Sync from SUSE:SLFO:Kernel:1.0 kernel-livepatch-MICRO-6-0_Update_8 revision 52ed314d857269541e6c828266638b9f

Makefile

@@ -4,7 +4,7 @@ ccflags-y += -I$(obj)
 
 obj-m := livepatch-@@RPMRELEASE@@.o
 
-livepatch-@@RPMRELEASE@@-y := uname_patch/livepatch_uname.o livepatch_main.o bsc1245776/livepatch_bsc1245776.o bsc1245793/livepatch_bsc1245793.o bsc1245797/livepatch_bsc1245797.o 
+livepatch-@@RPMRELEASE@@-y := uname_patch/livepatch_uname.o livepatch_main.o bsc1248400/livepatch_bsc1248400.o bsc1248631/livepatch_bsc1248631.o bsc1248670/livepatch_bsc1248670.o bsc1248672/livepatch_bsc1248672.o bsc1249207/livepatch_bsc1249207.o bsc1249208/livepatch_bsc1249208.o bsc1249241/bsc1249241_net_ipv6_ip6_fib.o bsc1249241/bsc1249241_net_ipv6_route.o bsc1249537/bsc1249537_net_tls_tls_strp.o bsc1249537/bsc1249537_net_tls_tls_sw.o bsc1250192/livepatch_bsc1250192.o bsc1253437/bsc1253437_net_sctp_sm_make_chunk.o bsc1253437/bsc1253437_net_sctp_sm_statefuns.o bsc1245505/livepatch_bsc1245505.o bsc1245509/livepatch_bsc1245509.o bsc1245685/livepatch_bsc1245685.o bsc1246001/livepatch_bsc1246001.o bsc1246030/livepatch_bsc1246030.o bsc1246075/livepatch_bsc1246075.o bsc1247158/bsc1247158_fs_anon_inodes.o bsc1247158/bsc1247158_mm_secretmem.o bsc1247158/livepatch_bsc1247158.o bsc1247315/livepatch_bsc1247315.o bsc1247351/livepatch_bsc1247351.o bsc1247452/livepatch_bsc1247452.o bsc1247499/livepatch_bsc1247499.o bsc1248298/livepatch_bsc1248298.o bsc1248376/livepatch_bsc1248376.o bsc1248673/livepatch_bsc1248673.o bsc1248749/livepatch_bsc1248749.o bsc1249458/livepatch_bsc1249458.o bsc1249534/livepatch_bsc1249534.o bsc1251203/livepatch_bsc1251203.o bsc1251787/livepatch_bsc1251787.o bsc1244235/livepatch_bsc1244235.o 
 
 default:
 	$(MAKE) -C $(KDIR) M=$(CURDIR) modules
@@ -12,9 +12,73 @@ default:
 clean:
 	$(MAKE) -C $(KDIR) M=$(CURDIR) clean
 
-CFLAGS_livepatch_bsc1245776.o += -Werror
-CFLAGS_bsc1245776/livepatch_bsc1245776.o += -Werror
-CFLAGS_livepatch_bsc1245793.o += -Werror
-CFLAGS_bsc1245793/livepatch_bsc1245793.o += -Werror
-CFLAGS_livepatch_bsc1245797.o += -Werror
-CFLAGS_bsc1245797/livepatch_bsc1245797.o += -Werror
+CFLAGS_livepatch_bsc1248400.o += -Werror
+CFLAGS_bsc1248400/livepatch_bsc1248400.o += -Werror
+CFLAGS_livepatch_bsc1248631.o += -Werror
+CFLAGS_bsc1248631/livepatch_bsc1248631.o += -Werror
+CFLAGS_livepatch_bsc1248670.o += -Werror
+CFLAGS_bsc1248670/livepatch_bsc1248670.o += -Werror
+CFLAGS_livepatch_bsc1248672.o += -Werror
+CFLAGS_bsc1248672/livepatch_bsc1248672.o += -Werror
+CFLAGS_livepatch_bsc1249207.o += -Werror
+CFLAGS_bsc1249207/livepatch_bsc1249207.o += -Werror
+CFLAGS_livepatch_bsc1249208.o += -Werror
+CFLAGS_bsc1249208/livepatch_bsc1249208.o += -Werror
+CFLAGS_bsc1249241_net_ipv6_ip6_fib.o += -Werror
+CFLAGS_bsc1249241/bsc1249241_net_ipv6_ip6_fib.o += -Werror
+CFLAGS_bsc1249241_net_ipv6_route.o += -Werror
+CFLAGS_bsc1249241/bsc1249241_net_ipv6_route.o += -Werror
+CFLAGS_bsc1249537_net_tls_tls_strp.o += -Werror
+CFLAGS_bsc1249537/bsc1249537_net_tls_tls_strp.o += -Werror
+CFLAGS_bsc1249537_net_tls_tls_sw.o += -Werror
+CFLAGS_bsc1249537/bsc1249537_net_tls_tls_sw.o += -Werror
+CFLAGS_livepatch_bsc1250192.o += -Werror
+CFLAGS_bsc1250192/livepatch_bsc1250192.o += -Werror
+CFLAGS_bsc1253437_net_sctp_sm_make_chunk.o += -Werror
+CFLAGS_bsc1253437/bsc1253437_net_sctp_sm_make_chunk.o += -Werror
+CFLAGS_bsc1253437_net_sctp_sm_statefuns.o += -Werror
+CFLAGS_bsc1253437/bsc1253437_net_sctp_sm_statefuns.o += -Werror
+CFLAGS_livepatch_bsc1245505.o += -Werror
+CFLAGS_bsc1245505/livepatch_bsc1245505.o += -Werror
+CFLAGS_livepatch_bsc1245509.o += -Werror
+CFLAGS_bsc1245509/livepatch_bsc1245509.o += -Werror
+CFLAGS_livepatch_bsc1245685.o += -Werror
+CFLAGS_bsc1245685/livepatch_bsc1245685.o += -Werror
+CFLAGS_livepatch_bsc1246001.o += -Werror
+CFLAGS_bsc1246001/livepatch_bsc1246001.o += -Werror
+CFLAGS_livepatch_bsc1246030.o += -Werror
+CFLAGS_bsc1246030/livepatch_bsc1246030.o += -Werror
+CFLAGS_livepatch_bsc1246075.o += -Werror
+CFLAGS_bsc1246075/livepatch_bsc1246075.o += -Werror
+CFLAGS_bsc1247158_mm_secretmem.o += -Werror
+CFLAGS_bsc1247158/bsc1247158_mm_secretmem.o += -Werror
+CFLAGS_bsc1247158_fs_anon_inodes.o += -Werror
+CFLAGS_bsc1247158/bsc1247158_fs_anon_inodes.o += -Werror
+CFLAGS_livepatch_bsc1247158.o += -Werror
+CFLAGS_bsc1247158/livepatch_bsc1247158.o += -Werror
+CFLAGS_livepatch_bsc1247315.o += -Werror
+CFLAGS_bsc1247315/livepatch_bsc1247315.o += -Werror
+CFLAGS_livepatch_bsc1247351.o += -Werror
+CFLAGS_bsc1247351/livepatch_bsc1247351.o += -Werror
+CFLAGS_livepatch_bsc1247452.o += -Werror
+CFLAGS_bsc1247452/livepatch_bsc1247452.o += -Werror
+CFLAGS_livepatch_bsc1247499.o += -Werror
+CFLAGS_bsc1247499/livepatch_bsc1247499.o += -Werror
+CFLAGS_livepatch_bsc1248298.o += -Werror
+CFLAGS_bsc1248298/livepatch_bsc1248298.o += -Werror
+CFLAGS_livepatch_bsc1248376.o += -Werror
+CFLAGS_bsc1248376/livepatch_bsc1248376.o += -Werror
+CFLAGS_livepatch_bsc1248673.o += -Werror
+CFLAGS_bsc1248673/livepatch_bsc1248673.o += -Werror
+CFLAGS_livepatch_bsc1248749.o += -Werror
+CFLAGS_bsc1248749/livepatch_bsc1248749.o += -Werror
+CFLAGS_livepatch_bsc1249458.o += -Werror
+CFLAGS_bsc1249458/livepatch_bsc1249458.o += -Werror
+CFLAGS_livepatch_bsc1249534.o += -Werror
+CFLAGS_bsc1249534/livepatch_bsc1249534.o += -Werror
+CFLAGS_livepatch_bsc1251203.o += -Werror
+CFLAGS_bsc1251203/livepatch_bsc1251203.o += -Werror
+CFLAGS_livepatch_bsc1251787.o += -Werror
+CFLAGS_bsc1251787/livepatch_bsc1251787.o += -Werror
+CFLAGS_livepatch_bsc1244235.o += -Werror
+CFLAGS_bsc1244235/livepatch_bsc1244235.o += -Werror

