPILE)objcopy
- OBJDUMP		= $(CROSS_COMPILE)objdump
--PAHOLE		= pahole
-+PAHOLE		= pahole --skip_encoding_btf_enum64
- RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
- LEX		= flex
- YACC		= bison
-- 
Gitee


From 0601318177de5967c237a0030ce4232088c955a6 Mon Sep 17 00:00:00 2001
From: liuxiaoping <lxp01404969@alibaba-inc.com>
Date: Wed, 22 Feb 2023 15:53:19 +0800
Subject: [PATCH 2/2] kernel:repair dwarves causes kernel compilation to fail

---
 kernel.spec                                           |  8 +++++++-
 ...ir-dwarves-causes-kernel-compilation-to-fail.patch | 11 +++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 repair-dwarves-causes-kernel-compilation-to-fail.patch

diff --git a/kernel.spec b/kernel.spec
index e3afa14..4d94bb3 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1,5 +1,6 @@
 # We have to override the new %%install behavior because, well... the kernel is special.
 %global __spec_install_pre %{___build_pre}
+%define anolis_release .0.1
 
 # At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
 # compression for rpms (xz, level 2).
@@ -41,7 +42,7 @@
 %define pkgrelease 513.18.1.el8_9
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 513.18.1%{?dist}
+%define specrelease 513.18.1%{anolis_release}%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -544,6 +545,7 @@ Source4001: rpminspect.yaml
 
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
+Patch1000: repair-dwarves-causes-kernel-compilation-to-fail.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1101,6 +1103,7 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
 cd linux-%{KVERREL}
 
 ApplyOptionalPatch linux-kernel-test.patch
+%patch1000 -p0 -b .repair-dwarves-causes-kernel-compilation-to-fail
 
 # END OF PATCH APPLICATIONS
 
@@ -2696,6 +2699,9 @@ fi
 #
 #
 %changelog
+* Tue Feb 27 2024 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 4.18.0-513.18.1.0.1
+- kernel:repair dwarves causes kernel compilation to fail
+
 * Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]
 - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
 - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
diff --git a/repair-dwarves-causes-kernel-compilation-to-fail.patch b/repair-dwarves-causes-kernel-compilation-to-fail.patch
new file mode 100644
index 0000000..74f4020
--- /dev/null
+++ b/repair-dwarves-causes-kernel-compilation-to-fail.patch
@@ -0,0 +1,11 @@
+--- Makefile.orig	2022-10-07 22:45:37.000000000 +0800
++++ Makefile	2023-02-22 15:37:33.069118145 +0800
+@@ -378,7 +378,7 @@
+ STRIP		= $(CROSS_COMPILE)strip
+ OBJCOPY		= $(CROSS_COMPILE)objcopy
+ OBJDUMP		= $(CROSS_COMPILE)objdump
+-PAHOLE		= pahole
++PAHOLE		= pahole --skip_encoding_btf_enum64
+ RESOLVE_BTFIDS	= $(objtree)/tools/bpf/resolve_btfids/resolve_btfids
+ LEX		= flex
+ YACC		= bison
-- 
Gitee