-
Mon Aug 13 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.6.el7uek]
- ipv4: frags: handle possible skb truesize change (Eric Dumazet) [Orabug: 28481663] {CVE-2018-5391}
-
Mon Aug 13 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.5.el7uek]
- inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28481663] {CVE-2018-5391}
- init/main.c: reorder boot_cpu_state_init/smp_prepare_boot_cpu (Mihai Carabas) [Orabug: 28491890]
-
Fri Aug 10 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.4.el7uek]
- x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava) [Orabug: 28390134]
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620}
- cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646}
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3620}
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- x86: Don't include linux/irq.h from asm/hardirq.h (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3620}
- x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646}
- cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [Orabug: 28442418] {CVE-2018-3620}
- Documentation/l1tf: Fix typos (Tony Luck) [Orabug: 28442418] {CVE-2018-3620}
- x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646}
- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina) [Orabug: 28442418] {CVE-2018-3620}
- Documentation: Add section about CPU vulnerabilities (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina) [Orabug: 28442418] {CVE-2018-3646}
- cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- cpu/hotplug: Expose SMT control init function (Jiri Kosina) [Orabug: 28442418] {CVE-2018-3620}
- x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646}
- x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646}
- x86/kvm: Add static key for flush always (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646}
- x86/kvm: Move l1tf setup function (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646}
- x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646}
- x86/litf: Introduce vmx status variable (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646}
- x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} {CVE-2018-3646}
- x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646}
- KVM: X86: Provide a capability to disable PAUSE intercepts (Wanpeng Li) [Orabug: 28442418] {CVE-2018-3646}
- KVM: X86: Provide a capability to disable HLT intercepts (Wanpeng Li) [Orabug: 28442418] {CVE-2018-3646}
- KVM: X86: Provide a capability to disable MWAIT intercepts (Wanpeng Li) [Orabug: 28442418] {CVE-2018-3646}
- cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- Revert "x86/apic: Ignore secondary threads if nosmt=force" (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28442418] {CVE-2018-3620}
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28442418] {CVE-2018-3620}
- x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/cpu: Remove the pointless CPU printout (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- cpu/hotplug: Split do_cpu_down() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- cpu/hotplug: Make bringup/teardown of smp threads symmetric (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/topology: Provide topology_smt_supported() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620}
- sched/smt: Update sched_smt_present at runtime (Peter Zijlstra) [Orabug: 28442418] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28442418] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein) [Orabug: 28442418] {CVE-2018-3620}
- x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom) [Orabug: 28442418] {CVE-2018-3620} {CVE-2018-3620}
- x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov) [Orabug: 28442418] {CVE-2018-3620} {CVE-2018-3620}
-
Tue Aug 07 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.3.el7uek]
- tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390}
- tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390}
- tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390}
- tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390}
- tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390}
-
Tue Aug 07 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.2.el7uek]
- net/rds: Fix incorrect bigger vs. smaller IP address check (Håkon Bugge) [Orabug: 28239459]
- IB/mad: Use IDR for agent IDs (willy@infradead.org) [Orabug: 28340849]
- IB/mad: Agent registration is process context only (Matthew Wilcox) [Orabug: 28340849]
- IB/core: Make ib_mad_client_id atomic (Håkon Bugge) [Orabug: 28340849]
- scsi: lpfc: Revise copyright for new company language (James Smart) [Orabug: 28361789]
- scsi: lpfc: update driver version to 12.0.0.5 (James Smart) [Orabug: 28361789]
- scsi: lpfc: devloss timeout race condition caused null pointer reference (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix NVME Target crash in defer rcv logic (James Smart) [Orabug: 28361789]
- scsi: lpfc: Support duration field in Link Cable Beacon V1 command (James Smart) [Orabug: 28361789]
- scsi: lpfc: Make PBDE optimizations configurable (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix abort error path for NVMET (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix panic if driver unloaded when port is offline (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (James Smart) [Orabug: 28361789]
- scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (James Smart) [Orabug: 28361789]
- scsi: lpfc: use monotonic timestamps for statistics (Arnd Bergmann) [Orabug: 28361789]
- scsi: lpfc: update driver version to 12.0.0.4 (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix port initialization failure. (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix 16gb hbas failing cq create. (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (James Smart) [Orabug: 28361789]
- scsi: lpfc: correct oversubscription of nvme io requests for an adapter (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix MDS diagnostics failure (Rx < Tx) (James Smart) [Orabug: 28361789]
- scsi: lpfc: fix spelling mistakes: "mabilbox" and "maibox" (Colin Ian King) [Orabug: 28361789]
