SUSE-SU-2016:1937-1

The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.61 to receive various security and bugfixes.

Main feature additions: - Improved support for Clustered File System (CephFS, fate#318586).

The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547). - CVE-2014-9904: The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRVCOMPRESSSETPARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/userdefined.c (bnc#958463). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XENPCIOP* operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XENPCIOPenablemsi operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tmreclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Integer overflow in lib/asn1decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-2053: The asn1berdecoder function in lib/asn1decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the publickeyverifysignature function in crypto/asymmetrickeys/publickey.c (bnc#963762). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3672: The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDRNORANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-3707: The icmpchecksysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmpechosysrq file (bnc#980246). - CVE-2016-4470: The keyrejectandlink function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The procconnectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFSCONNECTINFO ioctl call (bnc#978401). - CVE-2016-4486: The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The sndtimeruserparams function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) sndtimeruserccallback and (2) sndtimerusertinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/pppgeneric.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the pppregisternetchannel and pppunregisterchannel functions (bnc#980371). - CVE-2016-4997: The compat IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5244: The rdsincinfocopy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The startthread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).

The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - Add waiteventcmd() (bsc#953048). - Btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - Btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - Btrfs: do not return EBUSY on concurrent subvolume mounts (bsc#951844). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#977685). - Btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - Btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - CacheFiles: Fix incorrect test for in-memory object collision (bsc#971049). - CacheFiles: Handle object being killed before being set up (bsc#971049). - EDAC, sbedac: Add support for duplicate device IDs (bsc#979521). - EDAC, sbedac: Fix TAD presence check for sbridgemcibinddevs() (bsc#979521). - EDAC, sbedac: Fix rank lookup on Broadwell (bsc#979521). - EDAC/sbedac: Fix computation of channel address (bsc#979521). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - FS-Cache: Add missing initialization of ret in cachefileswritepage() (bsc#971049). - FS-Cache: Count culled objects and objects rejected due to lack of space (bsc#971049). - FS-Cache: Fix cancellation of in-progress operation (bsc#971049). - FS-Cache: Handle a new operation submitted against a killed object (bsc#971049). - FS-Cache: Move fscachereportunexpectedsubmission() to make it more available (bsc#971049). - FS-Cache: Out of line fscacheoperationinit() (bsc#971049). - FS-Cache: Permit fscachecancelop() to cancel in-progress operations too (bsc#971049). - FS-Cache: Put an aborted initialised op so that it is accounted correctly (bsc#971049). - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049). - FS-Cache: Synchronise object death state change vs operation submission (bsc#971049). - FS-Cache: The operation cancellation method needs calling in more places (bsc#971049). - FS-Cache: Timeout for releasepage() (bsc#971049). - FS-Cache: When submitting an op, cancel it if the target object is dying (bsc#971049). - FS-Cache: fscacheobjectisdead() has wrong logic, kill it (bsc#971049). - Fix cifsuniqueidtoinot() function for s390x (bsc#944309) - Fix kabi issue (bsc#971049). - Input: i8042 - lower log level for 'no controller' message (bsc#945345). - KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770). - MM: increase safety margin provided by PFLESSTHROTTLE (bsc#956491). - NVMe: Unify controller probe and resume (bsc#979347). - NVMe: init nvme queue before enabling irq (bsc#662458). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Revert 'scsi: fix soft lockup in scsiremovetarget() on module removal' (bsc#970609). - SCSI: Increase REPORTLUNS timeout (bsc#982282). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-maxsegments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570). - Use mainline variant of hyperv KVP IP failover patch (bnc#978527) - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sockput wasn't safe to call in interrupt context (bsc#977417). - Vmxnet3: set CHECKSUMUNNECESSARY for IPv6 packets (bsc#976739). - base: make modulecreatedriversdir race-free (bnc#983977). - block: do not check request size in blkclonedrqchecklimits() (bsc#972124). - cachefiles: perform test on sblocksize when opening cache file (bsc#971049). - cdcncm: workaround for EM7455 'silent' data interface (bnc#988552). - ceph fscache: Introduce a routine for uncaching single no data page from fscache. - ceph fscache: Uncaching no data page from fscache in readpage(). - ceph: Asynchronous IO support. - ceph: Avoid to propagate the invalid page point. - ceph: Clean up if error occurred in finishread(). - ceph: EIO all operations after forced umount. - ceph: Implement writev/pwritev for sync operation. - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: add acl for cephfs. - ceph: add acl, noacl options for cephfs mount. - ceph: add getname() NFS export callback. - ceph: add getparent() NFS export callback. - ceph: add imported caps when handling cap export message. - ceph: add inline data to pagecache. - ceph: add missing initacl() for mkdir() and atomicopen(). - ceph: add open export target session helper. - ceph: add request to iunsafedirops when getting unsafe reply. - ceph: additional debugfs output. - ceph: always re-send cap flushes when MDS recovers. - ceph: avoid block operation when !TASKRUNNING (cephgetcaps). - ceph: avoid block operation when !TASKRUNNING (cephmdscclosesessions). - ceph: avoid block operation when !TASKRUNNING (cephmdscsync). - ceph: avoid releasing caps that are being used. - ceph: avoid sending unnessesary FLUSHSNAP message. - ceph: avoid useless cephgetdentryparentinode() in cephrename(). - ceph: cast PAGESIZE to sizet in cephsyncwrite(). - ceph: cephfragcontainsvalue can be boolean. - ceph: cephgetparent() can be static. - ceph: check OSD caps before read/write. - ceph: check buffer size in cephvxattrcblayout(). - ceph: check caps in filemapfault and pagemkwrite. - ceph: check directory's completeness before emitting directory entry. - ceph: check inode caps in cephdrevalidate. - ceph: check unsupported fallocate mode. - ceph: check zero length in cephsyncread(). - ceph: checking for ISERR instead of NULL. - ceph: cleanup unsafe requests when reconnecting is denied. - ceph: cleanup use of cephmsgget. - ceph: clear directory's completeness when creating file. - ceph: convert inline data to normal data before data write. - ceph: do not assume rolddentry[dir] always set together. - ceph: do not chain inode updates to parent fsync. - ceph: do not grabs open file reference for aborted request. - ceph: do not include ceph.{file,dir}.layout vxattr in listxattr(). - ceph: do not include used caps in capwanted. - ceph: do not invalidate page cache when inode is no longer used. - ceph: do not mark dirty caps when there is no auth cap. - ceph: do not pre-allocate space for cap release messages. - ceph: do not set rolddentrydir on link(). - ceph: do not trim auth cap when there are cap snaps. - ceph: do not zero iwrbufferref when reconnecting is denied. - ceph: drop cap releases in requests composed before cap reconnect. - ceph: drop extra open file reference in cephatomicopen(). - ceph: drop unconnected inodes. - ceph: exclude setfilelock requests when calculating oldest tid. - ceph: export cephsessionstatename function. - ceph: fetch inline data when getting Fcr cap refs. - ceph: fix _dcachereaddir(). - ceph: fix a comment typo. - ceph: fix append mode write. - ceph: fix atomicopen snapdir. - ceph: fix bool assignments. - ceph: fix cache revoke race. - ceph: fix cephdirllseek(). - ceph: fix cephfhtoparent(). - ceph: fix cephremovexattr(). - ceph: fix cephsetacl(). - ceph: fix cephwritepagesstart(). - ceph: fix dcache/nocache mount option. - ceph: fix dentry leaks. - ceph: fix directory fsync. - ceph: fix divide-by-zero in _validatelayout(). - ceph: fix double pageunlock() in pagemkwrite(). - ceph: fix dout() compile warnings in cephfilemapfault(). - ceph: fix file lock interruption. - ceph: fix flush tid comparision. - ceph: fix