ELSA-2018-3083 - kernel security, bug fix, and enhancement update

Release Date:2018-11-05


- [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059]

- [block] blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug (Ming Lei) [1619988]
- [nvme] nvme-pci: unquiesce dead controller queues (Ming Lei) [1632424]

- [netdrv] net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow (Alaa Hleihel) [1633652]
- [netdrv] net/mlx5e: Fix traffic between VF and representor (Alaa Hleihel) [1633652]
- [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1632050]

- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625991] {CVE-2018-14634}
- [kernel] revert 'sched/topology: Introduce NUMA identity node sched domain' (Gustavo Duarte) [1620031]
- [powerpc] revert 'powernv: Add a virtual irqchip for opal events' (Gustavo Duarte) [1617966]
- [powerpc] revert 'powernv: Reorder OPAL subsystem initialisation' (Gustavo Duarte) [1617966]
- [char] revert 'ipmi/powernv: Convert to irq event interface' (Gustavo Duarte) [1617966]
- [tty] revert 'hvc: Convert to using interrupts instead of opal events' (Gustavo Duarte) [1617966]
- [powerpc] revert 'powernv/eeh: Update the EEH code to use the opal irq domain' (Gustavo Duarte) [1617966]
- [powerpc] revert 'powernv/opal: Convert opal message events to opal irq domain' (Gustavo Duarte) [1617966]
- [powerpc] revert 'powernv/elog: Convert elog to opal irq domain' (Gustavo Duarte) [1617966]
- [powerpc] revert 'powernv/opal-dump: Convert to irq domain' (Gustavo Duarte) [1617966]
- [powerpc] revert 'opal: Remove events notifier' (Gustavo Duarte) [1617966]
- [powerpc] revert 'powernv: Increase opal-irqchip initcall priority' (Gustavo Duarte) [1617966]
- [powerpc] revert 'opal-irqchip: Fix double endian conversion' (Gustavo Duarte) [1617966]
- [powerpc] revert 'opal-irqchip: Fix deadlock introduced by 'Fix double endian conversion'' (Gustavo Duarte) [1617966]
- [sound] alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (Jaroslav Kysela) [1611958]
- [sound] alsa: hda/realtek - Fix the problem of two front mics on more machines (Jaroslav Kysela) [1611958]
- [sound] alsa: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (Jaroslav Kysela) [1611958]

- [cdrom] information leak in cdrom_ioctl_media_changed() (Sanskriti Sharma) [1578207] {CVE-2018-10940}
- [mm] mlock: remove lru_add_drain_all() (Oleksandr Natalenko) [1624765]
- [block] blk-mq: fix race between updating nr_hw_queues and switching io sched (Ming Lei) [1619988]
- [block] blk-mq: avoid to map CPU into stale hw queue (Ming Lei) [1619988]
- [block] blk-mq: fix sysfs inflight counter (Ming Lei) [1548261]
- [block] blk-mq: count allocated but not started requests in iostats inflight (Ming Lei) [1548261]
- [block] fix a crash caused by wrong API (Ming Lei) [1548261]
- [block] blk-mq: enable checking two part inflight counts at the same time (Ming Lei) [1548261]
- [block] blk-mq: provide internal in-flight variant (Ming Lei) [1548261]
- [block] make part_in_flight() take an array of two ints (Ming Lei) [1548261]
- [block] pass in queue to inflight accounting (Ming Lei) [1548261]
- [x86] Mark Intel Cascade Lake supported (Steve Best) [1584343]

- [netdrv] mlx5e: IPoIB, Use priv stats in completion rx flow (Alaa Hleihel) [1618609]
- [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB child devices (Alaa Hleihel) [1618609]
- [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB netdevices (Alaa Hleihel) [1618609]
- [netdrv] mlx5e: IPoIB, Initialize max_opened_tc in mlx5i_init flow (Alaa Hleihel) [1618609]
- [netdrv] mlx5e: Present SW stats when state is not opened (Alaa Hleihel) [1618609]
- [netdrv] mlx5e: Avoid reset netdev stats on configuration changes (Alaa Hleihel) [1618609]
- [netdrv] mlx5e: Use bool as return type for mlx5e_xdp_handle (Alaa Hleihel) [1618609]
- [netdrv] net: aquantia: memory corruption on jumbo frames (Igor Russkikh) [1628238]
- [kernel] revert 'platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143]
- [x86] revert 'mm: probe memory block size for generic x86 64bit' (Baoquan He) [1625143]
- [x86] revert 'mm: Use 2GB memory block size on large-memory x86-64 systems' (Baoquan He) [1625143]
- [x86] revert 'mm: Streamline and restore probe_memory_block_size()' (Baoquan He) [1625143]
- [x86] revert 'mm/memory_hotplug: determine block size based on the end of boot memory' (Baoquan He) [1625143]
- [mm] revert 'memory_hotplug: do not fail offlining too early' (Baoquan He) [1625143]
- [mm] revert 'memory_hotplug: remove timeout from __offline_memory' (Baoquan He) [1625143]
- [kernel] revert 'x86/platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143]

