SUSE-SU-2019:1855-1

The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575]

• CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577]

• CVE-2018-20836: A race condition used to exist in smptasktimedout() and smptaskdone() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395]

• CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935]

• CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmgetnotzero or gettaskmm calls. [bnc#1131645].

• CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194]

• CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103]

• CVE-2019-12819: The function _mdiobusregister() used to call putdevice(), which would trigger a fixedmdiobusinit use-after-free error. This would cause a denial of service. [bnc#1138291]

• CVE-2019-12818: The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293]

• CVE-2019-12456: An issue in the MPT3COMMAND case in ctlioctlmain() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of iocnumber between two kernel reads of that value, aka a 'double fetch' vulnerability. [bsc#1136922]

• CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598]

The following non-security bugs were fixed:

• 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
• ACPI / property: fix handling of datanodes in acpigetnextsubnode() (bsc#1051510).
• ACPI: Add Hygon Dhyana support ().
• ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).
• ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510).
• ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).
• ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).
• ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510).
• ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
• ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).
• ALSA: line6: Fix write on zero-sized buffer (bsc#1051510).
• ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
• ALSA: seq: fix incorrect order of destclient/destports arguments (bsc#1051510).
• ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).
• ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
• ASoC: eukrea-tlv320: fix a leaked reference by adding missing ofnodeput (bsc#1051510).
• ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
• ASoC: fslsai: Update isslave_mode with correct value (bsc#1051510).
• ASoC: fslutils: fix a leaked reference by adding missing ofnode_put (bsc#1051510).
• ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510).
• Add kernel-subpackage-build.spec (). - add kernel-subpackage-build.spec.in and support scripts - hook it in mkspec - extend the mechanism that copies dependencies inside kernel-binary.spec.in from kernel-%buildflavor to kernel-%buildflavor-base to also handle kernel-subpackage-build.spec.in using BINARY DEPS marker. - expand %name in kernel-%build_flavor so the dependencies are expanded correctly in kernel-subpackage-build.spec.in
• Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).
• Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).
• Build klp-symbols in kernel devel projects.
• Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751).
• Do not provide kernel-default-srchash from kernel-default-base.
• Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
• Documentation: Correct the possible MDS sysfs values (bsc#1135642).
• Drivers: misc: fix out-of-bounds access in function paramsetkgdbts_var (bsc#1051510).
• EDAC, amd64: Add Hygon Dhyana support ().
• EDAC/mc: Fix edacmcfind() in case no device is found (bsc#1114279).
• HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
• HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429).
• HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510).
• HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510).
• HID: wacom: Add ability to provide explicit battery status info (bsc#1051510).
• HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
• HID: wacom: Add support for Pro Pen slim (bsc#1051510).
• HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510).
• HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510).
• HID: wacom: Do not set tool type until we're in range (bsc#1051510).
• HID: wacom: Mark expected switch fall-through (bsc#1051510).
• HID: wacom: Move HID fix for AES serial number into wacomhidusage_quirk (bsc#1051510).
• HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510).
• HID: wacom: Properly handle AES serial number and tool type (bsc#1051510).
• HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510).
• HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510).
• HID: wacom: Replace touchmax fixup code with static touchmax definitions (bsc#1051510).
• HID: wacom: Send BTNTOUCH in response to INTUOSP2BT eraser contact (bsc#1051510).
• HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510).
• HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510).
• HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510).
• HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510).
• HID: wacom: fix mistake in printk (bsc#1051510).
• HID: wacom: generic: Ignore HIDDGBATTERYSTRENTH == 0 (bsc#1051510).
• HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510).
• HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
• HID: wacom: generic: Report AES battery information (bsc#1051510).
• HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510).
• HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510).
• HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510).
• HID: wacom: generic: Send BTNTOOLPEN in prox once the pen enters range (bsc#1051510).
• HID: wacom: generic: Support multiple tools per report (bsc#1051510).
• HID: wacom: generic: Use generic codepath terminology in wacomwacpen_report (bsc#1051510).
• HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510).