flushing caps. - ceph: fix llistxattr on symlink. - ceph: fix message length computation. - ceph: fix mksnap crash. - ceph: fix null pointer dereference in sendmdsreconnect(). - ceph: fix prfmt() redefinition. - ceph: fix queuing inode to mdsdir's snaprealm. - ceph: fix reading inline data when isize greater than PAGESIZE. - ceph: fix request time stamp encoding. - ceph: fix resetreaddir(). - ceph: fix setting empty extended attribute. - ceph: fix sizeof(struct tYpO *) typo. - ceph: fix snap context leak in error path. - ceph: fix trim caps. - ceph: fix uninline data function. - ceph: flush cap release queue when trimming session caps. - ceph: flush inline version. - ceph: forbid mandatory file lock. - ceph: fscache: Update object store limit after file writing. - ceph: fscache: Wait for completion of object initialization. - ceph: fscache: add an interface to synchronize object store limit. - ceph: get inode size for each append write. - ceph: handle -ESTALE reply. - ceph: handle SESSIONFORCERO message. - ceph: handle cap export race in tryflushcaps(). - ceph: handle cap import atomically. - ceph: handle frag mismatch between readdir request and reply. - ceph: handle race between cap reconnect and cap release. - ceph: handle session flush message. - ceph: hold on to exclusive caps on complete directories. - ceph: implement readv/preadv for sync operation. - ceph: improve readahead for file holes. - ceph: improve reference tracking for snaprealm. - ceph: include time stamp in every MDS request. - ceph: include time stamp in replayed MDS requests. - ceph: initial CEPHFEATUREFSFILELAYOUTV2 support. - ceph: initialize inode before instantiating dentry. - ceph: introduce a new inode flag indicating if cached dentries are ordered. - ceph: introduce cephfillfragtree(). - ceph: introduce global empty snap context. - ceph: invalidate dirty pages after forced umount. - ceph: keep isnaprealm while there are writers. - ceph: kstrdup() memory handling. - ceph: let MDS adjust readdir 'frag'. - ceph: make cephforgetallcachedacls() static inline. - ceph: make fsync() wait unsafe requests that created/modified inode. - ceph: make sure syncfs flushes all cap snaps. - ceph: make sure write caps are registered with auth MDS. - ceph: match waitforcompletiontimeout return type. - ceph: message versioning fixes. - ceph: move cephfindinode() outside the smutex. - ceph: move spinlocking into cephencodelockstobuffer and cephcountlocks. - ceph: no need to get parent inode in cephopen. - ceph: parse inline data in MClientReply and MClientCaps. - ceph: pre-allocate cephcap struct for cephaddcap(). - ceph: pre-allocate data structure that tracks caps flushing. - ceph: preallocate buffer for readdir reply. - ceph: print inode number for LOOKUPINO request. - ceph: properly apply umask when ACL is enabled. - ceph: properly handle XATTRCREATE and XATTRREPLACE. - ceph: properly mark empty directory as complete. - ceph: properly release page upon error. - ceph: properly zero data pages for file holes. - ceph: provide seperate {inode,file}operations for snapdir. - ceph: queue cap release in _cephremovecap(). - ceph: queue vmtruncate if necessary when handing cap grant/revoke. - ceph: ratelimit warn messages for MDS closes session. - ceph: re-send AIO write request when getting -EOLDSNAP error. - ceph: re-send flushing caps (which are revoked) in reconnect stage. - ceph: re-send requests when MDS enters reconnecting stage. - ceph: refactor readpagenounlock() to make the logic clearer. - ceph: remember subtree root dirfrag's auth MDS. - ceph: remove exported caps when handling cap import message. - ceph: remove outdated frag information. - ceph: remove redundant code for max file size verification. - ceph: remove redundant declaration. - ceph: remove redundant memset(0). - ceph: remove redundant test of head->safe and silence static analysis warnings. - ceph: remove the useless judgement. - ceph: remove unused functions in cephfrag.h. - ceph: remove unused stringification macros. - ceph: remove useless ACL check. - ceph: remove xattr when null value is given to setxattr(). - ceph: rename snapshot support. - ceph: replace comma with a semicolon. - ceph: request xattrs if xattrversion is zero. - ceph: reserve caps for file layout/lock MDS requests. - ceph: reset rresendmds after receiving -ESTALE. - ceph: return error for traceless reply race. - ceph: rework dcache readdir. - ceph: send TID of the oldest pending caps flush to MDS. - ceph: send client metadata to MDS. - ceph: set caps count after composing