SUSE-SU-2018:0383-1

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

  The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

• CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function getnetnsbyid() in net/core/netnamespace.c did not check for the net::count value after it has found a peer network in netnsids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).

• CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229).
• CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).
• CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled statesequal comparisons between the pointer data type and the UNKNOWNVALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928).
• CVE-2017-18017: The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xtTCPMSS in an iptables action (bnc#1074488).
• CVE-2018-5332: In the Linux kernel the rdsmessageallocsgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rdsrdmaextrasize function in net/rds/rdma.c) (bnc#1075621).
• CVE-2018-5333: In the Linux kernel the rdscmsgatomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfree_op NULL pointer dereference (bnc#1075617).
• CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).

The following non-security bugs were fixed:

• 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).
• acpi / scan: Prefer devices without HID/CID for _ADR matching (bnc#1012382).
• afkey: fix buffer overread in parseexthdrs() (bnc#1012382).
• afkey: fix buffer overread in verifyaddress_len() (bnc#1012382).
• afs: Adjust mode bits processing (bnc#1012382).
• afs: Connect up the CB.ProbeUuid (bnc#1012382).
• afs: Fix afskillpages() (bnc#1012382).
• afs: Fix missing put_page() (bnc#1012382).
• afs: Fix page leak in afswritebegin() (bnc#1012382).
• afs: Fix the maths in afsfsstore_data() (bnc#1012382).
• afs: Flush outstanding writes when an fd is closed (bnc#1012382).
• afs: Migrate vlocation fields to 64-bit (bnc#1012382).
• afs: Populate and use client modification time (bnc#1012382).
• afs: Populate group ID from vnode status (bnc#1012382).
• afs: Prevent callback expiry timer overflow (bnc#1012382).
• alpha: fix build failures (bnc#1012382).
• alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717).
• alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).
• alsa: aloop: Release cable upon open error path (bsc#1031717).
• alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717).
• alsa: hda - Add MICNOPRESENCE fixup for 2 HP machines (bsc#1031717).
• alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717).
• alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717).
• alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717).
• alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717).
• alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717).
• alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).
• alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717).
• alsa: hda: Drop useless WARN_ON() (bsc#1031717).
• alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717).
• alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717).
• alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717).
• alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717).
• alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717).
• alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717).
• alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717).
• alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717).
• alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717).
• alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717).
• alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717).
• alsa: hda/realtek - Add support for ALC1220 (bsc#1031717).
• alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717).
• alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717).
• alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717).
• alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717).
• alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717).
• alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717).
• alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717).
• alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717).
• alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717).
• alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717).
• alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717).
• alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717).
• alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717).
• alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717).
• alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717).
• alsa: hda/realtek - New codec support for ALC257 (bsc#1031717).
• alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717).
• alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717).
• alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717).
• alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717).
• alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717).
• alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717).
• alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717).
• alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717).
• alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717).
• alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717).
• alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717).
• alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717).
• alsa: pcm: prevent UAF in sndpcminfo (bsc#1031717).
• alsa: pcm: Remove incorrect sndBUGON() usages (bsc#1031717).
• alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).
• alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717).
• alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717).
• alsa: usb-audio: Add check return value for usb_string() (bsc#1031717).
• alsa: usb-audio: Fix out-of-bound error (bsc#1031717).
• alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717).
• arc: uaccess: dont use 'l' gcc inline asm constraint modifier (bnc#1012382).
• arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032).
• arm64: Add tracehardirqsoff annotation in rettouser (bsc#1068032).
• arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032).
• arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).
• arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032).
• arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032).
• arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032).
• arm64: debug: remove unused localdbg{enable, disable} macros (bsc#1068032).
• arm64: Define cputype macros for Falkor CPU (bsc#1068032).
• arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).
• arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187).
• arm64: do not pull uaccess.h into *.S (bsc#1068032).
• arm64: Enable CONFIGARM64SWTTBR0PAN (bsc#1068032).
• arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032).
• arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032).
• arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032).
• arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032).
• arm64: entry: remove pointless SPSR mode check (bsc#1068032).
• arm64: entry.S convert el0_sync (bsc#1068032).
• arm64: entry.S: convert el1_sync (bsc#1068032).
• arm64: entry.S: convert elX_irq (bsc#1068032).
• arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032).
• arm64: entry.S: Remove disable_dbg (bsc#1068032).
• arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032).
• arm64: explicitly mask all exceptions (bsc#1068032).
• arm64: factor out entry stack manipulation (bsc#1068032).
• arm64: factor out PAGE* and CONT* definitions (bsc#1068032).
• arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032).
• arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032).
• arm64: factor work_pending state machine to C (bsc#1068032).
• arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).
• arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).
• arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032).
• arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).
• arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032).
• arm64: Implement branch predictor hardening for Falkor (bsc#1068032).
• arm64: Initialise high_memory global variable earlier (bnc#1012382).
• arm64: introduce an order for exceptions (bsc#1068032).
• arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032).
• arm64: Introduce uaccess{disable,enable} functionality based on TTBR0EL1 (bsc#1068032).
• arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032).
• arm64: Kconfig: Add CONFIGUNMAPKERNELATEL0 (bsc#1068032).
