-
Fri Sep 14 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.2.el7uek]
- tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug: 28639707] {CVE-2018-5390}
- tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: increment sk_drops for dropped rx packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
-
Wed Sep 05 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.1.el7uek]
- x86/entry/64: Ensure %ebx handling correct in xen_failsafe_callback (George Kennedy) [Orabug: 28402927] {CVE-2018-14678}
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488808] {CVE-2018-3620}
- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488808] {CVE-2018-3620}
- x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620}
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488808] {CVE-2018-3646}
- x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488808] {CVE-2018-3620}
- x86/microcode: Do not upload microcode if CPUs are offline (Ashok Raj) [Orabug: 28488808] {CVE-2018-3620}
-
Fri Aug 31 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.9.el7uek]
- rebuild bumping release
-
Thu Aug 30 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.18.8.el7uek]
- Cipso: cipso_v4_optptr enter infinite loop (yujuan.qi) [Orabug: 28563992] {CVE-2018-10938}
- Btrfs: fix list_add corruption and soft lockups in fsync (Liu Bo) [Orabug: 28119834]
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra) [Orabug: 28474643] {CVE-2018-15594}
- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in sym_hipd.c (George Kennedy) [Orabug: 28481893]
- md/raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [Orabug: 28529228]
- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky) [Orabug: 28540376]
-
Tue Aug 21 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.18.7.el7uek]
- ext4: avoid deadlock when expanding inode size (Jan Kara) [Orabug: 25718971]
- ext4: properly align shifted xattrs when expanding inodes (Jan Kara) [Orabug: 25718971]
- ext4: fix xattr shifting when expanding inodes part 2 (Jan Kara) [Orabug: 25718971]
- ext4: fix xattr shifting when expanding inodes (Jan Kara) [Orabug: 25718971]
- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug: 27801171]
- nfsd: give out fewer session slots as limit approaches (J. Bruce Fields) [Orabug: 28023821]
- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28023821]
- uek-rpm: config-debug: Turn off torture testing by default (Knut Omang) [Orabug: 28261886]
- ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (Junichi Nomura)
- x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs (Yazen Ghannam) [Orabug: 28416303]
- Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459477] {CVE-2018-13405}
- scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459685] {CVE-2018-10021}
- PCI: Allocate ATS struct during enumeration (Bjorn Helgaas) [Orabug: 28460092]
-
Wed Aug 15 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.18.6.el7uek]
- qla2xxx: Update the version to 9.00.00.00.41.0-k1. (Giridhar Malavali) [Orabug: 28172611]
- qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion. (Giridhar Malavali) [Orabug: 28172611]
- qla2xxx: Correction to total data segment count when local DMA buffers used for DIF PI. (Giridhar Malavali)
- scsi: megaraid_sas: fix the wrong way to get irq number (Jianchao Wang) [Orabug: 28436426]
- ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459728] {CVE-2018-7566}
- ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459728] {CVE-2018-7566}
- oracleasm: Fix use after free for request processing timer (Martin K. Petersen) [Orabug: 28506080]
- oracleasm: Fix incorrectly set flag (Martin K. Petersen) [Orabug: 28506080]
- oracleasm: Fix memory leak (Martin K. Petersen) [Orabug: 28506080]
- oracleasm: Add ENXIO handling (Martin K. Petersen) [Orabug: 28506080]
- oracleasm: Add missing tracepoint (Martin K. Petersen) [Orabug: 28506080]
- oracleasm: Don't assume bip was allocated by oracleasm (Martin K. Petersen) [Orabug: 28506080]
- oracleasm: fix asmfs_dir_operations compiler error (Tom Saeger) [Orabug: 28506080]
-
Mon Aug 13 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.5.el7uek]
- inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28450977] {CVE-2018-5391}
- x86/mm/pageattr.c: fix page prot mask (Mihai Carabas) [Orabug: 28492122]
- x86/pgtable.h: fix PMD/PUD mask (Mihai Carabas) [Orabug: 28492122]
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28492122]
-
Mon Aug 13 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.4.el7uek]
- kvm/vmx: Don't mark vmx_exit() __exit (Boris Ostrovsky) [Orabug: 28491688]
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28491688]
- x86/speculation: parse l1tf boot parameter early (Boris Ostrovsky) [Orabug: 28491688]
-
Sat Aug 11 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.3.el7uek]
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481412] {CVE-2017-18344}
-
Sat Aug 11 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.2.el7uek]
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620}
- KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (KarimAllah Ahmed) [Orabug: 28220674] {CVE-2018-3646}
- x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620}
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646}
- x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646}
- x86: Don't include linux/irq.h from asm/hardirq.h (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3620}
- x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini) [Orabug: 28220625] {CVE-2018-3646}
- KVM: X86: Introduce kvm_get_msr_feature() (Wanpeng Li) [Orabug: 28220674] {CVE-2018-3646}
- KVM: x86: Add a framework for supporting MSR-based features (Tom Lendacky) [Orabug: 28220674] {CVE-2018-3646}
- cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [Orabug: 28220674] {CVE-2018-3620}
- Documentation/l1tf: Fix typos (Tony Luck) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646}
- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620}
- Documentation: Add section about CPU vulnerabilities (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3646}
- cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Expose SMT control init function (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620}
- x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/kvm: Add static key for flush always (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/kvm: Move l1tf setup function (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3646}
- x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3620}
- x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/litf: Introduce vmx status variable (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} {CVE-2018-3646}
- locking/static_keys: Add static_key_{en,dis}able() helpers (Peter Zijlstra) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks (Suravee Suthikulpanit) [Orabug: 28220674] {CVE-2018-3646}
- cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- Revert "x86/apic: Ignore secondary threads if nosmt=force" (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620}
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620}
- x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu: Remove the pointless CPU printout (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/topology: Add topology_max_smt_threads() (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Split do_cpu_down() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/topology: Provide topology_smt_supported() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov) [Orabug: 28220674] {CVE-2018-3620}