SUSE-SU-2018:1816-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 26 10:08:03 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1816-1
Rating:             important
References:         #1009062 #1012382 #1019695 #1019699 #1022604 
                    #1022607 #1022743 #1024718 #1031717 #1035432 
                    #1036215 #1041740 #1043598 #1044596 #1045330 
                    #1056415 #1056427 #1060799 #1066223 #1068032 
                    #1068054 #1068951 #1070404 #1073059 #1073311 
                    #1075087 #1075428 #1076049 #1076263 #1076805 
                    #1078583 #1079152 #1080157 #1080542 #1080656 
                    #1081500 #1081514 #1081599 #1082153 #1082299 
                    #1082485 #1082504 #1082962 #1082979 #1083635 
                    #1083650 #1083900 #1084721 #1085185 #1085308 
                    #1086400 #1086716 #1087007 #1087012 #1087036 
                    #1087082 #1087086 #1087095 #1088810 #1088871 
                    #1089023 #1089115 #1089393 #1089895 #1090225 
                    #1090435 #1090534 #1090643 #1090658 #1090663 
                    #1090708 #1090718 #1090734 #1090953 #1090955 
                    #1091041 #1091325 #1091594 #1091728 #1091960 
                    #1092289 #1092497 #1092552 #1092566 #1092772 
                    #1092813 #1092888 #1092904 #1092975 #1093008 
                    #1093035 #1093144 #1093215 #1093533 #1093904 
                    #1093990 #1094019 #1094033 #1094059 #1094177 
                    #1094268 #1094353 #1094356 #1094405 #1094466 
                    #1094532 #1094823 #1094840 #1095042 #1095147 
                    #1096037 #1096140 #1096214 #1096242 #1096281 
                    #1096751 #1096982 #1097234 #1097356 #1098009 
                    #1098012 #919144 #971975 #973378 #978907 
                    #993388 
Cross-References:   CVE-2017-13305 CVE-2017-17741 CVE-2017-18241
                    CVE-2017-18249 CVE-2018-1000199 CVE-2018-1065
                    CVE-2018-1092 CVE-2018-1093 CVE-2018-1094
                    CVE-2018-1130 CVE-2018-12233 CVE-2018-3639
                    CVE-2018-3665 CVE-2018-5803 CVE-2018-5848
                    CVE-2018-7492 CVE-2018-8781
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP3
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 109 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.138 to
   receive various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-12233: A memory corruption bug in JFS could have been triggered
     by calling setxattr twice with two different extended attribute names on
     the same file. This vulnerability could be triggered by an unprivileged
     user with the ability to create files and execute programs (bsc#1097234)
   - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
     AVX registers) between processes. These registers might contain
     encryption keys when doing SSE accelerated AES enc/decryption
     (bsc#1087086)
   - CVE-2018-5848: In the function wmi_set_ie(), the length validation code
     did not handle unsigned integer overflow properly. As a result, a large
     value of the 'ie_len' argument could have caused a buffer overflow
     (bnc#1097356)
   - CVE-2017-18249: The add_free_nid function did not properly track an
     allocated nid, which allowed local users to cause a denial of service
     (race condition) or possibly have unspecified other impact via
     concurrent threads (bnc#1087036)
   - CVE-2017-18241: Prevent a NULL pointer dereference by using a
     noflush_merge
     option that triggers a NULL value for a flush_cmd_control data structure
      (bnc#1086400)
   - CVE-2017-17741: The KVM implementation in the Linux kernel allowed
     attackers to obtain potentially sensitive information from kernel
     memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311)
   - CVE-2018-3639: Systems with microprocessors utilizing speculative
     execution and speculative execution of memory reads the addresses of all
     prior memory writes are known may have allowed unauthorized disclosure
     of information to an attacker with local user access via a side-channel
     analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082).
   - CVE-2018-8781: The udl_fb_mmap function had an integer-overflow
     vulnerability allowing local users with access to the udldrmfb driver to
     obtain full read and write permissions on kernel physical pages,
     resulting in a code execution in kernel space (bsc#1090643).
   - CVE-2017-13305: Prevent information disclosure vulnerability in
     encrypted-keys (bsc#1094353)
   - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to
     cause a denial of service (out-of-bounds read and system crash) via a
     crafted ext4 image because balloc.c and ialloc.c do not validate bitmap
     block numbers (bsc#1087095)
   - CVE-2018-1094: The ext4_fill_super function did not always initialize
     the crc32c checksum driver, which allowed attackers to cause a denial of
     service (ext4_xattr_inode_hash NULL pointer dereference and system
     crash) via a crafted ext4 image (bsc#1087007)
   - CVE-2018-1092: The ext4_iget function mishandled the case of a root
     directory with a zero i_links_count, which allowed attackers to cause a
     denial of service (ext4_process_freed_data NULL pointer dereference and
     OOPS) via a crafted ext4 image (bsc#1087012)
   - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function
     that allowed a local user to cause a denial of service by a number of
     certain crafted system calls (bsc#1092904)
   - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when
     handling SCTP packets length that could have been exploited to cause a
     kernel crash (bnc#1083900)
   - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule
     blob that contains a jump but lacks a user-defined chain, which allowed
     local users to cause a denial of service (NULL pointer dereference) by
     leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650)
   - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c
     __rds_rdma_map() function that allowed local attackers to cause a system
     panic and a denial-of-service, related to RDS_GET_MR and
     RDS_GET_MR_FOR_DEST (bsc#1082962)
   - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint()
     that could have caused a crash and possibly memory corruption
     (bsc#1089895)

   The following non-security bugs were fixed:

   - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
     (bnc#1012382).
   - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
     (bnc#1012382).
   - ACPI / scan: Send change uevent with offine environmental data
     (bsc#1082485).
   - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
     (bnc#1012382).
   - ACPI: acpi_pad: Fix memory leak in power saving threads (bnc#1012382).
   - ACPI: processor_perflib: Do not send _PPC change notification if not
     ready (bnc#1012382).
   - ACPICA: Events: add a return on failure from acpi_hw_register_read
     (bnc#1012382).
   - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
     (bnc#1012382).
   - ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).
   - ALSA: aloop: Mark paused device as inactive (bnc#1012382).
   - ALSA: asihpi: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: control: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: control: fix a redundant-copy issue (bnc#1012382).
   - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382).
   - ALSA: hda - New VIA controller suppor no-snoop path (bnc#1012382).
   - ALSA: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382
     bsc#1031717).
   - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).
   - ALSA: hda/realtek - Add some fixes for ALC233 (bnc#1012382).
   - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
     (bnc#1012382).
   - ALSA: hda: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: hdspm: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: line6: Use correct endpoint type for midi output (bnc#1012382).
   - ALSA: opl3: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382).
   - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
     (bnc#1012382).
   - ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).
   - ALSA: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382).
   - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
     (bnc#1012382).
   - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382).
   - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
     (bnc#1012382).
   - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
     (bnc#1012382).
   - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
     (bnc#1012382).
   - ALSA: rme9652: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
     (bnc#1012382).
   - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
     (bnc#1012382).
   - ALSA: seq: oss: Hardening for potential Spectre v1 (bnc#1012382).
   - ALSA: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378).
   - ALSA: timer: Fix pause event notification (bnc#1012382 bsc#973378).
   - ALSA: timer: Fix pause event notification (bsc#973378).
   - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).
   - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382).
   - ALSA: vmaster: Propagate slave error (bnc#1012382).
   - ARC: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382).
   - ARM: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382).
   - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
     (bnc#1012382).
   - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
     (bnc#1012382).
   - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382).
   - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
     (bnc#1012382).
   - ARM: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382).
   - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
     (bnc#1012382).
   - ARM: OMAP3: Fix prm wake interrupt for resume (bnc#1012382).
   - ARM: OMAP: Fix dmtimer init for omap1 (bnc#1012382).
   - ARM: amba: Do not read past the end of sysfs "driver_override" buffer
     (bnc#1012382).
   - ARM: amba: Fix race condition with driver_override (bnc#1012382).
   - ARM: amba: Make driver_override output consistent with other buses
     (bnc#1012382).
   - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382).
   - ARM: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382).
   - ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382).
   - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382
     bsc#1031717).
   - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
     (bnc#1012382).
   - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
     (bnc#1012382).
   - ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382).
   - ASoC: topology: create TLV data for dapm widgets (bnc#1012382).
   - Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504,
     bsc#1095147).
   - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
     (bnc#1012382).
   - Bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382).
   - Btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382).
   - Btrfs: Fix possible softlock on single core machines (bnc#1012382).
   - Btrfs: Fix wrong first_key parameter in replace_path (Followup fix for
     bsc#1084721).
   - Btrfs: bail out on error during replay_dir_deletes (bnc#1012382).
   - Btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382).
   - Btrfs: fix copy_items() return value when logging an inode (bnc#1012382).
   - Btrfs: fix crash when trying to resume balance without the resume flag
     (bnc#1012382).
   - Btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382).
   - Btrfs: fix reading stale metadata blocks after degraded raid1 mounts
     (bnc#1012382).
   - Btrfs: fix scrub to repair raid6 corruption (bnc#1012382).
   - Btrfs: fix xattr loss after power failure (bnc#1012382).
   - Btrfs: send, fix issuing write op when processing hole in no data mode
     (bnc#1012382).
   - Btrfs: set plug for fsync (bnc#1012382).
   - Btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382).
   - Clarify (and fix) MAX_LFS_FILESIZE macros (bnc#1012382).
   - Correct the prefix in references tag in previous patches (bsc#1041740).
   - Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382).
   - ENABLE_IBRS clobbers %rax which it shouldn't do
   - Enable uinput driver (bsc#1092566).
   - Fix excessive newline in /proc/*/status (bsc#1094823).
   - Fixes typo for (watchdog: hpwdt: Update nmi_panic message) (bsc#1085185).
   - Force log to disk before reading the AGF during a fstrim (bnc#1012382).
   - HID: Fix hid_report_len usage (bnc#1012382).
   - HID: core: Fix size as type u32 (bnc#1012382).
   - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
     (bnc#1012382).
   - HID: i2c-hid: fix size check and type usage (bnc#1012382).
   - HID: roccat: prevent an out of bounds read in
     kovaplus_profile_activated() (bnc#1012382).
   - IB/ipoib: Fix for potential no-carrier state (bnc#1012382).
   - IB/mlx5: Use unlimited rate when static rate is not supported
     (bnc#1012382).
   - IB/srp: Fix completion vector assignment algorithm (bnc#1012382).
   - IB/srp: Fix srp_abort() (bnc#1012382).
   - Input: ALPS - fix TrackStick support for SS5 hardware (git-fixes).
   - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes).
   - Input: ALPS - fix trackstick button handling on V8 devices (git-fixes).
   - Input: ALPS - fix two-finger scroll breakage in right side on ALPS
     touchpad (git-fixes).
   - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook
     Pro (bnc#1012382).
   - Input: drv260x - fix initializing overdrive voltage (bnc#1012382).
   - Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bnc#1012382).
   - Input: elan_i2c_smbus - fix corrupted stack (bnc#1012382).
   - Input: goodix - add new ACPI id for GPD Win 2 touch screen (bnc#1012382).
   - Input: leds - fix out of bound access (bnc#1012382).
   - KEYS: DNS: limit the length of option strings (bnc#1012382).
   - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
     (bnc#1012382).
   - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory
     backing (bnc#1012382).
   - KVM: VMX: raise internal error for exception during invalid protected
     mode state (bnc#1012382).
   - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in
     use (bnc#1012382).
   - KVM: s390: Enable all facility bits that are known good for passthrough
     (bnc#1012382 bsc#1073059 bsc#1076805).
   - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
     (bsc#1096242, bsc#1096281).
   - KVM: x86: introduce linear_{read,write}_system (bnc#1012382).
   - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
     kvm_write_guest_virt_system (bnc#1012382).
   - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382).
   - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32
     FGRs (bnc#1012382).
   - MIPS: Octeon: Fix logging messages with spurious periods after newlines
     (bnc#1012382).
   - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS (bnc#1012382).
   - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset (bnc#1012382).
   - MIPS: memset.S: EVA and fault support for small_memset (bnc#1012382).
   - MIPS: memset.S: Fix clobber of v1 in last_fixup (bnc#1012382).
   - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
     (bnc#1012382).
   - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
     (bnc#1012382).
   - MIPS: ptrace: Expose FIR register through FP regset (bnc#1012382).
   - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs (bnc#1012382).
   - MIPS: uaccess: Add micromips clobbers to bzero invocation (bnc#1012382).
   - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).
   - NFC: llcp: Limit size of SDP URI (bnc#1012382).
   - NFSv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382
     bsc#1068951).
   - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382).
   - PCI: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382).
   - PCI: Restore config space on runtime resume despite being unbound
     (bnc#1012382).
   - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg()
     (bnc#1094268).
   - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
     (bnc#1012382).
   - RDMA/mlx5: Protect from shift operand overflow (bnc#1012382).
   - RDMA/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1022604).
   - RDMA/ucma: Allow resolving address w/o specifying source address
     (bnc#1012382).
   - RDMA/ucma: Correct option size check using optlen (bnc#1012382).
   - RDMA/ucma: Do not allow setting RDMA_OPTION_IB_PATH without an RDMA
     device (bnc#1012382).
   - RDS: IB: Fix null pointer issue (bnc#1012382).
   - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
     (bnc#1012382).
   - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
     (bnc#1012382).
   - Revert "KVM: Fix stack-out-of-bounds read in write_mmio" (bnc#1083635).
   - Revert "ath10k: rebuild crypto header in rx data frames" (kabi).
   - Revert "ath10k: send (re)assoc peer command when NSS changed"
     (bnc#1012382).
   - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit
     e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
   - Revert "ima: limit file hash setting by user to fix and log modes"
     (bnc#1012382).
   - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bnc#1012382).
   - Revert "perf tests: Decompress kernel module before objdump"
     (bnc#1012382).
   - Revert "vti4: Do not override MTU passed on link creation via IFLA_MTU"
     (bnc#1012382).
   - Revert "watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185)." This
     reverts commit 3e75a004de79c213a2c919144da3d413922661db.
   - Revert "x86/fpu: Hard-disable lazy FPU mode" (compatibility).
   - USB: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382
     bsc#1092888).
   - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).
   - USB: Increment wakeup count on remote wakeup (bnc#1012382).
   - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
     (bnc#1012382).
   - USB: serial: cp210x: add ID for NI USB serial console (bnc#1012382).
   - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
     (bnc#1012382).
   - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
     (bnc#1012382).
   - USB: serial: option: Add support for Quectel EP06 (bnc#1012382).
   - USB: serial: option: adding support for ublox R410M (bnc#1012382).
   - USB: serial: option: reimplement interface masking (bnc#1012382).
   - USB: serial: simple: add libtransistor console (bnc#1012382).
   - USB: serial: visor: handle potential invalid device configuration
     (bnc#1012382).
   - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
     (bnc#1012382).
   - Update config files, add expoline for s390x (bsc#1089393).
   - af_key: Always verify length of provided sadb_key (bnc#1012382).
   - affs_lookup(): close a race with affs_remove_link() (bnc#1012382).
   - aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382).
   - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308).
   - arm64: Add 'ssbd' command-line option (bsc#1085308).
   - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308).
   - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
     (bsc#1085308).
   - arm64: Add this_cpu_ptr() assembler macro for use in entry.S
     (bsc#1085308).
   - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382).
   - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
     (bsc#1085308).
   - arm64: alternatives: Add dynamic patching feature (bsc#1085308).
   - arm64: assembler: introduce ldr_this_cpu (bsc#1085308).
   - arm64: do not call C code with el0's fp register (bsc#1085308).
   - arm64: fix endianness annotation for
     __apply_alternatives()/get_alt_insn() (bsc#1085308).
   - arm64: introduce mov_q macro to move a constant into a 64-bit register
     (bnc#1012382 bsc#1068032).
   - arm64: lse: Add early clobbers to some input/output asm operands
     (bnc#1012382).
   - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
     (bnc#1012382).
   - arm64: ssbd: Add global mitigation state accessor (bsc#1085308).
   - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308).
   - arm64: ssbd: Introduce thread flag to control userspace mitigation
     (bsc#1085308).
   - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308).
   - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
     (bsc#1085308).
   - arm: dts: socfpga: fix GIC PPI warning (bnc#1012382).
   - asm-generic: provide generic_pmdp_establish() (bnc#1012382).
   - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
     (bnc#1012382).
   - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
     (bnc#1012382).
   - ath10k: rebuild crypto header in rx data frames (bnc#1012382).
   - ath9k_hw: check if the chip failed to wake up (bnc#1012382).
