ELBA-2019-1337

ELBA-2019-1337 - kernel bug fix update

Type:BUG
Severity:NA
Release Date:2019-06-05

Description


[3.10.0-957.21.2.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-957.21.2]
- [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633]

[3.10.0-957.21.1]
- [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}

[3.10.0-957.20.1]
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}

[3.10.0-957.19.1]
- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929]
- [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348]
- [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348]
- [fs] revert '[fs] xfs: use rhashtable to track buffer cache' (Brian Foster) [1702922 1658749]
- [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405]
- [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405]
- [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405]
- [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236]
- [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236]
- [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236]
- [security] xattr: Constify ->name member of 'struct xattr' (Aaron Tomlin) [1702286 1607307]
- [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454]
- [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535]
- [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466]
- [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149]
- [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149]
- [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293]
- [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
- [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
- [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435]
- [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435]
- [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435]
- [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435]
- [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523]
- [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428]

[3.10.0-957.18.1]
- [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825]

[3.10.0-957.17.1]
- [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906]

[3.10.0-957.16.1]
- [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427]
- [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421]
- [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049]
- [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227]
- [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705]
- [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887]
- [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180]
- [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855]
- [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292]
- [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203]

[3.10.0-957.15.1]
- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780]
- [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462]

[3.10.0-957.14.1]
- [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001]
- [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001]
- [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001]
- [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001]
- [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001]
- [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001]
- [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001]
- [fs] dcache: Don't set DISCONNECTED on 'pseudo filesystem' dentries (Zheng Yan) [1692266 1627001]
- [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001]

[3.10.0-957.13.1]
- [drm] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer (Ben Skeggs) [1690761 1669098]




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete