SUSE-SU-2018:2374-1

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081).
• CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343).
• CVE-2018-5391: A flaw in the IP packet reassembly could be used by remote attackers to consume CPU time (bnc#1103097).
• CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue() and tcppruneofoqueue() for every incoming packet which can lead to a denial of service (bnc#1102340).
• CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucmaleavemulticast to access a certain data structure after a cleanup step in ucmaprocessjoin, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119).
• CVE-2017-18344: The timercreate syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigevnotify field, which leads to out-of-bounds access in the showtimer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIGPOSIXTIMERS and CONFIGCHECKPOINT_RESTORE) (bnc#1102851 1103580).

The following non-security bugs were fixed:

• 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382).
• Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978)
• ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bnc#1012382).
• alsa: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810).
• alsa: hda - Handle kzalloc() failure in sndhdaattachpcmstream() (bnc#1012382).
• alsa: hda/realtek - set PINCFGHEADSETMIC to parse_flags (bsc#1099810).
• arm64: do not open code page table entry creation (bsc#1102197).
• arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188).
• arm64: Make sure permission updates happen for pmd/pud (bsc#1102197).
• arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382).
• arm: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382).
• ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382).
• ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382).
• ASoC: dapm: delete dapmkcontroldata paths list before freeing it (bnc#1012382).
• ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382).
• atm: zatm: fix memcmp casting (bnc#1012382).
• atm: zatm: Fix potential Spectre v1 (bnc#1012382).
• backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382).
• backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382).
• backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382).
• bcache: add backingrequestendio() for biendio (bsc#1064232).
• bcache: add CACHESETIODISABLE to struct cacheset flags (bsc#1064232).
• bcache: add iodisable to struct cacheddev (bsc#1064232).
• bcache: add journal statistic (bsc#1076110).
• bcache: Add _printf annotation to _bchcheckkeys() (bsc#1064232).
• bcache: add stopwhencachesetfailed option to backing device (bsc#1064232).
• bcache: add waitforkthreadstop() in bchallocator_thread() (bsc#1064232).
• bcache: Annotate switch fall-through (bsc#1064232).
• bcache: closures: move control bits one bit right (bsc#1076110).
• bcache: correct flash only vols (check all uuids) (bsc#1064232).
• bcache: count backing device I/O error for writeback I/O (bsc#1064232).
• bcache: Fix a compiler warning in bcachedeviceinit() (bsc#1064232).
• bcache: fix cacheddev->count usage for bchcacheseterror() (bsc#1064232).
• bcache: fix crashes in duplicate cache device register (bsc#1076110).
• bcache: fix error return value in memory shrink (bsc#1064232).
• bcache: fix high CPU occupancy during journal (bsc#1076110).
• bcache: Fix, improve efficiency of closure_sync() (bsc#1076110).
• bcache: fix inaccurate io state for detached bcache devices (bsc#1064232).
• bcache: fix incorrect sysfs output value of strip size (bsc#1064232).
• bcache: Fix indentation (bsc#1064232).
• bcache: Fix kernel-doc warnings (bsc#1064232).
• bcache: fix misleading error message in bchcountio_errors() (bsc#1064232).
• bcache: fix using of loop variable in memory shrink (bsc#1064232).
• bcache: fix writeback target calc on large devices (bsc#1076110).
• bcache: fix wrong return value in bchdebuginit() (bsc#1076110).
• bcache: mark closuresync() _sched (bsc#1076110).
• bcache: move closure debug file into debug directory (bsc#1064232).
• bcache: reduce cacheset devices iteration by devicesmax_used (bsc#1064232).
• bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232).
• bcache: Remove an unused variable (bsc#1064232).
• bcache: ret IOERR when read meets metadata error (bsc#1076110).
• bcache: return 0 from bchdebuginit() if CONFIGDEBUGFS=n (bsc#1064232).
• bcache: set CACHESETIODISABLE in bchcacheddeverror() (bsc#1064232).
• bcache: set dc->iodisable to true in conditionalstopbcachedevice() (bsc#1064232).
• bcache: set error_limit correctly (bsc#1064232).
• bcache: set writebackrateupdate_seconds in range [1, 60] seconds (bsc#1064232).