kernel-livepatch-MICRO-6-0_Update_8.changes

@@ -1,9 +1,513 @@
+-------------------------------------------------------------------
+Tue Jan 20 15:55:29 CET 2026 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 805dc86
+
+-------------------------------------------------------------------
+Tue Jan 20 12:36:20 CET 2026 - nstange@suse.de
+
+- bsc#1249241: fix addr_bit_set() issue on big-endian machines
+  BITOP_BE32_SWIZZLE ought to be defined depending on the target's
+  endianess, but the livepatch includes only the little-endian variant.
+  Fix that.
+  References: bsc#1249241 bsc#1256928
+- commit 3fedcee
+
+-------------------------------------------------------------------
+Fri Jan 16 08:45:02 CET 2026 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 8c7e8e8
+
+-------------------------------------------------------------------
+Mon Jan 12 11:44:44 CET 2026 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-40204 ("sctp: Fix MAC comparison to be constant-time")
+  Live patch for CVE-2025-40204. Upstream commit:
+- dd91c79e4f58 ("sctp: Fix MAC comparison to be constant-time")
+  KLP: CVE-2025-40204
+  References: bsc#1253437 CVE-2025-40204
+- commit 9ddb903
+
+-------------------------------------------------------------------
+Fri Jan  9 18:40:40 CET 2026 - mpdesouza@suse.com
+
+- Fix for CVE-2025-38572 ("ipv6: reject malicious packets in ipv6_gso_segment()")
+  Live patch for CVE-2025-38572. Upstream commits:
+- ae50ea52bdd7 ("net: add debug check in skb_reset_transport_header()")
+- d45cf1e7d718 ("ipv6: reject malicious packets in ipv6_gso_segment()")
+  KLP: CVE-2025-38572
+  References: bsc#1248400 CVE-2025-38572
+- commit 390fc80
+
+-------------------------------------------------------------------
+Fri Jan  2 14:53:26 CET 2026 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38608 ("bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls")
+  Live patch for CVE-2025-38608. Upstream commit:
+- 178f6a5c8cb3 ("bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls")
+  KLP: CVE-2025-38608
+  References: bsc#1248670 CVE-2025-38608
+- commit 43d3fcf
+
+-------------------------------------------------------------------
+Fri Dec 26 06:29:40 CET 2025 - lidong.zhong@suse.com
+
+- Fix for CVE-2025-39682 ("tls: fix handling of zero-length records on the rx_list")
+  Live patch for CVE-2025-39682. Upstream commit:
+- 62708b9452f8 ("tls: fix handling of zero-length records on the rx_list")
+  KLP: CVE-2025-39682
+  References: bsc#1250192 CVE-2025-39682
+- commit 2993616
+
+-------------------------------------------------------------------
+Sat Dec 20 05:41:41 CET 2025 - fernando.gonzalez@suse.com
+
+- Fix for CVE-2023-53676 ("scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()")
+  Live patch for CVE-2023-53676. Upstream commit:
+- 801f287c93ff ("scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()")
+  KLP: CVE-2023-53676
+  References: bsc#1251787 CVE-2023-53676
+- commit c527e12
+
+-------------------------------------------------------------------
+Fri Dec 12 10:43:01 CET 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38476 ("rpl: Fix use-after-free in rpl_do_srh_inline().")
+  Live patch for CVE-2025-38476. Upstream commit:
+- b640daa2822a ("rpl: Fix use-after-free in rpl_do_srh_inline().")
+  KLP: CVE-2025-38476
+  References: bsc#1251203 CVE-2025-38476
+- commit 9298f22
+
+-------------------------------------------------------------------
+Thu Dec 11 18:35:42 CET 2025 - mpdesouza@suse.com
+
+- Fix for CVE-2025-38588 ("ipv6: prevent infinite loop in rt6_nlmsg_size()")
+  Live patch for CVE-2025-38588. Upstream commit:
+- 54e6fe9dd3b0 ("ipv6: prevent infinite loop in rt6_nlmsg_size()")
+  KLP: CVE-2025-38588
+  References: bsc#1249241 CVE-2025-38588
+- commit 6db11a8
+
+-------------------------------------------------------------------
+Fri Nov 21 09:44:53 CET 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 17b5f7d
+
+-------------------------------------------------------------------
+Fri Nov 14 16:38:47 CET 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38616 ("tls: handle data disappearing from under the TLS ULP")
+  Live patch for CVE-2025-38616. Upstream commits:
+- 6db015fc4b5d ("tls: handle data disappearing from under the TLS ULP")
+  KLP: CVE-2025-38616
+  References: bsc#1249537 CVE-2025-38616
+- commit eb23d17
+
+-------------------------------------------------------------------
+Thu Nov 13 11:38:58 CET 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38500 ("xfrm: interface: fix use-after-free after changing collect_md xfrm interface")
+  Live patch for CVE-2025-38500. Upstream commit:
+- a90b2a1aaacb ("xfrm: interface: fix use-after-free after changing collect_md xfrm interface")
+  KLP: CVE-2025-38500
+  References: bsc#1248672 CVE-2025-38500
+- commit 3958092
+
+-------------------------------------------------------------------
+Thu Oct 30 10:13:10 CET 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 9913e29
+
+-------------------------------------------------------------------
+Wed Oct 29 11:41:55 CET 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38664 ("ice: Fix a null pointer dereference in ice_copy_and_init_pkg()")
+  Live patch for CVE-2025-38664. Upstream commit:
+- 4ff12d82dac1 ("ice: Fix a null pointer dereference in ice_copy_and_init_pkg()")
+  KLP: CVE-2025-38664
+  References: bsc#1248631 CVE-2025-38664
+- commit 1c1ab21
+
+-------------------------------------------------------------------
+Mon Oct 27 17:35:07 CET 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38617 ("net/packet: fix a race in packet_set_ring() and packet_notifier()")
+  Live patch for CVE-2025-38617. Upstream commit:
+- 01d3c8417b9c ("net/packet: fix a race in packet_set_ring() and packet_notifier()")
+  KLP: CVE-2025-38617
+  References: bsc#1249208 CVE-2025-38617
+- commit f7bea4a
+
+-------------------------------------------------------------------
+Tue Oct 21 08:58:42 CEST 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38618 ("vsock: Do not allow binding to VMADDR_PORT_ANY")
+  Live patch for CVE-2025-38618. Upstream commit:
+- aba0c94f61ec ("vsock: Do not allow binding to VMADDR_PORT_ANY")
+  KLP: CVE-2025-38618
+  References: bsc#1249207 CVE-2025-38618
+- commit 8e242ac
+
+-------------------------------------------------------------------
+Fri Oct 17 09:31:13 CEST 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 4c4b42e
+
+-------------------------------------------------------------------
+Wed Oct 15 18:14:08 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38678 ("netfilter: nf_tables: reject duplicate device on updates")
+  Live patch for CVE-2025-38678. Upstream commit:
+- cf5fb87fcdaa ("netfilter: nf_tables: reject duplicate device on updates")
+  KLP: CVE-2025-38678
+  References: bsc#1249534 CVE-2025-38678
+- commit c3d6ac9
+
+-------------------------------------------------------------------
+Fri Oct 10 03:58:09 CEST 2025 - lidong.zhong@suse.com
