SUSE-SU-2018:2862-1

The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.155 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow() on a NULL inode->iops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001)
• CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999)
• CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfsdashrink_inode() is called with a NULL bp (bnc#1100000)
• CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INTMAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timergetoverrun(2) and siginfo::sioverrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timercreate, and timer_settime system calls (bnc#1099922)
• CVE-2018-16658: Prevent information leak in cdromioctldrive_status that could have been used by local attackers to read kernel memory (bnc#1107689)
• CVE-2018-6555: The irdasetsockopt function allowed local users to cause a denial of service (iasobject use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)
• CVE-2018-6554: Prevent memory leak in the irdabind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AFIRDA socket (bnc#1106509)
• CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748)
• CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748)
• CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipsov4optptr() function leading to a denial-of-service (bnc#1106016)
• CVE-2018-15572: The spectrev2select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517)
• CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in sndrawmidiinputparams() and sndrawmidioutputstatus(). A malicious local attacker could have used this for privilege escalation (bnc#1105322).

The following non-security bugs were fixed:

• 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382).
• 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382).
• 9p: fix multiple NULL-pointer-dereferences (bnc#1012382).
• ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382).
• ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382).
• ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382).
• ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382).
• ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382).
• ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382).
• ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382).
• ALSA: memalloc: Do not exceed over the requested size (bnc#1012382).
• ALSA: snd-aoa: add ofnodeput() in error path (bsc#1099810).
• ALSA: virmidi: Fix too long output trigger loop (bnc#1012382).
• ALSA: vx222: Fix invalid endian conversions (bnc#1012382).
• ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382).
• ARC: Enable machinedesc->initpercpu for !CONFIGSMP (bnc#1012382).
• ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382).
• ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382).
• ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382).
• ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382).
• ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382).
• ARM: dts: da850: Fix interrups property for gpio (bnc#1012382).
• ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382).
• ARM: imxv4v5_defconfig: Select ULPI support (bnc#1012382).
• ARM: imxv6v7_defconfig: Select ULPI support (bnc#1012382).
• ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382).
• ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382).
• ASoC: Intel: chtbswmax98090: remove useless code, align with ChromeOS driver (git-fixes).
• ASoC: Intel: chtbswmax98090_ti: Fix jack initialization (bnc#1012382).
• ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382).
• ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382).
• Bluetooth: avoid killing an already killed socket (bnc#1012382).
• Bluetooth: btusb: Remove Yoga 920 from the btusbneedsresetresumetable (bsc#1087092).
• Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092).
• HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382).
• IB/core: Make testing MR flags for writability a static inline function (bnc#1012382).
• IB/core: Remove duplicate declaration of gidcachewq (bsc#1056596).
• IB/iser: Do not reduce max_sectors (bsc#1063646).
• IB/mlx4: Fix an error handling path in 'mlx4ibreregusermr()' (git-fixes).
• IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382).
• IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343).
• IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).
• IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382).
• KVM: MMU: always terminate page walks at level 1 (bsc#1062604).
• KVM: MMU: simplify lastptebitmap (bsc#1062604).
• KVM: VMX: Work around kABI breakage in 'enum vmxl1dflush_state' (bsc#1106369).
• KVM: VMX: fixes for vmentryl1dflush module parameter (bsc#1106369).
• KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382).
• KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382).
• KVM: irqfd: fix race between EPOLLHUP and irqbypassregister_consumer (bnc#1012382).
• KVM: nVMX: update lastnonleaflevel when initializing nested EPT (bsc#1062604).
• MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382).
• MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012382).
• PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382).
• PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382).
• PCI: pciehp: Fix use-after-free on unplug (bnc#1012382).
• PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382).
• RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477).
• RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477).
• RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477).
• RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376).
• RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343).
• Revert 'MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum' (bnc#1012382).
• Revert 'UBIFS: Fix potential integer overflow in allocation' (bnc#1012382).
• Revert 'f2fs: handle dirty segments inside refreshsitentry' (bsc#1106281).
• Revert 'mm: page_alloc: skip over regions of invalid pfns where possible' (bnc#1107078).