• bcache: stop bcache device when backing device is offline (bsc#1064232).
• bcache: stop dc->writebackrateupdate properly (bsc#1064232).
• bcache: stop writeback thread after detaching (bsc#1076110).
• bcache: store disk name in struct cache and struct cached_dev (bsc#1064232).
• bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232).
• bcache: use prinfo() to inform duplicated CACHESETIODISABLE set (bsc#1064232).
• bcache: Use PTRERROR_ZERO() (bsc#1076110).
• bcm63xx_enet: correct clock usage (bnc#1012382).
• bcm63xx_enet: do not write to random DMA channel on BCM6345 (bnc#1012382).
• blkcg: simplify statistic accumulation code (bsc#1082979).
• block: copy ioprio in _bioclone_fast() (bsc#1082653).
• block: Fix transfer when chunk sectors exceeds max (bnc#1012382).
• block/swim: Fix array bounds check (bsc#1082979).
• bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382).
• bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382).
• bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382).
• bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382).
• bpf, x64: fix memleak when not converging after image (bsc#1012382).
• btrfs: fix clone vs chattr NODATASUM race (bnc#1012382).
• btrfs: fix unexpected cow in rundelallocnocow (bnc#1012382).
• btrfs: make raid6 rebuild retry more (bnc#1012382).
• btrfs: scrub: Do not use inode pages for device replace (bnc#1012382).
• cachefiles: Fix missing clear of the CACHEFILESOBJECTACTIVE flag (bsc#1099858).
• cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858).
• cachefiles: Wait rather than BUG'ing on 'Unexpected object collision' (bsc#1099858).
• cdc_ncm: avoid padding beyond end of skb (bnc#1012382).
• cifs: fix bad/NULL ptr dereferencing in SMB2sesssetup() (bsc#1090123).
• cifs: Fix infinite loop when using hard mount option (bnc#1012382).
• compiler, clang: always inline when CONFIGOPTIMIZEINLINING is disabled (bnc#1012382).
• compiler, clang: properly override 'inline' for clang (bnc#1012382).
• compiler, clang: suppress warning for unused static inline functions (bnc#1012382).
• compiler-gcc.h: Add attribute((gnu_inline)) to all inline declarations (bnc#1012382).
• CONFIGHOTPLUGSMT=y
• cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382).
• cpu/hotplug: Add sysfs state interface (bsc#1089343).
• cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
• cpu/hotplug: Split docpudown() (bsc#1089343).
• cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382).
• crypto: crypto4xx - fix crypto4xxbuildpdr, crypto4xxbuildsdr leak (bnc#1012382).
• crypto: crypto4xx - remove bad list_del (bnc#1012382).
• dm: convert DM printk macros to pr_<level> macros (bsc#1099918).
• dm: fix printk() rate limiting code (bsc#1099918).
• dm thin: handle running out of data space vs concurrent discard (bnc#1012382).
• dm thin metadata: remove needless work from _committransaction (bsc#1082979).
• drbd: fix access after free (bnc#1012382).
• driver core: Do not ignore classdircreateandadd() failure (bnc#1012382).
• drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1102394).
• drm: re-enable error handling (bsc#1103884).
• esp6: fix memleak on error path in esp6_input (git-fixes).
• ext4: add more inode number paranoia checks (bnc#1012382).
• ext4: add more mount time checks of the superblock (bnc#1012382).
• ext4: always check block group bounds in ext4initblock_bitmap() (bnc#1012382).
• ext4: check superblock mapped prior to committing (bnc#1012382).
• ext4: clear idata in ext4inode_info when removing inline data (bnc#1012382).
• ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382).
• ext4: include the illegal physical block in the bad map ext4_error msg (bnc#1012382).
• ext4: make sure bitmaps and the inode table do not overlap with bg descriptors (bnc#1012382).
• ext4: only look at the bg_flags field if it is valid (bnc#1012382).
• ext4: update mtime in ext4punchhole even if no blocks are released (bnc#1012382).
• ext4: verify the depth of extent tree in ext4findextent() (bnc#1012382).
• fscache: Allow cancelled operations to be enqueued (bsc#1099858).
• fscache: Fix reference overput in fscacheattachobject() error handling (bsc#1099858).
