Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2019:0901-1
Rating:	important
References:	bsc#1012382 bsc#1020413 bsc#1023175 bsc#1031492 bsc#1042286 bsc#1050549 bsc#1065600 bsc#1070767 bsc#1075697 bsc#1078355 bsc#1082943 bsc#1086095 bsc#1086652 bsc#1087036 bsc#1087092 bsc#1090435 bsc#1094823 bsc#1099810 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896 bsc#1102959 bsc#1103429 bsc#1105428 bsc#1106061 bsc#1106105 bsc#1106929 bsc#1107866 bsc#1109137 bsc#1109248 bsc#1109695 bsc#1114893 bsc#1116345 bsc#1116653 bsc#1117108 bsc#1117645 bsc#1117744 bsc#1119019 bsc#1119680 bsc#1119843 bsc#1120017 bsc#1120691 bsc#1120722 bsc#1120758 bsc#1120902 bsc#1121713 bsc#1121726 bsc#1121805 bsc#1122650 bsc#1122651 bsc#1122779 bsc#1122885 bsc#1123321 bsc#1123323 bsc#1123357 bsc#1123933 bsc#1124166 bsc#1124235 bsc#1124728 bsc#1124732 bsc#1124735 bsc#1124775 bsc#1124777 bsc#1124780 bsc#1124811 bsc#1125000 bsc#1125014 bsc#1125315 bsc#1125446 bsc#1125794 bsc#1125796 bsc#1125808 bsc#1125809 bsc#1125810 bsc#1125892 bsc#1126389 bsc#1126772 bsc#1126773 bsc#1126805 bsc#1127082 bsc#1127155 bsc#1127561 bsc#1127725 bsc#1127731 bsc#1127961 bsc#1128166 bsc#1128452 bsc#1128565 bsc#1128696 bsc#1128756 bsc#1128893 bsc#1129080 bsc#1129179 bsc#1129237 bsc#1129238 bsc#1129239 bsc#1129240 bsc#1129241 bsc#1129413 bsc#1129414 bsc#1129415 bsc#1129416 bsc#1129417 bsc#1129418 bsc#1129419 bsc#1129581 bsc#1129770 bsc#1129923
Cross-References:	CVE-2017-18249 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213
CVSS scores:	CVE-2017-18249 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-2024 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-2024 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-3459 ( SUSE ): 2.6 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-3459 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-3459 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-3460 ( SUSE ): 2.6 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-3460 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-3460 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-6974 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2019-6974 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6974 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-7221 ( SUSE ): 7.5 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2019-7221 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-7222 ( SUSE ): 2.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2019-7222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2019-7222 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2019-9213 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-9213 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-9213 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves eight vulnerabilities and has 102 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)
CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036).

The following non-security bugs were fixed:

acpi/nfit: Block function zero DSMs (bsc#1123321).
acpi, nfit: Fix ARS overflow continuation (bsc#1125000).
acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775).
acpi/nfit: Fix command-supported detection (bsc#1123323).
acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).
acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).
alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).
alpha: fix page fault handling for r16-r18 targets (bnc#1012382).
alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382).
alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).
alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).
alsa: hda - Serialize codec registrations (bnc#1012382).
alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382).
ARC: perf: map generic branches to correct hardware condition (bnc#1012382).
arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
arm64: ftrace: do not adjust the LR value (bnc#1012382).
arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382).
arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
arm64: KVM: Skip MMIO insn after emulation (bnc#1012382).
arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382).
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382).
ARM: dts: da850-evm: Correct the sound card name (bnc#1012382).
ARM: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382).
ARM: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382).
ARM: dts: mmp2: fix TWSI2 (bnc#1012382).
ARM: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).
ARM: OMAP2+: hwmod: Fix some section annotations (bnc#1012382).
ARM: pxa: avoid section mismatch warning (bnc#1012382).
ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382).
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).
ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).
ata: Fix racy link clearance (bsc#1107866).
ax25: fix possible use-after-free (bnc#1012382).
batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382).
batman-adv: Force mac header to start of data on xmit (bnc#1012382).
block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435).
block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893).
block/loop: Use global lock for ioctl() operation (bnc#1012382).
block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).
bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382).
bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).
bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).
bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382).
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452).
btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).
btrfs: validate type when reading a chunk (bnc#1012382).
btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
can: bcm: check timer values before ktime conversion (bnc#1012382).
can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382).
can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773).
ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809).
ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235).
char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382).
ch: fixup refcounting imbalance for SCSI devices (bsc#1124235).
cifs: Always resolve hostname before reconnecting (bnc#1012382).
cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382).
cifs: Do not count -ENODATA as failure for query directory (bnc#1012382).
cifs: Do not hide EINTR after sending network packets (bnc#1012382).
cifs: Fix possible hang during async MTU reads and writes (bnc#1012382).
cifs: Fix potential OOB access of lock element array (bnc#1012382).
cifs: Limit memory used by lock request calls to a page (bnc#1012382).
clk: imx6q: reset exclusive gates on init (bnc#1012382).
clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382).
copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017).
cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).
crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).
crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
crypto: cts - fix crash on short inputs (bnc#1012382).
crypto: user - support incremental algorithm dumps (bsc#1120902).
crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382).
crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382).
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382).
dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382).
debugfs: fix debugfs_rename parameter checking (bnc#1012382).
device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770).
Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382).
dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382).
dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).
dm crypt: factor IV constructor out to separate function (Git-fixes).
dm crypt: fix crash by adding missing check for auth key size (git-fixes).
dm crypt: fix error return code in crypt_ctr() (git-fixes).
dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
dm: do not allow readahead to limit IO size (git fixes (readahead)).
dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).
dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382).
Documentation/network: reword kernel version reference (bnc#1012382).
drbd: Avoid Clang warning about pointless switch statment (bnc#1012382).
drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382).
drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382).
drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382).
drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382).
Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389).
drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).
drm: Fix error handling in drm_legacy_addctx (bsc#1106929)
drm/i915: Block fbdev HPD processing during suspend (bsc#1106929)
drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929)
drm/modes: Prevent division by zero htotal (bnc#1012382).
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929)
drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929)
drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929)
drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429)
drm/vmwgfx: Fix setting of dma masks (bsc#1106929)
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929)
e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
EDAC: Raise the maximum number of memory controllers (bsc#1120722).
efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).
enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959).
enic: do not overwrite error code (bnc#1012382).
enic: fix checksum validation for IPv6 (bnc#1012382).
exec: load_script: do not blindly truncate shebang string (bnc#1012382).
ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).
ext4: Fix crash during online resizing (bsc#1122779).
f2fs: Add sanity_check_inode() function (bnc#1012382).
f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
f2fs: clean up argument of recover_data (bnc#1012382).
f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
f2fs: detect wrong layout (bnc#1012382).
f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).
f2fs: factor out fsync inode entry operations (bnc#1012382).
f2fs: fix inode cache leak (bnc#1012382).
f2fs: fix invalid memory access (bnc#1012382).
f2fs: fix missing up_read (bnc#1012382).
f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).
f2fs: fix to convert inline directory correctly (bnc#1012382).
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
f2fs: fix to do sanity check with block address in main area (bnc#1012382).
f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).
f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).
f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
f2fs: fix to do sanity check with user_block_count (bnc#1012382).
f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).
f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382).
f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
f2fs: introduce and spread verify_blkaddr (bnc#1012382).
f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
f2fs: move dir data flush to write checkpoint process (bnc#1012382).
f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
f2fs: not allow to write illegal blkaddr (bnc#1012382).
f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).
f2fs: read page index before freeing (bnc#1012382).
f2fs: remove an obsolete variable (bnc#1012382).
f2fs: return error during fill_super (bnc#1012382).
f2fs: sanity check on sit entry (bnc#1012382).
f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).
fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929)
Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT
Fix problem with sharetransport= and NFSv4 (bsc#1114893).
fs: add the fsnotify call to vfs_iter_write (bnc#1012382).
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382).
fs: do not scan the inode cache before SB_BORN is set (bnc#1012382).
fs/epoll: drop ovflist branch prediction (bnc#1012382).
fs: fix lost error code in dio_complete (bsc#1117744).
fuse: call pipe_buf_release() under pipe lock (bnc#1012382).
fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382).
fuse: handle zero sized retrieve correctly (bnc#1012382).
futex: Fix (possible) missed wakeup (bsc#1050549).
gdrom: fix a memory leak bug (bnc#1012382).
gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382).
gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
gpio: pl061: handle failed allocations (bnc#1012382).
gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)
gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929)
HID: debug: fix the ring buffer implementation (bnc#1012382).
