Sync from SUSE:SLFO:Kernel:1.0 kernel-livepatch-MICRO-6-0_Update_2 revision e9153fd9440202c539f29e6206157215

2025-09-01 12:41:09 +02:00
55 changed files with 129 additions and 11 deletions
--- a/8
+++ b/8
@@ -4,7 +4,7 @@ ccflags-y += -I$(obj)

 obj-m := livepatch-@@RPMRELEASE@@.o

-livepatch-@@RPMRELEASE@@-y := uname_patch/livepatch_uname.o bsc1230998/livepatch_bsc1230998.o bsc1231196/livepatch_bsc1231196.o bsc1231204/livepatch_bsc1231204.o bsc1231993/bsc1231993_net_ipv4_tcp_input.o bsc1231993/bsc1231993_net_ipv4_tcp_output.o bsc1231993/livepatch_bsc1231993.o bsc1233679/livepatch_bsc1233679.o bsc1235452/livepatch_bsc1235452.o bsc1235916/livepatch_bsc1235916.o bsc1236783/livepatch_bsc1236783.o bsc1235218/livepatch_bsc1235218.o bsc1233677/livepatch_bsc1233677.o bsc1235008/livepatch_bsc1235008.o bsc1235431/livepatch_bsc1235431.o bsc1240840/livepatch_bsc1240840.o bsc1233019/livepatch_bsc1233019.o bsc1233678/bsc1233678_drivers_net_ethernet_mellanox_mlxsw_spectrum_span.o bsc1233678/bsc1233678_net_ipv4_ip_gre.o bsc1233678/bsc1233678_net_ipv4_ip_tunnel.o bsc1233678/livepatch_bsc1233678.o bsc1234847/livepatch_bsc1234847.o livepatch_main.o bsc1232900/livepatch_bsc1232900.o bsc1236701/livepatch_bsc1236701.o bsc1239077/livepatch_bsc1239077.o bsc1239096/livepatch_bsc1239096.o bsc1232908/livepatch_bsc1232908.o bsc1232927/livepatch_bsc1232927.o bsc1232929/livepatch_bsc1232929.o bsc1233245/livepatch_bsc1233245.o bsc1233680/livepatch_bsc1233680.o bsc1233708/livepatch_bsc1233708.o bsc1235062/livepatch_bsc1235062.o bsc1235086/livepatch_bsc1235086.o bsc1235129/livepatch_bsc1235129.o bsc1235231/livepatch_bsc1235231.o bsc1236244/livepatch_bsc1236244.o bsc1233118/livepatch_bsc1233118.o bsc1233227/livepatch_bsc1233227.o bsc1234854/livepatch_bsc1234854.o bsc1234885/livepatch_bsc1234885.o bsc1234892/livepatch_bsc1234892.o bsc1235005/livepatch_bsc1235005.o bsc1235769/livepatch_bsc1235769.o bsc1235921/livepatch_bsc1235921.o bsc1238912/livepatch_bsc1238912.o bsc1241579/livepatch_bsc1241579.o bsc1243648/livepatch_bsc1243648.o bsc1235250/livepatch_bsc1235250.o bsc1245793/livepatch_bsc1245793.o bsc1245797/livepatch_bsc1245797.o bsc1245804/livepatch_bsc1245804.o 
+livepatch-@@RPMRELEASE@@-y := uname_patch/livepatch_uname.o bsc1230998/livepatch_bsc1230998.o bsc1231196/livepatch_bsc1231196.o bsc1231204/livepatch_bsc1231204.o bsc1231993/bsc1231993_net_ipv4_tcp_input.o bsc1231993/bsc1231993_net_ipv4_tcp_output.o bsc1231993/livepatch_bsc1231993.o bsc1233679/livepatch_bsc1233679.o bsc1235452/livepatch_bsc1235452.o bsc1235916/livepatch_bsc1235916.o bsc1236783/livepatch_bsc1236783.o bsc1235218/livepatch_bsc1235218.o bsc1233677/livepatch_bsc1233677.o bsc1235008/livepatch_bsc1235008.o bsc1235431/livepatch_bsc1235431.o bsc1240840/livepatch_bsc1240840.o bsc1233019/livepatch_bsc1233019.o bsc1233678/bsc1233678_drivers_net_ethernet_mellanox_mlxsw_spectrum_span.o bsc1233678/bsc1233678_net_ipv4_ip_gre.o bsc1233678/bsc1233678_net_ipv4_ip_tunnel.o bsc1233678/livepatch_bsc1233678.o bsc1234847/livepatch_bsc1234847.o livepatch_main.o bsc1232900/livepatch_bsc1232900.o bsc1236701/livepatch_bsc1236701.o bsc1239077/livepatch_bsc1239077.o bsc1239096/livepatch_bsc1239096.o bsc1232908/livepatch_bsc1232908.o bsc1232927/livepatch_bsc1232927.o bsc1232929/livepatch_bsc1232929.o bsc1233245/livepatch_bsc1233245.o bsc1233680/livepatch_bsc1233680.o bsc1233708/livepatch_bsc1233708.o bsc1235062/livepatch_bsc1235062.o bsc1235086/livepatch_bsc1235086.o bsc1235129/livepatch_bsc1235129.o bsc1235231/livepatch_bsc1235231.o bsc1236244/livepatch_bsc1236244.o bsc1233118/livepatch_bsc1233118.o bsc1233227/livepatch_bsc1233227.o bsc1234854/livepatch_bsc1234854.o bsc1234885/livepatch_bsc1234885.o bsc1234892/livepatch_bsc1234892.o bsc1235005/livepatch_bsc1235005.o bsc1235769/livepatch_bsc1235769.o bsc1235921/livepatch_bsc1235921.o bsc1238912/livepatch_bsc1238912.o bsc1241579/livepatch_bsc1241579.o bsc1243648/livepatch_bsc1243648.o bsc1235250/livepatch_bsc1235250.o bsc1245793/livepatch_bsc1245793.o bsc1245797/livepatch_bsc1245797.o bsc1245804/livepatch_bsc1245804.o bsc1245218/livepatch_bsc1245218.o bsc1245350/livepatch_bsc1245350.o bsc1247350/livepatch_bsc1247350.o 