- [fs] fanotify: fix logic of events on child (Miklos Szeredi) [1597738]
- [fs] cifs: add a check for session expiry (Leif Sahlberg) [1626358]
- [fs] xfs: completely disable per-inode DAX behavior (Eric Sandeen) [1623150]
- [fs] fs: get_rock_ridge_filename(): handle malformed NM entries (Bill O'Donnell) [1340778] {CVE-2016-4913}
- [md] fix 'allow faster resync only on non-rotational media' underneath dm (Nigel Croxon) [1561162]
- [md] Revert 'allow faster resync only on non-rotational media' (Nigel Croxon) [1561162]
- [mm] madvise: fix madvise() infinite loop under special circumstances (Rafael Aquini) [1552982] {CVE-2017-18208}
- [infiniband] srpt: Support HCAs with more than two ports (Don Dutile) [1616192]
- [infiniband] overflow.h: Add allocation size calculation helpers (Don Dutile) [1616192]
- [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1607907]
- [kernel] revert cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1626943]
- [s390] sclp: Change SCLP console default buffer-full behavior (Hendrik Brueckner) [1625350]
- [x86] kvm: Take out __exit annotation in vmx_exit() (Waiman Long) [1626560]
- [x86] mark coffeelake-s 8+2 as supported (David Arcari) [1575457]
- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1619602]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1619602]

- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613711] {CVE-2017-18344}
- [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593087] {CVE-2018-10902}
- [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600953] {CVE-2018-13405}
- [fs] pnfs: Layoutreturn must free the layout after the layout-private data (Scott Mayhew) [1625517]
- [fs] sunrpc: Ensure we always close the socket after a connection shuts down (Steve Dickson) [1614950]
- [fs] xfs: remove filestream item xfs_inode reference (Brian Foster) [1518623]
- [mm] set IORESOURCE_SYSTEM_RAM to system RAM to fix memory hot-add failure (Larry Woodman) [1628349]
- [firmware] efivars: Protect DataSize and Data in efivar_entry.var (Lenny Szubowicz) [1597868]

- [scsi] libsas: fix memory leak in sas_smp_get_phy_events() (Tomas Henzl) [1558582] {CVE-2018-7757}
- [vhost] fix info leak due to uninitialized memory (Jason Wang) [1573705] {CVE-2018-1118}
- [pci] Fix calculation of bridge window's size and alignment (Myron Stowe) [1623800]
- [md] dm thin metadata: try to avoid ever aborting transactions (Mike Snitzer) [1614151]
- [crypto] api: fix finding algorithm currently being tested (Herbert Xu) [1618701]
- [sound] alsa: hda/realtek: Fix HP Headset Mic can't record (Jaroslav Kysela) [1622721]
- [sound] alsa: hda/realtek - Fixup for HP x360 laptops with B&O speakers (Jaroslav Kysela) [1622721]
- [sound] alsa: hda/realtek - Fixup mute led on HP Spectre x360 (Jaroslav Kysela) [1622721]
- [target] scsi: tcmu: use u64 for dev_size (Xiubo Li) [1603363]
- [target] scsi: tcmu: use match_int for dev params (Xiubo Li) [1603363]
- [target] scsi: tcmu: do not set max_blocks if data_bitmap has been setup (Xiubo Li) [1603363]
- [target] scsi: tcmu: unmap if dev is configured (Xiubo Li) [1603363]
- [target] scsi: tcmu: check if dev is configured before block/reset (Xiubo Li) [1603363]
- [target] scsi: tcmu: use lio core se_device configuration helper (Xiubo Li) [1603363]
- [target] scsi: target: add helper to check if dev is configured (Xiubo Li) [1603363]
- [target] scsi: tcmu: initialize list head (Xiubo Li) [1603363]
- [target] scsi: target_core_user: fix double unlock (Xiubo Li) [1603363]
- [s390] arch: Set IORESOURCE_SYSTEM_RAM flag for resources (Gary Hook) [1627889]
- [x86] efi-bgrt: Switch all pr_err() to pr_notice() for invalid BGRT (Lenny Szubowicz) [1464241]
- [x86] efi/bgrt: Don't ignore the BGRT if the 'valid' bit is 0 (Lenny Szubowicz) [1464241]
- [x86] efi: Preface all print statements with efi* tag (Lenny Szubowicz) [1464241]
- [x86] efi-bgrt: Switch pr_err() to pr_debug() for invalid BGRT (Lenny Szubowicz) [1464241]
- [x86] efi-bgrt: Add error handling; inform the user when ignoring the BGRT (Lenny Szubowicz) [1464241]
- [x86] efi: Check status field to validate BGRT header (Lenny Szubowicz) [1464241]

- [gpu] drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau: Fix deadlocks in nouveau_connector_detect() (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau: Reset MST branching unit before enabling (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau: Only write DP_MSTM_CTRL when needed (Lyude Paul) [1597881 1571927]
- [gpu] drm/nouveau/kms/nv50-: ensure window updates are submitted when flushing mst disables (Lyude Paul) [1597881 1571927]
- [vfio] vfio-pci: Disable binding to PFs with SR-IOV enabled (Alex Williamson) [1583487]
- [mm] partially revert: remove per-zone hashtable of bitlock waitqueues (Jeff Moyer) [1623980]
- [security] selinux: mark unsupported policy capabilities as reserved (Paul Moore) [1600850]
- [x86] intel_rdt: Fix MBA resource initialization (Prarit Bhargava) [1610239]

- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613924] {CVE-2018-5391}
- [net] avoid skb_warn_bad_offload on IS_ERR (Andrea Claudi) [1624702]
- [net] ipv4: fix incorrectly registered callback for sysctl_fib_multipath_hash_policy (Ivan Vecera) [1624356]
- [net] ipset: list:set: Decrease refcount synchronously on deletion and replace (Stefano Brivio) [1593732]
- [netdrv] cfg80211: let's wmm_rule be part of reg_rule structure (Stanislaw Gruszka) [1620108]
- [netdrv] nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command (Stanislaw Gruszka) [1620108]
- [netdrv] iwlwifi: mvm: remove division by size of sizeof(struct ieee80211_wmm_rule) (Stanislaw Gruszka) [1620108]
- [hv] vmbus: don't return values for uninitalized channels (Vitaly Kuznetsov) [1615500]
- [md] dm raid: bump target version, update comments and documentation (Mike Snitzer) [1573988]
- [md] dm raid: fix RAID leg rebuild errors (Mike Snitzer) [1573988]
- [md] dm raid: fix rebuild of specific devices by updating superblock (Mike Snitzer) [1626094]
- [md] dm raid: fix stripe adding reshape deadlock (Mike Snitzer) [1613039 1514539]
- [md] dm raid: fix reshape race on small devices (Mike Snitzer) [1573988 1586123]
- [acpi] acpica: reference counts: increase max to 0x4000 for large servers (Frank Ramsay) [1618758]
- [gpu] drm/i915/cfl: Add a new CFL PCI ID (Rob Clark) [1533336]
- [gpu] drm/i915/aml: Introducing Amber Lake platform (Rob Clark) [1533336]
- [gpu] drm/i915/whl: Introducing Whiskey Lake platform (Rob Clark) [1533336]
- [gpu] drm/nouveau/kms/nv50-: allocate push buffers in vidmem on pascal (Ben Skeggs) [1584963]
- [gpu] drm/nouveau/fb/gp100-: disable address remapper (Ben Skeggs) [1584963]
- [mm] kernel error swap_info_get: Bad swap offset entry (Mikulas Patocka) [1622747]
- [s390] detect etoken facility (Hendrik Brueckner) [1625349]
- [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1625349]
- [x86] spec_ctrl: Don't turn off IBRS on idle with enhanced IBRS (Waiman Long) [1614143]
- [x86] speculation: Support Enhanced IBRS on future CPUs (Waiman Long) [1614143]

- [netdrv] qed: Add new TLV to request PF to update MAC in bulletin board (Harish Patil) [1460150]
- [netdrv] qed: use trust mode to allow VF to override forced MAC (Harish Patil) [1460150]
- [netdrv] hv_netvsc: Fix napi reschedule while receive completion is busy (Mohammed Gamal) [1614503]
- [netdrv] hv_netvsc: remove unneeded netvsc_napi_complete_done() (Mohammed Gamal) [1614503]
- [scsi] qedi: Add the CRC size within iSCSI NVM image (Chad Dupuis) [1611573]
- [char] ipmi: Move BT capabilities detection to the detect call (Frank Ramsay) [1618778]
- [x86] kvm: update master clock before computing kvmclock_offset (Marcelo Tosatti) [1594034]

- [samples] bpf: Additional changes (Jiri Olsa) [1619721]
- [samples] bpf: Add v4.16 sources (Jiri Olsa) [1619721]
- [tools] perf python: Fix pyrf_evlist__read_on_cpu() interface (Jiri Olsa) [1620774]
- [tools] perf mmap: Store real cpu number in 'struct perf_mmap' (Jiri Olsa) [1620774]
- [netdrv] cxgb4: update as the latest firmware supported (Arjun Vynipadath) [1622551]
- [netdrv] cxgb4: update latest firmware version supported (Arjun Vynipadath) [1622551]
- [netdrv] mlx5e: Fix null pointer access when setting MTU of vport representor (Erez Alfasi) [1625195]
- [netdrv] mlx5e: Support configurable MTU for vport representors (Erez Alfasi) [1625195]
- [netdrv] mlx5e: Save MTU in channels params (Erez Alfasi) [1625195]
- [netdrv] be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros) [1625703]
- [netdrv] virtio-net: set netdevice mtu correctly (Mohammed Gamal) [1610416]
- [netdrv] i40e: Prevent deleting MAC address from VF when set by PF (Stefan Assmann) [1614161]
- [netdrv] i40evf: cancel workqueue sync for adminq when a VF is removed (Stefan Assmann) [1615829]
- [netdrv] i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled (Stefan Assmann) [1616149]
- [netdrv] i40e: fix condition of WARN_ONCE for stat strings (Stefan Assmann) [1609173]
- [uio] Revert 'use request_threaded_irq instead' (Xiubo Li) [1560418]
- [fs] seq_file: fix out-of-bounds read (Paolo Abeni) [1620002]
- [md] RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (Nigel Croxon) [1530776]
- [md] allow faster resync only on non-rotational media (Nigel Croxon) [1561162]
- [nvdimm] libnvdimm: fix ars_status output length calculation (Jeff Moyer) [1616304]
- [cpufreq] Fix possible circular locking dependency (Waiman Long) [1529668]
- [mm] memcg: delay memcg id freeing (Aristeu Rozanski) [1607249]
- [mm] mlock: fix mlock accounting (Rafael Aquini) [1610652]
- [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1588002]
- [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1588002]
- [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1588002]
- [x86] apic: Future-proof the TSC_DEADLINE quirk for SKX (Steve Best) [1624090]

