Security update for the Linux Kernel
An update that solves one vulnerability and has 91 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
This new feature was added:
- Btrfs: Remove empty block groups in the background
The following security bugs were fixed:
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
The following non-security bugs were fixed:
- ALSA: timer: Fix pause event notification (bsc#973378).
- Btrfs: Avoid trucating page or punching hole in a already existed hole (bsc#1088998).
- Btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1094424).
- Btrfs: Fix lost-data-profile caused by auto removing bg.
- Btrfs: Fix misuse of chunk mutex
- Btrfs: Fix out-of-space bug (bsc#1089231).
- Btrfs: Set relative data on clear btrfs_block_group_cache->pinned.
- Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239).
- Btrfs: add alloc_fs_devices and switch to it (bsc#1089205).
- Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204).
- Btrfs: add missing discards when unpinning extents with -o discard.
- Btrfs: add missing inode update when punching hole (bsc#1089006).
- Btrfs: add support for asserts (bsc#1089207).
- Btrfs: avoid syncing log in the fast fsync path when not necessary (bsc#1089010).
- Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries.
- Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#1089235).
- Btrfs: cleanup backref search commit root flag stuff (bsc#1089200).
- Btrfs: delete chunk allocation attemp when setting block group ro.
- Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210).
- Btrfs: do not mix the ordered extents of all files together during logging the inodes (bsc#1089214).
- Btrfs: do not remove extents and xattrs when logging new names (bsc#1089005).
- Btrfs: eliminate races in worker stopping code (bsc#1089211).
- Btrfs: ensure deletion from pinned_chunks list is protected.
- Btrfs: explictly delete unused block groups in close_ctree and ro-remount.
- Btrfs: fix -ENOSPC on block group removal.
- Btrfs: fix -ENOSPC when finishing block group creation.
- Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group.
- Btrfs: fix NULL pointer crash when running balance and scrub concurrently (bsc#1089220).
- Btrfs: fix chunk allocation regression leading to transaction abort (bsc#1089236).
- Btrfs: fix crash caused by block group removal.
- Btrfs: fix data loss in the fast fsync path (bsc#1089007).
- Btrfs: fix deadlock caused by fsync when logging directory entries (bsc#1093194).
- Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001).
- Btrfs: fix directory recovery from fsync log (bsc#1088999).
- Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#1093195).
- Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#1093196).
- Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#1089241).
- Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bsc#1089232).
- Btrfs: fix fitrim discarding device area reserved for boot loader's use.
- Btrfs: fix freeing used extent after removing empty block group.
- Btrfs: fix freeing used extents after removing empty block group.
- Btrfs: fix fs mapping extent map leak (bsc#1089229).
- Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221).
- Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004).
- Btrfs: fix fsync data loss after append write (bsc#1089238).
- Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bsc#1089003).
- Btrfs: fix fsync race leading to invalid data after log replay (bsc#1089000).
- Btrfs: fix fsync when extend references are added to an inode (bsc#1089002).
- Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423).
- Btrfs: fix invalid extent maps due to hole punching (bsc#1094425).
- Btrfs: fix kernel oops while reading compressed data (bsc#1089192).
- Btrfs: fix log replay failure after linking special file and fsync (bsc#1089016).
- Btrfs: fix memory leak after block remove + trimming.
- Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197).
- Btrfs: fix race between balance and unused block group deletion (bsc#1089237).
- Btrfs: fix race between fs trimming and block group remove/allocation.
- Btrfs: fix race between scrub and block group deletion.
- Btrfs: fix race between transaction commit and empty block group removal.
- Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206).
- Btrfs: fix racy system chunk allocation when setting block group ro (bsc#1089233).
- Btrfs: fix regression in raid level conversion (bsc#1089234).
- Btrfs: fix skipped error handle when log sync failed (bsc#1089217).
- Btrfs: fix stale dir entries after removing a link and fsync (bsc#1089011).
- Btrfs: fix the number of transaction units needed to remove a block group.
- Btrfs: fix the skipped transaction commit during the file sync (bsc#1089216).
- Btrfs: fix unprotected alloc list insertion during the finishing procedure of replace (bsc#1089215).
- Btrfs: fix unprotected assignment of the target device (bsc#1089222).
- Btrfs: fix unprotected deletion from pending_chunks list.
- Btrfs: fix unprotected device list access when getting the fs information (bsc#1089228).
- Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227).
- Btrfs: fix unprotected device->bytes_used update (bsc#1089225).
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#1089240).
- Btrfs: fix up read_tree_block to return proper error (bsc#1080837).
- Btrfs: fix wrong device bytes_used in the super block (bsc#1089224).
- Btrfs: fix wrong disk size when writing super blocks (bsc#1089223).
- Btrfs: fix xattr loss after power failure (bsc#1094436).
- Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013).
- Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437).
- Btrfs: iterate over unused chunk space in FITRIM.
- Btrfs: make btrfs_issue_discard return bytes discarded.
- Btrfs: make btrfs_search_forward return with nodes unlocked (bsc#1094422).
- Btrfs: make sure to copy everything if we rename (bsc#1088997).
- Btrfs: make the chunk allocator completely tree lockless (bsc#1089202).
- Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate (bsc#1089201).
- Btrfs: nuke write_super from comments (bsc#1089199).
- Btrfs: only drop modified extents if we logged the whole inode (bsc#1089213).
- Btrfs: only update disk_i_size as we remove extents (bsc#1089209).
- Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#1089012).
- Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008).
- Btrfs: remove empty block groups automatically.
- Btrfs: remove non-sense btrfs_error_discard_extent() function (bsc#1089230).
- Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837).
- Btrfs: remove transaction from send (bsc#1089218).
- Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock.
- Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421).
- Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212).
- Btrfs: set inode's logged_trans/last_log_commit after ranged fsync (bsc#1093198).
- Btrfs: skip superblocks during discard.
- Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208).
- Btrfs: update free_chunk_space during allocting a new chunk (bsc#1089226).
- Btrfs: use global reserve when deleting unused block group after ENOSPC.
- Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837).
- Btrfs: wait ordered range before doing direct io (bsc#1089203).
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
- Xen counterparts of eager FPU implementation.
- balloon: do not BUG() when balloon is empty (bsc#1083347).
- fs: btrfs: volumes.c: Fix for possible null pointer dereference (bsc#1089219).
- kernel: Fix memory leak on EP11 target list processing (bnc#1096746).
- kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality).
- module: Fix locking in symbol_put_addr() (bsc#1097445).
- netfront: make req_prod check properly deal with index wraps (bsc#1046610).
- powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244).
- powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bsc#1094244).
- powerpc/pseries: Define MCE error event section (bsc#1094244).
- powerpc/pseries: Display machine check error details (bsc#1094244).
- powerpc/pseries: Dump and flush SLB contents on SLB MCE errors (bsc#1094244).
- powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244).
- qla2xxx: Mask off Scope bits in retry delay (bsc#1068054).
- s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096746).
- s390/dasd: fix failing path verification (bnc#1096746).
- trace: module: Maintain a valid user count (bsc#1097443).
- x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
- x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351).
- xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
- xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401).
- xfs: only update the last_sync_lsn when a transaction completes (bsc#989401).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Development Kit 11 SP4