+
+- Fix for CVE-2025-38499 ("clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns")
+  Live patch for CVE-2025-38499. Upstream commit:
+- c28f922c9dce ("clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns")
+  KLP: CVE-2025-38499
+  References: bsc#1248673 CVE-2025-38499
+- commit cba321a
+
+-------------------------------------------------------------------
+Tue Oct  7 17:50:17 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38396 ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
+  Live patch for CVE-2025-38396. Upstream commit:
+- cbe4134ea4bc ("fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass")
+  KLP: CVE-2025-38396
+  References: bsc#1247158 CVE-2025-38396
+- commit beb608a
+
+-------------------------------------------------------------------
+Mon Oct  6 15:00:24 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38566 ("sunrpc: fix handling of server side tls alerts")
+  Live patch for CVE-2025-38566. Upstream commit:
+- bee47cb026e7 ("sunrpc: fix handling of server side tls alerts")
+  KLP: CVE-2025-38566
+  References: bsc#1248376 CVE-2025-38566
+- commit f1e26eb
+
+-------------------------------------------------------------------
+Fri Oct  3 11:19:04 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38110 ("net/mdiobus: Fix potential out-of-bounds clause 45 read/write access")
+  Live patch for CVE-2025-38110. Upstream commit:
+- 260388f79e94 ("net/mdiobus: Fix potential out-of-bounds clause 45 read/write access")
+  KLP: CVE-2025-38110
+  References: bsc#1249458 CVE-2025-38110
+- commit 7e8149c
+
+-------------------------------------------------------------------
+Thu Oct  2 15:16:52 CEST 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38644 ("wifi: mac80211: reject TDLS operations when station is not associated")
+  Live patch for CVE-2025-38644. Upstream commit:
+- 16ecdab5446f ("wifi: mac80211: reject TDLS operations when station is not associated")
+  KLP: CVE-2025-38644
+  References: bsc#1248749 CVE-2025-38644
+- commit a10df65
+
+-------------------------------------------------------------------
+Thu Oct  2 13:38:40 CEST 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 48abc28
+
+-------------------------------------------------------------------
+Wed Oct  1 16:29:12 CEST 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38206 ("exfat: fix double free in delayed_free")
+  Live patch for CVE-2025-38206. Upstream commit:
+- 1f3d9724e16d ("exfat: fix double free in delayed_free")
+  KLP: CVE-2025-38206
+  References: bsc#1246075 CVE-2025-38206
+- commit 9eb1606
+
+-------------------------------------------------------------------
+Wed Oct  1 15:00:56 CEST 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38471 ("kernel: tls: always refresh the queue when reading sock")
+  Live patch for CVE-2025-38471. Upstream commit:
+- 4ab26bce3969 ("tls: always refresh the queue when reading sock")
+  KLP: CVE-2025-38471
+  References: bsc#1247452 CVE-2025-38471
+- commit 1f77ac2
+
+-------------------------------------------------------------------
+Wed Oct  1 11:43:31 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38477 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
+  Live patch for CVE-2025-38477. Upstream commits:
+- 5e28d5a3f774 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
+- cf074eca0065 ("net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class")
+  KLP: CVE-2025-38477
+  References: bsc#1247315 CVE-2025-38477
+- commit 4d922a7
+
+-------------------------------------------------------------------
+Fri Sep 19 17:04:03 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38089 ("sunrpc: handle SVC_GARBAGE during svc auth processing as auth error")
+  Live patch for CVE-2025-38089. Upstream commit:
+- 94d10a4dba0b ("sunrpc: handle SVC_GARBAGE during svc auth processing as auth error")
+  KLP: CVE-2025-38089
+  References: bsc#1245509 CVE-2025-38089
+- commit 2398e30
+
+-------------------------------------------------------------------
+Fri Sep 19 12:39:50 CEST 2025 - vincenzo.mezzela@suse.com
+
+- klp_trace.h: add KLPR_TRACE_EVENT_CONDITION macro
+- commit 17e9fce
+
+-------------------------------------------------------------------
+Thu Sep 18 09:39:18 CEST 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 0735196
+
+-------------------------------------------------------------------
+Wed Sep 10 16:53:55 CEST 2025 - ali.abdallah@suse.de
+
+- Fix for CVE-2025-38109 ("net/mlx5: fix ECVF vports unload on shutdown flow")
+  Live patch for CVE-2025-38109. Upstream commit:
+- 687560d8a9a2 ("net/mlx5: Fix ECVF vports unload on shutdown flow")
+  KLP: CVE-2025-38109
+  References: bsc#1245685 CVE-2025-38109
+- commit a5d2ea4
+
+-------------------------------------------------------------------
+Tue Sep  9 14:57:58 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38181 ("calipso: fix null-ptr-deref in calipso_req_{set,del}attr()")
+  Live patch for CVE-2025-38181. Upstream commit:
+- 10876da918fa ("calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().")
+  KLP: CVE-2025-38181
+  References: bsc#1246001 CVE-2025-38181
+- commit e1def10
+
+-------------------------------------------------------------------
+Tue Sep  9 04:38:51 CEST 2025 - lidong.zhong@suse.com
+
+- Fix for CVE-2025-38498 ("do_change_type(): refuse to operate on unmounted/not ours mounts")
+  Live patch for CVE-2025-38498. Upstream commit:
+- 12f147ddd6de ("do_change_type(): refuse to operate on unmounted/not ours mounts")
+  KLP: CVE-2025-38498
+  References: bsc#1247499 CVE-2025-38498
+- commit 8eebc30
+
+-------------------------------------------------------------------
+Fri Sep  5 10:00:56 CEST 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit 424cae1
+
+-------------------------------------------------------------------
+Fri Sep  5 09:29:38 CEST 2025 - lidong.zhong@suse.com
+
+- Fix for CVE-2025-38555 ("usb: gadget : fix use-after-free in composite_dev_cleanup()")
+  Live patch for CVE-2025-38555. Upstream commit:
+- 151c0aa896c4 ("usb: gadget : fix use-after-free in
+  composite_dev_cleanup()")
+  KLP: CVE-2025-38555
+  References: bsc#1248298 CVE-2025-38555
+- commit 466e488
+
+-------------------------------------------------------------------
+Wed Sep  3 16:50:49 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38087 ("net/sched: fix use-after-free in taprio_dev_notifier")
+  Live patch for CVE-2025-38087. Upstream commit:
+- b160766e26d4 ("net/sched: fix use-after-free in taprio_dev_notifier")
+  KLP: CVE-2025-38087
+  References: bsc#1245505 CVE-2025-38087
+- commit 95ff041
+
+-------------------------------------------------------------------
+Mon Sep  1 09:41:08 CEST 2025 - nstange@suse.de
+
+- scripts/tar-up.sh: unconditionally enable s390x on SLE default
+  Nowadays, s390x builds should be enabed for all SLE default kernels
+  -- the versions from before the point where s390x coverage got
+  added to the product have gone out of support a long time ago.
