-
Mon Aug 13 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.5.el7uek]
- inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28450977]
- x86/mm/pageattr.c: fix page prot mask (Mihai Carabas) [Orabug: 28492122]
- x86/pgtable.h: fix PMD/PUD mask (Mihai Carabas) [Orabug: 28492122]
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28492122]
-
Mon Aug 13 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.4.el7uek]
- kvm/vmx: Don't mark vmx_exit() __exit (Boris Ostrovsky) [Orabug: 28491688]
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28491688]
- x86/speculation: parse l1tf boot parameter early (Boris Ostrovsky) [Orabug: 28491688]
-
Sat Aug 11 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.3.el7uek]
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481412] {CVE-2017-18344}
-
Sat Aug 11 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.2.el7uek]
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620}
- KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (KarimAllah Ahmed) [Orabug: 28220674] {CVE-2018-3646}
- x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620}
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646}
- x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646}
- x86: Don't include linux/irq.h from asm/hardirq.h (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3620}
- x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646}
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini) [Orabug: 28220625] {CVE-2018-3646}
- KVM: X86: Introduce kvm_get_msr_feature() (Wanpeng Li) [Orabug: 28220674] {CVE-2018-3646}
- KVM: x86: Add a framework for supporting MSR-based features (Tom Lendacky) [Orabug: 28220674] {CVE-2018-3646}
- cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [Orabug: 28220674] {CVE-2018-3620}
- Documentation/l1tf: Fix typos (Tony Luck) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646}
- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620}
- Documentation: Add section about CPU vulnerabilities (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3646}
- cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Expose SMT control init function (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620}
- x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/kvm: Add static key for flush always (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/kvm: Move l1tf setup function (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3646}
- x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3620}
- x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646}
- x86/litf: Introduce vmx status variable (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646}
- x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} {CVE-2018-3646}
- locking/static_keys: Add static_key_{en,dis}able() helpers (Peter Zijlstra) [Orabug: 28220674] {CVE-2018-3620}
- x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646}
- KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks (Suravee Suthikulpanit) [Orabug: 28220674] {CVE-2018-3646}
- cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- Revert "x86/apic: Ignore secondary threads if nosmt=force" (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620}
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620}
- x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/cpu: Remove the pointless CPU printout (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/topology: Add topology_max_smt_threads() (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620}
- cpu/hotplug: Split do_cpu_down() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/topology: Provide topology_smt_supported() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom) [Orabug: 28220674] {CVE-2018-3620}
- x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov) [Orabug: 28220674] {CVE-2018-3620}
-
Tue Aug 07 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.18.1.el7uek]
- x86/speculation: Support per-process SSBD with IBRS (Alexandre Chartre) [Orabug: 28354043]
- Revert "xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent" (Dongli Zhang) [Orabug: 28441054]
-
Tue Jul 31 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.17.4.el7uek]
- x86/speculation: Implement per-cpu IBRS control (Alexandre Chartre) [Orabug: 28064081]
- IB/mad: Use ID allocator routines to allocate agent number (Hans Westgaard Ry) [Orabug: 28339815]
- x86/mcheck: Reorganize the hotplug callbacks (Sebastian Andrzej Siewior) [Orabug: 28387566]
-
Wed Jul 25 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.17.3.el7uek]
- rtnetlink: fix rtnl_vfinfo_size (Sabrina Dubroca) [Orabug: 27998927]
- rds: IB: avoid migration to port that is down (Zhu Yanjun) [Orabug: 28097129]
- net/rds: Fix kernel panic caused by a race between setup/teardown (Hans Westgaard Ry) [Orabug: 28326553]
- rds: IB: fix returned value not set error (Zhu Yanjun) [Orabug: 28356474]
-
Tue Jul 17 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.17.2.el7uek]
- fs: proc: array.c: fix Speculation_Store_Bypass print format (Mihai Carabas) [Orabug: 28128750]
- xfs: don't chain ioends during writepage submission (Dave Chinner) [Orabug: 28193043]
- xfs: factor mapping out of xfs_do_writepage (Dave Chinner) [Orabug: 28193043]
- xfs: xfs_cluster_write is redundant (Dave Chinner) [Orabug: 28193043]
- xfs: Introduce writeback context for writepages (Dave Chinner) [Orabug: 28193043]
- xfs: remove xfs_cancel_ioend (Dave Chinner) [Orabug: 28193043]
- xfs: remove nonblocking mode from xfs_vm_writepage (Dave Chinner) [Orabug: 28193043]
- rds: tcp: cancel all worker threads before shutting down socket (Sowmini Varadhan) [Orabug: 28298156]
- rds: signedness bug (Dan Carpenter) [Orabug: 28319166]
-
Thu Jul 05 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.17.1.el7uek]
- block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756]
- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}
- net/rds: Implement ARP flushing correctly (Håkon Bugge) [Orabug: 28219857]
- net/rds: Fix incorrect bigger vs. smaller IP address check (Håkon Bugge) [Orabug: 28236599]
- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391]
- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] {CVE-2017-11600} {CVE-2017-11600}
-
Wed Jun 27 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.16.6.el7uek]
- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] {CVE-2017-7616}
- xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023]
- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) [Orabug: 27718303]
- mlx4_core: allocate ICM memory in page size chunks (Qing Huang) [Orabug: 27718303]
- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}
- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214]
- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]
- net/rds: Fix bug in failover_group parsing (Håkon Bugge) [Orabug: 28198749]
- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240074] {CVE-2018-5803}