SUSE-SU-2019:1527-1

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586)

• CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

• CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.

• CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)

• CVE-2019-12382: An issue was discovered in drmloadedidfirmware in drivers/gpu/drm/drmedid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586)

• CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843).

• CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)

• CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, devgetvalidname is not called before registernetdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603)

• CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because installexeccreds() is called too late in loadelfbinary() in fs/binfmtelf.c, and thus the ptracemay_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543)

• CVE-2019-11815: An issue was discovered in rdstcpkill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)

• CVE-2019-11884: The dohidpsock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848)

• CVE-2018-17972: An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785)

• CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bnc#1133188)

The following new features were implemented:

• Updated the Chelsio cxgb4vf driver with the latest upstream patches. (fate#321660)

• Backported changes into e1000e kernel module to support systems using the Intel I219-LM NIC chip. (fate#326719)

• Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747)

• Update the QLogic/Cavium qed driver (NET). (fate#321703)

• Update the QLogic/Cavium qede driver (NET). (fate#321702)

• Update the Chelsio iw_cxgb4 driver with the latest upstream patches. (fate#321661)

• Update the Chelsio cxgb4 driver with the latest upstream patches. (fate#321658)

• Update support for Intel Omni Path (OPA) kernel driver. (fate#321473)

• Update the QIB driver to the latest upstream version for up-to-date functionality and hardware support. (fate#321231)

The following non-security bugs were fixed:

