[ol7_UEKR4_archive] kernel-uek-doc-4.1.12-61.65.1.el7uek.noarch

Name:	kernel-uek-doc
Version:	4.1.12
Release:	61.65.1.el7uek
Architecture:	noarch
Group:	Documentation
Size:	57990186
License:	GPLv2
RPM:	kernel-uek-doc-4.1.12-61.65.1.el7uek.noarch.rpm
Source RPM:	kernel-uek-4.1.12-61.65.1.el7uek.src.rpm
Build Date:	Wed Dec 12 2018
Build Host:	ca-build85.us.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	Various documentation bits found in the kernel source
Description:	This package contains documentation files from the kernel source. Various bits of information about the Linux kernel and the device drivers shipped with it are documented in these files. You'll want to install this package if you need a reference to the options that can be passed to Linux kernel modules at load time.

Changelog (Show File list) (Show related packages)

Wed Dec 12 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-61.65.1.el7uek]

- inet: frags: remove INET_FRAG_EVICTED and use list_evictor for the test (Venkat Venkatsubra)  [Orabug: 28991543]  
-  inet: frag: don't wait for timer deletion when evicting (Venkat Venkatsubra)  [Orabug: 28991543]  
- inet: frag: change *_frag_mem_limit functions to take netns_frags as argument (Venkat Venkatsubra)  [Orabug: 28991543]  
-  inet: frag: don't re-use chainlist for evictor (Venkat Venkatsubra)  [Orabug: 28991543]

Tue Feb 06 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-61.64.1.el7uek]

- IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay)  [Orabug: 27243419]  
- IB/cm: avoid query device in CM REQ/REP (Francisco Triviño)  [Orabug: 27243417]  
- IB/cm: return original rnr value when RNR WA for PSIF (Francisco Triviño)  [Orabug: 27243417]  
- IB/cm: MBIT needs to be used in network order (Francisco Triviño)  [Orabug: 27243417]  
- RDS: ActiveBonding: Make its own thread for active active (Santosh Shilimkar)  [Orabug: 25512942]  
- RDS: ActiveBonding: Create a cluster sync point for failback (Santosh Shilimkar)  [Orabug: 25512942]  
- RDS: correct condition check in reconnect_timeout() (Ajaykumar Hotchandani)  [Orabug: 25512942]

Wed Jan 24 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-61.63.1.el7uek]

- Revert "kernel.spec: Require the new microcode_ctl." (Brian Maly)   
- x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju)  [Orabug: 27439198]  
- x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju)  [Orabug: 27439198]  
- Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju)  [Orabug: 27439198]  
- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner)  [Orabug: 27439198]  
- sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse)  [Orabug: 27439198]  
- sysfs/cpu: Add vulnerability folder (Thomas Gleixner)  [Orabug: 27439198]  
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse)  [Orabug: 27439198]  
- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju)  [Orabug: 27439198]  
- KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig)   {CVE-2017-5753} 
- KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig)  [Orabug: 27439182]  {CVE-2017-1000407} {CVE-2017-1000407}

Tue Jan 23 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-61.62.1.el7uek]

- xen-blkback: add pending_req allocation stats (Ankur Arora)  [Orabug: 27386891]  
- xen-blkback: move indirect req allocation out-of-line (Ankur Arora)  [Orabug: 27386891]  
- xen-blkback: pull nseg validation out in a function (Ankur Arora)  [Orabug: 27386891]  
- xen-blkback: make struct pending_req less monolithic (Ankur Arora)  [Orabug: 27386891]

Fri Jan 12 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-61.61.1.el7uek]

- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin)  [Orabug: 27378519] [Orabug: 27352353]  {CVE-2017-5754} 
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk)  [Orabug: 27378474]  
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky)  [Orabug: 27378115]  
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky)  [Orabug: 27382622]  
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles)  [Orabug: 27345850]  {CVE-2017-5715} 
- ptrace: remove unlocked RCU dereference. (Jamie Iles)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk)  [Orabug: 27365614]  {CVE-2017-5715} 
- x86/ia32: save and clear registers on syscall. (Jamie Iles)  [Orabug: 27371760]  {CVE-2017-5754} 
- x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky)  [Orabug: 27371757]  
- pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk)   
- Make use of ibrs_inuse consistent. (Jun Nakajima)   
- x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk)   
- Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86: more ibrs/pti fixes (Pavel Tatashin)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86: Don't ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk)  [Orabug: 27371653]  {CVE-2017-5754} 
- PTI: unbreak EFI old_memmap (Jiri Kosina)  [Orabug: 27371653]  {CVE-2017-5754} 
- KAISER KABI tweaks. (Martin K. Petersen)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/ldt: fix crash in ldt freeing. (Jamie Iles)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: Set _PAGE_NX only if supported (Guenter Roeck)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- KPTI: Report when enabled (Kees Cook)  [Orabug: 27371653]  {CVE-2017-5754} 
- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/kaiser: Move feature detection up (Borislav Petkov)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/kaiser: Reenable PARAVIRT (Borislav Petkov)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/kaiser: Check boottime cmdline params (Borislav Petkov)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: add "nokaiser" boot option, using ALTERNATIVE (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: enhanced by kernel and user PCIDs (Dave Hansen)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: cleanups while trying for gold link (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: fix perf crashes (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: KAISER depends on SMP (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins)  [Orabug: 27371653]  {CVE-2017-5754} 
- kaiser: merged update (Dave Hansen)  [Orabug: 27371653]  {CVE-2017-5754} 
- KAISER: Kernel Address Isolation (Richard Fellner)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu)  [Orabug: 27371653]  {CVE-2017-5754} 
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Fix INVPCID asm constraint (Borislav Petkov)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/mm: Add INVPCID helpers (Andy Lutomirski)  [Orabug: 27371653]  {CVE-2017-5754} 
- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk)  [Orabug: 27351388]  
- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk)   {CVE-2017-5715}