   - atm: zatm: Fix potential Spectre v1 (bnc#1012382).
   - audit: move calcs after alloc and check when logging set loginuid
     (bnc#1012382).
   - audit: return on memory error to avoid null pointer dereference
     (bnc#1012382).
   - autofs: change autofs4_expire_wait()/do_expire_wait() to take struct
     path (bsc#1086716).
   - autofs: change autofs4_wait() to take struct path (bsc#1086716).
   - autofs: mount point create should honour passed in mode (bnc#1012382).
   - autofs: use path_has_submounts() to fix unreliable have_submount()
     checks (bsc#1086716).
   - autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks
     (bsc#1086716).
   - batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382).
   - batman-adv: fix multicast-via-unicast transmission with AP isolation
     (bnc#1012382).
   - batman-adv: fix packet checksum in receive path (bnc#1012382).
   - batman-adv: fix packet loss for broadcasted DHCP packets to a server
     (bnc#1012382).
   - batman-adv: invalidate checksum on fragment reassembly (bnc#1012382).
   - bcache: fix for allocator and register thread race (bnc#1012382).
   - bcache: fix for data collapse after re-attaching an attached device
     (bnc#1012382).
   - bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382).
   - bcache: properly set task state in bch_writeback_thread() (bnc#1012382).
   - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
     (bnc#1012382).
   - bcache: return attach error when no cache set exist (bnc#1012382).
   - bdi: Fix oops in wb_workfn() (bnc#1012382).
   - blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718)
   - block/loop: fix deadlock after loop_set_status (bnc#1012382).
   - block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435).
   - block: sanity check for integrity intervals (bsc#1091728).
   - bnx2x: use the right constant (bnc#1012382).
   - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382).
   - bonding: do not allow rlb updates to invalid mac (bnc#1012382).
   - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
     bond_enslave (bnc#1012382).
   - bpf: fix selftests/bpf test_kmod.sh failure when
     CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382).
   - bpf: map_get_next_key to return first key on NULL (bnc#1012382).
   - brcmfmac: Fix check for ISO3166 code (bnc#1012382).
   - bridge: check iface upper dev when setting master via ioctl
     (bnc#1012382).
   - can: kvaser_usb: Increase correct stats counter in
     kvaser_usb_rx_can_msg() (bnc#1012382).
   - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
     (bnc#1012382).
   - cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382).
   - cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382).
   - ceph: adding protection for showing cap reservation info (bsc#1089115).
   - ceph: always update atime/mtime/ctime for new inode (bsc#1089115).
   - ceph: check if mds create snaprealm when setting quota (bsc#1089115).
   - ceph: delete unreachable code in ceph_check_caps() (bsc#1096214).
   - ceph: do not check quota for snap inode (bsc#1089115).
   - ceph: fix invalid point dereference for error case in mdsc destroy
     (bsc#1089115).
   - ceph: fix race of queuing delayed caps (bsc#1096214).
   - ceph: fix root quota realm check (bsc#1089115).
   - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115).
   - ceph: fix st_nlink stat for directories (bsc#1093904).
   - ceph: quota: add counter for snaprealms with quota (bsc#1089115).
   - ceph: quota: add initial infrastructure to support cephfs quotas
     (bsc#1089115).
   - ceph: quota: cache inode pointer in ceph_snap_realm (bsc#1089115).
   - ceph: quota: do not allow cross-quota renames (bsc#1089115).
   - ceph: quota: report root dir quota usage in statfs (bsc#1089115).
   - ceph: quota: support for ceph.quota.max_bytes (bsc#1089115).
   - ceph: quota: support for ceph.quota.max_files (bsc#1089115).
   - ceph: quota: update MDS when max_bytes is approaching (bsc#1089115).
   - cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes).
   - cfg80211: further limit wiphy names to 64 bytes (git-fixes).
   - cfg80211: limit wiphy names to 128 bytes (bnc#1012382).
   - cifs: Use file_dentry() (bsc#1093008).
   - cifs: do not allow creating sockets except with SMB1 posix exensions
     (bnc#1012382).
   - cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382
     bsc#1090734).
   - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734).
   - clk: Do not show the incorrect clock phase (bnc#1012382).
   - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
     (bnc#1012382).
   - clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382).
   - clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382).
   - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
     (bnc#1012382).
   - clk: samsung: exynos3250: Fix PLL rates (bnc#1012382).
   - clk: samsung: exynos5250: Fix PLL rates (bnc#1012382).
   - clk: samsung: exynos5260: Fix PLL rates (bnc#1012382).
   - clk: samsung: exynos5433: Fix PLL rates (bnc#1012382).
   - clk: samsung: s3c2410: Fix PLL rates (bnc#1012382).
   - clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace
     is enabled (bsc#1090225).
   - clocksource/drivers/fsl_ftm_timer: Fix error return checking
     (bnc#1012382).
   - config: arm64: enable Spectre-v4 per-thread mitigation
   - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382).
   - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
     (bnc#1012382).
   - cpufreq: intel_pstate: Enable HWP by default (bnc#1012382).
   - cpuidle: coupled: remove unused define cpuidle_coupled_lock
     (bnc#1012382).
   - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).
   - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382).
   - crypto: vmx - Remove overly verbose printk from AES init routines
     (bnc#1012382).
   - cxgb4: Setup FW queues before registering netdev (bsc#1022743).
   - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect()
     (bnc#1012382).
   - dccp: fix tasklet usage (bnc#1012382).
   - dccp: initialize ireq->ir_mark (bnc#1012382).
   - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594).
   - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542).
   - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542).
   - dm thin: fix documentation relative to low water mark threshold
     (bnc#1012382).
   - dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382).
   - dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382).
   - dmaengine: pl330: fix a race condition in case of threaded irqs
     (bnc#1012382).
   - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382).
   - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
     (bnc#1012382).
   - do d_instantiate/unlock_new_inode combinations safely (bnc#1012382).
   - dp83640: Ensure against premature access to PHY registers after reset
     (bnc#1012382).
   - drm/exynos: fix comparison to bitshift when dealing with a mask
     (bnc#1012382).
   - drm/i915: Disable LVDS on Radiant P845 (bnc#1012382).
   - drm/radeon: Fix PCIe lane width calculation (bnc#1012382).
   - drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382).
   - drm/virtio: fix vq wait_event condition (bnc#1012382).
   - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).
   - drm: set FMODE_UNSIGNED_OFFSET for drm files (bnc#1012382).
   - e1000e: Fix check_for_link return value with autoneg off (bnc#1012382
     bsc#1075428).
   - e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382).
   - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
     definition for mixed mode (bnc#1012382).
   - enic: enable rq before updating rq descriptors (bnc#1012382).
   - enic: set DMA mask to 47 bit (bnc#1012382).
   - ext2: fix a block leak (bnc#1012382).
   - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).
   - ext4: add validity checks for bitmap block numbers (bnc#1012382).
   - ext4: bugfix for mmaped pages in mpage_release_unused_pages()
     (bnc#1012382).
   - ext4: do not allow r/w mounts if metadata blocks overlap the superblock
     (bnc#1012382).
   - ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
   - ext4: fail ext4_iget for root directory if unallocated (bnc#1012382).
   - ext4: fix bitmap position validation (bnc#1012382).
   - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
     (bnc#1012382).
   - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382).
   - ext4: set h_journal if there is a failure starting a reserved handle
     (bnc#1012382).
   - fanotify: fix logic of events on child (bnc#1012382).
   - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
     sbusfb_ioctl_helper() (bnc#1012382).
   - firewire-ohci: work around oversized DMA reads on JMicron controllers
     (bnc#1012382).
   - firmware: dmi: handle missing DMI data gracefully (bsc#1096037).
   - firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382).
   - fix io_destroy()/aio_complete() race (bnc#1012382).
   - fs/proc/proc_sysctl.c: fix potential page fault while unregistering
     sysctl table (bnc#1012382).
   - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382).
   - fscache: Fix hanging wait on page discarded by writeback (bnc#1012382).
   - futex: Remove duplicated code and fix undefined behaviour (bnc#1012382).
   - futex: Remove unnecessary warning from get_futex_key (bnc#1012382).
   - futex: futex_wake_op, do not fail on invalid op (git-fixes).
   - futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382).
   - getname_kernel() needs to make sure that ->name != ->iname in long case
     (bnc#1012382).
   - gfs2: Fix fallocate chunk size (bnc#1012382).
   - gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382).
   - gpio: No NULL owner (bnc#1012382).
   - gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382).
   - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).
   - hfsplus: stop workqueue when fill_super() failed (bnc#1012382).
   - hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382).
   - hwmon: (pmbus/adm1275) Accept negative page register values
     (bnc#1012382).
   - hwmon: (pmbus/max8688) Accept negative page register values
     (bnc#1012382).
   - hwrng: stm32 - add reset during probe (bnc#1012382).
   - hwtracing: stm: fix build error on some arches (bnc#1012382).
   - hypfs_kill_super(): deal with failed allocations (bnc#1012382).
   - i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382).
   - i2c: rcar: check master irqs before slave irqs (bnc#1012382).
   - i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382).
   - i2c: rcar: init new messages in irq (bnc#1012382).
   - i2c: rcar: make sure clocks are on when doing clock calculation
     (bnc#1012382).
   - i2c: rcar: refactor setup of a msg (bnc#1012382).
   - i2c: rcar: remove spinlock (bnc#1012382).
   - i2c: rcar: remove unused IOERROR state (bnc#1012382).
   - i2c: rcar: revoke START request early (bnc#1012382).
   - i2c: rcar: rework hw init (bnc#1012382).
   - ibmvnic: Check CRQ command return codes (bsc#1094840).
   - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).
   - ibmvnic: Create separate initialization routine for resets (bsc#1094840).
   - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).
   - ibmvnic: Fix partial success login retries (bsc#1094840).
   - ibmvnic: Fix statistics buffers memory leak (bsc#1093990).
   - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).
   - ibmvnic: Handle error case when setting link state (bsc#1094840).
   - ibmvnic: Introduce active CRQ state (bsc#1094840).
   - ibmvnic: Introduce hard reset recovery (bsc#1094840).
   - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840).
   - ibmvnic: Only do H_EOI for mobility events (bsc#1094356).
   - ibmvnic: Return error code if init interrupted by transport event
     (bsc#1094840).
   - ibmvnic: Set resetting state at earliest possible point (bsc#1094840).
   - iio:kfifo_buf: check for uint overflow (bnc#1012382).
   - ima: Fallback to the builtin hash algorithm (bnc#1012382).
   - ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382).
   - init: fix false positives in W+X checking (bsc#1096982).
   - iommu/vt-d: Fix a potential memory leak (bnc#1012382).
   - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table
     succeeds (bnc#1012382).
   - ipc/shm: fix shmat() nil address after round-down when remapping
     (bnc#1012382).
   - ipc/shm: fix use-after-free of shm file via remap_file_pages()
     (bnc#1012382).
   - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
     (bnc#1012382).
   - ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062,
     bsc#1060799).
   - ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382
     bsc#1088871).
   - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382).
   - ipv4: lock mtu in fnhe when received PMTU lower than
     net.ipv4.route.min_pmtu (bnc#1012382).
   - ipv4: remove warning in ip_recv_error (bnc#1012382).
   - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382).
   - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
   - ipv6: omit traffic class when calculating flow hash (bsc#1095042).
   - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).
   - irda: fix overly long udelay() (bnc#1012382).
   - irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382).
   - isdn: eicon: fix a missing-check bug (bnc#1012382).
   - jbd2: fix use after free in kjournald2() (bnc#1012382).
   - jbd2: if the journal is aborted then do not allow update of the log tail
     (bnc#1012382).
   - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
     (bnc#1012382 git-fixes).
   - jffs2_kill_sb(): deal with failed allocations (bnc#1012382).
   - kABI: work around BPF SSBD removal (bsc#1087082).
   - kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716).
   - kasan: fix memory hotplug during boot (bnc#1012382).
   - kconfig: Avoid format overflow warning from GCC 8.1 (bnc#1012382).
   - kconfig: Do not leak main menus during parsing (bnc#1012382).
   - kconfig: Fix automatic menu creation mem leak (bnc#1012382).
   - kconfig: Fix expr_free() E_NOT leak (bnc#1012382).
   - kdb: make "mdr" command repeat (bnc#1012382).
   - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382).
   - kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382).
   - kernel: Fix memory leak on EP11 target list processing (bnc#1096751, ).
   - kexec_file: do not add extra alignment to efi memmap (bsc#1044596).
   - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
     (bsc#1094033).
   - kobject: do not use WARN for registration failures (bnc#1012382).
   - kvm: Fix nopvspin static branch init usage (bsc#1056427).
   - kvm: Introduce nopvspin kernel parameter (bsc#1056427).
   - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382).
   - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor
     access (bnc#1012382).
   - l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382).
   - l2tp: revert "l2tp: fix missing print session offset info" (bnc#1012382).
   - lan78xx: Correctly indicate invalid OTP (bnc#1012382).
   - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).
   - libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382).
   - libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382).
   - libceph, ceph: change permission for readonly debugfs entries
     (bsc#1089115).
   - libceph: fix misjudgement of maximum monitor number (bsc#1089115).
   - libceph: reschedule a tick in finish_hunting() (bsc#1089115).
   - libceph: un-backoff on tick when we have a authenticated session
     (bsc#1089115).
   - libceph: validate con->state at the top of try_write() (bsc#1089115).
   - libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment
   - libnvdimm, namespace: use a safe lookup for dimm device name
   - libnvdimm, pfn: fix start_pad handling for aligned namespaces
   - livepatch: Allow to call a custom callback when freeing shadow variables
     (bsc#1082299).
   - livepatch: Initialize shadow variables safely by a custom callback
     (bsc#1082299).
   - llc: better deal with too small mtu (bnc#1012382).
   - llc: delete timers synchronously in llc_sk_free() (bnc#1012382).
   - llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382).
   - llc: hold llc_sap before release_sock() (bnc#1012382).
   - llc: properly handle dev_queue_xmit() return value (bnc#1012382).
   - lockd: lost rollback of set_grace_period() in lockd_down_net()
     (bnc#1012382 git-fixes).
   - locking/qspinlock: Ensure node->count is updated before initialising
     node (bnc#1012382).
   - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
     (bnc#1012382).
   - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
     (bnc#1012382).
   - loop: handle short DIO reads (bsc#1094177).
   - m68k: set dma and coherent masks for platform FEC ethernets
     (bnc#1012382).
   - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).
   - mac80211: allow not sending MIC up from driver for HW crypto
     (bnc#1012382).
   - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).
   - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
     (bnc#1012382).
   - md raid10: fix NULL deference in handle_write_completed() (bnc#1012382
     bsc#1056415).
   - md/raid1: fix NULL pointer dereference (bnc#1012382).
   - md: document lifetime of internal rdev pointer (bsc#1056415).
   - md: fix two problems with setting the "re-add" device state
     (bsc#1089023).
   - md: only allow remove_and_add_spares when no sync_thread running
     (bsc#1056415).
   - md: raid5: avoid string overflow warning (bnc#1012382).
   - media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382).
   - media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382).
   - media: cx25821: prevent out-of-bounds read on array card (bnc#1012382
     bsc#1031717).
   - media: dmxdev: fix error code for invalid ioctls (bnc#1012382).
   - media: em28xx: USB bulk packet size fix (bnc#1012382).
   - media: s3c-camif: fix out-of-bounds array access (bnc#1012382
     bsc#1031717).
   - media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382).
   - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
     (bsc#1079152, VM Functionality).
   - mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382).
   - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382).
   - mm/kmemleak.c: wait for scan completion before disabling free
     (bnc#1012382).
   - mm/ksm: fix interaction with THP (bnc#1012382).
   - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382).
   - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382).
   - mm/mempolicy: fix the check of nodemask from user (bnc#1012382).
   - mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382).
   - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to
     complete during a read (-- VM bnc#1012382 bnc#971975 generic performance
     read).
   - mm: filemap: remove redundant code in do_read_cache_page (-- VM
     bnc#1012382 bnc#971975 generic performance read).
   - mm: fix races between address_space dereference and free in
     page_evicatable (bnc#1012382).
   - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382).
   - mm: pin address_space before dereferencing it while isolating an LRU
     page (bnc#1012382 bnc#1081500).
   - mmap: introduce sane default mmap limits (bnc#1012382).
   - mmap: relax file size limit for regular files (bnc#1012382).
   - mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382).
   - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
     (bnc#1012382).
   - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block
     (bnc#1012382).
   - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382).
   - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block
     (bnc#1012382).
   - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382).
   - net/mlx4: Fix irq-unsafe spinlock usage (bnc#1012382).
   - net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382).