• fuse: atomicotrunc should truncate pagecache (bnc#1012382).
• fuse: do not keep dead fuseconn at fusefill_super() (bnc#1012382).
• fuse: fix control dir setup and teardown (bnc#1012382).
• genirq: Make force irq threading setup more robust (bsc#1082979).
• hid: debug: check length before copytouser() (bnc#1012382).
• hid: hiddev: fix potential Spectre v1 (bnc#1012382).
• hid: i2c-hid: Fix 'incomplete report' noise (bnc#1012382).
• hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter (bnc#1012382).
• i2c: rcar: fix resume by always initializing registers before transfer (bnc#1012382).
• ib/isert: fix T10-pi check mask setting (bsc#1082979).
• ibmasm: do not write out of bounds in read handler (bnc#1012382).
• ibmvnic: Fix error recovery on login failure (bsc#1101789).
• ibmvnic: Remove code to request error information (bsc#1104174).
• ibmvnic: Revise RX/TX queue error messages (bsc#1101331).
• ibmvnic: Update firmware error reporting with cause string (bsc#1104174).
• ib/qib: Fix DMA api warning with debug kernel (bnc#1012382).
• iio:buffer: make length types match kfifo types (bnc#1012382).
• input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382).
• input: elani2csmbus - fix more potential stack buffer overflows (bnc#1012382).
• input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382).
• input: elantech - fix V4 report decoding for module with middle key (bnc#1012382).
• iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).
• ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382).
• ipv4: Fix error return value in fibconvertmetrics() (bnc#1012382).
• ipvs: fix buffer overflow with sync daemon and service (bnc#1012382).
• iwcxgb4: correctly enforce the max regmr depth (bnc#1012382).
• jbd2: do not mark block as modified if the handle is out of credits (bnc#1012382).
• kabi protect net/core/utils.c includes (bsc#1095643).
• kABI: protect struct loop_device (kabi).
• kABI: reintroduce _staticcpuhassafe (kabi).
• kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses symboles expoted by bcache.
• kbuild: fix # escaping in .cmd files for future Make (bnc#1012382).
• keys: DNS: fix parsing multiple options (bnc#1012382).
• kmod: fix wait on recursive loop (bsc#1099792).
• kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792).
• kmod: throttle kmod thread limit (bsc#1099792).
• kprobes/x86: Do not modify singlestep buffer while resuming (bnc#1012382).
• kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215).
• kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214).
• libata: do not try to pass through NCQ commands to non-NCQ devices (bsc#1082979).
• libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382).
• libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382).
• libata: zpodd: small read overflow in eject_tray() (bnc#1012382).
• lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382).
• linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382).
• loop: add recursion validation to LOOPCHANGEFD (bnc#1012382).
• loop: remember whether sysfscreategroup() was done (bnc#1012382).
• m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382).
• media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382).
• media: cx25840: Use subdev host data for PLL override (bnc#1012382).
• media: dvbfrontend: fix locking issues at dvbfrontendgetevent() (bnc#1012382).
• media: smiapp: fix timeout checking in smiappreadnvm (bsc#1099918).
• media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382).
• mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382).
• mips: ftrace: fix static function graph tracing (bnc#1012382).
• mmc: dw_mmc: fix card threshold control configuration (bsc#1102203).
• mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1097771).
• mm: hugetlb: yield when prepping struct pages (bnc#1012382).
• mtd: cficmdset0002: Avoid walking all chips when unlocking (bnc#1012382).
• mtd: cficmdset0002: Change definition naming to retry write operation (bnc#1012382).
• mtd: cficmdset0002: Change erase functions to check chip good only (bnc#1012382).
• mtd: cficmdset0002: Change erase functions to retry for error (bnc#1012382).
• mtd: cficmdset0002: Change write buffer to check correct value (bnc#1012382).
• mtd: cficmdset0002: fix SEGV unlocking multiple chips (bnc#1012382).
• mtd: cficmdset0002: Fix unlocking requests crossing a chip boudary (bnc#1012382).
• mtd: cficmdset0002: Use right chip in doppbxxlock() (bnc#1012382).
• mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918).
• mtd: partitions: add helper for deleting partition (bsc#1099918).
• mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918).
• mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382).
• net: cxgb3_main: fix potential Spectre v1 (bnc#1012382).
• net: dccp: avoid crash in ccid3hcrxsendfeedback() (bnc#1012382).
• net: dccp: switch rxtstamplast_feedback to monotonic clock (bnc#1012382).
• netfilter: ebtables: handle string from userspace with care (bnc#1012382).
• netfilter: ebtables: reject non-bridge targets (bnc#1012382).
• netfilter: nflog: do not hold nflog_mutex during user access (bnc#1012382).
• netfilter: nfqueue: augment nfqacfg_policy (bnc#1012382).
• netfilter: nftables: use WARNONONCE instead of BUGON in nftdochain() (bnc#1012382).
• netfilter: x_tables: initialise match/target check parameter struct (bnc#1012382).
• net/mlx5: Fix command interface race in polling mode (bnc#1012382).
• net/mlx5: Fix incorrect raw command length parsing (bnc#1012382).
• net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207).
• net/nfc: Avoid stalls when nfcallocsend_skb() returned NULL (bnc#1012382).
• net: off by one in inet6_pton() (bsc#1095643).
• net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205).
• net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382).
• net_sched: blackhole: tell upper qdisc about dropped packets (bnc#1012382).
• net/sonic: Use dmamappingerror() (bnc#1012382).
• net: sungem: fix rx checksum support (bnc#1012382).
• net/utils: generic inetptonwith_scope helper (bsc#1095643).
• nfsd: restrict rdmaxcount to svcmaxpayload in nfsdencode_readdir (bnc#1012382).
• NFSv4: Fix possible 1-byte stack overflow in nfsidmapreadandverify_message (bnc#1012382).
• ntty: Access echo* variables carefully (bnc#1012382).
• ntty: Fix stall at nttyreceivechar_special() (bnc#1012382).
• nullblk: use sectordiv instead of do_div (bsc#1082979).
• nvme-pci: initialize queue memory before interrupts (bnc#1012382).
• nvme-rdma: Check remotely invalidated rkey matches our expected rkey (bsc#1092001).
• nvme-rdma: default MR page size to 4k (bsc#1092001).
• nvme-rdma: do not complete requests before a send work request has completed (bsc#1092001).
• nvme-rdma: do not suppress send completions (bsc#1092001).
• nvme-rdma: Fix command completion race at error recovery (bsc#1090435).
• nvme-rdma: make nvmerdma[create|destroy]queueib symmetrical (bsc#1092001).
• nvme-rdma: use inetptonwith_scope helper (bsc#1095643).
• nvme-rdma: Use mr pool (bsc#1092001).
• nvme-rdma: wait for local invalidation before completing a request (bsc#1092001).
• ocfs2: subsystem.sumutex is required while accessing the item->ciparent (bnc#1012382).
• of: unittest: for strings, account for trailing \0 in property length field (bnc#1012382).
• ovl: fix random return value on mount (bsc#1099993).
• ovl: fix uid/gid when creating over whiteout (bsc#1099993).
• ovl: override creds with the ones from the superblock mounter (bsc#1099993).
• pci: ibmphp: Fix use-before-set in getmaxbus_speed() (bsc#1100132).
• pci: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382).
• perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382).
• perf intel-pt: Fix MTC timing after overflow (bnc#1012382).
• perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382).
• perf intel-pt: Fix syncswitch INTELPTSSNOT_TRACING (bnc#1012382).
• perf intel-pt: Fix 'Unexpected indirect branch' error (bnc#1012382).
• perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382).
• perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382).
• PM / hibernate: Fix oops at snapshot_write() (bnc#1012382).
• powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244, bsc#1100930, bsc#1102683).
• powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244).
• powerpc/64s: Fix mce accounting for powernv (bsc#1094244).
• powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382).
• powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244).
• powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382).
• powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382).
• powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACESETDEBUGREG (bnc#1012382).
• qed: Limit msix vectors in kdump kernel to the minimum required count (bnc#1012382).
• qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657).
• qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657).
• qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657).
• r8152: napi hangup fix after disconnect (bnc#1012382).
• RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382).
• RDMA/ocrdma: Fix an error code in ocrdmaallocpd() (bsc#1082979).
