SUSE-SU-2018:1366-1

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).

  A new boot commandline option was introduced, 'specstorebypass_disable', which can have following values:

  • auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.
  • on: disable Speculative Store Bypass
  • off: enable Speculative Store Bypass
  • prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.
  • seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out.

  The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.

  Status can be queried via the /sys/devices/system/cpu/vulnerabilities/specstorebypass file, containing:

  • 'Vulnerable'
  • 'Mitigation: Speculative Store Bypass disabled'
  • 'Mitigation: Speculative Store Bypass disabled via prctl'
  • 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'

• CVE-2018-8781: The udlfbmmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).

• CVE-2018-10124: The killsomethinginfo function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).
• CVE-2018-10087: The kernelwait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INTMIN value (bnc#1089608).
• CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modifyuserhw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)
• CVE-2018-1130: The Linux kernel was vulnerable to a null pointer dereference in dccpwritexmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).
• CVE-2018-5803: An error in the sctpmake_chunk() function when handling SCTP, packet length could have been exploited by a malicious local user to cause a kernel crash and a DoS. (bnc#1083900).
• CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAPNETRAW or CAPNETADMIN capability, related to arptdotable in net/ipv4/netfilter/arptables.c, iptdotable in net/ipv4/netfilter/iptables.c, and ip6tdotable in net/ipv6/netfilter/ip6_tables.c (bnc#1083650 1091925).
• CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c _rdsrdmamap() function allowing local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFOR_DEST (bnc#1082962).

The following non-security bugs were fixed:

• acpica: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382).
• acpica: Events: Add runtime stub support for event APIs (bnc#1012382).
• acpi / hotplug / PCI: Check presence of slot itself in getslotstatus() (bnc#1012382).
• acpi, PCI, irq: remove redundant check for null string pointer (bnc#1012382).
• acpi / scan: Send change uevent with offine environmental data (bsc#1082485).
• acpi / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382).
• alsa: asihpi: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: control: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: core: Report audiotstamp in sndpcmsyncptr (bnc#1012382).
• alsa: hda: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: hda - New VIA controller suppor no-snoop path (bnc#1012382).
• alsa: hda/realtek - Add some fixes for ALC233 (bnc#1012382).
• alsa: hdspm: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: line6: Use correct endpoint type for midi output (bnc#1012382).
• alsa: opl3: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382).
• alsa: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382).
• alsa: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382).
• alsa: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382).
• alsa: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382).
• alsa: pcm: potential uninitialized return values (bnc#1012382).
• alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382).
• alsa: pcm: Use dmabytes as size parameter in dmammap_coherent() (bnc#1012382).
• alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382).
• alsa: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382).
• alsa: rme9652: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382).
• alsa: seq: oss: Hardening for potential Spectre v1 (bnc#1012382).
• alsa: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).
• arm64: avoid overflow in VASTART and PAGEOFFSET (bnc#1012382).
• arm64: futex: Fix undefined behaviour with FUTEXOPOPARG_SHIFT usage (bnc#1012382).
• arm: amba: Do not read past the end of sysfs 'driver_override' buffer (bnc#1012382).
• arm: amba: Fix race condition with driver_override (bnc#1012382).
• arm: amba: Make driver_override output consistent with other buses (bnc#1012382).
• arm: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382).
• arm: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382).
• arm: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382).
• arm: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382).
• arm: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382).
• arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382).
• arm: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382).
• arm: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible string to esdhc node (bnc#1012382).
• arm: imx: Add MXCCPUIMX6ULL and cpuisimx6ull (bnc#1012382).
• arp: fix arp_filter on l3slave devices (bnc#1012382).
• arp: honour gratuitous ARP replies (bnc#1012382).
• asoc: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382).
• asoc: Intel: chtbswrt5645: Analog Mic support (bnc#1012382).
• asoc: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).
• asoc: ssm2602: Replace regdefaultraw with reg_default (bnc#1012382).
• asynctx: Fix DMAPREPFENCE usage in doasyncgensyndrome() (bnc#1012382).
• ata: libahci: properly propagate return value of platformgetirq() (bnc#1012382).
• ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382).
• ath9k_hw: check if the chip failed to wake up (bnc#1012382).
• audit: add tty field to LOGIN event (bnc#1012382).
• autofs: mount point create should honour passed in mode (bnc#1012382).
• bcache: segregate flash only volume write streams (bnc#1012382).
• bcache: stop writeback thread after detaching (bnc#1012382).
• blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718)
• blk-mq: fix bad clear of RQFMQINFLIGHT in blkmqctctxinit() (bsc#1085058).
• blk-mq: fix kernel oops in blkmqtag_idle() (bnc#1012382).
• block: correctly mask out flags in blkrqappend_bio() (bsc#1085058).
• block/loop: fix deadlock after loopsetstatus (bnc#1012382).
• block: sanity check for integrity intervals (bsc#1091728).
• bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382).
• bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382).
• bna: Avoid reading past end of buffer (bnc#1012382).
• bnx2x: Allow vfs to disable txvlan offload (bnc#1012382).
• bonding: do not set slavedev npinfo before slaveenablenetpoll in bondenslave (bnc#1012382).
• bonding: Do not update slave->link until ready to commit (bnc#1012382).
• bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382).
• bonding: move devmcsync after masterupperdevlink in bondenslave (bnc#1012382).
• bonding: process the err returned by devsetallmulti properly in bond_enslave (bnc#1012382).
• btrfs: fix incorrect error return ret being passed to mappingseterror (bnc#1012382).
• btrfs: Fix wrong firstkey parameter in replacepath (Followup fix for bsc#1084721).
• btrfs: Only check first key for committed tree blocks (bsc#1084721).
• btrfs: Validate child tree block's level and first key (bsc#1084721).
• bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382).
• bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382).
• cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (bnc#1012382).
• cdrom: information leak in cdromioctlmedia_changed() (bnc#1012382).
• ceph: adding protection for showing cap reservation info (bsc#1089115).
• ceph: always update atime/mtime/ctime for new inode (bsc#1089115).
• ceph: check if mds create snaprealm when setting quota (fate#324665 bsc#1089115).
• ceph: do not check quota for snap inode (fate#324665 bsc#1089115).
• ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115).
• ceph: fix root quota realm check (fate#324665 bsc#1089115).
• ceph: fix rsize/wsize capping in cephdirectread_write() (bsc#1089115).
• ceph: quota: add counter for snaprealms with quota (fate#324665 bsc#1089115).
• ceph: quota: add initial infrastructure to support cephfs quotas (fate#324665 bsc#1089115).
• ceph: quota: cache inode pointer in cephsnaprealm (fate#324665 bsc#1089115).
• ceph: quota: do not allow cross-quota renames (fate#324665 bsc#1089115).
• ceph: quota: report root dir quota usage in statfs (fate#324665 bsc#1089115).
• ceph: quota: support for ceph.quota.max_bytes (fate#324665 bsc#1089115).
• ceph: quota: support for ceph.quota.max_files (fate#324665 bsc#1089115).
• ceph: quota: update MDS when max_bytes is approaching (fate#324665 bsc#1089115).
• cfg80211: make RATEINFOBW_20 the default (bnc#1012382).
• cifs: do not allow creating sockets except with SMB1 posix exensions (bnc#1012382).
• cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734).
• cifs: silence lockdep splat in cifsrelockfile() (bnc#1012382).
• cifs: Use file_dentry() (bsc#1093008).
• clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bnc#1012382).
• clk: Fix _setclk_rates error print-string (bnc#1012382).
• clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382).
• clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382).
• clk: scpi: fix return type of _scpidvfsroundrate (bnc#1012382).
• clocksource/drivers/armarchtimer: Avoid infinite recursion when ftrace is enabled (bsc#1090225).
• cpumask: Add helper cpumask_available() (bnc#1012382).
• crypto: ahash - Fix early termination in hash walk (bnc#1012382).
• crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382).
• cx25840: fix unchecked return values (bnc#1012382).
• cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).
• cxgb4: Fix queue free path of ULD drivers (bsc#1022743 FATE#322540).
• cxgb4: FW upgrade fixes (bnc#1012382).
• cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382).
• dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382).
• dmaengine: imx-sdma: Handle return value of clkprepareenable (bnc#1012382).
• dm ioctl: remove double parentheses (bnc#1012382).
• Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382).
• Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382).
• drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (FATE#321732).
• drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296,FATE#321265).
• drivers/misc/vmwvmci/vmciqueue_pair.c: fix a couple integer overflow tests (bnc#1012382).
• drm/omap: fix tiled buffer stride calculations (bnc#1012382).
• drm/radeon: Fix PCIe lane width calculation (bnc#1012382).
• drm/virtio: fix vq wait_event condition (bnc#1012382).
• e1000e: fix race condition around skbtstamptx() (bnc#1012382).
• e1000e: Undo e1000epmfreeze if _e1000shutdown fails (bnc#1012382).
• edac, mv64x60: Fix an error handling path (bnc#1012382).
• Enable uinput driver (bsc#1092566).
• esp: Fix memleaks on error paths (git-fixes).
• ext4: add validity checks for bitmap block numbers (bnc#1012382).
• ext4: bugfix for mmaped pages in mpagereleaseunused_pages() (bnc#1012382).
• ext4: do not allow r/w mounts if metadata blocks overlap the superblock (bnc#1012382).
• ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
• ext4: fail ext4_iget for root directory if unallocated (bnc#1012382).
• ext4: fix bitmap position validation (bnc#1012382).
• ext4: fix deadlock between inlinedata and ext4expandextraisize_ea() (bnc#1012382).
• ext4: Fix hole length detection in ext4indmap_blocks() (bsc#1090953).
• ext4: fix off-by-one on max nrpages in ext4findunwrittenpgoff() (bnc#1012382).
• ext4: prevent right-shifting extents beyond EXTMAXBLOCKS (bnc#1012382).
• ext4: set h_journal if there is a failure starting a reserved handle (bnc#1012382).
• fanotify: fix logic of events on child (bnc#1012382).
• fix race in drivers/char/random.c:get_reg() (bnc#1012382).
• frv: declare jiffies to be located in the .data section (bnc#1012382).
• fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382).
• fs/proc: Stop trying to report thread stacks (bnc#1012382).
• fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382).
• genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382).
• getname_kernel() needs to make sure that ->name != ->iname in long case (bnc#1012382).
• gpio: label descriptors using the device name (bnc#1012382).
• hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382).
• hid: core: Fix size as type u32 (bnc#1012382).
• hid: Fix hidreportlen usage (bnc#1012382).
• hid: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bnc#1012382).
• hid: i2c-hid: fix size check and type usage (bnc#1012382).
• hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes).
• hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382).
• hypfskillsuper(): deal with failed allocations (bnc#1012382).
• i40iw: Free IEQ resources (bsc#969476 FATE#319648 bsc#969477 FATE#319816).
• ib/core: Fix possible crash to access NULL netdev (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
• ib/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
• ib/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
• ib/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
• ib/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• ib/mlx5: Fix an error code in _mlx5ibmodifyqp() (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• ib/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• ib/mlx5: Fix out-of-bounds read in createrawpacketqprq (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• ib/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• ib/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).
• ibmvnic: Clear pending interrupt after device reset (bsc#1089644).
• ibmvnic: Define vnicloginclient_data name field as unsized array (bsc#1089198).
• ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).
• ibmvnic: Handle all login error conditions (bsc#1089198).
• ib/srp: Fix completion vector assignment algorithm (bnc#1012382).
• ib/srp: Fix srp_abort() (bnc#1012382).
• ib/srpt: Fix abort handling (bnc#1012382).
• ib/srpt: Fix an out-of-bounds stack access in srptzerolengthwrite() (bnc#1024296,FATE#321265).
• iio: hi8435: avoid garbage event at first enable (bnc#1012382).
• iio: hi8435: cleanup reset gpio (bnc#1012382).
• iio: magnetometer: stmagnspi: fix spideviceid table (bnc#1012382).
• input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes).
• input: ALPS - fix trackstick button handling on V8 devices (git-fixes).
• input: ALPS - fix TrackStick support for SS5 hardware (git-fixes).
• input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad (git-fixes).
• input: drv260x - fix initializing overdrive voltage (bnc#1012382).
• input: elan_i2c - check if device is there before really probing (bnc#1012382).
• input: elan_i2c - clear INT before resetting controller (bnc#1012382).
• input: elantech - force relative mode on a certain module (bnc#1012382).
• input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382).
• input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382).
• input: mousedev - fix implicit conversion warning (bnc#1012382).
• iommu/vt-d: Fix a potential memory leak (bnc#1012382).
• ip6_gre: better validate user provided tunnel names (bnc#1012382).
• ip6_tunnel: better validate user provided tunnel names (bnc#1012382).
• ipc/shm: fix use-after-free of shm file via remapfilepages() (bnc#1012382).
• ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062, bsc#1060799). Refresh patch to mainline version.
• ipsec: check return value of skbtosgvec always (bnc#1012382).
• ip_tunnel: better validate user provided tunnel names (bnc#1012382).
• ipv6: add RTATABLE and RTAPREFSRC to rtmipv6policy (bnc#1012382).
• ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382).
• ipv6: sit: better validate user provided tunnel names (bnc#1012382).
• ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382).
• iw_cxgb4: print mapped ports correctly (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).
• jbd2: fix use after free in kjournald2() (bnc#1012382).
• jbd2: if the journal is aborted then do not allow update of the log tail (bnc#1012382).
• jffs2killsb(): deal with failed allocations (bnc#1012382).
• jiffies.h: declare jiffies and jiffies64 with __cachelinealignedinsmp (bnc#1012382).
• kABI: add tty include to audit.c (kabi).
• kABI: protect hid report functions (kabi).
• kABI: protect jiffies types (kabi).
• kABI: protect skbtosgvec* (kabi).
• kABI: protect sound/timer.h include in sound pcm.c (kabi).
• kABI: protect struct cstate (kabi).
• kABI: protect struct _lowcore (kabi).
• kABI: protect tty include in audit.h (kabi).
• kabi/severities: Ignore kgrshadow* kABI changes
• kbuild: provide a _UNIQUEID for clang (bnc#1012382).
• kexec_file: do not add extra alignment to efi memmap (bsc#1044596).
• keys: DNS: limit the length of option strings (bnc#1012382).
• kGraft: fix small race in reversion code (bsc#1083125).
• kobject: do not use WARN for registration failures (bnc#1012382).
• kvm: Fix nopvspin static branch init usage (bsc#1056427).