- [net] ipvs: Fix panic due to non-linear skb (Davide Caratti) [1623088]
- [net] ipv4: remove BUG_ON() from fib_compute_spec_dst (Lorenzo Bianconi) [1496779]
- [net] ipv6: fix cleanup ordering for ip6_mr failure (Xin Long) [1622218]
- [net] ipv6: reorder icmpv6_init() and ip6_mr_init() (Xin Long) [1622218]
- [x86] subject: x86/efi: Access EFI MMIO data as unencrypted when SEV is active (Gary Hook) [1361286]
- [x86] boot: Fix boot failure when SMP MP-table is based at 0 (Gary Hook) [1361286]
- [x86] resource: Fix resource_size.cocci warnings (Gary Hook) [1361286]
- [x86] kvm: Clear encryption attribute when SEV is active (Gary Hook) [1361286]
- [x86] kvm: Decrypt shared per-cpu variables when SEV is active (Gary Hook) [1361286]
- [kernel] percpu: Introduce DEFINE_PER_CPU_DECRYPTED (Gary Hook) [1361286]
- [x86] Add support for changing memory encryption attribute in early boot (Gary Hook) [1361286]
- [x86] io: Unroll string I/O when SEV is active (Gary Hook) [1361286]
- [x86] boot: Add early boot support when running with SEV active (Gary Hook) [1361286]
- [x86] mm: Add DMA support for SEV memory encryption (Gary Hook) [1361286]
- [x86] mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages (Gary Hook) [1361286]
- [kernel] resource: Provide resource struct in resource walk callback (Gary Hook) [1361286]
- [kernel] resource: Consolidate resource walking code (Gary Hook) [1361286]
- [x86] efi: Access EFI data as encrypted when SEV is active (Gary Hook) [1361286]
- [x86] mm: Include SEV for encryption memory attribute changes (Gary Hook) [1361286]
- [x86] mm: Use encrypted access of boot related data with SEV (Gary Hook) [1361286]
- [x86] mm: Add Secure Encrypted Virtualization (SEV) support (Gary Hook) [1361286]
- [documentation] x86: Add AMD Secure Encrypted Virtualization (SEV) description (Gary Hook) [1361286]
- [x86] mm: Remove unnecessary TLB flush for SME in-place encryption (Gary Hook) [1361286]
- [x86] kexec: Remove walk_iomem_res() call with GART type (Gary Hook) [1361286]
- [kernel] resource: Change walk_system_ram() to use System RAM type (Gary Hook) [1361286]
- [kernel] kexec: Set IORESOURCE_SYSTEM_RAM for System RAM (Gary Hook) [1361286]
- [x86] arch: Set IORESOURCE_SYSTEM_RAM flag for System RAM (Gary Hook) [1361286]
- [x86] Set System RAM type and descriptor (Gary Hook) [1361286]
- [kernel] resource: Handle resource flags properly (Gary Hook) [1361286]
- [kernel] resource: Add System RAM resource type (Gary Hook) [1361286]

