SUSE-SU-2018:3934-1

The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-18710: An information leak in cdromioctlselect_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
• CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372).
• CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).
• CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831).
• CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).

The following non-security bugs were fixed:

• acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128).
• acpi / processor: Fix the return value of acpiprocessorids_walk() (bsc#1051510).
• aio: fix iodestroy(2) vs. lookupioctx() race (git-fixes).
• alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
• alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510).
• alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
• alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
• alsa: hda: fix unused variable warning (bsc#1051510).
• alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510).
• alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510).
• alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510).
• apparmor: Check buffer bounds when mapping permissions mask (git-fixes).
• ARM: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468).
• ASoC: intel: skylake: Add missing break in skltplgget_token() (bsc#1051510).
• ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
• ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
• ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
• ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510).
• ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510).
• ASoC: wm8804: Add ACPI support (bsc#1051510).
• ath10k: fix kernel panic issue during pci probe (bsc#1051510).
• ath10k: fix scan crash due to incorrect length calculation (bsc#1051510).
• ath10k: fix use-after-free in ath10kwmicmdsendnowait (bsc#1051510).
• autofs: fix autofs_sbi() does not check super block type (git-fixes).
• autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
• autofs: mount point create should honour passed in mode (git-fixes).
• badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).
• batman-adv: Avoid probe ELP information leak (bsc#1051510).
• batman-adv: fix backbonegw refcount on queuework() failure (bsc#1051510).
• batman-adv: fix hardifneigh refcount on queuework() failure (bsc#1051510).
• bdi: Fix another oops in wb_workfn() (bsc#1112746).
• bdi: Preserve kabi when adding cgwbreleasemutex (bsc#1112746).
• blkdevreportzones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819).
• blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713).
• block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708).
• block: bfq: swap puts in bfqgandblkg_put (bsc#1112712).
• block: bvecnrvecs() returns value for wrong slab (bsc#1111834).
• bpf/verifier: disallow pointer subtraction (bsc#1083647).
• btrfs: Enhance btrfstrimfs function to handle error better (Dependency for bsc#1113667).
• btrfs: Ensure btrfstrimfs can trim the whole filesystem (bsc#1113667).
• btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901).
• btrfs: fix missing error return in btrfsdropsnapshot (Git-fixes bsc#1109919).
• btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543).
• btrfs: handle errors while updating refcounts in updatereffor_cow (Git-fixes bsc#1109915).
• btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904).
• cdc-acm: fix race between reset and control messaging (bsc#1051510).
• ceph: avoid a use-after-free in cephdestroyoptions() (bsc#1111983).
• cfg80211: fix a type issue in ieee80211chandeftooperatingclass() (bsc#1051510).
• cifs: check for STATUSUSERSESSION_DELETED (bsc#1112902).
• cifs: check for STATUSUSERSESSION_DELETED (bsc#1112902).
• cifs: connect to servername instead of IP for IPC$ share (bsc#1106359).
• cifs: fix memory leak in SMB2_open() (bsc#1112894).
• cifs: fix memory leak in SMB2_open() (bsc#1112894).
• cifs: Fix use after free of a midqentry (bsc#1112903).
• cifs: Fix use after free of a midqentry (bsc#1112903).
• clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510).
• clk: x86: Stop marking clocks as CLKISCRITICAL (bsc#1051510).
• clocksource/drivers/ti-32k: Add CLOCKSOURCESUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510).
• clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510).
• coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510).
• crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).
• crypto: ccp - add timeout support in the SEV command (bsc#1106838).
• crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510).
• crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).
• crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510).
• crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510).
• crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).
• dax: Fix deadlock in daxlockmapping_entry() (bsc#1109951).
• debugobjects: Make stack check warning more informative (bsc#1051510).
• Disable DRM patches that broke vbox video driver KMP (bsc#1111076)
• Documentation/l1tf: Fix small spelling typo (bsc#1051510).
• do dinstantiate/unlocknew_inode combinations safely (git-fixes).
• Do not leak MNT_INTERNAL away from internal mounts (git-fixes).
• drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510).