• 9p locks: add mount option for lock retry interval (bnc#1012382).
• 9p: do not trust pdu content for stat item size (bnc#1012382).
• ACPI / SBS: Fix GPE storm on recent MacBookPro's (bnc#1012382).
• ALSA: PCM: check if ops are defined before suspending PCM (bnc#1012382).
• ALSA: core: Fix card races between register and disconnect (bnc#1012382).
• ALSA: echoaudio: add a check for ioremap_nocache (bnc#1012382).
• ALSA: info: Fix racy addition/deletion of nodes (bnc#1012382).
• ALSA: line6: use dynamic buffers (bnc#1012382).
• ALSA: opl3: fix mismatch between sndopl3drum_switch definition and declaration (bnc#1012382).
• ALSA: sb8: add a check for request_region (bnc#1012382).
• ALSA: seq: Fix OOB-reads from strlcpy (bnc#1012382).
• ARM: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382).
• ARM: 8839/1: kprobe: make patchlock a rawspinlock_t (bnc#1012382).
• ARM: 8840/1: use a rawspinlockt in unwind (bnc#1012382).
• ARM: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382).
• ARM: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382).
• ARM: dts: pfla02: increase phy reset duration (bnc#1012382).
• ARM: iop: do not use using 64-bit DMA masks (bnc#1012382).
• ARM: orion: do not use using 64-bit DMA masks (bnc#1012382).
• ARM: samsung: Limit SAMSUNGPMCHECK config option to non-Exynos platforms (bnc#1012382).
• ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382).
• ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382).
• ASoC: fsl-asoc-card: fix object reference leaks in fslasoccard_probe (bnc#1012382).
• ASoC: fsl_esai: fix channel swap issue when stream starts (bnc#1012382).
• ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382).
• ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382).
• Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382).
• Bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382).
• CIFS: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
• Correct bsc/FATE numbers.
• Do not jump to computeresult state from checkresult state (bnc#1012382).
• Documentation: Add MDS vulnerability documentation (bnc#1012382).
• Documentation: Add nospectre_v1 parameter (bnc#1012382).
• Documentation: Correct the possible MDS sysfs values (bnc#1012382).
• Documentation: Move L1TF to separate directory (bnc#1012382).
• HID: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382).
• HID: input: add mapping for Expose/Overview key (bnc#1012382).
• HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382).
• IB/hfi1: Eliminate opcode tests on mr deref ().
• IB/hfi1: Unreserve a reserved request when it is completed ().
• IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382).
• IB/mlx4: Increase the timeout for CM cache (bnc#1012382).
• IB/rdmavt: Add wcflags and wcimmdata to cq entry trace ().
• IB/rdmavt: Fix frwr memory registration ().
• Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382).
• KVM: fail KVMSETVCPU_EVENTS with invalid exception number (bnc#1012382).
• KVM: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382).
• KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382).
• MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382).
• NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes).
• NFS: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes).
• NFS: Fix I/O request leakages (git-fixes).
• NFS: Forbid setting AFINET6 to 'struct sockaddrin'->sin_family (bnc#1012382).
• PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382).
• PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142).
• PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642).
• PCI: xilinx-nwl: Add missing ofnodeput() (bsc#1100132).
• RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781).
• RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604).
• Revert 'block/loop: Use global lock for ioctl() operation.' (bnc#1012382).
• Revert 'block: unexport DISKEVENTMEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946).
• Revert 'cpu/speculation: Add 'mitigations=' cmdline option' (stable backports).
• Revert 'ide: unexport DISKEVENTMEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946).
• Revert 'kbuild: use -Oz instead of -Os when using clang' (bnc#1012382).
• Revert 'locking/lockdep: Add debuglocks check in _lock_downgrade()' (bnc#1012382).
• Revert 'netns: provide pure entropy for nethashmix()' (kabi).
• Revert 'sched: Add schedsmtactive()' (stable backports).
• Revert 'x86/MCE: Save microcode revision in machine check records' (kabi).
• Revert 'x86/kprobes: Verify stack frame on kretprobe' (kabi).
• Revert 'x86/speculation/mds: Add 'mitigations=' support for MDS' (stable backports).
• Revert 'x86/speculation: Support 'mitigations=' cmdline option' (stable backports).
• SoC: imx-sgtl5000: add missing put_device() (bnc#1012382).
• UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770).
• UAS: fix alignment of scatter/gather segments (bsc#1129770).
• USB: Add new USB LPM helpers (bsc#1129770).
• USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770).
• USB: cdc-acm: fix unthrottle races (bsc#1135642).
• USB: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382).
• USB: core: Fix unterminated string returned by usb_string() (bnc#1012382).
• USB: serial: fix unthrottle races (bnc#1012382).
• USB: serial: use variable for status (bnc#1012382).
• USB: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382).
• USB: yurex: Fix protection fault after device removal (bnc#1012382).
• X.509: unpack RSA signatureValue field from BIT STRING (git-fixes).
• appletalk: Fix compile regression (bnc#1012382).
• appletalk: Fix use-after-free in atalkprocexit (bnc#1012382).
• arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040).
• arm64/kernel: rename moduleemitadrpveneer->moduleemitveneerfor_adrp (bsc#1126040).