• Smack: Mark inode instant in smacktaskto_inode (bnc#1012382).
• USB: musb: fix external abort on suspend (bsc#1085536).
• USB: option: add support for DW5821e (bnc#1012382).
• USB: serial: metro-usb: stop I/O after failed open (bsc#1085539).
• USB: serial: sierra: fix potential deadlock at close (bnc#1012382).
• Workaround kABI breakage by _mustcheck drop of strscpy() (bsc#1107319).
• afs: Fix directory permissions check (bsc#1106283).
• arc: fix build errors in arc/include/asm/delay.h (bnc#1012382).
• arc: fix type warnings in arc/mm/cache.c (bnc#1012382).
• arm64: make secondarystartkernel() notrace (bnc#1012382).
• arm64: mm: check for upper PAGESHIFT bits in pfnvalid() (bnc#1012382).
• atl1c: reserve min skb headroom (bnc#1012382).
• atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066).
• backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929).
• backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929).
• bcache: avoid unncessary cache prefetch bchbtreenode_get() (bsc#1064232).
• bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232).
• bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232).
• bcache: do not check return value of debugfscreatedir() (bsc#1064232).
• bcache: finish incremental GC (bsc#1064232).
• bcache: fix I/O significant decline while backend devices registering (bsc#1064232).
• bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232).
• bcache: free heap cacheset->flushbtree in bchjournalfree (bsc#1064232).
• bcache: make the prerr statement used for ENOENT only in sysfsattatch section (bsc#1064232).
• bcache: release dc->writebacklock properly in bchwriteback_thread() (bsc#1064232).
• bcache: set max writeback rate when I/O request is idle (bsc#1064232).
• bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232).
• be2net: remove unused old custom busy-poll fields (bsc#1021121 ).
• blkdev: _blkdevdirectIOsimple: fix leak in error case (bsc#1083663).
• block: bioiovitergetpages: fix size of last iovec (bsc#1083663).
• block: bioiovitergetpages: pin more pages for multi-segment IOs (bsc#1083663).
• bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382).
• bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382).
• bnxten: Always set output parameters in bnxtgetmaxrings() (bsc#963575).
• bnxten: Fix for system hang if requestirq fails (bnc#1012382).
• bnxten: Fix inconsistent BNXTFLAGAGGRINGS logic (bsc#1020412 ).
• brcmfmac: stop watchdog before detach and free everything (bnc#1012382).
• bridge: Propagate vlan add failure to user (bnc#1012382).
• btrfs: do not leak ret from dochunkalloc (bnc#1012382).
• btrfs: round down size diff when shrinking/growing device (bsc#1097105).
• can: mpc5xxxcan: check ofiomap return before use (bnc#1012382).
• cdrom: Fix info leak/OOB read in cdromioctldrive_status (bnc#1012382).
• ceph: fix incorrect use of strncpy (bsc#1107319).
• ceph: return errors from posixaclequiv_mode() correctly (bsc#1107320).
• cifs: Fix stack out-of-bounds in smb{2,3}createlease_buf() (bsc#1012382).
• cifs: add missing debug entries for kconfig options (bnc#1012382).
• cifs: check kmalloc before use (bsc#1012382).
• cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382).
• crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382).
• crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382).
• crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382).
• crypto: vmac - separate tfm and request context (bnc#1012382).
• crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317).
• cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382).
• cxl: Fix wrong comparison in cxladaptercontext_get() (bsc#1055014, git-fixes).
• dccp: fix undefined behavior with 'cwnd' shift in ccid2cwndrestart() (bnc#1012382).
• dm cache metadata: save in-core policyhintsize to on-disk superblock (bnc#1012382).
• dmaengine: k3dma: Off by one in k3ofdmasimplexlate() (bnc#1012382).
• drivers: net: lmc: fix case value for target abort error (bnc#1012382).
• drm/armada: fix colorkey mode property (bnc#1012382).
• drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929).
• drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382).
• drm/drivers: add support for using the arch wc mapping API (git-fixes).
• drm/exynos/dsi: mask frame-done interrupt (bsc#1106929).
• drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382).
• drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382).
• drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382).