• HID: wacom: wacomwaccollection() is local to wacom_wac.c (bsc#1051510).
• Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).
• Input: uinput - add compat ioctl number translation for UI*FF_UPLOAD (bsc#1051510).
• Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).
• KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840).
• KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840).
• KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840).
• KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840).
• KVM: PPC: Remove redundand permission bits removal (bsc#1061840).
• KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840).
• KVM: PPC: Validate all tces before updating tables (bsc#1061840).
• Kabi fixup blkmqregister_dev() (bsc#1140637).
• Move stuff git_sort chokes on, out of the way
• PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
• PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
• PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).
• PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510).
• RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
• RAS/CEC: Fix binary search function (bsc#1114279).
• SMB3: Fix endian warning (bsc#1137884).
• Staging: vc04_services: Fix a couple error codes (bsc#1051510).
• Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).
• USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510).
• USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).
• USB: Fix slab-out-of-bounds write in usbgetbos_descriptor (bsc#1051510).
• USB: core: Do not unbind interfaces following device reset failure (bsc#1051510).
• USB: rio500: fix memory leak in close after disconnect (bsc#1051510).
• USB: rio500: refuse more than one device at a time (bsc#1051510).
• USB: serial: fix initial-termios handling (bsc#1135642).
• USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).
• USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).
• USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
• USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
• USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510).
• USB: usb-storage: Add new ID to ums-realtek (bsc#1051510).
• added De0-Nanos-SoC board support (and others based on Altera SOC).
• af_key: unconditionally clone on broadcast (bsc#1051510).
• apparmor: enforce nullbyte at end of tag string (bsc#1051510).
• audit: fix a memory leak bug (bsc#1051510).
• ax25: fix inconsistent lock state in ax25destroytimer (bsc#1051510).
• batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510).
• blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
• blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).
• block: Fix a NULL pointer dereference in genericmakerequest() (bsc#1139771).
• brcmfmac: convert devinitlock mutex to completion (bsc#1051510).
• brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510).
• brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510).
• brcmfmac: fix missing checks for kmemdup (bsc#1051510).
• brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510).
• can: afcan: Fix error path of caninit() (bsc#1051510).
• can: flexcan: fix timeout when set small bitrate (bsc#1051510).
• can: purge socket error queue on sock destruct (bsc#1051510).
• ceph: flush dirty inodes before proceeding with remount (bsc#1140405).
• cfg80211: fix memory leak of wiphy device name (bsc#1051510).
• chardev: add additional check for minor range overlap (bsc#1051510).
• clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).
• clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).
• coresight: etb10: Fix handling of perf mode (bsc#1051510).
• coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
• cpu/topology: Export die_id (jsc#SLE-5454).
• cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().
• cpufreq: Add Hygon Dhyana support ().
• crypto: algapi - guard against uninitialized spawn list in cryptoremovespawns (bsc#1133401).
• crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).
• crypto: user - prevent operating on larval algorithms (bsc#1133401).
• device core: Consolidate locking and unlocking of parent and device (bsc#1106383).
• dm, dax: Fix detection of DAX support (bsc#1139782).
• dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
• doc: Cope with the deprecation of AutoReporter (bsc#1051510).
• docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
• drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
• drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510).
• drbd: narrow rcureadlock in drbdsynchandshake (bsc#1051510).
• drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510).
• driver core: Establish order of operations for deviceadd and devicedel via bitflag (bsc#1106383).
• driver core: Probe devices asynchronously instead of the driver (bsc#1106383).
• drivers/base: Introduce kill_device() (bsc#1139865).
• drivers/base: kABI fixes for struct device_private (bsc#1106383).
• drivers/rapidio/devices/riomportcdev.c: fix resource leak in error handling path in 'riodmatransfer()' (bsc#1051510).
• drivers/rapidio/riocm.c: fix potential oops in riocmch_listen() (bsc#1051510).
• drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510).
• drm/amdgpu: fix old fence check in amdgpufenceemit (bsc#1051510).
• drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
• drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510).
• drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510).
• drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
• drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
• drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510).
• drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510).
• drm/radeon: prefer lower reference dividers (bsc#1051510).
• drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510).
• extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510).
• ftrace/x86: Remove possible deadlock between registerkprobe() and ftracerunupdatecode() (bsc#1071995).
• fuse: fallocate: fix return with locked inode (bsc#1051510).
• fuse: fix writepages on 32bit (bsc#1051510).
• fuse: honor RLIMITFSIZE in fusefile_fallocate (bsc#1051510).
• genirq: Prevent use-after-free and work list corruption (bsc#1051510).
• genirq: Respect IRQCHIPSKIPSETWAKE in irqchipsetwake_parent() (bsc#1051510).
• genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
• gpio: Remove obsolete comment about gpiochipfreehogs() usage (bsc#1051510).
• gpio: fix gpio-adp5588 build errors (bsc#1051510).
• hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).
• hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
• hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs ().
• hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510).
• hwmon: (k10temp) 27C Offset needed for Threadripper2 ().
• hwmon: (k10temp) Add Hygon Dhyana support ().
• hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics ().
• hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs ().
• hwmon: (k10temp) Add support for family 17h ().
• hwmon: (k10temp) Add support for temperature offsets ().
• hwmon: (k10temp) Add temperature offset for Ryzen 1900X ().
• hwmon: (k10temp) Add temperature offset for Ryzen 2700X ().
• hwmon: (k10temp) Correct model name for Ryzen 1600X ().
• hwmon: (k10temp) Display both Tctl and Tdie ().
• hwmon: (k10temp) Fix reading critical temperature register ().
• hwmon: (k10temp) Make function getrawtemp static ().
• hwmon: (k10temp) Move chip specific code into probe function ().
• hwmon: (k10temp) Only apply temperature offset if result is positive ().
• hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors ().
• hwmon: (k10temp) Use API function to access System Management Network ().
• hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510).
• hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table ().
• hwrng: omap - Set default quality (bsc#1051510).
• i2c-piix4: Add Hygon Dhyana SMBus support ().
• i2c: acorn: fix i2c warning (bsc#1135642).
• i2c: dev: fix potential memory leak in i2cdevioctlrdwr (bsc#1051510).
• i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331).
• ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).
• iio: adsigmadelta: Properly handle SPI bus locking vs CS assertion (bsc#1051510).
• iio: common: sspsensors: Initialize calculatedtime in sspcommonprocess_data (bsc#1051510).
• iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510).
• iwlwifi: mvm: check for length correctness in iwlmvmcreate_skb() (bsc#1051510).
• iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510).
• kABI workaround for the new pcidev.skipbus_pm field addition (bsc#1051510).
• kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
• kabi: x86/topology: Define topologylogicaldie_id() (jsc#SLE-5454).
• kernel-binary: Use -c grep option in klp project detection.
• kernel-binary: fix missing \
• kernel-binary: rpm does not support multiline condition
• kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it.
• kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).
• kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).
• leds: avoid flush_work in atomic context (bsc#1051510).
• libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).
• libnvdimm, pfn: Fix over-trim in trimpfndevice() (bsc#1140719).
• libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).
• mISDN: make sure device name is NUL terminated (bsc#1051510).
• mac80211/cfg80211: update bss channel on channel switch (bsc#1051510).
• mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).
• mac80211: Fix kernel panic due to use of txq after free (bsc#1051510).
• mac80211: drop robust management frames from unknown TA (bsc#1051510).
• mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).
• media: au0828: Fix NULL pointer dereference in au0828analogstream_enable() (bsc#1051510).
• media: au0828: stop video streaming only when last user stops (bsc#1051510).
• media: coda: clear error return value before picture run (bsc#1051510).
• media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510).
• media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510).
• media: m88ds3103: serialize reset messages in m88ds3103setfrontend (bsc#1051510).
• media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510).
• media: saa7146: avoid high stack usage with clang (bsc#1051510).
• media: smsusb: better handle optional alignment (bsc#1051510).
• media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510).
• media: usb: siano: Fix general protection fault in smsusb (bsc#1051510).
• media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
• mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510).
• mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
• mfd: max77620: Fix swapped FPSPERIODMAX_US values (bsc#1051510).
• mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
• mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
• mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).
• mmc: core: Verify SD bus width (bsc#1051510).
• mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510).
• mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510).
• mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).
• mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510).
• mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510).
• mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510).
• mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510).
• mmcspi: add a status check for spisync_locked (bsc#1051510).
• module: Fix livepatch/ftrace module text permissions race (bsc#1071995).