• arm64: Add helper to decode register from instruction (bsc#1126040).
• arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382).
• arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382).
• arm64: futex: Fix FUTEXWAKEOP atomic ops with non-zero result value (bnc#1012382).
• arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382).
• arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040).
• arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040).
• arm64: module: split core and init PLT sections (bsc#1126040).
• backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929)
• bcache: Move couple of functions to sysfs.c (bsc#1130972).
• bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
• bcache: Populate writebackrateminimum attribute (bsc#1130972).
• bcache: account size of buckets used in uuid write to ca->metasectorswritten (bsc#1130972).
• bcache: add MODULE_DESCRIPTION information (bsc#1130972).
• bcache: add a comment in super.c (bsc#1130972).
• bcache: add code comments for bset.c (bsc#1130972).
• bcache: add comment for cacheset->filliter (bsc#1130972).
• bcache: add identifier names to arguments of function definitions (bsc#1130972).
• bcache: add missing SPDX header (bsc#1130972).
• bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
• bcache: add static const prefix to char * array declarations (bsc#1130972).
• bcache: add sysfsstrtoulbool() for setting bit-field variables (bsc#1130972).
• bcache: add the missing comments for smpmb()/smpwmb() (bsc#1130972).
• bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
• bcache: comment on direct access to bvec table (bsc#1130972).
• bcache: correct dirty data statistics (bsc#1130972).
• bcache: do not assign in if condition in bcachedeviceinit() (bsc#1130972).
• bcache: do not assign in if condition in bcache_init() (bsc#1130972).
• bcache: do not assign in if condition register_bcache() (bsc#1130972).
• bcache: do not check NULL pointer before calling kmemcachedestroy (bsc#1130972).
• bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
• bcache: do not clone bio in bchdataverify (bsc#1130972).
• bcache: do not mark writeback_running too early (bsc#1130972).
• bcache: export backingdevname via sysfs (bsc#1130972).
• bcache: export backingdevuuid via sysfs (bsc#1130972).
• bcache: fix code comments style (bsc#1130972).
• bcache: fix indent by replacing blank by tabs (bsc#1130972).
• bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
• bcache: fix input integer overflow of congested threshold (bsc#1130972).
• bcache: fix input overflow to cache set sysfs file ioerrorhalflife (bnc#1012382).
• bcache: fix input overflow to journaldelayms (bsc#1130972).
• bcache: fix input overflow to sequential_cutoff (bnc#1012382).
• bcache: fix input overflow to writeback_delay (bsc#1130972).
• bcache: fix input overflow to writebackrateminimum (bsc#1130972).
• bcache: fix ioctl in flash device (bsc#1130972).
• bcache: fix mistaken code comments in bcache.h (bsc#1130972).
• bcache: fix mistaken comments in request.c (bsc#1130972).
• bcache: fix potential div-zero error of writebackrateiterminverse (bsc#1130972).
• bcache: fix potential div-zero error of writebackratepterminverse (bsc#1130972).
• bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
• bcache: fix typo in code comments of closurereturnwith_destructor() (bsc#1130972).
• bcache: improve sysfsstrtoulclamp() (bnc#1012382).
• bcache: introduce forcewakeup_gc() (bsc#1130972).
• bcache: make cutoffwriteback and cutoffwriteback_sync tunable (bsc#1130972).
• bcache: move open brace at end of function definitions to next line (bsc#1130972).
• bcache: never writeback a discard operation (bsc#1130972).
• bcache: not use hard coded memset size in bchcacheaccounting_clear() (bsc#1130972).
• bcache: option to automatically run gc thread after writeback (bsc#1130972).
• bcache: panic fix for making cache device (bsc#1130972).
• bcache: prefer 'help' in Kconfig (bsc#1130972).
• bcache: print number of keys in tracebcachejournal_write (bsc#1130972).
• bcache: recal cacheddevsectors on detach (bsc#1130972).
• bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
• bcache: remove unused bchpassthroughcache (bsc#1130972).
• bcache: remove useless parameter of bchdebuginit() (bsc#1130972).
• bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
• bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
• bcache: replace hard coded number with BUCKETGCGEN_MAX (bsc#1130972).
• bcache: replace printk() by pr_*() routines (bsc#1130972).
• bcache: set writeback_percent in a flexible range (bsc#1130972).
• bcache: split combined if-condition code into separate ones (bsc#1130972).
• bcache: stop using the deprecated get_seconds() (bsc#1130972).
• bcache: style fix to add a blank line after declarations (bsc#1130972).
• bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
• bcache: style fixes for lines over 80 characters (bsc#1130972).
• bcache: trace missed reading by cache_missed (bsc#1130972).
• bcache: treat stale && dirty keys as bad keys (bsc#1130972).
• bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
• bcache: update comment for bchdatainsert (bsc#1130972).
• bcache: use (REQMETA|REQPRIO) to indicate bio for metadata (bsc#1130972).
• bcache: use MAXCACHESPERSET instead of magic number 8 in _bchbucketalloc_set (bsc#1130972).
• bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
• bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
• bcache: use sysfsstrtoulbool() to set bit-field variables (bsc#1130972).
• bcache: writeback: properly order backing device IO (bsc#1130972).
• binfmt_elf: switch to new creds when switching to new mm (bnc#1012382).
• bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382).