• drm/i915/userptr: reject zero user_size (bsc#1090888).
• drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092).
• drm/imx: fix typo in ipuplaneformats (bsc#1106929).
• drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382).
• drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382).
• drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929).
• drm/nouveau/gem: off by one bugs in nouveaugempushbufrelocapply() (bnc#1012382).
• drm/panel: type promotion bug in s6e8aa0readmtp_id() (bsc#1105769).
• drm: Reject getfb for multi-plane framebuffers (bsc#1106929).
• enic: do not call enicchangemtu in enic_probe (git-fixes).
• enic: handle mtu change for vf properly (bnc#1012382).
• enic: initialize enic->rfsh.lock in enicprobe (bnc#1012382).
• ext4: check for NUL characters in extended attribute's name (bnc#1012382).
• ext4: fix spectre gadget in ext4mbregular_allocator() (bnc#1012382).
• ext4: reset error code in ext4findentry in fallback (bnc#1012382).
• ext4: sysfs: print ext4superblock fields as little-endian (bsc#1106229).
• fb: fix lost console when the user unplugs a USB adapter (bnc#1012382).
• fbdev: omapfb: off by one in omapfbregisterclient() (bsc#1106929).
• fix _legitimizemnt()/mntput() race (bnc#1012382).
• fix mntput/mntput race (bnc#1012382).
• fork: unconditionally clear stack on fork (bnc#1012382).
• fs/9p/xattr.c: catch the error of p9clientclunk when setting xattr failed (bnc#1012382).
• fs/dax.c: fix inefficiency in daxwritebackmapping_range() (bsc#1106185).
• fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382).
• fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921).
• fuse: Add missed unlockpage() to fusereadpages_fill() (bnc#1012382).
• fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382).
• fuse: Fix oops at processinitreply() (bnc#1012382).
• fuse: fix double request_end() (bnc#1012382).
• fuse: fix unlocked access to processing queue (bnc#1012382).
• fuse: umount should wait for all requests (bnc#1012382).
• genirq/proc: Return proper error code when irqsetaffinity() fails (bnc#1105392).
• getxattr: use correct xattr length (bnc#1012382).
• hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552).
• hwrng: exynos - Disable runtime PM on driver unbind (git-fixes).
• i2c: davinci: Avoid zero value of CLKH (bnc#1012382).
• i2c: imx: Fix race condition in dma read (bnc#1012382).
• i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382).
• i40e: use cpumask_copy instead of direct assignment (bsc#1053685).
• i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477).
• i40iw: Use correct address in dstneighlookup for IPv6 (bsc#969476 bsc#969477).
• ibmvnic: Include missing return code checks in reset function (bnc#1107966).
• ieee802154: at86rf230: switch from BUGON() to WARNON() on problem (bnc#1012382).
• ieee802154: at86rf230: use func macro for debug messages (bnc#1012382).
• ieee802154: fakelb: switch from BUGON() to WARNON() on problem (bnc#1012382).
• igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365).
• iio: ad9523: Fix displayed phase (bnc#1012382).
• iio: ad9523: Fix return value for ad952x_store() (bnc#1012382).
• iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105).
• iommu/vt-d: Add definitions for PFSID (bnc#1012382).
• iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382).
• iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105).
• ioremap: Update pgtable free interfaces with addr (bnc#1012382).
• ipv4+ipv6: Make INET*ESP select CRYPTOECHAINIV (bnc#1012382).
• ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382).
• ipvlan: use ETHMAXMTU as max mtu (bsc#1033962).
• iscsi target: fix session creation failure handling (bnc#1012382).
• isdn: Disable IIOCDBGVAR (bnc#1012382).
• iwcxgb4: remove duplicate memcpy() in c4iwcreate_listen() (bsc#969476 bsc#969477).
• ixgbe: Be more careful when modifying MAC filters (bnc#1012382).
• jfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
• jump_label: Add RELEASE barrier after text changes (bsc#1105271).
• jumplabel: Fix concurrent statickey_enable/disable() (bsc#1105271).
• jump_label: Move CPU hotplug locking (bsc#1105271).
• jump_label: Provide hotplug context variants (bsc#1105271).