zypper in -t patch sdksp4-kernel-source-13680=1
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-kernel-source-13680=1
-
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-kernel-source-13680=1
Package List:
-
SUSE Linux Enterprise Software Development Kit 11 SP4 (noarch)
- kernel-docs-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 nosrc)
- kernel-default-3.0.101-108.57.1
- kernel-trace-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- kernel-default-base-3.0.101-108.57.1
- kernel-trace-devel-3.0.101-108.57.1
- kernel-source-3.0.101-108.57.1
- kernel-syms-3.0.101-108.57.1
- kernel-trace-base-3.0.101-108.57.1
- kernel-default-devel-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64 i586)
- kernel-ec2-3.0.101-108.57.1
- kernel-xen-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
- kernel-ec2-devel-3.0.101-108.57.1
- kernel-xen-devel-3.0.101-108.57.1
- kernel-ec2-base-3.0.101-108.57.1
- kernel-xen-base-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (nosrc i586)
- kernel-pae-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (i586)
- kernel-pae-devel-3.0.101-108.57.1
- kernel-pae-base-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (ppc64 nosrc)
- kernel-ppc64-3.0.101-108.57.1
- kernel-bigmem-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (ppc64)
- kernel-bigmem-base-3.0.101-108.57.1
- kernel-ppc64-devel-3.0.101-108.57.1
- kernel-ppc64-base-3.0.101-108.57.1
- kernel-bigmem-devel-3.0.101-108.57.1
-
SUSE Linux Enterprise Server 11 SP4 (s390x)
- kernel-default-man-3.0.101-108.57.1
-
SLES for SAP Applications 11-SP4 (ppc64 nosrc)
- kernel-ppc64-3.0.101-108.57.1
- kernel-bigmem-3.0.101-108.57.1
-
SLES for SAP Applications 11-SP4 (ppc64)
- kernel-bigmem-base-3.0.101-108.57.1
- kernel-ppc64-devel-3.0.101-108.57.1
- kernel-ppc64-base-3.0.101-108.57.1
- kernel-bigmem-devel-3.0.101-108.57.1
-
SLES for SAP Applications 11-SP4 (ppc64 nosrc x86_64)
- kernel-default-3.0.101-108.57.1
- kernel-trace-3.0.101-108.57.1
-
SLES for SAP Applications 11-SP4 (ppc64 x86_64)
- kernel-default-base-3.0.101-108.57.1
- kernel-trace-devel-3.0.101-108.57.1
- kernel-source-3.0.101-108.57.1
- kernel-syms-3.0.101-108.57.1
- kernel-trace-base-3.0.101-108.57.1
- kernel-default-devel-3.0.101-108.57.1
-
SLES for SAP Applications 11-SP4 (nosrc x86_64)
- kernel-ec2-3.0.101-108.57.1
- kernel-xen-3.0.101-108.57.1
-
SLES for SAP Applications 11-SP4 (x86_64)
- kernel-ec2-devel-3.0.101-108.57.1
- kernel-xen-devel-3.0.101-108.57.1
- kernel-ec2-base-3.0.101-108.57.1
- kernel-xen-base-3.0.101-108.57.1
References:
- https://www.suse.com/security/cve/CVE-2018-3665.html
- https://bugzilla.suse.com/show_bug.cgi?id=1046610
- https://bugzilla.suse.com/show_bug.cgi?id=1052351
- https://bugzilla.suse.com/show_bug.cgi?id=1068054
- https://bugzilla.suse.com/show_bug.cgi?id=1079152
- https://bugzilla.suse.com/show_bug.cgi?id=1080837
- https://bugzilla.suse.com/show_bug.cgi?id=1083347
- https://bugzilla.suse.com/show_bug.cgi?id=1087086
- https://bugzilla.suse.com/show_bug.cgi?id=1087088
- https://bugzilla.suse.com/show_bug.cgi?id=1088997
- https://bugzilla.suse.com/show_bug.cgi?id=1088998
- https://bugzilla.suse.com/show_bug.cgi?id=1088999
- https://bugzilla.suse.com/show_bug.cgi?id=1089000
- https://bugzilla.suse.com/show_bug.cgi?id=1089001
- https://bugzilla.suse.com/show_bug.cgi?id=1089002
- https://bugzilla.suse.com/show_bug.cgi?id=1089003
- https://bugzilla.suse.com/show_bug.cgi?id=1089004
- https://bugzilla.suse.com/show_bug.cgi?id=1089005
- https://bugzilla.suse.com/show_bug.cgi?id=1089006
- https://bugzilla.suse.com/show_bug.cgi?id=1089007
- https://bugzilla.suse.com/show_bug.cgi?id=1089008
