Release notes for the update from 181105 to 181203 Summary: Added Packages: 0 Removed Packages: 0 Modified Packages: 11 Updated Packages names: kernel 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 kernel-abi-whitelists 3.10.0-693.21.1.el7 3.10.0-693.43.1.el7 kernel-debug-devel 3.10.0-693.21.1.el7 3.10.0-693.43.1.el7 kernel-devel 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 kernel-headers 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 kernel-tools 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 kernel-tools-libs 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 irqbalance 1.0.7-10.el7 1.0.7-10.el7_4.1 perf 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 python-perf 3.10.0-693.37.4.el7 3.10.0-693.43.1.el7 xerces-c 3.1.1-8.el7_2 3.1.1-8.el7_4.1 Updated Packages Changes: irqbalance-1.0.7-10.el7_4.1 --------------------------- * Tue Feb 06 2018 Petr Oros - 3:1.0.7-10.1 - Balance correctly IRQs reappearing - Resolves: #1542450 kernel-3.10.0-693.43.1.el7 -------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} kernel-abi-whitelists-3.10.0-693.43.1.el7 ----------------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} * Wed Jul 11 2018 Denys Vlasenko [3.10.0-693.37.1.el7] - [x86] spec_ctrl: Always clear SPEC_CTRL MSRs when disabling IBRS (Waiman Long) [1586147 1574730] - [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Make "seccomp" the default mode for Speculative Store Bypass (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [kernel] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [kernel] prctl: Add force disable speculation (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spectre_v2: No mitigation if CPU not affected and no command override (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bug: Add X86_BUG_CPU_MELTDOWN and X86_BUG_SPECTRE_V[12] (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [mm] compaction: release zone irqlock in isolate_freepages_block (Andrea Arcangeli) [1596282 1582793] - [mm] compaction: change the timing to check to drop the spinlock (Andrea Arcangeli) [1596282 1582793] * Fri Jun 29 2018 Denys Vlasenko [3.10.0-693.36.1.el7] - [misc] vmware balloon: Treat init like reset (Cathy Avery) [1595600 1540110] * Thu Jun 07 2018 Denys Vlasenko [3.10.0-693.35.1.el7] - [net] sock_diag: request _diag module only when the family or proto has been registered (Xin Long) [1578271 1544898] - [x86] microcode: Load microcode on all cpus (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Attempt late loading only when new microcode is present (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Do not upload microcode if CPUs are offline (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Writeback and invalidate caches before updating microcode (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Check microcode revision before updating sibling threads (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Get rid of struct apply_microcode_ctx (Prarit Bhargava) [1578046 1568249] - [x86] cpu: Add a microcode loader callback (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Propagate return value from updating functions (Prarit Bhargava) [1578046 1568249] - [x86] microcode/amd: Change load_microcode_amd()'s param to bool to fix preemptibility bug (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Add a helper which gives the microcode revision (Prarit Bhargava) [1578046 1568249] - [x86] cpu: Add native CPUID variants returning a single datum (Prarit Bhargava) [1578046 1568249] - [x86] microcode/amd: Move private inlines to .c and mark local functions static (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Simplify generic_load_microcode() (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Do not issue microcode updates messages on each CPU (Prarit Bhargava) [1578046 1568249] - [s390] correct nospec auto detection init order (Hendrik Brueckner) [1577765 1558325] - [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1577765 1558325] - [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1577765 1558325] - [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1577765 1558325] - [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1577765 1558325] - [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1577765 1558325] - [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1577765 1558325] - [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1577765 1558325] - [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1577765 1558325] - [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1577765 1558325] - [s390] entry.s: fix spurious zeroing of r0 (Hendrik Brueckner) [1577765 1558325] - [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1577765 1558325] - [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1577765 1558325] - [s390] alternative: use a copy of the facility bit mask (Hendrik Brueckner) [1577765 1558325] - [scsi] sd: Do not override max_sectors_kb sysfs setting (Ewan Milne) [1573263 1507941] - [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1570516 1561787] - [powerpc] Move default security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1570516 1561787] - [powerpc] powernv: Use the security flags in pnv_setup_rfi_flush() (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1570516 1561787] - [powerpc] powernv: Set or clear security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] lib: seq: Add seq_buf_printf() (Mauricio Oliveira) [1570516 1561787] - [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1570508 1561785] * Thu May 31 2018 Denys Vlasenko [3.10.0-693.34.1.el7] - [x86] kvm: Fix loss of pending INIT due to race (Radim Krcmar) [1580466 1569473] kernel-debug-devel-3.10.0-693.43.1.el7 -------------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} * Wed Jul 11 2018 Denys Vlasenko [3.10.0-693.37.1.el7] - [x86] spec_ctrl: Always clear SPEC_CTRL MSRs when disabling IBRS (Waiman Long) [1586147 1574730] - [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] speculation: Make "seccomp" the default mode for Speculative Store Bypass (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [kernel] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [kernel] prctl: Add force disable speculation (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spectre_v2: No mitigation if CPU not affected and no command override (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] bug: Add X86_BUG_CPU_MELTDOWN and X86_BUG_SPECTRE_V[12] (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long) [1584331 