SUSE-SU-2018:3159-1

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-17182: The vmacacheflushall function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).
• CVE-2018-14633: A security flaw was found in the chapservercompute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829).

The following non-security bugs were fixed:

• alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510).
• alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510).
• alsa: emu10k1: fix possible info leak to userspace on SNDRVEMU10K1IOCTL_INFO (bsc#1051510).
• alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510).
• alsa: hda: Add AZXDCAPSPM_RUNTIME for AMD Raven Ridge (bsc#1051510).
• alsa: msnd: Fix the default sample sizes (bsc#1051510).
• alsa: pcm: Fix sndintervalrefine first/last with open min/max (bsc#1051510).
• alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510).
• ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510).
• ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510).
• ASoC: rt5514: Add the I2S ASRC support (bsc#1051510).
• ASoC: rt5514: Add the missing register in the readable table (bsc#1051510).
• ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510).
• ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510).
• ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510).
• block, dax: remove dead code in blkdev_writepages() (bsc#1104888).
• block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979).
• block: Invalidate cache on discard v2 (bsc#1109992).
• block: pass inclusive 'lend' parameter to truncateinodepages_range (bsc#1109992).
• block: properly protect the 'queue' kobj in blkunregisterqueue (bsc#1109979).
• bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510).
• bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587).
• bluetooth: Use locksocknested in btacceptenqueue (bsc#1051510).
• btrfs: add a comp_refs() helper (dependency for bsc#1031392).
• btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392).
• btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947).
• btrfs: cleanup extent locking sequence (dependency for bsc#1031392).
• btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392).
• btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392).
• btrfs: fix data corruption when deduplicating between different files (bsc#1110647).
• btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644).
• btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642).
• btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643).
• btrfs: fix return value on rename exchange failure (bsc#1110645).
• btrfs: fix send failure when root has deleted files still open (bsc#1110650).
• btrfs: Fix wrong btrfsdelallocrelease_extents parameter (bsc#1031392).
• btrfs: log csums for all modified extents (bsc#1110639).
• btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392).
• btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392).
• btrfs: qgroup: Cleanup btrfsqgroupprepareaccountextents function (dependency for bsc#1031392).
• btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392).
• btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392).
• btrfs: qgroup: Do not use root->qgroupmetarsv for qgroup (bsc#1031392).
• btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392).
• btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392).
• btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392).
• btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392).
• btrfs: qgroup: Introduce function to convert METAPREALLOC into METAPERTRANS (bsc#1031392).
• btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392).
• btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392).
• btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392).
• btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392).
• btrfs: qgroup: Split meta rsv type into metaprealloc and metapertrans (bsc#1031392).
• btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392).
• btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392).
• btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392).
• btrfs: qgroup: Use root::qgroupmetarsv_* to record qgroup meta reserved space (bsc#1031392).
• btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392).
• btrfs: remove type argument from comptreerefs (dependency for bsc#1031392).
• btrfs: Remove unused parameters from various functions (bsc#1110649).
• btrfs: rework outstanding_extents (dependency for bsc#1031392).
• btrfs: scrub: Do not use inode page cache in scrubhandleerrored_block() (follow up for bsc#1108096).
• btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096).
• btrfs: switch args for comp*refs (dependency for bsc#1031392).
• btrfs: sync log after logging new name (bsc#1110646).
• btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928).
• cfg80211: reg: Init wiphyidx in regulatoryhint_core() (bsc#1051510).
• coresight: Handle errors in finding input/output ports (bsc#1051510).
• crypto: clarify licensing of OpenSSL asm code ().
• crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510).
• crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510).
• dax: Introduce a ->copytoiter dax operation (bsc#1098782).
• dax: Make extension of dax_operations transparent (bsc#1098782).
• dax: remove default copyfromiter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmemdaxops-flush-abstraction.patch: Refresh
• dax: Report bytes remaining in daxiomapactor() (bsc#1098782).
• dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh
• dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh
• device-dax: Add missing addressspaceoperations (bsc#1107783).