 default:
 	$(MAKE) -C $(KDIR) M=$(CURDIR) modules
@@ -114,3 +114,9 @@ CFLAGS_livepatch_bsc1245797.o += -Werror
 CFLAGS_bsc1245797/livepatch_bsc1245797.o += -Werror
 CFLAGS_livepatch_bsc1245804.o += -Werror
 CFLAGS_bsc1245804/livepatch_bsc1245804.o += -Werror
+CFLAGS_livepatch_bsc1245218.o += -Werror
+CFLAGS_bsc1245218/livepatch_bsc1245218.o += -Werror
+CFLAGS_livepatch_bsc1245350.o += -Werror
+CFLAGS_bsc1245350/livepatch_bsc1245350.o += -Werror
+CFLAGS_livepatch_bsc1247350.o += -Werror
+CFLAGS_bsc1247350/livepatch_bsc1247350.o += -Werror
--- a/bsc1230998.tar.bz2
+++ b/bsc1230998.tar.bz2
--- a/bsc1231196.tar.bz2
+++ b/bsc1231196.tar.bz2
--- a/bsc1231204.tar.bz2
+++ b/bsc1231204.tar.bz2
--- a/bsc1231993.tar.bz2
+++ b/bsc1231993.tar.bz2
--- a/bsc1232900.tar.bz2
+++ b/bsc1232900.tar.bz2
--- a/bsc1232908.tar.bz2
+++ b/bsc1232908.tar.bz2
--- a/bsc1232927.tar.bz2
+++ b/bsc1232927.tar.bz2
--- a/bsc1232929.tar.bz2
+++ b/bsc1232929.tar.bz2
--- a/bsc1233019.tar.bz2
+++ b/bsc1233019.tar.bz2
--- a/bsc1233118.tar.bz2
+++ b/bsc1233118.tar.bz2
--- a/bsc1233227.tar.bz2
+++ b/bsc1233227.tar.bz2
--- a/bsc1233245.tar.bz2
+++ b/bsc1233245.tar.bz2
--- a/bsc1233677.tar.bz2
+++ b/bsc1233677.tar.bz2
--- a/bsc1233678.tar.bz2
+++ b/bsc1233678.tar.bz2
--- a/bsc1233679.tar.bz2
+++ b/bsc1233679.tar.bz2
--- a/bsc1233680.tar.bz2
+++ b/bsc1233680.tar.bz2
--- a/bsc1233708.tar.bz2
+++ b/bsc1233708.tar.bz2
--- a/bsc1234847.tar.bz2
+++ b/bsc1234847.tar.bz2
--- a/bsc1234854.tar.bz2
+++ b/bsc1234854.tar.bz2
--- a/bsc1234885.tar.bz2
+++ b/bsc1234885.tar.bz2
--- a/bsc1234892.tar.bz2
+++ b/bsc1234892.tar.bz2
--- a/bsc1235005.tar.bz2
+++ b/bsc1235005.tar.bz2
--- a/bsc1235008.tar.bz2
+++ b/bsc1235008.tar.bz2
--- a/bsc1235062.tar.bz2
+++ b/bsc1235062.tar.bz2
--- a/bsc1235086.tar.bz2
+++ b/bsc1235086.tar.bz2
--- a/bsc1235129.tar.bz2
+++ b/bsc1235129.tar.bz2
--- a/bsc1235218.tar.bz2
+++ b/bsc1235218.tar.bz2
--- a/bsc1235231.tar.bz2
+++ b/bsc1235231.tar.bz2
--- a/bsc1235250.tar.bz2
+++ b/bsc1235250.tar.bz2
--- a/bsc1235431.tar.bz2
+++ b/bsc1235431.tar.bz2
--- a/bsc1235452.tar.bz2
+++ b/bsc1235452.tar.bz2
--- a/bsc1235769.tar.bz2
+++ b/bsc1235769.tar.bz2
--- a/bsc1235916.tar.bz2
+++ b/bsc1235916.tar.bz2
--- a/bsc1235921.tar.bz2
+++ b/bsc1235921.tar.bz2
--- a/bsc1236244.tar.bz2
+++ b/bsc1236244.tar.bz2
--- a/bsc1236701.tar.bz2
+++ b/bsc1236701.tar.bz2
--- a/bsc1236783.tar.bz2
+++ b/bsc1236783.tar.bz2
--- a/bsc1238912.tar.bz2
+++ b/bsc1238912.tar.bz2
--- a/bsc1239077.tar.bz2
