SUSE-SU-2019:0148-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jan 23 16:49:06 MST 2019


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:0148-1
Rating:             important
References:         #1012382 #1015336 #1015337 #1015340 #1019683 
                    #1019695 #1020645 #1027260 #1027457 #1042286 
                    #1043083 #1046264 #1047487 #1048916 #1065600 
                    #1066223 #1068032 #1069702 #1070805 #1079935 
                    #1087082 #1091405 #1093158 #1094244 #1094973 
                    #1096242 #1096281 #1099523 #1100105 #1101557 
                    #1102439 #1102660 #1103156 #1103257 #1103624 
                    #1104098 #1104731 #1105412 #1106105 #1106237 
                    #1106240 #1106929 #1107385 #1108145 #1108240 
                    #1109272 #1109330 #1109806 #1110286 #1111062 
                    #1111809 #1112246 #1112963 #1113412 #1114190 
                    #1114417 #1114475 #1114648 #1114763 #1114839 
                    #1114871 #1115431 #1115433 #1115440 #1115587 
                    #1115709 #1116027 #1116183 #1116285 #1116336 
                    #1116345 #1116497 #1116841 #1116924 #1116950 
                    #1117162 #1117165 #1117186 #1117562 #1118152 
                    #1118316 #1118319 #1118505 #1118790 #1118798 
                    #1118915 #1118922 #1118926 #1118930 #1118936 
                    #1119204 #1119714 #1119877 #1119946 #1119967 
                    #1119970 #1120046 #1120743 #1121239 #1121240 
                    #1121241 #1121242 #1121275 #1121621 
Cross-References:   CVE-2017-16939 CVE-2018-1120 CVE-2018-16862
                    CVE-2018-16884 CVE-2018-19407 CVE-2018-19824
                    CVE-2018-19985 CVE-2018-20169 CVE-2018-3639
                    CVE-2018-9568
Affected Products:
                    SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has 94 fixes
   is now available.

Description:

    The SUSE Linux Enterprise 12 SP3 kernel for Azure was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
     allowed local users to cause a denial of service (NULL pointer
     dereference and BUG) via crafted system calls that reach a situation
     where ioapic was uninitialized (bnc#1116841).
   - CVE-2018-19985: The function hso_probe read if_num from the USB device
     (as an u8) and used it without a length check to index an array,
     resulting in an OOB memory read in hso_probe or hso_get_config_data that
     could be used by local attackers (bnc#1120743).
   - CVE-2018-3639: Systems with microprocessors utilizing speculative
     execution and speculative execution of memory reads before the addresses
     of all prior memory writes are known may allow unauthorized disclosure
     of information to an attacker with local user access via a side-channel
     analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1087082).
   - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory
     containing command line arguments (or environment strings), an attacker
     can cause utilities from psutils or procps (such as ps, w) or any other
     program which made a read() call to the /proc/<pid>/cmdline (or
     /proc/<pid>/environ) files to block indefinitely (denial of service) or
     for some controlled time (as a synchronization primitive for other
     attacks) (bnc#1093158).
   - CVE-2017-16939: The XFRM dump policy implementation in
     net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a
     denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt
     system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages
     (bnc#1069702).
   - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at
     the same time can make bc_svc_process() use wrong back-channel IDs and
     cause a use-after-free vulnerability. Thus a malicious container user
     can cause a host kernel memory corruption and a system panic. Due to the
     nature of the flaw, privilege escalation cannot be fully ruled out
     (bnc#1119946).
   - CVE-2018-20169: The USB subsystem mishandled size checks during the
     reading of an extra descriptor, related to __usb_get_extra_descriptor in
     drivers/usb/core/usb.c (bnc#1119714).
   - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
     corruption due to type confusion. This could lead to local escalation of
     privilege with no additional execution privileges needed. User
     interaction is not needed for exploitation (bnc#1118319).
   - CVE-2018-16862: A security flaw was found in the way that the cleancache
     subsystem clears an inode after the final file truncation (removal). The
     new file created with the same inode may contain leftover pages from
     cleancache and the old file data instead of the new one (bnc#1117186).
   - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
     driver by supplying a malicious USB Sound device (with zero interfaces)
     that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).

   The following non-security bugs were fixed:

   - 9p: clear dangling pointers in p9stat_free (bnc#1012382).
   - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382).
   - 9p/net: put a lower bound on msize (bnc#1012382).
   - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer
     value (bsc#1121239).
   - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
     (bnc#1012382).
   - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks
     (bsc#1114648).
   - ACPI/nfit, x86/mce: Validate a MCE's address before using it
     (bsc#1114648).
   - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382).
   - af_iucv: Move sockaddr length checks to before accessing sa_family in
     bind and connect handlers (bnc#1012382).
   - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382).
   - aio: fix spectre gadget in lookup_ioctx (bnc#1012382).
   - aio: hold an extra file reference over AIO read/write operations
     (bsc#1116027).
   - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
     (bnc#1012382).
   - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382).
   - ALSA: control: Fix race between adding and removing a user element
     (bnc#1012382).
   - ALSA: cs46xx: Potential NULL dereference in probe (bnc#1012382).
   - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382).
   - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382).
   - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
     (bnc#1012382).
   - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382).
   - ALSA: hda: Add support for AMD Stoney Ridge (bnc#1012382).
   - ALSA: hda: Check the non-cached stream buffers more explicitly
     (bnc#1012382).
   - ALSA: hda/tegra: clear pending irq handlers (bnc#1012382).
   - ALSA: isa/wavefront: prevent some out of bound writes (bnc#1012382).
   - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382).
   - ALSA: pcm: Fix interval evaluation with openmin/max (bnc#1012382).
   - ALSA: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382).
   - ALSA: pcm: Fix starvation on down_write_nonblock() (bnc#1012382).
   - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382).
   - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382).
   - ALSA: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382).
   - ALSA: timer: Fix zero-division by continue of uninitialized instance
     (bnc#1012382).
   - ALSA: trident: Suppress gcc string warning (bnc#1012382).
   - ALSA: usb-audio: Avoid access before bLength check in
     build_audio_procunit() (bnc#1012382).
   - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
     (bnc#1012382).
   - ALSA: wss: Fix invalid snd_free_pages() at error path (bnc#1012382).
   - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
     (bsc#1106105).
   - ARC: change defconfig defaults to ARCv2 (bnc#1012382).
   - ARC: [devboards] Add support of NFSv3 ACL (bnc#1012382).
   - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
     (bnc#1012382).
   - ARC: io.h: Implement reads{x}()/writes{x}() (bnc#1012382).
   - ARM64: Disable asm-operand-width warning for clang (bnc#1012382).
   - ARM64: dts: stratix10: Correct System Manager register size
     (bnc#1012382).
   - ARM64: Enabled ENA (Amazon network driver)
   - ARM64: hardcode rodata_enabled=true earlier in the series (bsc#1114763).
   - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with
     DT code.
   - ARM64: percpu: Initialize ret in the default case (bnc#1012382).
   - ARM64: remove no-op -p linker flag (bnc#1012382).
   - ARM: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382).
   - ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
     handling (bnc#1012382).
   - ARM: dts: apq8064: add ahci ports-implemented mask (bnc#1012382).
   - ARM: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382).
   - ARM: fix mis-applied iommu identity check (bsc#1116924).
   - ARM: imx: update the cpu power up timing setting on i.mx6sx
     (bnc#1012382).
   - ARM: kvm: fix building with gcc-8 (bsc#1121241).
   - ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
     (bnc#1012382).
   - ARM: OMAP2+: prm44xx: Fix section annotation on
     omap44xx_prm_enable_io_wakeup (bnc#1012382).
   - asix: Check for supported Wake-on-LAN modes (bnc#1012382).
   - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382).
   - ASoC: dapm: Recalculate audio map forcely when card instantiated
     (bnc#1012382).
   - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
     (bnc#1012382).
   - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with
     CPU_IDLE (bnc#1012382).
   - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382).
   - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382).
   - ataflop: fix error handling during setup (bnc#1012382).
   - ath10k: fix kernel panic due to race in accessing arvif list
     (bnc#1012382).
   - ath10k: schedule hardware restart if WMI command times out (bnc#1012382).
   - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382).
   - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382).
   - b43: Fix error in cordic routine (bnc#1012382).
   - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382).
   - bcache: fix miss key refill->end in writeback (bnc#1012382).
   - bfs: add sanity check at bfs_fill_super() (bnc#1012382).
   - binfmt_elf: fix calculations for bss padding (bnc#1012382).
   - bitops: protect variables in bit_clear_unless() macro (bsc#1116285).
   - block: fix inheriting request priority from bio (bsc#1116924).
   - block: respect virtual boundary mask in bvecs (bsc#1113412).
   - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382).
   - Bluetooth: SMP: fix crash in unpairing (bnc#1012382).
   - bna: ethtool: Avoid reading past end of buffer (bnc#1012382).
   - bnx2x: Assign unique DMAE channel number for FW DMAE transactions
     (bnc#1012382).
   - bonding: fix 802.3ad state sent to partner when unbinding slave
     (bnc#1012382).
   - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382).
   - bpf: generally move prog destruction to RCU deferral (bnc#1012382).
   - bpf: support 8-byte metafield access (bnc#1012382).
   - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970).
   - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967).
   - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382).
   - bpf/verifier: Pass instruction index to check_mem_access() and
     check_xadd() (bnc#1012382).
   - bridge: do not add port to router list when receives query with source
     0.0.0.0 (bnc#1012382).
   - btrfs: Always try all copies when reading extent buffers (bnc#1012382).
   - btrfs: do not attempt to trim devices that do not support it
     (bnc#1012382).
   - btrfs: ensure path name is null terminated at btrfs_control_ioctl
     (bnc#1012382).
   - btrfs: fix backport error in submit_stripe_bio (bsc#1114763).
   - btrfs: fix data corruption due to cloning of eof block (bnc#1012382).
   - btrfs: Fix memory barriers usage with device stats counters.
   - btrfs: fix null pointer dereference on compressed write path error
     (bnc#1012382).
   - btrfs: fix pinned underflow after transaction aborted (bnc#1012382).
   - btrfs: fix use-after-free when dumping free space (bnc#1012382).
   - btrfs: fix wrong dentries after fsync of file that got its parent
     replaced (bnc#1012382).
   - btrfs: Handle error from btrfs_uuid_tree_rem call in
     _btrfs_ioctl_set_received_subvol.
   - btrfs: Handle owner mismatch gracefully when walking up tree
     (bnc#1012382).
   - btrfs: iterate all devices during trim, instead of
     fs_devices::alloc_list (bnc#1012382).
   - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid
     deadlock (bnc#1012382).
   - btrfs: make sure we create all new block groups (bnc#1012382).
   - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382).
   - btrfs: release metadata before running delayed refs (bnc#1012382).
   - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382).
   - btrfs: send, fix infinite loop due to directory rename dependencies
     (bnc#1012382).
   - btrfs: set max_extent_size properly (bnc#1012382).
   - btrfs: wait on caching when putting the bg cache (bnc#1012382).
   - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
     (bnc#1012382).
   - can: dev: __can_get_echo_skb(): Do not crash the kernel if
     can_priv::echo_skb is accessed out of bounds (bnc#1012382).
   - can: dev: can_get_echo_skb(): factor out non sending code to
     __can_get_echo_skb() (bnc#1012382).
   - can: dev: __can_get_echo_skb(): print error message, if trying to echo
     non existing skb (bnc#1012382).
   - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame
     to access frame length (bnc#1012382).
   - can: rcar_can: Fix erroneous registration (bnc#1012382).
   - cdc-acm: correct counting of UART states in serial state notification
     (bnc#1012382).
   - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382).
   - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok
     (bsc#1114763).
   - ceph: do not update importing cap's mseq when handing cap export
     (bsc#1121275).
   - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
   - ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
   - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382).
   - checkstack.pl: fix for aarch64 (bnc#1012382).
   - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock
     problem (bnc#1012382).
   - CIFS: Fix separator when building path from dentry (bnc#1012382).
   - CIFS: handle guest access errors to Windows shares (bnc#1012382).
   - CIFS: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure
     cifs) (bnc#1012382).
   - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382).
   - clk: s2mps11: Add used attribute to s2mps11_dt_match.
   - clk: s2mps11: Fix matching when built as module and DT node contains
     compatible (bnc#1012382).
   - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382).
   - clockevents/drivers/i8253: Add support for PIT shutdown quirk
     (bnc#1012382).
   - configfs: replace strncpy with memcpy (bnc#1012382).
   - cpufeature: avoid warning when compiling with clang.
   - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382).
   - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE
     (bnc#1012382).
   - Cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382).
   - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382).
   - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382).
   - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
     (bnc#1012382).
   - crypto, x86: aesni - fix token pasting for clang (bnc#1012382).
   - crypto: x86/chacha20 - avoid sleeping with preemption disabled
     (bnc#1012382).
   - cw1200: Do not leak memory if krealloc failes (bnc#1012382).
   - cxgb4: Add support for new flash parts (bsc#1102439).
   - cxgb4: assume flash part size to be 4MB, if it can't be determined
     (bsc#1102439).
   - cxgb4: Fix FW flash errors (bsc#1102439).
   - cxgb4: fix missing break in switch and indent return statements
     (bsc#1102439).
   - cxgb4: support new ISSI flash parts (bsc#1102439).
   - debugobjects: avoid recursive calls with kmemleak (bnc#1012382).
   - disable stringop truncation warnings for now (bnc#1012382).
   - dlm: fixed memory leaks after failed ls_remove_names allocation
     (bnc#1012382).
   - dlm: lost put_lkb on error path in receive_convert() and
     receive_unlock() (bnc#1012382).
   - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382).
   - dlm: possible memory leak on error path in create_lkb() (bnc#1012382).
   - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382).
   - dmaengine: at_hdmac: fix module unloading (bnc#1012382).
   - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382).
   - dm cache metadata: ignore hints array being too small during resize.
   - dm ioctl: harden copy_params()'s copy_from_user() from malicious users
     (bnc#1012382).
   - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156).
   - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264).
   - dm thin: stop no_space_timeout worker when switching to write-mode.
   - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763).
   - driver/dma/ioat: Call del_timer_sync() without holding prep_lock
     (bnc#1012382).
   - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
     (bsc#1104098).
   - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened
     channels (bnc#1012382).
   - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382).
   - drivers/sbus/char: add of_node_put() (bnc#1012382).
   - drivers/tty: add missing of_node_put() (bnc#1012382).
   - drm/ast: change resolution may cause screen blurred (bnc#1012382).
   - drm/ast: fixed cursor may disappear sometimes (bnc#1012382).
   - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382).
   - drm/ast: Fix incorrect free on ioregs (bsc#1106929)
   - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
   - drm/dp_mst: Check if primary mstb is null (bnc#1012382).
   - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
     (bsc#1106929)
   - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382).
   - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382).
   - drm/msm: Grab a vblank reference when waiting for commit_done
     (bnc#1012382).
   - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382).
   - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382).
   - drm: rcar-du: Fix external clock error checks (bsc#1106929)
   - drm: rcar-du: Fix vblank initialization (bsc#1106929)
   - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382).
   - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382).
   - e1000: fix race condition between e1000_down() and e1000_watchdog
     (bnc#1012382).
   - efi/libstub/arm64: Force 'hidden' visibility for section markers
     (bnc#1012382).
   - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382).
   - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382).
   - exportfs: do not read dentry after free (bnc#1012382).
   - ext2: fix potential use after free (bnc#1012382).
   - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
     (bnc#1012382).
   - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
     (bnc#1012382).
   - ext4: add missing brelse() update_backups()'s error path (bnc#1012382).
   - ext4: avoid buffer leak in ext4_orphan_add() after prior errors
     (bnc#1012382).
   - ext4: avoid possible double brelse() in add_new_gdb() on error path
     (bnc#1012382).
   - ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
     (bnc#1012382).
   - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382).
   - ext4: fix buffer leak in __ext4_read_dirblock() on error path
     (bnc#1012382).
   - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
     (bnc#1012382).
   - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382).
   - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while
     resizing (bnc#1012382).
   - ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
     (bnc#1012382).
   - ext4: fix possible leak of sbi->s_group_desc_leak in error path
     (bnc#1012382).
   - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382).
   - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382).
   - ext4: initialize retries variable in ext4_da_write_inline_data_begin()
     (bnc#1012382).
   - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
     (bnc#1012382).
   - ext4: release bs.bh before re-using in ext4_xattr_block_find()
     (bnc#1012382).
   - fbdev: fbcon: Fix unregister crash when more than one framebuffer
     (bsc#1106929)
   - fbdev: fbmem: behave better with small rotated displays and many CPUs
     (bsc#1106929)
   - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add
     (bsc#1114763).
   - Fix kABI for "Ensure we commit after writeback is complete"
     (bsc#1111809).
   - floppy: fix race condition in __floppy_read_block_0().
   - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382).
   - fork: record start_time late (bnc#1012382).
   - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382).
   - fscache: fix race between enablement and dropping of object
     (bsc#1107385).
   - fscache: Fix race in fscache_op_complete() due to split atomic_sub &
     read .
   - fscache: Pass the correct cancelled indications to fscache_op_complete().
   - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382).
   - fs/exofs: fix potential memory leak in mount option parsing
     (bnc#1012382).
   - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
     (bnc#1012382).
   - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
     (bnc#1012382).
   - fuse: fix blocked_waitq wakeup (bnc#1012382).
   - fuse: fix leaked notify reply (bnc#1012382).
   - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382).
   - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382).
   - fuse: set FR_SENT while locked (bnc#1012382).
   - genirq: Fix race on spurious interrupt detection (bnc#1012382).
   - genwqe: Fix size check (bnc#1012382).
   - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd
     (bnc#1012382).
   - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382).
   - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382).
   - gfs2: Put bitmap buffers in put_super (bnc#1012382).
   - git_sort.py: Remove non-existent remote tj/libata
   - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382).
   - gpio: msic: fix error return code in platform_msic_gpio_probe()
     (bnc#1012382).
   - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382).
   - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382).
   - hfs: do not free node before using (bnc#1012382).
   - hfsplus: do not free node before using (bnc#1012382).
   - hfsplus: prevent btree data loss on root split (bnc#1012382).
   - hfs: prevent btree data loss on root split (bnc#1012382).
   - HID: hiddev: fix potential Spectre v1 (bnc#1012382).
   - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
     (bnc#1012382).
   - hpwdt add dynamic debugging (bsc#1114417).
   - hpwdt calculate reload value on each use (bsc#1114417).
   - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382).
   - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382).
   - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382).
   - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382).
   - hwmon: (ina2xx) Fix current value calculation (bnc#1012382).
   - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382).
   - hwmon: (w83795) temp4_type has writable permission (bnc#1012382).
   - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
     (bnc#1116336).
   - i2c: axxia: properly handle master timeout (bnc#1012382).
   - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device
     node (bnc#1012382).
   - IB/hfi1: Fix an out-of-bounds access in get_hw_stats ().
   - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
     (bnc#1012382).
   - ibmvnic: Convert reset work item mutex to spin lock ().
   - ibmvnic: fix accelerated VLAN handling ().
   - ibmvnic: fix index in release_rx_pools (bsc#1115440).
   - ibmvnic: Fix non-atomic memory allocation in IRQ context ().
   - ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433).
   - ibmvnic: remove ndo_poll_controller ().
   - ibmvnic: Update driver queues after change in ring size support ().
   - IB/ucm: Fix Spectre v1 vulnerability (bnc#1012382).
   - ide: pmac: add of_node_put() (bnc#1012382).
   - ieee802154: lowpan_header_create check must check daddr (bnc#1012382).
   - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382).
   - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382).
   - iio: adc: at91: fix wrong channel number in triggered buffer mode
     (bnc#1012382).
   - ima: fix showing large 'violations' or 'runtime_measurements_count'
     (bnc#1012382).
   - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382).
   - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382).
   - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
     (bnc#1012382).
   - Input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382).
   - Input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382).
   - Input: matrix_keypad - check for errors from of_get_named_gpio()
     (bnc#1012382).
   - Input: omap-keypad - fix idle configuration to not block SoC idle states
     (bnc#1012382).
   - Input: omap-keypad - fix keyboard debounce configuration (bnc#1012382).
   - Input: restore EV_ABS ABS_RESERVED (bnc#1012382).
   - Input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382).
   - Input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382).
   - Input: xpad - add more third-party controllers (bnc#1012382).
   - Input: xpad - add PDP device id 0x02a4 (bnc#1012382).
   - Input: xpad - add product ID for Xbox One S pad (bnc#1012382).
   - Input: xpad - add support for PDP Xbox One controllers (bnc#1012382).
   - Input: xpad - add support for Xbox1 PDP Camo series gamepad
     (bnc#1012382).
   - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth
     (bnc#1012382).
   - Input: xpad - avoid using __set_bit() for capabilities (bnc#1012382).
   - Input: xpad - constify usb_device_id (bnc#1012382).
   - Input: xpad - correctly sort vendor id's (bnc#1012382).
   - Input: xpad - correct xbox one pad device name (bnc#1012382).
   - Input: xpad - do not depend on endpoint order (bnc#1012382).
   - Input: xpad - fix GPD Win 2 controller name (bnc#1012382).
   - Input: xpad - fix PowerA init quirk for some gamepad models
     (bnc#1012382).
   - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware
     (bnc#1012382).
   - Input: xpad - fix some coding style issues (bnc#1012382).
   - Input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382).
   - Input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382).
   - Input: xpad - handle "present" and "gone" correctly (bnc#1012382).
   - Input: xpad - move reporting xbox one home button to common function
     (bnc#1012382).
   - Input: xpad - power off wireless 360 controllers on suspend
     (bnc#1012382).
   - Input: xpad - prevent spurious input from wired Xbox 360 controllers
     (bnc#1012382).
   - Input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382).
   - Input: xpad - remove spurious events of wireless xpad 360 controller
     (bnc#1012382).
   - Input: xpad - remove unused function (bnc#1012382).
   - Input: xpad - restore LED state after device resume (bnc#1012382).
   - Input: xpad - simplify error condition in init_output (bnc#1012382).
   - Input: xpad - sort supported devices by USB ID (bnc#1012382).
   - Input: xpad - support some quirky Xbox One pads (bnc#1012382).
   - Input: xpad - sync supported devices with 360Controller (bnc#1012382).
   - Input: xpad - sync supported devices with XBCD (bnc#1012382).
   - Input: xpad - sync supported devices with xboxdrv (bnc#1012382).
   - Input: xpad - update Xbox One Force Feedback Support (bnc#1012382).
   - Input: xpad - use LED API when identifying wireless controllers
     (bnc#1012382).
   - Input: xpad - validate USB endpoint type during probe (bnc#1012382).
   - Input: xpad - workaround dead irq_out after suspend/ resume
     (bnc#1012382).
   - Input: xpad - xbox one elite controller support (bnc#1012382).
   - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382).
   - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
   - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
     (bsc#1106237).
   - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
   - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
     (bsc#1106105).
   - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
   - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
   - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382).
   - ipmi: Fix timer race with module unload (bnc#1012382).
   - ip_tunnel: do not force DF when MTU is locked (bnc#1012382).
   - ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
     (bnc#1012382).
   - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382).
   - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes
     (bsc#1110286).
   - ipv6: Check available headroom in ip6_xmit() even without options
     (bnc#1012382).
   - ipv6: explicitly initialize udp6_addr in udp_sock_create6()
     (bnc#1012382).
   - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
     (bnc#1012382).
   - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382).
   - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
     called (bnc#1012382).
   - ipv6: orphan skbs in reassembly unit (bnc#1012382).
   - ipv6: set rt6i_protocol properly in the route when it is installed
     (bsc#1114190).
   - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382).
   - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382).
   - iser: set sector for ambiguous mr status errors (bnc#1012382).
   - iwlwifi: mvm: fix regulatory domain update when the firmware starts
     (bnc#1012382).
   - iwlwifi: mvm: support sta_statistics() even on older firmware
     (bnc#1012382).
   - ixgbe: Add function for checking to see if we can reuse page
     (bsc#1100105).
   - ixgbe: Add support for build_skb (bsc#1100105).
   - ixgbe: Add support for padding packet (bsc#1100105).
   - ixgbe: Break out Rx buffer page management (bsc#1100105).
   - ixgbe: Fix output from ixgbe_dump (bsc#1100105).
   - ixgbe: fix possible race in reset subtask (bsc#1101557).
   - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE
     (bsc#1100105).
   - ixgbe: Only DMA sync frame length (bsc#1100105).
   - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382).
   - ixgbe: Refactor queue disable logic to take completion time into account
     (bsc#1101557).
   - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device
     (bsc#1101557).
   - ixgbe: Update code to better handle incrementing page count
     (bsc#1100105).
   - ixgbe: Update driver to make use of DMA attributes in Rx path
     (bsc#1100105).
   - ixgbe: Use length to determine if descriptor is done (bsc#1100105).
   - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382).
   - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382).
   - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
     (bnc#1116336).
   - kABI: protect get_vaddr_frames (kabi).
   - kABI: protect struct azx (kabi).
   - kABI: protect struct cfs_bandwidth (kabi).
   - kABI: protect struct esp (kabi).
   - kABI: protect struct fuse_io_priv (kabi).
   - kABI: protect __usb_get_extra_descriptor (kabi).
   - kABI: protect xen/xen-ops.h include in xlate_mmu.c (kabi).
   - kabi: revert sig change on pnfs_read_resend_pnfs.
   - kbuild: Add better clang cross build support (bnc#1012382).
   - kbuild: Add __cc-option macro (bnc#1012382).
   - kbuild: Add support to generate LLVM assembly files (bnc#1012382).
   - kbuild: allow to use GCC toolchain not in Clang search path
     (bnc#1012382).
   - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382).
   - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382).
   - kbuild: clang: disable unused variable warnings only when constant
     (bnc#1012382).
   - kbuild: clang: fix build failures with sparse check (bnc#1012382).
   - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382).
   - kbuild: Consolidate header generation from ASM offset information
     (bnc#1012382).
   - kbuild: consolidate redundant sed script ASM offset generation
     (bnc#1012382).
   - kbuild: drop -Wno-unknown-warning-option from clang options
     (bnc#1012382).
   - kbuild: fix asm-offset generation to work with clang (bnc#1012382).
   - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382).
   - kbuild: fix linker feature test macros when cross compiling with Clang
     (bnc#1012382).
   - kbuild, LLVMLinux: Add -Werror to cc-option to support clang
     (bnc#1012382).
   - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile
     (bnc#1012382).
   - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382).
   - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382).
   - kbuild: suppress packed-not-aligned warning for default setting only
     (bnc#1012382).
   - kbuild: use -Oz instead of -Os when using clang (bnc#1012382).
   - kdb: use memmove instead of overlapping memcpy (bnc#1012382).
   - kdb: Use strscpy with destination buffer size (bnc#1012382).
   - kernfs: Replace strncpy with memcpy (bnc#1012382).
   - KEYS: put keyring if install_session_keyring_to_cred() fails
     (bnc#1012382).
   - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
     (bnc#1012382).
   - kgdboc: Fix restrict error (bnc#1012382).
   - kgdboc: Fix warning with module build (bnc#1012382).
   - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382).
   - kobject: Replace strncpy with memcpy (bnc#1012382).
   - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
     (bnc#1012382).
   - KVM: arm64: Fix caching of host MDCR_EL2 value (bsc#1121242).
   - KVM: arm: Restore banked registers and physical timer access on
     hyp_panic() (bsc#1121240).
   - KVM: mmu: Fix race in emulated page table writes (bnc#1012382).
   - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
   - KVM: nVMX: Eliminate vmcs02 pool (bnc#1012382).
   - KVM: nVMX: mark vmcs12 pages dirty on L2 exit (bnc#1012382).
   - KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382).
   - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382
     bsc#1068032).
   - KVM/SVM: Ensure an IBPB on all affected CPUs when freeing a vmcb
     (bsc#1114648).
   - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382
     bsc#1068032 bsc#1096242 bsc#1096281).
   - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382).
   - KVM/VMX: introduce alloc_loaded_vmcs (bnc#1012382).
   - KVM/VMX: make MSR bitmaps per-VCPU (bnc#1012382).
   - KVM/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032).
   - KVM/x86: fix empty-body warnings (bnc#1012382).
   - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382).
   - KVM/x86: Use jmp to invoke kvm_spurious_fault() from .fixup
     (bnc#1012382).
   - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382).
   - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF
     (bnc#1012382).
   - leds: leds-gpio: Fix return value check in create_gpio_led()
     (bnc#1012382).
   - leds: turn off the LED and wait for completion on unregistering LED
     class device (bnc#1012382).
   - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382).
   - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
   - libceph: fall back to sendmsg for slab pages (bsc#1118316).
   - libfc: sync strings with upstream versions (bsc#1114763).
   - lib/interval_tree_test.c: allow full tree search (bnc#1012382).
   - lib/interval_tree_test.c: allow users to limit scope of endpoint
     (bnc#1012382).
   - lib/interval_tree_test.c: make test options module parameters
     (bnc#1012382).
   - libnvdimm, {btt, blk}: do integrity setup before add_disk()
     (bsc#1118926).
   - libnvdimm, dimm: fix dpa reservation vs uninitialized label area
     (bsc#1118936).
   - libnvdimm: fix integer overflow static analysis warning (bsc#1118922).
   - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915).
   - libnvdimm: Hold reference on parent while scheduling async init
     (bnc#1012382).
   - lib/raid6: Fix arm64 test build (bnc#1012382).
   - lib/rbtree_test.c: make input module parameters (bnc#1012382).
   - lib/rbtree-test: lower default params (bnc#1012382).
   - llc: do not use sk_eat_skb() (bnc#1012382).
   - lockd: fix access beyond unterminated strings in prints (bnc#1012382).
   - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382).
   - mac80211: Always report TX status (bnc#1012382).
   - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382).
   - mac80211: fix reordering of buffered broadcast packets (bnc#1012382).
   - mac80211_hwsim: do not omit multicast announce of first added radio
     (bnc#1012382).
   - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382).
   - mac80211_hwsim: Timer should be initialized before device registered
     (bnc#1012382).
   - mac80211: ignore NullFunc frames in the duplicate detection
     (bnc#1012382).
   - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
     (bnc#1012382).
   - mach64: fix display corruption on big endian machines (bnc#1012382).
   - mach64: fix image corruption due to reading accelerator registers
     (bnc#1012382).
   - matroxfb: fix size of memcpy (bnc#1012382).
   - MD: do not check MD_SB_CHANGE_CLEAN in md_allow_write.
   - MD: fix invalid stored role for a disk (bnc#1012382).
   - MD: fix invalid stored role for a disk - try2 (bnc#1012382).
   - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382).
   - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382).
   - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382).
   - media: em28xx: make v4l2-compliance happier by starting sequence on zero
     (bnc#1012382).
   - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382).