+  Remove the conditional s390x enablement logic from tar-up.sh.
+- commit 9bcbefb
+
+-------------------------------------------------------------------
+Fri Aug 29 11:47:24 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38001 ("net_sched: hfsc: Address reentrant enqueue adding class to eltree twice")
+  Live patch for CVE-2025-38001. Upstream commit:
+- ac9fe7dd8e73 ("net_sched: hfsc: Address reentrant enqueue adding class to eltree twice")
+  KLP: CVE-2025-38001
+  References: bsc#1244235 CVE-2025-38001
+- commit 49c48d4
+
+-------------------------------------------------------------------
+Thu Aug 28 15:42:51 CEST 2025 - nstange@suse.de
+
+- Revert "Merge branch 'bsc#1245350_6.0u2-9_6.0rtu2-9' into MICRO-6-0_Update_8"
+  This reverts commit 0871ebd0b8337f395d3b94c07721644900b9cc81, reversing
+  changes made to 8767321a0e997ccf7834bfe734a3fd7fb8d70bfa.
+  The target kernel is actually not affected by the issue the livepatch
+  is supposed to fix.
+- commit 243eece
+
+-------------------------------------------------------------------
+Thu Aug 28 15:42:33 CEST 2025 - nstange@suse.de
+
+- Revert "Merge branch 'bsc#1245793_6.0u2-9_6.0rtu2-8' into MICRO-6-0_Update_8"
+  This reverts commit 5454076a4a7fadfa109e3af19de4945aae6c582b, reversing
+  changes made to e7168910d5fd07ec4de0916c80d3e0ff269c3d47.
+  The target kernel is actually not affected by the issue the livepatch
+  is supposed to fix.
+- commit e5a7da0
+
+-------------------------------------------------------------------
+Thu Aug 28 15:41:58 CEST 2025 - nstange@suse.de
+
+- Revert "Merge branch 'bsc#1245776_15.6u10-12_15.6rtu10-11_15.7u1_15.7rtu0-1_6.0u6-9_6.0rtu6-8' into MICRO-6-0_Update_8"
+  This reverts commit e7168910d5fd07ec4de0916c80d3e0ff269c3d47, reversing
+  changes made to ff5ed1604edbaad3045e09dbad0b2f50fc50b4b7.
+  The target kernel is actually not affected by the issue the livepatch
+  is supposed to fix.
+- commit 4b19a39
+
+-------------------------------------------------------------------
+Thu Aug 28 15:37:34 CEST 2025 - nstange@suse.de
+
+- Revert "Merge branch 'bsc#1245797_15.6u2-11_15.6rtu0-10_15.7u0_15.7rtu0_6.0u2-9_6.0rtu2-8' into MICRO-6-0_Update_8"
+  This reverts commit ff5ed1604edbaad3045e09dbad0b2f50fc50b4b7, reversing
+  changes made to 34045dd984e0684cfd868bcad41f1331c872f0ec.
+  The target kernel is actually not affected by the issue the livepatch
+  is supposed to fix.
+- commit d26c77a
+
+-------------------------------------------------------------------
+Thu Aug 28 15:35:52 CEST 2025 - nstange@suse.de
+
+- Revert "Merge branch 'bsc#1245218_15.6u2-11_15.6rtu1-10_6.0u2-9_6.0rtu2-8' into MICRO-6-0_Update_8"
+  This reverts commit 8767321a0e997ccf7834bfe734a3fd7fb8d70bfa, reversing
+  changes made to c7034c9b72fc41c6ec27e62fdf6e192165841d7c.
+  The target kernel is actually not affected by the issue the livepatch
+  is supposed to fix.
+- commit d179f31
+
+-------------------------------------------------------------------
+Mon Aug 25 17:30:09 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38000 ("sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()")
+  Live patch for CVE-2025-38000. Upstream commit:
+- 3f981138109f ("sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()")
+  KLP: CVE-2025-38000
+  References: bsc#1245775 CVE-2025-38000
+- commit 0921220
+
+-------------------------------------------------------------------
+Mon Aug 18 14:38:37 CEST 2025 - pmladek@suse.com
+
+- kernel-livepatch.spec: Replace kernel-syms with kernel-<flavor>-specific dependencies (bsc#1248108)
+  The commit ead79afe7cbfae ("kernel-livepatch.spec: Update build
+  dependencies for non-default flavors") broke build of livepatches
+  which were built with kernel-syms-rt.
+  The problem is that livepatch packages for already released kernels
+  are built in exactly the same build environment as the initial livepatch.
+  The BS (Build Service) installs the build environment using the given
+  _buildinfo-*.xml and ignores BuildRequires. But the BuildRequires are
+  later checked by rpmbuild tool. It would complain when new dependencies
+  were added.
+  Unfortunately, kernel-syms-rt does not exist on SLE16. This was the main
+  motivation for the above mentioned commit.
+  But the package kernel-syms is empty. Its only purpose is to add other
+  dependencies. Replace it by opencoding the dependencies.
+  Note that the kernel devel files are historically split into various
+  packages, kernel-<flavor>-devel, kernel-devel-<flavor>, and
+  even kernel-devel. But it is enough to require kernel-<flavor>-devel
+  because it requires the other devel files on its own. This seems
+  to be true back to SLE15-SP4 at minimum.
+- commit 7696578
+
+-------------------------------------------------------------------
+Fri Aug 15 06:40:42 CEST 2025 - nstange@suse.de
+
+- Bump up the version number in spec file
+- commit aa4bfbf
+
+-------------------------------------------------------------------
+Thu Aug 14 10:52:36 CEST 2025 - nstange@suse.de
+
+- Revert "Remove the support for different flavors, take 2"
+  This reverts commit b9cd4812c513d94d75916b50ea06ffef6ce8cf5b.
+- commit 97cf659
+
+-------------------------------------------------------------------
+Thu Aug 14 10:15:15 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38212 ("ipc: fix to protect IPCS lookups using RCU")
+  Live patch for CVE-2025-38212. Upstream commit:
+- d66adabe9180 ("ipc: fix to protect IPCS lookups using RCU")
+  KLP: CVE-2025-38212
+  References: bsc#1246030 CVE-2025-38212
+- commit 939565c
+
+-------------------------------------------------------------------
+Tue Aug 12 12:05:23 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38494 ("HID: core: do not bypass hid_hw_raw_request")
+  Live patch for CVE-2025-38494. Upstream commit:
+- c2ca42f190b6 ("HID: core: do not bypass hid_hw_raw_request")
+  KLP: CVE-2025-38494
+  References: bsc#1247350 CVE-2025-38494
+- commit dad1889
+
+-------------------------------------------------------------------
+Fri Aug  8 12:38:21 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38495 ("HID: core: ensure the allocated report buffer can contain the reserved report ID")
+  Live patch for CVE-2025-38495. Upstream commit:
+- 4f15ee98304b ("HID: core: ensure the allocated report buffer can contain the reserved report ID")
+  KLP: CVE-2025-38495
+  References: bsc#1247351 CVE-2025-38495
+- commit 3d8c5db
+
+-------------------------------------------------------------------
+Mon Aug  4 18:22:03 CEST 2025 - marco.crivellari@suse.com
+
+- Fix for CVE-2025-38079 ("crypto: algif_hash - fix double free in hash_accept")
+  Live patch for CVE-2025-38079. Upstream commit:
+- b2df03ed4052 ("crypto: algif_hash - fix double free in hash_accept")
+  KLP: CVE-2025-38079
+  References: bsc#1245218 CVE-2025-38079
+- commit b0df6f5
+
 -------------------------------------------------------------------
 Fri Aug  1 08:32:47 CEST 2025 - nstange@suse.de
 