• arm64: Kconfig: Reword UNMAPKERNELAT_EL0 kconfig entry (bsc#1068032).
• arm64: kill ESRLNXEXEC (bsc#1068032).
• arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032).
• arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232).
• arm64: kvm: fix VTTBRBADDRMASK BUG_ON off-by-one (bnc#1012382).
• arm64: kvm: Make PSCI_VERSION a fast path (bsc#1068032).
• arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032).
• arm64: Mask all exceptions during kernel_exit (bsc#1068032).
• arm64: mm: Add arm64kernelunmappedatel0 helper (bsc#1068032).
• arm64: mm: Allocate ASIDs in pairs (bsc#1068032).
• arm64: mm: Fix and re-enable ARM64SWTTBR0_PAN (bsc#1068032).
• arm64: mm: hardcode rodata=true (bsc#1068032).
• arm64: mm: Introduce TTBRASIDMASK for getting at the ASID in the TTBR (bsc#1068032).
• arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032).
• arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032).
• arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).
• arm64: mm: Remove prettbr0update_workaround for Falkor erratum #E1003 (bsc#1068032).
• arm64: mm: Rename postttbr0update_workaround (bsc#1068032).
• arm64: mm: Temporarily disable ARM64SWTTBR0_PAN (bsc#1068032).
• arm64: mm: Use non-global mappings for kernel space (bsc#1068032).
• arm64: Move BP hardening to checkandswitch_context (bsc#1068032).
• arm64: Move postttbrupdate_workaround to C code (bsc#1068032).
• arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032).
• arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032).
• arm64: SW PAN: Update saved ttbr0 value on enterlazytlb (bsc#1068032).
• arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032).
• arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032).
• arm64: Take into account IDAA64PFR0EL1.CSV3 (bsc#1068032).
• arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed.
• arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032).
• arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).
• arm64: use alternative auto-nop (bsc#1068032).
• arm64: use RET instruction for exiting the trampoline (bsc#1068032).
• arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).
• arm/arm64: kvm: Make default HYP mappings non-excutable (bsc#1068032).
• arm: avoid faulting on qemu (bnc#1012382).
• arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).
• arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).
• arm: dma-mapping: disallow dmagetsgtable() for non-kernel managed memory (bnc#1012382).
• arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).
• arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382).
• arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382).
• arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).
• arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).
• arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382).
• arm: kvm: Fix VTTBRBADDRMASK BUG_ON off-by-one (bnc#1012382).
• arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).
• arm: OMAP2+: Fix device node reference counts (bnc#1012382).
• arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382).
• arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382).
• asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes).
• asn.1: check for error from ASN1OPEND__ACT actions (bnc#1012382).
• asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382).
• asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717).
• asoc: twl4030: fix child-node lookup (bsc#1031717).
• asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717).
• ath9k: fix tx99 potential info leak (bnc#1012382).
• atm: horizon: Fix irq release error (bnc#1012382).
• audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382).
• axonram: Fix gendisk handling (bnc#1012382).
• backlight: pwm_bl: Fix overflow condition (bnc#1012382).
• bcache: add a comment in journal bucket reading (bsc#1076110).
• bcache: Avoid nested function definition (bsc#1076110).
• bcache: bchallocatorthread() is not freezable (bsc#1076110).
• bcache: bchwritebackthread() is not freezable (bsc#1076110).
• bcache: check return value of register_shrinker (bsc#1076110).
• bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110).
• bcache: documentation updates and corrections (bsc#1076110).
• bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110).
• bcache: do not write back data if reading it failed (bsc#1076110).
• bcache: explicitly destroy mutex while exiting (bnc#1012382).
• bcache: fix a comments typo in bchallocsectors() (bsc#1076110).
• bcache: Fix building error on MIPS (bnc#1012382).
• bcache: fix sequential large write IO bypass (bsc#1076110).
• bcache: fix wrong cache_misses statistics (bnc#1012382).
• bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078).
• bcache: implement PI controller for writeback rate (bsc#1076110).
• bcache: increase the number of open buckets (bsc#1076110).
• bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652).
• bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784).
• bcache: rearrange writeback main thread ratelimit (bsc#1076110).
• bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652).
• bcache: Remove redundant set_capacity (bsc#1076110).
• bcache: remove unused parameter (bsc#1076110).
• bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085).
• bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
• bcache: silence static checker warning (bsc#1076110).
• bcache: smooth writeback rate control (bsc#1076110).
• bcache.txt: standardize document format (bsc#1076110).
• bcache: update bio->biopf bypass/writeback REQ flag hints (bsc#1076110).
• bcache: update bucketinuse in real time (bsc#1076110).
• bcache: Update continue_at() documentation (bsc#1076110).
• bcache: use kmalloc to allocate bio in bchdataverify() (bsc#1076110).
• bcache: use llistforeachentrysafe() in _closurewake_up() (bsc#1076110).
• bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
• bcache: writeback rate shouldn't artifically clamp (bsc#1076110).
• be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192).
• block: wake up all tasks blocked in get_request() (bnc#1012382).
• bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).
• bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382).
• bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382).
• bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382).
• btrfs: add missing memset while reading compressed inline extents (bnc#1012382).
• btrfs: clear space cache inode generation always (bnc#1012382).