1584569] {CVE-2018-3639} - [mm] compaction: release zone irqlock in isolate_freepages_block (Andrea Arcangeli) [1596282 1582793] - [mm] compaction: change the timing to check to drop the spinlock (Andrea Arcangeli) [1596282 1582793] * Fri Jun 29 2018 Denys Vlasenko [3.10.0-693.36.1.el7] - [misc] vmware balloon: Treat init like reset (Cathy Avery) [1595600 1540110] * Thu Jun 07 2018 Denys Vlasenko [3.10.0-693.35.1.el7] - [net] sock_diag: request _diag module only when the family or proto has been registered (Xin Long) [1578271 1544898] - [x86] microcode: Load microcode on all cpus (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Attempt late loading only when new microcode is present (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Do not upload microcode if CPUs are offline (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Writeback and invalidate caches before updating microcode (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Check microcode revision before updating sibling threads (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Get rid of struct apply_microcode_ctx (Prarit Bhargava) [1578046 1568249] - [x86] cpu: Add a microcode loader callback (Prarit Bhargava) [1578046 1568249] - [x86] microcode: Propagate return value from updating functions (Prarit Bhargava) [1578046 1568249] - [x86] microcode/amd: Change load_microcode_amd()'s param to bool to fix preemptibility bug (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Add a helper which gives the microcode revision (Prarit Bhargava) [1578046 1568249] - [x86] cpu: Add native CPUID variants returning a single datum (Prarit Bhargava) [1578046 1568249] - [x86] microcode/amd: Move private inlines to .c and mark local functions static (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Simplify generic_load_microcode() (Prarit Bhargava) [1578046 1568249] - [x86] microcode/intel: Do not issue microcode updates messages on each CPU (Prarit Bhargava) [1578046 1568249] - [s390] correct nospec auto detection init order (Hendrik Brueckner) [1577765 1558325] - [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1577765 1558325] - [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1577765 1558325] - [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1577765 1558325] - [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1577765 1558325] - [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1577765 1558325] - [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1577765 1558325] - [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1577765 1558325] - [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1577765 1558325] - [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1577765 1558325] - [s390] entry.s: fix spurious zeroing of r0 (Hendrik Brueckner) [1577765 1558325] - [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1577765 1558325] - [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1577765 1558325] - [s390] alternative: use a copy of the facility bit mask (Hendrik Brueckner) [1577765 1558325] - [scsi] sd: Do not override max_sectors_kb sysfs setting (Ewan Milne) [1573263 1507941] - [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1570516 1561787] - [powerpc] Move default security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1570516 1561787] - [powerpc] powernv: Use the security flags in pnv_setup_rfi_flush() (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1570516 1561787] - [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1570516 1561787] - [powerpc] powernv: Set or clear security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1570516 1561787] - [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1570516 1561787] - [powerpc] lib: seq: Add seq_buf_printf() (Mauricio Oliveira) [1570516 1561787] - [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1570508 1561785] - [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1570508 1561785] * Thu May 31 2018 Denys Vlasenko [3.10.0-693.34.1.el7] - [x86] kvm: Fix loss of pending INIT due to race (Radim Krcmar) [1580466 1569473] kernel-devel-3.10.0-693.43.1.el7 -------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} kernel-headers-3.10.0-693.43.1.el7 ---------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} kernel-tools-3.10.0-693.43.1.el7 -------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} kernel-tools-libs-3.10.0-693.43.1.el7 ------------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} perf-3.10.0-693.43.1.el7 ------------------------ * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} python-perf-3.10.0-693.43.1.el7 ------------------------------- * Thu Oct 11 2018 Denys Vlasenko [3.10.0-693.43.1.el7] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391} - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344} - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560] - [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768] - [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768] - [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768] - [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768] - [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768] - [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768] - [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768] - [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768] - [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675} - [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473] - [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151] - [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973] - [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973] * Sat Oct 06 2018 Denys Vlasenko [3.10.0-693.42.1.el7] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793] * Wed Sep 26 2018 Denys Vlasenko [3.10.0-693.41.1.el7] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634} * Tue Sep 11 2018 Denys Vlasenko [3.10.0-693.40.1.el7] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748] * Thu Sep 06 2018 Denys Vlasenko [3.10.0-693.39.1.el7] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390} - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515] * Fri Aug 24 2018 Denys Vlasenko [3.10.0-693.38.1.el7] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297] - [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} - [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620} xerces-c-3.1.1-8.el7_4.1 ------------------------ * Wed Sep 05 2018 Robbie Harwood - 3.1.1-8.el7_5.1 - Fix CVE-2016-4463 (artificially lower NVR) - Resolves: #1534481