cap reconnect message. - ceph: set iheadsnapc when getting CEPHCAPFILEWR reference. - ceph: set mdswanted when MDS reply changes a cap to auth cap. - ceph: show nocephxrequiresignatures and notcpnodelay options. - ceph: show non-default options only. - ceph: simplify cephfhtodentry(). - ceph: simplify two mounttimeout sites. - ceph: skip invalid dentry during dcache readdir. - ceph: support inline data feature. - ceph: switch some GFPNOFS memory allocation to GFPKERNEL. - ceph: sync read inline data. - ceph: take snaprwsem when accessing snap realm's cachedcontext. - ceph: tolerate bad isize for symlink inode (bsc#985232). - ceph: track pending caps flushing accurately. - ceph: track pending caps flushing globally. - ceph: trim unused inodes before reconnecting to recovering MDS. - ceph: trivial comment fix. - ceph: update imaxsize even if inode version does not change. - ceph: update inode fields according to issued caps. - ceph: use %zu for len in cephfillinlinedata(). - ceph: use cephseqcmp() to compare migrateseq. - ceph: use empty snap context for uninlinedata and getpoolperm. - ceph: use fl->flfile as owner identifier of flock and posix lock. - ceph: use fl->fltype to decide flock operation. - ceph: use fposcmp() to compare dentry positions. - ceph: use getattr request to fetch inline data. - ceph: use isize{read,write} to get/set isize. - ceph: use msecstojiffies for time conversion. - ceph: use pagelist to present MDS request data. - ceph: use truncatepagecache() instead of truncateinodepages(). - cephsync{,direct}write: fix an oops on cephosdcnewrequest() failure. - client: include kernel version in client metadata. - cpuset: Fix potential deadlock w/ setmemsallowed (bsc#960857, bsc#974646). - crush: add chooseleafstable tunable. - crush: decode and initialize chooseleafstable. - crush: ensure bucket id is valid before indexing buckets array. - crush: ensure take bucket value is valid. - crush: fix crash from invalid 'take' argument. - crush: sync up with userspace. - crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode (bsc#958390). - crypto: testmgr - mark authenticated ctr(aes) also as FIPS able (bsc#958390). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screeninfo struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlanfeatures (bsc#966245). - fs/ceph/debugfs.c: replace seqprintf by seqputs. - fs/ceph: replace prwarning by prwarn. - hid-elo: kill not flush the work (bnc#982354). - hv: util: Pass the channel information during the init call (bnc#978527). - hv: utils: Invoke the poll function after handshake (bnc#978527). - hv: vmbus: Fix signaling logic in hvneedtosignalonread(). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi/severities: Added raw3270* PASS to allow IBM LTC changes (bnc#979922, LTC#141736). - kabi/severities: Allow changes in zpci* symbols (bsc#974692) - kabi/severities: Whitelist libceph and rbd (bsc#964727). - kabi/severities: Whitelist libceph and rbd. - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi: protect struct fcrportpriv (bsc#953233, bsc#962846). - kgraft/gfs2: Do not block livepatching in the log daemon for too long. - kgraft/xen: Do not block livepatching in the XEN blkif kthread. - libceph: Avoid holding the zero page on cephmsgrslabinit errors. - libceph: Fix cephtcpsendpage()'s more boolean usage. - libceph: MOSDOpReply v7 encoding. - libceph: Remove spurious kunmap() of the zero page. - libceph: a couple tweaks for wait loops. - libceph: add nocephxsignmessages option. - libceph: advertise support for TUNABLES5. - libceph: advertise support for keepalive2. - libceph: allow setting osdreqop's flags. - libceph: check datalen in ->allocmsg(). - libceph: clear messenger authretry flag if we fault. - libceph: clear msg->con in cephmsgrelease() only. - libceph: do not access invalid memory in keepalive2 path. - libceph: do not spam dmesg with stray reply warnings. - libceph: drop authorizer check from cephx msg signing routines. - libceph: evaluate osdreqopdata() arguments only once. - libceph: fix authorizer invalidation, take 2. - libceph: fix cephmsgrevoke(). - libceph: fix wrong name 'Ceph filesystem for Linux'. - libceph: handle writefull for OSD op extent init (bsc#980706). - libceph: introduce cephxauthorizercleanup(). - libceph: invalidate AUTH in addition to a service ticket. - libceph: kill off cephxtickethandler::validity. - libceph: move cephfilelayout helpers to cephfs.h. - libceph: msg signing callouts do not need con argument. - libceph: nuke timesub(). - libceph: properly release