• block: check_events: do not bother with events if unsupported (bsc#1110946).
• block: disk_events: introduce event flags (bsc#1110946).
• block: do not leak memory in biocopyuser_iov() (bnc#1012382).
• block: fix use-after-free on gendisk (bsc#1136448).
• bnxt_en: Improve multicast address setup logic (bnc#1012382).
• bonding: fix arp_validate toggling in active-backup mode (bnc#1012382).
• bonding: fix event handling for stacked bonds (bnc#1012382).
• bonding: show full hw address in sysfs for slave entries (bnc#1012382).
• bpf: reject wrong sized filters earlier (bnc#1012382).
• bridge: Fix error path for kobjectinitand_add() (bnc#1012382).
• btrfs: Do not panic when we can't find a root key (bsc#1112063).
• btrfs: Factor out common delayed refs init code (bsc#1134813).
• btrfs: Introduce initdelayedref_head (bsc#1134813).
• btrfs: Open-code adddelayeddata_ref (bsc#1134813).
• btrfs: Open-code adddelayedtree_ref (bsc#1134813).
• btrfs: Use initdelayedrefcommon in adddelayeddataref (bsc#1134813).
• btrfs: Use initdelayedrefcommon in adddelayedtreeref (bsc#1134813).
• btrfs: Use initdelayedrefhead in adddelayedrefhead (bsc#1134813).
• btrfs: add a helper to return a head ref (bsc#1134813).
• btrfs: breakout empty head cleanup to a helper (bsc#1134813).
• btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: delayed-ref: Use btrfsref to refactor btrfsadddelayeddata_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: delayed-ref: Use btrfsref to refactor btrfsadddelayedtree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: extent-tree: Open-code processfunc in _btrfsmodref (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: extent-tree: Use btrfsref to refactor addpinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: extent-tree: Use btrfsref to refactor btrfsfree_extent() (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: extent-tree: Use btrfsref to refactor btrfsincextentref() (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: move all ref head cleanup to the helper function (bsc#1134813).
• btrfs: move extent_op cleanup to a helper (bsc#1134813).
• btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
• btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).
• btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).
• btrfs: qgroup: Move reserved data accounting from btrfsdelayedrefhead to btrfsqgroupextentrecord (bsc#1134162).
• btrfs: qgroup: Remove duplicated trace points for qgrouprsvadd/release (bsc#1134160).
• btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338).
• btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651).
• btrfs: remove delayedrefnode from ref_head (bsc#1134813).
• btrfs: split delayed ref head initialization and addition (bsc#1134813).
• btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
• cdc-acm: cleaning up debug in data submission path (bsc#1136539).
• cdc-acm: fix race between reset and control messaging (bsc#1106110).
• cdc-acm: handle read pipe errors (bsc#1135878).
• cdc-acm: reassemble fragmented notifications (bsc#1136590).
• cdc-acm: store in and out pipes in acm structure (bsc#1136575).
• cdrom: Fix race condition in cdromsysctlregister (bnc#1012382).
• ceph: ensure dname stability in cephdentry_hash() (bsc#1134564).
• ceph: fix ci->iheadsnapc leak (bsc#1122776).
• ceph: fix use-after-free on symlink traversal (bsc#1134565).
• ceph: only use d_name directly when parent is locked (bsc#1134566).
• cifs: Fix NULL pointer dereference of devname (bnc#1012382).
• cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382).
• cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382).
• cifs: use correct format characters (bnc#1012382).
• clk: fix mux clock documentation (bsc#1090888).
• coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382).
• cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178).
• cpupower: remove stringop-truncation waring (bsc#1119086).
• crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382).
• crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382).
• crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382).
• crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162).
• crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162).
• crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).
• crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).
• crypto: vmx: Only call enablekernelvsx() (bsc#1135661, bsc#1137162).
• crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382).
• debugfs: fix use-after-free on symlink traversal (bnc#1012382).
• device_cgroup: fix RCU imbalance in error case (bnc#1012382).
• dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382).
• dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382).
• dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382).
• drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382).
• drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382).
• drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929)
• drm/dp/mst: Configure nostopbit correctly for remote i2c xfers (bnc#1012382).
• drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929)
• drm/i915: Fix I915EXECRING_MASK (bnc#1106929)
• drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929)
• drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)
• drm/vc4: ->xscaling[1] should never be set to VC4SCALING_NONE (bsc#1106929)
• drm/vc4: Account for interrupts in flight (bsc#1106929)
• drm/vc4: Allocate the right amount of space for boot-time CRTC state. (bsc#1106929)
• drm/vc4: Fix NULL pointer dereference in vc4savehang_state() (bsc#1106929)
• drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. (bsc#1106929)
• drm/vc4: Fix a couple error codes in vc4cllookup_bos() (bsc#1106929)
• drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929)
• drm/vc4: Fix memory leak during gpu reset. (bsc#1106929)
• drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929)
• drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929)
• drm/vc4: Fix overflow mem unreferencing when the binner runs dry. (bsc#1106929)
• drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929)
• drm/vc4: Fix scaling of uni-planar formats (bsc#1106929)
• drm/vc4: Fix the 'no scaling' case on multi-planar YUV formats (bsc#1106929)
• drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929)
• drm/vc4: Free hang state before destroying BO cache. (bsc#1106929)
• drm/vc4: Move IRQ enable to PM path (bsc#1106929)
• drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar (bsc#1106929)
• drm/vc4: Set ->isyuv to false when numplanes == 1 (bsc#1106929)
• drm/vc4: Use drmfreelarge() on handles to match its allocation. (bsc#1106929)
• drm/vc4: fix a bounds check (bsc#1106929)
• drm/vmwgfx: NULL pointer dereference from vmwcmddxviewdefine() (bsc#1106929)
• drm/vmwgfx: integer underflow in vmwcmddxsetshader() leading to (bsc#1106929)
• dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535).
• e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ).
• e1000e: Add Support for CannonLake (bsc#1108293).
• e1000e: Fix -Wformat-truncation warnings (bnc#1012382).
• e1000e: Initial Support for CannonLake (bsc#1108293 ).
• enic: fix build warning without CONFIGCPUMASKOFFSTACK (bnc#1012382).
• exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458).
• ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810).
• ext4: actually request zeroing of inode table after grow (bsc#1136451).
• ext4: add missing brelse() in addnewgdbmetabg() (bnc#1012382).
• ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356).
• ext4: cleanup bh release code in ext4indremove_space() (bnc#1012382).
• ext4: fix ext4showoptions for file systems w/o journal (bsc#1136452).
• ext4: fix use-after-free race with debugwantextra_isize (bsc#1136449).
• ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623).
• ext4: prohibit fstrim in norecovery mode (bnc#1012382).
• ext4: report real fs size after failed resize (bnc#1012382).
• ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438).
• f2fs: do not use mutex lock in atomic context (bnc#1012382).
• f2fs: fix to do sanity check with current segment number (bnc#1012382).
• fbdev: fbmem: fix memory access if logo is bigger than the screen (bnc#1012382).
• fix incorrect error code mapping for OBJECTIDNOTFOUND (bnc#1012382).
• fs/file.c: initialize initfiles.resizewait (bnc#1012382).
• fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382).
• fs: fix guardbioeod to check for real EOD errors (bnc#1012382).
• ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658).
• genirq: Prevent use-after-free and work list corruption (bnc#1012382).
• genirq: Respect IRQCHIPSKIPSETWAKE in irqchipsetwake_parent() (bnc#1012382).
• gpio: gpio-omap: fix level interrupt idling (bnc#1012382).
• gpu: ipu-v3: dp: fix CSC handling (bnc#1012382).
• h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- (bnc#1012382).
• hugetlbfs: fix memory leak for resv_map (bnc#1012382).
• hwrng: virtio - Avoid repeated init of completion (bnc#1012382).
• i2c: core-smbus: prevent stack corruption on read I2CBLOCKDATA (bnc#1012382).
• ibmvnic: Add device identification to requested IRQs (bsc#1137739).
• ibmvnic: Do not close unopened driver during reset (bsc#1137752).
• ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752).
• ibmvnic: Refresh device multicast list after reset (bsc#1137752).
• ibmvnic: remove set but not used variable 'netdev' (bsc#1137739).
• igb: Fix WARN_ONCE on runtime suspend (bnc#1012382).
• iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382).
• iio: adsigmadelta: select channel when reading register (bnc#1012382).
• iio: adc: at91: disable adc channel interrupt in timeout case (bnc#1012382).
• iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382).
• include/linux/bitrev.h: fix constant bitrev (bnc#1012382).
• include/linux/swap.h: use offsetof() instead of custom __swapoffset macro (bnc#1012382).
• init: initialize jump labels before command line option parsing (bnc#1012382).
• io: accel: kxcjk1013: restore the range after resume (bnc#1012382).
• iommu/vt-d: Do not request page request irq under dmargloballock (bsc#1135013).
• iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135014).
• iommu/vt-d: Set inteliommugfx_mapped correctly (bsc#1135015).
• ip6tunnel: Match to ARPHRDTUNNEL6 for dev type (bnc#1012382).
• ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120).
• ipv4: Fix raw socket lookup for local traffic (bnc#1012382).
• ipv4: add sanity checks in ipv4linkfailure() (git-fixes).
• ipv4: ensure rcureadlock() in ipv4linkfailure() (bnc#1012382).
• ipv4: ipdofragment: Preserve skb_iif during fragmentation (bnc#1012382).
• ipv4: recompile ip options in ipv4linkfailure (bnc#1012382).
• ipv4: set the tcpminrtt_wlen range from 0 to one day (bnc#1012382).
• ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382).
• ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382).
• ipv6: fix a potential deadlock in doipv6setsockopt() (bnc#1012382).
• ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382).
• ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382).
• ipvs: do not schedule icmp errors from tunnels (bnc#1012382).
• jffs2: fix use-after-free on symlink traversal (bnc#1012382).
• kABI: protect ringbufferread_prepare (kabi).
• kABI: protect struct tlb_state (kabi).
• kABI: protect struct usb_interface (kabi).
• kABI: restore _ptracemayaccess (kabi).
• kABI: restore icmp_send (kabi).
• kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040)
