SUSE-SU-2019:1854-1

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).
• CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).
• CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).
• CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smptasktimedout() and smptaskdone() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).
• CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiexuapparsetailies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).
• CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmgetnotzero or gettaskmm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/taskmmu.c, and drivers/infiniband/core/uverbsmain.c (bnc#1131645 1133738).

The following non-security bugs were fixed:

• Abort fileremoveprivs() for non-reg. files (bsc#1140888).
• acpica: Clear status of GPEs on first direct enable (bsc#1111666).
• acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510).
• acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510).
• alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).
• alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).
• alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).
• alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).
• alsa: line6: Fix write on zero-sized buffer (bsc#1051510).
• alsa: seq: fix incorrect order of destclient/destports arguments (bsc#1051510).
• alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666).
• alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).
• apparmor: enforce nullbyte at end of tag string (bsc#1051510).
• asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666).
• ax25: fix inconsistent lock state in ax25destroytimer (bsc#1051510).
• Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memoryfailurehugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeuehwpoisonedhugepage() (bsc#1139712). - mm: hwpoison: introduce idenfitypagestate (bsc#1139712). - mm: hugetlb: softoffline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if sethwpoisonfreebuddypage() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolvefreehuge_page() return zero on !PageHuge (bsc#bsc#1139712).
• blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).
• block: Fix a NULL pointer dereference in genericmakerequest() (bsc#1139771).
• bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).
• bpf, devmap: Add missing bulk queue free (bsc#1109837).
• bpf, devmap: Add missing RCU read lock on flush (bsc#1109837).
• bpf, devmap: Fix premature entry free on destroying map (bsc#1109837).
• bpf: devmap: fix use-after-free Read in _devmapentryfree (bsc#1109837).
• bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837).
• bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837).
• bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837).
• bpf: sockmap remove duplicate queue free (bsc#1109837).
• bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837).
• can: afcan: Fix error path of caninit() (bsc#1051510).
• can: flexcan: fix timeout when set small bitrate (bsc#1051510).
• can: purge socket error queue on sock destruct (bsc#1051510).
• ceph: flush dirty inodes before proceeding with remount (bsc#1140405).
• clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).
• clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).
• coresight: etb10: Fix handling of perf mode (bsc#1051510).
• coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
• crypto: algapi - guard against uninitialized spawn list in cryptoremovespawns (bsc#1133401).
• crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).
• crypto: user - prevent operating on larval algorithms (bsc#1133401).
• dax: Fix xarray entry association for mixed mappings (bsc#1140893).
• Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948).
• device core: Consolidate locking and unlocking of parent and device (bsc#1106383).
• dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
• doc: Cope with the deprecation of AutoReporter (bsc#1051510).
• documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187).
• documentation: DMA-API: fix a function name of maxmappingsize (bsc#1140954).
• driver core: Establish order of operations for deviceadd and devicedel via bitflag (bsc#1106383).
• driver core: Probe devices asynchronously instead of the driver (bsc#1106383).
• drivers/base/devres: introduce devmreleaseaction() (bsc#1103992).
• drivers/base: Introduce kill_device() (bsc#1139865).
• drivers/base: kABI fixes for struct device_private (bsc#1106383).
• drivers: misc: fix out-of-bounds access in function paramsetkgdbts_var (bsc#1051510).
• drm/amdgpu/gfx9: use reset default for PASCFIFO_SIZE (bsc#1051510).
• drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666).
• drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666).
• drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
• drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666).
• drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666).
• drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666).
• drm: Fix drm_release() and device unplug (bsc#1111666).
• drm/i915/dmc: protect against reading random memory (bsc#1051510).
• drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
• drm/imx: notify drm core before sending event during crtc disable (bsc#1111666).
• drm/imx: only send event on crtc disable if kept disabled (bsc#1111666).
• drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666).
• drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666).
• drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666).
• drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666).
• ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891).
• failover: allow name change on IFF_UP slave interfaces (bsc#1109837).
• fs/ocfs2: fix race in ocfs2dentryattach_lock() (bsc#1140889).
• fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887).
• fs/proc/procsysctl.c: fix NULL pointer dereference in putlinks (bsc#1140887).
• ftrace/x86: Remove possible deadlock between registerkprobe() and ftracerunupdatecode() (bsc#1071995).
• genirq: Prevent use-after-free and work list corruption (bsc#1051510).
• genirq: Respect IRQCHIPSKIPSETWAKE in irqchipsetwake_parent() (bsc#1051510).
• genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
• gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510).
• hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)).
• hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)).
• i2c: acorn: fix i2c warning (bsc#1135642).
• i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374).
• i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374).
• i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374).
• i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374).
• i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374).
• i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374).
• ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685).
• ib/hfi1: Create inline to get extended headers (bsc#1114685 ).
• ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ).
• ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ).
• input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).
• input: uinput - add compat ioctl number translation for UI*FF_UPLOAD (bsc#1051510).
• iommu/amd: Make iommu_disable safer (bsc#1140955).
• iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510).
• iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956).
• iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666).
• iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510).
• iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510).
• iommu: Fix a leak in iommuinsertresv_region (bsc#1140957).
