· 6 years ago · Jan 20, 2020, 11:14 AM
12019-06-14 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.3.el7]
2
3 - [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479}
4 - [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479}
5 - [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478}
6 - [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477}
7 - [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477}
82019-05-28 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.2.el7]
9
10 - [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633]
112019-05-23 Jan Stancek <jstancek@redhat.com> [3.10.0-957.21.1.el7]
12
13 - [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
14 - [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
152019-05-15 Jan Stancek <jstancek@redhat.com> [3.10.0-957.20.1.el7]
16
17 - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
18 - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
19 - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
20 - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
21 - [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
22 - [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
23 - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
24 - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
25 - [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
26 - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
27 - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
28 - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
29 - [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
30 - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
31 - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
32 - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
33 - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
34 - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
35 - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
36 - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
37 - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
38 - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
39 - [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
40 - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
41 - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
42 - [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
43 - [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
44 - [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
45 - [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
46 - [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
47 - [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
48 - [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
49 - [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
50 - [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
51 - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
52 - [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
532019-04-26 Jan Stancek <jstancek@redhat.com> [3.10.0-957.19.1.el7]
54
55 - [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929]
56 - [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348]
57 - [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348]
58 - [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749]
59 - [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405]
60 - [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405]
61 - [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405]
62 - [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236]
63 - [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236]
64 - [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236]
65 - [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307]
66 - [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454]
67 - [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535]
68 - [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466]
69 - [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149]
70 - [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149]
71 - [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293]
72 - [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
73 - [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
74 - [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435]
75 - [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435]
76 - [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435]
77 - [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435]
78 - [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523]
79 - [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428]
802019-04-23 Jan Stancek <jstancek@redhat.com> [3.10.0-957.18.1.el7]
81
82 - [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825]
832019-04-15 Jan Stancek <jstancek@redhat.com> [3.10.0-957.17.1.el7]
84
85 - [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906]
862019-04-11 Jan Stancek <jstancek@redhat.com> [3.10.0-957.16.1.el7]
87
88 - [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427]
89 - [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427]
90 - [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427]
91 - [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427]
92 - [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427]
93 - [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427]
94 - [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427]
95 - [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421]
96 - [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049]
97 - [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227]
98 - [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705]
99 - [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887]
100 - [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180]
101 - [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855]
102 - [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292]
103 - [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203]
1042019-03-28 Jan Stancek <jstancek@redhat.com> [3.10.0-957.15.1.el7]
105
106 - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780]
107 - [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462]
1082019-03-26 Jan Stancek <jstancek@redhat.com> [3.10.0-957.14.1.el7]
109
110 - [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001]
111 - [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001]
112 - [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001]
113 - [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001]
114 - [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001]
115 - [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001]
116 - [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001]
117 - [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001]
118 - [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001]
1192019-03-21 Jan Stancek <jstancek@redhat.com> [3.10.0-957.13.1.el7]
120
121 - [drm] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer (Ben Skeggs) [1690761 1669098]
1222019-03-20 Jan Stancek <jstancek@redhat.com> [3.10.0-957.12.1.el7]
123
124 - [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
125 - [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
126 - [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]
127 - [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]
128 - [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]
129 - [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]
130 - [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]
131 - [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]
132 - [net] igmp: Don't flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]
133 - [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]
134 - [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]
135 - [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]
136 - [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]
137 - [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]
138 - [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]
139 - [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
140 - [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]
141 - [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]
142 - [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]
143 - [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]
144 - [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]
145 - [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]
146 - [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]
147 - [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]
148 - [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]
149 - [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]
150 - [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]
151 - [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]
152 - [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]
153 - [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
154 - [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]
155 - [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
156 - [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]
157 - [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]
158 - [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]
159 - [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]
160 - [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}
161 - [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
162 - [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]
163 - [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]