   - net/mlx5: Protect from command bit overflow (bnc#1012382).
   - net/packet: refine check for priv area size (bnc#1012382).
   - net/tcp/illinois: replace broken algorithm reference link (bnc#1012382).
   - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382).
   - net: Fix untag for vlan packets without ethernet header (bnc#1012382).
   - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
     (bnc#1012382).
   - net: af_packet: fix race in PACKET_{R|T}X_RING (bnc#1012382).
   - net: atm: Fix potential Spectre v1 (bnc#1012382).
   - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382).
   - net: ethernet: sun: niu set correct packet size in skb (bnc#1012382).
   - net: fix deadlock while clearing neighbor proxy table (bnc#1012382).
   - net: fix rtnh_ok() (bnc#1012382).
   - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).
   - net: initialize skb->peeked when cloning (bnc#1012382).
   - net: metrics: add proper netlink validation (bnc#1012382).
   - net: mvneta: fix enable of all initialized RXQs (bnc#1012382).
   - net: phy: broadcom: Fix bcm_write_exp() (bnc#1012382).
   - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382).
   - net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382).
   - net: test tailroom before appending to linear skb (bnc#1012382).
   - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (bnc#1012382).
   - net: validate attribute sizes in neigh_dump_table() (bnc#1012382).
   - net_sched: fq: take care of throttled flows before reuse (bnc#1012382).
   - netdev-FAQ: clarify DaveM's position for stable backports (bnc#1012382).
   - netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382).
   - netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382).
   - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).
   - nfit, address-range-scrub: fix scrub in-progress reporting
   - nfit: fix region registration vs block-data-window ranges
   - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382
     git-fixes).
   - ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382).
   - nvme-pci: Fix EEH failure on ppc (bsc#1093533).
   - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382).
   - nvme: target: fix buffer overflow (bsc#993388).
   - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
     (bnc#1012382).
   - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
   - ocfs2/dlm: do not handle migrate lockres if already in shutdown
     (bnc#1012382).
   - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources
     (bsc#1070404).
   - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
     (bnc#1012382).
   - ocfs2: return error when we attempt to access a dirty bh in jbd2
     (bnc#1012382 bsc#1070404).
   - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is
     found (bnc#1012382).
   - packet: fix bitfield update race (bnc#1012382).
   - packet: fix reserve calculation (bnc#1012382 git-fixes).
   - packet: fix reserve calculation (git-fixes).
   - packet: in packet_snd start writing at link layer allocation
     (bnc#1012382).
   - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
     (bnc#1012382).
   - parisc: Fix out of array access in match_pci_device() (bnc#1012382).
   - percpu: include linux/sched.h for cond_resched() (bnc#1012382).
   - perf callchain: Fix attr.sample_max_stack setting (bnc#1012382).
   - perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382).
   - perf intel-pt: Fix overlap detection to identify consecutive buffers
     correctly (bnc#1012382).
   - perf intel-pt: Fix sync_switch (bnc#1012382).
   - perf intel-pt: Fix timestamp following overflow (bnc#1012382).
   - perf report: Fix memory corruption in --branch-history mode
     --branch-history (bnc#1012382).
   - perf tests: Use arch__compare_symbol_names to compare symbols
     (bnc#1012382).
   - perf/cgroup: Fix child event counting bug (bnc#1012382).
   - perf/core: Fix perf_output_read_group() (bnc#1012382).
   - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
     (bnc#1012382).
   - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).
   - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
     (bnc#1012382).
   - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
     (bnc#1012382).
   - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
     (bnc#1012382).
   - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
     (bnc#1012382).
   - perf: Remove superfluous allocation error check (bnc#1012382).
   - perf: Return proper values for user stack errors (bnc#1012382).
   - pipe: cap initial pipe capacity according to pipe-max-size limit
     (bnc#1012382 bsc#1045330).
   - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill
     (bsc#1093035).
   - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
     (bnc#1012382).
   - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032,
     bsc#1080157).
   - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).
   - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032,
     bsc#1080157).
   - powerpc/64s: Clear PCR on boot (bnc#1012382).
   - powerpc/64s: Enable barrier_nospec based on firmware settings
     (bsc#1068032, bsc#1080157).
   - powerpc/64s: Enhance the information in cpu_show_meltdown()
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
     (bsc#1068032).
   - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087,
     bsc#1091041).
   - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).
   - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087,
     bsc#1091041).
   - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087,
     bsc#1091041).
   - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382).
   - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382).
   - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).
   - powerpc/fadump: exclude memory holes while reserving memory in second
     kernel (bsc#1092772).
   - powerpc/lib: Fix off-by-one in alternate feature patching (bnc#1012382).
   - powerpc/livepatch: Fix livepatch stack access (bsc#1094466).
   - powerpc/mm: Allow memory hotplug into an offline node (bsc#1090663).
   - powerpc/mm: allow memory hotplug into a memoryless node (bsc#1090663).
   - powerpc/modules: Do not try to restore r2 after a sibling call
     (bsc#1094466).
   - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382).
   - powerpc/numa: Ensure nodes initialized for hotplug (bnc#1012382
     bsc#1081514).
   - powerpc/numa: Use ibm,max-associativity-domains to discover possible
     nodes (bnc#1012382 bsc#1081514).
   - powerpc/perf: Fix kernel address leak via sampling registers
     (bnc#1012382).
   - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
     (bnc#1012382).
   - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
     (bnc#1012382).
   - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382).
   - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
     (bnc#1012382).
   - powerpc/powernv: Remove OPALv2 firmware define and references
     (bnc#1012382).
   - powerpc/powernv: Set or clear security feature flags (bsc#1068032,
     bsc#1075087, bsc#1091041).
   - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
     (bnc#1012382).
   - powerpc/powernv: panic() on OPAL lower than V3 (bnc#1012382).
   - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
     (bnc#1012382).
   - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032,
     bsc#1075087, bsc#1091041).
   - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032,
     bsc#1075087, bsc#1091041).
   - powerpc/pseries: Restore default security feature flags on setup
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/pseries: Set or clear security feature flags (bsc#1068032,
     bsc#1075087, bsc#1091041).
   - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032,
     bsc#1075087, bsc#1091041).
   - powerpc/rfi-flush: Differentiate enabled and patched flush types
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
     (bsc#1068032, bsc#1075087, bsc#1091041).
   - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382).
   - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032,
     bsc#1075087, bsc#1091041).
   - powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382
     bsc#1066223).
   - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087,
     bsc#1091041).
   - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032,
     bsc#1080157).
   - powerpc: conditionally compile platform-specific serial drivers
     (bsc#1066223).
   - powerpc: signals: Discard transaction state from signal frames
     (bsc#1094059).
   - pppoe: check sockaddr length in pppoe_connect() (bnc#1012382).
   - proc read mm's {arg,env}_{start,end} with mmap semaphore taken
     (bnc#1012382).
   - proc: fix /proc/*/map_files lookup (bnc#1012382).
   - proc: meminfo: estimate available memory more conservatively (-- VM
     bnc#1012382 functionality monitoring space user).
   - procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382).
   - qed: Fix LL2 race during connection terminate (bsc#1019695 bsc#1019699
     bsc#1022604).
   - qed: Fix mask for physical address in ILT entry (bnc#1012382).
   - qed: Fix possibility of list corruption during rmmod flows (bsc#1019695
     bsc#1019699 bsc#1022604).
   - qed: LL2 flush isles when connection is closed (bsc#1019695 bsc#1019699
     bsc#1022604).
   - qede: Fix ref-cnt usage count (bsc#1019695 bsc#1019699 bsc#1022604).
   - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054).
   - qmi_wwan: do not steal interfaces from class drivers (bnc#1012382).
   - r8152: add Linksys USB3GIGV1 id (bnc#1012382).
   - r8152: fix tx packets accounting (bnc#1012382).
   - r8169: fix powering up RTL8168h (bnc#1012382).
   - radeon: hide pointless #warning when compile testing (bnc#1012382).
   - random: use a tighter cap in credit_entropy_bits_safe() (bnc#1012382).
   - regulator: gpio: Fix some error handling paths in
     'gpio_regulator_probe()' (bsc#1091960).
   - regulator: of: Add a missing 'of_node_put()' in an error handling path
     of 'of_regulator_match()' (bnc#1012382).
   - regulatory: add NUL to request alpha2 (bnc#1012382).
   - resource: fix integer overflow at reallocation (bnc#1012382).