• kvm: Introduce nopvspin kernel parameter (bsc#1056427).
• kvm: nVMX: Fix handling of lmsw instruction (bnc#1012382).
• kvm: PPC: Book3S PR: Check copyto/fromuser return values (bnc#1012382).
• kvm: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382).
• l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382).
• l2tp: fix missing print session offset info (bnc#1012382).
• lan78xx: Correctly indicate invalid OTP (bnc#1012382).
• leds: pca955x: Correct I2C Functionality (bnc#1012382).
• libceph, ceph: change permission for readonly debugfs entries (bsc#1089115).
• libceph: fix misjudgement of maximum monitor number (bsc#1089115).
• libceph: reschedule a tick in finish_hunting() (bsc#1089115).
• libceph: un-backoff on tick when we have a authenticated session (bsc#1089115).
• libceph: validate con->state at the top of try_write() (bsc#1089115).
• livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296).
• livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296).
• llc: delete timers synchronously in llcskfree() (bnc#1012382).
• llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382).
• llc: hold llcsap before releasesock() (bnc#1012382).
• llist: clang: introduce memberaddressis_nonnull() (bnc#1012382).
• lockd: fix lockd shutdown race (bnc#1012382).
• lockd: lost rollback of setgraceperiod() in lockddownnet() (git-fixes).
• mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382).
• mceusb: sporadic RX truncation corruption fix (bnc#1012382).
• md: document lifetime of internal rdev pointer (bsc#1056415).
• md: fix two problems with setting the 're-add' device state (bsc#1089023).
• md: only allow removeandaddspares when no syncthread running (bsc#1056415).
• md raid10: fix NULL deference in handlewritecompleted() (git-fixes).
• md/raid10: reset the 'first' at the end of loop (bnc#1012382).
• md/raid5: make use of spinlockirq over localirqdisable + spin_lock (bnc#1012382).
• media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382).
• media: videobuf2-core: do not go out of the buffer range (bnc#1012382).
• mei: remove dev_err message on an unsupported ioctl (bnc#1012382).
• mISDN: Fix a sleep-in-atomic bug (bnc#1012382).
• mlx5: fix bug reading rsshashtype from CQE (bnc#1012382).
• mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382).
• mm/filemap.c: fix NULL pointer in pagecachetree_insert() (bnc#1012382).
• mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382).
• mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block (bnc#1012382).
• mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382).
• mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block (bnc#1012382).
• mtd: jedecprobe: Fix crash in jedecread_mfr() (bnc#1012382).
• neighbour: update neigh timestamps iff update is effective (bnc#1012382).
• net: afpacket: fix race in PACKET{R|T}X_RING (bnc#1012382).
• net: cavium: liquidio: fix up 'Avoid dmaunmapsingle on uninitialized ndata' (bnc#1012382).
• net: cdc_ncm: Fix TX zero padding (bnc#1012382).
• net: emac: fix reset timeout with AR8035 phy (bnc#1012382).
• net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382).
• netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382).
• netfilter: ctnetlink: fix incorrect nfctput during hash resize (bnc#1012382).
• netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382).
• netfilter: nfnath323: fix logical-not-parentheses warning (bnc#1012382).
• netfilter: xtables: add and use xtcheckprocname (bnc#1012382).
• net: fix deadlock while clearing neighbor proxy table (bnc#1012382).
• net: fix possible out-of-bound read in skbnetworkprotocol() (bnc#1012382).
• net: fool proof devvalidname() (bnc#1012382).
• net: freescale: fix potential null pointer dereference (bnc#1012382).
• net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511).
• net: ieee802154: fix net_device reference release too early (bnc#1012382).
• net/ipv6: Fix route leaking between VRFs (bnc#1012382).
• net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382).
• netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382).
• net: llc: add locksock in llcui_bind to avoid a race condition (bnc#1012382).
• net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382).
• net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
• net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382).
• net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 FATE#321685 bsc#1015337 FATE#321686 bsc#1015340 FATE#321687).
• net/mlx4: Fix the check in attaching steering rules (bnc#1012382).
• net/mlx5: avoid build warning for uniprocessor (bnc#1012382).
• net/mlx5e: Add error print in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Check support before TC swap in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5e: Remove unused define MLX5MPWRQSTRIDESPERPAGE (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5: Fix error handling in load one (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5: Tolerate irqsetaffinity_hint() failures (bnc#1012382).
• net: move somaxconn init from sysctl code (bnc#1012382).
• net: phy: avoid genphyanegdone() for PHYs without clause 22 support (bnc#1012382).
• net: qca_spi: Fix alignment issues in rx path (bnc#1012382).
• net sched actions: fix dumping which requires several messages to user space (bnc#1012382).
• net/sched: fix NULL dereference in the error path of tcfbpfinit() (bnc#1012382).
• net: validate attribute sizes in neighdumptable() (bnc#1012382).
• net: x25: fix one potential use-after-free issue (bnc#1012382).