+++ b/bsc1239077.tar.bz2
--- a/bsc1239096.tar.bz2
+++ b/bsc1239096.tar.bz2
--- a/bsc1240840.tar.bz2
+++ b/bsc1240840.tar.bz2
--- a/bsc1241579.tar.bz2
+++ b/bsc1241579.tar.bz2
--- a/bsc1243648.tar.bz2
+++ b/bsc1243648.tar.bz2
--- a/bsc1245218.tar.bz2
+++ b/bsc1245218.tar.bz2
--- a/bsc1245350.tar.bz2
+++ b/bsc1245350.tar.bz2
--- a/bsc1245793.tar.bz2
+++ b/bsc1245793.tar.bz2
--- a/bsc1245797.tar.bz2
+++ b/bsc1245797.tar.bz2
--- a/bsc1245804.tar.bz2
+++ b/bsc1245804.tar.bz2
--- a/bsc1247350.tar.bz2
+++ b/bsc1247350.tar.bz2
--- a/kernel-livepatch-MICRO-6-0_Update_2.changes
+++ b/kernel-livepatch-MICRO-6-0_Update_2.changes
@@ -1,9 +1,62 @@
+-------------------------------------------------------------------
+Fri Aug 15 06:40:41 CEST 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 4a38f63
+
+-------------------------------------------------------------------
+Thu Aug 14 10:52:36 CEST 2025 - nstange@suse.de
+
+- Revert "Remove the support for different flavors, take 2"
+  This reverts commit b9cd4812c513d94d75916b50ea06ffef6ce8cf5b.
+- commit 8c83f4c
+
+-------------------------------------------------------------------
+Tue Aug 12 12:05:22 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38494 ("HID: core: do not bypass hid_hw_raw_request")
+  Live patch for CVE-2025-38494. Upstream commit:
+- c2ca42f190b6 ("HID: core: do not bypass hid_hw_raw_request")
+  KLP: CVE-2025-38494
+  References: bsc#1247350 CVE-2025-38494
+- commit 23745e4
+
+-------------------------------------------------------------------
+Fri Aug  8 12:38:20 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38495 ("HID: core: ensure the allocated report buffer can contain the reserved report ID")
+  Live patch for CVE-2025-38495. Upstream commit:
+- 4f15ee98304b ("HID: core: ensure the allocated report buffer can contain the reserved report ID")
+  KLP: CVE-2025-38495
+  References: bsc#1247351 CVE-2025-38495
+- commit 34fe5aa
+
+-------------------------------------------------------------------
+Mon Aug  4 18:22:03 CEST 2025 - marco.crivellari@suse.com
+
+- Fix for CVE-2025-38079 ("crypto: algif_hash - fix double free in hash_accept")
+  Live patch for CVE-2025-38079. Upstream commit:
+- b2df03ed4052 ("crypto: algif_hash - fix double free in hash_accept")
+  KLP: CVE-2025-38079
+  References: bsc#1245218 CVE-2025-38079
+- commit b0df6f5
+
 -------------------------------------------------------------------
 Fri Aug  1 08:32:46 CEST 2025 - nstange@suse.de