• device-dax: Enable page_mapping() (bsc#1107783).
• device-dax: Set page->index (bsc#1107783).
• doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636).
• ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdevdaxsupported.patch: Refresh
• ext2, dax: introduce ext2daxaops (bsc#1104888).
• ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdevdaxsupported.patch: Refresh
• ext4, dax: add ext4bmap to ext4dax_aops (bsc#1104888).
• ext4, dax: introduce ext4daxaops (bsc#1104888).
• ext4, dax: set ext4daxaops for dax files (bsc#1104888).
• fbdev: Distinguish between interlaced and progressive modes (bsc#1051510).
• fbdev/via: fix defined but not used warning (bsc#1051510).
• filesystem-dax: Introduce daxlockmappingentry() (bsc#1107783). patches.kabi/kabi-fixup-bdevdax_supported.patch: Refresh
• filesystem-dax: Set page->index (bsc#1107783).
• Fix buggy backport in patches.fixes/dax-check-for-queueflagdax-in-bdevdaxsupported.patch (bsc#1109859)
• Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006).
• Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section.
• fs, dax: prepare for dax-specific addressspaceoperations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdevdaxsupported.patch: Refresh
• fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888).
• gpiolib: Mark gpiosuffixes array with _maybe_unused (bsc#1051510).
• gpio: pxa: Fix potential NULL dereference (bsc#1051510).
• gpu: ipu-v3: csi: pass back mbuscodetobuscfg error codes (bsc#1051510).
• HID: hid-ntrig: add error handling for sysfscreategroup (bsc#1051510).
• i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510).
• Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510).
• input: rohmbu21023: switch to i2clockbus(..., I2CLOCK_SEGMENT) (bsc#1051510).
• intel_th: Fix device removal logic (bsc#1051510).
• iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).
• ioremap: Update pgtable free interfaces with addr (bsc#1110006).
• ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078).
• KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244).
• kprobes/x86: Release insn_slot in failure path (bsc#1110006).
• KVM: PPC: Book3S HV: Use correct pagesize in kvmunmapradix() (bsc#1061840, git-fixes).
• KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240).
• KVM: x86: Default to not allowing emulation retry in kvmmmupage_fault (bsc#1106240).
• KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240).
• KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240).
• KVM: x86: Merge EMULTYPERETRY and EMULTYPEALLOW_REEXECUTE (bsc#1106240).
• lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510).
• lib/ioviter: Fix pipe handling in _copytoitermcsafe() (bsc#1098782).
• libnvdimm, pmem: Fix memcpymcsafe() return code handling in nsiorw_bytes() (bsc#1098782).
• libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783).
• Limit kernel-source build to architectures for which we build binaries (bsc#1108281).
• mac80211: fix pending queue hang due to TX_DROP (bsc#1051510).
• mac80211: restrict delayed tailroom needed decrement (bsc#1051510).
• mei: bus: type promotion bug in meinfcif_version() (bsc#1051510).
• mei: ignore not found client in the enumeration (bsc#1051510).
• mfd: 88pm860x-i2c: switch to i2clockbus(..., I2CLOCKSEGMENT) (bsc#1051510).
• mfd: tiam335xtscadc: Fix struct clk memory leak (bsc#1051510).
• mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510).
• mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510).
• mm, dax: introduce pfntspecial() (bsc#1104888).
• mm, madviseinjecterror: Disable MADVSOFTOFFLINE for ZONE_DEVICE pages (bsc#1107783).
• mm, madviseinjecterror: Let memory_failure() optionally take a page reference (bsc#1107783).
• mm, memoryfailure: Collect mapping size in collectprocs() (bsc#1107783).
• mm, memoryfailure: Teach memoryfailure() about dev_pagemap pages (bsc#1107783).
• mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate).
• mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate).
• mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate).
• mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006).
• NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510).
• nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190).
• NFS/filelayout: Fix racy setting of fl->dsaddr in filelayoutcheckdeviceid() (bsc#1105190).
• NFS: Use an appropriate work queue for direct-write completion (bsc#1082519).