- scsi: lpfc: Comment cleanup regarding Broadcom copyright header (James Smart) [Orabug: 28361789]
- scsi: lpfc: update driver version to 12.0.0.3 (James Smart) [Orabug: 28361789]
- scsi: lpfc: Enhance log messages when reporting CQE errors (James Smart) [Orabug: 28361789]
- scsi: lpfc: Fix up log messages and stats counters in IO submit code path (James Smart) [Orabug: 28361789]
- scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (James Smart) [Orabug: 28361789]
- scsi: lpfc: Handle new link fault code returned by adapter firmware. (James Smart) [Orabug: 28361789]
- scsi: lpfc: Correct fw download error message (James Smart) [Orabug: 28361789]
- scsi: lpfc: enhance LE data structure copies to hardware (James Smart) [Orabug: 28361789]
- scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (James Smart) [Orabug: 28361789]
- uek-rpm: aarch64 Set CONFIG_BPF_STREAM_PARSER (Henry Willard) [Orabug: 28380994]
- uek-rpm: Enable net_failover.ko in nano_modules file (Victor Erminpour) [Orabug: 28401935]
- uek-rpm: config: Disable CONFIG_SECURITY_DMESG_RESTRICT (Victor Erminpour) [Orabug: 28401946]
-
Tue Aug 07 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.1.el7uek]
- net/rds: Implement ARP flushing correctly (Håkon Bugge) [Orabug: 28219851]
- scsi: smartpqi: bump driver version to 1.1.4-130 (Don Brace)
- scsi: smartpqi: fix critical ARM issue reading PQI index registers (Kevin Barnett)
- scsi: smartpqi: add inspur advantech ids (Kevin Barnett)
- scsi: smartpqi: improve error checking for sync requests (Kevin Barnett)
- scsi: smartpqi: improve handling for sync requests (Kevin Barnett)
- blk-mq: Allow PCI vector offset for mapping queues (Keith Busch)
- scsi: smartpqi: update driver version (Don Brace)
- scsi: smartpqi: workaround fw bug for oq deletion (Kevin Barnett)
- scsi: smartpqi: add in new supported controllers (Kevin Barnett)
- scsi: smartpqi: Convert timers to use timer_setup() (Kees Cook)
- uek-rpm: Enable ovmapi.ko in nano_module (Victor Erminpour) [Orabug: 28142947]
- rdmaip: fix returned value not set error (Zhu Yanjun)
- IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun)
- net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149099]
- net/rds: Fix kernel panic caused by a race between setup/teardown (Hans Westgaard Ry) [Orabug: 28341723]
- net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068633]
- net/rds: use one sided reconnection during a race (Wei Lin Guay) [Orabug: 28068633]
- Revert "Revert "net/rds: Revert "RDS: add reconnect retry scheme for stalled" (Håkon Bugge) [Orabug: 28068633]
- socket: close race condition between sock_close() and sockfs_setattr() (Cong Wang) [Orabug: 28312496] {CVE-2018-12232}
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size (Shankara Pailoor) [Orabug: 28312514] {CVE-2018-12233}
- x86/speculation: Support per-process SSBD with IBRS (Alexandre Chartre) [Orabug: 28354046]
- x86/speculation: Implement per-cpu IBRS control (Alexandre Chartre) [Orabug: 28064083]
-
Mon Aug 06 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.0.el7uek]
- ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (Corey Minyard) [Orabug: 27628285]
- rds: tcp: cancel all worker threads before shutting down socket (Sowmini Varadhan) [Orabug: 28350092]
- scsi: megaraid_sas: fix selection of reply queue (Ming Lei) [Orabug: 28353250]
- genirq/affinity: assign vectors to all possible CPUs (Christoph Hellwig) [Orabug: 28353250]
- rds: signedness bug (Dan Carpenter) [Orabug: 28319158]
- proc/kcore: don't bounds check against address 0 (Laura Abbott) [Orabug: 28321870]
- mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT (Andrea Arcangeli) [Orabug: 28322517]
- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256389]
- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 28257071]
-
Mon Jun 25 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.0.10.el7uek]
- RDMA/i40iw: Avoid panic when objects are being created and destroyed (Andrew Boyer) [Orabug: 28002611]
- RDMA/i40iw: Avoid reference leaks when processing the AEQ (Andrew Boyer) [Orabug: 28002611]
- RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (Andrew Boyer) [Orabug: 28002611]
- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28078155]
- rpi: MMC fails to find DMA channel and falls back to PIO (Vijay Kumar) [Orabug: 28075064]
- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085194]
- RPI: Fix serial console for RPI 3B and B+ (Vijay Kumar) [Orabug: 28181668]
- IB/rdmaip: Fix bug in failover_group parsing (Håkon Bugge) [Orabug: 28198745]
- xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 28171827]
-
Mon Jun 18 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.0.9.el7uek]
- crypto: introduce crypto wait for async op (Gilad Ben-Yossef) [Orabug: 28202897] {CVE-2018-5703}
- tls: Use correct sk->sk_prot for IPV6 (Boris Pismenny) [Orabug: 28202897] {CVE-2018-5703}
- tls: getsockopt return record sequence number (Boris Pismenny) [Orabug: 28202897] {CVE-2018-5703}
- tls: reset the crypto info if copy_from_user fails (Boris Pismenny) [Orabug: 28202897] {CVE-2018-5703}
- net: add a UID to use for ULP socket assignment (John Fastabend) [Orabug: 28202897] {CVE-2018-5703}
- tls: Add support for encryption using async offload accelerator (Vakul Garg) [Orabug: 28202897] {CVE-2018-5703}
- tls: Correct length of scatterlist in tls_sw_sendpage (Dave Watson) [Orabug: 28202897] {CVE-2018-5703}
- tls: don't override sk_write_space if tls_set_sw_offload fails. (Ilya Lesokhin) [Orabug: 28202897] {CVE-2018-5703}
- tls: Avoid copying crypto_info again after cipher_type check. (Ilya Lesokhin) [Orabug: 28202897] {CVE-2018-5703}
- tls: Move tls_make_aad to header to allow sharing (Ilya Lesokhin) [Orabug: 28202897] {CVE-2018-5703}
- tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used. (Ilya Lesokhin) [Orabug: 28202897] {CVE-2018-5703}
- tls: Add function to update the TLS socket configuration (Ilya Lesokhin) [Orabug: 28202897] {CVE-2018-5703}
-
Tue Jun 12 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.0.8.el7uek]
- Revert "uek-rpm: Turn on intel iommu/vt-d" (Jack Vogel) [Orabug: 28145694]