- [fs] timerfd: Protect the might cancel mechanism proper (Bill O'Donnell) [1485407] {CVE-2017-10661}
- [fs] exec.c: Add missing 'audit_bprm()' call in 'exec_binprm()' (Bhupesh Sharma) [1496408]
- [fs] gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated (Robert S Peterson) [1600142]
- [fs] gfs2: improve debug information when lvb mismatches are found (Robert S Peterson) [1600142]
- [fs] gfs2: fix memory leak in rgrp lvbs (Robert S Peterson) [1600142]
- [fs] gfs2: cleanup: call gfs2_rgrp_ondisk2lvb from gfs2_rgrp_out (Robert S Peterson) [1600142]
- [fs] gfs2: Fix MAGIC check in LVBs (Robert S Peterson) [1600142]
- [fs] gfs2: Do not reset flags on active reservations (Robert S Peterson) [1600142]
- [fs] cifs: Fix stack out-of-bounds in smb(2, 3)_create_lease_buf() (Leif Sahlberg) [1598755]
- [fs] cifs: store the leaseKey in the fid on SMB2_open (Leif Sahlberg) [1598755]
- [fs] nfsd: further refinement of content of /proc/fs/nfsd/versions (Steve Dickson) [1614603]
- [fs] nfsd: fix configuration of supported minor versions (Steve Dickson) [1614603]
- [fs] nfsd: Fix display of the version string (Steve Dickson) [1614603]
- [fs] nfsd: correctly range-check v4.x minor version when setting versions (Steve Dickson) [1614603]
- [fs] ext4: Close race between direct IO and ext4_break_layouts() (Eric Sandeen) [1616301]
- [fs] xfs: Close race between direct IO and xfs_break_layouts() (Eric Sandeen) [1616301]
- [fs] ext4: handle layout changes to pinned DAX mappings (Eric Sandeen) [1614153]
- [fs] dax: dax_layout_busy_page() warn on !exceptional (Eric Sandeen) [1614153]
- [gpu] makefile: bump drm backport version (Rob Clark) [1600569]
- [gpu] drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (Rob Clark) [1600569]
- [gpu] amd/dc/dce100: On dce100, set clocks to 0 on suspend (Rob Clark) [1600569]
- [gpu] drm/amdgpu: fix swapped emit_ib_size in vce3 (Rob Clark) [1600569]
- [gpu] drm/amd/powerplay: correct vega12 thermal support as true (Rob Clark) [1600569]
- [gpu] drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (Rob Clark) [1600569]
- [gpu] drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (Rob Clark) [1600569]
- [gpu] drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier (Rob Clark) [1600569]
- [gpu] drm/dp/mst: Fix off-by-one typo when dump payload table (Rob Clark) [1600569]
- [gpu] drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (Rob Clark) [1600569]
- [gpu] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (Rob Clark) [1600569]
- [gpu] drm/atomic: Handling the case when setting old crtc for plane (Rob Clark) [1600569]
- [gpu] drm/amd/display: Fix dim display on DCE11 (Rob Clark) [1600569]
- [gpu] drm/amdgpu: Remove VRAM from shared bo domains (Rob Clark) [1600569]
- [gpu] drm/radeon: fix mode_valid's return type (Rob Clark) [1600569]
- [gpu] drm/amd/display: remove need of modeset flag for overlay planes (V2) (Rob Clark) [1600569]
- [gpu] drm/amd/display: Do not program interrupt status on disabled crtc (Rob Clark) [1600569]
- [gpu] drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2) (Rob Clark) [1600569]
- [gpu] drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (Rob Clark) [1600569]
- [gpu] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs (Rob Clark) [1600569]
- [gpu] drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (Rob Clark) [1600569]
- [gpu] drm/nouveau: Avoid looping through fake MST connectors (Rob Clark) [1600569]
- [gpu] drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (Rob Clark) [1600569]
- [gpu] drm/nouveau: Remove bogus crtc check in pmops_runtime_idle (Rob Clark) [1600569]
- [gpu] revert 'drm/amd/display: Don't return ddc result and read_bytes in same return value' (Rob Clark) [1600569]
- [gpu] drm/i915: Fix hotplug irq ack on i965/g4x (Rob Clark) [1600569]
- [gpu] drm/amdgpu: Reserve VM root shared fence slot for command submission (v3) (Rob Clark) [1600569]
- [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1609717]

- [mm] fix devmem_is_allowed() for sub-page System RAM intersections (Joe Lawrence) [1524322]
- [pci] Delay after FLR of Intel DC P3700 NVMe (Alex Williamson) [1592654]
- [pci] Disable Samsung SM961/PM961 NVMe before FLR (Alex Williamson) [1542494]
- [pci] Export pcie_has_flr() (Alex Williamson) [1592654 1542494]
- [nvdimm] libnvdimm: Export max available extent (Jeff Moyer) [1611761]
- [nvdimm] libnvdimm: Use max contiguous area for namespace size (Jeff Moyer) [1611761]
- [mm] ipc/shm.c add ->pagesize function to shm_vm_ops (Jeff Moyer) [1609834]
- [kernel] mm: disallow mappings that conflict for devm_memremap_pages() (Jeff Moyer) [1616044]
- [kernel] memremap: fix softlockup reports at teardown (Jeff Moyer) [1616187]
- [kernel] memremap: add scheduling point to devm_memremap_pages (Jeff Moyer) [1616187]
- [mm] page_alloc: add scheduling point to memmap_init_zone (Jeff Moyer) [1616187]
- [mm] memory_hotplug: add scheduling point to __add_pages (Jeff Moyer) [1616187]
- [acpi] nfit: Fix scrub idle detection (Jeff Moyer) [1616041]
- [x86] asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (Jeff Moyer) [1608674]
- [nvdimm] libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: advertise a write cache for nfit_test (Jeff Moyer) [1608674]
- [tools] x86, nfit_test: Add unit test for memcpy_mcsafe() (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: allow custom error code injection (Jeff Moyer) [1608674]
- [tools] libnvdimm, testing: update the default smart ctrl_temperature (Jeff Moyer) [1608674]
- [tools] libnvdimm, testing: Add emulation for smart injection commands (Jeff Moyer) [1608674]
- [tools] nfit_test: prevent parsing error of nfit_test.0 (Jeff Moyer) [1608674]
- [tools] nfit_test: fix buffer overrun, add sanity check (Jeff Moyer) [1608674]
- [tools] nfit_test: improve structure offset handling (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: force nfit_test to depend on instrumented modules (Jeff Moyer) [1608674]
- [tools] libnvdimm/nfit_test: adding support for unit testing enable LSS status (Jeff Moyer) [1612421]
- [tools] libnvdimm/nfit_test: add firmware download emulation (Jeff Moyer) [1612420]
- [kernel] jiffies: add time comparison functions for 64 bit jiffies (Jeff Moyer) [1612420]
- [tools] testing/nvdimm: smart alarm/threshold control (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: unit test clear-error commands (Jeff Moyer) [1608674]
- [tools] testing/nvdimm: stricter bounds checking for error injection commands (Jeff Moyer) [1608674]
- [tools] nfit_test: when clearing poison, also remove badrange entries (Jeff Moyer) [1608674]
- [tools] nfit_test: add error injection DSMs (Jeff Moyer) [1612417]
- [nvdimm] pmem: Switch to copy_to_iter_mcsafe() (Jeff Moyer) [1608674]
- [fs] dax: Report bytes remaining in dax_iomap_actor() (Jeff Moyer) [1608674]
- [lib] uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (Jeff Moyer) [1608674]
- [net] x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (Jeff Moyer) [1608674]
- [x86] asm/memcpy_mcsafe: Add write-protection-fault handling (Jeff Moyer) [1608674]
- [x86] asm/memcpy_mcsafe: Return bytes remaining (Jeff Moyer) [1608674]
- [x86] asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (Jeff Moyer) [1608674]
- [x86] asm/memcpy_mcsafe: Remove loop unrolling (Jeff Moyer) [1608674]
- [net] dax: Introduce a ->copy_to_iter dax operation (Jeff Moyer) [1608674]
- [kernel] dax: remove default copy_from_iter fallback (Jeff Moyer) [1539264]
- [fs] filesystem-dax: convert to dax_copy_from_iter() (Jeff Moyer) [1608674]
- [md] dm log writes: record metadata flag for better flags record (Jeff Moyer) [1539264]
- [md] dax, dm: allow device-mapper to operate without dax support (Jeff Moyer) [1539264]
- [md] dm log writes: fix max length used for kstrndup (Jeff Moyer) [1539264]
- [md] dm log writes: add support for DAX (Jeff Moyer) [1539264]
- [md] dm log writes: add support for inline data buffers (Jeff Moyer) [1539264]
- [md] dm log writes: fix >512b sectorsize support (Jeff Moyer) [1539264]
- [md] dm log writes: don't use all the cpu while waiting to log blocks (Jeff Moyer) [1539264]
- [md] dm log writes: fix check of kthread_run() return value (Jeff Moyer) [1539264]
- [md] dm log writes: fix bug with too large bios (Jeff Moyer) [1539264]
- [md] dm log writes: move IO accounting earlier to fix error path (Jeff Moyer) [1539264]
- [md] dm log writes: use ULL suffix for 64-bit constants (Jeff Moyer) [1539264]
- [md] dm: add log writes target (Jeff Moyer) [1539264]
- [md] dm: add ->copy_from_iter() dax operation support (Jeff Moyer) [1539264]
- [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1621969]
- [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1621969]
- [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1621969]
- [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1621969]
- [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1621969]
- [powerpc] iommu: Do not call PageTransHuge() on tail pages (David Gibson) [1594347]
- [powerpc] kvm: book3s hv: Migrate pinned pages out of CMA (David Gibson) [1594347]

