SUSE-SU-2018:0437-1

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

  The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

• CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922)

• CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355)
• CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311)
• CVE-2017-13215: Prevent elevation of privilege (bnc#1075908)
• CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017)
• CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface (CONFIGCRYPTOUSERAPIHASH) and the SHA-3 hash algorithm (CONFIGCRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874)
• CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-based skcipher interface (CONFIGCRYPTOUSERAPISKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipherwalk API. Both the generic implementation (crypto/salsa20generic.c) and x86 implementation (arch/x86/crypto/salsa20glue.c) of Salsa20 were vulnerable (bnc#1073792)

The following non-security bugs were fixed:

• bcache allocator: send discards with correct size (bsc#1047626).
• bcache.txt: standardize document format (bsc#1076110).
• bcache: Abstract out stuff needed for sorting (bsc#1076110).
• bcache: Add a cond_resched() call to gc (bsc#1076110).
• bcache: Add a real GCMARKRECLAIMABLE (bsc#1076110).
• bcache: Add bchbkeyequal_header() (bsc#1076110).
• bcache: Add bchbtreekeysu64sremaining() (bsc#1076110).
• bcache: Add bchkeylistinit_single() (bsc#1047626).
• bcache: Add btreeinsertnode() (bnc#951638).
• bcache: Add btree_map() functions (bsc#1047626).
• bcache: Add btreenodewrite_sync() (bsc#1076110).
• bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
• bcache: Add makebtreefreeing_key() (bsc#1076110).
• bcache: Add on error panic/unregister setting (bsc#1047626).
• bcache: Add struct bsetsortstate (bsc#1076110).
• bcache: Add struct btree_keys (bsc#1076110).
• bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).
• bcache: Avoid deadlocking in garbage collection (bsc#1076110).
• bcache: Avoid nested function definition (bsc#1076110).
• bcache: Better alloc tracepoints (bsc#1076110).
• bcache: Better full stripe scanning (bsc#1076110).
• bcache: Bkey indexing renaming (bsc#1076110).
• bcache: Break up struct search (bsc#1076110).
• bcache: Btree verify code improvements (bsc#1076110).
• bcache: Bypass torture test (bsc#1076110).
• bcache: Change refill_dirty() to always scan entire disk if necessary (bsc#1076110).
• bcache: Clean up cachelookupfn (bsc#1076110).
• bcache: Clean up keylist code (bnc#951638).
• bcache: Convert bchbtreeinsert() to bchbtreemapleafnodes() (bsc#1076110).
• bcache: Convert bchbtreereadasync() to bchbtreemapkeys() (bsc#1076110).
• bcache: Convert btreeinsertcheckkey() to btreeinsert_node() (bnc#951638).
• bcache: Convert btreeiter to struct btreekeys (bsc#1076110).
• bcache: Convert bucketwait to waitqueueheadt (bnc#951638).
• bcache: Convert debug code to btree_keys (bsc#1076110).
• bcache: Convert gc to a kthread (bsc#1047626).
• bcache: Convert sorting to btree_keys (bsc#1076110).
• bcache: Convert trywait to waitqueueheadt (bnc#951638).
• bcache: Convert writeback to a kthread (bsc#1076110).
• bcache: Correct return value for sysfs attach errors (bsc#1076110).
• bcache: Debug code improvements (bsc#1076110).
• bcache: Delete some slower inline asm (bsc#1047626).
• bcache: Do bkeyput() in btreesplit() error path (bsc#1076110).
• bcache: Do not bother with bucket refcount for btree node allocations (bsc#1076110).
• bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110).
• bcache: Do not return -EINTR when insert finished (bsc#1076110).
• bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).
• bcache: Do not use op->insert_collision (bsc#1076110).
• bcache: Drop some closure stuff (bsc#1076110).
• bcache: Drop unneeded blksyncqueue() calls (bsc#1047626).
• bcache: Explicitly track btree node's parent (bnc#951638).
• bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
• bcache: Fix a bug when detaching (bsc#951638).
• bcache: Fix a journal replay bug (bsc#1076110).
• bcache: Fix a journalling performance bug (bnc#893777).
• bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
• bcache: Fix a lockdep splat (bnc#893777).
• bcache: Fix a lockdep splat in an error path (bnc#951638).
• bcache: Fix a null ptr deref in journal replay (bsc#1047626).
• bcache: Fix a race when freeing btree nodes (bsc#1076110).
• bcache: Fix a shutdown bug (bsc#951638).
• bcache: Fix an infinite loop in journal replay (bsc#1047626).
• bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).
• bcache: Fix another compiler warning on m68k (bsc#1076110).
• bcache: Fix auxiliary search trees for key size > cacheline size (bsc#1076110).
