diff --git a/.gitignore b/.gitignore
index da64e22..3502da6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/linux-4.18.0-147.rt24.93.el8.tar.xz
+SOURCES/linux-4.18.0-147.0.2.rt24.94.el8_1.tar.xz
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 40232e0..74094e1 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1 +1 @@
-e2089b8e3caa066c95c05937a9fb7b11abfdc285 SOURCES/linux-4.18.0-147.rt24.93.el8.tar.xz
+655ea2c2cc5937f2bcdcf49b5010ce7a9737ed8d SOURCES/linux-4.18.0-147.0.2.rt24.94.el8_1.tar.xz
diff --git a/SOURCES/kernel-rt-ppc64le-debug.config b/SOURCES/kernel-rt-ppc64le-debug.config
index 4442442..adedc0b 100644
--- a/SOURCES/kernel-rt-ppc64le-debug.config
+++ b/SOURCES/kernel-rt-ppc64le-debug.config
@@ -896,7 +896,6 @@
 # CONFIG_LMP91000 is not set
 # CONFIG_LOAD_UEFI_KEYS is not set
 # CONFIG_LOCALVERSION_AUTO is not set
-# CONFIG_LOCK_TORTURE_TEST is not set
 # CONFIG_LOGIG940_FF is not set
 # CONFIG_LOGIRUMBLEPAD2_FF is not set
 # CONFIG_LOGITECH_FF is not set
@@ -1430,7 +1429,6 @@
 # CONFIG_RCU_EQS_DEBUG is not set
 # CONFIG_RCU_EXPERT is not set
 # CONFIG_RCU_PERF_TEST is not set
-# CONFIG_RCU_TORTURE_TEST is not set
 # CONFIG_RCU_TRACE is not set
 # CONFIG_RDS is not set
 # CONFIG_READABLE_ASM is not set
@@ -3454,6 +3452,7 @@ CONFIG_LOCKD_V4=y
 CONFIG_LOCKUP_DETECTOR=y
 CONFIG_LOCK_EVENT_COUNTS=y
 CONFIG_LOCK_STAT=y
+CONFIG_LOCK_TORTURE_TEST=m
 CONFIG_LOGO=y
 CONFIG_LOGO_LINUX_CLUT224=y
 CONFIG_LOG_BUF_SHIFT=20
@@ -4198,6 +4197,7 @@ CONFIG_RAS=y
 CONFIG_RAW_DRIVER=y
 CONFIG_RCU_CPU_STALL_TIMEOUT=60
 CONFIG_RCU_NOCB_CPU=y
+CONFIG_RCU_TORTURE_TEST=m
 CONFIG_RC_ATI_REMOTE=m
 CONFIG_RC_CORE=m
 CONFIG_RC_DECODERS=y
@@ -4809,6 +4809,7 @@ CONFIG_TLS_DEVICE=y
 CONFIG_TMPFS=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_TMPFS_XATTR=y
+CONFIG_TORTURE_TEST=m
 CONFIG_TOUCHSCREEN_ELO=m
 CONFIG_TOUCHSCREEN_WACOM_I2C=m
 CONFIG_TOUCHSCREEN_WACOM_W8001=m
diff --git a/SOURCES/kernel-rt-s390x-debug.config b/SOURCES/kernel-rt-s390x-debug.config
index ed8a601..2707aae 100644
--- a/SOURCES/kernel-rt-s390x-debug.config
+++ b/SOURCES/kernel-rt-s390x-debug.config
@@ -948,7 +948,6 @@
 # CONFIG_LMP91000 is not set
 # CONFIG_LOAD_UEFI_KEYS is not set
 # CONFIG_LOCALVERSION_AUTO is not set
-# CONFIG_LOCK_TORTURE_TEST is not set
 # CONFIG_LOGIG940_FF is not set
 # CONFIG_LOGIRUMBLEPAD2_FF is not set
 # CONFIG_LOGITECH_FF is not set
@@ -1527,7 +1526,6 @@
 # CONFIG_RCU_EQS_DEBUG is not set
 # CONFIG_RCU_EXPERT is not set
 # CONFIG_RCU_PERF_TEST is not set
-# CONFIG_RCU_TORTURE_TEST is not set
 # CONFIG_RCU_TRACE is not set
 # CONFIG_RC_CORE is not set
 # CONFIG_RDS is not set
@@ -3495,6 +3493,7 @@ CONFIG_LOCKD_V4=y
 CONFIG_LOCKUP_DETECTOR=y
 CONFIG_LOCK_EVENT_COUNTS=y
 CONFIG_LOCK_STAT=y
+CONFIG_LOCK_TORTURE_TEST=m
 CONFIG_LOGO_LINUX_CLUT224=y
 CONFIG_LOG_BUF_SHIFT=17
 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
@@ -4154,6 +4153,7 @@ CONFIG_RANDOMIZE_MEMORY=y
 CONFIG_RAW_DRIVER=y
 CONFIG_RCU_CPU_STALL_TIMEOUT=60
 CONFIG_RCU_NOCB_CPU=y
+CONFIG_RCU_TORTURE_TEST=m
 CONFIG_RC_ATI_REMOTE=m