• kabi: drop LINUXMIBTCPWQUEUETOOBIG snmp counter (bsc#1137586).
• kabi: move sysctltcpminsndmss to preserve struct net layout (bsc#1137586).
• kbuild: clang: choose GCCTOOLCHAINDIR not on LD (bnc#1012382).
• kbuild: simplify ld-option implementation (bnc#1012382).
• kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382).
• kconfig: display recursive dependency resolution hint just once (bsc#1100132).
• kernel/sysctl.c: fix out-of-bounds access when setting file-max (bnc#1012382).
• keys: Timestamp new keys (bsc#1120902).
• kprobes: Fix error check when reusing optimized probes (bnc#1012382).
• kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382).
• kprobes: Prohibit probing on bsearch() (bnc#1012382).
• leds: lp55xx: fix null deref on firmware load failure (bnc#1012382).
• lib/div64.c: off by one in shift (bnc#1012382).
• lib/int_sqrt: optimize initial value compute (bnc#1012382).
• lib/string.c: implement a basic bcmp (bnc#1012382).
• lib: add crc64 calculation routines (bsc#1130972).
• lib: do not depend on linux headers being installed (bsc#1130972).
• libata: fix using DMA buffers on stack (bnc#1012382).
• libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382).
• lpfc: validate command in lpfcsli4scmdtowqidx_distr() (bsc#1129138).
• mac80211: do not call driver waketxqueue op during reconfig (bnc#1012382).
• mac80211_hwsim: validate number of different channels (bsc#1085539).
• md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212).
• media: mt9m111: set initial frame size other than 0x0 (bnc#1012382).
• media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bnc#1012382).
• media: pvrusb2: Prevent a buffer overflow (bsc#1135642).
• media: s5p-g2d: Correct return type for mem2mem buffer helpers (bnc#1012382).
• media: s5p-jpeg: Check for fmtverflag when doing fmt enumeration (bnc#1012382).
• media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bnc#1012382).
• media: sh_veu: Correct return type for mem2mem buffer helpers (bnc#1012382).
• media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382).
• media: vb2: do not call _vb2queuecancel if vb2start_streaming failed (bsc#1120902).
• mm/cma.c: cmadeclarecontiguous: correct err handling (bnc#1012382).
• mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382).
• mm/slab.c: kmemleak no scan alien caches (bnc#1012382).
• mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382).
• mm/vmstat.c: fix /proc/vmstat format for CONFIGDEBUGTLBFLUSH=y CONFIG_SMP=n (bnc#1012382).
• mm: mempolicy: make mbind() return -EIO when MPOLMFSTRICT is specified (bnc#1012382).
• mmc: davinci: remove extraneous __init annotation (bnc#1012382).
• mmc: omap: fix the maximum timeout setting (bnc#1012382).
• modpost: file2alias: check prototype of handler (bnc#1012382).
• modpost: file2alias: go back to simple devtable lookup (bnc#1012382).
• mount: copy the port field into the cloned nfs_server structure (bsc#1136990).
• mt7601u: bump supported EEPROM version (bnc#1012382).
• mtd: Fix comparison in mapwordandequal() (git-fixes).
• mwifiex: Fix heap overflow in mwifiexuapparsetailies() (bsc#1136935).
• net/ibmvnic: Remove tests of member address (bsc#1137739).
• net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760).
• net/ibmvnic: Update carrier state after link state change (bsc#1135100).
• net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382).
• net: bridge: multicast: use rcu to access port list from brmulticaststart_querier (bnc#1012382).
• net: ena: fix return value of enacomconfigllqinfo() (bsc#1117562).
• net: ethernet: ti: fix possible object reference leak (bnc#1012382).
• net: ethtool: not call vzalloc for zero sized memory request (bnc#1012382).
• net: fou: do not use guehdr after iptunnelpulloffloads in gueudprecv (bnc#1012382).
• net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382).
• net: hns: Use NAPIPOLLWEIGHT for hns driver (bnc#1012382).
• net: ibm: fix possible object reference leak (bnc#1012382).
• net: ks8851: Delay requesting IRQ until opened (bnc#1012382).
• net: ks8851: Dequeue RX packets explicitly (bnc#1012382).
• net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382).
• net: ks8851: Set initial carrier state to down (bnc#1012382).
• net: rds: force to destroy connection if tsock is NULL in rdstcpkillsock() (bnc#1012382).
• net: stmmac: move stmmaccheckether_addr() to driver probe (bnc#1012382).
• net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382).
• net: xilinx: fix possible object reference leak (bnc#1012382).
• netfilter: bridge: set skb transportheader before entering NFINETPREROUTING (bnc#1012382).
• netfilter: compat: initialize all fields in xt_init (bnc#1012382).
• netfilter: ebtables: CONFIGCOMPAT: drop a bogus WARNON (bnc#1012382).
• netfilter: physdev: relax br_netfilter dependency (bnc#1012382).
• netns: provide pure entropy for nethashmix() (bnc#1012382).
• nfs: clean up rest of reqs when failing to add one (git-fixes).
• nfsd: Do not release the callback slot unless it was actually held (bnc#1012382).
• ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
• nvme-fc: resolve io failures during connect (bsc#1116803).
• nvme: Do not allow to reset a reconnecting controller (bsc#1133874).
• ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382).
• openvswitch: fix flow actions reallocation (bnc#1012382).
• pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes).
• packet: Fix error path in packet_init (bnc#1012382).
• packet: validate msg_namelen in send directly (bnc#1012382).
• perf evsel: Free evsel->counts in perfevsel_exit() (bnc#1012382).
• perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382).
• perf tests: Fix a memory leak in testperfevseltpsched_test() (bnc#1012382).