   - rfkill: gpio: fix memory leak in probe error path (bnc#1012382).
   - rpc_pipefs: fix double-dput() (bnc#1012382).
   - rpm/config.sh: build against SP3 in OBS as well.
   - rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382).
   - rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382).
   - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
     (bnc#1012382).
   - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bnc#1012382).
   - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
     (bnc#1012382).
   - rtnetlink: validate attributes in do_setlink() (bnc#1012382).
   - s390/alternative: use a copy of the facility bit mask (bnc#1012382).
   - s390/cio: clear timer when terminating driver I/O (bnc#1012382).
   - s390/cio: fix return code after missing interrupt (bnc#1012382).
   - s390/cio: update chpid descriptor after resource accessibility event
     (bnc#1012382).
   - s390/cpum_sf: ensure sample frequency of perf event attributes is
     non-zero ( bnc#1012382 bnc#1094532).
   - s390/cpum_sf: ensure sample frequency of perf event attributes is
     non-zero (bnc#1094532, ).
   - s390/dasd: fix IO error for newly defined devices (bnc#1093144, ).
   - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382).
   - s390/ftrace: use expoline for indirect branches (bnc#1012382).
   - s390/ipl: ensure loadparm valid flag is set (bnc#1012382).
   - s390/kernel: use expoline for indirect branches (bnc#1012382).
   - s390/lib: use expoline for indirect branches (bnc#1012382).
   - s390/qdio: do not merge ERROR output buffers (bnc#1012382).
   - s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382).
   - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382).
   - s390/qdio: fix access to uninitialized qdio_q fields ( bnc#1012382
     bnc#1094532).
   - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532, ).
   - s390/qeth: consolidate errno translation (bnc#1093144, ).
   - s390/qeth: fix MAC address update sequence (bnc#1093144, ).
   - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093144, ).
   - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1012382).
   - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
     (bnc#1012382).
   - s390: add assembler macros for CPU alternatives (bnc#1012382).
   - s390: add automatic detection of the spectre defense (bnc#1012382).
   - s390: add optimized array_index_mask_nospec (bnc#1012382).
   - s390: add options to change branch prediction behaviour for the kernel
     (bnc#1012382 bsc#1068032).
   - s390: add sysfs attributes for spectre (bnc#1012382).
   - s390: correct module section names for expoline code revert
     (bnc#1012382).
   - s390: correct nospec auto detection init order (bnc#1012382).
   - s390: do not bypass BPENTER for interrupt system calls (bnc#1012382).
   - s390: enable CPU alternatives unconditionally (bnc#1012382).
   - s390: extend expoline to BC instructions (bnc#1012382).
   - s390: introduce execute-trampolines for branches (bnc#1012382).
   - s390: move expoline assembler macros to a header (bnc#1012382).
   - s390: move nobp parameter functions to nospec-branch.c (bnc#1012382).
   - s390: move spectre sysfs attribute code (bnc#1012382).
   - s390: remove indirect branch from do_softirq_own_stack (bnc#1012382).
   - s390: report spectre mitigation via syslog (bnc#1012382).
   - s390: run user space and KVM guests with modified branch prediction
     (bnc#1012382).
   - s390: scrub registers on kernel entry and KVM exit (bnc#1012382).
   - s390: use expoline thunks in the BPF JIT (bnc#1012382).
   - sched/rt: Fix rq->clock_update_flags lower than RQCF_ACT_SKIP warning
     (bnc#1012382).
   - scsi: aacraid: Correct hba_send to include iu_type (bsc#1022607).
   - scsi: aacraid: Insure command thread is not recursively stopped
     (bnc#1012382).
   - scsi: aacraid: fix shutdown crash when init fails (bnc#1012382).
   - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
     (bnc#1012382).
   - scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979).
   - scsi: libsas: defer ata device eh commands to libata (bnc#1012382).
   - scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382).
   - scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656).
   - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
     (bnc#1012382 bsc#1080656).
   - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
     (bnc#1012382 bsc#1078583).
   - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
     (bnc#1012382).
   - scsi: mptsas: Disable WRITE SAME (bnc#1012382).
   - scsi: qla2xxx: Avoid triggering undefined behavior in
     qla2x00_mbx_completion() (bnc#1012382).
   - scsi: qla4xxx: skip error recovery in case of register disconnect
     (bnc#1012382).
   - scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382).
   - scsi: sd: Defer spinning up drive while SANITIZE is in progress
     (bnc#1012382).
   - scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382).
   - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382).
   - scsi: storvsc: Increase cmd_per_lun for higher speed devices
     (bnc#1012382).
   - scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382).
   - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
     (bnc#1012382).
   - scsi: zfcp: fix infinite iteration on ERP ready list ( bnc#1012382
     bnc#1094532).
   - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532, ).
   - sctp: delay the authentication for the duplicated cookie-echo chunk
     (bnc#1012382).
   - sctp: do not check port in sctp_inet6_cmp_addr (bnc#1012382).
   - sctp: fix the issue that the cookie-ack with auth can't get processed
     (bnc#1012382).
   - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
     (bnc#1012382).
   - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
     (bnc#1012382).
   - selftests/net: fixes psock_fanout eBPF test case (bnc#1012382).
   - selftests/powerpc: Skip the subpage_prot tests if the syscall is
     unavailable (bnc#1012382).
   - selftests: Print the test we're running to /dev/kmsg (bnc#1012382).
   - selftests: ftrace: Add a testcase for probepoint (bnc#1012382).
   - selftests: ftrace: Add a testcase for string type with kprobe_event
     (bnc#1012382).
   - selftests: ftrace: Add probe event argument syntax testcase
     (bnc#1012382).
   - selftests: memfd: add config fragment for fuse (bnc#1012382).
   - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382).
   - serial: arc_uart: Fix out-of-bounds access through DT alias
     (bnc#1012382).
   - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
     (bnc#1012382).
   - serial: imx: Fix out-of-bounds access through serial port index
     (bnc#1012382).
   - serial: mctrl_gpio: Add missing module license (bnc#1012382).
   - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
     (bnc#1012382).
   - serial: mxs-auart: Fix out-of-bounds access through serial port index
     (bnc#1012382).
   - serial: samsung: Fix out-of-bounds access through serial port index
     (bnc#1012382).
   - serial: samsung: fix maxburst parameter for DMA transactions
     (bnc#1012382).
   - serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382).
   - sh: New gcc support (bnc#1012382).
   - sh: fix debug trap failure to process signals before return to user
     (bnc#1012382).
   - signals: avoid unnecessary taking of sighand->siglock (-- Scheduler
     bnc#1012382 bnc#978907 performance signals).
   - sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382).
   - slip: Check if rstate is initialized before uncompressing (bnc#1012382).
   - smsc75xx: fix smsc75xx_set_features() (bnc#1012382).
   - sock_diag: fix use-after-free read in __sk_free (bnc#1012382).
   - soreuseport: initialise timewait reuseport field (bnc#1012382).
   - sparc64: Fix build warnings with gcc 7 (bnc#1012382).
   - sparc64: Make atomic_xchg() an inline function rather than a macro
     (bnc#1012382).
   - spi: pxa2xx: Allow 64-bit DMA (bnc#1012382).
   - sr: get/drop reference to device in revalidate and check_events
     (bnc#1012382).
   - staging: ion : Donnot wakeup kswapd in ion system alloc (bnc#1012382).
   - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
     (bnc#1012382).
   - stm class: Use vmalloc for the master map (bnc#1012382).
   - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
     (bsc#1088810).
   - sunvnet: does not support GSO for sctp (bnc#1012382).
   - swap: divide-by-zero when zero length swap file on ssd (bnc#1012382
     bsc#1082153).
   - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153).
   - target: transport should handle st FM/EOM/ILI reads (bsc#1081599).
   - tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382).
   - tcp: do not read out-of-bounds opsize (bnc#1012382).
   - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).
   - tcp: ignore Fast Open on repair mode (bnc#1012382).
   - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
     (bnc#1012382).
   - tcp: purge write queue in tcp_connect_init() (bnc#1012382).
   - team: avoid adding twice the same option to the event list (bnc#1012382).
   - team: fix netconsole setup over team (bnc#1012382).
   - team: use netdev_features_t instead of u32 (bnc#1012382).
   - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
     (git-fixes).
   - test_firmware: fix setting old custom fw path back on exit, second try
     (bnc#1012382).
   - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent()
     (bnc#1012382).