 - Bump up the version number in spec file
 - commit c7034c9
 
+-------------------------------------------------------------------
+Thu Jul 31 15:30:08 CEST 2025 - vincenzo.mezzela@suse.com
+
+- Fix for CVE-2025-38083 ("net_sched: prio: fix a race in prio_tune()")
+  Live patch for CVE-2025-38083. Upstream commit:
+- d35acc1be348 ("net_sched: prio: fix a race in prio_tune()")
+  KLP: CVE-2025-38083
+  References: bsc#1245350 CVE-2025-38083
+- commit 22ac46f
+
 -------------------------------------------------------------------
 Thu Jul 31 14:43:40 CEST 2025 - nstange@suse.de
 
@@ -64,6 +568,21 @@ Tue Jul  1 13:36:15 CEST 2025 - mbenes@suse.cz
   time).
 - commit ead79af
 
+-------------------------------------------------------------------
+Fri Jun 27 13:57:01 CEST 2025 - mbenes@suse.cz
+
+- Remove the support for different flavors, take 2
+  There is a support for different kernel flavors from the beginning in
+  our spec file. Originally, there were -default and -xen flavors.
+  However, it is questionable. A live patch is built against a very
+  specific kernel binary. Different flavors of the same kernel source can
+  be easily different also in this respect.
+  Remove it then. The build process is driven by "variant" macro deriving
+  from a branch name. We can stick with that. %klp_module_package defines
+  %flavor based on that. It also keeps %flavors_to_build definition for
+  older releases without this change.
+- commit b9cd481
+
 -------------------------------------------------------------------
 Thu Jun 26 13:24:09 CEST 2025 - mbenes@suse.cz
 
@@ -103,6 +622,17 @@ Tue Jun  3 15:25:29 CEST 2025 - nstange@suse.de
 - New branch for MICRO-6-0_Update_8
 - commit 792998a
 
+-------------------------------------------------------------------
+Thu May 15 10:23:31 CEST 2025 - nstange@suse.de
+
+- uname_patch: don't use klp_convert.h wrappers
+  With the removal of klp_convert.h, the uname_patch fails to compile.
+  Replace all invocations of the KLP_SYM_LINKAGE or KLP_SYM() macros
+  formerly defined there in by their expansions for the !USE_KLP_CONVERT
+  case and drop the klp_convert.h #include.
+  Fixes: b2fa29be2 ("Remove old klp-convert support")
+- commit 601b6d1
+
 -------------------------------------------------------------------
 Mon Apr 28 14:31:04 CEST 2025 - mbenes@suse.cz
 
@@ -111,7 +641,7 @@ Mon Apr 28 14:31:04 CEST 2025 - mbenes@suse.cz
   patches. It never happened. Kallsyms was used up until SLE15-SP6 where
   everything was migrated to much lighter klp-convert-mini implementation.
   Remove the old klp-convert support all together now.
-- commit 1731556
+- commit b2fa29b
 
 -------------------------------------------------------------------
 Mon Apr 28 14:00:44 CEST 2025 - mbenes@suse.cz

kernel-livepatch-MICRO-6-0_Update_8.spec

@@ -20,7 +20,7 @@
 %define variant %{nil}
 
 Name:           kernel-livepatch-MICRO-6-0_Update_8
-Version:        2
+Version:        11
 Release:        1
 %define module_num %(echo %version-%release | sed 'y/\./_/')
 License:        GPL-2.0
@@ -36,27 +36,59 @@ Source6:	klp_syscalls.h
 Source7:	klp_trace.h
 Source8:	lp-mod-checks.sh
 # Auto expanded KLP_PATCHES_SOURCES:
-Source9:	bsc1245776.tar.bz2
-Source10:	bsc1245793.tar.bz2
-Source11:	bsc1245797.tar.bz2
+Source9:	bsc1244235.tar.bz2
+Source10:	bsc1245505.tar.bz2
+Source11:	bsc1245509.tar.bz2
+Source12:	bsc1245685.tar.bz2
+Source13:	bsc1246001.tar.bz2
+Source14:	bsc1246030.tar.bz2
+Source15:	bsc1246075.tar.bz2
+Source16:	bsc1247158.tar.bz2
+Source17:	bsc1247315.tar.bz2
+Source18:	bsc1247351.tar.bz2
+Source19:	bsc1247452.tar.bz2
+Source20:	bsc1247499.tar.bz2
+Source21:	bsc1248298.tar.bz2
+Source22:	bsc1248376.tar.bz2
+Source23:	bsc1248400.tar.bz2
+Source24:	bsc1248631.tar.bz2
+Source25:	bsc1248670.tar.bz2
+Source26:	bsc1248672.tar.bz2
+Source27:	bsc1248673.tar.bz2
+Source28:	bsc1248749.tar.bz2
+Source29:	bsc1249207.tar.bz2
+Source30:	bsc1249208.tar.bz2
+Source31:	bsc1249241.tar.bz2
+Source32:	bsc1249458.tar.bz2
+Source33:	bsc1249534.tar.bz2
+Source34:	bsc1249537.tar.bz2
+Source35:	bsc1250192.tar.bz2
+Source36:	bsc1251203.tar.bz2
+Source37:	bsc1251787.tar.bz2
+Source38:	bsc1253437.tar.bz2
+# Use kernel-<flavor> specific build dependencies instead of kernel-syms (bsc#1248108)
 %if "%variant" != ""
 BuildRequires:  kernel%variant-devel
+%else
+BuildRequires:  kernel-default-devel
 %endif
-BuildRequires:  kernel-syms kernel-livepatch-tools-devel libelf-devel
+BuildRequires:  pesign-obs-integration
+BuildRequires:  kernel-livepatch-tools-devel
+BuildRequires:  libelf-devel
 ExclusiveArch:	x86_64 s390x
 %klp_module_package
 
 %description
 This is a live patch for SUSE Linux Enterprise Server kernel.
 
