From 0efc5bdcb7f9ef86ce70509d288eb082cfb08cd9 Mon Sep 17 00:00:00 2001
From: jirislaby <>
Date: Jul 15 2022 12:29:20 +0000
Subject: Update kernel-source to version 5.18.11 / rev 649 via SR 989311


https://build.opensuse.org/request/show/989311
by user jirislaby + dimstar_suse
retbleed CVE (+fastop & native_irq_return_ldt fixups) & tty CVE & 5.18.11 & 5.18.10

---

diff --git a/.files b/.files
index 5a1060a..39f66c4 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index c2b00f3..5c02aa0 100644
--- a/.rev
+++ b/.rev
@@ -5946,4 +5946,12 @@ As this is a serious local privilege escalation, I would like to see a timely in
     <comment>simpledrm 3rd try &amp; netfilter CVE</comment>
     <requestid>987329</requestid>
   </revision>
+  <revision rev="649" vrev="1">
+    <srcmd5>49c99c3174b98562bfd5ee90ac6f2e5f</srcmd5>
+    <version>5.18.11</version>
+    <time>1657885933</time>
+    <user>dimstar_suse</user>
+    <comment>retbleed CVE (+fastop &amp; native_irq_return_ldt fixups) &amp; tty CVE &amp; 5.18.11 &amp; 5.18.10</comment>
+    <requestid>989311</requestid>
+  </revision>
 </revisionlist>
diff --git a/config.tar.bz2 b/config.tar.bz2
index 7de3891..50256c7 120000
--- a/config.tar.bz2
+++ b/config.tar.bz2
@@ -1 +1 @@
-/ipfs/bafybeibo6hfba5zfjsugf6lxiebekefiv7imi3jtlue66cx67pxjrs7yne
\ No newline at end of file
+/ipfs/bafybeidlg3mrbtzlnlvgcftnnz7kppznofsaygulmucfbchsn7gea5ozha
\ No newline at end of file
diff --git a/dtb-aarch64.changes b/dtb-aarch64.changes
index 90beefb..6a18f43 100644
--- a/dtb-aarch64.changes
+++ b/dtb-aarch64.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/dtb-aarch64.spec b/dtb-aarch64.spec
index ce76792..f4d65a2 100644
--- a/dtb-aarch64.spec
+++ b/dtb-aarch64.spec
@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-aarch64
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
diff --git a/dtb-armv6l.changes b/dtb-armv6l.changes
index 90beefb..6a18f43 100644
--- a/dtb-armv6l.changes
+++ b/dtb-armv6l.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/dtb-armv6l.spec b/dtb-armv6l.spec
index 859096d..a8d21cf 100644
--- a/dtb-armv6l.spec
+++ b/dtb-armv6l.spec
@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-armv6l
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
diff --git a/dtb-armv7l.changes b/dtb-armv7l.changes
index 90beefb..6a18f43 100644
--- a/dtb-armv7l.changes
+++ b/dtb-armv7l.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/dtb-armv7l.spec b/dtb-armv7l.spec
index a8ef3f0..d217907 100644
--- a/dtb-armv7l.spec
+++ b/dtb-armv7l.spec
@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-armv7l
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
diff --git a/dtb-riscv64.changes b/dtb-riscv64.changes
index 90beefb..6a18f43 100644
--- a/dtb-riscv64.changes
+++ b/dtb-riscv64.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/dtb-riscv64.spec b/dtb-riscv64.spec
index ba58cd9..277e072 100644
--- a/dtb-riscv64.spec
+++ b/dtb-riscv64.spec
@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -29,9 +29,9 @@
 %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build})
 
 Name:           dtb-riscv64
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
diff --git a/kernel-64kb.changes b/kernel-64kb.changes
index 90beefb..6a18f43 100644
--- a/kernel-64kb.changes
+++ b/kernel-64kb.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-64kb.spec b/kernel-64kb.spec
index 3e75473..5886ca3 100644
--- a/kernel-64kb.spec
+++ b/kernel-64kb.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-64kb
 Summary:        Kernel with 64kb PAGE_SIZE
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %obsolete_rebuilds %name
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source3:        kernel-source.rpmlintrc
diff --git a/kernel-debug.changes b/kernel-debug.changes
index 90beefb..6a18f43 100644
--- a/kernel-debug.changes
+++ b/kernel-debug.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-debug.spec b/kernel-debug.spec
index 100d19c..5479a0e 100644
--- a/kernel-debug.spec
+++ b/kernel-debug.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-debug
 Summary:        A Debug Version of the Kernel
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %ifarch ppc64
 Provides:       kernel-kdump = 2.6.28
 Obsoletes:      kernel-kdump <= 2.6.28
diff --git a/kernel-default.changes b/kernel-default.changes
index 90beefb..6a18f43 100644
--- a/kernel-default.changes
+++ b/kernel-default.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-default.spec b/kernel-default.spec
index 4ad64d4..43617a9 100644
--- a/kernel-default.spec
+++ b/kernel-default.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-default
 Summary:        The Standard Kernel
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %ifarch %ix86
 Provides:       kernel-smp = 2.6.17
 Obsoletes:      kernel-smp <= 2.6.17
diff --git a/kernel-docs.changes b/kernel-docs.changes
index 90beefb..6a18f43 100644
--- a/kernel-docs.changes
+++ b/kernel-docs.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-docs.spec b/kernel-docs.spec
index 8a18315..2d853ac 100644
--- a/kernel-docs.spec
+++ b/kernel-docs.spec
@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -31,9 +31,9 @@ Name:           kernel-docs
 Summary:        Kernel Documentation
 License:        GPL-2.0-only
 Group:          Documentation/Man
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -67,7 +67,7 @@ BuildRequires:  texlive-zapfding
 %endif
 URL:            https://www.kernel.org/
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
diff --git a/kernel-kvmsmall.changes b/kernel-kvmsmall.changes
index 90beefb..6a18f43 100644
--- a/kernel-kvmsmall.changes
+++ b/kernel-kvmsmall.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-kvmsmall.spec b/kernel-kvmsmall.spec
index a81bf9e..52862ce 100644
--- a/kernel-kvmsmall.spec
+++ b/kernel-kvmsmall.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-kvmsmall
 Summary:        The Small Developer Kernel for KVM
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %obsolete_rebuilds %name
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source3:        kernel-source.rpmlintrc
diff --git a/kernel-lpae.changes b/kernel-lpae.changes
index 90beefb..6a18f43 100644
--- a/kernel-lpae.changes
+++ b/kernel-lpae.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-lpae.spec b/kernel-lpae.spec
index 56d3cfc..a5472b2 100644
--- a/kernel-lpae.spec
+++ b/kernel-lpae.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-lpae
 Summary:        Kernel for LPAE enabled systems
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %obsolete_rebuilds %name
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source3:        kernel-source.rpmlintrc
diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes
index 90beefb..6a18f43 100644
--- a/kernel-obs-build.changes
+++ b/kernel-obs-build.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec
index 6924277..699409a 100644
--- a/kernel-obs-build.spec
+++ b/kernel-obs-build.spec
@@ -19,7 +19,7 @@
 
 #!BuildIgnore: post-build-checks
 
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -45,7 +45,7 @@ BuildRequires:  util-linux
 %endif
 %endif
 %endif
-BuildRequires:  kernel%kernel_flavor-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+BuildRequires:  kernel%kernel_flavor-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 
 %if 0%{?rhel_version}
 BuildRequires:  kernel
@@ -64,9 +64,9 @@ BuildRequires:  dracut
 Summary:        package kernel and initrd for OBS VM builds
 License:        GPL-2.0-only
 Group:          SLES
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes
index 90beefb..6a18f43 100644
--- a/kernel-obs-qa.changes
+++ b/kernel-obs-qa.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec
index 62ea118..ce7f160 100644
--- a/kernel-obs-qa.spec
+++ b/kernel-obs-qa.spec
@@ -17,7 +17,7 @@
 # needsrootforbuild
 