STAT request's rawdatain. - libceph: remove con argument in handlereply(). - libceph: remove outdated comment. - libceph: remove the unused macro AESKEYSIZE. - libceph: rename conwork() to cephconworkfn(). - libceph: set 'exists' flag for newly up osd. - libceph: stop duplicating client fields in messenger. - libceph: store timeouts in jiffies, verify user input. - libceph: treat sockaddrstorage with uninitialized family as blank. - libceph: use keepalive2 to verify the mon session is alive. - libceph: use listforeachentrysafe. - libceph: use listnextentry instead of listentrynext. - libceph: use local variable cursor instead of msg->cursor. - libceph: use the right footer size when skipping a message. - libfc: replace 'rpmutex' with 'rplock' (bsc#953233, bsc#962846). - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: For stripe with R5ReadNoMerge, we replace REQFLUSH with REQNOMERGE. - md/raid5: add handleflags arg to breakstripebatchlist (bsc#953048). - md/raid5: allow the stripecache to grow and shrink (bsc#953048). - md/raid5: always set conf->prevchunksectors and ->prevalgo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call breakstripebatchlist from handlestripecleanevent (bsc#953048). - md/raid5: change ->>inactiveblocked to a bit-flag (bsc#953048). - md/raid5: clear R5NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPEBITDELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripehead management. - md/raid5: consider updating reshapeposition at start of reshape (bsc#953048). - md/raid5: deadlock between retryalignedread with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in needthisblock() (bsc#953048). - md/raid5: do not let shrinkslab shrink too far (bsc#953048). - md/raid5: duplicate some more handlestripecleanevent code in breakstripebatchlist (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix initstripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handlestripecleanevent() (bsc#953048). - md/raid5: fix newly-broken locking in getactivestripe. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore releasedstripes check (bsc#953048). - md/raid5: more incorrect BUGON in handlestripefill (bsc#953048). - md/raid5: move maxnrstripes management into growonestripe and droponestripe (bsc#953048). - md/raid5: needthisblock: start simplifying the last two conditions (bsc#953048). - md/raid5: needthisblock: tidy/fix last condition (bsc#953048). - md/raid5: new allocstripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfpt arg to growonestripe() (bsc#953048). - md/raid5: per hash value and exclusive waitforstripe (bsc#953048). - md/raid5: preserve STRIPEPREREADACTIVE in breakstripebatchlist. - md/raid5: remove condition test from checkbreakstripebatchlist (bsc#953048). - md/raid5: remove incorrect 'mint()' when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripeaddtobatchlist() (bsc#953048). - md/raid5: separate large if clause out of fetchblock() (bsc#953048). - md/raid5: separate out the easy conditions in needthisblock (bsc#953048). - md/raid5: split waitforstripe and introduce waitforquiescent (bsc#953048). - md/raid5: strengthen check on reshapeposition at run (bsc#953048). - md/raid5: switch to use conf->chunksectors in place of mddev->chunksectors where possible (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md/raid5: use biolist for the list of bios to return (bsc#953048). - md: be careful when testing resyncmax against currresynccompleted (bsc#953048). - md: doreleasestripe(): No need to call mdwakeupthread() twice (bsc#953048). - md: make sure MDRECOVERYDONE is clear before starting recovery/resync (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use setbit/clearbit instead of shift/mask for biflags changes (bsc#953048). - mds: check cap ID when handling cap export message. - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mmc: sdhci: Allow for irq being shared (bnc#977582). - mpt3sas: Fix use sasistlrenabled API before enabling MPI2SCSIIOCONTROLTLRON flag (bsc#967640). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skbmacgsosegment (bsc#968667). - net: Start with correct maclen in skbnetworkprotocol (bsc#968667). - net: disable fragment reassembly if highthresh is set to zero (bsc#970506). - net: fix wrong maclen calculation for vlans (bsc#968667). - netfilter: bridge: Use _in6devget rather than in6devget in brvalidateipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: do not poll the CQ from the kthread (bsc#975788, bsc#965087). - nvme: fix maxsegments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2removerightmostpath() and ocfs2updateedgelengths() before to avoid inconsistency between inode and et (bnc#971947). - perf/rapl: Fix sysfsshow() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel (bsc@976821). - powerpc/book3s64: Remove _endhandlers marker (bsc#976821). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: Retry R5ReadNoMerge flag when hit a read error. - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: batch adjacent full stripe write (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - raid5: checkreshape() shouldn't call mddevsuspend (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: getactivestripe avoids devicelock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: makerequest does less prepare wait. - raid5: relieve lock contention in getactivestripe(). - raid5: relieve lock contention in getactivestripe(). - raid5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - raid5: speedup syncrequest processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flexarray for scribble data (bsc#953048). - rbd: bump queuemaxsegments. - rbd: delete an unnecessary check before rbddevdestroy(). - rbd: do not free rbddev outside of the release callback. - rbd: do not put snapcontext twice in rbdqueueworkfn(). - rbd: drop null test before destroy functions. - rbd: handle OBJREQUESTSG types for copyup (bsc#983394). - rbd: plug rbddev->header.objectprefix memory leak. - rbd: rbdwq comment is obsolete. - rbd: remove duplicate calls to rbddevmappingclear(). - rbd: report unsupported features to syslog (bsc#979169). - rbd: return -ENOMEM instead of pool id if rbddevcreate() fails. - rbd: set devicetype::release instead of device::release. - rbd: set maxsectors explicitly. - rbd: store rbdoptions in rbddevice. - rbd: terminate rbdoptstokens with Opterr. - rbd: timeout watch teardown on unmap with mounttimeout. - rbd: use writefull op for object size writes. - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c. - s390/3270: add missing ttykrefput (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390/mm: fix ascebits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/pci: add extra padding to function measurement block (bnc#974692, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#974692, LTC#139445). - s390/pci: extract software counters from fmb (bnc#974692, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#974692, LTC#139444). - s390/pcidma: fix DMA table corruption with > 4 TB main memory (bnc#974692, LTC#139401). - s390/pcidma: handle dma table failures (bnc#974692, LTC#139442). - s390/pcidma: improve debugging of errors during dma map (bnc#974692, LTC#139442). - s390/pcidma: unify label of invalid translation table entries (bnc#974692, LTC#139442). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - s390: fix testfpctl inline assembly contraints (bnc#988215, LTC#143138). - sbedac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sbedac: Fix support for systems with two home agents per socket (bsc#979521). - sbedac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sbedac: look harder for DDRIO on Haswell systems (bsc#979521). - sbedac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clocknanosleep()/clockgettime() inconsistency (bnc#988498). - sched/cputime: Fix cputimersamplegroup() double accounting (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - sched: Provide updatecurr callbacks for stop/idle scheduling classes (bnc#988498). - scsi-bnx2fc-handlescsiretrydelay - scsi-bnx2fc-softlockupwhenrmmod - scsi: Avoid crashing if device uses DIX but adapter does not support it (bsc#969016). - sd: get disk reference in sdcheckevents() (bnc#897662). - target/rbd: do not put snapcontext twice (bsc#981143). - target/rbd: do not put snapcontext twice (bsc#981143). - target/rbd: remove cawmutex usage (bsc#981143). - target/rbd: remove cawmutex usage (bsc#981143). - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - vgaarb: Add more context to error messages (bsc#976868). - wait: introduce waiteventexclusivecmd (bsc#953048). - x86 EDAC, sbedac.c: Repair damage introduced when 'fixing' channel address (bsc#979521). - x86 EDAC, sbedac.c: Take account of channel hashing when needed (bsc#979521). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parseefisetup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: standardize mmaprnd() usage (bnc#974308). - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFSIALLOCBLOCKS macros (bsc#984148). - xfs: get rid of XFSINODECLUSTER_SIZE macros (bsc#984148).