 CONFIG_RC_DECODERS=y
 CONFIG_RC_DEVICES=y
@@ -4731,6 +4731,7 @@ CONFIG_TN3270=y
 CONFIG_TN3270_CONSOLE=y
 CONFIG_TN3270_FS=m
 CONFIG_TN3270_TTY=y
+CONFIG_TORTURE_TEST=m
 CONFIG_TOUCHSCREEN_ELO=m
 CONFIG_TOUCHSCREEN_WACOM_I2C=m
 CONFIG_TOUCHSCREEN_WACOM_W8001=m
diff --git a/SOURCES/kernel-rt-x86_64-debug.config b/SOURCES/kernel-rt-x86_64-debug.config
index 89a13d7..c95c34c 100644
--- a/SOURCES/kernel-rt-x86_64-debug.config
+++ b/SOURCES/kernel-rt-x86_64-debug.config
@@ -5558,6 +5558,7 @@ CONFIG_X86_HT=y
 CONFIG_X86_INTEL_LPSS=y
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_PSTATE=y
+CONFIG_X86_INTEL_TSX_MODE_ON=y
 CONFIG_X86_INTERNODE_CACHE_SHIFT=6
 CONFIG_X86_IO_APIC=y
 CONFIG_X86_L1_CACHE_SHIFT=6
diff --git a/SOURCES/kernel-rt-x86_64.config b/SOURCES/kernel-rt-x86_64.config
index 103de33..baba433 100644
--- a/SOURCES/kernel-rt-x86_64.config
+++ b/SOURCES/kernel-rt-x86_64.config
@@ -5541,6 +5541,7 @@ CONFIG_X86_HT=y
 CONFIG_X86_INTEL_LPSS=y
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_PSTATE=y
+CONFIG_X86_INTEL_TSX_MODE_ON=y
 CONFIG_X86_INTERNODE_CACHE_SHIFT=6
 CONFIG_X86_IO_APIC=y
 CONFIG_X86_L1_CACHE_SHIFT=6
diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec
index df913b4..3dafeb3 100644
--- a/SPECS/kernel-rt.spec
+++ b/SPECS/kernel-rt.spec
@@ -33,10 +33,10 @@ Summary: The Linux kernel
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 147.rt24.93.el8
+%define pkgrelease 147.0.2.rt24.94.el8_1
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 147.rt24.93%{?dist}
+%define specrelease 147.0.2.rt24.94%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -45,6 +45,7 @@ Summary: The Linux kernel
 # All should default to 1 (enabled) and be flipped to 0 (disabled)
 # by later arch-specific checks.
 
+%define _with_kabidupchk 1
 # The following build options are enabled by default.
 # Use either --without <opt> in your rpmbuild command or force values
 # to 0 in here to disable them.
@@ -124,7 +125,7 @@ Summary: The Linux kernel
 # The preempt RT patch level
 %global rttag .rt24
 # realtimeN
-%global rtbuild .93
+%global rtbuild .94
 %define with_headers 0
 %define with_cross_headers 0
 %define with_perf 0
@@ -2178,6 +2179,47 @@ fi
 #
 #
 %changelog
+* Mon Nov 04 2019 Juri Lelli <juri.lelli@redhat.com> [4.18.0-147.0.2.rt24.94.el8_1]
+- [rt] kernel-rt-4.18.0-147.0.2.rt24.93.el8_1 (Juri Lelli)
+- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
+- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
+- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
+- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/tsx: Add "auto" option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
+- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot" (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
+- [zstream] switch to zstream (Frantisek Hrbata)
+
 * Thu Sep 26 2019 Juri Lelli <juri.lelli@redhat.com> [4.18.0-147.rt24.93.el8]
 - [rt] kernel-rt-4.18.0-147.rt24.92.el8 (Juri Lelli) [1678887]
 - [x86] perf/x86/intel: Fix spurious NMI on fixed counter (Michael Petlan) [1755110]