• net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
• net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
• net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
• nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).
• nfit/ars: Avoid stale ARS results (jsc#SLE-5433).
• nfit/ars: Introduce scrub_flags (jsc#SLE-5433).
• ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
• nvme-rdma: fix double freeing of async event data (bsc#1120423).
• nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).
• nvme: copy MTFA field from identify controller (bsc#1140715).
• nvme: skip nvmeupdatedisk_info() if the controller is not live (bsc#1128432).
• nvmem: Do not let a NULL cellid for nvmemcell_get() crash us (bsc#1051510).
• nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
• nvmem: core: fix read buffer in place (bsc#1051510).
• nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
• nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510).
• nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
• nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
• nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510).
• nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
• nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
• nvmem: imx-ocotp: Update module description (bsc#1051510).
• nvmem: properly handle returned value nvmemregread (bsc#1051510).
• ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).
• parport: Fix mem leak in parportregisterdev_model (bsc#1051510).
• perf tools: Add Hygon Dhyana support ().
• perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
• perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454).
• perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
• perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454).
• perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
• platform/chrome: crosecproto: check for NULL transfer function (bsc#1051510).
• platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510).
• power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
• power: supply: sysfs: prevent endless uevent loop with CONFIGPOWERSUPPLY_DEBUG (bsc#1051510).
• powercap/intelrapl: Simplify raplfind_package() (jsc#SLE-5454).
• powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
• powerpc/cacheinfo: add cacheinfoteardown, cacheinforebuild (bsc#1138374, LTC#178199).
• powerpc/perf: Add PMLDMISSL1 and PMBR_2PATH to power9 event list (bsc#1137728, LTC#178106).
• powerpc/perf: Add POWER9 alternate PMRUNCYC and PMRUNINST_CMPL events (bsc#1137728, LTC#178106).
• powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199).
• powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199).
• powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204).
• powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).
• ppp: mppe: Add softdep to arc4 (bsc#1088047).
• qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
• qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
• qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).
• qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
• qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).
• qmiwwan: extend permitted QMAP muxid value range (bsc#1051510).
• rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).
• rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510).
• rtc: do not reference bogus function pointer in kdoc (bsc#1051510).
• rtlwifi: fix a potential NULL pointer dereference (bsc#1051510).
• s390/dasd: fix using offset into zero size array error (bsc#1051510).
• s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).
• s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).
• s390/qeth: fix race when initializing the IP address table (bsc#1051510).
• s390/setup: fix early warning messages (bsc#1051510).
• s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
• sbitmap: fix improper use of smpmbbeforeatomic() (bsc#1140658).
• scripts/gitsort/gitsort.py: add djbw/nvdimm nvdimm-pending.
• scripts/gitsort/gitsort.py: add nvdimm/libnvdimm-fixes
• scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
• scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
• scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
• scsi: qla2xxx: Fix abort handling in tcmqla2xxxwrite_pending() (bsc#1140727).
• scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).
• scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
• scsi: vmwpscsi: Fix use-after-free in pvscsiqueue_lck() (bsc#1135296).
• scsi: zfcp: fix missing zfcpport reference put on -EBUSY from portremove (bsc#1051510).
• scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).
• scsi: zfcp: fix scsieh host reset with portforced ERP for non-NPIV FCP devices (bsc#1051510).
• scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).
• serial: sh-sci: disable DMA for uart_console (bsc#1051510).
• soc: mediatek: pwrap: Zero initialize rdata in pwrapinitcipher (bsc#1051510).
• soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
• sort patches to proper position
• spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
• spi: Fix zero length xfer bug (bsc#1051510).
• spi: bitbang: Fix NULL pointer dereference in spiunregistermaster (bsc#1051510).
• spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331).
• spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
• spi: spi-fsl-spi: call spifinalizecurrent_message() at the end (bsc#1051510).
• spi: tegra114: reset controller on probe (bsc#1051510).
• staging: comedi: nimiocommon: Fix divide-by-zero for DIO cmdtest (bsc#1051510).
• staging: vc04services: prevent integer overflow in createpagelist() (bsc#1051510).
• staging: wlan-ng: fix adapter initialization failure (bsc#1051510).
• svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
• svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
• sysctl: handle overflow in procgetlong (bsc#1051510).
• tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478, bsc#1139751).
• test_firmware: Use correct snprintf() limit (bsc#1135642).
• thermal/x86pkgtemp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).
• thermal/x86pkgtemp_thermal: Support multi-die/package (jsc#SLE-5454).
• thermal: rcargen3thermal: disable interrupt in .remove (bsc#1051510).
• thunderbolt: Fix to check for kmemdup failure (bsc#1051510).
• tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
• tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
• tools/cpupower: Add Hygon Dhyana support ().
• topology: Create corecpus and diecpus sysfs attributes (jsc#SLE-5454).
• topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
• tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).
• tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510).
• tty: ipwireless: fix missing checks for ioremap (bsc#1051510).
• tty: max310x: Fix external crystal register setup (bsc#1051510).
• tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
• usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).
• usb: core: Add PM runtime calls to usbhcdplatform_shutdown (bsc#1051510).
• usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
• usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).
• usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
• usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510).
• usbip: usbiphost: fix stubdev lock context imbalance regression (bsc#1051510).
• usbnet: fix kernel crash after disconnect (bsc#1051510).
• usbnet: ipheth: fix racing condition (bsc#1051510).
• vfio: ccw: only free cp on final interrupt (bsc#1051510).
• video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
• video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
• virtio_console: initialize vtermno value for ports (bsc#1051510).
• vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
• vxlan: trivial indenting fix (bsc#1051510).
• vxlan: use _be32 type for the param vni in _vxlanfdbdelete (bsc#1051510).
• w1: fix the resume command API (bsc#1051510).
• watchdog: imx2wdt: Fix settimeout for big timeout values (bsc#1051510).
• x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279).
• x86/CPU/hygon: Fix physprocid calculation logic for multi-die processors ().
• x86/alternative: Init ideal_nops for Hygon Dhyana ().
• x86/amd_nb: Add support for Raven Ridge CPUs ().
• x86/amd_nb: Check vendor in AMD-only functions ().
• x86/apic: Add Hygon Dhyana support ().
• x86/bugs: Add Hygon Dhyana to the respective mitigation machinery ().
• x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().
• x86/cpu: Create Hygon Dhyana architecture support file ().
• x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().
• x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
• x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions.
• x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).
• x86/events: Add Hygon Dhyana support to PMU infrastructure ().
• x86/kvm: Add Hygon Dhyana support to KVM ().
• x86/mce: Add Hygon Dhyana support to the MCA infrastructure ().
• x86/mce: Do not disable MCA banks when offlining a CPU on AMD ().
• x86/mce: Fix machinecheckpoll() tests for error types (bsc#1114279).
• x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).
• x86/microcode: Fix microcode hotplug state (bsc#1114279).
• x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).
• x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).
• x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge ().
• x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana ().
• x86/smpboot: Rename matchdie() to matchpkg() (jsc#SLE-5454).
• x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).
• x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
• x86/topology: Create topologymaxdieperpackage() (jsc#SLE-5454).
• x86/topology: Define topologydieid() (jsc#SLE-5454).
• x86/topology: Define topologylogicaldie_id() (jsc#SLE-5454).
• x86/xen: Add Hygon Dhyana support to Xen ().
• xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600).
• xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018).
• xfs: do not look at buffer heads in xfsaddto_ioend (bsc#1138013).
• xfs: do not set the page uptodate in xfswritepagemap (bsc#1138003).
• xfs: do not use XFSBMAPIENTRIRE in xfsgetblocks (bsc#1137999).
• xfs: do not use XFSBMAPIIGSTATE in xfsmapblocks (bsc#1138005).
• xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019).
• xfs: fix s_maxbytes overflow problems (bsc#1137996).
• xfs: make xfswritepagemap extent map centric (bsc#1138009).
• xfs: minor cleanup for xfsgetblocks (bsc#1138000).
• xfs: move all writeback bufferhead manipulation into xfsmapatoffset (bsc#1138014).
• xfs: refactor the tail of xfswritepagemap (bsc#1138016).
• xfs: remove XFSIOINVALID (bsc#1138017).
• xfs: remove the imap_valid flag (bsc#1138012).
• xfs: remove unused parameter from xfswritepagemap (bsc#1137995).
• xfs: remove xfsmapcow (bsc#1138007).
• xfs: remove xfsreflinkfindcowmapping (bsc#1138010).
• xfs: remove xfsreflinktrimirectonextcow (bsc#1138006).
• xfs: remove xfsstartpage_writeback (bsc#1138015).
• xfs: rename the offset variable in xfswritepagemap (bsc#1138008).
• xfs: simplify xfsmapblocks by using xfsiextlookup_extent directly (bsc#1138011).
• xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998).
• xfs: xfsreflinkconvert_cow() memory allocation deadlock (bsc#1138002).
• xhci: Convert xhcihandshake() to use readlpolltimeoutatomic() (bsc#1051510).
• xhci: Use %zu for printing size_t type (bsc#1051510).
• xhci: update bounce buffer with correct sg num (bsc#1051510).