   - there is probably a place where forcing _IBRS_OFF is missed (or is too
     late) and therefore ENABLE_IBRS is sometimes called early during boot
     while it should not. Let's drop the uoptimization for now. Fixes
     bsc#1098009 and bsc#1098012
   - thermal: imx: Fix race condition in imx_thermal_probe() (bnc#1012382).
   - thunderbolt: Resume control channel after hibernation image is created
     (bnc#1012382).
   - tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382).
   - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382).
   - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382).
   - tools lib traceevent: Fix get_field_str() for dynamic strings
     (bnc#1012382).
   - tools lib traceevent: Simplify pointer print logic and fix %pF
     (bnc#1012382).
   - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
     (bnc#1012382).
   - tools/thermal: tmon: fix for segfault (bnc#1012382).
   - tpm: do not suspend/resume if power stays on (bnc#1012382).
   - tpm: self test failure should not cause suspend to fail (bnc#1012382).
   - tracepoint: Do not warn on ENOMEM (bnc#1012382).
   - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes
     into account (bnc#1012382).
   - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).
   - tracing/x86/xen: Remove zero data size trace events
     trace_xen_mmu_flush_tlb{_all} (bnc#1012382).
   - tracing: Fix crash when freeing instances with event triggers
     (bnc#1012382).
   - tracing: Fix regex_match_front() to not over compare the test string
     (bnc#1012382).
   - tty: Do not call panic() at tty_ldisc_init() (bnc#1012382).
   - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382).
   - tty: make n_tty_read() always abort if hangup is in progress
     (bnc#1012382).
   - tty: n_gsm: Fix DLCI handling for ADM mode if debug and 2 is not set
     (bnc#1012382).
   - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
     (bnc#1012382).
   - ubi: Fix error for write access (bnc#1012382).
   - ubi: Reject MLC NAND (bnc#1012382).
   - ubi: fastmap: Do not flush fastmap work on detach (bnc#1012382).
   - ubifs: Check ubifs_wbuf_sync() return code (bnc#1012382).
   - udf: Provide saner default for invalid uid / gid (bnc#1012382).
   - um: Use POSIX ucontext_t instead of struct ucontext (bnc#1012382).
   - usb: core: Add quirk for HP v222w 16GB Mini (bnc#1012382).
   - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382).
   - usb: dwc2: Fix interval type issue (bnc#1012382).
   - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382).
   - usb: dwc3: pci: Properly cleanup resource (bnc#1012382).
   - usb: gadget: composite: fix incorrect handling of OS desc requests
     (bnc#1012382).
   - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
     (bnc#1012382).
   - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382).
   - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
     (bnc#1012382).
   - usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382).
   - usb: gadget: udc: change comparison to bitshift when dealing with a mask
     (bnc#1012382).
   - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
     (bnc#1012382).
   - usb: musb: fix enumeration after resume (bnc#1012382).
   - usb: musb: gadget: misplaced out of bounds check (bnc#1012382).
   - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).
   - usbip: usbip_host: delete device from busid_table after rebind
     (bnc#1012382).
   - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
     (bnc#1012382).
   - usbip: usbip_host: fix bad unlock balance during stub_probe()
     (bnc#1012382).
   - usbip: usbip_host: fix to hold parent lock for device_attach() calls
     (bnc#1012382).
   - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
     (bnc#1012382).
   - usbip: usbip_host: run rebind from exit when module is removed
     (bnc#1012382).
   - usbip: vhci_hcd: Fix usb device and sockfd leaks (bnc#1012382).
   - vfio-pci: Virtualize PCIe and AF FLR (bnc#1012382).
   - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382).
   - vfio/pci: Virtualize Maximum Read Request Size (bnc#1012382).
   - vfs: add path_has_submounts() (bsc#1086716).
   - vfs: add path_is_mountpoint() helper (bsc#1086716).
   - vfs: change d_manage() to take a struct path (bsc#1086716).
   - virtio-gpu: fix ioctl and expose the fixed status to userspace
     (bnc#1012382).
   - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
     (bnc#1012382).
   - virtio: add ability to iterate over vqs (bnc#1012382).
   - virtio_console: free buffers after reset (bnc#1012382).
   - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
     (bnc#1012382).
   - vmscan: do not force-scan file lru if its absolute size is small (-- VM
     bnc#1012382 page performance reclaim).
   - vmw_balloon: fixing double free when batching mode is off (bnc#1012382).
   - vti4: Do not count header length twice on tunnel setup (bnc#1012382).
   - vti4: Do not override MTU passed on link creation via IFLA_MTU
     (bnc#1012382).
   - watchdog: f71808e_wdt: Fix WD_EN register read (bnc#1012382).
   - watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382).
   - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).
   - watchdog: hpwdt: Update Module info and copyright (bsc#1085185).
   - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).
   - watchdog: hpwdt: condition early return of NMI handler on iLO5
     (bsc#1085185).
   - watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382).
   - workqueue: use put_device() instead of kfree() (bnc#1012382).
   - writeback: safer lock nesting (bnc#1012382).
   - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
     specified (bnc#1012382).
   - x86/boot: Fix early command-line parsing when partial word matches
     (bsc#1096140).
   - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032).
   - x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK
     (bsc#1093215).
   - x86/bugs: Respect retpoline command line option (bsc#1068032).
   - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
   - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019).
   - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
     disabled (bsc#1096140).
   - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
     (bnc#1012382).
   - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
     code (bnc#1012382).
   - x86/devicetree: Fix device IRQ settings in DT (bnc#1012382).
   - x86/devicetree: Initialize device tree before using it (bnc#1012382).
   - x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382).
   - x86/fpu: Hard-disable lazy FPU mode (bnc#1012382).
   - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
     (bnc#1012382).
   - x86/hweight: Do not clobber %rdi (bnc#1012382).
   - x86/hweight: Get rid of the special calling convention (bnc#1012382).
   - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds (bnc#1012382).
   - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
   - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
     (bnc#1012382).
   - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382).
   - x86/pkeys: Do not special case protection key 0 (1041740).
   - x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740).
   - x86/platform/UV: Add references to access fixed UV4A HUB MMRs
     (bsc#1076263).
   - x86/platform/UV: Fix GAM MMR changes in UV4A (bsc#1076263).
   - x86/platform/UV: Fix GAM MMR references in the UV x2apic code
     (bsc#1076263).
   - x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1091325).
   - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263).
   - x86/platform/UV: Fix UV4A support on new Intel Processors (bsc#1076263).
   - x86/platform/UV: Fix critical UV MMR address error (bsc#1076263
   - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes
     (bsc#1076263).
   - x86/platform/uv/BAU: Replace hard-coded values with MMR definitions
     (bsc#1076263).
   - x86/power: Fix swsusp_arch_resume prototype (bnc#1012382).
   - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bnc#1012382).
   - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly
     across CPU hotplug operations (bnc#1012382).
   - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bnc#1012382).
   - x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382).
   - xen-netfront: Fix hang on device removal (bnc#1012382).
   - xen-netfront: Fix race between device setup and open (bnc#1012382).
   - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
     (bnc#1012382).
   - xen/acpi: off by one in read_acpi_id() (bnc#1012382).
   - xen/grant-table: Use put_page instead of free_page (bnc#1012382).
   - xen/netfront: raise max number of slots in xennet_get_responses()
     (bnc#1076049).
   - xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382).
   - xen: xenbus: use put_device() instead of kfree() (bnc#1012382).
   - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382).
   - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).
   - xfs: always verify the log tail during recovery (bsc#1036215).
   - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955,
     bsc#1090534).
   - xfs: detect agfl count corruption and reset agfl (bnc#1012382
     bsc#1090534 bsc#1090955).
   - xfs: detect agfl count corruption and reset agfl (bsc#1090955,
     bsc#1090534).
   - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).
   - xfs: detect and trim torn writes during log recovery (bsc#1036215).
   - xfs: do not log/recover swapext extent owner changes for deleted inodes
     (bsc#1090955).
   - xfs: fix endianness error when checking log block crc on big endian
     platforms (bsc#1094405, bsc#1036215).
   - xfs: fix incorrect log_flushed on fsync (bnc#1012382).
   - xfs: fix log recovery corruption error due to tail overwrite
     (bsc#1036215).
   - xfs: fix recovery failure when log record header wraps log end
     (bsc#1036215).
   - xfs: handle -EFSCORRUPTED during head/tail verification (bsc#1036215).
   - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).
   - xfs: refactor and open code log record crc check (bsc#1036215).