• drm/amdgpu: fix error handling in amdgpucsuserfencechunk (bsc#1106110)
• drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510).
• drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110)
• drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722)
• drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510).
• drm/amdgpu: revert 'fix deadlock of reservation between cs and gpu reset v2' (bsc#1051510).
• drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510).
• drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722)
• drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722)
• drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722)
• drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510).
• drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722)
• drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510).
• drm/i915: Restore vblank interrupts earlier (bsc#1051510).
• drm: mali-dp: Call drmcrtcvblank_reset on device init (bsc#1051510).
• drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
• drm/msm: fix OF child-node lookup (bsc#1106110)
• drm/nouveau/disp: fix DP disable race (bsc#1051510).
• drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).
• drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510).
• drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)
• drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110)
• drm/virtio: fix bounds check in virtiogpucmdgetcapset() (bsc#1113722)
• e1000: check on netifrunning() before calling e1000up() (bsc#1051510).
• e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510).
• edac: Raise the maximum number of memory controllers (bsc#1113780).
• edac, thunderx: Fix memory leak in thunderxl2cthreaded_isr() (bsc#1114279).
• eeprom: at24: change nvmem stride to 1 (bsc#1051510).
• eeprom: at24: check at24_read/write arguments (bsc#1051510).
• eeprom: at24: correctly set the size for at24mac402 (bsc#1051510).
• enic: do not call enicchangemtu in enic_probe (bsc#1051510).
• enic: handle mtu change for vf properly (bsc#1051510).
• enic: initialize enic->rfsh.lock in enicprobe (bsc#1051510).
• ethtool: fix a privilege escalation bug (bsc#1076830).
• ext2, dax: set ext2daxaops for dax files (bsc#1112554).
• ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736).
• ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735).
• ext4: check for NUL characters in extended attribute's name (bsc#1112732).
• ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734).
• ext4: do not mark mmp buffer head dirty (bsc#1112743).
• ext4: fix online resize's handling of a too-small final block group (bsc#1112739).
• ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740).
• ext4: fix spectre gadget in ext4mbregular_allocator() (bsc#1112733).
• ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738).
• ext4: reset error code in ext4findentry in fallback (bsc#1112731).
• ext4: show testdummyencryption mount option in /proc/mounts (bsc#1112741).
• fbdev/omapfb: fix omapfbmemoryread infoleak (bsc#1051510).
• firmware: raspberrypi: Register hwmon driver (bsc#1108468).
• floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510).
• fs: dcache: Avoid livelock between dallocparallel and _dadd (git-fixes).
• fs/dcache.c: fix kmemcheck splat at takedentryname_snapshot() (git-fixes).
• fs: dcache: Use READONCE when accessing idir_seq (git-fixes).
• fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745).
• getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes).
• gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510).
• gpio: Fix crash due to registration race (bsc#1051510).
• gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510).
• gpio: mb86s70: Revert 'Return error if requesting an already assigned gpio' (bsc#1051510).
• hfsplus: do not return 0 when fill_super() failed (bsc#1051510).
• hfsplus: stop workqueue when fill_super() failed (bsc#1051510).
• hfs: prevent crash on exit from failed search (bsc#1051510).
• hid: add support for Apple Magic Keyboards (bsc#1051510).
• hid: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510).
• hid: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510).
• hid: quirks: fix support for Apple Magic Keyboards (bsc#1051510).
• hid: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510).
• hv: avoid crash in vmbus sysfs files (bnc#1108377).
• hvnetvsc: Fix a deadlock by getting rtnl lock earlier in netvscprobe() (bsc#1109772).
• hv_netvsc: fix schedule in RCU context ().
• hwmon: Add support for RPi voltage sensor (bsc#1108468).
• hwmon: (adt7475) Make adt7475readword() return errors (bsc#1051510).
• hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510).
• hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468).
• hwrng: core - document the quality field (bsc#1051510).
• hypfskillsuper(): deal with failed allocations (bsc#1051510).
• i2c: i2c-scmi: fix for i2csmbuswriteblockdata (bsc#1051510).
