Information for patch SUSE-SLE-Module-Basesystem-15-2017-2151: -------------------------------------------------------------- Repository : SLE-Module-Basesystem15-Updates Name : SUSE-SLE-Module-Basesystem-15-2017-2151 Version : 1 Arch : noarch Vendor : maint-coord@suse.de Status : not needed Category : security Severity : important Created On : Wed 27 Dec 2017 10:50:19 AM CET Interactive : reboot Summary : Security update for the Linux Kernel Description : The SUSE Linux Enterprise 15 Kernel has been update to fix bugs and security issues: - powerpc: conditionally compile platform-specific serial drivers (bsc#1065729). - tpm: ibmvtpm: simplify crq initialization and document crq format (bsc#1065729). - autofs: fix careless error in recent commit (bsc#1012382, bsc#1065180) - powerpc/64s: Fix hypercall entry clobbering r12 input (bsc#1055117). - powerpc/64s: Optimize hypercall/syscall entry (bsc#1055117). - KVM: PPC: Book3S HV: Fix migration and HPT resizing of HPT guests on radix hosts (bsc#1061840). - KVM: PPC: Book3S HV: Add infrastructure for running HPT guests on radix host (bsc#1061840). - KVM: PPC: Book3S HV: Unify dirty page map between HPT and radix (bsc#1061840). - KVM: PPC: Book3S HV: Rename hpte_setup_done to mmu_ready (bsc#1061840). - KVM: PPC: Tie KVM_CAP_PPC_HTM to the user-visible TM feature (bsc#1061840). - KVM: PPC: Book3S HV: Don't rely on host's page size information (bsc#1061840). - KVM: PPC: Book3S HV: Explicitly disable HPT operations on radix guests (bsc#1061840). - KVM: PPC: Book3S HV: Fix memory leak in kvm_vm_ioctl_get_htab_fd (bsc#1061840). - KVM: PPC: Book3S HV: Report storage key support to userspace (bsc#1061840). - x86/ACPI/cstate: Allow ACPI C1 FFH MWAIT use on AMD systems (bsc#1069881). - ceph: drop negative child dentries before try pruning inode's alias (bsc#1073525). - fanotify: fix fsnotify_prepare_user_wait() failure (bsc#1052766). - mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' (bsc#1052766). - PM / hibernate: require hibernate snapshot image to be validly signed when kernel is locked down (fate#316350). - PM / hibernate: a option to request that snapshot image must be validly signed (fate#316350). - PM / hibernate: prevent EFI secret key to be regenerated (fate#316350). - PM / hibernate: Generate and verify signature for snapshot image (fate#316350). - PM / hibernate: encrypt hidden area (fate#316350). - efi: allow user to regenerate secret key (fate#316350). - efi: generate secret key in EFI boot environment (fate#316350). - x86/KASLR: public the function for getting random long number (fate#316350). - hibernate: avoid the data in hidden area to be snapshotted (fate#316350). - security: create hidden area to keep sensitive data (fate#316350). - userfaultfd: hugetlbfs: remove superfluous page unlock in VM_SHARED case (bsc#1073113, CVE-2017-15127). - userfaultfd: hugetlbfs: prevent UFFDIO_COPY to fill beyond the end of i_size (bsc#1073112, CVE-2017-15128). - mm, oom_reaper: gather each vma to prevent leaking TLB entry (bsc#1073258). - IB/ipoib: Restore MM behavior in case of tx_ring allocation failure (bsc#1046307, fate#322941). - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#1046543, fate#32292). - RDMA/netlink: Fix general protection fault (bsc#1046306 fate#322942). - IB/mlx4: Fix RSS hash fields restrictions (bsc#1046302 fate#322945). - IB/core: Don't enforce PKey security on SMI MADs (bsc#1046306 fate#322942). - IB/core: Bound check alternate path port number (bsc#1046306 fate#322942). - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1058169 fate#322922). - sched: Only immediately migrate tasks due to interrupts if prev and target CPUs share cache (bsc#1066110). - mm/page_alloc.c: avoid excessive IRQ disabled times in free_unref_page_list() (bsc#971975). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - mm, oom_reaper: fix memory corruption (bsc#1073039). - x86/stacktrace: make clear the success paths (bsc#1058115). - APEI / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (bsc#1066569 CVE-2017-16538). - Enable build of CX2072X codec for Intel Atom SST (bsc#1068546) - Enable Intel CHTDC-TI powerbutton driver (bsc#1068546) - platform/x86: Add support for Dollar Cove TI power button (bsc#1068546). - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072553). - nvme-fc: remove double put reference if admin connect fails (bsc#1072553). - nvme-fc: don't use bit masks for set/test_bit() numbers (bsc#1072553). - nvmet-fc: correct ref counting error when deferred rcv used (bsc#1072553). - nvme-loop: check if queue is ready in queue_rq (bsc#1072553). - nvme-fc: check if queue is ready in queue_rq (bsc#1072553). - nvme-fabrics: introduce init command check for a queue that is not alive (bsc#1072553). - IB/hfi1: Use 4096 for default active MTU in query_qp (bsc#1070622). - IB/CM: Change sgid to IB GID when handling CM request (bsc#1070622). - IB/hfi1: Mask the path bits with the LMC for 16B RC Acks (bsc#1070622). - bnxt_en: Don't print "Link speed -1 no longer supported" messages (bsc#1070116). - lpfc: remove use of FC-specific error codes (bsc#1072553). - nvme-fc: remove use of FC-specific error codes (bsc#1072553). - nvme.h: remove FC transport-specific error values (bsc#1072553). - nvmet-fc: remove use of FC-specific error codes (bsc#1072553). - qla2xxx: remove use of FC-specific error codes (bsc#1072553). - Btrfs: fix reported number of inode blocks after buffered append writes (bsc#1061589). - Btrfs: move definition of the function btrfs_find_new_delalloc_bytes (bsc#1061589). - USB: core: prevent malicious bNumInterfaces overflow (bsc#1072561 CVE-2017-17558). - block: fix a crash caused by wrong API (bsc#1072355). - qxl: alloc & use shadow for dumb buffers (bsc#1072190). - drm/qxl: replace QXL_INFO with DRM_DEBUG_DRIVER (bsc#1072190). - Btrfs: change how we iterate bios in endio (bsc#1071219). - powerpc/powernv/npu: Move tlb flush before launching ATSD (bsc#1055120). - sched/fair: Update and fix the runnable propagation rule (bsc#1066110). - NFSv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - x86/microcode/AMD: Add support for fam17h microcode loading - acpi, nfit: validate commands against the device type (fate#324505). - acpi: always include uuid.h (fate#324505). - netfilter: xt_osf: Add missing permission checks (CVE-2017-17450 bsc#1071695). - netlink: Add netns check on taps (CVE-2017-17449 bsc#1071694). - netfilter: nfnetlink_cthelper: Add missing permission checks (CVE-2017-17448 bsc#1071693). - scsi: bfa: fix type conversion warning (bsc#1065101). - scsi: bfa: fix access to bfad_im_port_s (bsc#1065101). - acpi, nfit: add 'Enable Latch System Shutdown Status' command support (fate#324505). - acpi, nfit: add support for NVDIMM_FAMILY_INTEL v1.6 DSMs (fate#324505). - acpi, nfit: add support for the _LSI, _LSR, and _LSW label methods (fate#324505). - sctp: do not peel off an assoc from one netns to another one (CVE-2017-15115 bsc#1068671). - net_sched: red: Avoid devision by zero (bsc#1056787). - i40iw: Notify user of established connection after QP in RTS (bsc#1058659 fate#322535). - i40iw: Move MPA request event for loopback after connect (bsc#1058659 fate#322535). - i40iw: Correct ARP index mask (bsc#1058659 fate#322535). - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1058659 fate#322535). - i40iw: Allocate a sdbuf per CQP WQE (bsc#1058659 fate#322535). - s390/qeth: build max size GSO skbs on L2 devices (bsc#1061024 fate#323301). - s390/qeth: fix GSO throughput regression (bsc#1061024 fate#323301). - s390/qeth: fix thinko in IPv4 multicast address tracking (bsc#1061024 fate#323301). - IB/mlx5: Fix RoCE Address Path fields (bsc#1046305 fate#322943). - IB/srpt: Do not accept invalid initiator port names (bsc#1046306 fate#322942). - acpi, nfit: hide unknown commands from nmemX/commands (fate#324505). - acpi nfit: nfit_test supports translate SPA (fate#324505). - acpi nfit: Enable to show what feature is supported via ND_CMD_CALL for nfit_test (fate#324505). - acpi, nfit: Show bus_dsm_mask in sysfs (fate#324505). - libnvdimm, acpi, nfit: Add bus level dsm mask for pass thru (fate#324505). - acpi, nfit: Enable DSM pass thru for root functions (fate#324505). - dccp: CVE-2017-8824: use-after-free in DCCP code (CVE-2017-8824 bsc#1070771). - thermal: int340x_thermal: fix compile after the UUID API switch (fate#324505). - thermal: int340x_thermal: Switch to use new generic UUID API (fate#324505). - ACPI: Switch to use generic guid_t in acpi_evaluate_dsm() (fate#324505). - drm: hibmc: Initialize the hibmc_bo_driver.io_mem_pfn (bsc#1067977). - drm: hibmc: Use set_busid function from drm core (bsc#1067977). - vgaarb: Factor out EFI and fallback default device selection (bsc#1067977). - vgaarb: Select a default VGA device even if there's no legacy VGA (bsc#1067977). - ACPI / bus: Switch to use new generic UUID API (fate#324505). - blacklist.conf: Add drm inapplicable commits (bsc#1051510) - drm/i915/cnl: Mask previous DDI - PLL mapping (bsc#1051510). - ACPI / extlog: Switch to use new generic UUID API (fate#324505). - powerpc: Force reload for recheckpoint during tm {fp, vec, vsx} unavailable exception (bsc#1065729). - powerpc: Don't enable FP/Altivec if not checkpointed (bsc#1065729). - powerpc: Fix missing newline before { (bsc#1065729). - cxl: Rename register PSL9_FIR2 to PSL9_FIR_MASK (bsc#1055014). - cxl: Enable global TLBIs for cxl contexts (bsc#1055014). - powerpc/mm: Export flush_all_mm() (bsc#1055014). - powerpc/mm: Make switch_mm_irqs_off() out of line (bsc#1055014). - powerpc: Remove old unused icswx based coprocessor support (bsc#1055014). - powerpc/mm: Optimize detection of thread local mm's (bsc#1055014). - powerpc/mm: Move pgdir setting into a helper (bsc#1055014). - locking/x86: Use LOCK ADD for smp_mb() instead of MFENCE (bsc#1072172). - supported.conf: Add missing supported modules (bsc#1072163) - acpi, nfit: Switch to use new generic UUID API (fate#324505). - net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts (bsc#1069583). - nfp: fix port stats for mac representors (bsc#1055968). - IB/core: Only enforce security for InfiniBand (bsc#1070482). - IB: INFINIBAND should depend on HAS_DMA (bsc#1046306 fate#322942). - IB/hfi1: Initialize bth1 in 16B rc ack builder (bsc#1060463 fate#323043). - bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (bsc#1050242 fate#322914). - bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (bsc#1050242 fate#322914). - IB/core: Avoid unnecessary return value check (bsc#1070482). - scsi: lpfc: Fix a precedence bug in lpfc_nvme_io_cmd_wqe_cmpl()(bsc#1050239,fate#322918). - scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair() (fate#322910). - livepatch: __klp_disable_patch() should never be called for disabled patches (bsc#1071995 fate#323487). - livepatch: Correctly call klp_post_unpatch_callback() in error paths (bsc#1071995 fate#323487). - livepatch: add transition notices (bsc#1071995 fate#323487). - livepatch: move transition "complete" notice into klp_complete_transition() (bsc#1071995 fate#323487). - livepatch: add (un)patch callbacks (bsc#1071995 fate#323487). - Remove buggy IPMI patch (bsc#1071877) - livepatch: Small shadow variable documentation fixes (bsc#1071995 fate#323487). - livepatch: __klp_shadow_get_or_alloc() is local to shadow.c (bsc#1071995 fate#323487). - livepatch: introduce shadow variable API (bsc#1071995 fate#323487). - livepatch: unpatch all klp_objects if klp_module_coming fails (bsc#1071995 fate#323487). - Add undefine _unique_build_ids (bsc#964063) - scsi: libsas: align sata_device's rps_resp on a cacheline (bsc#1071401). - scsi: hisi_sas: add v3 hw port AXI error handling (bsc#1071401). - scsi: hisi_sas: add v3 hw support for AXI fatal error (bsc#1071401). - scsi: hisi_sas: complete all tasklets prior to host reset (bsc#1071401). - scsi: hisi_sas: fix a bug when free device for v3 hw (bsc#1071401). - scsi: hisi_sas: add hisi_hba.rst_work init for v3 hw (bsc#1071401). - scsi: hisi_sas: add v3 hw DFX feature (bsc#1071401). - scsi: hisi_sas: init connect cfg register for v3 hw (bsc#1071401). - scsi: hisi_sas: check PHY state in get_wideport_bitmap_v3_hw() (bsc#1071401). - scsi: hisi_sas: use array for v2 hw AXI errors (bsc#1071401). - scsi: hisi_sas: fix the risk of freeing slot twice (bsc#1071401). - scsi: hisi_sas: fix NULL check in SMP abort task path (bsc#1071401). - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET (bsc#1071401). - scsi: hisi_sas: fix SATA breakpoint memory size (bsc#1071401). - scsi: hisi_sas: grab hisi_hba.lock