-Source timestamp: 2025-08-01 08:32:47 +0200
-GIT Revision: c7034c9b72fc41c6ec27e62fdf6e192165841d7c
+Source timestamp: 2026-01-20 15:55:29 +0100
+GIT Revision: 805dc8617f84e78da05e398e29089ef2ce8c5c39
 GIT Branch: MICRO-6-0_Update_8
 
 %prep
 %setup -c
 # Auto expanded KLP_PATCHES_SETUP_SOURCES:
-%setup -T -D -a 9 -a 10 -a 11
+%setup -T -D -a 9 -a 10 -a 11 -a 12 -a 13 -a 14 -a 15 -a 16 -a 17 -a 18 -a 19 -a 20 -a 21 -a 22 -a 23 -a 24 -a 25 -a 26 -a 27 -a 28 -a 29 -a 30 -a 31 -a 32 -a 33 -a 34 -a 35 -a 36 -a 37 -a 38
 cp %_sourcedir/livepatch_main.c .
 cp %_sourcedir/shadow.h .
 cp %_sourcedir/Makefile .

klp_trace.h

@@ -38,6 +38,13 @@
 #define KLPR_TRACE_EVENT(name, proto, args) \
 	KLPR_DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
 
+#define KLPR_TRACE_EVENT_CONDITION(name, proto, args, cond)		\
+	KLPR___DECLARE_TRACE(name, PARAMS(proto), PARAMS(args),		\
+		cpu_online(raw_smp_processor_id()) && PARAMS(cond),	\
+		PARAMS(void *__data, proto),				\
+		PARAMS(__data, args))
+
+
 #elif LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
 
 #define KLPR___DO_TRACE_CALL(name, args)   (*klpe___traceiter_##name)(NULL, args)
@@ -99,6 +106,11 @@
 #define KLPR_TRACE_EVENT(name, proto, args) \
 	KLPR_DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
 
+#define KLPR_TRACE_EVENT_CONDITION(name, proto, args, cond)		\
+	KLPR___DECLARE_TRACE(name, PARAMS(proto), PARAMS(args),		\
+		cpu_online(raw_smp_processor_id()) && PARAMS(cond),	\
+		PARAMS(void *__data, proto))
+
 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0) */
 
 #define KLPR___DO_TRACE_CALL(name, args)   __traceiter_##name(NULL, args)
@@ -164,6 +176,11 @@
 #define KLPR_TRACE_EVENT(module, name, proto, args) \
 	KLPR_DECLARE_TRACE(module, name, PARAMS(proto), PARAMS(args))
 
+#define KLPR_TRACE_EVENT_CONDITION(module, name, proto, args, cond)	\
+	KLPR___DECLARE_TRACE(module, name, PARAMS(proto), PARAMS(args),	\
+		cpu_online(raw_smp_processor_id()) && PARAMS(cond),	\
+		PARAMS(void *__data, proto))
+
 #endif /* LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) */
 
 

livepatch_main.c

@@ -25,9 +25,36 @@
 #include "uname_patch/livepatch_uname.h"
 
 /* Auto expanded KLP_PATCHES_INCLUDES: */
-#include "bsc1245776/livepatch_bsc1245776.h"
-#include "bsc1245793/livepatch_bsc1245793.h"
-#include "bsc1245797/livepatch_bsc1245797.h"
+#include "bsc1244235/livepatch_bsc1244235.h"
+#include "bsc1245505/livepatch_bsc1245505.h"
+#include "bsc1245509/livepatch_bsc1245509.h"
+#include "bsc1245685/livepatch_bsc1245685.h"
+#include "bsc1246001/livepatch_bsc1246001.h"
+#include "bsc1246030/livepatch_bsc1246030.h"
+#include "bsc1246075/livepatch_bsc1246075.h"
+#include "bsc1247158/livepatch_bsc1247158.h"
+#include "bsc1247315/livepatch_bsc1247315.h"
+#include "bsc1247351/livepatch_bsc1247351.h"
+#include "bsc1247452/livepatch_bsc1247452.h"
+#include "bsc1247499/livepatch_bsc1247499.h"
+#include "bsc1248298/livepatch_bsc1248298.h"
+#include "bsc1248376/livepatch_bsc1248376.h"
+#include "bsc1248400/livepatch_bsc1248400.h"
+#include "bsc1248631/livepatch_bsc1248631.h"
+#include "bsc1248670/livepatch_bsc1248670.h"
+#include "bsc1248672/livepatch_bsc1248672.h"
+#include "bsc1248673/livepatch_bsc1248673.h"
+#include "bsc1248749/livepatch_bsc1248749.h"
+#include "bsc1249207/livepatch_bsc1249207.h"
+#include "bsc1249208/livepatch_bsc1249208.h"
+#include "bsc1249241/livepatch_bsc1249241.h"
+#include "bsc1249458/livepatch_bsc1249458.h"
+#include "bsc1249534/livepatch_bsc1249534.h"
+#include "bsc1249537/livepatch_bsc1249537.h"
+#include "bsc1250192/livepatch_bsc1250192.h"
+#include "bsc1251203/livepatch_bsc1251203.h"
+#include "bsc1251787/livepatch_bsc1251787.h"
+#include "bsc1253437/livepatch_bsc1253437.h"
 