• jumplabel: Reduce the size of struct statickey (bsc#1105271).
• jumplabel: Reorder hotplug lock and jumplabel_lock (bsc#1105271).
• jump_label: Split out code under the hotplug lock (bsc#1105271).
• jumplabel: remove bug.h, atomic.h dependencies for HAVEJUMP_LABEL (bsc#1105271).
• kABI: protect enum tcpcaevent (kabi).
• kabi/severities: Ignore missing cputsstramp (bsc#1099597)
• kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).
• kasan: do not emit builtin calls when sanitization is off (bnc#1012382).
• kasan: fix shadowsize calculation error in kasanmodule_alloc (bnc#1012382).
• kbuild: verify that $DEPMOD is installed (bnc#1012382).
• kernel: improve spectre mitigation (bnc#1106934.
• kprobes/x86: Fix %p uses in error messages (bnc#1012382).
• kprobes: Make list and blacklist root user read only (bnc#1012382).
• l2tp: use skdstcheck() to avoid race on sk->skdstcache (bnc#1012382).
• libceph: check authorizer reply/challenge length before reading (bsc#1096748).
• libceph: factor out _cephx_decrypt() (bsc#1096748).
• libceph: factor out _preparewrite_connect() (bsc#1096748).
• libceph: factor out encrypt_authorizer() (bsc#1096748).
• libceph: store cephauthhandshake pointer in ceph_connection (bsc#1096748).
• libceph: weaken sizeof check in cephxverifyauthorizerreply() (bsc#1096748).
• llc: use refcountincnotzero() for llcsap_find() (bnc#1012382).
• locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382).
• locks: pass inode pointer to locksfreelock_context (bsc@1099832).
• locks: prink more detail when there are leaked locks (bsc#1099832).
• locks: restore a warn for leaked locks on close (bsc#1099832).
• m68k: fix 'bad page state' oops on ColdFire boot (bnc#1012382).
• mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382).
• md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382).
• media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431).
• media: s5p-jpeg: fix number of components macro (bsc#1050431).
• media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382).
• mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697).
• mm/memory.c: check return value of ioremap_prot (bnc#1012382).
• mm/tlb: Remove tlbremovetable() non-concurrent condition (bnc#1012382).
• mm: Add vminsertpfn_prot() (bnc#1012382).
• mm: fix cache mode tracking in vminsertmixed() (bnc#1012382).
• mm: x86: move PAGESWPSOFTDIRTY from bit 7 to bit 1 (bnc#1012382).
• net/9p/client.c: version pointer uninitialized (bnc#1012382).
• net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382).
• net/ethernet/freescale/fman: fix cross-build error (bnc#1012382).
• net/mlx5: Add missing SETDRIVERVERSION command translation (bsc#1015342 bsc#1015343).
• net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172).
• net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).
• net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172).
• net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172).
• net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343).
• net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343).
• net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343).
• net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172).
• net: 6lowpan: fix reserved space for single frames (bnc#1012382).
• net: add skb_condense() helper (bsc#1089066).
• net: adjust skb->truesize in _pskb_trim() (bsc#1089066).
• net: adjust skb->truesize in pskbexpandhead() (bsc#1089066).
• net: axienet: Fix double deregister of mdio (bnc#1012382).
• net: caif: Add a missing rcureadunlock() in caifflowcb (bnc#1012382).
• net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382).
• net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968).
• net: hamradio: use ethbroadcastaddr (bnc#1012382).
• net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382).
• net: mac802154: tx: expand tailroom if necessary (bnc#1012382).
• net: prevent ISA drivers from building on PPC32 (bnc#1012382).
• net: propagate devgetvalid_name return code (bnc#1012382).
• net: qca_spi: Avoid packet drop during initial sync (bnc#1012382).
• net: qca_spi: Fix log level if probe fails (bnc#1012382).
• net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382).
• net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382).
• netsched: Fix missing res info when create new tcindex filter (bnc#1012382).
• net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382).
• netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382).
• netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382).
• netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382).
• netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).
• nl80211: Add a missing break in parsestationflags (bnc#1012382).
• nvme-fc: release io queues to allow fast fail (bsc#1102486).
