SUSE-SU-2020:3122-1

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485).
• CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file. (bsc#1177470)
• CVE-2020-14351: Fixed a race condition in the perfmmapclose() function (bsc#1177086).

The following non-security bugs were fixed:

• ACPI: Always build evged in (git-fixes).
• ACPI: button: fix handling lid state changes when input device closed (git-fixes).
• ACPI: configfs: Add missing configitemput() to fix refcount leak (git-fixes).
• acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
• ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
• Add CONFIGCHECKCODESIGN_EKU
• ALSA: ac97: (cosmetic) align argument names (git-fixes).
• ALSA: aoa: i2sbus: use DECLARECOMPLETIONONSTACK() macro (git-fixes).
• ALSA: asihpi: fix spellint typo in comments (git-fixes).
• ALSA: atmel: ac97: clarify operator precedence (git-fixes).
• ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
• ALSA: compress_offload: remove redundant initialization (git-fixes).
• ALSA: core: init: use DECLARECOMPLETIONONSTACK() macro (git-fixes).
• ALSA: core: pcm: simplify locking for timers (git-fixes).
• ALSA: core: timer: clarify operator precedence (git-fixes).
• ALSA: core: timer: remove redundant assignment (git-fixes).
• ALSA: ctl: Workaround for lockdep warning wrt card->ctlfilesrwlock (git-fixes).
• ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes).
• ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
• ALSA: hda: (cosmetic) align function parameters (git-fixes).
• ALSA: hda - Do not register a cb func if it is registered already (git-fixes).
• ALSA: hda - Fix the return value if cb func is already registered (git-fixes).
• ALSA: hda/hdmi: fix incorrect locking in hdmipcmclose (git-fixes).
• ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).
• ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).
• ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes).
• ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).
• ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).
• ALSA: hdspm: Fix typo arbitary (git-fixes).
• ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
• ALSA: portman2x4: fix repeated word 'if' (git-fixes).
• ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
• ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
• ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).
• ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
• ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
• ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).
• ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes).
• ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).
• ALSA: vx: vx_core: clarify operator precedence (git-fixes).
• ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).
• ASoC: fsl: imx-es8328: add missing putdevice() call in imxes8328_probe() (git-fixes).
• ASoC: fslsai: Instantiate sndsocdaidriver (git-fixes).
• ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
• ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
• ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes).
• ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).
• ata: sata_rcar: Fix DMA boundary mask (git-fixes).
• ath10k: Fix the size used in a 'dmafreecoherent()' call in an error handling path (git-fixes).
• ath10k: provide survey info as accumulated data (git-fixes).
• ath6kl: prevent potential array overflow in ath6kladdnew_sta() (git-fixes).
• ath6kl: wmi: prevent a shift wrapping bug in ath6klwmideletepstreamcmd() (git-fixes).
• ath9k: Fix potential out of bounds in ath9khtctxcompletion_cb() (git-fixes).
• ath9khtc: Use appropriate rsdatalen type (git-fixes).
• backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).
• blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).
• block: ensure bdi->io_pages is always initialized (bsc#1177749).
• block: Fix pageismergeable() for compound pages (bsc#1177814).
• Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).
• Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
• brcmfmac: check ndev pointer (git-fixes).
• btrfs: add owner and fsinfo to allocstate io_tree (bsc#1177854).
• btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).
• btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).
• btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).
• can: ccan: regmap{c,d}can: mark as _maybeunused (git-fixes).
• can: flexcan: remove ackgrp and ackbit handling from driver (git-fixes).
• can: softing: softingcardshutdown(): add braces around empty body in an 'if' statement (git-fixes).
• clk: at91: clk-main: update key before writing AT91CKGRMOR (git-fixes).
• clk: at91: remove the checking of parent_name (git-fixes).
• clk: bcm2835: add missing release if devmclkhw_register fails (git-fixes).
• clk: imx8mq: Fix usdhc parents order (git-fixes).
• clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes).
• clk: meson: g12a: mark fclk_div2 as critical (git-fixes).
• clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).
• cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
• dax: Fix compilation for CONFIGDAX && !CONFIGFS_DAX (bsc#1177817).
• dma-direct: add missing setmemorydecrypted() for coherent mapping (bsc#1175898, ECO-2743).
• dma-direct: always align allocation size in dmadirectalloc_pages() (bsc#1175898, ECO-2743).
• dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743).
• dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743).
• dma-direct: consolidate the error handling in dmadirectalloc_pages (bsc#1175898, ECO-2743).
• dma-direct: make uncachedkerneladdress more general (bsc#1175898, ECO-2743).
• dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743).
• dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743).
• dma-direct: re-encrypt memory if dmadirectalloc_pages() fails (bsc#1175898, ECO-2743).