• parport: sunbpp: fix error return code (bsc#1051510).
• PCI: aardvark: Size bridges before resources allocation (bsc#1109806).
• PCI: designware: Fix I/O space page leak (bsc#1109806).
• PCI: faraday: Add missing ofnodeput() (bsc#1109806).
• PCI: faraday: Fix I/O space page leak (bsc#1109806).
• PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806).
• PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806).
• PCI: versatile: Fix I/O space page leak (bsc#1109806).
• PCI: xgene: Fix I/O space page leak (bsc#1109806).
• PCI: xilinx: Add missing ofnodeput() (bsc#1109806).
• PCI: xilinx-nwl: Add missing ofnodeput() (bsc#1109806).
• pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510).
• platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510).
• platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510).
• pmem: Switch to copytoiter_mcsafe() (bsc#1098782).
• powernv/pseries: consolidate code for mce early handling (bsc#1094244).
• powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).
• powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823).
• powerpc: Fix size calculation using resource_size() (bnc#1012382).
• powerpc: KABI add auxptr to hole in pacastruct to extend it with additional members (bsc#1094244).
• powerpc: KABI: move mcedatabuf into paca_aux (bsc#1094244).
• powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363).
• powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244).
• powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120).
• powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244).
• powerpc/pseries: Define MCE error event section (bsc#1094244).
• powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729).
• powerpc/pseries: Display machine check error details (bsc#1094244).
• powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mcedatabuf-into-paca_aux.patch
• powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).
• powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).
• powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337).
• powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333).
• powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
• powerpc/xive: Fix trying to 'push' an already active pool VP (bsc#1085030, git-fixes).
• r8152: Check for supported Wake-on-LAN Modes (bsc#1051510).
• README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer
• regulator: fix crash caused by null driver data (bsc#1051510).
• rename/renumber hv patches to simplify upcoming upstream merges No code changes.
• Revert 'btrfs: qgroups: Retry after commit on getting EDQUOT' (bsc#1031392).
• Revert 'ipc/shm: Fix shmat mmap nil-page protection' (bsc#1090078).
• rpm/mkspec: build dtbs for architectures marked -!needs_updating
• rpm/mkspec: fix ppc64 kernel-source build.
• s390/crypto: Fix return code checking in cbcpaescrypt() (bnc#1108323, LTC#171709).
• s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068).
• s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948).
• s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948).
• sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).
• sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate).
• sched/numa: Pass destination CPU as a parameter to migratetaskrq (bnc#1101669 optimise numa balancing for fast migrate).
• sched/numa: Pass destination CPU as a parameter to migratetaskrq kabi (bnc#1101669 optimise numa balancing for fast migrate).
• sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate).
• sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate).
• sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate).
• scsi: hisi_sas: Add a flag to filter PHY events during reset ().
• scsi: hisi_sas: add memory barrier in task delivery function ().
• scsi: hisi_sas: Add missing PHY spinlock init ().
• scsi: hisi_sas: Add SATA FIS check for v3 hw ().
• scsi: hisi_sas: Adjust task reject period during host reset ().
• scsi: hisisas: Drop hisisasslotabort() ().
• scsi: hisi_sas: Fix the conflict between dev gone and host reset ().
• scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout ().
• scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw ().
• scsi: hisisas: Only process broadcast change in phybcastv3hw() ().
• scsi: hisi_sas: Pre-allocate slot DMA buffers ().
• scsi: hisi_sas: Release all remaining resources in clear nexus ha ().
• scsi: hisi_sas: relocate some common code for v3 hw ().
• scsi: hisi_sas: tidy channel interrupt handler for v3 hw ().
• scsi: hisisas: Tidy hisisastaskprep() ().
• scsi: hisi_sas: tidy host controller reset function a bit ().
• scsi: hisi_sas: Update a couple of register settings for v3 hw ().
• scsi: hisisas: Use dmamalloc_coherent() ().
• scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336).
