Release notes for the update from 181105 to 181203

Summary:
Added Packages: 0
Removed Packages: 0
Modified Packages: 5

Updated Packages names:
kernel                          3.10.0-693.37.4.el7          3.10.0-693.43.1.el7
kernel-tools                    3.10.0-693.37.4.el7          3.10.0-693.43.1.el7
kernel-tools-libs               3.10.0-693.37.4.el7          3.10.0-693.43.1.el7
irqbalance                      1.0.7-10.el7                 1.0.7-10.el7_4.1   
python-perf                     3.10.0-693.37.4.el7          3.10.0-693.43.1.el7


Updated Packages Changes:

irqbalance-1.0.7-10.el7_4.1
---------------------------
* Tue Feb 06 2018 Petr Oros <poros@redhat.com> - 3:1.0.7-10.1
- Balance correctly IRQs reappearing
- Resolves: #1542450


kernel-3.10.0-693.43.1.el7
--------------------------
* Thu Oct 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.43.1.el7]
- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344}
- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768]
- [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768]
- [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768]
- [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768]
- [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768]
- [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768]
- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675}
- [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473]
- [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151]
- [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973]
- [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973]

* Sat Oct 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.42.1.el7]
- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793]

* Wed Sep 26 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.41.1.el7]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}

* Tue Sep 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.40.1.el7]
- [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748]

* Thu Sep 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.39.1.el7]
- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515]

* Fri Aug 24 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.38.1.el7]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297]
- [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899]
- [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106]
- [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330]
- [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330]
- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}


kernel-tools-3.10.0-693.43.1.el7
--------------------------------
* Thu Oct 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.43.1.el7]
- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344}
- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768]
- [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768]
- [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768]
- [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768]
- [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768]
- [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768]
- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675}
- [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473]
- [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151]
- [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973]
- [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973]

* Sat Oct 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.42.1.el7]
- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793]

* Wed Sep 26 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.41.1.el7]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}

* Tue Sep 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.40.1.el7]
- [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748]

* Thu Sep 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.39.1.el7]
- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515]

* Fri Aug 24 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.38.1.el7]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297]
- [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899]
- [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106]
- [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330]
- [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330]
- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}


kernel-tools-libs-3.10.0-693.43.1.el7
-------------------------------------
* Thu Oct 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.43.1.el7]
- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344}
- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768]
- [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768]
- [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768]
- [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768]
- [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768]
- [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768]
- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675}
- [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473]
- [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151]
- [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973]
- [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973]

* Sat Oct 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.42.1.el7]
- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793]

* Wed Sep 26 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.41.1.el7]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}

* Tue Sep 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.40.1.el7]
- [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748]

* Thu Sep 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.39.1.el7]
- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515]

* Fri Aug 24 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.38.1.el7]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297]
- [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899]
- [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106]
- [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330]
- [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330]
- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}


python-perf-3.10.0-693.43.1.el7
-------------------------------
* Thu Oct 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.43.1.el7]
- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1615775 1613924] {CVE-2018-5391}
- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613709 1613711] {CVE-2017-18344}
- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1625867 1610560]
- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1625867 1610560]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Steve Dickson) [1634706 1575768]
- [fs] NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 (Steve Dickson) [1634706 1575768]
- [fs] NFS: Merge the remaining setup_sequence functions (Steve Dickson) [1634706 1575768]
- [fs] NFS: Check if the slot table is draining from nfs4_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Handle setup sequence task rescheduling in a single place (Steve Dickson) [1634706 1575768]
- [fs] NFS: Lock the slot table from a single place during setup sequence (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move slot-already-allocated check into nfs_setup_sequence() (Steve Dickson) [1634706 1575768]
- [fs] NFS: Create a single nfs4_setup_sequence() function (Steve Dickson) [1634706 1575768]
- [fs] NFS: Use nfs4_setup_sequence() everywhere (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_setup_sequence() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Change nfs4_get_session() to take an nfs_client structure (Steve Dickson) [1634706 1575768]
- [fs] NFS: Move nfs4_get_session() into nfs4_session.h (Steve Dickson) [1634706 1575768]
- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1629567 1619602]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1629567 1619602]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1622574 1576755] {CVE-2018-10675}
- [netdrv] cxgb4: assume flash part size to be 4MB, if it can't be determined (Arjun Vynipadath) [1620553 1600473]
- [netdrv] cxgb4: fix missing break in switch and indent return statements (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: support new ISSI flash parts (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Fix FW flash errors (Arjun Vynipadath) [1621996 1523151]
- [netdrv] cxgb4: Add support for new flash parts (Arjun Vynipadath) [1621996 1523151]
- [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1561089 1535973]
- [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: Add IBPB support (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1561089 1535973]
- [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1561089 1535973]
- [x86] cpufeatures: sync spec_ctrl flags with RHEL7 flags (Paolo Bonzini) [1561089 1535973]

* Sat Oct 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.42.1.el7]
- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1635795 1619793]

* Wed Sep 26 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.41.1.el7]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625979 1625991] {CVE-2018-14634}

* Tue Sep 11 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.40.1.el7]
- [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1626033 1567748]

* Thu Sep 06 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.39.1.el7]
- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] tcp tcp_memcontrol: sanitize tcp memory accounting callbacks (Stefano Brivio) [1611366 1611369] {CVE-2018-5390}
- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [net] add rbnode to struct sk_buff (Paolo Abeni) [1611366 1611369] {CVE-2018-5390}
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619621 1614515]

* Fri Aug 24 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.38.1.el7]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612352 1585297]
- [powerpc] powerpc/64s, powernv, pseries: merge back setup_stf_barrier() enable option (Gustavo Duarte) [1612352 1585297]
- [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618389 1607899]
- [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601008 1559106]
- [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588365 1496330]
- [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588365 1496330]
- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593381 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: detect SMT disabled by BIOS (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] l1tf: Fix typos (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Remove extra newline in 'vmentry_l1d_flush' sysfs file (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [documentation] Add section about CPU vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Expose SMT control init function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Add static key for flush always (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Make cpu_show_common() static (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Concentrate bug reporting into a separate function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Add find_msr() helper function (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- Revert "[x86] apic: Ignore secondary threads if nosmt=force" (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/AMD: Do not check CPUID max ext level before parsing SMP info (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] cpu: Modify detect_extended_topology() to return result (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: sync with latest L1TF patches (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Report if too much memory for L1TF workaround (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Limit swap file size to MAX_PA/2 (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Add sysfs reporting for l1tf (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Make sure the first page is always reserved (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Protect swap entries against L1TF (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] add support for L1D flush MSR (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Simplify p[g4um]d_page() macros (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] mm: Fix regression with huge pages on PAE (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Move PUD_PAGE macros to page_types.h (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Fix pud/pmd interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}
- [x86] asm: Add pud/pmd mask interfaces to handle large PAT bit (Denys Vlasenko) [1593381 1593383] {CVE-2018-3620}