• iommu: Use right function to get group for device (bsc#1140958).
• iommu/vt-d: Duplicate iommuresvregion objects per device list (bsc#1140959).
• iommu/vt-d: Handle PCI bridge RMRR device scopes in inteliommugetresvregions (bsc#1140960).
• iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961).
• iommu/vt-d: Introduce isdownstreamtopcibridge helper (bsc#1140962).
• iommu/vt-d: Remove unnecessary rcureadlocks (bsc#1140964).
• ioviter: Fix build error without CONFIGCRYPTO (bsc#1111666).
• irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510).
• irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510).
• ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228).
• kabi fixup blkmqregister_dev() (bsc#1140637).
• kernel-binary: fix missing \
• kernel-binary: rpm does not support multiline condition
• kernel-binary: Use -c grep option in klp project detection.
• kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971).
• kvm: x86: fix return value for reserved EFER (bsc#1140992).
• kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972).
• libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).
• libceph: assign cookies in linger_submit() (bsc#1135897).
• libceph: check reply numdataitems in setuprequestdata() (bsc#1135897).
• libceph: do not consume a ref on pagelist in cephmsgdataaddpagelist() (bsc#1135897).
• libceph: enable fallback to cephmsgnew() in cephmsgpoolget() (bsc#1135897).
• libceph: introduce allocwatchrequest() (bsc#1135897).
• libceph: introduce cephpagelistalloc() (bsc#1135897).
• libceph: preallocate message data items (bsc#1135897).
• libceph, rbd: add error handling for osdreqopclsinit() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master.
• libceph, rbd, ceph: move cephosdcalloc_messages() calls (bsc#1135897).
• libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).
• libnvdimm, pfn: Fix over-trim in trimpfndevice() (bsc#1140719).
• mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).
• mac80211: drop robust management frames from unknown TA (bsc#1051510).
• mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).
• media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
• mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510).
• mISDN: make sure device name is NUL terminated (bsc#1051510).
• mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374).
• mlxsw: core: Do not use WQMEMRECLAIM for EMAD workqueue (bsc#1112374).
• mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374).
• mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374).
• mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374).
• mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).
• mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374).
• mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).
• mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374).
• mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374).
• mmc: core: complete HS400 before checking status (bsc#1111666).
• mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).
• mm/devmmemremappages: introduce devmmemunmappages (bsc#1103992).
• mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)).
• mm/pagealloc.c: fix never set ALLOCNOFRAGMENT flag (git fixes (mm/pagealloc)).
• mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)).
• net: core: support XDP generic on stacked devices (bsc#1109837).
• net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990).
• net: ena: add ethtool function for changing io queue sizes (bsc#1138879).
• net: ena: add good checksum counter (bsc#1138879).
• net: ena: add handling of llq max tx burst size (bsc#1138879).
• net: ena: add MAXQUEUESEXT get feature admin command (bsc#1138879).
• net: ena: add newline at the end of pr_err prints (bsc#1138879).
• net: ena: add support for changing maxheadersize in LLQ mode (bsc#1138879).
• net: ena: allow automatic fallback to polling mode (bsc#1138879).
• net: ena: allow queue allocation backoff when low on memory (bsc#1138879).
• net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879).
• net: ena: enable negotiating larger Rx ring size (bsc#1138879).
• net: ena: ethtool: add extra properties retrieval via getprivflags (bsc#1138879).
• net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879).
• net: ena: fix enacomfillhashfunction() implementation (bsc#1138879).
• net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879).
• net: ena: fix incorrect test of supported hash function (bsc#1138879).
• net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879).
• net: ena: fix swapped parameters when calling enacomindirecttablefill_entry (bsc#1138879).
• net: ena: gcc 8: fix compilation warning (bsc#1138879).
• net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879).
• net: ena: make ethtool show correct current and max queue sizes (bsc#1138879).
• net: ena: optimise calculations for CQ doorbell (bsc#1138879).
• net: ena: remove inline keyword from functions in *.c (bsc#1138879).
• net: ena: replace freetx/rxids union with single freeids field in enaring (bsc#1138879).
• net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879).
• net: ena: use devinfoonce instead of static variable (bsc#1138879).
• net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836).
• net: Fix missing meta data in skb with vlan packet (bsc#1109837).
• net/mlx5: Avoid reloading already removed devices (bsc#1103990 ).
• net/mlx5e: Fix ethtool rxfh commands when CONFIGMLX5EN_RXNFC is disabled (bsc#1103990).
• net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ).
• net/mlx5e: Fix use-after-free after xdpreturnframe (bsc#1103990).
• net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ).
• net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837).
• net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ).
• net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990).
• net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ).
• net/mlx5: Set completion EQs as shared resources (bsc#1103991 ).
• net/mlx5: Update pci error handler entries and command translation (bsc#1103991).
• net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
• net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
• net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
• net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
• net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
• net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
• net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113).
• net/sched: cbs: Fix error path of cbsmoduleinit (bsc#1109837).
• net/sched: cbs: fix port_rate miscalculation (bsc#1109837).
• net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837).