• i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510).
• iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).
• iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510).
• iio: adc: imx25-gcq: Fix leak of devicenode in mx25gcqsetupcfgs() (bsc#1051510).
• Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510).
• Input: atakbd - fix Atari keymap (bsc#1051510).
• intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
• iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237).
• iommu/vt-d: Add definitions for PFSID (bsc#1106237).
• iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
• iommu/vt-d: Fix scatterlist offset handling (bsc#1106237).
• ipc/shm.c add ->pagesize function to shmvmops (bsc#1111811).
• iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510).
• iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
• iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510).
• iwlwifi: mvm: clear HWRESTARTREQUESTED when stopping the interface (bsc#1051510).
• iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510).
• iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510).
• iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510).
• iwlwifi: pcie gen2: check iwlpciegen2settb() return value (bsc#1051510).
• jbd2: fix use after free in jbd2logdo_checkpoint() (bsc#1113257).
• kABI: Hide getmsrfeature() in kvmx86ops (bsc#1106240).
• KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).
• KABI: powerpc: export _findlinuxpte as _findlinuxpteorhugepte (bsc#1061840).
• kabi/severities: correct nvdimm kabi exclusion
• kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmodepfntopage iommutcexchgrm mmiommulookuprm mmiommuuatohparm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.
• kabi/severities: ignore _xivevmh* KVM internal symbols.
• Kbuild: fix # escaping in .cmd files for future Make (git-fixes).
• kernfs: update comment about kernfs_path() return value (bsc#1051510).
• kprobes/x86: Fix %p uses in error messages (bsc#1110006).
• ksm: fix unlocked iteration over vmas in cmpandmerge_page() (VM Functionality bsc#1111806).
• kvm: Make VM ioctl do valloc for some archs (bsc#1111506).
• KVM: PPC: Add ptregs into kvmvcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).
• KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).
• KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
• KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).
• KVM: PPC: Book3S: Check KVMCREATESPAPRTCE64 parameters (bsc#1061840).
• KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
• KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).
• KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).
• KVM: PPC: Book3S HV: Add ofnodeput() in success path (bsc#1061840).
• KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).
• KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).
• KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).
• KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).
• KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
• KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).
• KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).
• KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).
• KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).
• KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
• KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).
• KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).
• KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppcsave/restoretm (bsc#1061840).
• KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
• KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
• KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
• KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).
• KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).
• KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).
• KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
• KVM: PPC: Book3S HV: Fix kvmppcbadhost_intr for real mode interrupts (bsc#1061840).
• KVM: PPC: Book3S HV: Fix trap number return from _kvmppcvcore_entry (bsc#1061840).
• KVM: PPC: Book3S HV: Fix typo in kvmppchvgetdirtylog_radix() (bsc#1061840).
• KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).
• KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).
• KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).
• KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).
• KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
• KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
• KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
• KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppcradixtlbie_page (bsc#1061840).
• KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
• KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).
• KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).
• KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).
• KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).
• KVM: PPC: Book3S HV: Read kvm->arch.emulsmtmode under kvm->lock (bsc#1061840).
• KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).
• KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).
• KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
• KVM: PPC: Book3S HV: Send kvmppcbadinterrupt NMIs to Linux handlers (bsc#1061840).
• KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).
• KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).
• KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).
• KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).
• KVM: PPC: Book3S HV: Use _gfntopfnmemslot() in page fault handler (bsc#1061840).
• KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).
• KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppcsavetm()/kvmppcrestoretm() (bsc#1061840).
• KVM: PPC: Book3S PR: Move kvmppcsavetm/kvmppcrestoretm to separate file (bsc#1061840).
• KVM: PPC: Book3S: Use correct page shift in HSTUFFTCE (bsc#1061840).
• KVM: PPC: Fix a mmiohostswabbed uninitialized usage issue (bsc#1061840).
• KVM: PPC: Make iommutable::ituserspace big endian (bsc#1061840).
• KVM: PPC: Move nip/ctr/lr/xer registers to ptregs in kvmvcpu_arch (bsc#1061840).
• KVM: PPC: Use seqputs() in kvmppcexittimingshow() (bsc#1061840).
• KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240).
• KVM: VMX: support MSRIA32ARCH_CAPABILITIES as a feature MSR (bsc#1106240).
• KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240).
• KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240).
• KVM: x86: define SVM/VMX specific kvmarch[alloc|free]_vm (bsc#1111506).
• KVM: X86: Introduce kvmgetmsr_feature() (bsc#1106240).
• kvm/x86: kABI fix for vmalloc/vmfree changes (bsc#1111506).
• kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240).
• libertas: call into generic suspend code before turning off power (bsc#1051510).
• libnvdimm, badrange: remove a WARN for list_empty (bsc#112128).
• libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408).
• libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972).
• libnvdimm: Introduce locked DIMM capacity support (bsc#112128).
• libnvdimm, label: change nvdimmnumlabel_slots per UEFI 2.7 (bsc#1111921, bsc#1113408).
• libnvdimm, label: change nvdimmnumlabel_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972).
• libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, ).
• libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972).
• libnvdimm: move poison list functions to a new 'badrange' file (bsc#112128).
• libnvdimm/nfit_test: add firmware download emulation (bsc#112128).
• libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#112128).
• libnvdimm, testing: Add emulation for smart injection commands (bsc#112128).
• libnvdimm, testing: update the default smart ctrl_temperature (bsc#112128).
• lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510).
• lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
• livepatch: create and include UAPI headers ().
• lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).
• loop: add recursion validation to LOOPCHANGEFD (bsc#1112711).
• loop: do not call into filesystem while holding loctlmutex (bsc#1112710).
• loop: fix LOOPGETSTATUS lock imbalance (bsc#1113284).
• mac80211: correct use of IEEE80211VHTCAPRXSTBCX (bsc#1051510).
• mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510).
• mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510).
• mac80211: fix a race between restart and CSA flows (bsc#1051510).
• mac80211: Fix station bandwidth setting after channel switch (bsc#1051510).
• mac80211hwsim: correct use of IEEE80211VHTCAPRXSTBC_X (bsc#1051510).
• mac80211_hwsim: require at least one channel (bsc#1051510).
• mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510).
• mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510).
• mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510).
• mac80211: shorten the IBSS debug messages (bsc#1051510).
• mach64: detect the dot clock divider correctly on sparc (bsc#1051510).
• make sure that _dentrykill() always invalidates d_seq, unhashed or not (git-fixes).
• md: fix NULL dereference of mddev->pers in removeandadd_spares() (git-fixes).
• md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).
• md/raid1: add error handling of read error from FailFast device (git-fixes).
• md/raid5-cache: disable reshape completely (git-fixes).
• md/raid5: fix data corruption of replacements after originals dropped (git-fixes).
• media: af9035: prevent buffer overflow on write (bsc#1051510).
• media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510).
• media: dvb: fix compat ioctl translation (bsc#1051510).
• media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).
• media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).
• media: pci: cx23885: handle adding to list failure (bsc#1051510).
• media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).
• media: tvp5150: fix switch exit in set control handler (bsc#1051510).
• media: tvp5150: fix width alignment during set_selection() (bsc#1051510).
• media: uvcvideo: Fix uvcallocentity() allocation alignment (bsc#1051510).
• media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510).
• media: videobuf-dma-sg: Fix dma{sync,unmap}sg() calls (bsc#1051510).
• media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).
• mfd: arizona: Correct calling of runtimeputsync (bsc#1051510).
• mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510).
• mm: fix BUGON() in vmfinsertpfnpud() from VM_MIXEDMAP removal (bsc#1111841).
• mm/migrate: Use spin_trylock() while resetting rate limit ().
• mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907).
• modpost: ignore livepatch unresolved relocations ().
• move changes without Git-commit out of sorted section
• mwifiex: handle race during mwifiexusbdisconnect (bsc#1051510).
• net/smc: retain old name for diag_mode field (bsc#1106287, LTC#170892).
• net/smc: use _alignedu64 for 64-bit smc_diag fields (bsc#1101138, LTC#164002).
• NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).