Fri Jan 05 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-61.60.1.el7uek]

- userns: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- udf: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- net: mpls: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- fs: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- ipv6: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- ipv4: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- Thermal/int340x: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- cw1200: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- qla2xxx: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- p54: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- carl9170: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- uvcvideo: prevent speculative execution (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- locking/barriers: introduce new observable speculation barrier (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova)  [Orabug: 27345857]  {CVE-2017-5753} 
- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} {CVE-2017-5715} 
- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- Set IBPB when running a different VCPU (Dave Hansen)  [Orabug: 27345850]  {CVE-2017-5715} 
- Clear the host registers after setbe (Jun Nakajima)  [Orabug: 27345850]  {CVE-2017-5715} 
- Use the ibpb_inuse variable. (Jun Nakajima)  [Orabug: 27345850]  {CVE-2017-5715} 
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli)  [Orabug: 27345850]  {CVE-2017-5715} 
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini)  [Orabug: 27345850]  {CVE-2017-5715} 
- Use the "ibrs_inuse" variable. (Jun Nakajima)  [Orabug: 27345850]  {CVE-2017-5715} 
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/kvm: Pad RSB on VM transition (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/kvm: clear registers on VM exit (Tom Lendacky)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/kvm: Set IBPB when switching VM (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/mm: Set IBPB upon context switch (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli)  [Orabug: 27345850]  {CVE-2017-5715} 
- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/enter: Use IBRS on syscall and interrupts (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/feature: Report presence of IBPB and IBRS control (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk)  [Orabug: 27345850]  {CVE-2017-5715} 
- x86/feature: Enable the x86 feature to control (Tim Chen)  [Orabug: 27345850]  {CVE-2017-5715}

Mon Nov 20 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.59.1.el7uek]

- nvme: merge probe_work and reset_work (Christoph Hellwig)  [Orabug: 26984819]  
- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig)  [Orabug: 26984819]  
- nvme: add NVME_SC_CANCELLED (Christoph Hellwig)  [Orabug: 26984819]

Mon Nov 13 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.58.1.el7uek]

- netlink: allow to listen "all" netns (Nicolas Dichtel)  [Orabug: 27098331]  
- netlink: rename private flags and states (Nicolas Dichtel)  [Orabug: 27098331]  
- netns: use a spin_lock to protect nsid management (Nicolas Dichtel)  [Orabug: 27098331]  
- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel)  [Orabug: 27098331]  
- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel)  [Orabug: 27098331]  
- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel)  [Orabug: 27098331]  
- netns: returns always an id in __peernet2id() (Nicolas Dichtel)  [Orabug: 27098331]  
- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins)  [Orabug: 26338222]  {CVE-2017-1000364} 
- mm: larger stack guard gap, between vmas (Hugh Dickins)  [Orabug: 26338222]  {CVE-2017-1000364} 
- Revert "SUNRPC: Refactor svc_set_num_threads()" (Kirtikar Kashyap)  [Orabug: 26981903]  
- Revert "NFSv4: Fix callback server shutdown" (Kirtikar Kashyap)  [Orabug: 26981903]

Thu Oct 12 2017 Dhaval Giani <dhaval.giani@oracle.com> [4.1.12-61.57.1.el7uek]

- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn)  [Orabug: 26681157]  {CVE-2017-1000111} 
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet)  [Orabug: 26650879]  {CVE-2017-9075} 
- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han)  [Orabug: 26643642]  {CVE-2017-11473} 
- aio: mark AIO pseudo-fs noexec (Jann Horn)  [Orabug: 26643594]  {CVE-2016-10044} 
- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang)  [Orabug: 26643552]  {CVE-2017-11176} 
- ping: implement proper locking (Eric Dumazet)  [Orabug: 26540282]  {CVE-2017-2671} 
- nfsd: encoders mustn't use unitialized values in error cases (J. Bruce Fields)  [Orabug: 26572912]  {CVE-2017-8797} 
- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi)  [Orabug: 26572912]  {CVE-2017-8797} 
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman)  [Orabug: 26643594]  {CVE-2016-10044} 
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo)  [Orabug: 26643594]  {CVE-2016-10044} 
- fs/exec.c: account for argv/envp pointers (Kees Cook)  [Orabug: 26403981]  {CVE-2017-1000365} {CVE-2017-1000365} 
- NFSv4: Fix callback server shutdown (Trond Myklebust)  [Orabug: 26403981]  {CVE-2017-9059} 
- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust)  [Orabug: 26403981]  {CVE-2017-9059}

Thu Sep 28 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.56.1.el7uek]

- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay)  [Orabug: 26867347]  
- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky)  [Orabug: 26867347]