• bcache: Fix bchptrbad() (bsc#1047626).
• bcache: Fix building error on MIPS (bsc#1076110).
• bcache: Fix dirty_data accounting (bsc#1076110).
• bcache: Fix discard granularity (bsc#1047626).
• bcache: Fix flashdevcache_miss() for real this time (bsc#1076110).
• bcache: Fix for canattachcache() (bsc#1047626).
• bcache: Fix heap_peek() macro (bsc#1047626).
• bcache: Fix leak of bdev reference (bsc#1076110).
• bcache: Fix more early shutdown bugs (bsc#951638).
• bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).
• bcache: Fix moving_pred() (bsc#1047626).
• bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
• bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
• bcache: Have btree_split() insert into parent directly (bsc#1076110).
• bcache: Improve bucket_prio() calculation (bsc#1047626).
• bcache: Improve priority_stats (bsc#1047626).
• bcache: Incremental gc (bsc#1076110).
• bcache: Insert multiple keys at a time (bnc#951638).
• bcache: Kill bchnextrecurse_key() (bsc#1076110).
• bcache: Kill btreeiowq (bsc#1076110).
• bcache: Kill bucket->gc_gen (bsc#1076110).
• bcache: Kill dead cgroup code (bsc#1076110).
• bcache: Kill op->cl (bsc#1076110).
• bcache: Kill op->replace (bsc#1076110).
• bcache: Kill sequential_merge option (bsc#1076110).
• bcache: Kill unaligned bvec hack (bsc#1076110).
• bcache: Kill unused freelist (bsc#1076110).
• bcache: Make bchkeylistrealloc() take u64s, not nptrs (bsc#1076110).
• bcache: Make gc wakeup sane, remove settaskstate() (bsc#1076110).
• bcache: Minor btree cache fix (bsc#1047626).
• bcache: Minor fixes from kbuild robot (bsc#1076110).
• bcache: Move insertfixup() to btreekeys_ops (bsc#1076110).
• bcache: Move keylist out of btree_op (bsc#1047626).
• bcache: Move sector allocator to alloc.c (bsc#1076110).
• bcache: Move some stuff to btree.c (bsc#1076110).
• bcache: Move spinlock into struct time_stats (bsc#1076110).
• bcache: New writeback PD controller (bsc#1047626).
• bcache: PRECEDING_KEY() (bsc#1047626).
• bcache: Performance fix for when journal entry is full (bsc#1047626).
• bcache: Prune struct btree_op (bsc#1076110).
• bcache: Pull on disk data structures out into a separate header (bsc#1076110).
• bcache: RESERVEPRIO is too small by one when priobuckets() is a power of two (bsc#1076110).
• bcache: Really show state of work pending bit (bsc#1076110).
• bcache: Refactor bset_tree sysfs stats (bsc#1076110).
• bcache: Refactor journalling flow control (bnc#951638).
• bcache: Refactor read request code a bit (bsc#1076110).
• bcache: Refactor request_write() (bnc#951638).
• bcache: Remove deprecated create_workqueue (bsc#1076110).
• bcache: Remove redundant block_size assignment (bsc#1047626).
• bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
• bcache: Remove redundant set_capacity (bsc#1076110).
• bcache: Remove unnecessary check in should_split() (bsc#1076110).
• bcache: Remove/fix some header dependencies (bsc#1047626).
• bcache: Rename/shuffle various code around (bsc#1076110).
• bcache: Rework allocator reserves (bsc#1076110).
• bcache: Rework btree cache reserve handling (bsc#1076110).
• bcache: Split out sortextentcmp() (bsc#1076110).
• bcache: Stripe size isn't necessarily a power of two (bnc#893949).
• bcache: Trivial error handling fix (bsc#1047626).
• bcache: Update continue_at() documentation (bsc#1076110).
• bcache: Use a mempool for mergesort temporary space (bsc#1076110).
• bcache: Use blkdevissuediscard() (bnc#951638).
• bcache: Use ida for bcache block dev minor (bsc#1047626).
• bcache: Use uninterruptible sleep in writeback (bsc#1076110).
• bcache: Zero less memory (bsc#1076110).
• bcache: add a comment in journal bucket reading (bsc#1076110).
• bcache: add mutex lock for bchisopen (bnc#902893).
• bcache: allows use of register in udev to avoid 'device_busy' error (bsc#1047626).
• bcache: bcache_write tracepoint was crashing (bsc#1076110).
• bcache: bch(btree|extent)ptr_invalid() (bsc#1076110).
• bcache: bchallocatorthread() is not freezable (bsc#1047626).
• bcache: bchgcthread() is not freezable (bsc#1047626).
• bcache: bchwritebackthread() is not freezable (bsc#1076110).
• bcache: btree locking rework (bsc#1076110).
• bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626).
• bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
• bcache: bugfix for race between movinggc and bucketinvalidate (bsc#1076110).
• bcache: check ca->alloc_thread initialized before wake up it (bsc#1076110).
• bcache: check return value of register_shrinker (bsc#1076110).
• bcache: cleaned up error handling around register_cache() (bsc#1047626).
• bcache: clear BCACHEDEVUNLINK_DONE flag when attaching a backing device (bsc#1047626).