• nfit_test: add error injection DSMs (bsc#112128).
• nfit_test: fix buffer overrun, add sanity check (bsc#112128).
• nfit_test: improve structure offset handling (bsc#112128).
• nfittest: prevent parsing error of nfittest.0 (bsc#112128).
• nfit_test: when clearing poison, also remove badrange entries (bsc#112128).
• NFS: Avoid quadratic search when freeing delegations (bsc#1084760).
• nvdimm: Clarify comment in sizeofnamespaceindex (bsc#1111921, bsc#1113408).
• nvdimm: Clarify comment in sizeofnamespaceindex (bsc#1111921, bsc#1113408, bsc#1113972).
• nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, ).
• nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972).
• nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, ).
• nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).
• nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408).
• nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972).
• nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408).
• nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972).
• of: add helper to lookup compatible child node (bsc#1106110)
• orangefs: fix deadlock; do not write isize in readiter (bsc#1051510).
• orangefs: initialize op on loop restart in orangefsdevreqread (bsc#1051510).
• orangefskillsb(): deal with allocation failures (bsc#1051510).
• orangefs: use listforeachentrysafe in purgewaitingops (bsc#1051510).
• ovl: fix format of setxattr debug (git-fixes).
• ovl: Sync upper dirty data when syncing overlayfs (git-fixes).
• PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510).
• PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806).
• PCI: hv: Use effective affinity mask (bsc#1109772).
• PCI: Reprogram bridge prefetch registers on resume (bsc#1051510).
• pipe: match pipemaxsize data type with procfs (git-fixes).
• PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510).
• powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
• powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
• powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800).
• powerpc/mm: Rename findlinuxpteorhugepte() (bsc#1061840).
• powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784).
• powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
• powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120).
• powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).
• powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).
• powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).
• powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).
• powerpc/powernv: Rework TCE level allocation (bsc#1061840).
• powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes).
• powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).
• powerpc/pseries: Fix 'OF: ERROR: Bad ofnodeput() on /cpus' during DLPAR (bsc#1113295).
• powerpc: pseries: remove dlparattachnode dependency on full path (bsc#1113295).
• powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870).
• powerpc/xive: Move definition of ESB bits (bsc#1061840).
• powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
• printk: drop innmi check from printksafeflushon_panic() (bsc#1112170).
• printk/tracing: Do not trace printknmienter() (bsc#1112208).
• proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf:
• qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510).
• qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
• r8169: Clear RTLFLAGTASK*PENDING when clearing RTLFLAGTASK_ENABLED (bsc#1051510).
• race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
• RAID10 BUGON in raisebarrier when force is true and conf->barrier is 0 (git-fixes).
• random: rate limit unseeded randomness warnings (git-fixes).
• rculist: add listforeachentryfrom_rcu() (bsc#1084760).
• rculist: Improve documentation for listforeachentryfrom_rcu() (bsc#1084760).
• reiserfs: add check to detect corrupted directory entry (bsc#1109818).
• reiserfs: do not panic on bad directory entries (bsc#1109818).
• rename a hv patch to reduce conflicts in -AZURE
• reorder a qedi patch to allow further work in this branch
• resource: Include resource end in walk_*() interfaces (bsc#1114279).
• Revert 'drm/amdgpu: Add an ATPX quirk for hybrid laptop' (bsc#1051510).
• Revert 'drm/i915/gvt: set max priority for gvt context' (bsc#1051510).
• Revert 'gpio: set up initial state from .get_direction()' (bsc#1051510).
• Revert 'iommu/io-pgtable: Avoid redundant TLB syncs' (bsc#1106237).
• Revert 'mwifiex: fix incorrect ht capability problem' (bsc#1051510).
• Revert 'mwifiex: handle race during mwifiexusbdisconnect' (bsc#1051510).
• Revert 'pinctrl: sunxi: Do not enforce bias disable (for now)' (bsc#1051510).
• rpc_pipefs: fix double-dput() (bsc#1051510).
• rpmsg: Correct support for MODULEDEVICETABLE() (git-fixes).
• sched/numa: Limit the conditions where scan period is reset ().