   - xfs: refactor log record start detection into a new helper (bsc#1036215).
   - xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432).
   - xfs: return start block of first bad log record during recovery
     (bsc#1036215).
   - xfs: support a crc verification only log record pass (bsc#1036215).
   - xhci: Fix USB3 NULL pointer dereference at logical disconnect
     (git-fixes).
   - xhci: Fix use-after-free in xhci_free_virt_device (git-fixes).
   - xhci: zero usb device slot_id member when disabling and freeing a xhci
     slot (bnc#1012382).
   - zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP3:

      zypper in -t patch SUSE-SLE-RT-12-SP3-2018-1224=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64):

      cluster-md-kmp-rt-4.4.138-3.14.1
      cluster-md-kmp-rt-debuginfo-4.4.138-3.14.1
      dlm-kmp-rt-4.4.138-3.14.1
      dlm-kmp-rt-debuginfo-4.4.138-3.14.1
      gfs2-kmp-rt-4.4.138-3.14.1
      gfs2-kmp-rt-debuginfo-4.4.138-3.14.1
      kernel-rt-4.4.138-3.14.1
      kernel-rt-base-4.4.138-3.14.1
      kernel-rt-base-debuginfo-4.4.138-3.14.1
      kernel-rt-debuginfo-4.4.138-3.14.1
      kernel-rt-debugsource-4.4.138-3.14.1
      kernel-rt-devel-4.4.138-3.14.1
      kernel-rt_debug-debuginfo-4.4.138-3.14.1
      kernel-rt_debug-debugsource-4.4.138-3.14.1
      kernel-rt_debug-devel-4.4.138-3.14.1
      kernel-rt_debug-devel-debuginfo-4.4.138-3.14.1
      kernel-syms-rt-4.4.138-3.14.1
      ocfs2-kmp-rt-4.4.138-3.14.1
      ocfs2-kmp-rt-debuginfo-4.4.138-3.14.1

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch):

      kernel-devel-rt-4.4.138-3.14.1
      kernel-source-rt-4.4.138-3.14.1


References:

   https://www.suse.com/security/cve/CVE-2017-13305.html
   https://www.suse.com/security/cve/CVE-2017-17741.html
   https://www.suse.com/security/cve/CVE-2017-18241.html
   https://www.suse.com/security/cve/CVE-2017-18249.html
   https://www.suse.com/security/cve/CVE-2018-1000199.html
   https://www.suse.com/security/cve/CVE-2018-1065.html
   https://www.suse.com/security/cve/CVE-2018-1092.html
   https://www.suse.com/security/cve/CVE-2018-1093.html
   https://www.suse.com/security/cve/CVE-2018-1094.html
   https://www.suse.com/security/cve/CVE-2018-1130.html
   https://www.suse.com/security/cve/CVE-2018-12233.html
   https://www.suse.com/security/cve/CVE-2018-3639.html
   https://www.suse.com/security/cve/CVE-2018-3665.html
   https://www.suse.com/security/cve/CVE-2018-5803.html
   https://www.suse.com/security/cve/CVE-2018-5848.html
   https://www.suse.com/security/cve/CVE-2018-7492.html
   https://www.suse.com/security/cve/CVE-2018-8781.html
   https://bugzilla.suse.com/1009062
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1019695
   https://bugzilla.suse.com/1019699
   https://bugzilla.suse.com/1022604
   https://bugzilla.suse.com/1022607
   https://bugzilla.suse.com/1022743
   https://bugzilla.suse.com/1024718
   https://bugzilla.suse.com/1031717
   https://bugzilla.suse.com/1035432
   https://bugzilla.suse.com/1036215
   https://bugzilla.suse.com/1041740
   https://bugzilla.suse.com/1043598
   https://bugzilla.suse.com/1044596
   https://bugzilla.suse.com/1045330
   https://bugzilla.suse.com/1056415
   https://bugzilla.suse.com/1056427
   https://bugzilla.suse.com/1060799
   https://bugzilla.suse.com/1066223
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1068054
   https://bugzilla.suse.com/1068951
   https://bugzilla.suse.com/1070404
   https://bugzilla.suse.com/1073059
   https://bugzilla.suse.com/1073311
   https://bugzilla.suse.com/1075087
   https://bugzilla.suse.com/1075428
   https://bugzilla.suse.com/1076049
   https://bugzilla.suse.com/1076263
   https://bugzilla.suse.com/1076805
   https://bugzilla.suse.com/1078583
   https://bugzilla.suse.com/1079152
   https://bugzilla.suse.com/1080157
   https://bugzilla.suse.com/1080542
   https://bugzilla.suse.com/1080656
   https://bugzilla.suse.com/1081500
   https://bugzilla.suse.com/1081514
   https://bugzilla.suse.com/1081599
   https://bugzilla.suse.com/1082153
   https://bugzilla.suse.com/1082299
   https://bugzilla.suse.com/1082485
   https://bugzilla.suse.com/1082504
   https://bugzilla.suse.com/1082962
   https://bugzilla.suse.com/1082979
   https://bugzilla.suse.com/1083635
   https://bugzilla.suse.com/1083650
   https://bugzilla.suse.com/1083900
   https://bugzilla.suse.com/1084721
   https://bugzilla.suse.com/1085185
   https://bugzilla.suse.com/1085308
   https://bugzilla.suse.com/1086400
   https://bugzilla.suse.com/1086716
   https://bugzilla.suse.com/1087007
   https://bugzilla.suse.com/1087012
   https://bugzilla.suse.com/1087036
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1087086
   https://bugzilla.suse.com/1087095
   https://bugzilla.suse.com/1088810
   https://bugzilla.suse.com/1088871
   https://bugzilla.suse.com/1089023
   https://bugzilla.suse.com/1089115
   https://bugzilla.suse.com/1089393
   https://bugzilla.suse.com/1089895
   https://bugzilla.suse.com/1090225
   https://bugzilla.suse.com/1090435
   https://bugzilla.suse.com/1090534
   https://bugzilla.suse.com/1090643
   https://bugzilla.suse.com/1090658
   https://bugzilla.suse.com/1090663
   https://bugzilla.suse.com/1090708
   https://bugzilla.suse.com/1090718
   https://bugzilla.suse.com/1090734
   https://bugzilla.suse.com/1090953
   https://bugzilla.suse.com/1090955
   https://bugzilla.suse.com/1091041
   https://bugzilla.suse.com/1091325
   https://bugzilla.suse.com/1091594
   https://bugzilla.suse.com/1091728
   https://bugzilla.suse.com/1091960
   https://bugzilla.suse.com/1092289
   https://bugzilla.suse.com/1092497
   https://bugzilla.suse.com/1092552
   https://bugzilla.suse.com/1092566
   https://bugzilla.suse.com/1092772
   https://bugzilla.suse.com/1092813
   https://bugzilla.suse.com/1092888
   https://bugzilla.suse.com/1092904
   https://bugzilla.suse.com/1092975
   https://bugzilla.suse.com/1093008
   https://bugzilla.suse.com/1093035
   https://bugzilla.suse.com/1093144
   https://bugzilla.suse.com/1093215
   https://bugzilla.suse.com/1093533
   https://bugzilla.suse.com/1093904
   https://bugzilla.suse.com/1093990
   https://bugzilla.suse.com/1094019
   https://bugzilla.suse.com/1094033
   https://bugzilla.suse.com/1094059
   https://bugzilla.suse.com/1094177
   https://bugzilla.suse.com/1094268
   https://bugzilla.suse.com/1094353
   https://bugzilla.suse.com/1094356
   https://bugzilla.suse.com/1094405
   https://bugzilla.suse.com/1094466
   https://bugzilla.suse.com/1094532
   https://bugzilla.suse.com/1094823
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1095042
   https://bugzilla.suse.com/1095147
   https://bugzilla.suse.com/1096037
   https://bugzilla.suse.com/1096140
   https://bugzilla.suse.com/1096214
   https://bugzilla.suse.com/1096242
   https://bugzilla.suse.com/1096281
   https://bugzilla.suse.com/1096751
   https://bugzilla.suse.com/1096982
   https://bugzilla.suse.com/1097234
   https://bugzilla.suse.com/1097356
   https://bugzilla.suse.com/1098009
   https://bugzilla.suse.com/1098012
   https://bugzilla.suse.com/919144
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/973378
   https://bugzilla.suse.com/978907
   https://bugzilla.suse.com/993388



More information about the sle-security-updates mailing list