- [tools] power turbostat: Allow for broken ACPI LPIT tables (Prarit Bhargava) [1614083]
- [base] pm/runtime: Avoid false-positive warnings from might_sleep_if() (Paul Lai) [1615223]
- [md] dm thin: stop no_space_timeout worker when switching to write-mode (Mike Snitzer) [1620251]
- [netdrv] mlx5e: Only allow offloading decap egress (egdev) flows (Erez Alfasi) [1619641]
- [netdrv] mlx5-core: Mark unsupported devices (Don Dutile) [1621824 1621810]
- [netdrv] bnx2x: disable GSO where gso_size is too big for hardware (Jonathan Toppins) [1546760] {CVE-2018-1000026}
- [net] create skb_gso_validate_mac_len() (Jonathan Toppins) [1546760] {CVE-2018-1000026}
- [scsi] target: iscsi: cxgbit: fix max iso npdu calculation (Arjun Vynipadath) [1613307]
- [scsi] csiostor: update csio_get_flash_params() (Arjun Vynipadath) [1613307]
- [scsi] lpfc: Correct MDS diag and nvmet configuration (Dick Kennedy) [1616104]
- [qla2xxx] Mark NVMe/FC initiator mode usage as technology preview (Ewan Milne) [1620258]
- [nvme-fc] Take NVMe/FC initiator out of technology preview (Ewan Milne) [1620258]
- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1610560]
- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1610560]
- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1610560]
- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1610560]
- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1610560]
- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1610560]
- [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1620041]
- [powerpc] kdump: Handle crashkernel memory reservation failure (Pingfan Liu) [1621945]
- [powerpc] ftrace: Match dot symbols when searching functions on ppc64 (Jerome Marchand) [1613136]
- [x86] entry/64: Restore TRACE_IRQS_IRETQ in paranoid_exit (Scott Wood) [1561777]

- [net] sched: Fix missing res info when create new tc_index filter (Hangbin Liu) [1607687]
- [net] sched: fix NULL pointer dereference when delete tcindex filter (Hangbin Liu) [1607687]
- [net] dev: advertise the new ifindex when the netns iface changes (Michael Cambria) [1584287]
- [net] dev: always advertise the new nsid when the netns iface changes (Michael Cambria) [1584287]
- [net] Zero ifla_vf_info in rtnl_fill_vfinfo() (Hangbin Liu) [1614178]
- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1619793]
- [net] tc: ensure that offloading callback is called for MQPRIO qdisc (Ivan Vecera) [1618579]
- [thunderbolt] move tb3 to full support status (Jarod Wilson) [1620372]
- [kernel] x86/platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867]
- [mm] memory_hotplug: remove timeout from __offline_memory (Baoquan He) [1601867]
- [mm] memory_hotplug: do not fail offlining too early (Baoquan He) [1601867]
- [x86] mm/memory_hotplug: determine block size based on the end of boot memory (Baoquan He) [1601867]
- [x86] mm: Streamline and restore probe_memory_block_size() (Baoquan He) [1601867]
- [x86] mm: Use 2GB memory block size on large-memory x86-64 systems (Baoquan He) [1601867]
- [x86] mm: probe memory block size for generic x86 64bit (Baoquan He) [1601867]
- [x86] revert platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867]