 
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 
 %include %_sourcedir/kernel-spec-macros
@@ -36,9 +36,9 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        Basic QA tests for the kernel
 License:        GPL-2.0-only
 Group:          SLES
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
diff --git a/kernel-pae.changes b/kernel-pae.changes
index 90beefb..6a18f43 100644
--- a/kernel-pae.changes
+++ b/kernel-pae.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-pae.spec b/kernel-pae.spec
index 535444e..1c91142 100644
--- a/kernel-pae.spec
+++ b/kernel-pae.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-pae
 Summary:        Kernel with PAE Support
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %ifarch %ix86
 Provides:       kernel-bigsmp = 2.6.17
 Obsoletes:      kernel-bigsmp <= 2.6.17
diff --git a/kernel-source.changes b/kernel-source.changes
index 90beefb..6a18f43 100644
--- a/kernel-source.changes
+++ b/kernel-source.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-source.spec b/kernel-source.spec
index 8d4786f..8fd96ec 100644
--- a/kernel-source.spec
+++ b/kernel-source.spec
@@ -17,7 +17,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 
@@ -31,9 +31,9 @@
 %endif
 
 Name:           kernel-source
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -50,7 +50,7 @@ BuildRequires:  fdupes
 BuildRequires:  sed
 Requires(post): coreutils sed
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 Provides:       linux
 Provides:       multiversion(kernel)
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
diff --git a/kernel-syms.changes b/kernel-syms.changes
index 90beefb..6a18f43 100644
--- a/kernel-syms.changes
+++ b/kernel-syms.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-syms.spec b/kernel-syms.spec
index d6c4b11..ee75f08 100644
--- a/kernel-syms.spec
+++ b/kernel-syms.spec
@@ -24,10 +24,10 @@ Name:           kernel-syms
 Summary:        Kernel Symbol Versions (modversions)
 License:        GPL-2.0-only
 Group:          Development/Sources
-Version:        5.18.9
+Version:        5.18.11
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -52,7 +52,7 @@ Requires:       kernel-pae-devel = %version-%source_rel
 %endif
 Requires:       pesign-obs-integration
 Provides:       %name = %version-%source_rel
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 Provides:       multiversion(kernel)
 Source:         README.KSYMS
 Requires:       kernel-devel%variant = %version-%source_rel
diff --git a/kernel-vanilla.changes b/kernel-vanilla.changes
index 90beefb..6a18f43 100644
--- a/kernel-vanilla.changes
+++ b/kernel-vanilla.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-vanilla.spec b/kernel-vanilla.spec
index e9ff310..9648ea0 100644
--- a/kernel-vanilla.spec
+++ b/kernel-vanilla.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-vanilla
 Summary:        The Standard Kernel - without any SUSE patches
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %obsolete_rebuilds %name
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source3:        kernel-source.rpmlintrc
diff --git a/kernel-zfcpdump.changes b/kernel-zfcpdump.changes
index 90beefb..6a18f43 100644
--- a/kernel-zfcpdump.changes
+++ b/kernel-zfcpdump.changes
@@ -1,4 +1,580 @@
 -------------------------------------------------------------------
+Fri Jul 15 07:36:11 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
+  Update upstream status.
+- commit 4fcb983
+
+-------------------------------------------------------------------
+Fri Jul 15 07:00:18 CEST 2022 - jslaby@suse.cz
+
+- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit da1381f
+
+-------------------------------------------------------------------
+Fri Jul 15 06:36:06 CEST 2022 - jslaby@suse.cz
+
+- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit ce3ce6a
+
+-------------------------------------------------------------------
+Fri Jul 15 06:35:26 CEST 2022 - jslaby@suse.cz
+
+- Refresh
+  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
+  Update to upstream version.
+- commit 3f7e318
+
+-------------------------------------------------------------------
+Thu Jul 14 13:33:10 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+  Update upstream status.
+- commit eae54b1
+
+-------------------------------------------------------------------
+Thu Jul 14 10:40:05 CEST 2022 - jslaby@suse.cz
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cec52d3
+
+-------------------------------------------------------------------
+Thu Jul 14 07:55:22 CEST 2022 - jslaby@suse.cz
+
+- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 86ef7b4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:16:25 CEST 2022 - jslaby@suse.cz
+
+- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/static_call: Serialize __static_call_fixup() properly
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Disable RRSBA behavior (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add Cannon lake to RETBleed affected CPU list
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- commit 834606b
+
+-------------------------------------------------------------------
+Wed Jul 13 10:13:38 CEST 2022 - jslaby@suse.cz
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit 9dbc2f6
+
+-------------------------------------------------------------------
+Wed Jul 13 10:12:07 CEST 2022 - jslaby@suse.cz
+
+- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/common: Stamp out the stepping madness (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Convert launched argument to flags (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Use cached host SPEC_CTRL value for guest
+  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix SPEC_CTRL write on SMT state change
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix firmware entry SPEC_CTRL handling
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/bugs: Do IBPB fallback check only once (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- intel_idle: Disable IBRS during long idle (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Split spectre_v2_select_mitigation() and
+  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/speculation: Add spectre_v2=ibrs option to support Kernel
+  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Add kernel IBRS implementation (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- commit 023a0b9
+
+-------------------------------------------------------------------
+Wed Jul 13 10:11:39 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- Update config files.
+- commit a4a04c4
+
+-------------------------------------------------------------------
+Wed Jul 13 10:10:14 CEST 2022 - jslaby@suse.cz
+
+- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/bpf: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/ftrace: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86,static_call: Use alternative RET encoding (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- objtool: skip non-text sections when adding return-thunk sites
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
+  CVE-2022-29901).
+- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/entry: Switch the stack after error_entry() returns
+  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
+- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
+  CVE-2022-29900 CVE-2022-29901).
+- commit bc4fd7c
+
+-------------------------------------------------------------------
+Tue Jul 12 19:51:08 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.11 (bsc#1012628).
+- io_uring: fix provided buffer import (bsc#1012628).
+- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
+  (bsc#1012628).
+- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
+- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
+  (bsc#1012628).
+- can: bcm: use call_rcu() instead of costly synchronize_rcu()
+  (bsc#1012628).
+- can: grcan: grcan_probe(): remove extra of_node_get()
+  (bsc#1012628).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
+- can: m_can: m_can_chip_config(): actually enable internal
+  timestamping (bsc#1012628).
+- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
+  to full 32 bits (bsc#1012628).
+- can: kvaser_usb: replace run-time checks with struct
+  kvaser_usb_driver_info (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
+  regression (bsc#1012628).
+- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
+  handling for mcp2517fd (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
+  broken CRC on TBC register (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
+  (bsc#1012628).
+- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
+  (bsc#1012628).
+- bpf: Fix insufficient bounds propagation from
+  adjust_scalar_min_max_vals (bsc#1012628).
+- usbnet: fix memory leak in error case (bsc#1012628).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (bsc#1012628).
+- net: lan966x: hardcode the number of external ports
+  (bsc#1012628).
+- netfilter: nft_set_pipapo: release elements in clone from
+  abort path (bsc#1012628).
+- selftests/net: fix section name when using xdp_dummy.o
+  (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
+  length to read dev_id (bsc#1012628).
+- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
+  conversion (bsc#1012628).
+- can: rcar_canfd: Fix data transmission failed on R-Car V3U
+  (bsc#1012628).
+- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
+  (bsc#1012628).
+- MAINTAINERS: Remove iommu@lists.linux-foundation.org
+  (bsc#1012628).
+- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
+- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
+- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
+  (bsc#1012628).
+- cxl: Fix cleanup of port devices on failure to probe driver
+  (bsc#1012628).
+- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
+- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
+- fbcon: Disallow setting font bigger than screen size
+  (bsc#1012628).
+- fbcon: Prevent that screen size is smaller than font size
+  (bsc#1012628).
+- PM: runtime: Redefine pm_runtime_release_supplier()
+  (bsc#1012628).
+- PM: runtime: Fix supplier device management during consumer
+  probe (bsc#1012628).
+- memregion: Fix memregion_free() fallback definition
+  (bsc#1012628).
+- video: of_display_timing.h: include errno.h (bsc#1012628).
+- fscache: Fix invalidation/lookup race (bsc#1012628).
+- fscache: Fix if condition in fscache_wait_on_volume_collision()
+  (bsc#1012628).
+- powerpc/powernv: delay rng platform device creation until
+  later in boot (bsc#1012628).
+- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
+- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
+  (bsc#1012628).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (bsc#1012628).
+- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
+- ASoC: rt711: Add endianness flag in snd_soc_component_driver
+  (bsc#1012628).
+- ASoC: rt711-sdca: Add endianness flag in
+  snd_soc_component_driver (bsc#1012628).
+- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
+  .set_jack_detect (bsc#1012628).
+- ASoC: SOF: ipc3-topology: Move and correct size checks in
+  sof_ipc3_control_load_bytes() (bsc#1012628).
+- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
+  (bsc#1012628).
+- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
+  (bsc#1012628).
+- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
+- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
+  (bsc#1012628).
+- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct gpio-led pad settings
+  (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
+  settings (bsc#1012628).
+- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
+  settings (bsc#1012628).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset
+  (bsc#1012628).
+- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatible for sama5d2's rtc
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
+  (bsc#1012628).
+- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
+  (bsc#1012628).
+- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
+  (bsc#1012628).
+- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
+  (bsc#1012628).
+- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
+- xsk: Clear page contiguity bit when unmapping pool
+  (bsc#1012628).
+- i2c: piix4: Fix a memory leak in the EFCH MMIO support
+  (bsc#1012628).
+- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
+- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
+- ARM: dts: stm32: add missing usbh clock and fix clk order on
+  stm32mp15 (bsc#1012628).
+- ibmvnic: Properly dispose of all skbs during a failover
+  (bsc#1012628).
+- selftests: forwarding: fix flood_unicast_test when h2 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix learning_test when h1 supports
+  IFF_UNICAST_FLT (bsc#1012628).
+- selftests: forwarding: fix error message in learning_test
+  (bsc#1012628).
+- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
+- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
+  supported (bsc#1012628).
+- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
+  (bsc#1012628).
+- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
+  (bsc#1012628).
+- net/mlx5e: Fix matchall police parameters validation
+  (bsc#1012628).
+- mptcp: Avoid acquiring PM lock for subflow priority changes
+  (bsc#1012628).
+- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
+  flags (bsc#1012628).
+- mptcp: fix local endpoint accounting (bsc#1012628).
+- r8169: fix accessing unset transport header (bsc#1012628).
+- i2c: cadence: Unregister the clk notifier in error path
+  (bsc#1012628).
+- net/sched: act_api: Add extack to offload_act_setup() callback
+  (bsc#1012628).
+- net/sched: act_police: Add extack messages for offload failure
+  (bsc#1012628).
+- net/sched: act_police: allow 'continue' action offload
+  (bsc#1012628).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
+- dmaengine: imx-sdma: only restart cyclic channel when enabled
+  (bsc#1012628).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (bsc#1012628).
+- misc: rtsx_usb: use separate command and response buffers
+  (bsc#1012628).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (bsc#1012628).
+- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
+  (bsc#1012628).
+- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
+  (bsc#1012628).
+- ida: don't use BUG_ON() for debugging (bsc#1012628).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (bsc#1012628).
+- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
+  (bsc#1012628).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (bsc#1012628).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (bsc#1012628).
+- dmaengine: qcom: bam_dma: fix runtime PM underflow
+  (bsc#1012628).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (bsc#1012628).
+- dmaengine: idxd: force wq context cleanup on device disable path
+  (bsc#1012628).
+- commit 0e7e901
+
+-------------------------------------------------------------------
+Fri Jul  8 07:02:15 CEST 2022 - jslaby@suse.cz
+
+- Linux 5.18.10 (bsc#1012628).
+- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
+- xen-netfront: restore __skb_queue_tail() positioning in
+  xennet_get_responses() (bsc#1012628).
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1012628).
+- xen/netfront: fix leaking data in shared pages (bsc#1012628).
+- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
+- hwmon: (ibmaem) don't call platform_device_del() if
+  platform_device_add() fails (bsc#1012628).
+- net: sparx5: mdb add/del handle non-sparx5 devices
+  (bsc#1012628).
+- net: sparx5: Add handling of host MDB entries (bsc#1012628).
+- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
+- platform/x86: panasonic-laptop: filter out duplicate volume
+  up/down/mute keypresses (bsc#1012628).
+- platform/x86: panasonic-laptop: don't report duplicate
+  brightness key-presses (bsc#1012628).
+- platform/x86: panasonic-laptop: revert "Resolve hotkey double
+  trigger bug" (bsc#1012628).
+- platform/x86: panasonic-laptop: sort includes alphabetically
+  (bsc#1012628).
+- platform/x86: panasonic-laptop: de-obfuscate button codes
+  (bsc#1012628).
+- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
+  (bsc#1012628).
+- drm/msm/gem: Fix error return on fence id alloc fail
+  (bsc#1012628).
+- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
+- drm/i915/gem: add missing else (bsc#1012628).
+- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
+  (bsc#1012628).
+- drm/msm/dpu: Increment vsync_cnt before waking up userspace
+  (bsc#1012628).
+- cifs: fix minor compile warning (bsc#1012628).
+- net: tun: avoid disabling NAPI twice (bsc#1012628).
+- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
+  (bsc#1012628).
+- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
+- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
+- nvmet: add a clear_ids attribute for passthru targets
+  (bsc#1012628).
+- fanotify: refine the validation checks on non-dir inode mask
+  (bsc#1012628).
+- tunnels: do not assume mac header is set in
+  skb_tunnel_check_pmtu() (bsc#1012628).
+- ACPI: video: Change how we determine if brightness key-presses
+  are handled (bsc#1012628).
+- nvmet-tcp: fix regression in data_digest calculation
+  (bsc#1012628).
+- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
+- cpufreq: qcom-hw: Don't do lmh things without a throttle
+  interrupt (bsc#1012628).
+- epic100: fix use after free on rmmod (bsc#1012628).
+- tipc: move bc link creation back to tipc_node_create
+  (bsc#1012628).
+- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
+  (bsc#1012628).
+- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
+  (bsc#1012628).
+- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
+  ideapad_dytc_v4_allow_table[] (bsc#1012628).
+- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
+  resource (bsc#1012628).
+- powerpc/memhotplug: Add add_pages override for PPC
+  (bsc#1012628).
+- Update config files.
+- net: dsa: felix: fix race between reading PSFP stats and port
+  stats (bsc#1012628).
+- net: bonding: fix use-after-free after 802.3ad slave unbind
+  (bsc#1012628).
+- selftests net: fix kselftest net fatal error (bsc#1012628).
+- net: phy: ax88772a: fix lost pause advertisement configuration
+  (bsc#1012628).
+- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
+- net: asix: fix "can't send until first packet is send" issue
+  (bsc#1012628).
+- net/sched: act_api: Notify user space if any actions were
+  flushed before error (bsc#1012628).
+- net/dsa/hirschmann: Add missing of_node_get() in
+  hellcreek_led_setup() (bsc#1012628).
+- netfilter: nft_dynset: restore set element counter when failing
+  to update (bsc#1012628).
+- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
+- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
+- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
+  (bsc#1012628).
+- PM / devfreq: exynos-ppmu: Fix refcount leak in
+  of_get_devfreq_events (bsc#1012628).
+- io_uring: ensure that send/sendmsg and recv/recvmsg check
+  sqe->ioprio (bsc#1012628).
+- caif_virtio: fix race between virtio_device_ready() and
+  ndo_open() (bsc#1012628).
+- vfs: fix copy_file_range() regression in cross-fs copies
+  (bsc#1012628).
+- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+  (bsc#1012628).
+- NFSD: restore EINVAL error translation in nfsd_commit()
+  (bsc#1012628).
+- NFS: restore module put when manager exits (bsc#1012628).
+- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+  (bsc#1012628).
+- hwmon: (occ) Prevent power cap command overwriting poll response
+  (bsc#1012628).
+- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
+  (bsc#1012628).
+- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
+- selftests: mptcp: more stable diag tests (bsc#1012628).
+- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
+- usbnet: fix memory allocation in helpers (bsc#1012628).
+- net: usb: asix: do not force pause frames support (bsc#1012628).
+- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
+- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
+- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
+- net: dp83822: disable rx error interrupt (bsc#1012628).
+- net: dp83822: disable false carrier interrupt (bsc#1012628).
+- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
+- net: tun: stop NAPI when detaching queues (bsc#1012628).
+- net: tun: unlink NAPI from device on destruction (bsc#1012628).
+- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
+- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
+  (bsc#1012628).
+- virtio-net: fix race between ndo_open() and
+  virtio_device_ready() (bsc#1012628).
+- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
+- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
+- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
+- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
+- dm raid: fix accesses beyond end of raid member array
+  (bsc#1012628).
+- cpufreq: amd-pstate: Add resume and suspend callbacks
+  (bsc#1012628).
+- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
+- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
+  (bsc#1012628).
+- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
+- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
+- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
+- ceph: wait on async create before checking caps for syncfs
+  (bsc#1012628).
+- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
+  (bsc#1012628).
+- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
+  (AKA SPECTRIX S40G) (bsc#1012628).
+- s390/archrandom: simplify back to earlier design and initialize
+  earlier (bsc#1012628).
+- net: phy: Don't trigger state machine while in suspend
+  (bsc#1012628).
+- ipv6: take care of disable_policy when restoring routes
+  (bsc#1012628).
+- ksmbd: use vfs_llseek instead of dereferencing NULL
+  (bsc#1012628).
+- ksmbd: check invalid FileOffset and BeyondFinalZero in
+  FSCTL_ZERO_DATA (bsc#1012628).
+- ksmbd: set the range of bytes to zero without extending file
+  size in FSCTL_ZERO_DATA (bsc#1012628).
+- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
+  (bsc#1012628).
+- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
+  (bsc#1012628).
+- drm/amdgpu: fix adev variable used in
+  amdgpu_device_gpu_recover() (bsc#1012628).
+- commit 97c4fd2
+
+-------------------------------------------------------------------
 Tue Jul  5 17:41:39 CEST 2022 - tzimmermann@suse.de
 
 - drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
diff --git a/kernel-zfcpdump.spec b/kernel-zfcpdump.spec
index 31533c4..a54631d 100644
--- a/kernel-zfcpdump.spec
+++ b/kernel-zfcpdump.spec
@@ -18,7 +18,7 @@
 
 
 %define srcversion 5.18
-%define patchversion 5.18.9
+%define patchversion 5.18.11
 %define variant %{nil}
 %define vanilla_only 0
 %define compress_modules zstd
@@ -107,9 +107,9 @@ Name:           kernel-zfcpdump
 Summary:        The IBM System Z zfcpdump Kernel
 License:        GPL-2.0-only
 Group:          System/Kernel
-Version:        5.18.9
+Version:        5.18.11
 %if 0%{?is_kotd}
-Release:        <RELEASE>.ga7c5f9c
+Release:        <RELEASE>.g4fcb983
 %else
 Release:        0
 %endif
@@ -234,10 +234,10 @@ Conflicts:      hyper-v < 4
 Conflicts:      libc.so.6()(64bit)
 %endif
 Provides:       kernel = %version-%source_rel
-Provides:       kernel-%build_flavor-base-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
-Provides:       kernel-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       kernel-%build_flavor-base-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
+Provides:       kernel-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 # END COMMON DEPS
-Provides:       %name-srchash-a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+Provides:       %name-srchash-4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 %obsolete_rebuilds %name
 Source0:        https://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz
 Source3:        kernel-source.rpmlintrc
diff --git a/patches.kernel.org.tar.bz2 b/patches.kernel.org.tar.bz2
index 1156a5c..7277e44 120000
--- a/patches.kernel.org.tar.bz2
+++ b/patches.kernel.org.tar.bz2
@@ -1 +1 @@
-/ipfs/bafybeiht4s22ojd437owjtco3e6b6l7hammvm3cm45za22vzk3ctvgch5q
\ No newline at end of file
+/ipfs/bafybeifuyrvjmtcocuoiuzx6h7abtsdeihrgw2rqtkrrib3eao3jl23wbu
\ No newline at end of file
diff --git a/patches.rpmify.tar.bz2 b/patches.rpmify.tar.bz2
index 5b2ce82..9fc7082 120000
--- a/patches.rpmify.tar.bz2
+++ b/patches.rpmify.tar.bz2
@@ -1 +1 @@
-/ipfs/bafkreidmqyxattum6guyrbdagmt3selrqypy3gjreiqxsdrz3e3c3ri3ai
\ No newline at end of file
+/ipfs/bafkreibkh36rptpgvea37zcha5kxr7mabxnsv2orhd5dhdjcrkyzyef6mq
\ No newline at end of file
diff --git a/patches.suse.tar.bz2 b/patches.suse.tar.bz2
index de11512..94ea283 120000
--- a/patches.suse.tar.bz2
+++ b/patches.suse.tar.bz2
@@ -1 +1 @@
-/ipfs/bafkreiaixmz44l7bprskuxgzabmzxxp7uztyrqne37ibq7ri3r54nfxhqi
\ No newline at end of file
+/ipfs/bafkreib4ri6u2awdpeacmqdwqly5nwjfe26v7pu2nbeorueqypzcv3oium
\ No newline at end of file
diff --git a/series.conf b/series.conf
index 7bd7ee1..1fcaf4f 100644
--- a/series.conf
+++ b/series.conf
@@ -1723,6 +1723,283 @@
 	patches.kernel.org/5.18.9-005-powerpc-ftrace-Remove-ftrace-init-tramp-once-k.patch
 	patches.kernel.org/5.18.9-006-io_uring-fix-not-locked-access-to-fixed-buf-ta.patch
 	patches.kernel.org/5.18.9-007-Linux-5.18.9.patch
+	patches.kernel.org/5.18.10-001-drm-amdgpu-fix-adev-variable-used-in-amdgpu_d.patch
+	patches.kernel.org/5.18.10-002-Revert-drm-amdgpu-display-set-vblank_disable_.patch
+	patches.kernel.org/5.18.10-003-drm-amdgpu-To-flush-tlb-for-MMHUB-of-RAVEN-se.patch
+	patches.kernel.org/5.18.10-004-ksmbd-set-the-range-of-bytes-to-zero-without-.patch
+	patches.kernel.org/5.18.10-005-ksmbd-check-invalid-FileOffset-and-BeyondFina.patch
+	patches.kernel.org/5.18.10-006-ksmbd-use-vfs_llseek-instead-of-dereferencing.patch
+	patches.kernel.org/5.18.10-007-ipv6-take-care-of-disable_policy-when-restori.patch
+	patches.kernel.org/5.18.10-008-net-phy-Don-t-trigger-state-machine-while-in-.patch
+	patches.kernel.org/5.18.10-009-s390-archrandom-simplify-back-to-earlier-desi.patch
+	patches.kernel.org/5.18.10-010-nvme-pci-add-NVME_QUIRK_BOGUS_NID-for-ADATA-X.patch
+	patches.kernel.org/5.18.10-011-nvme-pci-add-NVME_QUIRK_BOGUS_NID-for-ADATA-I.patch
+	patches.kernel.org/5.18.10-012-nvdimm-Fix-badblocks-clear-off-by-one-error.patch
+	patches.kernel.org/5.18.10-013-ceph-wait-on-async-create-before-checking-cap.patch
+	patches.kernel.org/5.18.10-014-parisc-Fix-vDSO-signal-breakage-on-32-bit-ker.patch
+	patches.kernel.org/5.18.10-015-parisc-unaligned-Fix-emulate_ldw-breakage.patch
+	patches.kernel.org/5.18.10-016-powerpc-prom_init-Fix-kernel-config-grep.patch
+	patches.kernel.org/5.18.10-017-powerpc-book3e-Fix-PUD-allocation-size-in-map.patch
+	patches.kernel.org/5.18.10-018-powerpc-bpf-Fix-use-of-user_pt_regs-in-uapi.patch
+	patches.kernel.org/5.18.10-019-cpufreq-amd-pstate-Add-resume-and-suspend-cal.patch
+	patches.kernel.org/5.18.10-020-dm-raid-fix-accesses-beyond-end-of-raid-membe.patch
+	patches.kernel.org/5.18.10-021-dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch
+	patches.kernel.org/5.18.10-022-SUNRPC-Fix-READ_PLUS-crasher.patch
+	patches.kernel.org/5.18.10-023-net-rose-fix-UAF-bugs-caused-by-timer-handler.patch
+	patches.kernel.org/5.18.10-024-net-usb-ax88179_178a-Fix-packet-receiving.patch
+	patches.kernel.org/5.18.10-025-virtio-net-fix-race-between-ndo_open-and-virt.patch
+	patches.kernel.org/5.18.10-026-selftests-net-pass-ipv6_args-to-udpgso_bench-.patch
+	patches.kernel.org/5.18.10-027-net-dsa-bcm_sf2-force-pause-link-settings.patch
+	patches.kernel.org/5.18.10-028-net-tun-unlink-NAPI-from-device-on-destructio.patch
+	patches.kernel.org/5.18.10-029-net-tun-stop-NAPI-when-detaching-queues.patch
+	patches.kernel.org/5.18.10-030-net-fix-IFF_TX_SKB_NO_LINEAR-definition.patch
+	patches.kernel.org/5.18.10-031-net-dp83822-disable-false-carrier-interrupt.patch
+	patches.kernel.org/5.18.10-032-net-dp83822-disable-rx-error-interrupt.patch
+	patches.kernel.org/5.18.10-033-RDMA-qedr-Fix-reporting-QP-timeout-attribute.patch
+	patches.kernel.org/5.18.10-034-RDMA-cm-Fix-memory-leak-in-ib_cm_insert_liste.patch
+	patches.kernel.org/5.18.10-035-linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch
+	patches.kernel.org/5.18.10-036-net-usb-asix-do-not-force-pause-frames-suppor.patch
+	patches.kernel.org/5.18.10-037-usbnet-fix-memory-allocation-in-helpers.patch
+	patches.kernel.org/5.18.10-038-mptcp-fix-race-on-unaccepted-mptcp-sockets.patch
+	patches.kernel.org/5.18.10-039-selftests-mptcp-more-stable-diag-tests.patch
+	patches.kernel.org/5.18.10-040-mptcp-fix-conflict-with-netinet-in.h.patch
+	patches.kernel.org/5.18.10-041-selftests-mptcp-Initialize-variables-to-quiet.patch
+	patches.kernel.org/5.18.10-042-hwmon-occ-Prevent-power-cap-command-overwriti.patch
+	patches.kernel.org/5.18.10-043-net-ipv6-unexport-__init-annotated-seg6_hmac_.patch
+	patches.kernel.org/5.18.10-044-NFS-restore-module-put-when-manager-exits.patch
+	patches.kernel.org/5.18.10-045-NFSD-restore-EINVAL-error-translation-in-nfsd.patch
+	patches.kernel.org/5.18.10-046-NFSv4-Add-an-fattr-allocation-to-_nfs4_discov.patch
+	patches.kernel.org/5.18.10-047-vfs-fix-copy_file_range-regression-in-cross-f.patch
+	patches.kernel.org/5.18.10-048-caif_virtio-fix-race-between-virtio_device_re.patch
+	patches.kernel.org/5.18.10-049-io_uring-ensure-that-send-sendmsg-and-recv-re.patch
+	patches.kernel.org/5.18.10-050-PM-devfreq-exynos-ppmu-Fix-refcount-leak-in-o.patch
+	patches.kernel.org/5.18.10-051-lib-sbitmap-Fix-invalid-loop-in-__sbitmap_que.patch
+	patches.kernel.org/5.18.10-052-vdpa-mlx5-Update-Control-VQ-callback-informat.patch
+	patches.kernel.org/5.18.10-053-s390-remove-unneeded-select-BUILD_BIN2C.patch
+	patches.kernel.org/5.18.10-054-netfilter-nft_dynset-restore-set-element-coun.patch
+	patches.kernel.org/5.18.10-055-net-dsa-hirschmann-Add-missing-of_node_get-in.patch
+	patches.kernel.org/5.18.10-056-net-sched-act_api-Notify-user-space-if-any-ac.patch
+	patches.kernel.org/5.18.10-057-net-asix-fix-can-t-send-until-first-packet-is.patch
+	patches.kernel.org/5.18.10-058-net-bonding-fix-possible-NULL-deref-in-rlb-co.patch
+	patches.kernel.org/5.18.10-059-net-phy-ax88772a-fix-lost-pause-advertisement.patch
+	patches.kernel.org/5.18.10-060-selftests-net-fix-kselftest-net-fatal-error.patch
+	patches.kernel.org/5.18.10-061-net-bonding-fix-use-after-free-after-802.3ad-.patch
+	patches.kernel.org/5.18.10-062-net-dsa-felix-fix-race-between-reading-PSFP-s.patch
+	patches.kernel.org/5.18.10-063-powerpc-memhotplug-Add-add_pages-override-for.patch
+	patches.kernel.org/5.18.10-064-platform-x86-thinkpad_acpi-Fix-a-memory-leak-.patch
+	patches.kernel.org/5.18.10-065-platform-x86-ideapad-laptop-Add-Ideapad-5-15I.patch
+	patches.kernel.org/5.18.10-066-nfc-nfcmrvl-Fix-irq_of_parse_and_map-return-v.patch
+	patches.kernel.org/5.18.10-067-NFC-nxp-nci-Don-t-issue-a-zero-length-i2c_mas.patch
+	patches.kernel.org/5.18.10-068-tipc-move-bc-link-creation-back-to-tipc_node_.patch
+	patches.kernel.org/5.18.10-069-epic100-fix-use-after-free-on-rmmod.patch
+	patches.kernel.org/5.18.10-070-cpufreq-qcom-hw-Don-t-do-lmh-things-without-a.patch
+	patches.kernel.org/5.18.10-071-tcp-add-a-missing-nf_reset_ct-in-3WHS-handlin.patch
+	patches.kernel.org/5.18.10-072-nvmet-tcp-fix-regression-in-data_digest-calcu.patch
+	patches.kernel.org/5.18.10-073-ACPI-video-Change-how-we-determine-if-brightn.patch
+	patches.kernel.org/5.18.10-074-tunnels-do-not-assume-mac-header-is-set-in-sk.patch
+	patches.kernel.org/5.18.10-075-fanotify-refine-the-validation-checks-on-non-.patch
+	patches.kernel.org/5.18.10-076-nvmet-add-a-clear_ids-attribute-for-passthru-.patch
+	patches.kernel.org/5.18.10-077-ipv6-sit-fix-ipip6_tunnel_get_prl-return-valu.patch
+	patches.kernel.org/5.18.10-078-ipv6-fix-lockdep-splat-in-in6_dump_addrs.patch
+	patches.kernel.org/5.18.10-079-mlxsw-spectrum_router-Fix-rollback-in-tunnel-.patch
+	patches.kernel.org/5.18.10-080-net-tun-avoid-disabling-NAPI-twice.patch
+	patches.kernel.org/5.18.10-081-cifs-fix-minor-compile-warning.patch
+	patches.kernel.org/5.18.10-082-drm-msm-dpu-Increment-vsync_cnt-before-waking.patch
+	patches.kernel.org/5.18.10-083-platform-x86-ideapad-laptop-Add-allow_v4_dytc.patch
+	patches.kernel.org/5.18.10-084-drm-i915-gem-add-missing-else.patch
+	patches.kernel.org/5.18.10-085-drm-i915-dgfx-Disable-d3cold-at-gfx-root-port.patch
+	patches.kernel.org/5.18.10-086-drm-msm-gem-Fix-error-return-on-fence-id-allo.patch
+	patches.kernel.org/5.18.10-087-drivers-cpufreq-Add-missing-of_node_put-in-qo.patch
+	patches.kernel.org/5.18.10-088-platform-x86-panasonic-laptop-de-obfuscate-bu.patch
+	patches.kernel.org/5.18.10-089-platform-x86-panasonic-laptop-sort-includes-a.patch
+	patches.kernel.org/5.18.10-090-platform-x86-panasonic-laptop-revert-Resolve-.patch
+	patches.kernel.org/5.18.10-091-platform-x86-panasonic-laptop-don-t-report-du.patch
+	patches.kernel.org/5.18.10-092-platform-x86-panasonic-laptop-filter-out-dupl.patch
+	patches.kernel.org/5.18.10-093-drm-fourcc-fix-integer-type-usage-in-uapi-hea.patch
+	patches.kernel.org/5.18.10-094-net-sparx5-Add-handling-of-host-MDB-entries.patch
+	patches.kernel.org/5.18.10-095-net-sparx5-mdb-add-del-handle-non-sparx5-devi.patch
+	patches.kernel.org/5.18.10-096-hwmon-ibmaem-don-t-call-platform_device_del-i.patch
+	patches.kernel.org/5.18.10-097-xen-blkfront-fix-leaking-data-in-shared-pages.patch
+	patches.kernel.org/5.18.10-098-xen-netfront-fix-leaking-data-in-shared-pages.patch
+	patches.kernel.org/5.18.10-099-xen-netfront-force-data-bouncing-when-backend.patch
+	patches.kernel.org/5.18.10-100-xen-blkfront-force-data-bouncing-when-backend.patch
+	patches.kernel.org/5.18.10-101-xen-netfront-restore-__skb_queue_tail-positio.patch
+	patches.kernel.org/5.18.10-102-xen-arm-Fix-race-in-RB-tree-based-P2M-account.patch
+	patches.kernel.org/5.18.10-103-Linux-5.18.10.patch
+	patches.kernel.org/5.18.11-001-io_uring-fix-provided-buffer-import.patch
+	patches.kernel.org/5.18.11-002-ALSA-usb-audio-Workarounds-for-Behringer-UMC-.patch
+	patches.kernel.org/5.18.11-003-ALSA-hda-realtek-Add-quirk-for-Clevo-L140PU.patch
+	patches.kernel.org/5.18.11-004-ALSA-cs46xx-Fix-missing-snd_card_free-call-at.patch
+	patches.kernel.org/5.18.11-005-can-bcm-use-call_rcu-instead-of-costly-synchr.patch
+	patches.kernel.org/5.18.11-006-can-grcan-grcan_probe-remove-extra-of_node_ge.patch
+	patches.kernel.org/5.18.11-007-can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
+	patches.kernel.org/5.18.11-008-can-m_can-m_can_chip_config-actually-enable-i.patch
+	patches.kernel.org/5.18.11-009-can-m_can-m_can_-read_fifo-echo_tx_event-shif.patch
+	patches.kernel.org/5.18.11-010-can-kvaser_usb-replace-run-time-checks-with-s.patch
+	patches.kernel.org/5.18.11-011-can-kvaser_usb-kvaser_usb_leaf-fix-CAN-clock-.patch
+	patches.kernel.org/5.18.11-012-can-kvaser_usb-kvaser_usb_leaf-fix-bittiming-.patch
+	patches.kernel.org/5.18.11-013-can-mcp251xfd-mcp251xfd_regmap_crc_read-impro.patch
+	patches.kernel.org/5.18.11-014-can-mcp251xfd-mcp251xfd_regmap_crc_read-updat.patch
+	patches.kernel.org/5.18.11-015-can-mcp251xfd-mcp251xfd_stop-add-missing-hrti.patch
+	patches.kernel.org/5.18.11-016-bpf-Fix-incorrect-verifier-simulation-around-.patch
+	patches.kernel.org/5.18.11-017-bpf-Fix-insufficient-bounds-propagation-from-.patch