• smsc75xx: Check for Wake-on-LAN modes (bsc#1051510).
• smsc95xx: Check for Wake-on-LAN modes (bsc#1051510).
• sort series.conf I didn't want to, but he made me do it.
• sr9800: Check for supported Wake-on-LAN modes (bsc#1051510).
• sr: get/drop reference to device in revalidate and check_events (bsc#1109979).
• supported.conf: add testsyctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get testsysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to change the kernel for testsyctl, it it also means we can't test testsyctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though.
• uio, lib: Fix CONFIGARCHHASUACCESSMCSAFE compilation (bsc#1098782).
• VFS: do not test owner for NFS in setposixacl() (bsc#1103405).
• video: goldfishfb: fix memory leak on driver remove (bsc#1051510).
• watchdog: Mark watchdog touch functions as notrace (git-fixes).
• wlcore: Add missing PM call for wlcorecmdwaitforeventortimeout() (bsc#1051510).
• x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006).
• x86/apic: Split disableIOAPIC() into two functions to fix CONFIGKEXECJUMP=y (bsc#1110006).
• x86/apic: Split out restorebootirqmode() from disableIO_APIC() (bsc#1110006).
• x86/apic/vector: Fix off by one in error path (bsc#1110006).
• x86/asm/memcpymcsafe: Add labels for _memcpy_mcsafe() write fault handling (bsc#1098782).
• x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782).
• x86/asm/memcpymcsafe: Define copytoitermcsafe() (bsc#1098782).
• x86/asm/memcpymcsafe: Fix copytousermcsafe() exception handling (bsc#1098782).
• x86/asm/memcpymcsafe: Provide original memcpymcsafe_unrolled (bsc#1098782).
• x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782).
• x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782).
• x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301).
• x86/build/64: Force the linker to use 2MB page size (bsc#1109603).
• x86/dumpstack: Save first regs set for the executive summary (bsc#1110006).
• x86/dumpstack: Unify show_regs() (bsc#1110006).
• x86/entry/64: Wipe KASAN stack shadow before rewindstackdo_exit() (bsc#1110006).
• x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006).
• x86/idt: Load idt early in start_secondary (bsc#1110006).
• x86/kexec: Avoid double freepage() upon dokexec_load() failure (bsc#1110006).
• x86/mce: Fix setmcenospec() to avoid #GP fault (bsc#1107783).
• x86/mce: Improve error message when kernel cannot recover (bsc#1110006).
• x86/mce: Improve error message when kernel cannot recover (bsc#1110301).
• x86/memoryfailure: Introduce {set, clear}mce_nospec() (bsc#1107783).
• x86-memoryfailure-Introduce-set-clear-mcenospec.patch: Fixup compilation breakage on s390 and arm due to missing clearmce_nospec().
• x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006).
• x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006).
• x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006).
• x86/mm: Expand static page table for fixmap space (bsc#1110006).
• x86/mm: Fix ELFETDYN_BASE for 5-level paging (bsc#1110006).
• x86/mm: implement free pmd/pte page interfaces (bsc#1110006).
• x86/mm/pat: Prepare {reserve, free}_memtype() for 'decoy' addresses (bsc#1107783).
• x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006).
• x86: msr-index.h: Correct SNBC1/C3AUTO_UNDEMOTE defines (bsc#1110006).
• x86: msr-index.h: Correct SNBC1/C3AUTO_UNDEMOTE defines (bsc#1110301).
• x86/PCI: Make broadcompostcoreinit() check acpi_disabled (bsc#1110006).
• x86/pkeys: Do not special case protection key 0 (bsc#1110006).
• x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006).
• x86/process: Do not mix user/kernel regs in 64bit _showregs() (bsc#1110006).
• x86/process: Re-export start_thread() (bsc#1110006).
• x86/vdso: Fix lsl operand order (bsc#1110006).
• x86/vdso: Fix lsl operand order (bsc#1110301).
• xen: issue warning message when out of grant maptrack entries (bsc#1105795).
• xfs, dax: introduce xfsdaxaops (bsc#1104888).
• xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510).