• nvme: if_ready checks to fail io to deleting controller (bsc#1102486).
• nvme: kABI-compliant version of nvmffailnonready_command() (bsc#1102486).
• nvmet-fc: fix target sgl list on large transfers (bsc#1102486).
• osfgetdomainname(): use copyto_user() (bnc#1012382).
• ovl: Do d_type check only if work dir creation was successful (bnc#1012382).
• ovl: Ensure upper filesystem supports d_type (bnc#1012382).
• ovl: warn instead of error if d_type is not supported (bnc#1012382).
• packet: refine ring v3 block size test to hold one frame (bnc#1012382).
• packet: reset network header if packet shorter than ll reserved space (bnc#1012382).
• parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382).
• parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382).
• parisc: Remove ordered stores from syscall.S (bnc#1012382).
• parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382).
• perf auxtrace: Fix queue resize (bnc#1012382).
• perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382).
• perf report powerpc: Fix crash if callchain is empty (bnc#1012382).
• perf test session topology: Fix test on s390 (bnc#1012382).
• pinctrl: freescale: off by one in imx1pinconfgroupdbgshow() (bnc#1012382).
• pnfs/blocklayout: off by one in blmapstripe() (bnc#1012382).
• powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes).
• powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223).
• powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382).
• powerpc/topology: Get topology for shared processors at boot (bsc#1104683).
• powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes).
• powerpc: Avoid code patching freed init sections (bnc#1107735).
• powerpc: make feature-fixup tests fortify-safe (bsc#1066223).
• pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382).
• qed: Add sanity check for SIMD fastpath handler (bnc#1012382).
• qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604).
• qed: Do not advertise DCBXLLDMANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604).
• qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ).
• qed: Fix possible race for the link state value (bnc#1012382).
• qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604).
• qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604).
• qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604).
• qlge: Fix netdev features configuration (bsc#1098822).
• qlogic: check kstrtoul() for errors (bnc#1012382).
• readahead: stricter check for bdi io_pages (VM Functionality, git fixes).
• reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382).
• root dentries need RCU-delayed freeing (bnc#1012382).
• s390/kvm: fix deadlock when killed by oom (bnc#1012382).
• s390/lib: use expoline for all bcr instructions (bnc#1106934.
• s390/pci: fix out of bounds access during irq setup (bnc#1012382).
• s390/qdio: reset old sbal_state flags (bnc#1012382).
• s390/qeth: do not clobber buffer on async TX completion (bnc#1104485.
• s390/qeth: fix race when setting MAC address (bnc#1104485.
• s390: add explicit <linux/stringify.h> for jump label (bsc#1105271).
• s390: detect etoken facility (bnc#1106934.
• s390: fix brr1trampoline for machines without exrl (bnc#1012382 bnc#1106934.
• scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too
• scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382).
• scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382).
• scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346).
• scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382).
• scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382).
• scsi: sysfs: Introduce sysfs{un,}breakactive_protection() (bnc#1012382).
• scsi: vmwpvscsi: Return DIDRESET for status SAMSTATCOMMAND_TERMINATED (bnc#1012382).
• scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382).
• scsidebug: call respXXX function after setting host_scribble (bsc#1069138).
• scsidebug: reset injection flags for everynth > 0 (bsc#1069138).
• selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382).
• selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382).
• selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382).
• selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382).
• selftests: sync: add config fragment for testing sync framework (bnc#1012382).
• selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382).
• selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382).
• serial: 8250dw: always set baud rate in dw8250set_termios (bnc#1012382).
• sfc: stop the TX queue before pushing new buffers (bsc#1017967 ).
• slab: _GFPZERO is incompatible with a constructor (bnc#1107060).
• smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382).
• smb3: do not request leases in symlink creation and query (bnc#1012382).
• spi: davinci: fix a NULL pointer dereference (bnc#1012382).
• staging: android: ion: check for kref overflow (bnc#1012382).
• string: drop _mustcheck from strscpy() and restore strscpy() usages in cgroup (bsc#1107319).
• sys: do not hold uts_sem while accessing userspace memory (bnc#1106995).