+	patches.kernel.org/5.18.11-018-usbnet-fix-memory-leak-in-error-case.patch
+	patches.kernel.org/5.18.11-019-net-rose-fix-UAF-bug-caused-by-rose_t0timer_e.patch
+	patches.kernel.org/5.18.11-020-net-lan966x-hardcode-the-number-of-external-p.patch
+	patches.kernel.org/5.18.11-021-netfilter-nft_set_pipapo-release-elements-in-.patch
+	patches.kernel.org/5.18.11-022-netfilter-nf_tables-stricter-validation-of-el.patch
+	patches.kernel.org/5.18.11-023-selftests-net-fix-section-name-when-using-xdp.patch
+	patches.kernel.org/5.18.11-024-can-mcp251xfd-mcp251xfd_register_get_dev_id-u.patch
+	patches.kernel.org/5.18.11-025-can-mcp251xfd-mcp251xfd_register_get_dev_id-f.patch
+	patches.kernel.org/5.18.11-026-can-rcar_canfd-Fix-data-transmission-failed-o.patch
+	patches.kernel.org/5.18.11-027-ASoC-qdsp6-q6apm-dai-unprepare-stream-if-its-.patch
+	patches.kernel.org/5.18.11-028-MAINTAINERS-Remove-iommu-lists.linux-foundati.patch
+	patches.kernel.org/5.18.11-029-iommu-vt-d-Fix-PCI-bus-rescan-device-hot-add.patch
+	patches.kernel.org/5.18.11-030-iommu-vt-d-Fix-RID2PASID-setup-teardown-failu.patch
+	patches.kernel.org/5.18.11-031-cxl-mbox-Use-__le32-in-get-set_lsa-mailbox-st.patch
+	patches.kernel.org/5.18.11-032-cxl-Fix-cleanup-of-port-devices-on-failure-to.patch
+	patches.kernel.org/5.18.11-033-fbdev-fbmem-Fix-logo-center-image-dx-issue.patch
+	patches.kernel.org/5.18.11-034-fbmem-Check-virtual-screen-sizes-in-fb_set_va.patch
+	patches.kernel.org/5.18.11-035-fbcon-Disallow-setting-font-bigger-than-scree.patch
+	patches.kernel.org/5.18.11-036-fbcon-Prevent-that-screen-size-is-smaller-tha.patch
+	patches.kernel.org/5.18.11-037-PM-runtime-Redefine-pm_runtime_release_suppli.patch
+	patches.kernel.org/5.18.11-038-PM-runtime-Fix-supplier-device-management-dur.patch
+	patches.kernel.org/5.18.11-039-memregion-Fix-memregion_free-fallback-definit.patch
+	patches.kernel.org/5.18.11-040-video-of_display_timing.h-include-errno.h.patch
+	patches.kernel.org/5.18.11-041-fscache-Fix-invalidation-lookup-race.patch
+	patches.kernel.org/5.18.11-042-fscache-Fix-if-condition-in-fscache_wait_on_v.patch
+	patches.kernel.org/5.18.11-043-powerpc-powernv-delay-rng-platform-device-cre.patch
+	patches.kernel.org/5.18.11-044-net-dsa-qca8k-reset-cpu-port-on-MTU-change.patch
+	patches.kernel.org/5.18.11-045-ARM-meson-Fix-refcount-leak-in-meson_smp_prep.patch
+	patches.kernel.org/5.18.11-046-pinctrl-sunxi-a83t-Fix-NAND-function-name-for.patch
+	patches.kernel.org/5.18.11-047-srcu-Tighten-cleanup_srcu_struct-GP-checks.patch
+	patches.kernel.org/5.18.11-048-ASoC-rt711-Add-endianness-flag-in-snd_soc_com.patch
+	patches.kernel.org/5.18.11-049-ASoC-rt711-sdca-Add-endianness-flag-in-snd_so.patch
+	patches.kernel.org/5.18.11-050-ASoC-codecs-rt700-rt711-rt711-sdca-resume-bus.patch
+	patches.kernel.org/5.18.11-051-ASoC-SOF-ipc3-topology-Move-and-correct-size-.patch
+	patches.kernel.org/5.18.11-052-ASoC-SOF-Intel-hda-Fix-compressed-stream-posi.patch
+	patches.kernel.org/5.18.11-053-arm64-dts-qcom-sm8450-fix-interconnects-prope.patch
+	patches.kernel.org/5.18.11-054-arm64-dts-qcom-msm8994-Fix-CPU6-7-reg-values.patch
+	patches.kernel.org/5.18.11-055-arm64-dts-qcom-sdm845-use-dispcc-AHB-clock-fo.patch
+	patches.kernel.org/5.18.11-056-ARM-mxs_defconfig-Enable-the-framebuffer.patch
+	patches.kernel.org/5.18.11-057-arm64-dts-imx8mp-evk-correct-mmc-pad-settings.patch
+	patches.kernel.org/5.18.11-058-arm64-dts-imx8mp-evk-correct-the-uart2-pinctl.patch
+	patches.kernel.org/5.18.11-059-arm64-dts-imx8mp-evk-correct-gpio-led-pad-set.patch
+	patches.kernel.org/5.18.11-060-arm64-dts-imx8mp-evk-correct-vbus-pad-setting.patch
+	patches.kernel.org/5.18.11-061-arm64-dts-imx8mp-evk-correct-eqos-pad-setting.patch
+	patches.kernel.org/5.18.11-062-arm64-dts-imx8mp-evk-correct-I2C5-pad-setting.patch
+	patches.kernel.org/5.18.11-063-arm64-dts-imx8mp-evk-correct-I2C1-pad-setting.patch
+	patches.kernel.org/5.18.11-064-arm64-dts-imx8mp-evk-correct-I2C3-pad-setting.patch
+	patches.kernel.org/5.18.11-065-arm64-dts-imx8mp-phyboard-pollux-rdk-correct-.patch
+	patches.kernel.org/5.18.11-066-arm64-dts-imx8mp-phyboard-pollux-rdk-correct-.patch
+	patches.kernel.org/5.18.11-067-arm64-dts-imx8mp-phyboard-pollux-rdk-correct-.patch
+	patches.kernel.org/5.18.11-068-pinctrl-sunxi-sunxi_pconf_set-use-correct-off.patch
+	patches.kernel.org/5.18.11-069-arm64-dts-qcom-msm8992-Fix-vdd_lvs1_2-supply-.patch
+	patches.kernel.org/5.18.11-070-ARM-at91-pm-use-proper-compatible-for-sama5d2.patch
+	patches.kernel.org/5.18.11-071-ARM-at91-pm-use-proper-compatibles-for-sam9x6.patch
+	patches.kernel.org/5.18.11-072-ARM-at91-pm-use-proper-compatibles-for-sama7g.patch
+	patches.kernel.org/5.18.11-073-ARM-dts-at91-sam9x60ek-fix-eeprom-compatible-.patch
+	patches.kernel.org/5.18.11-074-ARM-dts-at91-sama5d2_icp-fix-eeprom-compatibl.patch
+	patches.kernel.org/5.18.11-075-ARM-at91-fix-soc-detection-for-SAM9X60-SiPs.patch
+	patches.kernel.org/5.18.11-076-xsk-Clear-page-contiguity-bit-when-unmapping-.patch
+	patches.kernel.org/5.18.11-077-i2c-piix4-Fix-a-memory-leak-in-the-EFCH-MMIO-.patch
+	patches.kernel.org/5.18.11-078-i40e-Fix-dropped-jumbo-frames-statistics.patch
+	patches.kernel.org/5.18.11-079-i40e-Fix-VF-s-MAC-Address-change-on-VM.patch
+	patches.kernel.org/5.18.11-080-ARM-dts-stm32-add-missing-usbh-clock-and-fix-.patch
+	patches.kernel.org/5.18.11-081-ibmvnic-Properly-dispose-of-all-skbs-during-a.patch
+	patches.kernel.org/5.18.11-082-selftests-forwarding-fix-flood_unicast_test-w.patch
+	patches.kernel.org/5.18.11-083-selftests-forwarding-fix-learning_test-when-h.patch
+	patches.kernel.org/5.18.11-084-selftests-forwarding-fix-error-message-in-lea.patch
+	patches.kernel.org/5.18.11-085-ACPI-CPPC-Check-_OSC-for-flexible-address-spa.patch
+	patches.kernel.org/5.18.11-086-ACPI-bus-Set-CPPC-_OSC-bits-for-all-and-when-.patch
+	patches.kernel.org/5.18.11-087-ACPI-CPPC-Only-probe-for-_CPC-if-CPPC-v2-is-a.patch
+	patches.kernel.org/5.18.11-088-ACPI-CPPC-Don-t-require-_OSC-if-X86_FEATURE_C.patch
+	patches.kernel.org/5.18.11-089-net-mlx5e-Fix-matchall-police-parameters-vali.patch
+	patches.kernel.org/5.18.11-090-mptcp-Avoid-acquiring-PM-lock-for-subflow-pri.patch
+	patches.kernel.org/5.18.11-091-mptcp-Acquire-the-subflow-socket-lock-before-.patch
+	patches.kernel.org/5.18.11-092-mptcp-fix-local-endpoint-accounting.patch
+	patches.kernel.org/5.18.11-093-r8169-fix-accessing-unset-transport-header.patch
+	patches.kernel.org/5.18.11-094-i2c-cadence-Unregister-the-clk-notifier-in-er.patch