• btrfs: embed extentchangeset::rangechanged to the structure (dependent patch, bsc#1031395).
• btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (bsc#1031395).
• btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (bsc#1031395).
• btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependent patch, bsc#1031395).
• btrfs: qgroup: Return actually freed bytes for qgroup release or free data (bsc#1031395).
• btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make CONFIGBTRFSFSRUNSANITY_TESTS pass compile).
• btrfs: ulist: make the finalization function public (dependent patch, bsc#1031395).
• btrfs: ulist: rename ulistfini to ulistrelease (dependent patch, bsc#1031395).
• can: afcan: canfdrcv(): replace WARNONCE by prwarn_once (bnc#1012382).
• can: afcan: canrcv(): replace WARNONCE by prwarn_once (bnc#1012382).
• can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
• can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
• can: gsusb: fix return value of the 'setbittiming' callback (bnc#1012382).
• can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
• can: kvaserusb: Fix comparison bug in kvaserusbreadbulk_callback() (bnc#1012382).
• can: kvaser_usb: free buf in error paths (bnc#1012382).
• can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382).
• can: peak: fix potential bug in packet fragmentation (bnc#1012382).
• can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).
• can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).
• cdc-acm: apply quirk for card reader (bsc#1060279).
• cdrom: factor out common openfor* code (bsc#1048585).
• cdrom: wait for tray to close (bsc#1048585).
• ceph: more accurate statfs (bsc#1077068).
• clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382).
• clk: mediatek: add the option for determining PLL source clock (bnc#1012382).
• clk: tegra: Fix cclk_lp divisor register (bnc#1012382).
• config: arm64: enable HARDENBRANCHPREDICTOR
• config: arm64: enable UNMAPKERNELAT_EL0
• cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382).
• cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382).
• cpuidle: Validate cpudev in cpuidleadd_sysfs() (bnc#1012382).
• crypto: algapi - fix NULL dereference in cryptoremovespawns() (bnc#1012382).
• crypto: chacha20poly1305 - validate the digest size (bnc#1012382).
• crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).
• crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382).
• crypto: deadlock between cryptoalgsem/rtnlmutex/genlmutex (bnc#1012382).
• crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).
• crypto: n2 - cure use after free (bnc#1012382).
• crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).
• crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382).
• crypto: tcrypt - fix buffer lengths in testaeadspeed() (bnc#1012382).
• cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223).
• dax: Pass detailed error code from _daxfault() (bsc#1072484).
• dccp: do not restart ccid2hctxrtoexpire() if sk in closed state (bnc#1012382).
• delay: add polleventinterruptible (bsc#1048585).
• dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704).
• dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382).
• dmaengine: Fix array index out of bounds warning in _getunmap_pool() (bnc#1012382).
• dmaengine: pl330: fix double lock (bnc#1012382).
• dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382).
• dm btree: fix serious bug in btreesplitbeneath() (bnc#1012382).
• dm bufio: fix shrinker scans when (nrtoscan < retain_target) (bnc#1012382).
• dm thin metadata: THINMAXCONCURRENT_LOCKS should be 6 (bnc#1012382).
• drivers/firmware: Expose pscigetversion through psci_ops structure (bsc#1068032).
• drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).
• drm: extra printk() wrapper macros (bnc#1012382).
• drm/exynos/decon5433: set STANDALONEUPDATEF on output enablement (bnc#1012382).
• drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382).
• drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).
• drm/radeon: fix atombios on big endian (bnc#1012382).
• drm/radeon: reinstate oland workaround for sclk (bnc#1012382).
• drm/radeon/si: add dpm quirk for Oland (bnc#1012382).
• drm/vmwgfx: Potential off by one in vmwviewadd() (bnc#1012382).
• dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382).
• edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).
• edac, i5000, i5400: Fix use of MTRDRAMWIDTH macro (bnc#1012382).
• edac, sb_edac: Fix missing break in switch (bnc#1012382).
• eeprom: at24: check at24_read/write arguments (bnc#1012382).
• efi/esrt: Cleanup bad memory map log messages (bnc#1012382).
• efi: Move some sysfs files to be read-only by root (bnc#1012382).
• eventpoll.h: add missing epoll event masks (bnc#1012382).
• ext4: fix crash when a directory's i_size is too small (bnc#1012382).
• ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).
• ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).
• fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382).
• Fix EX_SIZE. We do not have the patches that shave off parts of the exception data.
• Fix mishandling of cases with MSR not being present (writing to MSR even though _state == -1).
• Fix return value from ib[rs|pb]_enabled()
• Fixup hang when calling 'nvme list' on all paths down (bsc#1070052).
• fjes: Fix wrong netdevice feature flags (bnc#1012382).
• flow_dissector: properly cap thoff field (bnc#1012382).
• fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).
• fork: clear thread stack upon allocation (bsc#1077560).
• fscache: Fix the default for fscachemayberelease_page() (bnc#1012382).
• futex: Prevent overflow by strengthen input validation (bnc#1012382).
• gcov: disable for COMPILE_TEST (bnc#1012382).
• gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382).
• gpio: altera: Use handlelevelirq when configured as a level_high (bnc#1012382).
• hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382).
• hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382).
• hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).
• hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).
• hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).
• i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249).
• i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249).
• i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).
• i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249).
• i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).
• i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249).
• i40iw: Do not free sqbuf when event is I40IWTIMERTYPE_CLOSE (bsc#1024376 FATE#321249).
• i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249).
• i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249).
• i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249).
• i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249).
• i40iw: Move cqpcmdhead init to CQP initialization (bsc#1024376 FATE#321249).
• i40iw: Move exceptionlanqueue to VSI structure (bsc#1024376 FATE#321249).
• i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249).
• i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249).
• i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249).
• ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242).
• ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242).
• ib/ipoib: Fix lockdep issue found on ipoibibdevheavyflush (git-fixes).
• ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350).
• ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382).
• ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).
• ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).
• ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).
• ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).
• ibmvnic: Fix IP offload control buffer (bsc#1076899).
• ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).
• ibmvnic: Fix pending MAC address changes (bsc#1075627).
• ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872).
• ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872).
• ibmvnic: Wait for device response when changing MAC (bsc#1078681).
• ib/rdmavt: restore IRQs on error path in rvtcreateah() (bsc#973818, fate#319242).
• ib/srpt: Disable RDMA access by the initiator (bnc#1012382).
• ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265).
• ib/uverbs: Fix command checking as part of ibuverbsexmodifyqp() (FATE#321231 FATE#321473 FATE#322153 FATE#322149).
• igb: check memory allocation failure (bnc#1012382).
• ima: fix hash algorithm initialization (bnc#1012382).
• inet: frag: release spinlock before calling icmp_send() (bnc#1012382).
• input: 88pm860x-ts - fix child-node lookup (bnc#1012382).
• input: elantech - add new icbody type 15 (bnc#1012382).
• input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382).
• input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382).
• input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).
• input: twl6040-vibra - fix child-node lookup (bnc#1012382).
• input: twl6040-vibra - fix DT node memory management (bnc#1012382).
• intel_th: pci: Add Gemini Lake support (bnc#1012382).
• iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).
• iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).
• ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246).
• ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).
• ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246).
• ipmi: Stop timers before cleaning up the module (bnc#1012382).
• ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).
• ipv4: igmp: guard against silly MTU values (bnc#1012382).
• ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382).
• ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382).
• ipv6: fix possible mem leaks in ipv6makeskb() (bnc#1012382).
• ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).
• ipv6: ip6makeskb() needs to clear cork.base.dst (git-fixes).
• ipv6: mcast: better catch silly mtu values (bnc#1012382).
• ipv6: reorder icmpv6init() and ip6mr_init() (bnc#1012382).
• ipvlan: fix ipv6 outbound device (bnc#1012382).
• ipvlan: remove excessive packet scrubbing (bsc#1070799).
• irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).
• irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).
• iscsiiser: Re-enable 'iserpi_guard' module parameter (bsc#1062129).
• iscsi-target: fix memory leak in liotargettiqn_addtpg() (bnc#1012382).
• iscsi-target: Make TASKREASSIGN use proper secmd->cmd_kref (bnc#1012382).
• isdn: kcapi: avoid uninitialized data (bnc#1012382).
• iser-target: Fix possible use-after-free in connection establishment error (FATE#321732).
• iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).
• iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).
• iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).
• ixgbe: fix use of uninitialized padding (bnc#1012382).
• jumplabel: Invoke jumplabeltest() via earlyinitcall() (bnc#1012382).
• kabi fix for new hash_cred function (bsc#1012917).
• kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076805).
• kABI: protect struct bpf_map (kabi).
• kABI: protect struct ipv6_pinfo (kabi).
• kABI: protect struct t10aluatgptgp (kabi).
• kABI: protect struct usbip_device (kabi).
• kabi/severities: arm64: ignore cpu capability array
• kabi/severities: do not care about stuff_RSB
• kaiser: Set PAGENX only if supported (bnc#1012382).
• kaiser: Set PAGENX only if supported (bnc#1012382).
• kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).
• kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).
• kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).
• kdb: Fix handling of kallsymssymbolnext() return value (bnc#1012382).
• kernel/acct.c: fix the acct->needcheck check in checkfreespace() (bnc#1012382).
• kernel: make groupssort calling a responsibility groupinfo allocators (bnc#1012382).
• kernel/signal.c: protect the SIGNALUNKILLABLE tasks from !sigkernel_only() signals (bnc#1012382).
• kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382).
• kernel/signal.c: remove the no longer needed SIGNALUNKILLABLE check in completesignal() (bnc#1012382).
• keys: add missing permission check for request_key() destination (bnc#1012382).
• kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).
• kpti: Rename to PAGETABLEISOLATION (bnc#1012382).
• kpti: Report when enabled (bnc#1012382).
• kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).
• kvm: nVMX: reset nestedrunpending if the vCPU is going to be reset (bnc#1012382).
• kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).
• kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382).
• kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076805).
• kvm: s390: wire up bpb feature (bsc#1076805).
• kvm: VMX: Fix enable VPID conditions (bnc#1012382).
• kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).
• kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032).
• kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).
• kvm: x86: correct async page present tracepoint (bnc#1012382).
• kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382).
• kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).
• kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).
• kvm: x86: inject exceptions produced by x86decodeinsn (bnc#1012382).
• kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382).
• l2tp: cleanup l2tptunneldelete calls (bnc#1012382).
• lan78xx: Fix failure in USB Full Speed (bnc#1012382).
• libata: apply MAXSEC1024 to all LITEON EP1 series devices (bnc#1012382).
• libata: drop WARN from protocol error in atasffqc_issue() (bnc#1012382).
• lib/genalloc.c: make the avail variable an atomiclongt (bnc#1012382).
• macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382).
• md: more open-coded offsetinpage() (bsc#1076110).
• media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382).
• mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).
• mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).
• mfd: twl6040: Fix child-node lookup (bnc#1012382).
• mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).
• mlxsw: reg: Fix SPVM max record count (bnc#1012382).
• mm: avoid returning VMFAULTRETRY from ->page_mkwrite handlers (bnc#1012382).
• mmc: core: Do not leave the block driver in a suspended state (bnc#1012382).
• mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382).
• mm: drop unused pmdphugegetandclear_notify() (bnc#1012382).
• mm: Handle 0 flags in calcvm_trans() macro (bnc#1012382).
• mm/mprotect: add a condresched() inside changepmd_range() (bnc#1077871, bnc#1078002).
• mm/vmstat: Make NRTLBREMOTEFLUSHRECEIVED available even on UP (bnc#1012382).
• module: Add retpoline tag to VERMAGIC (bnc#1012382).
• module: set _jumptable alignment to 8 (bnc#1012382).
• more biomapuser_iov() leak fixes (bnc#1012382).
• mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382).
• net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382).
• net/appletalk: Fix kernel memory disclosure (bnc#1012382).
• net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).
• net: bcmgenet: correct the RBUFOVFLCNT and RBUFERRCNT MIB values (bnc#1012382).
• net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382).
• net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382).
• net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382).
• net: bridge: fix early call to brstpchangebridgeid and plug newlink leaks (bnc#1012382).
• net: core: fix module type in sockdiagbind (bnc#1012382).
• net: Do not allow negative values for busyread and busypoll sysctl interfaces (bnc#1012382).
• net: fec: fix multicast filtering hardware setup (bnc#1012382).
• netfilter: bridge: honor fragmaxsize when refragmenting (bnc#1012382).
• netfilter: do not track fragmented packets (bnc#1012382).
• netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).
• netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).
• netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).
• netfilter: nfnlcthelper: fix a race when walk the nfcthelperhash table (bnc#1012382).
• netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).
• netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382).
• net: Fix double free and memory corruption in getnetnsbyid() (bnc#1012382).
• net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).
• net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).
• net: initialize msg.msg_flags in recvfrom (bnc#1012382).
• net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).
• netlink: add a start callback for starting a netlink dump (bnc#1012382).
• net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382).
• net/mlx5: Avoid NULL pointer dereference on steering cleanup (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Fix fixpoint divide exception in mlx5eamstats_compare (bsc#1015342).
• net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
• net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).
• net: mvneta: clear interface link status on port disable (bnc#1012382).
• net: mvneta: eliminate wrong call to handle rx descriptor error (fate#319899).
• net: mvneta: use proper rxq_number in loop on rx queues (fate#319899).
• net/packet: fix a race in packetbind() and packetnotifier() (bnc#1012382).
• net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).
• net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382).
• net: qdiscpktlen_init() should be more robust (bnc#1012382).
• net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).
• net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382).
• net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382).
• net: Resend IGMP memberships upon peer notification (bnc#1012382).
• net: sctp: fix array overrun read on sctptimertbl (bnc#1012382).
• net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).
• net: systemport: Pad packet before inserting TSB (bnc#1012382).
• net: systemport: Utilize skbputpadto() (bnc#1012382).
• net: tcp: close sock if net namespace is exiting (bnc#1012382).
• net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).
• nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).
• nfsd: Fix another OPEN stateid race (bnc#1012382).
• nfsd: fix nfsdminorversion(.., NFSDAVAIL) (bnc#1012382).
• nfsd: fix nfsdresetversions for NFSv4 (bnc#1012382).
• nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382).
• nfsd: Make initopenstateid() a bit more whole (bnc#1012382).
• nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382).
• nfs: Fix a typo in nfs_rename() (bnc#1012382).
• nfs: improve shinking of access cache (bsc#1012917).
• nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).
• nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382).
• nohz: Prevent a timer interrupt storm in ticknohzstopschedtick() (bnc#1012382).
• n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382).
• nvmefc: correct hang in nvmens_remove() (bsc#1075811).
• nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811).
• nvme-pci: Remove watchdog timer (bsc#1066163).
• openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).
• packet: fix crash in fanoutdemuxrollover() (bnc#1012382).
• parisc: Fix alignment of patlblock in assembly on 32-bit SMP kernel (bnc#1012382).
• parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).
• partially revert tipc improve link resiliency when rps is activated (bsc#1068038).
• pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382).
• pci: Avoid bus reset if bridge itself is broken (bnc#1012382).
• pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382).
• pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382).
• pci/PME: Handle invalid data when reading Root Status (bnc#1012382).
• pci / PM: Force devices to D0 in pcipmthaw_noirq() (bnc#1012382).
• perf symbols: Fix symbols_fixupend heuristic for corner cases (bnc#1012382).