   - media: pci: cx23885: handle adding to list failure (bnc#1012382).
   - media: tvp5150: fix width alignment during set_selection() (bnc#1012382).
   - media: v4l: event: Add subscription to list before calling "add"
     operation (bnc#1012382).
   - media: vivid: free bitmap_cap when updating std/timings/etc
     (bnc#1012382).
   - MIPS: Align kernel load address to 64KB (bnc#1012382).
   - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
     (bnc#1012382).
   - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
     (bnc#1012382).
   - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue (bnc#1012382).
   - MIPS: fix mips_get_syscall_arg o32 check (bnc#1012382).
   - MIPS: Handle non word sized instructions when examining frame
     (bnc#1012382).
   - MIPS: kexec: Mark CPU offline before disabling local IRQ (bnc#1012382).
   - MIPS: Loongson-3: Fix BRIDGE irq delivery problem (bnc#1012382).
   - MIPS: Loongson-3: Fix CPU UART irq delivery problem (bnc#1012382).
   - MIPS: microMIPS: Fix decoding of swsp16 instruction (bnc#1012382).
   - MIPS: OCTEON: fix out of bounds array access on CN68XX (bnc#1012382).
   - MIPS: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382).
   - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
     (bnc#1012382).
   - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
     (bnc#1012382).
   - mmc: core: Reset HPI enabled state during re-init and in case of errors
     (bnc#1012382).
   - mm: cleancache: fix corruption on missed inode invalidation
     (bnc#1012382).
   - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382).
   - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382).
   - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
     (bnc#1012382).
   - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382).
   - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382).
   - mm: do not miss the last page because of round-off error (bnc#1118798).
   - mm, elf: handle vm_brk error (bnc#1012382).
   - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204).
   - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page
     (bnc#1116336).
   - mm: lower the printk loglevel for __dump_page messages (generic hotplug
     debugability).
   - mm, memory_hotplug: be more verbose for memory offline failures (generic
     hotplug debugability).
   - mm, memory_hotplug: drop pointless block alignment checks from
     __offline_pages (generic hotplug debugability).
   - mm, memory_hotplug: print reason for the offlining failure (generic
     hotplug debugability).
   - mm: migration: fix migration of huge PMD shared pages (bnc#1012382).
   - mm: mlock: avoid increase mm->locked_vm on mlock() when already
     mlock2(,MLOCK_ONFAULT) (bnc#1012382).
   - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
     (bnc#1012382).
   - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790).
   - mm: print more information about mapping in __dump_page (generic hotplug
     debugability).
   - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
   - mm: refuse wrapped vm_brk requests (bnc#1012382).
   - mm: remove write/force parameters from __get_user_pages_locked()
     (bnc#1012382 bsc#1027260).
   - mm: remove write/force parameters from __get_user_pages_unlocked()
     (bnc#1012382 bsc#1027260).
   - mm: replace __access_remote_vm() write parameter with gup_flags
     (bnc#1012382).
   - mm: replace access_remote_vm() write parameter with gup_flags
     (bnc#1012382).
   - mm: replace get_user_pages_locked() write/force parameters with
     gup_flags (bnc#1012382 bsc#1027260).
   - mm: replace get_user_pages_unlocked() write/force parameters with
     gup_flags (bnc#1012382 bsc#1027260).
   - mm: replace get_user_pages() write/force parameters with gup_flags
     (bnc#1012382 bsc#1027260).
   - mm: replace get_vaddr_frames() write/force parameters with gup_flags
     (bnc#1012382).
   - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382).
   - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382).
   - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
     (bnc#1012382).
   - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382).
   - mount: Retest MNT_LOCKED in do_umount (bnc#1012382).
   - Move usb-audio UAF fix into sorted section
   - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382).
   - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382).
   - mv88e6060: disable hardware level MAC learning (bnc#1012382).
   - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382).
   - mwifiex: fix p2p device does not find in scan problem (bnc#1012382).
   - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382).
   - neighbour: Avoid writing before skb->head in neigh_hh_output()
     (bnc#1012382).
   - net: 8139cp: fix a BUG triggered by changing mtu with network traffic
     (bnc#1012382).
   - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475,
     LTC#172679).
   - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475,
     LTC#172679).
   - net: amd: add missing of_node_put() (bnc#1012382).
   - net: bcmgenet: fix OF child-node lookup (bnc#1012382).
   - net: bridge: remove ipv6 zero address check in mcast queries
     (bnc#1012382).
   - net: cxgb3_main: fix a missing-check bug (bnc#1012382).
   - net: drop skb on failure in ip_check_defrag() (bnc#1012382).
   - net: drop write-only stack variable (bnc#1012382).
   - net: ena: add functions for handling Low Latency Queues in ena_com
     (bsc#1117562).
   - net: ena: add functions for handling Low Latency Queues in ena_netdev
     (bsc#1117562).
   - net: ena: change rx copybreak default to reduce kernel memory pressure
     (bsc#1117562).
   - net: ena: complete host info to match latest ENA spec (bsc#1117562).
   - net: ena: enable Low Latency Queues (bsc#1117562).
   - net: ena: explicit casting and initialization, and clearer error
     handling (bsc#1117562).
   - net: ena: fix auto casting to boolean (bsc#1117562).
   - net: ena: fix compilation error in xtensa architecture (bsc#1117562).
   - net: ena: fix crash during ena_remove() (bsc#1108240).
   - net: ena: fix crash during failed resume from hibernation (bsc#1117562).
   - net: ena: fix indentations in ena_defs for better readability
     (bsc#1117562).
   - net: ena: Fix Kconfig dependency on X86 (bsc#1117562).
   - net: ena: fix NULL dereference due to untimely napi initialization
     (bsc#1117562).
   - net: ena: fix rare bug when failed restart/resume is followed by driver
     removal (bsc#1117562).
   - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562).
   - net: ena: introduce Low Latency Queues data structures according to ENA
     spec (bsc#1117562).
   - net: ena: limit refill Rx threshold to 256 to avoid latency issues
     (bsc#1117562).
   - net: ena: minor performance improvement (bsc#1117562).
   - net: ena: remove ndo_poll_controller (bsc#1117562).
   - net: ena: remove redundant parameter in ena_com_admin_init()
     (bsc#1117562).
   - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240).
   - net: ena: update driver version to 2.0.1 (bsc#1117562).
   - net: ena: use CSUM_CHECKED device indication to report skb's checksum
     status (bsc#1117562).
   - net: faraday: ftmac100: remove netif_running(netdev) check before
     disabling interrupts (bnc#1012382).
   - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
     (bnc#1012382).
   - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
     (bnc#1012382).
   - netfilter: nf_tables: fix oops when inserting an element into a verdict
     map (bnc#1012382).
   - netfilter: xt_IDLETIMER: add sysfs filename checking routine
     (bnc#1012382).
   - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382).
   - net: hisilicon: remove unexpected free_netdev (bnc#1012382).
   - net: ibm: fix return type of ndo_start_xmit function ().
   - net/ibmnvic: Fix deadlock problem in reset ().
   - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
   - net/ipv4: defensive cipso option parsing (bnc#1012382).
   - net/ipv4: do not handle duplicate fragments as overlapping (bsc#1116345).
   - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
     (bnc#1012382).
   - net/mlx4_core: Correctly set PFC param if global pause is turned off
     (bsc#1015336 bsc#1015337 bsc#1015340).
   - net/mlx4_core: Fix uninitialized variable compilation warning
     (bnc#1012382).
   - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382).
   - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382).
   - net: phy: do not allow __set_phy_supported to add unsupported modes
     (bnc#1012382).
   - net: Prevent invalid access to skb->prev in __qdisc_drop_all
     (bnc#1012382).
   - net: qla3xxx: Remove overflowing shift statement (bnc#1012382).
   - netrom: fix locking in nr_find_socket() (bnc#1012382).