• net: xfrm: use preempt-safe thiscpuread() in ipcompalloctfms() (bnc#1012382).
• nfsv4.1: RECLAIMCOMPLETE must handle NFS4ERRCONNNOTBOUNDTOSESSION (bnc#1012382).
• nfsv4.1: Work around a Linux server bug.. (bnc#1012382).
• nospec: Kill arrayindexnospecmaskcheck() (bnc#1012382).
• nospec: Move arrayindexnospec() parameter checking into separate macro (bnc#1012382).
• ovl: filter trusted xattr for non-admin (bnc#1012382).
• packet: fix bitfield update race (bnc#1012382).
• parisc: Fix out of array access in matchpcidevice() (bnc#1012382).
• parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382).
• partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382).
• pci/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348).
• pci: Make PCIROMADDRESS_MASK a 32-bit constant (bnc#1012382).
• perf/core: Correct event creation with PERFFORMATGROUP (bnc#1012382).
• perf/core: Fix locking for children siblings group read (git-fixes).
• perf header: Set proper module name when build-id event found (bnc#1012382).
• perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382).
• perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382).
• perf intel-pt: Fix overlap detection to identify consecutive buffers correctly (bnc#1012382).
• perf intel-pt: Fix sync_switch (bnc#1012382).
• perf intel-pt: Fix timestamp following overflow (bnc#1012382).
• perf probe: Add warning message if there is unexpected event name (bnc#1012382).
• perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382).
• perf: Return proper values for user stack errors (bnc#1012382).
• perf tests: Decompress kernel module before objdump (bnc#1012382).
• perf tools: Fix copyfile_offset update of output offset (bnc#1012382).
• perf trace: Add mmap alias for s390 (bnc#1012382).
• pidns: disable pid allocation if pidnsprepareproc() is failed in allocpid() (bnc#1012382).
• pNFS/flexfiles: missing error code in fflayoutalloc_lseg() (bnc#1012382).
• powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382).
• powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).
• powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157).
• powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157).
• powerpc/64s: Enhance the information in cpushowmeltdown() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/64s: Enhance the information in cpushowspectre_v1() (bsc#1068032).
• powerpc/64s: Fix section mismatch warnings from setuprfiflush() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/64s: Move cpushowmeltdown() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).
• powerpc/64s: Wire up cpushowspectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/64s: Wire up cpushowspectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157).
• powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE] (bnc#1012382).
• powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242).
• powerpc: Do not send system reset request through the oops path (bsc#1088242).
• powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382).
• powerpc/lib: Fix off-by-one in alternate feature patching (bnc#1012382).
• powerpc/mm: allow memory hotplug into a memoryless node (bsc#1090663).
• powerpc/mm: Allow memory hotplug into an offline node (bsc#1090663).
• powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382).
• powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382).
• powerpc/powernv: Handle unknown OPAL errors in opalnvramwrite() (bnc#1012382).
• powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/powernv: Use the security flags in pnvsetuprfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/pseries: Add new HGETCPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/pseries: Use the security flags in pseriessetuprfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/rfi-flush: Make it possible to call setuprfiflush() again (bsc#1068032, bsc#1075087, bsc#1091041). Update patches.suse/powerpc-pseries-rfi-flush-Call-setuprfiflush-after.patch (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382).
• powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242).
• powerpc: Use barriernospec in copyfrom_user() (bsc#1068032, bsc#1080157).
• pppoe: check sockaddr length in pppoe_connect() (bnc#1012382).
• pptp: remove a buggy dst release in pptp_connect() (bnc#1012382).
• qlge: Avoid reading past end of buffer (bnc#1012382).
• r8152: add Linksys USB3GIGV1 id (bnc#1012382).
• r8169: fix setting driverdata after registernetdev (bnc#1012382).
• radeon: hide pointless #warning when compile testing (bnc#1012382).
• random: use a tighter cap in creditentropybits_safe() (bnc#1012382).
• random: use lockless method of accessing and updating f->reg_idx (bnc#1012382).
• ray_cs: Avoid reading past end of buffer (bnc#1012382).
• rdma/core: Avoid that ibdrainqp() triggers an out-of-bounds stack access (FATE#321732).
• rdma/mlx5: Protect from NULL pointer derefence (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• rdma/qedr: fix QP's ack timeout configuration (bsc#1022604 FATE#321747).
• rdma/qedr: Fix QP state initialization race (bsc#1022604 FATE#321747).
• rdma/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604 FATE#321747).
• rdma/rxe: Fix an out-of-bounds read (FATE#322149).
• rdma/ucma: Check AF family prior resolving address (bnc#1012382).
• rdma/ucma: Check that device exists prior to accessing it (bnc#1012382).
• rdma/ucma: Check that device is connected prior to access it (bnc#1012382).
• rdma/ucma: Do not allow join attempts for unsupported AF family (bnc#1012382).