• scripts/series2git:
• scripts/series2git: Revert the change mistakenly taken A 'fix' for series2git went in mistakenly among other patches. Revert it here. It'll be picked up from a proper branch if need.
• scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
• scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
• scsi: ipr: Eliminate duplicate barriers ().
• scsi: ipr: fix incorrect indentation of assignment statement ().
• scsi: ipr: Use dmapoolzalloc() ().
• scsi: libfc: check fcframepayload_get() return value for null (bsc#1104731).
• scsi: libfc: check fcframepayload_get() return value for null (bsc#1104731).
• scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
• scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
• scsi: qla2xxx: do not allow negative thresholds (bsc#1108870).
• scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870).
• scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870).
• scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870).
• scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830).
• scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870).
• scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870).
• scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870).
• scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870).
• scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870).
• scsi: qla2xxx: Return switch command on a timeout (bsc#1108870).
• scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928).
• serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).
• signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).
• smb2: fix missing files in root share directory listing (bsc#1112907).
• smb2: fix missing files in root share directory listing (bsc#1112907).
• smb3: fill in statfs fsid and correct namelen (bsc#1112905).
• smb3: fill in statfs fsid and correct namelen (bsc#1112905).
• smb3: fix reset of bytes read and written stats (bsc#1112906).
• smb3: fix reset of bytes read and written stats (bsc#1112906).
• smb3: on reconnect set PreviousSessionId field (bsc#1112899).
• smb3: on reconnect set PreviousSessionId field (bsc#1112899).
• sockdiag: fix use-after-free read in _sk_free (bsc#1051510).
• soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
• soreuseport: initialise timewait reuseport field (bsc#1051510).
• sound: do not call sklinitchip() to reset intel skl soc (bsc#1051510).
• sound: enable interrupt after dma buffer initialization (bsc#1051510).
• spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
• spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510).
• spi: sh-msiof: fix deferred probing (bsc#1051510).
• squashfs: be more careful about metadata corruption (bsc#1051510).
• Squashfs: Compute expected length from inode size rather than block length (bsc#1051510).
• squashfs metadata 2: electric boogaloo (bsc#1051510).
• squashfs: more metadata hardening (bsc#1051510).
• squashfs: more metadata hardening (bsc#1051510).
• staging: comedi: nimiocommon: protect register write overflow (bsc#1051510).
• stm: Potential read overflow in stmcharpolicysetioctl() (bsc#1051510).
• supported.conf: mark raspberrypi-hwmon as supported
• switchtec: Fix Spectre v1 vulnerability (bsc#1051510).
• sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes).
• target: log Data-Out timeouts as errors (bsc#1095805).
• target: log NOP ping timeouts as errors (bsc#1095805).
• target: split out helper for cxn timeout error stashing (bsc#1095805).
• target: stash sesserrstats on Data-Out timeout (bsc#1095805).
• target: use ISCSIIQNLEN in iscsitargetstat (bsc#1095805).
• team: Forbid enslaving team device to itself (bsc#1051510).
• tools build: fix # escaping in .cmd files for future Make (git-fixes).
• tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#112128).
• tools/testing/nvdimm: allow custom error code injection (bsc#112128).
• tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#112128).
• tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#112128).
• tools/testing/nvdimm: fix missing newline in nfittestdimm 'handle' attribute (bsc#112128).
• tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#112128).
• tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#112128).
• tools/testing/nvdimm: improve emulation of smart injection (bsc#112128).
• tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#112128).
• tools/testing/nvdimm: Make DSM failure code injection an override (bsc#112128).
• tools/testing/nvdimm: smart alarm/threshold control (bsc#112128).
• tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#112128).
• tools/testing/nvdimm: support nfittestdimm attributes under nfit_test.1 (bsc#112128).
• tools/testing/nvdimm: unit test clear-error commands (bsc#112128).
• tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510).
• tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510).
• tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219).
• tty: Do not block on IO when ldisc change is pending (bnc#1105428).
• tty: fix data race between ttyinitdev and flush of buf (bnc#1105428).
