Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:0271-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-15129 ( SUSE ): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2017-15129 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-15129 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-17712 ( SUSE ): 8.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
  • CVE-2017-17712 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17712 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17862 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-17864 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-18017 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2017-18017 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18017 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-1000004 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1000004 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5332 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2018-5332 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-5332 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-5333 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-5333 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1

An update that solves nine vulnerabilities and has 68 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines".

  • CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).
  • CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229).
  • CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).
  • CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928).
  • CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).
  • CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
  • CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).
  • CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).

The following non-security bugs were fixed:

  • 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).
  • acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382).
  • af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).
  • af_key: fix buffer overread in verify_address_len() (bnc#1012382).
  • afs: Adjust mode bits processing (bnc#1012382).
  • afs: Connect up the CB.ProbeUuid (bnc#1012382).
  • afs: Fix afs_kill_pages() (bnc#1012382).
  • afs: Fix missing put_page() (bnc#1012382).
  • afs: Fix page leak in afs_write_begin() (bnc#1012382).
  • afs: Fix the maths in afs_fs_store_data() (bnc#1012382).
  • afs: Flush outstanding writes when an fd is closed (bnc#1012382).
  • afs: Migrate vlocation fields to 64-bit (bnc#1012382).
  • afs: Populate and use client modification time (bnc#1012382).
  • afs: Populate group ID from vnode status (bnc#1012382).
  • afs: Prevent callback expiry timer overflow (bnc#1012382).
  • alpha: fix build failures (bnc#1012382).
  • alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717).
  • alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).
  • alsa: aloop: Release cable upon open error path (bsc#1031717).
  • alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717).
  • alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717).
  • alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717).
  • alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717).
  • alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717).
  • alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717).
  • alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717).
  • alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).
  • alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717).
  • alsa: hda: Drop useless WARN_ON() (bsc#1031717).
  • alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717).
  • alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717).
  • alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717).
  • alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717).
  • alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717).
  • alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717).
  • alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717).
  • alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717).
  • alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717).
  • alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717).
  • alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717).
  • alsa: hda/realtek - Add support for ALC1220 (bsc#1031717).
  • alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717).
  • alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717).
  • alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717).
  • alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717).
  • alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717).
  • alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717).
  • alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717).
  • alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717).
  • alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717).
  • alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717).
  • alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717).
  • alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717).
  • alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717).
  • alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717).
  • alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717).
  • alsa: hda/realtek - New codec support for ALC257 (bsc#1031717).
  • alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717).
  • alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717).
  • alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717).
  • alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717).
  • alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717).
  • alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717).
  • alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717).
  • alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717).
  • alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717).
  • alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717).
  • alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717).
  • alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717).
  • alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717).
  • alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).
  • alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).
  • alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717).
  • alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717).
  • alsa: usb-audio: Add check return value for usb_string() (bsc#1031717).
  • alsa: usb-audio: Fix out-of-bound error (bsc#1031717).
  • alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717).
  • arc: uaccess: dont use "l" gcc inline asm constraint modifier (bnc#1012382).
  • arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032).
  • arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).
  • arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032).
  • arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).
  • arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032).
  • arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032).
  • arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032).
  • arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032).
  • arm64: Define cputype macros for Falkor CPU (bsc#1068032).
  • arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).
  • arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187).
  • arm64: do not pull uaccess.h into *.S (bsc#1068032).
  • arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).
  • arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032).
  • arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032).
  • arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032).
  • arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032).
  • arm64: entry: remove pointless SPSR mode check (bsc#1068032).
  • arm64: entry.S convert el0_sync (bsc#1068032).
  • arm64: entry.S: convert el1_sync (bsc#1068032).
  • arm64: entry.S: convert elX_irq (bsc#1068032).
  • arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032).
  • arm64: entry.S: Remove disable_dbg (bsc#1068032).
  • arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032).
  • arm64: explicitly mask all exceptions (bsc#1068032).
  • arm64: factor out entry stack manipulation (bsc#1068032).
  • arm64: factor out PAGE_ and CONT_ definitions (bsc#1068032).
  • arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032).
  • arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032).
  • arm64: factor work_pending state machine to C (bsc#1068032).
  • arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).
  • arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).
  • arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032).
  • arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).
  • arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032).
  • arm64: Implement branch predictor hardening for Falkor (bsc#1068032).
  • arm64: Initialise high_memory global variable earlier (bnc#1012382).
  • arm64: introduce an order for exceptions (bsc#1068032).
  • arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032).
  • arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032).
  • arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032).
  • arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).
  • arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).
  • arm64: kill ESR_LNX_EXEC (bsc#1068032).
  • arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032).
  • arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232).
  • arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).
  • arm64: kvm: Make PSCI_VERSION a fast path (bsc#1068032).
  • arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032).
  • arm64: Mask all exceptions during kernel_exit (bsc#1068032).
  • arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).
  • arm64: mm: Allocate ASIDs in pairs (bsc#1068032).
  • arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).
  • arm64: mm: hardcode rodata=true (bsc#1068032).
  • arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032).
  • arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032).
  • arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032).
  • arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).
  • arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 (bsc#1068032).
  • arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).
  • arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).
  • arm64: mm: Use non-global mappings for kernel space (bsc#1068032).
  • arm64: Move BP hardening to check_and_switch_context (bsc#1068032).
  • arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).
  • arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032).
  • arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032).
  • arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).
  • arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032).
  • arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032).
  • arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).
  • arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed.
  • arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032).
  • arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).
  • arm64: use alternative auto-nop (bsc#1068032).
  • arm64: use RET instruction for exiting the trampoline (bsc#1068032).
  • arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).
  • arm/arm64: kvm: Make default HYP mappings non-excutable (bsc#1068032).
  • arm: avoid faulting on qemu (bnc#1012382).
  • arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).
  • arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).
  • arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382).
  • arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).
  • arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382).
  • arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382).
  • arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).
  • arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).
  • arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382).
  • arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).
  • arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).
  • arm: OMAP2+: Fix device node reference counts (bnc#1012382).
  • arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382).
  • arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382).
  • asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes).
  • asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).
  • asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382).
  • asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717).
  • asoc: twl4030: fix child-node lookup (bsc#1031717).
  • asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717).
  • ath9k: fix tx99 potential info leak (bnc#1012382).
  • atm: horizon: Fix irq release error (bnc#1012382).
  • audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382).
  • axonram: Fix gendisk handling (bnc#1012382).
  • backlight: pwm_bl: Fix overflow condition (bnc#1012382).
  • bcache: add a comment in journal bucket reading (bsc#1076110).
  • bcache: Avoid nested function definition (bsc#1076110).
  • bcache: bch_allocator_thread() is not freezable (bsc#1076110).
  • bcache: bch_writeback_thread() is not freezable (bsc#1076110).
  • bcache: check return value of register_shrinker (bsc#1076110).
  • bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110).
  • bcache: documentation updates and corrections (bsc#1076110).
  • bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110).
  • bcache: do not write back data if reading it failed (bsc#1076110).
  • bcache: explicitly destroy mutex while exiting (bnc#1012382).
  • bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).
  • bcache: Fix building error on MIPS (bnc#1012382).
  • bcache: fix sequential large write IO bypass (bsc#1076110).
  • bcache: fix wrong cache_misses statistics (bnc#1012382).
  • bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078).
  • bcache: implement PI controller for writeback rate (bsc#1076110).
  • bcache: increase the number of open buckets (bsc#1076110).
  • bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652).
  • bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784).
  • bcache: rearrange writeback main thread ratelimit (bsc#1076110).
  • bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652).
  • bcache: Remove redundant set_capacity (bsc#1076110).
  • bcache: remove unused parameter (bsc#1076110).
  • bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085).
  • bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
  • bcache: silence static checker warning (bsc#1076110).
  • bcache: smooth writeback rate control (bsc#1076110).
  • bcache.txt: standardize document format (bsc#1076110).
  • bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110).
  • bcache: update bucket_in_use in real time (bsc#1076110).
  • bcache: Update continue_at() documentation (bsc#1076110).
  • bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).
  • bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110).
  • bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
  • bcache: writeback rate shouldn't artifically clamp (bsc#1076110).
  • be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192).
  • block: wake up all tasks blocked in get_request() (bnc#1012382).
  • bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).
  • bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382).
  • bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382).
  • bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382).
  • btrfs: add missing memset while reading compressed inline extents (bnc#1012382).
  • btrfs: clear space cache inode generation always (bnc#1012382).
  • btrfs: embed extent_changeset::range_changed to the structure (dependent patch, bsc#1031395).
  • btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (bsc#1031395).
  • btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (bsc#1031395).
  • btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependent patch, bsc#1031395).
  • btrfs: qgroup: Return actually freed bytes for qgroup release or free data (bsc#1031395).
  • btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile).
  • btrfs: ulist: make the finalization function public (dependent patch, bsc#1031395).
  • btrfs: ulist: rename ulist_fini to ulist_release (dependent patch, bsc#1031395).
  • can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).
  • can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).
  • can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
  • can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
  • can: gs_usb: fix return value of the "set_bittiming" callback (bnc#1012382).
  • can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
  • can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382).
