SUSE-SU-2015:2167-1

The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to version 3.0.101.rt130-45.1 to receive various security and bugfixes.

Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOSTSETLOGFDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in biomapuseriov() (bsc#940338). * CVE-2015-5364: The (1) udprecvmsg and (2) udpv6recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bnc#936831). * CVE-2015-5366: The (1) udprecvmsg and (2) udpv6recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bnc#936831). * CVE-2015-1420: Race condition in the handletopath function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handlebytes value of a file handle during the execution of this function (bnc#915517). * CVE-2015-4700: The bpfintjitcompile function in arch/x86/net/bpfjitcomp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bnc#935705). * CVE-2015-5697: The getbitmapfile function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GETBITMAPFILE ioctl call. (bnc#939994)

The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convertextentbit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convertextentbit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpdpin to intelencoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid if the 'hotplugsupportedmask' in struct drmi915private (bsc#942938). - DRM/i915: Remove i965hpdirqsetup (bsc#942938). - DRM/i915: Remove valleyviewhpdirqsetup (bsc#942938). - CIFS: Fix missing crypto allocation (bnc#937402). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - SCSI: Moved iscsi kabi patch to patches.kabi (bsc#923002) - SCSI: kabi: allow iscsi disocvery session support (bsc#923002). - SCSI: vmwpvscsi: Fix pvscsiabort() function (bnc#940398 bsc#930934). - SCSI: fix scsierrorhandler vs. scsihostdevrelease race (bnc#942204). - SCSI: scsierror: add missing case statements in scsidecidedisposition() (bsc#920733). - SCSI: scsitransportiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4handleexception and nfs4asynchandleerror (bsc#939910). - New patches: patches.fixes/hrtimer-Prevent-timer-interrupt-DoS.patch - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pcideviceshutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trustedkernel is true (bnc#884333, bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - Set hostbyte status in scsichecksense() (bsc#920733). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - apparmor: fix filepermission if profile is updated (bsc#917968). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intelcrtdetecthotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enablehotplugprocessing is false (bsc#942938). - drm/i915: Remove pchrqmask from struct drmi915private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intelhpdirqhandler() (bsc#942938). - drm/i915: WARNONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assertspinlocked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flushwork in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlakeenable|disabledisplayirq (bsc#942938). - drm/i915: fold the hpdirqsetup call into intelhpdirqhandler (bsc#942938). - drm/i915: fold the no-irq check into intelhpdirqhandler (bsc#942938). - drm/i915: fold the queuework into intelhpdirqhandler (bsc#942938). - drm/i915: implement ibxhpdirqsetup (bsc#942938). - drm/i915: s/hotplugirqstormdetect/intelhpdirqhandler/ (bsc#942938). - drm: ast,cirrus,mgag200: use drmcansleep (bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->defflags setting in loadelfbinary() (bnc#891116). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinnedvm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NRFILEPAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NRFILEPAGES (bnc#930092). - hvstorvsc: use small sgtablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotifyread() (bsc#940925). - iommu/amd: Fix memory leak in freepagetable (bsc#935866). - iommu/amd: Handle large pages correctly in freepagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6probe (bsc#936118). - ixgbe: Use pcivfsassigned instead of ixgbevfsareassigned (bsc#927355). - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016). - kabi: wrapper include file with GENKSYMS check to avoid kabi change (bsc920110). - kdump: fix crashkexec()/smpsendstop() race in panic() (bnc#937444). - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - megaraidsas: Use correct reset sequence in adpreset() (bsc#894936). - megaraidsas: Use correct reset sequence in adpreset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmapsem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zonereclaimmode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOLPREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in _pagecheckaddress() (bnc#929143). - mm/mempolicy.c: merge allochugepagevma to allocpagesvma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: fib6: fib6commitmetrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nfconntrackprotosctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nrreclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565). - pci: Add flag indicating device has been assigned by KVM (bnc#777565). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnichwmonshowtemp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sgstartreq(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after krefput by stopen (bsc#936875). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stoppedtrb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBSPERSEGMENT to 256 (bnc#933721). - xhci: Treat not finding the eventseg on COMPSTOP the same as COMPSTOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, LTC#126491). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491).