• tty: Hold ttyldisclock() during tty_reopen() (bnc#1105428).
• tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
• tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
• tty/ldsem: Decrement waitreaders on timeouted downread() (bnc#1105428).
• tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).
• tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
• Update patches.arch/KVM-PPC-Book3S-HV-Snapshot-timebase-offset-on-guest-.patch (bsc#1061840, bsc#1086196).
• Update patches.arch/powerpc-powernv-ioda2-Reduce-upper-limit-for-DMA-win.patch (bsc#1061840, bsc#1055120).
• Update patches.fixes/0002-nfs41-do-not-return-ENOMEM-on-LAYOUTUNAVAILABLE.patch (git-fixes, bsc#1103925).
• Update patches.fixes/libnvdimm-dimm-maximize-label-transfer-size.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/libnvdimm-label-change-nvdimmnumlabel_slots-per-uefi-2-7.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/libnvdimm-label-fix-sparse-warning.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/nvdimm-clarify-comment-in-sizeofnamespaceindex.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/nvdimm-remove-empty-if-statement.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/nvdimm-sanity-check-labeloff.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/nvdimm-split-label-init-out-from-the-logic-for-getting-config-data.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• Update patches.fixes/nvdimm-use-namespace-index-data-to-reduce-number-of-label-reads-needed.patch (bsc#1111921, bsc#1113408, bsc#1113972).
• usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).
• usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510).
• usb: gadget: fsludccore: check allocation return value and cleanup on failure (bsc#1051510).
• usb: gadget: fsludccore: fixup structudcsetup documentation (bsc#1051510).
• usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).
• USB: remove LPM management from usbdriverclaim_interface() (bsc#1051510).
• USB: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).
• USB: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510).
• usb: xhci-mtk: resume USB3 roothub first (bsc#1051510).
• USB: yurex: Check for truncation in yurex_read() (bsc#1051510).
• userfaultfd: hugetlbfs: fix userfaultfdhugemust_wait() pte access (bsc#1109739).
• use the new async probing feature for the hyperv drivers (bsc#1109772).
• Use upstream version of pci-hyperv patch (35a88a1)
• VFS: close race between getcwd() and d_move() (git-fixes).
• vfs: fix freeze protection in mntwantwrite_file() for overlayfs (git-fixes).
• vmbus: do not return values for uninitalized channels (bsc#1051510).
• vti4: Do not count header length twice on tunnel setup (bsc#1051510).
• vti6: fix PMTU caching and reporting on xmit (bsc#1051510).
• vti6: remove !skb->ignoredf check from vti6xmit() (bsc#1051510).
• Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).
• x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006).
• x86/boot/KASLR: Work around firmware bugs by excluding EFIBOOTSERVICES* and EFILOADER_* from KASLR's choice (bnc#1112878).
• x86/boot: Move EISA setup to a separate file (bsc#1110006).
• x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006).
• x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006).
• x86/eisa: Add missing include (bsc#1110006).
• x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006).
• x86/fpu: Remove second definition of fpu in fpurestore_sig() (bsc#1110006).
• x86/irq: implement irqdatageteffectiveaffinity_mask() for v4.12 (bsc#1109772).
• x86/kasan: Panic if there is not enough memory to boot (bsc#1110006).
• x86/kexec: Correct KEXECBACKUPSRC_END off-by-one error (bsc#1114279).
• x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006).
• x86, nfittest: Add unit test for memcpymcsafe() (bsc#112128).
• x86/paravirt: Fix some warning messages (bnc#1065600).
• x86/percpu: Fix thiscpuread() (bsc#1110006).
• x86/speculation/l1tf: Fix overflow in l1tfpfnlimit() on 32bit (bsc#1105536).
• x86/time: Correct the attribute on jiffies' definition (bsc#1110006).
• xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600).
• xen: Remove unnecessary BUGON from _unbindfromirq() (bnc#1065600).
• xen-swiotlb: fix the check condition for xenswiotlbfree_coherent (bnc#1065600).
• xfrm: use complete IPv6 addresses for hash (bsc#1109330).
• xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025).
• xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025).
• xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510).
• xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510).