• perf test attr: Fix ignored test case result (bnc#1012382).
• phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382).
• pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).
• pinctrl: st: add irqrequest/releaseresources callbacks (bnc#1012382).
• pipe: avoid roundpipesize() nr_pages overflow on 32-bit (bnc#1012382).
• powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087).
• powerpc/64: Convert fastexceptionreturn to use RFITOUSER/KERNEL (bsc#1068032, bsc#1075087).
• powerpc/64: Convert the syscall exit path to use RFITOUSER/KERNEL (bsc#1068032, bsc#1075087).
• powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087).
• powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087).
• powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087).
• powerpc/64s: Convert slbmisscommon to use RFITOUSER/KERNEL (bsc#1068032, bsc#1075087).
• powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).
• powerpc/64s: Support disabling RFI flush with norfiflush and nopti (bsc#1068032, bsc#1075087).
• powerpc/64s: Wire up cpushowmeltdown() (bsc#1068032).
• powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087).
• powerpc/ipic: Fix status get and status clear (bnc#1012382).
• powerpc/perf: Dereference BHRB entries safely (bsc#1066223).
• powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).
• powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087).
• powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382).
• powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382).
• powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087).
• powerpc/pseries: Introduce HGETCPU_CHARACTERISTICS (bsc#1068032, bsc#1075087).
• powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087).
• powerpc/pseries/rfi-flush: Call setuprfiflush() after LPM migration (bsc#1068032, bsc#1075087).
• powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087).
• powerpc/rfi-flush: Make setuprfiflush() not __init (bsc#1068032, bsc#1075087).
• powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087).
• powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087).
• powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087).
• ppp: Destroy the mutex when cleanup (bnc#1012382).
• pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382).
• pti: unbreak EFI (bsc#1074709).
• r8152: fix the list rx_done may be used without initialization (bnc#1012382).
• r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382).
• r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382).
• raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).
• ravb: Remove Rx overflow log messages (bnc#1012382).
• rbd: set maxsegments to USHRTMAX (bnc#1012382).
• rdma/cma: Avoid triggering undefined behavior (bnc#1012382).
• rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249).
• rds: Fix NULL pointer dereference in _rdsrdma_map (bnc#1012382).
• rds: Heap OOB write in rdsmessagealloc_sgs() (bnc#1012382).
• rds: null pointer dereference in rdsatomicfree_op (bnc#1012382).
• Re-enable fixup detection by CPU type in case hypervisor call fails.
• regulator: core: Rely on regulatordevrelease to free constraints (bsc#1074847).
• regulator: da9063: Return an error code on probe failure (bsc#1074847).
• regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847).
• regulator: Try to resolve regulators supplies on registration (bsc#1074847).
• Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (bnc#1012382).
• Revert 'drm/armada: Fix compile fail' (bnc#1012382).
• Revert 'drm/radeon: dont switch vt on suspend' (bnc#1012382).
• Revert 'ipsec: Fix aborted xfrm policy dump crash' (kabi).
• Revert 'kaiser: vmstat show NRKAISERTABLE as nroverhead' (kabi).
• Revert 'lib/genalloc.c: make the avail variable an atomiclongt' (kabi).
• Revert 'module: Add retpoline tag to VERMAGIC' (bnc#1012382 kabi).
• Revert 'module: Add retpoline tag to VERMAGIC' (kabi).
• Revert 'netlink: add a start callback for starting a netlink dump' (kabi).
• Revert 'ocfs2: should wait dio before inode lock in ocfs2_setattr()' (bnc#1012382).
• Revert 'Re-enable fixup detection by CPU type in case hypervisor call fails.' The firmware update is required for the existing instructions to also do the cache flush.
• Revert 's390/kbuild: enable modversions for symbols exported from asm' (bnc#1012382).
• Revert 'sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks' (kabi).
• Revert 'scsi: libsas: align satadevice's rpsresp on a cacheline' (kabi).
• Revert 'spi: SPIFSLDSPI should depend on HAS_DMA' (bnc#1012382).
• Revert 'userfaultfd: selftest: vm: allow to build in vm/ directory' (bnc#1012382).
• Revert 'x86/efi: Build our own page table structures' (bnc#1012382).
• Revert 'x86/efi: Hoist page table switching code into eficallvirt()' (bnc#1012382).
• Revert 'x86/mm/pat: Ensure cpa->pfn only contains page frame numbers' (bnc#1012382).
• rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).
• ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382).
• route: also update fnhe_genid when updating a route cache (bnc#1012382).
• route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382).
• rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).
• rtc: pcf8563: fix output clock rate (bnc#1012382).
• rtc: pl031: make interrupt optional (bnc#1012382).
• rtc: set the alarm to the next expiring timer (bnc#1012382).
• s390: always save and restore all registers on context switch (bnc#1012382).
• s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740).
• s390: fix compat system call table (bnc#1012382).
• s390/pci: do not require AIS facility (bnc#1012382).
• s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382 bnc#1053472).
• s390/runtime instrumentation: simplify task exit handling (bnc#1012382).
• schdsmark: fix invalid skbcow() usage (bnc#1012382).
• sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382).
• sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382).
• sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382).
• sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382).
• sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes).
• sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476).
• scsi: bfa: integer overflow in debugfs (bnc#1012382).