when processing slots (bsc#1071401). - scsi: hisi_sas: use spin_lock_irqsave() for hisi_hba.lock (bsc#1071401). - scsi: hisi_sas: delete get_ncq_tag_v3_hw() (bsc#1071401). - scsi: libsas: remove unused variable sas_ha (bsc#1071401). - scsi: libsas: add event to defer list tail instead of head when draining (bsc#1071401). - scsi: libsas: rename notify_port_event() for consistency (bsc#1071401). - scsi: libsas: remove unused port_gone_completion and DISCE_PORT_GONE (bsc#1071401). - scsi: libsas: remove the numbering for each event enum (bsc#1071401). - scsi: libsas: kill useless ha_event and do some cleanup (bsc#1071401). - scsi: libsas: Annotate fall-through in a switch statement (bsc#1071401). - scsi: libsas: Remove a set-but-not-used variable (bsc#1071401). - scsi: hisi_sas: replace kfree with scsi_host_put (bsc#1071401). - scsi: hisi_sas: remove phy_down_v3_hw() res variable (bsc#1071401). - scsi: hisi_sas: add phy_set_linkrate_v3_hw() (bsc#1071401). - scsi: hisi_sas: update some v3 register init settings (bsc#1071401). - scsi: hisi_sas: add reset handler for v3 hw (bsc#1071401). - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw (bsc#1071401). - scsi: hisi_sas: fix v3 hw channel interrupt processing (bsc#1071401). - scsi: hisi_sas: Modify v3 hw STP_LINK_TIMER setting (bsc#1071401). - cpufreq, intel_pstate: Ramp up frequency faster when utilisation reaches setpoint (bsc#1068680) - cpufreq: intel_pstate: Improve IO performance with per-core P-states (bsc#1068680). - cpufreq: intel_pstate: Use load-based policy by default but allow PID to be used (bsc#1068680) - sched/fair: Update calc_group_*() comments (bsc#1066110) - sched/fair: Calculate runnable_weight slightly differently (bsc#1066110) - sched/fair: Implement more accurate async detach (bsc#1066110) - sched/fair: Align PELT windows between cfs_rq and its se (bsc#1066110). - sched/fair: Implement synchonous PELT detach on load-balance migrate (bsc#1066110). - sched/fair: Propagate an effective runnable_load_avg (bsc#1066110). - sched/pelt: Fix false running accounting (bsc#1066110). - sched/fair: Rewrite PELT migration propagation (bsc#1066110). - sched/fair: Rewrite cfs_rq->removed_*avg (bsc#1066110 Scheduler utilisation tracking). - sched/fair: Use reweight_entity() for set_user_nice() (bsc#1066110). - sched/fair: More accurate reweight_entity() (bsc#1066110). - sched/fair: Introduce {en,de}queue_load_avg() (bsc#1066110). - sched/fair: Rename {en,de}queue_entity_load_avg() (bsc#1066110). - sched/fair: Move enqueue migrate handling (bsc#1066110). - sched/fair: Change update_load_avg() arguments (bsc#1066110). - sched/fair: Remove se->load.weight from se->avg.load_sum (bsc#1066110). - sched/fair: Cure calc_cfs_shares() vs. reweight_entity() (bsc#1066110). - sched/fair: Add comment to calc_cfs_shares() (bsc#1066110). - sched/fair: Clean up calc_cfs_shares() (bsc#1066110). - sched/fair: Drop always true parameter of update_cfs_rq_load_avg() (bsc#1066110). - sched/fair: Avoid checking cfs_rq->nr_running twice (bsc#1066110). - sched/fair: Pass 'rq' to weighted_cpuload() (bsc#1066110). - sched/core: Reuse put_prev_task() (bsc#1066110). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bsc#1066110). - sched/fair: Fix O(nr_cgroups) in load balance path (bsc#1066110). - sched/fair: Call cpufreq update util handlers less frequently on UP (bsc#1066110). - fs/proc: Report eip/esp in /prod/PID/stat for coredumping (bsc#1050549). - locking/x86: Use LOCK ADD for smp_mb() instead of MFENCE (bsc#1050549). - ASoC: intel: Add headset jack support to cht-cx2072x (bsc#1068546). - ASoC: Intel: add support for CX2072x machine driver (bsc#1068546). - ASoC: Intel: Add machine driver for Cherrytrail-CX2072X (bsc#1068546). - ASoC: add support for Conexant CX2072X CODEC (bsc#1068546). - ASoC: cx2072x: Add DT bingings documentation for CX2072X CODEC (bsc#1068546). Provides : patch:SUSE-SLE-Module-Basesystem-15-2017-2151 = 1 Conflicts : [6] kernel-default.nosrc < 4.12.14-8.3.12 kernel-default.x86_64 < 4.12.14-8.3.12 kernel-default-devel.x86_64 < 4.12.14-8.3.12 kernel-devel.noarch < 4.12.14-8.3.12 kernel-macros.noarch < 4.12.14-8.3.12 kernel-source.src < 4.12.14-8.3.12