• RDMA/ocrdma: Fix error codes in ocrdmacreatesrq() (bsc#1082979).
• RDMA/ucm: Mark UCM interface as BROKEN (bnc#1012382).
• rds: avoid unenecessary cong_update in loop transport (bnc#1012382).
• restore condresched() in shrinkdcache_parent() (bsc#1098599).
• Revert 'block-cancel-workqueue-entries-on-blkmqfreeze_queue' (bsc#1103717
• Revert 'Btrfs: fix scrub to repair raid6 corruption' (bnc#1012382).
• Revert 'sit: reload iphdr in ipip6_rcv' (bnc#1012382).
• Revert 'x86/cpufeature: Move some of the scattered feature bits to x86_capability' (kabi).
• Revert 'x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6' (kabi).
• rmdir(),rename(): do shrinkdcacheparent() only on success (bsc#1100340).
• rpm/config.sh: Add support for non-default upstream URL Currently the scripts assume Linus' tree as the upstream URL where to pull things from. One may want to package test kernels from other upstream repos. Add support to add an URL to config.sh.
• rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382).
• run_oldconfig.sh: Add --olddefconfig as an alias to --yes On later kernels there is the make target 'olddefconfig'. This is equvalent to what the '--yes' option does. Therefore, add the option '--olddefconfig' as an alias.
• s390: Correct register corruption in critical section cleanup (bnc#1012382).
• s390/qeth: fix error handling in adapter command callbacks (bnc#1103745, LTC#169699).
• sched/smt: Update schedsmtpresent at runtime (bsc#1089343).
• sched/sysctl: Check user input value of sysctlschedtime_avg (bsc#1100089).
• scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207).
• scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453).
• scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1092207).
• scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).
• scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453).
• scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453).
• scsi: lpfc: Fix MDS diagnostics failure (Rx < Tx) (bsc#1095453).
• scsi: lpfc: Fix port initialization failure (bsc#1095453).
• scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207).
• scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207).
• scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207).
• scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453).
• scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382).
• scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501)
• scsi: qlogicpti: Fix an error handling path in 'qptisbusprobe()' (bsc#1082979).
• scsi: sg: fix minor memory leak in error path (bsc#1082979).
• scsi: sg: mitigate read/write abuse (bsc#1101296).
• scsi: target: fix crash with iscsi target and dvd (bsc#1082979).
• scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713).
• scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).
• scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713).
• scsi: zfcp: fix missing REC trigger trace on terminaterportio early return (LTC#168765 bnc#1012382 bnc#1099713).
• scsi: zfcp: fix missing REC trigger trace on terminaterportio for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).
• scsi: zfcp: fix missing SCSI trace for result of ehhostreset_handler (LTC#168765 bnc#1012382 bnc#1099713).
• scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713).
• serial: sh-sci: Use spin{try}lockirqsave instead of open coding version (bnc#1012382).
• signal/xtensa: Consistenly use SIGBUS in dounaligneduser (bnc#1012382).
• smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132).
• smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1085536).
• spi: Fix scatterlist elements size in spimapbuf (bnc#1012382).
• staging: android: ion: Return an ERRPTR in ionmap_kernel (bnc#1012382).
• staging: comedi: quatechdaqpcs: fix no-op loop daqpaoinsn_write() (bnc#1012382).
• tcp: do not overshoot windowclamp in tcprcvspaceadjust() (bnc#1012382).
• tcp: fix Fast Open key endianness (bnc#1012382).
• tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382).
• tcp: verify the checksum of the first data segment in a new connection (bnc#1012382).
• time: Make sure jiffiestomsecs() preserves non-zero time periods (bnc#1012382).
• tracing: Fix missing return symbol in function_graph output (bnc#1012382).
• ubi: fastmap: Cancel work upon detach (bnc#1012382).
• ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382).
• ubifs: Fix potential integer overflow in allocation (bnc#1012382).
• udf: Detect incorrect directory size (bnc#1012382).
• Update config files. CONFIGX86FASTFEATURETESTS=y
• uprobes/x86: Remove incorrect WARNON() in uprobeinit_insn() (bnc#1012382).
• usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382).