• bcache: correct cachedirtytarget in _updatewriteback_rate() (bsc#1076110).
• bcache: defensively handle format strings (bsc#1047626).
• bcache: do not embed 'return' statements in closure macros (bsc#1076110).
• bcache: do not subtract sectorstogc for bypassed IO (bsc#1076110).
• bcache: do not write back data if reading it failed (bsc#1076110).
• bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110).
• bcache: documentation updates and corrections (bsc#1076110).
• bcache: explicitly destroy mutex while exiting (bsc#1076110).
• bcache: fix BUGON due to integer overflow with GCSECTORS_USED (bsc#1047626).
• bcache: fix a comments typo in bchallocsectors() (bsc#1076110).
• bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626).
• bcache: fix bch_hprint crash and improve output (bsc#1076110).
• bcache: fix crash in bcachebtreenodeallocfail tracepoint (bsc#1047626).
• bcache: fix crash on shutdown in passthrough mode (bsc#1076110).
• bcache: fix for gc and write-back race (bsc#1076110).
• bcache: fix for gc and writeback race (bsc#1047626).
• bcache: fix for gc crashing when no sectors are used (bsc#1047626).
• bcache: fix lockdep warnings on shutdown (bsc#1047626).
• bcache: fix race of writeback thread starting before complete initialization (bsc#1076110).
• bcache: fix sequential large write IO bypass (bsc#1076110).
• bcache: fix sparse non static symbol warning (bsc#1076110).
• bcache: fix typo in bchbkeyequal_header (bsc#1076110).
• bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).
• bcache: fix use-after-free in btreegccoalesce() (bsc#1076110).
• bcache: fix wrong cache_misses statistics (bsc#1076110).
• bcache: gc does not work when triggering by manual command (bsc#1076110).
• bcache: implement PI controller for writeback rate (bsc#1076110).
• bcache: increase the number of open buckets (bsc#1076110).
• bcache: initialize dirty stripes in flashdevrun() (bsc#1076110).
• bcache: kill closure locking code (bsc#1076110).
• bcache: kill closure locking usage (bnc#951638).
• bcache: kill index() (bsc#1047626).
• bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).
• bcache: only permit to recovery read error when cache device is clean (bsc#1076110).
• bcache: partition support: add 16 minors per bcacheN device (bsc#1076110).
• bcache: prerr: more meaningful error message when nrstripes is invalid (bsc#1076110).
• bcache: prevent crash on changing writeback_running (bsc#1076110).
• bcache: rearrange writeback main thread ratelimit (bsc#1076110).
• bcache: recover data from backing when data is clean (bsc#1076110).
• bcache: registerbcache(): call blkdevput() when cache_alloc() fails (bsc#1047626).
• bcache: remove nested function usage (bsc#1076110).
• bcache: remove unused parameter (bsc#1076110).
• bcache: rewrite multiple partitions support (bsc#1076110).
• bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
• bcache: silence static checker warning (bsc#1076110).
• bcache: smooth writeback rate control (bsc#1076110).
• bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
• bcache: try to set b->parent properly (bsc#1076110).
• bcache: update bchbkeytry_merge (bsc#1076110).
• bcache: update bio->biopf bypass/writeback REQ flag hints (bsc#1076110).
• bcache: update bucketinuse in real time (bsc#1076110).
• bcache: update document info (bsc#1076110).
• bcache: use kmalloc to allocate bio in bchdataverify() (bsc#1076110).
• bcache: use kvfree() in various places (bsc#1076110).
• bcache: use llistforeachentrysafe() in _closurewake_up() (bsc#1076110).
• bcache: wait for buckets when allocating new btree root (bsc#1076110).
• bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
• bcache: writeback rate shouldn't artifically clamp (bsc#1076110).
• fork: clear thread stack upon allocation (bsc#1077560).
• gcov: disable for COMPILE_TEST (bnc#1012382).
• kaiser: Set PAGENX only if supported (bnc#1012382, bnc#1076154).
• kaiser: Set PAGENX only if supported (bnc#1012382, bnc#1076278).
• md: more open-coded offsetinpage() (bsc#1076110).
• nfsd: do not share group_info among threads (bsc@1070623).
• sysfs/cpu: Add vulnerability folder (bnc#1012382).
• sysfs: spectrev2, handle specctrl (bsc#1075994 bsc#1075091).
• x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
• x86/cpufeatures: Add X86BUGCPU_INSECURE (bnc#1012382).
• x86/cpufeatures: Add X86BUGSPECTRE_V[12] (bnc#1012382).
• x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
• x86/pti: Rename BUGCPUINSECURE to BUGCPUMELTDOWN (bnc#1012382).
• x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).
• x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).
• x86/spectrev2: nospectrev2 means nospec too (bsc#1075994 bsc#1075091).