HID: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382).
hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382).
hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382).
hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes).
i2c-axxia: check for error conditions first (bnc#1012382).
i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).
IB/core: type promotion bug in rdma_rw_init_one_mr() ().
ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
ibmvnic: Increase maximum queue size limit (bsc#1121726).
ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
ibmvnic: Report actual backing device speed and duplex values (bsc#1129923).
ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
IB/rxe: Fix incorrect cache cleanup in error flow ().
IB/rxe: replace kvfree with vfree ().
igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382).
inet: frags: add a pointer to struct netns_frags (bnc#1012382).
inet: frags: better deal with smp races (bnc#1012382).
inet: frags: break the 2GB limit for frags storage (bnc#1012382).
inet: frags: change inet_frags_init_net() return value (bnc#1012382).
inet: frags: do not clone skb in ip_expire() (bnc#1012382).
inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382).
inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382).
inet: frags: get rif of inet_frag_evicting() (bnc#1012382).
inet: frags: refactor ipfrag_init() (bnc#1012382).
inet: frags: refactor ipv6_frag_init() (bnc#1012382).
inet: frags: refactor lowpan_net_frag_init() (bnc#1012382).
inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382).
inet: frags: remove some helpers (bnc#1012382).
inet: frags: reorganize struct netns_frags (bnc#1012382).
inet: frags: use rhashtables for reassembly units (bnc#1012382).
input: bma150 - register input device after setting private data (bnc#1012382).
input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382).
input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382).
input: mms114 - fix license module information (bsc#1087092).
input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382).
intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017).
iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382).
iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237).
iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238).
iommu/vt-d: Check identity map for hot-added devices (bsc#1129239).
iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240).
ip: add helpers to process in-order fragments faster (bnc#1012382).
ipfrag: really prevent allocation on netns exit (bnc#1012382).
ip: frags: fix crash in ip_do_fragment() (bnc#1012382).
ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).
ip: process in-order fragments efficiently (bnc#1012382).
ip: use rb trees for IP frag queue (bnc#1012382).
ipv4: frags: precedence bug in ip_expire() (bnc#1012382).
ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382).
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).
ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382).
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).
irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382).
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382).
ixgbe: fix crash in build_skb Rx code path (git-fixes).
jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).
kABI: protect linux/kfifo.h include in hid-debug (kabi).
kABI: protect struct hda_bus (kabi).
kABI: protect struct inet_peer (kabi).
kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).
kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805).
kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382).
kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).
kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382).
kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382).
KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248).
kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248).
kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248).
kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248).
kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413).
kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414).
kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415).
kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416).
kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417).
kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166).
kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166).
kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418).
kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).
kvm: x86: Fix single-step debugging (bnc#1012382).
kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419).
kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382).
l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382).
l2tp: fix reading optional fields of L2TPv3 (bnc#1012382).
l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382).
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810).
libceph: handle an empty authorize reply (bsc#1126772).
libnvdimm: fix ars_status output length calculation (bsc#1124777).
libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811).
libnvdimm: Use max contiguous area for namespace size (bsc#1124780).
locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).
loop: Fold __loop_release into loop_release (bnc#1012382).
loop: Get rid of loop_index_mutex (bnc#1012382).
LSM: Check for NULL cred-security on free (bnc#1012382).
mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382).
mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382).
md: batch flush requests (bsc#1119680).
mdio_bus: Fix use-after-free on device_register fails (git-fixes).
media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382).
media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).
media: vb2: be sure to unlock mutex on errors (bnc#1012382).
media: vb2: vb2_mmap: move lock up (bnc#1012382).
media: vivid: fix error handling of kthread_run (bnc#1012382).
media: vivid: set min width/height to a value > 0 (bnc#1012382).
memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382).
mfd: as3722: Handle interrupts on suspend (bnc#1012382).
mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382).
mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382).
mISDN: fix a race in dev_expire_timer() (bnc#1012382).
mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes).
mlxsw: reg: Use correct offset in field definiton (git-fixes).
mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382).
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382).
mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731).
mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382).
mm: only report isolation failures when offlining memory (generic hotplug debugability).
mm, oom: fix use-after-free in oom_kill_process (bnc#1012382).
mm, page_alloc: drop should_suppress_show_mem (bn