+	patches.kernel.org/5.18.11-095-net-sched-act_api-Add-extack-to-offload_act_s.patch
+	patches.kernel.org/5.18.11-096-net-sched-act_police-Add-extack-messages-for-.patch
+	patches.kernel.org/5.18.11-097-net-sched-act_police-allow-continue-action-of.patch
+	patches.kernel.org/5.18.11-098-dmaengine-imx-sdma-Allow-imx8m-for-imx7-FW-re.patch
+	patches.kernel.org/5.18.11-099-dmaengine-imx-sdma-only-restart-cyclic-channe.patch
+	patches.kernel.org/5.18.11-100-misc-rtsx_usb-fix-use-of-dma-mapped-buffer-fo.patch
+	patches.kernel.org/5.18.11-101-misc-rtsx_usb-use-separate-command-and-respon.patch
+	patches.kernel.org/5.18.11-102-misc-rtsx_usb-set-return-value-in-rsp_buf-all.patch
+	patches.kernel.org/5.18.11-103-dmaengine-dw-axi-dmac-Fix-RMW-on-channel-susp.patch
+	patches.kernel.org/5.18.11-104-dt-bindings-dma-allwinner-sun50i-a64-dma-Fix-.patch
+	patches.kernel.org/5.18.11-105-ida-don-t-use-BUG_ON-for-debugging.patch
+	patches.kernel.org/5.18.11-106-dmaengine-pl330-Fix-lockdep-warning-about-non.patch
+	patches.kernel.org/5.18.11-107-dmaengine-lgm-Fix-an-error-handling-path-in-i.patch
+	patches.kernel.org/5.18.11-108-dmaengine-at_xdma-handle-errors-of-at_xdmac_a.patch
+	patches.kernel.org/5.18.11-109-dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xba.patch
+	patches.kernel.org/5.18.11-110-dmaengine-qcom-bam_dma-fix-runtime-PM-underfl.patch
+	patches.kernel.org/5.18.11-111-dmaengine-ti-Add-missing-put_device-in-ti_dra.patch
+	patches.kernel.org/5.18.11-112-dmaengine-idxd-force-wq-context-cleanup-on-de.patch
+	patches.kernel.org/5.18.11-113-Linux-5.18.11.patch
+	patches.kernel.org/5.18.12-001-x86-traps-Use-pt_regs-directly-in-fixup_bad_i.patch
+	patches.kernel.org/5.18.12-002-x86-entry-Switch-the-stack-after-error_entry-.patch
+	patches.kernel.org/5.18.12-003-x86-entry-Move-PUSH_AND_CLEAR_REGS-out-of-err.patch
+	patches.kernel.org/5.18.12-004-x86-entry-Don-t-call-error_entry-for-XENPV.patch
+	patches.kernel.org/5.18.12-005-x86-entry-Remove-skip_r11rcx.patch
+	patches.kernel.org/5.18.12-006-x86-kvm-vmx-Make-noinstr-clean.patch
+	patches.kernel.org/5.18.12-007-x86-cpufeatures-Move-RETPOLINE-flags-to-word-.patch
+	patches.kernel.org/5.18.12-008-x86-retpoline-Cleanup-some-ifdefery.patch
+	patches.kernel.org/5.18.12-009-x86-retpoline-Swizzle-retpoline-thunk.patch
+	patches.kernel.org/5.18.12-010-x86-retpoline-Use-mfunction-return.patch
+	patches.kernel.org/5.18.12-011-x86-Undo-return-thunk-damage.patch
+	patches.kernel.org/5.18.12-012-x86-objtool-Create-.return_sites.patch
+	patches.kernel.org/5.18.12-013-objtool-skip-non-text-sections-when-adding-re.patch
+	patches.kernel.org/5.18.12-014-x86-static_call-Use-alternative-RET-encoding.patch
+	patches.kernel.org/5.18.12-015-x86-ftrace-Use-alternative-RET-encoding.patch
+	patches.kernel.org/5.18.12-016-x86-bpf-Use-alternative-RET-encoding.patch
+	patches.kernel.org/5.18.12-017-x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch
+	patches.kernel.org/5.18.12-018-x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall.patch
+	patches.kernel.org/5.18.12-019-x86-sev-Avoid-using-__x86_return_thunk.patch
+	patches.kernel.org/5.18.12-020-x86-Use-return-thunk-in-asm-code.patch
+	patches.kernel.org/5.18.12-021-x86-entry-Avoid-very-early-RET.patch
+	patches.kernel.org/5.18.12-022-objtool-Treat-.text.__x86.-as-noinstr.patch
+	patches.kernel.org/5.18.12-023-x86-Add-magic-AMD-return-thunk.patch
+	patches.kernel.org/5.18.12-024-x86-bugs-Report-AMD-retbleed-vulnerability.patch
+	patches.kernel.org/5.18.12-025-x86-bugs-Add-AMD-retbleed-boot-parameter.patch
+	patches.kernel.org/5.18.12-026-x86-bugs-Enable-STIBP-for-JMP2RET.patch
+	patches.kernel.org/5.18.12-027-x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch
+	patches.kernel.org/5.18.12-028-x86-entry-Add-kernel-IBRS-implementation.patch
+	patches.kernel.org/5.18.12-029-x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch
+	patches.kernel.org/5.18.12-030-x86-speculation-Add-spectre_v2-ibrs-option-to.patch
+	patches.kernel.org/5.18.12-031-x86-bugs-Split-spectre_v2_select_mitigation-a.patch
+	patches.kernel.org/5.18.12-032-x86-bugs-Report-Intel-retbleed-vulnerability.patch
+	patches.kernel.org/5.18.12-033-intel_idle-Disable-IBRS-during-long-idle.patch
+	patches.kernel.org/5.18.12-034-objtool-Update-Retpoline-validation.patch
+	patches.kernel.org/5.18.12-035-x86-xen-Rename-SYS-entry-points.patch
+	patches.kernel.org/5.18.12-036-x86-xen-Add-UNTRAIN_RET.patch
+	patches.kernel.org/5.18.12-037-x86-bugs-Add-retbleed-ibpb.patch
+	patches.kernel.org/5.18.12-038-x86-bugs-Do-IBPB-fallback-check-only-once.patch
+	patches.kernel.org/5.18.12-039-objtool-Add-entry-UNRET-validation.patch
+	patches.kernel.org/5.18.12-040-x86-cpu-amd-Add-Spectral-Chicken.patch
+	patches.kernel.org/5.18.12-041-x86-speculation-Fix-RSB-filling-with-CONFIG_R.patch
+	patches.kernel.org/5.18.12-042-x86-speculation-Fix-firmware-entry-SPEC_CTRL-.patch
+	patches.kernel.org/5.18.12-043-x86-speculation-Fix-SPEC_CTRL-write-on-SMT-st.patch
+	patches.kernel.org/5.18.12-044-x86-speculation-Use-cached-host-SPEC_CTRL-val.patch
+	patches.kernel.org/5.18.12-045-x86-speculation-Remove-x86_spec_ctrl_mask.patch
+	patches.kernel.org/5.18.12-046-objtool-Re-add-UNWIND_HINT_-SAVE_RESTORE.patch
+	patches.kernel.org/5.18.12-047-KVM-VMX-Flatten-__vmx_vcpu_run.patch
+	patches.kernel.org/5.18.12-048-KVM-VMX-Convert-launched-argument-to-flags.patch
+	patches.kernel.org/5.18.12-049-KVM-VMX-Prevent-guest-RSB-poisoning-attacks-w.patch
+	patches.kernel.org/5.18.12-050-KVM-VMX-Fix-IBRS-handling-after-vmexit.patch
+	patches.kernel.org/5.18.12-051-x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch
+	patches.kernel.org/5.18.12-052-KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch
+	patches.kernel.org/5.18.12-053-x86-common-Stamp-out-the-stepping-madness.patch
+	patches.kernel.org/5.18.12-054-x86-cpu-amd-Enumerate-BTC_NO.patch
+	patches.kernel.org/5.18.12-055-x86-retbleed-Add-fine-grained-Kconfig-knobs.patch
+	patches.kernel.org/5.18.12-056-x86-bugs-Add-Cannon-lake-to-RETBleed-affected.patch
+	patches.kernel.org/5.18.12-057-x86-entry-Move-PUSH_AND_CLEAR_REGS-back-into-.patch
+	patches.kernel.org/5.18.12-058-x86-bugs-Do-not-enable-IBPB-on-entry-when-IBP.patch
+	patches.kernel.org/5.18.12-059-x86-kexec-Disable-RET-on-kexec.patch
+	patches.kernel.org/5.18.12-060-x86-speculation-Disable-RRSBA-behavior.patch
+	patches.kernel.org/5.18.12-061-x86-static_call-Serialize-__static_call_fixup.patch
 