• net/tls: avoid potential deadlock in tlssetdeviceoffloadrx() (bsc#1109837).
• net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837).
• net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837).
• net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837).
• net/tls: do not leak IV and record seq when offload fails (bsc#1109837).
• net/tls: do not leak partially sent record in device mode (bsc#1109837).
• net/tls: fix build without CONFIGTLSDEVICE (bsc#1109837).
• net/tls: fix copy to fragments in reencrypt (bsc#1109837).
• net/tls: fix page double free on TX cleanup (bsc#1109837).
• net/tls: fix refcount adjustment in fallback (bsc#1109837).
• net/tls: fix state removal with feature flags off (bsc#1109837).
• net/tls: fix the IV leaks (bsc#1109837).
• net/tls: prevent bad memory access in tlsissktxdevice_offloaded() (bsc#1109837).
• net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837).
• net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837).
• nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).
• nfit/ars: Avoid stale ARS results (jsc#SLE-5433).
• nfit/ars: Introduce scrub_flags (jsc#SLE-5433).
• nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837).
• nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837).
• ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
• nvme: copy MTFA field from identify controller (bsc#1140715).
• nvme-rdma: fix double freeing of async event data (bsc#1120423).
• nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).
• ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).
• pci: Do not poll for PME if the device is in D3cold (bsc#1051510).
• pci/p2pdma: fix the genpooladd_virt() failure path (bsc#1103992).
• pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
• pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).
• pinctrl/amd: add get_direction handler (bsc#1140463).
• pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463).
• pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463).
• pinctrl/amd: make functions amdgpiosuspend and amdgpioresume static (bsc#1140463).
• pinctrl/amd: poll InterruptEnable bits in amdgpioirqsettype (bsc#1140463).
• pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463).
• pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666).
• powerpc/perf: Add PMLDMISSL1 and PMBR_2PATH to power9 event list (bsc#1137728, LTC#178106).
• powerpc/perf: Add POWER9 alternate PMRUNCYC and PMRUNINST_CMPL events (bsc#1137728, LTC#178106).
• powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).
• ppc64le: enable CONFIGPPCDTCPUFTRS (jsc#SLE-7159).
• ppp: mppe: Add softdep to arc4 (bsc#1088047).
• ptrace: Fix ->ptracercred handling for PTRACETRACEME (git-fixes).
• ptrace: restore smprmb() in _ptracemayaccess() (git-fixes).
• pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666).
• qmi_wwan: Fix out-of-bounds read (bsc#1111666).
• rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992).
• rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991).
• rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991).
• rdma/mlx5: Use rdmausermap_io for mapping BAR pages (bsc#1103992).
• regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510).
• Replace the bluetooth fix with the upstream commit (bsc#1135556)
• Revert 'net: ena: ethtool: add extra properties retrieval via getprivflags' (bsc#1138879).
• Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990).
• Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()''
• Revert 'Sign non-x86 kernels when possible (boo#1134303)' This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now.
• Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133).
• rpm/package-descriptions: fix typo in kernel-azure
• rpm/post.sh: correct typo in err msg (bsc#1137625)
• sbitmap: fix improper use of smpmbbeforeatomic() (bsc#1140658).
• scripts/gitsort/gitsort.py: add djbw/nvdimm nvdimm-pending.
• scripts/gitsort/gitsort.py: add nvdimm/libnvdimm-fixes
• scripts/gitsort/gitsort.py: drop old scsi branches
• scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161).
• scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161).
• scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161).
• scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161).
• scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161).
• scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).
• scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).
• scsi: be2iscsi: fix spelling mistake 'Retreiving' -> 'Retrieving' (jsc#SLE-4721 bsc#1136264).
• scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264).
• scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264).
• scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264).
• scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
• scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: fix calls to dmasetmaskandcoherent() (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: fix missing data copy in csioscsierr_handler() (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: fix NULL pointer dereference in csiovportset_state() (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343).
• scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343).
• scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Add flag highiopsqueues (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: change basegetmsixindex prototype (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Fix typo in requestdesripttype (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717).
• scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717).
• scsi: qla2xxx: Fix abort handling in tcmqla2xxxwrite_pending() (bsc#1140727).
• scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).
• scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
• scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
• signal/ptrace: Do not leak unitialized kernel memory with PTRACEPEEKSIGINFO (git-fixes).
• staging: comedi: nimiocommon: Fix divide-by-zero for DIO cmdtest (bsc#1051510).
• staging:iio:ad7150: fix threshold mode config bit (bsc#1051510).
• svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
• svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
• sysctl: handle overflow in procgetlong (bsc#1051510).
• tools: bpftool: fix infinite loop in map create (bsc#1109837).
• tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).
• typec: tcpm: fix compiler warning about stupid things (git-fixes).
• usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).
• usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).
• usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).
• usbnet: ipheth: fix racing condition (bsc#1051510).
• usb: serial: fix initial-termios handling (bsc#1135642).
• usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).
• usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).
• usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
• usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).
• x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187).
• x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187).
• x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187).
• x86/umwait: Initialize umwait control values (jsc#SLE-5187).
• xdp: check device pointer before clearing (bsc#1109837).