• rdma/ucma: Do not allow setting RDMAOPTIONIB_PATH without an RDMA device (bnc#1012382).
• rdma/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382).
• rdma/ucma: Fix use-after-free access in ucma_close (bnc#1012382).
• rdma/ucma: Introduce safer rdmaaddrsize() variants (bnc#1012382).
• rds; Reset rs->rsboundaddr in rdsaddbound() failure path (bnc#1012382).
• regulator: gpio: Fix some error handling paths in 'gpioregulatorprobe()' (bsc#1091960).
• resource: fix integer overflow at reallocation (bnc#1012382).
• Revert 'alsa: pcm: Fix mutex unbalance in OSS emulation ioctls' (kabi).
• Revert 'alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams' (kabi).
• Revert 'arm: dts: am335x-pepper: Fix the audio CODEC's reset pin' (bnc#1012382).
• Revert 'arm: dts: omap3-n900: Fix the audio CODEC's reset pin' (bnc#1012382).
• Revert 'ath10k: send (re)assoc peer command when NSS changed' (bnc#1012382).
• Revert 'cpufreq: Fix governor module removal race' (bnc#1012382).
• Revert 'ip6_vti: adjust vti mtu according to mtu of lower device' (bnc#1012382).
• Revert 'KVM: Fix stack-out-of-bounds read in write_mmio' (bnc#1083635).
• Revert 'mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.' (kabi).
• Revert 'mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.' (kabi).
• Revert 'mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.' (kabi).
• Revert 'mtip32xx: use runtime tag to initialize command header' (bnc#1012382).
• Revert 'PCI/MSI: Stop disabling MSI/MSI-X in pcideviceshutdown()' (bnc#1012382).
• Revert 'perf tests: Decompress kernel module before objdump' (bnc#1012382).
• Revert 'xhci: plat: Register shutdown for xhci_plat' (bnc#1012382).
• rpc_pipefs: fix double-dput() (bnc#1012382).
• rpm/config.sh: build against SP3 in OBS as well.
• rpm/config.sh: ensure sorted patches.
• rtc: interface: Validate alarm-time before handling rollover (bnc#1012382).
• rtc: opal: Handle disabled TPO in opalgettpo_time() (bnc#1012382).
• rtc: snvs: fix an incorrect check of return value (bnc#1012382).
• rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bnc#1012382).
• rxrpc: check return value of skbtosgvec always (bnc#1012382).
• s390: add automatic detection of the spectre defense (bnc#1012382).
• s390: add optimized arrayindexmask_nospec (bnc#1012382).
• s390: add options to change branch prediction behaviour for the kernel (bnc#1012382 bsc#1068032).
• s390: add sysfs attributes for spectre (bnc#1012382).
• s390/alternative: use a copy of the facility bit mask (bnc#1012382).
• s390/cio: update chpid descriptor after resource accessibility event (bnc#1012382).
• s390: correct module section names for expoline code revert (bnc#1012382).
• s390: correct nospec auto detection init order (bnc#1012382).
• s390/dasd: fix hanging safe offline (bnc#1012382).
• s390/dasd: fix IO error for newly defined devices (bnc#1093144, LTC#167398).
• s390: do not bypass BPENTER for interrupt system calls (bnc#1012382).
• s390: enable CPU alternatives unconditionally (bnc#1012382).
• s390/entry.S: fix spurious zeroing of r0 (bnc#1012382).
• s390: introduce execute-trampolines for branches (bnc#1012382).
• s390/ipl: ensure loadparm valid flag is set (bnc#1012382).
• s390: move nobp parameter functions to nospec-branch.c (bnc#1012382).
• s390: move _text symbol to address higher than zero (bnc#1012382).
• s390/qdio: do not merge ERROR output buffers (bnc#1012382).
• s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382).
• s390/qeth: consolidate errno translation (bnc#1093144, LTC#167507).
• s390/qeth: fix MAC address update sequence (bnc#1093144, LTC#167609).
• s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093144, LTC#167507).
• s390: Replace ISENABLED(EXPOLINE) with IS_ENABLED(CONFIG_EXPOLINE_) (bnc#1012382).
• s390: report spectre mitigation via syslog (bnc#1012382).
• s390: run user space and KVM guests with modified branch prediction (bnc#1012382).
• s390: scrub registers on kernel entry and KVM exit (bnc#1012382).
• s390/uprobes: implement archuretprobeis_alive() (bnc#1012382).
• sched/numa: Use downreadtrylock() for the mmap_sem (bnc#1012382).
• scsi: bnx2fc: fix race condition in bnx2fcgethost_stats() (bnc#1012382).
• scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382).
• scsi: libsas: initialize sas_phy status according to response of DISCOVER (bnc#1012382).
• scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865).
• scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088865).
• scsi: lpfc: Correct target queue depth application changes (bsc#1088865).
• scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088865).
• scsi: lpfc: Fix Abort request WQ selection (bsc#1088865).
• scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088865).
• scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088865).
• scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865).
• scsi: lpfc: Fix NULL pointer access in lpfcnvmeinfo_show (bsc#1088865).
• scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088865).
• scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088865).
• scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865).
• scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865).
• scsi: mpt3sas: Proper handling of set/clear of 'ATA command pending' flag (bnc#1012382).
• scsi: mptsas: Disable WRITE SAME (bnc#1012382).
• scsi: sd: Defer spinning up drive while SANITIZE is in progress (bnc#1012382).
• sctp: do not check port in sctpinet6cmp_addr (bnc#1012382).
• sctp: do not leak kernel memory to user space (bnc#1012382).
• sctp: fix recursive locking warning in sctpdopeeloff (bnc#1012382).
• sctp: sctpsockaddraf must check minimal addr length for AF_INET6 (bnc#1012382).
• selftests/powerpc: Fix TM resched DSCR test with some compilers (bnc#1012382).
• selinux: do not check open permission on sockets (bnc#1012382).
• selinux: Remove redundant check for unknown labeling behavior (bnc#1012382).
• selinux: Remove unnecessary check of array base in selinuxsetmapping() (bnc#1012382).
• serial: 8250: omap: Disable DMA for console UART (bnc#1012382).
• serial: mctrl_gpio: Add missing module license (bnc#1012382).
• serial: mctrlgpio: export mctrlgpiodisablems and mctrlgpioinit (bnc#1012382).
• serial: sh-sci: Fix race condition causing garbage during shutdown (bnc#1012382).
• sheth: Use platform device for printing before registernetdev() (bnc#1012382).
• sit: reload iphdr in ipip6_rcv (bnc#1012382).
• skbuff: only inherit relevant tx_flags (bnc#1012382).
• skbuff: return -EMSGSIZE in skbtosgvec to prevent overflow (bnc#1012382).
• sky2: Increase D3 delay to sky2 stops working after suspend (bnc#1012382).
• slip: Check if rstate is initialized before uncompressing (bnc#1012382).
• sparc64: ldc abort during vds iso boot (bnc#1012382).
• spi: davinci: fix up dmamappingerror() incorrect patch (bnc#1012382).
• staging: comedi: nimiocommon: ack ai fifo error interrupts (bnc#1012382).
• staging: ion : Donnot wakeup kswapd in ion system alloc (bnc#1012382).
• staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384xdrvrsetconfig16, also fixes relative sparse warning (bnc#1012382).
• swap: divide-by-zero when zero length swap file on ssd (bsc#1082153).
• tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382).
• tcp: better validation of received ack sequences (bnc#1012382).
• tcp: do not read out-of-bounds opsize (bnc#1012382).
• tcp: md5: reject TCPMD5SIG or TCPMD5SIG_EXT on established sockets (bnc#1012382).
• team: avoid adding twice the same option to the event list (bnc#1012382).
• team: fix netconsole setup over team (bnc#1012382).
• thermal: imx: Fix race condition in imxthermalprobe() (bnc#1012382).
• thermal: powerallocator: fix one race condition issue for thermalinstances list (bnc#1012382).
• thunderbolt: Resume control channel after hibernation image is created (bnc#1012382).
• tipc: add policy for TIPCNLANET_ADDR (bnc#1012382).
• tty: Do not call panic() at ttyldiscinit() (bnc#1012382).
• tty: make nttyread() always abort if hangup is in progress (bnc#1012382).
• tty: n_gsm: Allow ADM response in addition to UA for control dlci (bnc#1012382).
• tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set (bnc#1012382).
• tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bnc#1012382).
• tty: provide ttyname() even without CONFIGTTY (bnc#1012382).
• tty: Use _GFPNOFAIL for ttyldiscget() (bnc#1012382).
• ubi: fastmap: Do not flush fastmap work on detach (bnc#1012382).
• ubi: Fix error for write access (bnc#1012382).
• ubifs: Check ubifswbufsync() return code (bnc#1012382).
• ubi: Reject MLC NAND (bnc#1012382).
• um: Use POSIX ucontext_t instead of struct ucontext (bnc#1012382).
• Update config files, add expoline for s390x (bsc#1089393).
• Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994 bsc#1075091 bnc#1085958).
• usb: chipidea: properly handle host or gadget initialization failure (bnc#1012382).
• usb: core: Add quirk for HP v222w 16GB Mini (bnc#1012382).
• usb: dwc2: Improve gadget state disconnection handling (bnc#1012382).
• usb: dwc3: keystone: check return value (bnc#1012382).
• usb: dwc3: pci: Properly cleanup resource (bnc#1012382).
• usb: ene_usb6250: fix first command execution (bnc#1012382).
• usb: ene_usb6250: fix SCSI residue overwriting (bnc#1012382).
• usb:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw (bnc#1012382).
• usb: gadget: align buffer size when allocating for OUT endpoint (bnc#1012382).
• usb: gadget: change len to sizet on allocep_req() (bnc#1012382).