• targetcorerbd: use RCU in free_device (bsc#1105524).
• tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382).
• tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382).
• tcp: remove DELAYED ACK events in DCTCP (bnc#1012382).
• timekeeping: Eliminate the stale declaration of ktimegetrawandreal_ts64() (bsc#969470).
• tools/power turbostat: Read extended processor family from CPUID (bnc#1012382).
• tools/power turbostat: fix -S on UP systems (bnc#1012382).
• tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382).
• tpm: fix race condition in tpmcommonwrite() (bnc#1012382).
• tracing/blktrace: Fix to allow setting same value (bnc#1012382).
• tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382).
• tracing: Use __printf markup to silence compiler (bnc#1012382).
• ubifs: Check data node size before truncate (bsc#1106276).
• ubifs: Fix memory leak in lprobs self-check (bsc#1106278).
• ubifs: Fix syncedisize calculation for xattr inodes (bsc#1106275).
• ubifs: xattr: Do not operate on deleted inodes (bsc#1106271).
• udl-kms: change down_interruptible to down (bnc#1012382).
• udl-kms: fix crash due to uninitialized memory (bnc#1012382).
• udl-kms: handle allocation failure (bnc#1012382).
• udlfb: set optimal write delay (bnc#1012382).
• uprobes: Use synchronizercu() not synchronizesched() (bnc#1012382).
• usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382).
• usb: audio-v2: Correct the comment for struct uacclockselector_descriptor (bsc#1099810).
• usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132).
• usb: dwc2: fix isoc split in transfer with no data (bnc#1012382).
• usb: gadget: composite: fix delayedstatus race condition when setinterface (bnc#1012382).
• usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382).
• usb: gadget: fuac2: fix endianness of 'struct cntrl*_lay3' (bnc#1012382).
• usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382).
• usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382).
• usb: renesasusbhs: gadget: fix spinlock_init() for uep->lock (bsc#1085536).
• usb: xhci: increase CRS timeout value (bnc#1012382).
• userns: move user access out of the mutex (bnc#1012382).
• virtio_console: fix uninitialized variable use (git-fixes).
• vmwballoon: VMCIDOORBELL_SET does not check status (bnc#1012382).
• vmw_balloon: do not use 2MB without batching (bnc#1012382).
• vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382).
• vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382).
• vsock: split dwork to avoid reinitializations (bnc#1012382).
• vti6: Fix dev->max_mtu setting (bsc#1033962).
• vti6: fix PMTU caching and reporting on xmit (bnc#1012382).
• x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382).
• x86/init: fix build with CONFIG_SWAP=n (bnc#1012382).
• x86/irqflags: Mark nativerestorefl extern inline (bnc#1012382).
• x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382).
• x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382).
• x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382).
• x86/mm/pat: Make setmemorynp() L1TF safe (bnc#1012382).
• x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382).
• x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382).
• x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382).
• x86/process: Re-export start_thread() (bnc#1012382).
• x86/spectre: Add missing family 6 check to microcode check (bnc#1012382).
• x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382).
• x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382).
• x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536).
• x86/speculation/l1tf: Fix overflow in l1tfpfnlimit() on 32bit (bnc#1012382).
• x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382).
• x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).
• x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).
• x86/speculation/l1tf: Invert all not present mappings (bnc#1012382).
• x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382).
• x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382).
• x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536).
• x86/speculation/l1tf: Unbreak !_HAVEARCHPFNMODIFY_ALLOWED architectures (bnc#1012382).
• x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369).
• xen/blkback: do not keep persistent grants too long (bsc#1085042).
• xen/blkback: move persistent grants flags to bool (bsc#1085042).
• xen/blkfront: cleanup stale persistent grants (bsc#1085042).
• xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).
• xen/netfront: do not cache skb_shinfo() (bnc#1012382).
• xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382).
• xfrm: free skb if nlsk pointer is NULL (bnc#1012382).
• xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382).
• xfs: Remove dead code from inode recover function (bsc#1105396).
• xfs: repair malformed inode items during log recovery (bsc#1105396).
• zswap: re-check zswapisfull() after do zswap_shrink() (bnc#1012382).