• usb: core: handle hub CPORTOVER_CURRENT condition (bsc#1100132).
• usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382).
• usb: musb: fix remote wakeup racing with suspend (bnc#1012382).
• usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382).
• usb: serial: ch341: fix type promotion bug in ch341controlin() (bnc#1012382).
• usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bnc#1012382).
• usb: serial: cp210x: add CESINEL device ids (bnc#1012382).
• usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bnc#1012382).
• usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382).
• usb: serial: mos7840: fix status-register error handling (bnc#1012382).
• usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382).
• vfio: platform: Fix reset module leak in error path (bsc#1102211).
• vhost_net: validate sock before trying to put its fd (bnc#1012382).
• video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifbinitfb() (bsc#1090888 bsc#1099966).
• video: uvesafb: Fix integer overflow in allocation (bnc#1012382).
• vmw_balloon: fix inflation with batching (bnc#1012382).
• w1: mxcw1: Enable clock before calling clkget_rate() on it (bnc#1012382).
• wait: add waiteventkillable_timeout() (bsc#1099792).
• watchdog: da9063: Fix setting/changing timeout (bsc#1100843).
• watchdog: da9063: Fix timeout handling during probe (bsc#1100843).
• watchdog: da9063: Fix updating timeout value (bsc#1100843).
• x86/alternatives: Add an auxilary section (bnc#1012382).
• x86/alternatives: Discard dynamic check after init (bnc#1012382).
• x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
• x86/asm: Add ASMARG* constants for argument registers to <asm/asm.h> (bnc#1012382).
• x86/boot: Simplify kernel load address alignment check (bnc#1012382).
• x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343).
• x86/cpu/AMD: Evaluate smpnumsiblings early (bsc#1089343).
• x86/CPU/AMD: Move TOPOEXT reenablement before reading smpnumsiblings (bsc#1089343). Update config files.
• x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
• x86/cpu/common: Provide detecthtearly() (bsc#1089343).
• x86/cpufeature: Add helper macro for mask check macros (bnc#1012382).
• x86/cpufeature: Carve out X86FEATURE* (bnc#1012382).
• x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382).
• x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated (bnc#1012382).
• x86/cpufeature: Move some of the scattered feature bits to x86_capability (bnc#1012382).
• x86/cpufeature: Replace the old staticcpuhas() with safe variant (bnc#1012382).
• x86/cpufeature: Speed up cpufeatureenabled() (bnc#1012382).
• x86/cpufeature: Update cpufeaure macros (bnc#1012382).
• x86/cpu/intel: Evaluate smpnumsiblings early (bsc#1089343).
• x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382).
• x86/cpu: Provide a config option to disable staticcpuhas (bnc#1012382).
• x86/cpu: Remove the pointless CPU printout (bsc#1089343).
• x86/cpu/topology: Provide detectextendedtopology_early() (bsc#1089343).
• x86/fpu: Add an XSTATE_OP() macro (bnc#1012382).
• x86/fpu: Get rid of xstate_fault() (bnc#1012382).
• x86/headers: Do not include asm/processor.h in asm/atomic.h (bnc#1012382).
• x86/mce: Fix incorrect 'Machine check from unknown source' message (bnc#1012382).
• x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382).
• x86/mm: Simplify p[g4um]d_page() macros (1087081).
• x86/smpboot: Do not use smpnumsiblings in _maxlogical_packages calculation (bsc#1089343).
• x86/smp: Provide topologyisprimary_thread() (bsc#1089343).
• x86/topology: Add topologymaxsmt_threads() (bsc#1089343).
• x86/topology: Provide topologysmtsupported() (bsc#1089343).
• x86/vdso: Use staticcpuhas() (bnc#1012382).
• xen/grant-table: log the lack of grants (bnc#1085042).
• xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658).
• xen-netfront: Update features after registering netdev (bnc#1101658).
• xen: Remove unnecessary BUGON from _unbindfromirq() (bnc#1012382).
• xfrm6: avoid potential infinite loop in decodesession6() (bnc#1012382).
• xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382).
• xfrm: skip policies marked as dead while rehashing (bnc#1012382).
• xhci: xhci-mem: off by one in xhcistreamidtoring() (bnc#1012382).