- https://bugzilla.suse.com/show_bug.cgi?id=1089010
- https://bugzilla.suse.com/show_bug.cgi?id=1089011
- https://bugzilla.suse.com/show_bug.cgi?id=1089012
- https://bugzilla.suse.com/show_bug.cgi?id=1089013
- https://bugzilla.suse.com/show_bug.cgi?id=1089016
- https://bugzilla.suse.com/show_bug.cgi?id=1089192
- https://bugzilla.suse.com/show_bug.cgi?id=1089199
- https://bugzilla.suse.com/show_bug.cgi?id=1089200
- https://bugzilla.suse.com/show_bug.cgi?id=1089201
- https://bugzilla.suse.com/show_bug.cgi?id=1089202
- https://bugzilla.suse.com/show_bug.cgi?id=1089203
- https://bugzilla.suse.com/show_bug.cgi?id=1089204
- https://bugzilla.suse.com/show_bug.cgi?id=1089205
- https://bugzilla.suse.com/show_bug.cgi?id=1089206
- https://bugzilla.suse.com/show_bug.cgi?id=1089207
- https://bugzilla.suse.com/show_bug.cgi?id=1089208
- https://bugzilla.suse.com/show_bug.cgi?id=1089209
- https://bugzilla.suse.com/show_bug.cgi?id=1089210
- https://bugzilla.suse.com/show_bug.cgi?id=1089211
- https://bugzilla.suse.com/show_bug.cgi?id=1089212
- https://bugzilla.suse.com/show_bug.cgi?id=1089213
- https://bugzilla.suse.com/show_bug.cgi?id=1089214
- https://bugzilla.suse.com/show_bug.cgi?id=1089215
- https://bugzilla.suse.com/show_bug.cgi?id=1089216
- https://bugzilla.suse.com/show_bug.cgi?id=1089217
- https://bugzilla.suse.com/show_bug.cgi?id=1089218
- https://bugzilla.suse.com/show_bug.cgi?id=1089219
- https://bugzilla.suse.com/show_bug.cgi?id=1089220
- https://bugzilla.suse.com/show_bug.cgi?id=1089221
- https://bugzilla.suse.com/show_bug.cgi?id=1089222
- https://bugzilla.suse.com/show_bug.cgi?id=1089223
- https://bugzilla.suse.com/show_bug.cgi?id=1089224
- https://bugzilla.suse.com/show_bug.cgi?id=1089225
- https://bugzilla.suse.com/show_bug.cgi?id=1089226
- https://bugzilla.suse.com/show_bug.cgi?id=1089227
- https://bugzilla.suse.com/show_bug.cgi?id=1089228
- https://bugzilla.suse.com/show_bug.cgi?id=1089229
- https://bugzilla.suse.com/show_bug.cgi?id=1089230
- https://bugzilla.suse.com/show_bug.cgi?id=1089231
- https://bugzilla.suse.com/show_bug.cgi?id=1089232
- https://bugzilla.suse.com/show_bug.cgi?id=1089233
- https://bugzilla.suse.com/show_bug.cgi?id=1089234
- https://bugzilla.suse.com/show_bug.cgi?id=1089235
- https://bugzilla.suse.com/show_bug.cgi?id=1089236
- https://bugzilla.suse.com/show_bug.cgi?id=1089237
- https://bugzilla.suse.com/show_bug.cgi?id=1089238
- https://bugzilla.suse.com/show_bug.cgi?id=1089239
- https://bugzilla.suse.com/show_bug.cgi?id=1089240
- https://bugzilla.suse.com/show_bug.cgi?id=1089241
- https://bugzilla.suse.com/show_bug.cgi?id=1093194
- https://bugzilla.suse.com/show_bug.cgi?id=1093195
- https://bugzilla.suse.com/show_bug.cgi?id=1093196
- https://bugzilla.suse.com/show_bug.cgi?id=1093197
- https://bugzilla.suse.com/show_bug.cgi?id=1093198
- https://bugzilla.suse.com/show_bug.cgi?id=1094244
- https://bugzilla.suse.com/show_bug.cgi?id=1094421
- https://bugzilla.suse.com/show_bug.cgi?id=1094422
- https://bugzilla.suse.com/show_bug.cgi?id=1094423
- https://bugzilla.suse.com/show_bug.cgi?id=1094424
- https://bugzilla.suse.com/show_bug.cgi?id=1094425
- https://bugzilla.suse.com/show_bug.cgi?id=1094436
- https://bugzilla.suse.com/show_bug.cgi?id=1094437
- https://bugzilla.suse.com/show_bug.cgi?id=1095241
- https://bugzilla.suse.com/show_bug.cgi?id=1096140
- https://bugzilla.suse.com/show_bug.cgi?id=1096242
- https://bugzilla.suse.com/show_bug.cgi?id=1096281
- https://bugzilla.suse.com/show_bug.cgi?id=1096746
- https://bugzilla.suse.com/show_bug.cgi?id=1097443
- https://bugzilla.suse.com/show_bug.cgi?id=1097445
- https://bugzilla.suse.com/show_bug.cgi?id=1097948
- https://bugzilla.suse.com/show_bug.cgi?id=973378
- https://bugzilla.suse.com/show_bug.cgi?id=989401