  • can: kvaser_usb: free buf in error paths (bnc#1012382).
  • can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382).
  • can: peak: fix potential bug in packet fragmentation (bnc#1012382).
  • can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).
  • can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
  • cdc-acm: apply quirk for card reader (bsc#1060279).
  • cdrom: factor out common open_for_* code (bsc#1048585).
  • cdrom: wait for tray to close (bsc#1048585).
  • ceph: more accurate statfs (bsc#1077068).
  • clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382).
  • clk: mediatek: add the option for determining PLL source clock (bnc#1012382).
  • clk: tegra: Fix cclk_lp divisor register (bnc#1012382).
  • config: arm64: enable HARDEN_BRANCH_PREDICTOR
  • config: arm64: enable UNMAP_KERNEL_AT_EL0
  • cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382).
  • cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382).
  • cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).
  • crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382).
  • crypto: chacha20poly1305 - validate the digest size (bnc#1012382).
  • crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).
  • crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382).
  • crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382).
  • crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).
  • crypto: n2 - cure use after free (bnc#1012382).
  • crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).
  • crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382).
  • crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).
  • cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223).
  • dax: Pass detailed error code from __dax_fault() (bsc#1072484).
  • dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382).
  • delay: add poll_event_interruptible (bsc#1048585).
  • dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704).
  • dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382).
  • dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382).
  • dmaengine: pl330: fix double lock (bnc#1012382).
  • dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382).
  • dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).
  • dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382).
  • dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).
  • drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032).
  • drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).
  • drm: extra printk() wrapper macros (bnc#1012382).
  • drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382).
  • drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382).
  • drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).
  • drm/radeon: fix atombios on big endian (bnc#1012382).
  • drm/radeon: reinstate oland workaround for sclk (bnc#1012382).
  • drm/radeon/si: add dpm quirk for Oland (bnc#1012382).
  • drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).
  • dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382).
  • edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).
  • edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).
  • edac, sb_edac: Fix missing break in switch (bnc#1012382).
  • eeprom: at24: check at24_read/write arguments (bnc#1012382).
  • efi/esrt: Cleanup bad memory map log messages (bnc#1012382).
  • efi: Move some sysfs files to be read-only by root (bnc#1012382).
  • eventpoll.h: add missing epoll event masks (bnc#1012382).
  • ext4: fix crash when a directory's i_size is too small (bnc#1012382).
  • ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).
  • ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).
  • fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382).
  • Fix EX_SIZE. We do not have the patches that shave off parts of the exception data.
  • Fix mishandling of cases with MSR not being present (writing to MSR even though _state == -1).
  • Fix return value from ib[rs|pb]_enabled()
  • Fixup hang when calling 'nvme list' on all paths down (bsc#1070052).
  • fjes: Fix wrong netdevice feature flags (bnc#1012382).
  • flow_dissector: properly cap thoff field (bnc#1012382).
  • fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).
  • fork: clear thread stack upon allocation (bsc#1077560).
  • fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).
  • futex: Prevent overflow by strengthen input validation (bnc#1012382).
  • gcov: disable for COMPILE_TEST (bnc#1012382).
  • gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382).
  • gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382).
  • hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382).
  • hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382).
  • hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).
  • hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).
  • hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).
  • i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249).
  • i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249).
  • i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).
  • i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249).
  • i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).
  • i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249).
  • i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249).
  • i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249).
  • i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249).
  • i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249).
  • i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249).
  • i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376 FATE#321249).
  • i40iw: Move exception_lan_queue to VSI structure (bsc#1024376 FATE#321249).
  • i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249).
  • i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249).
  • i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249).
  • ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242).
  • ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242).
  • ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes).
  • ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350).
  • ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382).
  • ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).
  • ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).
  • ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).
  • ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).
  • ibmvnic: Fix IP offload control buffer (bsc#1076899).
  • ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).
  • ibmvnic: Fix pending MAC address changes (bsc#1075627).
  • ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872).
  • ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872).
  • ibmvnic: Wait for device response when changing MAC (bsc#1078681).
  • ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818, fate#319242).
  • ib/srpt: Disable RDMA access by the initiator (bnc#1012382).
  • ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265).
  • ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp() (FATE#321231 FATE#321473 FATE#322153 FATE#322149).
  • igb: check memory allocation failure (bnc#1012382).
  • ima: fix hash algorithm initialization (bnc#1012382).
  • inet: frag: release spinlock before calling icmp_send() (bnc#1012382).
  • input: 88pm860x-ts - fix child-node lookup (bnc#1012382).
  • input: elantech - add new icbody type 15 (bnc#1012382).
  • input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382).
  • input: trackpoint - force 3 buttons if 0 bu