 - Bump up the version number in spec file
 - commit 80f0135

+-------------------------------------------------------------------
+Thu Jul 31 15:30:08 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38083 ("net_sched: prio: fix a race in prio_tune()")
+  Live patch for CVE-2025-38083. Upstream commit:
+- d35acc1be348 ("net_sched: prio: fix a race in prio_tune()")
+  KLP: CVE-2025-38083
+  References: bsc#1245350 CVE-2025-38083
+- commit 22ac46f
+
 -------------------------------------------------------------------
 Mon Jul 28 17:33:44 CEST 2025 - vincenzo.mezzela@suse.com

@@ -149,6 +202,21 @@ Fri Jun 27 16:46:40 CEST 2025 - ali.abdallah@suse.de
  References: bsc#1238912 CVE-2025-21772
 - commit ff41df4

+-------------------------------------------------------------------
+Fri Jun 27 13:57:01 CEST 2025 - mbenes@suse.cz
+
+- Remove the support for different flavors, take 2
+  There is a support for different kernel flavors from the beginning in
+  our spec file. Originally, there were -default and -xen flavors.
+  However, it is questionable. A live patch is built against a very
+  specific kernel binary. Different flavors of the same kernel source can
+  be easily different also in this respect.
+  Remove it then. The build process is driven by "variant" macro deriving
+  from a branch name. We can stick with that. %klp_module_package defines
+  %flavor based on that. It also keeps %flavors_to_build definition for
+  older releases without this change.
+- commit b9cd481
+
 -------------------------------------------------------------------
 Thu Jun 26 16:50:56 CEST 2025 - ali.abdallah@suse.de

--- a/kernel-livepatch-MICRO-6-0_Update_2.spec
+++ b/kernel-livepatch-MICRO-6-0_Update_2.spec
@@ -20,7 +20,7 @@
 %define variant %{nil}