 
 static struct klp_object objs[] = {
@@ -45,7 +72,100 @@ static struct klp_object objs[] = {
 			  .new_func = KLP_SYSCALL_COMPAT_STUB_SYM(klp_newuname),
 			},
 #endif
-			{ .old_name = __stringify(pfifo_tail_enqueue), .new_func = klpp_pfifo_tail_enqueue, },
+			{ .old_name = __stringify(calipso_req_setattr), .new_func = klpp_calipso_req_setattr, .old_sympos = 1, },
+			{ .old_name = __stringify(calipso_req_delattr), .new_func = klpp_calipso_req_delattr, .old_sympos = 1, },
+			{ .old_name = __stringify(shm_destroy_orphaned), .new_func = klpp_shm_destroy_orphaned, },
+#if defined(CONFIG_SECRETMEM)
+			{ .old_name = __stringify(KLP_SYSCALL_SYM(memfd_secret)), .new_func = KLP_SYSCALL_SYM(klpp_memfd_secret), },
+#endif
+#if defined(KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS) && defined(CONFIG_SECRETMEM)
+			{ .old_name = __stringify(KLP_SYSCALL_COMPAT_STUB_SYM(memfd_secret)), .new_func = KLP_SYSCALL_COMPAT_STUB_SYM(klpp_memfd_secret), },
+#endif
+			{ .old_name = __stringify(__anon_inode_getfile), .new_func = klpp___anon_inode_getfile, },
+#if IS_ENABLED(CONFIG_HID)
+			{ .old_name = __stringify(hid_alloc_report_buf), .new_func = klpp_hid_alloc_report_buf, },
+			{ .old_name = __stringify(__hid_request), .new_func = klpp___hid_request, },
+#endif
+			{ .old_name = __stringify(path_mount), .new_func = klpp_path_mount, },
+			{ .old_name = __stringify(ipv6_gso_segment), .new_func = klpp_ipv6_gso_segment, },
+			{ .old_name = __stringify(clone_private_mount), .new_func = klpp_clone_private_mount, },
+			{ .old_name = __stringify(fib6_add), .new_func = klpp_fib6_add, },
+			{ .old_name = __stringify(fib6_del), .new_func = klpp_fib6_del, },
+			{ .old_name = __stringify(rt6_nlmsg_size), .new_func = klpp_rt6_nlmsg_size, },
+			{ .old_name = __stringify(rpl_input), .new_func = klpp_rpl_input, },
+			{ .old_name = __stringify(rpl_output), .new_func = klpp_rpl_output, },
+			{ }
+		}
+	},
+	{
+		.name = "af_packet",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(packet_set_ring), .new_func = klpp_packet_set_ring, },
+			{ }
+		}
+	},
+	{
+		.name = "exfat",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(exfat_free_upcase_table), .new_func = klpp_exfat_free_upcase_table, },
+			{ }
+		}
+	},
+#if IS_ENABLED(CONFIG_ICE)
+	{
+		.name = "ice",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(ice_copy_and_init_pkg), .new_func = klpp_ice_copy_and_init_pkg, },
+			{ }
+		}
+	},
+#endif
+	{
+		.name = "iscsi_target_mod",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(lio_target_nacl_info_show), .new_func = klpp_lio_target_nacl_info_show, },
+			{ }
+		}
+	},
+#if IS_ENABLED(CONFIG_USB_LIBCOMPOSITE)
+	{
+		.name = "libcomposite",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(composite_os_desc_req_prepare), .new_func = klpp_composite_os_desc_req_prepare, },
+			{ }
+		}
+	},
+#endif
+	{
+		.name = "libphy",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(__mdiobus_c45_read), .new_func = klpp___mdiobus_c45_read, },
+			{ .old_name = __stringify(__mdiobus_c45_write), .new_func = klpp___mdiobus_c45_write, },
+			{ }
+		}
+	},
+#if IS_ENABLED(CONFIG_MAC80211)
+	{
+		.name = "mac80211",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(ieee80211_tdls_oper), .new_func = klpp_ieee80211_tdls_oper, },
+			{ }
+		}
+	},
+#endif
+	{
+		.name = "mlx5_core",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(mlx5_eswitch_enable_pf_vf_vports), .new_func = klpp_mlx5_eswitch_enable_pf_vf_vports, },
+			{ .old_name = __stringify(mlx5_eswitch_disable_pf_vf_vports), .new_func = klpp_mlx5_eswitch_disable_pf_vf_vports, },
+			{ }
+		}
+	},
+	{
+		.name = "nf_tables",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(nf_tables_newchain), .new_func = klpp_nf_tables_newchain, },
+			{ .old_name = __stringify(nf_tables_newflowtable), .new_func = klpp_nf_tables_newflowtable, },
 			{ }
 		}
 	},
@@ -53,13 +173,66 @@ static struct klp_object objs[] = {
 		.name = "sch_hfsc",
 		.funcs = (struct klp_func[]) {
 			{ .old_name = __stringify(hfsc_change_class), .new_func = klpp_hfsc_change_class, },
+			{ .old_name = __stringify(hfsc_enqueue), .new_func = klpp_hfsc_enqueue, },
 			{ }
 		}
 	},
 	{
-		.name = "sch_sfq",
+		.name = "sch_qfq",
 		.funcs = (struct klp_func[]) {
-			{ .old_name = __stringify(sfq_init), .new_func = klpp_sfq_init, },
+			{ .old_name = __stringify(qfq_change_class), .new_func = klpp_qfq_change_class, },
+			{ .old_name = __stringify(qfq_delete_class), .new_func = klpp_qfq_delete_class, },
+			{ .old_name = __stringify(qfq_dump_class), .new_func = klpp_qfq_dump_class, },
+			{ .old_name = __stringify(qfq_dump_class_stats), .new_func = klpp_qfq_dump_class_stats, },
+			{ .old_name = __stringify(qfq_destroy_qdisc), .new_func = klpp_qfq_destroy_qdisc, },
+			{ }
+		}
+	},
+	{
+		.name = "sch_taprio",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(taprio_dev_notifier), .new_func = klpp_taprio_dev_notifier, },
+			{ }
+		}
+	},
+	{
+		.name = "sctp",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(sctp_unpack_cookie), .new_func = klpp_sctp_unpack_cookie, },
+			{ .old_name = __stringify(sctp_sf_authenticate), .new_func = klpp_sctp_sf_authenticate, },
+			{ }
+		}
+	},
+	{
+		.name = "sunrpc",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(svc_process_common), .new_func = klpp_svc_process_common, },
+			{ .old_name = __stringify(svc_tcp_read_msg), .new_func = klpp_svc_tcp_read_msg, },
+			{ .old_name = __stringify(svc_tcp_recvfrom), .new_func = klpp_svc_tcp_recvfrom, },
+			{ }
+		}
+	},
+	{
+		.name = "tls",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(tls_strp_check_rcv), .new_func = klpp_tls_strp_check_rcv, },
+			{ .old_name = __stringify(bpf_exec_tx_verdict), .new_func = klpp_bpf_exec_tx_verdict, },
+			{ .old_name = __stringify(tls_rx_rec_wait), .new_func = klpp_tls_rx_rec_wait, },
+			{ .old_name = __stringify(tls_sw_recvmsg), .new_func = klpp_tls_sw_recvmsg, },
+			{ }
+		}
+	},
+	{
+		.name = "vsock",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(__vsock_bind), .new_func = klpp___vsock_bind, },
+			{ }
+		}
+	},
+	{
+		.name = "xfrm_interface",
+		.funcs = (struct klp_func[]) {
+			{ .old_name = __stringify(xfrmi_changelink), .new_func = klpp_xfrmi_changelink, },
 			{ }
 		}
 	},
@@ -79,29 +252,191 @@ static int __init klp_patch_init(void)
 	pr_info("livepatch: initializing\n");
 
 	/* Auto expanded KLP_PATCHES_INIT_CALLS: */
-	retval = livepatch_bsc1245776_init();
+	retval = livepatch_bsc1244235_init();
 	if (retval)
-		goto err_bsc1245776;
+		goto err_bsc1244235;
 
-	retval = livepatch_bsc1245793_init();
+	retval = livepatch_bsc1245505_init();
 	if (retval)
-		goto err_bsc1245793;
+		goto err_bsc1245505;
 