• perf tests: Fix a memory leak of cpumap object in the openatsyscalleventonallcpus test (bnc#1012382).
• perf top: Fix error handling in cmd_top() (bnc#1012382).
• perf/core: Restore mmap record type correctly (bnc#1012382).
• perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes).
• perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382).
• platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382).
• powerpc/64: Add CONFIGPPCBARRIER_NOSPEC (bnc#1012382).
• powerpc/64: Call setupbarriernospec() from setup_arch() (bnc#1012382 bsc#1131107).
• powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382).
• powerpc/64s: Include cpu header (bnc#1012382).
• powerpc/booke64: set RI in default MSR (bnc#1012382).
• powerpc/eeh: Fix race with driver un/bind (bsc#1066223).
• powerpc/fsl: Add FSLPPCBOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382).
• powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382).
• powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382).
• powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382).
• powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382).
• powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382).
• powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382).
• powerpc/fsl: Fix the flush of branch predictor (bnc#1012382).
• powerpc/fsl: Fixed warning: orphan section `_btbflush_fixup' (bnc#1012382).
• powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382).
• powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382).
• powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382).
• powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382).
• powerpc/fsl: Update Spectre v2 reporting (bnc#1012382).
• powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382).
• powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043).
• powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043).
• powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043).
• powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043).
• powerpc/process: Fix sparse address space warnings (bsc#1066223).
• powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382).
• qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696).
• qlcnic: Avoid potential NULL pointer dereference (bnc#1012382).
• qmi_wwan: add Olicard 600 (bnc#1012382).
• regulator: act8865: Fix act8600sudcdcvoltage_ranges setting (bnc#1012382).
• rsi: improve kernel thread handling to fix kernel panic (bnc#1012382).
• rtc: da9063: set uie_unsupported when relevant (bnc#1012382).
• rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382).
• s390/3270: fix lockdep false positive on view->lock (bnc#1012382).
• s390/dasd: Fix capacity calculation for large volumes (bnc#1012382).
• s390: ctcm: fix ctcmnewdevice error return code (bnc#1012382).
• sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382).
• sc16is7xx: move label 'err_spi' to correct section (git-fixes).
• sched/fair: Do not re-read ->hloadnext during hierarchical load calculation (bnc#1012382).
• sched/fair: Limit schedcfsperiod_timer() loop to avoid hard lockup (bnc#1012382).
• sched/numa: Fix a possible divide-by-zero (bnc#1012382).
• sched: Add schedsmtactive() (bnc#1012382).
• scsi: core: replace GFPATOMIC with GFPKERNEL in scsi_scan.c (bnc#1012382).
• scsi: csiostor: fix missing data copy in csioscsierr_handler() (bnc#1012382).
• scsi: libsas: fix a race condition when smp task timeout (bnc#1012382).
• scsi: megaraid_sas: return error when create DMA pool failed (bnc#1012382).
• scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382).
• scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382).
• scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382).
• scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382).
• sctp: initialize pad of sockaddrin before copying to user memory (bnc#1012382).
• selftests/net: correct the return value for run_netsocktests (bnc#1012382).
• selinux: never allow relabeling on context mounts (bnc#1012382).
• serial: uartps: console_setup() can't be placed to init section (bnc#1012382).
• slip: make slhc_free() silently accept an error pointer (bnc#1012382).
• soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382).
• soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382).
• staging: comedi: niusb6501: Fix possible double-free of ->usbrx_buf (bnc#1012382).
• staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bnc#1012382).
• staging: comedi: vmk80xx: Fix possible double-free of ->usbrxbuf (bnc#1012382).
• staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bnc#1012382).
• staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382).
• staging: iio: adt7316: fix the dac read calculation (bnc#1012382).
• staging: iio: adt7316: fix the dac write calculation (bnc#1012382).
• supported.conf: add lib/crc64 because bcache uses it
• sysctl: handle overflow for file-max (bnc#1012382).
• tcp: Ensure DCTCP reacts to losses (bnc#1012382).
• tcp: add tcpminsnd_mss sysctl (bsc#1137586).
• tcp: enforce tcpminsndmss in tcpmtu_probing() (bsc#1137586).
• tcp: limit payload size of sacked skbs (bsc#1137586).
• tcp: tcp_fragment() should apply sane memory limits (bsc#1137586).
• tcp: tcpgrowwindow() needs to respect tcp_space() (bnc#1012382).
• team: fix possible recursive locking when add slaves (bnc#1012382).
• thermal/int340x_thermal: Add additional UUIDs (bnc#1012382).
• thermal/int340x_thermal: fix mode setting (bnc#1012382).
• timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382).
• tipc: check bearer name with right length in tipcnlcompatbearerenable (bnc#1012382).
• tipc: check link name with right length in tipcnlcompatlinkset (bnc#1012382).
• tipc: handle the err returned from cmd header function (bnc#1012382).
• tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382).
• tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).
• tools/power turbostat: return the exit status of a command (bnc#1012382).
• tpm/tpmcrb: Avoid unaligned reads in crbrecv() (bnc#1012382).
• tpm/tpmi2catmel: Return -E2BIG when the transfer is incomplete (bnc#1012382).
• trace: Fix preemptenableno_resched() abuse (bnc#1012382).
• tracing: Fix partial reading of trace event's id file (bsc#1136573).
• tracing: kdb: Fix ftdump to not sleep (bnc#1012382).
• treewide: Use DEVICEATTRWO (bsc#1137739).
• tty/serial: atmel: Add ishalfduplex helper (bnc#1012382).
• tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012382).
• tty: increase the default flip buffer limit to 2*640K (bnc#1012382).
• tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382).
• ufs: fix braino in ufsgetinode_gid() for solaris UFS flavour (bsc#1136455).
• usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).
• usb: chipidea: Grab the (legacy) USB PHY by phandle first (bnc#1012382).
• usb: dwc3: Fix default lpmnyetthreshold value (bnc#1012382).
• usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382).
• usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382).
• usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382).
• usb: u132-hcd: fix resource leak (bnc#1012382).
• usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382).
• usbnet: ipheth: fix potential null pointer dereference in iphethcarrierset (bnc#1012382).
• usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382).
• vfio/pci: use correct format characters (bnc#1012382).
• vlan: disable SIOCSHWTSTAMP in container (bnc#1012382).
• vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382).
• wlcore: Fix memory leak in case wl12xxfetchfirmware failure (bnc#1012382).
• x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382).
• x86/MCE: Save microcode revision in machine check records (bnc#1012382).
• x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382).
• x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382).
• x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382).
• x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382).
• x86/build: Mark per-CPU symbols as absolute explicitly for LLD (bnc#1012382).
• x86/build: Specify elf_i386 linker emulation explicitly for i386 objects (bnc#1012382).
• x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382).
• x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors (bnc#1012382).
• x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382).
• x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382).
• x86/hwbreakpoints: Make default case in hwbreakpointarchparse() return an error (bnc#1012382).
• x86/kprobes: Verify stack frame on kretprobe (bnc#1012382).
• x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382).
• x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382).
• x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382).
• x86/microcode: Make sure bootcpudata.microcode is up-to-date (bnc#1012382).
• x86/microcode: Update the new microcode revision unconditionally (bnc#1012382).
• x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382).
• x86/process: Consolidate and simplify switchtoxtra() code (bnc#1012382).
• x86/speculataion: Mark command line parser data __initdata (bnc#1012382).
• x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382).
• x86/speculation/mds: Fix comment (bnc#1012382).
• x86/speculation/mds: Fix documentation typo (bnc#1012382).
• x86/speculation: Add command line control for indirect branch speculation (bnc#1012382).
• x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382).
• x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382).
• x86/speculation: Avoid _switchto_xtra() calls (bnc#1012382).
• x86/speculation: Clean up spectrev2parse_cmdline() (bnc#1012382).
• x86/speculation: Disable STIBP when enhanced IBRS is in use (bnc#1012382).
• x86/speculation: Enable prctl mode for spectrev2user (bnc#1012382).
• x86/speculation: Mark string arrays const correctly (bnc#1012382).
• x86/speculation: Move STIPB/IBPB string conditionals out of cpushowcommon() (bnc#1012382).
• x86/speculation: Prepare archsmtupdate() for PRCTL mode (bnc#1012382).
• x86/speculation: Prepare for conditional IBPB in switch_mm() (bnc#1012382).
• x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382).
• x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382).
• x86/speculation: Provide IBPB always command line options (bnc#1012382).
• x86/speculation: Remove SPECTREV2IBRS in enum spectrev2mitigation (bnc#1012382).
• x86/speculation: Remove unnecessary ret variable in cpushowcommon() (bnc#1012382).
• x86/speculation: Rename SSBD update functions (bnc#1012382).
• x86/speculation: Reorder the spec_v2 code (bnc#1012382).
• x86/speculation: Reorganize speculation control MSRs update (bnc#1012382).
• x86/speculation: Split out TIF update (bnc#1012382).
• x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178).
• x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382).
• x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382).
• x86/speculation: Update the TIF_SSBD comment (bnc#1012382).
• x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382).
• x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes).
• x86: vdso: Use $LD instead of $CC to link (bnc#1012382).
• x86_64: Add gap to int3 to allow for call emulation (bsc#1099658).
• x86_64: Allow breakpoints to emulate call instructions (bsc#1099658).
• xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382).
• xenbus: drop useless LISTHEAD in xenbuswritewatch() and xenbusfile_write() (bsc#1065600).
• xsysace: Fix error handling in ace_setup (bnc#1012382).
• xtensa: fix return_address (bnc#1012382).