 Name:           kernel-livepatch-MICRO-6-0_Update_2
-Version:        9
+Version:        10
 Release:        1
 %define module_num %(echo %version-%release | sed 'y/\./_/')
 License:        GPL-2.0
@@ -79,9 +79,12 @@ Source48:	bsc1239096.tar.bz2
 Source49:	bsc1240840.tar.bz2
 Source50:	bsc1241579.tar.bz2
 Source51:	bsc1243648.tar.bz2
-Source52:	bsc1245793.tar.bz2
-Source53:	bsc1245797.tar.bz2
-Source54:	bsc1245804.tar.bz2
+Source52:	bsc1245218.tar.bz2
+Source53:	bsc1245350.tar.bz2
+Source54:	bsc1245793.tar.bz2
+Source55:	bsc1245797.tar.bz2
+Source56:	bsc1245804.tar.bz2
+Source57:	bsc1247350.tar.bz2
 %if "%variant" != ""
 BuildRequires:  kernel%variant-devel
 %endif
@@ -92,14 +95,14 @@ ExclusiveArch:	x86_64 s390x
 %description
 This is a live patch for SUSE Linux Enterprise Server kernel.

-Source timestamp: 2025-08-01 08:32:46 +0200
-GIT Revision: 80f0135cb09f4bb436ad31979920fe90ec8566fa
+Source timestamp: 2025-08-15 06:40:41 +0200
+GIT Revision: 4a38f63b7715e61fbfc664031d5ee474d4130ecb
 GIT Branch: MICRO-6-0_Update_2

 %prep
 %setup -c
 # Auto expanded KLP_PATCHES_SETUP_SOURCES:
-%setup -T -D -a 9 -a 10 -a 11 -a 12 -a 13 -a 14 -a 15 -a 16 -a 17 -a 18 -a 19 -a 20 -a 21 -a 22 -a 23 -a 24 -a 25 -a 26 -a 27 -a 28 -a 29 -a 30 -a 31 -a 32 -a 33 -a 34 -a 35 -a 36 -a 37 -a 38 -a 39 -a 40 -a 41 -a 42 -a 43 -a 44 -a 45 -a 46 -a 47 -a 48 -a 49 -a 50 -a 51 -a 52 -a 53 -a 54
+%setup -T -D -a 9 -a 10 -a 11 -a 12 -a 13 -a 14 -a 15 -a 16 -a 17 -a 18 -a 19 -a 20 -a 21 -a 22 -a 23 -a 24 -a 25 -a 26 -a 27 -a 28 -a 29 -a 30 -a 31 -a 32 -a 33 -a 34 -a 35 -a 36 -a 37 -a 38 -a 39 -a 40 -a 41 -a 42 -a 43 -a 44 -a 45 -a 46 -a 47 -a 48 -a 49 -a 50 -a 51 -a 52 -a 53 -a 54 -a 55 -a 56 -a 57
 cp %_sourcedir/livepatch_main.c .
 cp %_sourcedir/shadow.h .
 cp %_sourcedir/Makefile .
--- a/livepatch_main.c
+++ b/livepatch_main.c
@@ -68,9 +68,12 @@
 #include "bsc1240840/livepatch_bsc1240840.h"
 #include "bsc1241579/livepatch_bsc1241579.h"
 #include "bsc1243648/livepatch_bsc1243648.h"
+#include "bsc1245218/livepatch_bsc1245218.h"
+#include "bsc1245350/livepatch_bsc1245350.h"
 #include "bsc1245793/livepatch_bsc1245793.h"
 #include "bsc1245797/livepatch_bsc1245797.h"
 #include "bsc1245804/livepatch_bsc1245804.h"
+#include "bsc1247350/livepatch_bsc1247350.h"