-	retval = livepatch_bsc1245797_init();
+	retval = livepatch_bsc1245509_init();
 	if (retval)
-		goto err_bsc1245797;
+		goto err_bsc1245509;
+
+	retval = livepatch_bsc1245685_init();
+	if (retval)
+		goto err_bsc1245685;
+
+	retval = livepatch_bsc1246001_init();
+	if (retval)
+		goto err_bsc1246001;
+
+	retval = livepatch_bsc1246030_init();
+	if (retval)
+		goto err_bsc1246030;
+
+	retval = livepatch_bsc1246075_init();
+	if (retval)
+		goto err_bsc1246075;
+
+	retval = livepatch_bsc1247158_init();
+	if (retval)
+		goto err_bsc1247158;
+
+	retval = livepatch_bsc1247315_init();
+	if (retval)
+		goto err_bsc1247315;
+
+	retval = livepatch_bsc1247351_init();
+	if (retval)
+		goto err_bsc1247351;
+
+	retval = livepatch_bsc1247452_init();
+	if (retval)
+		goto err_bsc1247452;
+
+	retval = livepatch_bsc1247499_init();
+	if (retval)
+		goto err_bsc1247499;
+
+	retval = livepatch_bsc1248298_init();
+	if (retval)
+		goto err_bsc1248298;
+
+	retval = livepatch_bsc1248376_init();
+	if (retval)
+		goto err_bsc1248376;
+
+	retval = livepatch_bsc1248400_init();
+	if (retval)
+		goto err_bsc1248400;
+
+	retval = livepatch_bsc1248631_init();
+	if (retval)
+		goto err_bsc1248631;
+
+	retval = livepatch_bsc1248670_init();
+	if (retval)
+		goto err_bsc1248670;
+
+	retval = livepatch_bsc1248672_init();
+	if (retval)
+		goto err_bsc1248672;
+
+	retval = livepatch_bsc1248673_init();
+	if (retval)
+		goto err_bsc1248673;
+
+	retval = livepatch_bsc1248749_init();
+	if (retval)
+		goto err_bsc1248749;
+
+	retval = livepatch_bsc1249207_init();
+	if (retval)
+		goto err_bsc1249207;
+
+	retval = livepatch_bsc1249208_init();
+	if (retval)
+		goto err_bsc1249208;
+
+	retval = livepatch_bsc1249241_init();
+	if (retval)
+		goto err_bsc1249241;
+
+	retval = livepatch_bsc1249458_init();
+	if (retval)
+		goto err_bsc1249458;
+
+	retval = livepatch_bsc1249534_init();
+	if (retval)
+		goto err_bsc1249534;
+
+	retval = livepatch_bsc1249537_init();
+	if (retval)
+		goto err_bsc1249537;
+
+	retval = livepatch_bsc1250192_init();
+	if (retval)
+		goto err_bsc1250192;
+
+	retval = livepatch_bsc1251203_init();
+	if (retval)
+		goto err_bsc1251203;
+
+	retval = livepatch_bsc1251787_init();
+	if (retval)
+		goto err_bsc1251787;
+
+	retval = livepatch_bsc1253437_init();
+	if (retval)
+		goto err_bsc1253437;
 
 	retval = klp_enable_patch(&patch);
 	if (!retval)
 		return retval;
 
 	/* Auto expanded KLP_PATCHES_INIT_ERR_HANDLERS: */
-	livepatch_bsc1245797_cleanup();
-err_bsc1245797:
-	livepatch_bsc1245793_cleanup();
-err_bsc1245793:
-	livepatch_bsc1245776_cleanup();
-err_bsc1245776:
+	livepatch_bsc1253437_cleanup();
+err_bsc1253437:
+	livepatch_bsc1251787_cleanup();
+err_bsc1251787:
+	livepatch_bsc1251203_cleanup();
+err_bsc1251203:
+	livepatch_bsc1250192_cleanup();
+err_bsc1250192:
+	livepatch_bsc1249537_cleanup();
+err_bsc1249537:
+	livepatch_bsc1249534_cleanup();
+err_bsc1249534:
+	livepatch_bsc1249458_cleanup();
+err_bsc1249458:
+	livepatch_bsc1249241_cleanup();
+err_bsc1249241:
+	livepatch_bsc1249208_cleanup();
+err_bsc1249208:
+	livepatch_bsc1249207_cleanup();
+err_bsc1249207:
+	livepatch_bsc1248749_cleanup();
+err_bsc1248749:
+	livepatch_bsc1248673_cleanup();
+err_bsc1248673:
+	livepatch_bsc1248672_cleanup();
+err_bsc1248672:
+	livepatch_bsc1248670_cleanup();
+err_bsc1248670:
+	livepatch_bsc1248631_cleanup();
+err_bsc1248631:
+	livepatch_bsc1248400_cleanup();
+err_bsc1248400:
+	livepatch_bsc1248376_cleanup();
+err_bsc1248376:
+	livepatch_bsc1248298_cleanup();
+err_bsc1248298:
+	livepatch_bsc1247499_cleanup();
+err_bsc1247499:
+	livepatch_bsc1247452_cleanup();
+err_bsc1247452:
+	livepatch_bsc1247351_cleanup();
+err_bsc1247351:
+	livepatch_bsc1247315_cleanup();
+err_bsc1247315:
+	livepatch_bsc1247158_cleanup();
+err_bsc1247158:
+	livepatch_bsc1246075_cleanup();
+err_bsc1246075:
+	livepatch_bsc1246030_cleanup();
+err_bsc1246030:
+	livepatch_bsc1246001_cleanup();
+err_bsc1246001:
+	livepatch_bsc1245685_cleanup();
+err_bsc1245685:
+	livepatch_bsc1245509_cleanup();
+err_bsc1245509:
+	livepatch_bsc1245505_cleanup();
+err_bsc1245505:
+	livepatch_bsc1244235_cleanup();
+err_bsc1244235:
 
 	return retval;
 }
@@ -111,9 +446,36 @@ static void __exit klp_patch_cleanup(void)
 	pr_info("livepatch: removed\n");
 
 	/* Auto expanded KLP_PATCHES_CLEANUP_CALLS: */
-	livepatch_bsc1245776_cleanup();
-	livepatch_bsc1245793_cleanup();
-	livepatch_bsc1245797_cleanup();
+	livepatch_bsc1244235_cleanup();
+	livepatch_bsc1245505_cleanup();
+	livepatch_bsc1245509_cleanup();
+	livepatch_bsc1245685_cleanup();
+	livepatch_bsc1246001_cleanup();
+	livepatch_bsc1246030_cleanup();
+	livepatch_bsc1246075_cleanup();
+	livepatch_bsc1247158_cleanup();
+	livepatch_bsc1247315_cleanup();
+	livepatch_bsc1247351_cleanup();
+	livepatch_bsc1247452_cleanup();
+	livepatch_bsc1247499_cleanup();
+	livepatch_bsc1248298_cleanup();
+	livepatch_bsc1248376_cleanup();
+	livepatch_bsc1248400_cleanup();
+	livepatch_bsc1248631_cleanup();
+	livepatch_bsc1248670_cleanup();
+	livepatch_bsc1248672_cleanup();
+	livepatch_bsc1248673_cleanup();
+	livepatch_bsc1248749_cleanup();
+	livepatch_bsc1249207_cleanup();
+	livepatch_bsc1249208_cleanup();
+	livepatch_bsc1249241_cleanup();
+	livepatch_bsc1249458_cleanup();
+	livepatch_bsc1249534_cleanup();
+	livepatch_bsc1249537_cleanup();
+	livepatch_bsc1250192_cleanup();
+	livepatch_bsc1251203_cleanup();
+	livepatch_bsc1251787_cleanup();
+	livepatch_bsc1253437_cleanup();
 
 }
 
@@ -122,4 +484,4 @@ module_exit(klp_patch_cleanup);
 
 MODULE_LICENSE("GPL");
 MODULE_INFO(livepatch, "Y");
-MODULE_INFO(klpgitrev, "c7034c9b72fc41c6ec27e62fdf6e192165841d7c");
+MODULE_INFO(klpgitrev, "805dc8617f84e78da05e398e29089ef2ce8c5c39");

source-timestamp

@@ -1,3 +1,3 @@
-2025-08-01 08:32:47 +0200
-GIT Revision: c7034c9b72fc41c6ec27e62fdf6e192165841d7c
+2026-01-20 15:55:29 +0100
+GIT Revision: 805dc8617f84e78da05e398e29089ef2ce8c5c39
 GIT Branch: MICRO-6-0_Update_8