• usb: gadget: define freeepreq as universal function (bnc#1012382).
• usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382).
• usb: gadget: fix request length error for isoc transfer (git-fixes).
• usb: gadget: fix usbepalignmaybe endianness and new usbep_align (bnc#1012382).
• usb: Increment wakeup count on remote wakeup (bnc#1012382).
• usbip: usbiphost: fix to hold parent lock for deviceattach() calls (bnc#1012382).
• usbip: vhci_hcd: Fix usb device and sockfd leaks (bnc#1012382).
• usb: musb: gadget: misplaced out of bounds check (bnc#1012382).
• usb: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382).
• usb: serial: cp210x: add ID for NI USB serial console (bnc#1012382).
• usb: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382).
• usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bnc#1012382).
• usb: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster (bnc#1012382).
• usb: serial: simple: add libtransistor console (bnc#1012382).
• vfb: fix video mode and line_length being set when loaded (bnc#1012382).
• vfio/pci: Virtualize Maximum Payload Size (bnc#1012382).
• vfio/pci: Virtualize Maximum Read Request Size (bnc#1012382).
• vfio-pci: Virtualize PCIe & AF FLR (bnc#1012382).
• vhost: correctly remove wait queue during poll failure (bnc#1012382).
• virtio: add ability to iterate over vqs (bnc#1012382).
• virtio_console: free buffers after reset (bnc#1012382).
• virtionet: check return value of skbto_sgvec always (bnc#1012382).
• virtionet: check return value of skbto_sgvec in one more location (bnc#1012382).
• vlan: also check phydriver tsinfo for vlan's real device (bnc#1012382).
• vlan: Fix reading memory beyond skb->tail in skbvlantagged_multi (bnc#1012382).
• vmxnet3: ensure that adapter is in proper state during force_close (bnc#1012382).
• vrf: Fix use after free and double free in vrffinishoutput (bnc#1012382).
• vt: change SGR 21 to follow the standards (bnc#1012382).
• vti6: better validate user provided tunnel names (bnc#1012382).
• vxlan: dont migrate permanent fdb entries during learn (bnc#1012382).
• watchdog: f71808ewdt: Fix WDEN register read (bnc#1012382).
• watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
• wl1251: check return from call to wl1251acxarpipfilter (bnc#1012382).
• writeback: fix the wrong congested state variable definition (bnc#1012382).
• writeback: safer lock nesting (bnc#1012382).
• x86/asm: Do not use RBP as a temporary register in csumpartialcopy_generic() (bnc#1012382).
• x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
• x86/bugs: Make sure that TIFSSBD does not end up in TIFALLWORK_MASK (bsc#1093215).
• x86/hweight: Do not clobber %rdi (bnc#1012382).
• x86/hweight: Get rid of the special calling convention (bnc#1012382).
• x86/ipc: Fix x32 version of shmid64ds and msqid64ds (bnc#1012382).
• x86/platform/UV: Add references to access fixed UV4A HUB MMRs (bsc#1076263 #fate#322814).
• x86/platform/uv/BAU: Replace hard-coded values with MMR definitions (bsc#1076263 #fate#322814).
• x86/platform/UV: Fix critical UV MMR address error (bsc#1076263
• x86/platform/UV: Fix GAM MMR changes in UV4A (bsc#1076263 #fate#322814).
• x86/platform/UV: Fix GAM MMR references in the UV x2apic code (bsc#1076263 #fate#322814).
• x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1091325).
• x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263 #fate#322814).
• x86/platform/UV: Fix UV4A support on new Intel Processors (bsc#1076263 #fate#322814).
• x86/platform/uv: Skip UV runtime services mapping in the efiruntimedisabled case (bsc#1089925).
• x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (bsc#1076263 #fate#322814).
• x86/smpboot: Do not use mwaitplaydead() on AMD systems (bnc#1012382).
• x86/tsc: Prevent 32bit truncation in calchpetref() (bnc#1012382).
• x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382).
• xen: avoid type warning in xchgxenulong (bnc#1012382).
• xen-netfront: Fix hang on device removal (bnc#1012382).
• xfrm: fix state migration copy replay sequence numbers (bnc#1012382).
• xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (bnc#1012382).
• xfrm_user: uncoditionally validate esn replay attribute struct (bnc#1012382).
• xfs: always verify the log tail during recovery (bsc#1036215).
• xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).
• xfs: detect and trim torn writes during log recovery (bsc#1036215).
• xfs: fix log recovery corruption error due to tail overwrite (bsc#1036215).
• xfs: fix recovery failure when log record header wraps log end (bsc#1036215).
• xfs: handle -EFSCORRUPTED during head/tail verification (bsc#1036215).
• xfs: refactor and open code log record crc check (bsc#1036215).
• xfs: refactor log record start detection into a new helper (bsc#1036215).
• xfs: return start block of first bad log record during recovery (bsc#1036215).
• xfs: support a crc verification only log record pass (bsc#1036215).