   - net: sched: gred: pass the right attribute to gred_change_table_def()
     (bnc#1012382).
   - net: socket: fix a missing-check bug (bnc#1012382).
   - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
     (bnc#1012382).
   - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382).
   - new helper: uaccess_kernel() (bnc#1012382).
   - NFC: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382).
   - nfit: skip region registration for incomplete control regions
     (bsc#1118930).
   - nfsd: Fix an Oops in free_session() (bnc#1012382).
   - NFS: Ensure we commit after writeback is complete (bsc#1111809).
   - NFSv4.1: Fix the r/wsize checking (bnc#1012382).
   - NFSv4: Do not exit the state manager without clearing
     NFS4CLNT_MANAGER_RUNNING.
   - nvme: validate controller state before rescheduling keep alive
     (bsc#1103257).
   - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
     (bnc#1012382).
   - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382).
   - ocfs2: fix potential use after free (bnc#1012382).
   - of: add helper to lookup compatible child node (bnc#1012382).
   - packet: validate address length (bnc#1012382).
   - packet: validate address length if non-zero (bnc#1012382).
   - parisc: Fix address in HPMC IVA (bnc#1012382).
   - parisc: Fix map_pages() to not overwrite existing pte entries
     (bnc#1012382).
   - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
     (bnc#1012382).
   - PCI/ASPM: Do not initialize link state when aspm_disabled is set
     (bsc#1109806).
   - PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806).
   - PCI: vmd: Detach resources after stopping root bus (bsc#1106105).
   - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
     (bnc#1012382).
   - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967).
   - perf/core: Do not leak event in the syscall error path (bnc#1012382).
   - perf pmu: Suppress potential format-truncation warning (bnc#1012382).
   - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382).
   - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382).
   - perf tools: Disable parallelism for 'make clean' (bnc#1012382).
   - perf tools: Free temporary 'sys' string in read_event_files()
     (bnc#1012382).
   - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382).
   - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
     (bnc#1012382).
   - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
     (bnc#1012382).
   - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
     (bnc#1012382).
   - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382).
   - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
     (bnc#1012382).
   - PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()
     (bnc#1012382).
   - pNFS: Fix a deadlock between read resends and layoutreturn.
   - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path.
   - pNFS/flexfiles: When checking for available DSes, conditionally check
     for MDS io.
   - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs.
   - powerpc/64s: consolidate MCE counter increment (bsc#1094244).
   - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382).
   - powerpc/boot: Fix random libfdt related build errors (bnc#1012382).
   - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805).
   - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382).
   - powerpc/mm/radix: Use mm->task_size for boundary checking instead of
     addr_limit (bsc#1027457).
   - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382).
   - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382).
   - powerpc/nohash: fix undefined behaviour when testing page size support
     (bnc#1012382).
   - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382).
   - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223).
   - powerpc/powernv: Fix opal_event_shutdown() called with interrupts
     disabled (bsc#1066223).
   - powerpc/powernv/pci: Work around races in PCI bridge enabling
     (bsc#1066223).
   - powerpc/pseries: Fix DTL buffer registration (bsc#1066223).
   - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223).
   - powerpc/pseries/mobility: Extend start/stop topology update scope
     (bsc#1116950, bsc#1115709).
   - powerpc/traps: restore recoverability of machine_check interrupts
     (bsc#1094244).
   - power: supply: olpc_battery: correct the temperature units (bnc#1012382).
   - printk: Fix panic caused by passing log_buf_len to command line
     (bnc#1012382).
   - Provide a temporary fix for STIBP on-by-default (bsc#1116497).
   - pstore: Convert console write to use ->write_buf (bnc#1012382).
   - ptp: fix Spectre v1 vulnerability (bnc#1012382).
   - pxa168fb: prepare the clock (bnc#1012382).
   - qed: Fix bitmap_weight() check (bsc#1019695).
   - qed: Fix PTT leak in qed_drain() (bnc#1012382).
   - qed: Fix QM getters to always return a valid pq (bsc#1019695 ).
   - qed: Fix reading wrong value in loop condition (bnc#1012382).
   - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382).
   - r8169: fix NAPI handling under high load (bnc#1012382).
   - rapidio/rionet: do not free skb before reading its length (bnc#1012382).
   - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382).
   - reiserfs: propagate errors from fill_with_dentries() properly
     (bnc#1012382).
   - Reorder a few commits in kGraft out of tree section
   - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
     (bnc#1012382).
   - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839).
   - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
     (bsc#1106929)
   - Revert "exec: avoid gcc-8 warning for get_task_comm" (kabi).
   - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems"
     (bsc#1106105).
   - Revert "media: v4l: event: Add subscription to list before calling "add"
     operation" (kabi).
   - Revert "media: videobuf2-core: do not call memop 'finish' when queueing"
     (bnc#1012382).
   - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is
     set" (bsc#1106105).
   - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in
     bottom half" (bsc#1047487).
   - Revert "wlcore: Add missing PM call for
     wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382).
   - Revert "x86/kconfig: Fall back to ticket spinlocks" (kabi).
   - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382).
   - rpcrdma: Add RPCRDMA_HDRLEN_ERR.
   - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES
     (bsc#1115587).
   - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash
     possibly (bsc#1042286 bsc#1108145).
   - rtc: hctosys: Add missing range error reporting (bnc#1012382).
   - rtc: snvs: add a missing write sync (bnc#1012382).
   - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382).
   - rtnetlink: Disallow FDB configuration for non-Ethernet device
     (bnc#1012382).
   - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
     (bnc#1012382).
   - s390/cpum_cf: Reject request for sampling in event initialization
     (bnc#1012382).
   - s390/mm: Check for valid vma before zapping in gmap_discard
     (bnc#1012382).
   - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382).
   - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its
     function (bnc#1114475, LTC#172682).
   - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953).
   - s390/qeth: fix length check in SNMP processing (bnc#1012382).
   - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475,
     LTC#172682).
   - s390/vdso: add missing FORCE to build targets (bnc#1012382).
   - sbus: char: add of_node_put() (bnc#1012382).
   - sc16is7xx: Fix for multi-channel stall (bnc#1012382).
   - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382).
   - sched/fair: Fix throttle_list starvation with low CFS quota
     (bnc#1012382).
   - sch_red: update backlog as well (bnc#1012382).
   - scsi: aacraid: Fix typo in blink status (bnc#1012382).
   - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ).
   - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382).
   - scsi: core: Allow state transitions from OFFLINE to BLOCKED
     (bsc#1112246).
   - scsi: Create two versions of scsi_internal_device_unblock()
     (bsc#1119877).
   - scsi: csiostor: Avoid content leaks and casts (bnc#1012382).
   - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382).
   - scsi: Introduce scsi_start_queue() (bsc#1119877).
   - scsi: libfc: check fc_frame_payload_get() return value for null
     (bsc#1103624, bsc#1104731).
   - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
   - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
     (bnc#1012382).
   - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than
     PAGE_SIZE (bsc#1102660).
   - scsi: lpfc: Correct soft lockup when running mds diagnostics
     (bnc#1012382).
   - scsi: lpfc: devloss timeout race condition caused null pointer reference
     (bsc#1102660).
   - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660).
   - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
   - scsi: lpfc: Fix driver crash when re-registering NVME rports
     (bsc#1102660).
   - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660).
   - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660).
   - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660).
   - scsi: lpfc: Fix panic if driver unloaded when port is offline
     (bsc#1102660).
   - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660).
   - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL
     (bsc#1119877).
   - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382).
   - scsi: Protect SCSI device state changes with a mutex (bsc#1119877).
   - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083).
   - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
     (bsc#1094973).
   - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
     (bnc#1012382).
   - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe
     failure (bsc#1094973).
   - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877).
   - scsi: Split scsi_internal_device_block() (bsc#1119877).
   - scsi: target: add emulate_pr backstore attr to toggle PR support
     (bsc#1091405).
   - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
   - scsi: ufs: fix bugs related to null pointer access and array size
     (bnc#1012382).
   - scsi: ufs: fix race between clock gating and devfreq scaling work
     (bnc#1012382).
   - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382).
   - scsi: ufshcd: release resources if probe fails (bnc#1012382).
   - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877).
   - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq
     during unload (bnc#1012382).
   - scsi: zfcp: fix posting too many status read buffers leading to adapter
     shutdown (bnc#1012382).
   - sctp: clear the transport of some out_chunk_list chunks in
     sctp_assoc_rm_peer (bnc#1012382).
   - sctp: fix race on sctp_id2asoc (bnc#1012382).
   - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
     (bnc#1012382).
   - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382).
   - selftests: Move networking/timestamping from Documentation (bnc#1012382).
   - seq_file: fix incomplete reset on read from zero offset.
   - ser_gigaset: use container_of() instead of detour (bnc#1012382).
   - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid
     namespace init (bnc#1012382).
   - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382).
   - smb3: allow stats which track session and share reconnects to be reset
     (bnc#1012382).
   - smb3: do not attempt cifs operation in smb3 query info error path
     (bnc#1012382).
   - smb3: on kerberos mount if server does not specify auth type use krb5
     (bnc#1012382).
   - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382).
   - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382).
   - sock: Make sock->sk_stamp thread-safe (bnc#1012382).
   - soc/tegra: pmc: Fix child-node lookup (bnc#1012382).
   - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382).
   - sparc64 mm: Fix more TSB sizing issues (bnc#1012382).
   - sparc: Fix single-pcr perf event counter management (bnc#1012382).
   - sparc/pci: Refactor dev_archdata initialization into
     pci_init_dev_archdata (bnc#1012382).
   - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
     (bnc#1012382).
   - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382).
   - spi: bcm2835: Fix race on DMA termination (bnc#1012382).
   - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382).
   - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382).
   - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe()
     (bnc#1012382).
   - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382).
   - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382).
   - sr: pass down correctly sized SCSI sense buffer (bnc#1012382).
   - Staging: lustre: remove two build warnings (bnc#1012382).
   - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382).
   - staging: speakup: Replace strncpy with memcpy (bnc#1012382).
   - sunrpc: correct the computation for page_ptr when truncating
     (bnc#1012382).
   - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
     (bnc#1012382).
   - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382).
   - SUNRPC: Fix a potential race in xprt_connect().
   - SUNRPC: fix cache_head leak due to queued request (bnc#1012382).
   - SUNRPC: Fix leak of krb5p encode pages (bnc#1012382).
   - svcrdma: Remove unused variable in rdma_copy_tail().
   - swim: fix cleanup on setup error (bnc#1012382).
   - swiotlb: clean up reporting (bnc#1012382).
   - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382).
   - target/iscsi: avoid NULL dereference in CHAP auth error path
     (bsc#1117165).
   - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
   - tcp: fix NULL ref in tail loss probe (bnc#1012382).
   - TC: Set DMA masks for devices (bnc#1012382).
   - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382).
   - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control
     paths (bnc#1012382).
   - thermal: allow spear-thermal driver to be a module (bnc#1012382).
   - thermal: allow u8500-thermal driver to be a module (bnc#1012382).
   - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382).
   - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative
     offset (bnc#1012382).
   - tpm: fix response size validation in tpm_get_random() (bsc#1020645).
   - tpm: suppress transmit cmd error logs when TPM 1.2 is
     disabled/deactivated (bnc#1012382).
   - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
   - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382).
   - tracing: Fix memory leak of instance function hash filters (bnc#1012382).
   - tracing: Skip more functions when doing stack tracing of events
     (bnc#1012382).
   - tty: check name length in tty_find_polling_driver() (bnc#1012382).
   - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382).
   - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382).
   - tty: wipe buffer (bnc#1012382).
   - tty: wipe buffer if not echoing data (bnc#1012382).
   - tun: Consistently configure generic netdev params via rtnetlink
     (bnc#1012382).
   - tun: forbid iface creation with rtnl ops (bnc#1012382).
   - uio: ensure class is registered before devices (bnc#1012382).
   - uio: Fix an Oops on load (bnc#1012382).
   - uio: make symbol 'uio_class_registered' static.
   - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382).
   - um: Give start_idle_thread() a return code (bnc#1012382).
   - unifdef: use memcpy instead of strncpy (bnc#1012382).
   - uprobes: Fix handle_swbp() vs. unregister() + register() race once more
     (bnc#1012382).
   - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382).
   - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382).
   - usb: check usb_get_extra_descriptor for proper size (bnc#1012382).
   - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382).
   - usb: core: Fix hub port connection events lost (bnc#1012382).
   - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
     (bnc#1012382).
   - usb: dwc3: omap: fix error return code in dwc3_omap_probe()
     (bnc#1012382).
   - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
     (bnc#1012382).
   - usb: fix the usbfs flag sanitization for control transfers (bnc#1012382).
   - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382).
   - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382).
   - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382).
   - usb: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382).
   - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
     (bnc#1012382).
   - usb: omap_udc: fix crashes on probe error and module removal
     (bnc#1012382).
   - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382).
   - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E
     (bnc#1012382).
   - usb: omap_udc: use devm_request_irq() (bnc#1012382).
   - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382).
   - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382).
   - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382).
   - usb: r8a66597: Fix a possible concurrency use-after-free bug in
     r8a66597_endpoint_disable() (bnc#1012382).
   - usb: serial: option: add Fibocom NL678 series (bnc#1012382).
   - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382).
   - usb: serial: option: add HP lt4132 (bnc#1012382).
   - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
     (bnc#1012382).
   - usb: serial: option: add Telit LN940 series (bnc#1012382).
   - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
     (bnc#1012382).
   - usb-storage: fix bogus hardware error messages for ATA pass-thru devices
     (bnc#1012382).
   - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382).
   - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382).
   - usb: xhci: fix uninitialized completion when USB3 port got wrong status
     (bnc#1012382).
   - usb: xhci: Prevent bus suspend if a port connect change or polling state
     is detected (bnc#1012382).
   - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382).
   - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
   - vhost: Fix Spectre V1 vulnerability (bnc#1012382).
   - vhost: make sure used idx is seen before log in vhost_add_used_n()
     (bnc#1012382).
   - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382).
   - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe()
     (bnc#1012382).
   - virtio/s390: avoid race on vcdev->config (bnc#1012382).
   - virtio/s390: fix race in ccw_io_helper() (bnc#1012382).
   - VSOCK: Send reset control packet when socket is partially bound
     (bnc#1012382).
   - vti6: flush x-netns xfrm cache when vti interface is removed
     (bnc#1012382).
   - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382).
   - x86: boot: Fix EFI stub alignment (bnc#1012382).
   - x86/boot: #undef memcpy() et al in string.c (bnc#1012382).
   - x86/build: Fix stack alignment for CLang (bnc#1012382).
   - x86/build: Specify stack alignment for clang (bnc#1012382).
   - x86/build: Use __cc-option for boot code compiler options (bnc#1012382).
   - x86/build: Use cc-option to validate stack alignment parameter
     (bnc#1012382).
   - x86/corruption-check: Fix panic in memory_corruption_check() when boot
     option without value is provided (bnc#1012382).
   - x86/earlyprintk/efi: Fix infinite loop on some screen widths
     (bnc#1012382).
   - x86/entry: spell EBX register correctly in documentation (bnc#1012382).
   - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382).
   - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382).
   - x86/MCE: Export memory_error() (bsc#1114648).
   - x86/MCE: Make correctable error detection look at the Deferred bit
     (bsc#1114648).
   - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around
     Clang incompatibility (bnc#1012382).
   - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382).
   - x86/mtrr: Do not copy uninitialized gentry fields back to userspace
     (bnc#1012382).
   - x86/speculation/l1tf: Drop the swap storage limit restriction when
     l1tf=off (bnc#1114871).
   - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382).
   - xen/balloon: Support xend-based toolstack (bnc#1065600).
   - xen/blkfront: avoid NULL blkfront_info dereference on device removal
     (bsc#1111062).
   - xen: fix race in xen_qlock_wait() (bnc#1012382).
   - xen: fix xen_qlock_wait() (bnc#1012382).
   - xen: make xen_qlock_wait() nestable (bnc#1012382).
   - xen/netback: dont overflow meta array (bnc#1099523).
   - xen/netfront: tolerate frags with no data (bnc#1012382).
   - xen-swiotlb: use actually allocated size on check physical continuous
     (bnc#1012382).
   - xen/x86: add diagnostic printout to xen_mc_flush() in case of error
     (bnc#1116183).
   - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382).
   - xfrm6: call kfree_skb when skb is toobig (bnc#1012382).
   - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382).
   - xfrm: Fix bucket count reported to userspace (bnc#1012382).
   - xfrm: use complete IPv6 addresses for hash (bsc#1109330).
   - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382).
   - xfrm: validate template mode (bnc#1012382).
   - xfs: Align compat attrlist_by_handle with native implementation.
   - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763).
   - xfs: Fix error code in 'xfs_ioc_getbmap()'.
   - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
   - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
     (bsc#1117162).
   - xhci: Do not prevent USB2 bus suspend in state check intended for USB3
     only (bnc#1012382).
   - xhci: Prevent U1/U2 link pm states if exit latency is too long
     (bnc#1012382).
   - xprtrdma: checking for NULL instead of IS_ERR().
   - xprtrdma: Disable pad optimization by default.
   - xprtrdma: Disable RPC/RDMA backchannel debugging messages.
   - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock).
   - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps.
   - xprtrdma: Fix Read chunk padding.
   - xprtrdma: Fix receive buffer accounting.
   - xprtrdma: Reset credit grant properly after a disconnect.
   - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len.
   - xprtrdma: Serialize credit accounting again.
   - xprtrdma: xprt_rdma_free() must not release backchannel reqs.
   - xtensa: add NOTES section to the linker script (bnc#1012382).
   - xtensa: enable coprocessors that are being flushed (bnc#1012382).
   - xtensa: fix boot parameters address translation (bnc#1012382).
   - xtensa: fix coprocessor context offset definitions (bnc#1012382).
   - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382).
   - zram: close udev startup race condition as default groups (bnc#1012382).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-148=1



Package List:

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      kernel-devel-azure-4.4.170-4.22.1
      kernel-source-azure-4.4.170-4.22.1

   - SUSE Linux Enterprise Server 12-SP3 (x86_64):

      kernel-azure-4.4.170-4.22.1
      kernel-azure-base-4.4.170-4.22.1
      kernel-azure-base-debuginfo-4.4.170-4.22.1
      kernel-azure-debuginfo-4.4.170-4.22.1
      kernel-azure-debugsource-4.4.170-4.22.1
      kernel-azure-devel-4.4.170-4.22.1
      kernel-syms-azure-4.4.170-4.22.1


References:

   https://www.suse.com/security/cve/CVE-2017-16939.html
   https://www.suse.com/security/cve/CVE-2018-1120.html
   https://www.suse.com/security/cve/CVE-2018-16862.html
   https://www.suse.com/security/cve/CVE-2018-16884.html
   https://www.suse.com/security/cve/CVE-2018-19407.html
   https://www.suse.com/security/cve/CVE-2018-19824.html
   https://www.suse.com/security/cve/CVE-2018-19985.html
   https://www.suse.com/security/cve/CVE-2018-20169.html
   https://www.suse.com/security/cve/CVE-2018-3639.html
   https://www.suse.com/security/cve/CVE-2018-9568.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1015336
   https://bugzilla.suse.com/1015337
   https://bugzilla.suse.com/1015340
   https://bugzilla.suse.com/1019683
   https://bugzilla.suse.com/1019695
   https://bugzilla.suse.com/1020645
   https://bugzilla.suse.com/1027260
   https://bugzilla.suse.com/1027457
   https://bugzilla.suse.com/1042286
   https://bugzilla.suse.com/1043083
   https://bugzilla.suse.com/1046264
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1048916
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1066223
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1069702
   https://bugzilla.suse.com/1070805
   https://bugzilla.suse.com/1079935
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1091405
   https://bugzilla.suse.com/1093158
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1094973
   https://bugzilla.suse.com/1096242
   https://bugzilla.suse.com/1096281
   https://bugzilla.suse.com/1099523
   https://bugzilla.suse.com/1100105
   https://bugzilla.suse.com/1101557
   https://bugzilla.suse.com/1102439
   https://bugzilla.suse.com/1102660
   https://bugzilla.suse.com/1103156
   https://bugzilla.suse.com/1103257
   https://bugzilla.suse.com/1103624
   https://bugzilla.suse.com/1104098
   https://bugzilla.suse.com/1104731
   https://bugzilla.suse.com/1105412
   https://bugzilla.suse.com/1106105
   https://bugzilla.suse.com/1106237
   https://bugzilla.suse.com/1106240
   https://bugzilla.suse.com/1106929
   https://bugzilla.suse.com/1107385
   https://bugzilla.suse.com/1108145
   https://bugzilla.suse.com/1108240
   https://bugzilla.suse.com/1109272
   https://bugzilla.suse.com/1109330
   https://bugzilla.suse.com/1109806
   https://bugzilla.suse.com/1110286
   https://bugzilla.suse.com/1111062
   https://bugzilla.suse.com/1111809
   https://bugzilla.suse.com/1112246
   https://bugzilla.suse.com/1112963
   https://bugzilla.suse.com/1113412
   https://bugzilla.suse.com/1114190
   https://bugzilla.suse.com/1114417
   https://bugzilla.suse.com/1114475
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1114763
   https://bugzilla.suse.com/1114839
   https://bugzilla.suse.com/1114871
   https://bugzilla.suse.com/1115431
   https://bugzilla.suse.com/1115433
   https://bugzilla.suse.com/1115440
   https://bugzilla.suse.com/1115587
   https://bugzilla.suse.com/1115709
   https://bugzilla.suse.com/1116027
   https://bugzilla.suse.com/1116183
   https://bugzilla.suse.com/1116285
   https://bugzilla.suse.com/1116336
   https://bugzilla.suse.com/1116345
   https://bugzilla.suse.com/1116497
   https://bugzilla.suse.com/1116841
   https://bugzilla.suse.com/1116924
   https://bugzilla.suse.com/1116950
   https://bugzilla.suse.com/1117162
   https://bugzilla.suse.com/1117165
   https://bugzilla.suse.com/1117186
   https://bugzilla.suse.com/1117562
   https://bugzilla.suse.com/1118152
   https://bugzilla.suse.com/1118316
   https://bugzilla.suse.com/1118319
   https://bugzilla.suse.com/1118505
   https://bugzilla.suse.com/1118790
   https://bugzilla.suse.com/1118798
   https://bugzilla.suse.com/1118915
   https://bugzilla.suse.com/1118922
   https://bugzilla.suse.com/1118926
   https://bugzilla.suse.com/1118930
   https://bugzilla.suse.com/1118936
   https://bugzilla.suse.com/1119204
   https://bugzilla.suse.com/1119714
   https://bugzilla.suse.com/1119877
   https://bugzilla.suse.com/1119946
   https://bugzilla.suse.com/1119967
   https://bugzilla.suse.com/1119970
   https://bugzilla.suse.com/1120046
   https://bugzilla.suse.com/1120743
   https://bugzilla.suse.com/1121239
   https://bugzilla.suse.com/1121240
   https://bugzilla.suse.com/1121241
   https://bugzilla.suse.com/1121242
   https://bugzilla.suse.com/1121275
   https://bugzilla.suse.com/1121621



More information about the sle-security-updates mailing list