- [nvme] rdma: Fix command completion race at error recovery (David Milburn) [1610641]
- [infiniband] revert vmw_pvrdma: Call ib_umem_release on destroy QP path (Don Dutile) [1618625]
- [infiniband] iw_cxgb4: correctly enforce the max reg_mr depth (Arjun Vynipadath) [1613317]
- [netdrv] net: aquantia: Fix IFF_ALLMULTI flag functionality (Igor Russkikh) [1608762]
- [uio] fix possible circular locking dependency (Xiubo Li) [1613195]
- [tools] power turbostat: Fix logical node enumeration to allow for non-sequential physical nodes (Prarit Bhargava) [1612902]
- [tools] bpf selftest: Disable unsupported verifier tests (Jiri Olsa) [1615222]
- [tools] bpf: fix panic due to oob in bpf_prog_test_run_skb (Jiri Olsa) [1615222]
- [net] bpf: Align packet data properly in program testing framework (Jiri Olsa) [1615222]
- [net] bpf: Do not dereference user pointer in bpf_test_finish() (Jiri Olsa) [1615222]
- [tools] bpf: migrate ebpf ld_abs/ld_ind tests to test_verifier (Jiri Olsa) [1615222]
- [tools] bpf: add verifier tests for accesses to map values (Jiri Olsa) [1615222]
- [kernel] bpf: allow map helpers access to map values directly (Jiri Olsa) [1615222]
- [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1613248]
- [kernel] percpu_ref: Update doc to dissuade users from depending on internal RCU grace periods (Prarit Bhargava) [1603603]
- [kernel] percpu: READ_ONCE() now implies smp_read_barrier_depends() (Prarit Bhargava) [1603603]
- [kernel] locking/barriers: Add implicit smp_read_barrier_depends() to READ_ONCE() (Prarit Bhargava) [1603603]
- [kernel] compiler, atomics, kasan: Provide READ_ONCE_NOCHECK() (Prarit Bhargava) [1603603]
- [kernel] percpu-refcount: init ->confirm_switch member properly (Prarit Bhargava) [1603603]
- [kernel] percpu, locking: revert ('percpu: Replace smp_read_barrier_depends() with lockless_dereference()') (Prarit Bhargava) [1603603]
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1614515]
- [x86] intel_rdt: Enable CMT and MBM on new Skylake stepping (Jiri Olsa) [1517736]

- [netdrv] mlx5e: Properly check if hairpin is possible between two functions (Alaa Hleihel) [1611567]
- [netdrv] bnx2x: Fix invalid memory access in rss hash config path (Jonathan Toppins) [1615290]
- [netdrv] iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (Stanislaw Gruszka) [1616290]
- [netdrv] ibmvnic: Update firmware error reporting with cause string (Steve Best) [1614652]
- [netdrv] ibmvnic: Remove code to request error information (Steve Best) [1614652]
- [scsi] fcoe: hold disc_mutex when traversing rport lists (Chris Leech) [1608481]
- [scsi] libfc: hold disc_mutex in fc_disc_stop_rports() (Chris Leech) [1608481]
- [scsi] libfc: fixup lockdep annotations (Chris Leech) [1608481]
- [scsi] libfc: fixup 'sleeping function called from invalid context' (Chris Leech) [1608481]
- [scsi] libfc: Add lockdep annotations (Chris Leech) [1608481]
- [scsi] libiscsi: fix possible NULL pointer dereference in case of TMF (Chris Leech) [1613262]
- [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1609890]
- [scsi] hpsa: correct enclosure sas address (Joseph Szczypek) [1613021]
- [scsi] lpfc: Remove lpfc_enable_pbde as module parameter (Dick Kennedy) [1613975]
- [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1554777]
- [scsi] lpfc: Fix driver crash when re-registering NVME rports (Dick Kennedy) [1613955]
- [scsi] lpfc: Correct LCB ACCept payload (Dick Kennedy) [1613959]
- [x86] boot/kaslr: Skip specified number of 1GB huge pages when doing physical randomization (KASLR) (Baoquan He) [1451428]
- [x86] boot/kaslr: Add two new functions for 1GB huge pages handling (Baoquan He) [1451428]
- [x86] platform/uv: Add kernel parameter to set memory block size (Frank Ramsay) [1595892]
- [x86] platform/uv: Use new set memory block size function (Frank Ramsay) [1595892]
- [x86] platform/uv: Add adjustable set memory block size function (Frank Ramsay) [1595892]