 	########################################################
 	# Build fixes that apply to the vanilla kernel too.
@@ -1734,6 +2011,7 @@
 	patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch
 	patches.rpmify/BTF-Don-t-break-ABI-when-debuginfo-is-disabled.patch
 	patches.rpmify/scripts-dummy-tools-add-pahole.patch
+	patches.rpmify/x86-asm-32-fix-ANNOTATE_UNRET_SAFE-use-on-32bit.patch
 
 	########################################################
 	# The sorted section should contain all patches that are
@@ -1751,10 +2029,12 @@
 	########################################################
 	# sorted patches
 	########################################################
+	patches.suse/x86-mm-Simplify-RESERVE_BRK.patch
 	patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch
 	patches.suse/0001-drm-format-helper-Print-warning-on-missing-format-co.patch
 	patches.suse/0001-drm-format-helper-Add-RGB888-to-XRGB8888-conversion.patch
 	patches.suse/0001-drm-format-helper-Add-RGB565-to-XRGB8888-conversion.patch
+	patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch
 
 	# git://anongit.freedesktop.org/drm/drm.git drm-next
 	patches.suse/0001-firmware-sysfb-Make-sysfb_create_simplefb-return-a-p.patch
@@ -1766,9 +2046,6 @@
 	patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch
 	patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch
 
-	# git://anongit.freedesktop.org/drm/drm.git drm-next
-	patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch
-
 	########################################################
 	# end of sorted patches
 	########################################################
@@ -1785,7 +2062,10 @@
 	# to get into mainline any time soon (or ever) belong
 	# to area specific sections below.
 	########################################################
-	patches.suse/netfilter-nf_tables-stricter-validation-of-element-d.patch
+	patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch
+	patches.suse/x86-entry-Remove-UNTRAIN_RET-from-native_irq_return_.patch
+	patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch
+	patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch
 
 	########################################################
 	# kbuild/module infrastructure fixes
diff --git a/source-timestamp b/source-timestamp
index e723833..8a9f6f1 100644
--- a/source-timestamp
+++ b/source-timestamp
@@ -1,3 +1,3 @@
-2022-07-06 05:57:32 +0000
-GIT Revision: a7c5f9c7ea0c3909de5203a4e059cfa244f82641
+2022-07-15 05:36:11 +0000
+GIT Revision: 4fcb983f9d8c4dcd921cf0963cec87cffb1e2692
 GIT Branch: stable