• scsi: cxgb4i: fix Tx skb leak (bnc#1012382).
• scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138).
• scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382).
• scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382).
• scsi: libsas: align satadevice's rpsresp on a cacheline (bnc#1012382).
• scsi: lpfc: Use after free in lpfcrqbuf_free() (bsc#1037838).
• scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382).
• scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).
• scsi: sd: change managestartstop to bool in sysfs interface (bnc#1012382).
• scsi: sg: disable SETFORCELOW_DMA (bnc#1012382).
• scsi: sr: wait for the medium to become ready (bsc#1048585).
• sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382).
• sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382).
• sctp: Replace use of sockets_allocated with specified macro (bnc#1012382).
• sctp: return error if the asoc has been peeled off in sctpwaitfor_sndbuf (bnc#1012382).
• sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).
• selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).
• selftests/x86: Add test_vsyscall (bnc#1012382).
• selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382).
• serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382).
• serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).
• series.conf: move core networking (including netfilter) into sorted section
• series.conf: whitespace cleanup
• Set supportedmodulescheck 1 (bsc#1072163).
• sfc: do not warn on successful change of MAC (bnc#1012382).
• sh_eth: fix SH7757 GEther initialization (bnc#1012382).
• sh_eth: fix TSU resource handling (bnc#1012382).
• sit: update frag_off info (bnc#1012382).
• sock: free skb in skbcompletetx_timestamp on error (bnc#1012382).
• sparc64/mm: set fields in deferred pages (bnc#1012382).
• spi_ks8995: fix 'BUG: key accdaa28 not in .data!' (bnc#1012382).
• spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).
• spi: xilinx: Detect stall with Unknown commands (bnc#1012382).
• staging: android: ashmem: fix a race condition in ASHMEMSETSIZE ioctl (bnc#1012382).
• sunrpc: add authunix hashcred() function (bsc#1012917).
• sunrpc: add genericauth hashcred() function (bsc#1012917).
• sunrpc: add hashcred() function to rpcauthops struct (bsc#1012917).
• sunrpc: add RPCSECGSS hashcred() function (bsc#1012917).
• sunrpc: Fix rpctaskbegin trace point (bnc#1012382).
• sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917).
• sunrpc: use supplimental groups in auth hash (bsc#1012917).
• sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).
• sysfs/cpu: Add vulnerability folder (bnc#1012382).
• sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
• sysfs: spectrev2, handle specctrl (bsc#1075994 bsc#1075091).
• sysrq : fix Show Regs call trace on ARM (bnc#1012382).
• target: Avoid early CMDTPREEXECUTE failures during ABORTTASK (bnc#1012382).
• target/file: Do not return error for UNMAP if length is zero (bnc#1012382).
• target: fix ALUA transition timeout handling (bnc#1012382).
• target:fix condition return in coreprdumpinitiatorport() (bnc#1012382).
• target: fix race during implicit transition work flushes (bnc#1012382).
• target/iscsi: Fix a race condition in iscsitaddrejectfromcmd() (bnc#1012382).
• target: Use system workqueue for ALUA transitions (bnc#1012382).
• tcp: correct memory barrier usage in tcpcheckspace() (bnc#1012382).
• tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).
• tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382).
• tcp: _tcphdrlen() helper (bnc#1012382).
• tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).
• thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382).
• thermal: hisilicon: Handle return value of clkprepareenable (bnc#1012382).
• tipc: fix cleanup at module unload (bnc#1012382).
• tipc: fix memory leak in tipcacceptfrom_sock() (bnc#1012382).
• tipc: improve link resiliency when rps is activated (bsc#1068038).
• tracing: Allocate mask_str buffer dynamically (bnc#1012382).
• tracing: Fix converting enum's from the map in traceeventeval_update() (bnc#1012382).
• tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).
• tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382).
• tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).
• tty fix oops when rmmod 8250 (bnc#1012382).
• uas: Always apply USFLNOATA1X quirk to Seagate devices (bnc#1012382).
• uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).
• udf: Avoid overflow when session starts at large offset (bnc#1012382).
• um: link vmlinux with -no-pie (bnc#1012382).
• usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).
• usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).
• usb: core: Add type-specific length check of BOS descriptors (bnc#1012382).
• usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382).
• usb: devio: Prevent integer overflow in procdosubmiturb() (bnc#1012382).
• usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes).
• usb: fix usbmon BUG trigger (bnc#1012382).
• usb: gadget: configs: plug memory leak (bnc#1012382).
• usb: gadget: ffs: Forbid usbepalloc_request from sleeping (bnc#1012382).
• usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382).
• usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382).
• usb: gadget: udc: remove pointer dereference after free (bnc#1012382).
• usb: hub: Cycle HUB power when initialization fails (bnc#1012382).
• usb: Increase usbfs transfer limit (bnc#1012382).
• usbip: Fix implicit fallthrough warning (bnc#1012382).
• usbip: Fix potential format overflow in userspace tools (bnc#1012382).
• usbip: fix stubrx: getpipe() to validate endpoint number (bnc#1012382).
• usbip: fix stubrx: harden CMDSUBMIT path to handle malicious input (bnc#1012382).
• usbip: fix stubsendretsubmit() vulnerability to null transferbuffer (bnc#1012382).
• usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382).
• usbip: prevent leaking socket pointer address in messages (bnc#1012382).
• usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382).
• usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382).
• usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382).
• usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382).
• usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382).
• usb: musb: da8xx: fix babble condition handling (bnc#1012382).
• usb: phy: isp1301: Add OF device ID table (bnc#1012382).
• usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes).
• usb: phy: tahvo: fix error handling in tahvousbprobe() (bnc#1012382).
• usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382).
• usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382).
• usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).
• usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).
• usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).
• usb: serial: option: add Quectel BG96 id (bnc#1012382).
• usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382).
• usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).
• usb: uas and storage: Add USFLBROKEN_FUA for another JMicron JMS567 ID (bnc#1012382).
• usb: usbfs: Filter flags passed in from user space (bnc#1012382).
• usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).
• usb: xhci: Add XHCITRUSTTX_LENGTH for Renesas uPD720201 (bnc#1012382).
• usb: xhci: fix panic in xhcifreevirtdevicesdepth_first (bnc#1012382).
• userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).
• userfaultfd: shmem: _dofault requires VMFAULTNOPAGE (bnc#1012382).
• video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382).
• video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382).
• virtio: release virtio index when fail to device_register (bnc#1012382).
• vmxnet3: repair memory leak (bnc#1012382).
• vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).
• vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382).
• vti6: Do not report path MTU below IPV6MINMTU (bnc#1012382).
• vti6: fix device register to report IFLAINFOKIND (bnc#1012382).
• workqueue: trigger WARN if queuedelayedwork() is called with NULL @wq (bnc#1012382).
• writeback: fix memory leak in wbqueuework() (bnc#1012382).
• x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).
• x509: fix printing uninitialized stack memory when OID is empty (bsc#1075078).
• x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).
• x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).
• x86/acpi: Reduce code duplication in mpoverridelegacy_irq() (bsc#1068984).
• x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382).
• x86/alternatives: Fix optimize_nops() checking (bnc#1012382).
• x86/apic/vector: Fix off by one in error path (bnc#1012382).
• x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382).
• x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).
• x86/cpu: Factor out application of forced CPU caps (bnc#1012382).
• x86/cpufeatures: Add X86BUGCPU_INSECURE (bnc#1012382).
• x86/cpufeatures: Add X86BUGSPECTRE_V[12] (bnc#1012382).
• x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
• x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
• x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).
• x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025).
• x86/cpu: Rename 'WESTMERE2' family to 'NEHALEM_G' (bsc#985025).
• x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).
• x86/Documentation: Add PTI description (bnc#1012382).
• x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382).
• x86/efi: Build our own page table structures (fate#320512).
• x86/efi: Hoist page table switching code into eficallvirt() (fate#320512).
• x86/entry: Use SYSCALLDEFINE() macros for sysmodify_ldt() (bnc#1012382).
• x86/hpet: Prevent might sleep splat on resume (bnc#1012382).
• x86/kasan: Clear kasanzeropage after TLB flush (bnc#1012382).
• x86/kasan: Write protect kasan zero shadow (bnc#1012382).
• x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382).
• x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382).
• x86/mm/32: Move setupclearcpucap(X86FEATURE_PCID) earlier (git-fixes).
• x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).
• x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (fate#320588).
• x86/PCI: Make broadcompostcoreinit() check acpi_disabled (bnc#1012382).
• x86/pti: Document fix wrong index (bnc#1012382).
• x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382).
• x86/pti: Rename BUGCPUINSECURE to BUGCPUMELTDOWN (bnc#1012382).
• x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).
• x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).
• x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).
• x86/spectrev2: nospectrev2 means nospec too (bsc#1075994 bsc#1075091).
• x86/tlb: Drop the GPL from the cputlbstate export (bnc#1012382).
• x86/vm86/32: Switch to flushtlbmmrange() in markscreen_rdonly() (bnc#1012382).
• xen-netfront: avoid crashing on resume after a failure in talktonetback() (bnc#1012382).
• xen-netfront: Improve error handling during initialization (bnc#1012382).
• xfrm: Copy policy family in clone_policy (bnc#1012382).
• xfs: add configurable error support to metadata buffers (bsc#1068569).
• xfs: add configuration handlers for specific errors (bsc#1068569).
• xfs: add configuration of error failure speed (bsc#1068569).
• xfs: add 'fail at unmount' error handling configuration (bsc#1068569).
• xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569).
• xfs: address kabi for xfs buffer retry infrastructure (kabi).
• xfs: configurable error behavior via sysfs (bsc#1068569).
• xfs: fix incorrect extent state in xfsbmapaddextentunwritten_real (bnc#1012382).
• xfs: fix log block underflow during recovery cycle verification (bnc#1012382).
• xfs: fix up inode32/64 (re)mount handling (bsc#1069160).
• xfs: introduce metadata IO error class (bsc#1068569).
• xfs: introduce table-based init for error behaviors (bsc#1068569).
• xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569).
• xfs: remove xfstransaildeletebulk (bsc#1068569).
• xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382).
• xhci: Fix ring leak in failure path of xhciallocvirt_device() (bnc#1012382).
• xhci: plat: Register shutdown for xhci_plat (bnc#1012382).
• zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382).
• x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).