- [fs] dax: use __pagevec_lookup in dax_layout_busy_page (Eric Sandeen) [1505291]
- [fs] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (Leif Sahlberg) [1598765]
- [fs] libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (Ilya Dryomov) [1614858]
- [fs] libceph: check authorizer reply/challenge length before reading (Ilya Dryomov) [1614858]
- [fs] libceph: implement CEPHX_V2 calculation mode (Ilya Dryomov) [1614858]
- [fs] libceph: add authorizer challenge (Ilya Dryomov) [1614858]
- [fs] libceph: factor out encrypt_authorizer() (Ilya Dryomov) [1614858]
- [fs] libceph: factor out __ceph_x_decrypt() (Ilya Dryomov) [1614858]
- [fs] libceph: factor out __prepare_write_connect() (Ilya Dryomov) [1614858]
- [fs] libceph: store ceph_auth_handshake pointer in ceph_connection (Ilya Dryomov) [1614858]
- [fs] nfsv4.0: Remove transport protocol name from non-UCS client ID (Steve Dickson) [1592911]
- [fs] nfsv4.0: Remove cl_ipaddr from non-UCS client ID (Steve Dickson) [1592911]
- [fs] aio: properly check iovec sizes (Jeff Moyer) [1337518] {CVE-2015-8830}
- [fs] cifs: fix up section mismatch (Jeff Moyer) [1609877]
- [fs] skip LAYOUTRETURN if layout is invalid (Steve Dickson) [1589995]
- [fs] gfs2: Special-case rindex for gfs2_grow (Andreas Grunbacher) [1608687]
- [fs] ext4: Fix WARN_ON_ONCE in ext4_commit_super() (Lukas Czerner) [1596766]
- [fs] cachefiles: Wait rather than BUG'ing on Unexpected object collision (David Howells) [1356390]
- [fs] cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (David Howells) [1356390]
- [fs] fscache: Fix reference overput in fscache_attach_object() error handling (David Howells) [1356390]
- [fs] cachefiles: Fix refcounting bug in backing-file read monitoring (David Howells) [1356390]
- [fs] fscache: Allow cancelled operations to be enqueued (David Howells) [1356390]
- [fs] ext4: avoid running out of journal credits when appending to an inline file (Lukas Czerner) [1609759] {CVE-2018-10883}
- [fs] jbd2: don't mark block as modified if the handle is out of credits (Lukas Czerner) [1609759] {CVE-2018-10883}
- [fs] ext4: check for allocation block validity with block group locked (Lukas Czerner) [1597702]
- [fs] ext4: fix check to prevent initializing reserved inodes (Lukas Czerner) [1597702]
- [fs] ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Lukas Czerner) [1597702]
- [fs] ext4: add more mount time checks of the superblock (Lukas Czerner) [1597702]
- [fs] ext4: fix bitmap position validation (Lukas Czerner) [1597702]
- [fs] ext4: add more inode number paranoia checks (Lukas Czerner) [1597702]
- [fs] ext4: clear i_data in ext4_inode_info when removing inline data (Lukas Czerner) [1597702]
- [fs] ext4: include the illegal physical block in the bad map ext4_error msg (Lukas Czerner) [1597702]
- [fs] ext4: verify the depth of extent tree in ext4_find_extent() (Lukas Czerner) [1597702]
- [fs] ext4: only look at the bg_flags field if it is valid (Lukas Czerner) [1597702]
- [fs] ext4: don't update checksum of new initialized bitmaps (Lukas Czerner) [1597702]
- [fs] ext4: add validity checks for bitmap block numbers (Lukas Czerner) [1597702]
- [fs] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (Lukas Czerner) [1597702]
- [fs] ext4: always check block group bounds in ext4_init_block_bitmap() (Lukas Czerner) [1597702]
- [fs] ext4: always verify the magic number in xattr blocks (Lukas Czerner) [1597702]
- [fs] ext4: add corruption check in ext4_xattr_set_entry() (Lukas Czerner) [1597702]
- [net] netlink: make sure -EBUSY won't escape from netlink_insert (Davide Caratti) [1608701]
- [net] netfilter: nf_conntrack: don't resize NULL or freed hashtable (Davide Caratti) [1601662]
- [net] ethtool: Ensure new ring parameters are within bounds during SRINGPARAM (Ivan Vecera) [1608318]
- [net] ipv6: make DAD fail with enhanced DAD when nonce length differs (Jarod Wilson) [1608002]
- [net] ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses (Jarod Wilson) [1608002]
- [net] ipv6: send unsolicited NA after DAD (Jarod Wilson) [1608002]
- [net] ipv6: display hw address of source machine during ipv6 DAD failure (Jarod Wilson) [1608002]
- [net] ipv6: send NS for DAD when link operationally up (Jarod Wilson) [1608002]
- [net] ipv6: avoid dad-failures for addresses with NODAD (Jarod Wilson) [1608002]
- [net] ipv6: send unsolicited NA if enabled for all interfaces (Jarod Wilson) [1608002]
- [net] ipv6: send unsolicited NA on admin up (Jarod Wilson) [1608002]
- [net] ipv6: addrconf: fix generation of new temporary addresses (Jarod Wilson) [1608002]
- [net] ipv6: addrconf: Implemented enhanced DAD (RFC7527) (Jarod Wilson) [1608002]

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-957.el7.src.rpm6ea61d70e055804f5e350edf977213a4-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team