• dma-direct: remove _dmadirectfreepages (bsc#1175898, ECO-2743).
• dma-direct: remove the dmahandle argument to _dmadirectalloc_pages (bsc#1175898, ECO-2743).
• dmaengine: dma-jz4780: Fix race in jz4780dmatx_status (git-fixes).
• dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes).
• dma-mapping: add a dmacanmmap helper (bsc#1175898, ECO-2743).
• dma-mapping: always use VMDMACOHERENT for generic DMA remap (bsc#1175898, ECO-2743).
• dma-mapping: DMACOHERENTPOOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).
• dma-mapping: make dmaatomicpool_init self-contained (bsc#1175898, ECO-2743).
• dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743).
• dma-mapping: remove archdmammap_pgprot (bsc#1175898, ECO-2743).
• dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).
• dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743).
• dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).
• dma-pool: decouple DMAREMAP from DMACOHERENT_POOL (bsc#1175898, ECO-2743).
• dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).
• dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).
• dma-pool: Fix an uninitialized variable bug in atomicpoolexpand() (bsc#1175898, ECO-2743).
• dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743).
• dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743).
• dma-pool: get rid of dmainatomic_pool() (bsc#1175898, ECO-2743).
• dma-pool: introduce dmaguesspool() (bsc#1175898, ECO-2743).
• dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).
• dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743).
• dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743).
• dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743).
• dm: Call proper helper to determine dax support (bsc#1177817).
• dm/dax: Fix table reference counts (bsc#1178246).
• docs: driver-api: remove a duplicated index entry (git-fixes).
• EDAC/i5100: Fix error handling order in i5100initone() (bsc#1152489).
• extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes).
• HID: hid-input: fix stylus battery reporting (git-fixes).
• HID: roccat: add bounds checking in konesysfswrite_settings() (git-fixes).
• HID: wacom: Avoid entering wacomwacpen_report for pad / battery (git-fixes).
• i2c: core: Restore acpiwalkdepdevicelist() getting called after registering the ACPI i2c devs (git-fixes).
• i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
• i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).
• i3c: master add i3cmasterattach_boardinfo to preserve boardinfo (git-fixes).
• i3c: master: Fix error return in cdnsi3cmaster_probe() (git-fixes).
• ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
• ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).
• ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).
• ida: Free allocated bitmap in error path (git-fixes).
• iio:accel:bma180: Fix use of true when should be iiosharedby enum (git-fixes).
• iio: adc: gyroadc: fix leak of device node iterator (git-fixes).
• iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes).
• iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
• iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
• iio:dac:ad5592r: Fix use of true for IIOSHAREDBY_TYPE (git-fixes).
• iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).
• iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).
• iio:magn:hmc5843: Fix passing true where iiosharedby enum required (git-fixes).
• ima: Do not ignore errors from cryptoshashupdate() (git-fixes).
• ima: Remove semicolon at the end of imagetbinaryruntimesize() (git-fixes).
• Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes).
• Input: ep93xxkeypad - fix handling of platformget_irq() error (git-fixes).
• Input: imx6ultsc - clean up some errors in imx6ultsc_resume() (git-fixes).
• Input: omap4-keypad - fix handling of platformgetirq() error (git-fixes).
• Input: stmfts - fix a & vs && typo (git-fixes).
• Input: sun4i-ps2 - fix handling of platformgetirq() error (git-fixes).
• Input: twl4030keypad - fix handling of platformget_irq() error (git-fixes).
• iomap: Make sure iomapend is called after iomapbegin (bsc#1177754).
• iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739).
• ipmisi: Fix wrong return value in trysmi_init() (git-fixes).
• iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
• kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353).
• leds: mt6323: move period calculation (git-fixes).
• lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
• memory: fsl-corenet-cf: Fix handling of platformgetirq() error (git-fixes).
• memory: omap-gpmc: Fix a couple off by ones (git-fixes).
• memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes).
• mfd: sm501: Fix leaks in probe() (git-fixes).
• misc: mic: scif: Fix error handling path (git-fixes).
• mm: do not panic when links can't be created in sysfs (bsc#1178002).
• mm: do not rely on system state to detect hot-plug operations (bsc#1178002).
• mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
• mm/mempolicy.c: fix out of bounds write in mpolparsestr() (git-fixes (mm/mempolicy)).
• mm/page-writeback.c: avoid potential division by zero in wbminmax_ratio() (git-fixes (mm/writeback)).
• mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).
• mm: replace memmapcontext by meminitcontext (bsc#1178002).
• mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
• mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).
• mtd: lpddr: Fix bad logic in printdrserror (git-fixes).
• mtd: lpddr: fix excessive stack usage with clang (git-fixes).
• mtd: mtdoops: Do not write panic data twice (git-fixes).
• mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes).
• mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes).
• mtd: spinand: gigadevice: Add QE Bit (git-fixes).
• mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes).
• mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).
• mwifiex: fix double free (git-fixes).
• mwifiex: remove function pointer check (git-fixes).
• mwifiex: Remove unnecessary braces from HostCmdSETSEQNOBSS_INFO (git-fixes).
• net: wireless: nl80211: fix out-of-bounds access in nl80211delkey() (git-fixes).
• nfc: Ensure presence of NFCATTRFIRMWARENAME attribute in nfcgenlfwdownload() (git-fixes).
• nl80211: fix non-split wiphy information (git-fixes).
• NTB: hw: amd: fix an issue about leak system resources (git-fixes).
• ntb: intel: Fix memleak in intelntbpci_probe (git-fixes).
• nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).
• nvme-rdma: fix crash when connect rejected (bsc#1174748).
• overflow: Include header file with SIZE_MAX declaration (git-fixes).
• PCI: aardvark: Check for errors from pcibridgeemul_init() call (git-fixes).
• percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)).
• perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489).
• perf/x86: Fix n_pair for cancelled txn (bsc#1152489).
• pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes).
• pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes).
• PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353).
• platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
• PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079).
• powerpc/book3s64/radix: Make radixmemblock_size 64bit (bsc#1055186 ltc#153436 git-fixes).
• powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).
• powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).
• powerpc/icp-hv: Fix missing ofnodeput() in success path (bsc#1065729).
• powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).
• powerpc/paprscm: Fix warning triggered by perfstats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
• powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).
• powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).
• powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).
• powerpc/pseries: Avoid using addrtopfn in real mode (jsc#SLE-9246 git-fixes).
• powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).
• powerpc/pseries: Fix missing ofnodeput() in rng_init() (bsc#1065729).
• pwm: img: Fix null pointer access in probe (git-fixes).
• pwm: lpss: Add range limit check for the base_unit register value (git-fixes).
• pwm: lpss: Fix off by one error in baseunit math in pwmlpss_prepare() (git-fixes).
• qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes).
• r8169: fix operation under forced interrupt threading (git-fixes).
• rapidio: fix the missed putdevice() for riomportaddriodev (git-fixes).
• reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
• ring-buffer: Return 0 on success from ringbufferresize() (git-fixes).
• rtc: rx8010: do not modify the global rtc ops (git-fixes).
• scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).
• scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743).
• slimbus: core: check get_addr before removing laddr ida (git-fixes).
• slimbus: core: do not enter to clock pause mode in core (git-fixes).
• slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes).
• soc: fsl: qbman: Fix return value on success (git-fixes).
• staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).
• staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes).
• tracing: Check return value of _createval_fields() before using its result (git-fixes).
• tracing: Save normal string variables (git-fixes).
• USB: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).
• USB: dwc2: Fix parameter type in function pointer prototype (git-fixes).
• USB: dwc3: core: add phy cleanup for probe error handling (git-fixes).
• USB: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).
• USB: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).
• USB: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes).
• USB: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes).
• USB: gadget: fncm: fix ncmbitrate for SuperSpeed and above (git-fixes).
• USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).
• usblp: fix race between disconnect() and read() (git-fixes).
• USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).
• USB: serial: option: add Cellient MPL200 card (git-fixes).
• USB: serial: option: Add Telit FT980-KS composition (git-fixes).
• USB: serial: pl2303: add device-id for HP GC device (git-fixes).
• USB: serial: qcserial: fix altsetting probing (git-fixes).
• usb: xhci-mtk: Fix typo (git-fixes).
• VMCI: check return value of getuserpages_fast() for errors (git-fixes).
• w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).
• watchdog: Fix memleak in watchdogcdevregister (git-fixes).
• watchdog: sp5100: Fix definition of EFCHPMDECODEEN3 (git-fixes).
• watchdog: Use put_device on error (git-fixes).
• wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).
• writeback: Avoid skipping inode writeback (bsc#1177755).
• writeback: Fix sync livelock due to bdirtytime processing (bsc#1177755).
• writeback: Protect inode->iiolist with inode->i_lock (bsc#1177755).
• X.509: Add CodeSigning extended key usage parsing (bsc#1177353).
• x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489).
• x86/ioapic: Unbreak check_timer() (bsc#1152489).
• x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1177765).
• x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743).
• x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).
• xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
• xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
• xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
• xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
• xen/events: block rogue events for some time (XSA-332 bsc#1177411).
• xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
• xen/events: fix race in evtchnfifounmask() (XSA-332 bsc#1177411).
• xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
• xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
• xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
• xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
• xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411).
• xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
• xfs: force the log after remapping a synchronous-writes file (git-fixes).
• xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).