 static struct klp_object objs[] = {
@@ -104,6 +107,16 @@ static struct klp_object objs[] = {
 			{ .old_name = __stringify(mac_partition), .new_func = klpp_mac_partition, },
 			{ .old_name = __stringify(pfifo_tail_enqueue), .new_func = klpp_pfifo_tail_enqueue, },
 			{ .old_name = __stringify(find_equal_scalars), .new_func = klpp_find_equal_scalars, },
+#if IS_ENABLED(CONFIG_HID)
+			{ .old_name = __stringify(__hid_request), .new_func = klpp___hid_request, },
+#endif
+			{ }
+		}
+	},
+	{
+		.name = "algif_hash",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(hash_accept), .new_func = klpp_hash_accept, },
 			{ }
 		}
 	},
@@ -273,6 +286,13 @@ static struct klp_object objs[] = {
 			{ }
 		}
 	},
+	{
+		.name = "sch_prio",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(prio_tune), .new_func = klpp_prio_tune, },
+			{ }
+		}
+	},
 	{
 		.name = "sch_sfq",
 		.funcs = (struct klp_func[]) {
@@ -532,6 +552,14 @@ static int __init klp_patch_init(void)
 	if (retval)
 		goto err_bsc1243648;

+	retval = livepatch_bsc1245218_init();
+	if (retval)
+		goto err_bsc1245218;
+
+	retval = livepatch_bsc1245350_init();
+	if (retval)
+		goto err_bsc1245350;
+
 	retval = livepatch_bsc1245793_init();
 	if (retval)
 		goto err_bsc1245793;
@@ -544,17 +572,27 @@ static int __init klp_patch_init(void)
 	if (retval)
 		goto err_bsc1245804;

+	retval = livepatch_bsc1247350_init();
+	if (retval)
+		goto err_bsc1247350;
+
 	retval = klp_enable_patch(&patch);
 	if (!retval)
 		return retval;

 	/* Auto expanded KLP_PATCHES_INIT_ERR_HANDLERS: */
+	livepatch_bsc1247350_cleanup();
+err_bsc1247350:
 	livepatch_bsc1245804_cleanup();
 err_bsc1245804:
 	livepatch_bsc1245797_cleanup();
 err_bsc1245797:
 	livepatch_bsc1245793_cleanup();
 err_bsc1245793:
+	livepatch_bsc1245350_cleanup();
+err_bsc1245350:
+	livepatch_bsc1245218_cleanup();
+err_bsc1245218:
 	livepatch_bsc1243648_cleanup();
 err_bsc1243648:
 	livepatch_bsc1241579_cleanup();
@@ -693,9 +731,12 @@ static void __exit klp_patch_cleanup(void)
 	livepatch_bsc1240840_cleanup();
 	livepatch_bsc1241579_cleanup();
 	livepatch_bsc1243648_cleanup();
+	livepatch_bsc1245218_cleanup();
+	livepatch_bsc1245350_cleanup();
 	livepatch_bsc1245793_cleanup();
 	livepatch_bsc1245797_cleanup();
 	livepatch_bsc1245804_cleanup();
+	livepatch_bsc1247350_cleanup();

 }

@@ -704,4 +745,4 @@ module_exit(klp_patch_cleanup);

 MODULE_LICENSE("GPL");
 MODULE_INFO(livepatch, "Y");
-MODULE_INFO(klpgitrev, "80f0135cb09f4bb436ad31979920fe90ec8566fa");
+MODULE_INFO(klpgitrev, "4a38f63b7715e61fbfc664031d5ee474d4130ecb");
--- a/4
+++ b/4
@@ -1,3 +1,3 @@
-2025-08-01 08:32:46 +0200
-GIT Revision: 80f0135cb09f4bb436ad31979920fe90ec8566fa
+2025-08-15 06:40:41 +0200
+GIT Revision: 4a38f63b7715e61fbfc664031d5ee474d4130ecb
 GIT Branch: MICRO-6-0_Update_2
--- a/uname_patch.tar.bz2
+++ b/uname_patch.tar.bz2