Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2019:1245-1
Rating:	important
References:	bsc#1012382 bsc#1020645 bsc#1020989 bsc#1031492 bsc#1047487 bsc#1051510 bsc#1053043 bsc#1062056 bsc#1063638 bsc#1066223 bsc#1070872 bsc#1085539 bsc#1087092 bsc#1094244 bsc#1096480 bsc#1096728 bsc#1097104 bsc#1100132 bsc#1105348 bsc#1106110 bsc#1106913 bsc#1106929 bsc#1111331 bsc#1112178 bsc#1113399 bsc#1114542 bsc#1114638 bsc#1114648 bsc#1114893 bsc#1118338 bsc#1118506 bsc#1119086 bsc#1120902 bsc#1122822 bsc#1125580 bsc#1126356 bsc#1127445 bsc#1129278 bsc#1129326 bsc#1129770 bsc#1130130 bsc#1130343 bsc#1130344 bsc#1130345 bsc#1130346 bsc#1130347 bsc#1130356 bsc#1130425 bsc#1130567 bsc#1130737 bsc#1131107 bsc#1131416 bsc#1131427 bsc#1131587 bsc#1131659 bsc#1131857 bsc#1131900 bsc#1131934 bsc#1131935 bsc#1131980 bsc#1132227 bsc#1132534 bsc#1132589 bsc#1132618 bsc#1132619 bsc#1132634 bsc#1132635 bsc#1132636 bsc#1132637 bsc#1132638 bsc#1132727 bsc#1132828 bsc#1133308 bsc#1133584 bsc#994770
Cross-References:	CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-15594 CVE-2018-5814 CVE-2019-11091 CVE-2019-3882 CVE-2019-9503
CVSS scores:	CVE-2018-1000204 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-1000204 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-10853 ( SUSE ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-10853 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-12126 ( SUSE ): 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2018-12126 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-12127 ( SUSE ): 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2018-12127 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-12130 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-12130 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-15594 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-15594 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-5814 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-5814 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-11091 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-11091 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-3882 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-3882 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-3882 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-9503 ( SUSE ): 4.7 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2019-9503 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:	SUSE CaaS Platform 3.0 SUSE Container as a Service Platform 1.0 SUSE Container as a Service Platform 2.0 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves 10 vulnerabilities and has 65 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes.

Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331)

CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel.

For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736

The following security issues fixed:

CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480).
CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728)
CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104).
CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348).
CVE-2019-9503: A brcmfmac frame validation bypass was fixed (bnc#1132828).
CVE-2019-3882: A flaw was fixed in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427).

The following non-security bugs were fixed:

9p/net: fix memory leak in p9_client_create (bnc#1012382).
9p: use inode->i_lock to protect i_size_write() under 32-bit (bnc#1012382).
acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399).
acpi / bus: Only call dmi_check_system() on X86 (git-fixes).
acpi / button: make module loadable when booted in non-ACPI mode (bsc#1051510).
acpi / device_sysfs: Avoid OF modalias creation for removed device (bnc#1012382).
acpi: include ACPI button driver in base kernel (bsc#1062056).
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) (bnc#1012382).
alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bnc#1012382).
alsa: compress: add support for 32bit calls in a 64bit kernel (bnc#1012382).
alsa: compress: prevent potential divide by zero bugs (bnc#1012382).
alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bnc#1012382).
alsa: hda - Record the current power state before suspend/resume calls (bnc#1012382).
alsa: pcm: Do not suspend stream in unrecoverable PCM state (bnc#1012382).
alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382).
alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382).
alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382).
applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382).
arc: fix __ffs return value to avoid build warnings (bnc#1012382).
arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382).
arcv2: Enable unaligned access in early ASM code (bnc#1012382).
arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382).
arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981, git-fixes).
arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes).
arm64: hide __efistub_ aliases from kallsyms (bnc#1012382).
arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382).
arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382).
arm64: mm: Add trace_irqflags annotations to do_debug_exception() (bnc#1012382).
arm64: Relax GIC version check during early boot (bnc#1012382).
arm64: support keyctl() system call in 32-bit mode (bnc#1012382).
arm64: traps: disable irq in die() (bnc#1012382).
arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382).
arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor (bnc#1012382).
arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382).
arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382).
arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU (bnc#1012382).
arm: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 (bnc#1012382).
arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012382).
arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bnc#1012382).
arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382).
arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382).
ASoC: dapm: change snprintf to scnprintf for possible overflow (bnc#1012382).
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382).
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bnc#1012382).
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bnc#1012382).
ASoC: topology: free created components in tplg load error (bnc#1012382).
assoc_array: Fix shortcut creation (bnc#1012382).
ath10k: avoid possible string overflow (bnc#1012382).
ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092).
atm: he: fix sign-extension overflow on large shift (bnc#1012382).
autofs: drop dentry reference only when it is never used (bnc#1012382).
autofs: fix error return in autofs_fill_super() (bnc#1012382).
batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes).
batman-adv: Fix lockdep annotation of batadv_tlv_container_remove (git-fixes).
batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382).
batman-adv: Only put gw_node list reference when removed (git-fixes).
batman-adv: Only put orig_node_vlan list reference when removed (git-fixes).
bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012382).
bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382).
btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes).
btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending fix for bsc#1063638).
btrfs: fix corruption reading shared and compressed extents after hole punching (bnc#1012382).
btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638).
btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638).
btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638).
btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638).
btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638).
btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency).
btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638).
btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638).
btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326).
btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638).
btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638).
btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012382).
btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638).
btrfs: remove WARN_ON in log_dir_items (bnc#1012382).
cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770).
cfg80211: extend range deviation for DMG (bnc#1012382).
cfg80211: size various nl80211 messages correctly (bnc#1012382).
cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382).
cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).
cifs: Fix read after write for files with read caching (bnc#1012382).
clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bnc#1012382).
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bnc#1012382).
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bnc#1012382).
cls_bpf: reset class and reuse major in da (git-fixes).
coresight: coresight_unregister() function cleanup (bnc#1012382).
coresight: "DEVICE_ATTR_RO" should defined as static (bnc#1012382).
coresight: etm4x: Check every parameter used by dma_xx_coherent (bnc#1012382).
coresight: fixing lockdep error (bnc#1012382).
coresight: release reference taken by 'bus_find_device()' (bnc#1012382).
coresight: remove csdev's link from topology (bnc#1012382).
coresight: removing bind/unbind options from sysfs (bnc#1012382).
cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382).
cpufreq: tegra124: add missing of_node_put() (bnc#1012382).
cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012382).
cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382).
cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
crypto: ahash - fix another early termination in hash walk (bnc#1012382).
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bnc#1012382).
crypto: caam - fixed handling of sg list (bnc#1012382).
crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382).
crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539).
crypto: tgr192 - fix unaligned memory access (bsc#1129770).
cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770).
dccp: do not use ipv6 header for ipv4 flow (bnc#1012382).
disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012382).
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bnc#1012382).
dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382).
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit (bnc#1012382).
dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).
dm: fix to_sector() for 32bit (bnc#1012382).
drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567).
drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506).
drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1130567).
drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).
drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).
drm/msm: Unblock writer if reader closes file (bnc#1012382).
drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1106929)
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures (bnc#1012382).
ext2: Fix underflow in ext2_max_size() (bnc#1012382).
ext4: Avoid panic during forced reboot (bsc#1126356).
ext4: brelse all indirect buffer in ext4_ind_remove_space() (bnc#1012382).
ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382).
ext4: fix NULL pointer dereference while journal is aborted (bnc#1012382).
extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382).
firmware: dmi: Optimize dmi_matches (git-fixes).
floppy: check_events callback should not return a negative number (git-fixes).
flow_dissector: Check for IP fragmentation even if not using IPv4 address (git-fixes).
fs/9p: use fscache mutex rather than spinlock (bnc#1012382).
fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012382).
fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (git-fixes).
fuse: fix possibly missed wake-up after abort (git-fixes).
futex: Ensure that futex address is aligned in handle_futex_death() (bnc#1012382).
futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes).
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382).
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012382).
gpio: vf610: Mask all GPIO interrupts (bnc#1012382).
gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382).
hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382).
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (bsc#1129770).
hugetlbfs: fix races and page leaks during migration (bnc#1012382).
hv_netvsc: Fix napi reschedule while receive completion is busy (bsc#1118506).
hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506).
hv_netvsc: Fix the return status in RX path (bsc#1118506).
hv_netvsc: use napi_schedule_irqoff (bsc#1118506).
hv: v4.12 API for hyperv-iommu (bsc#1122822).
hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822).
i2c: cadence: Fix the hold bit setting (bnc#1012382).
i2c: tegra: fix maximum transfer size (bnc#1012382).
ib/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bnc#1012382).
ibmvnic: Enable GRO (bsc#1132227).
ibmvnic: Fix completion structure initialization (bsc#1131659).
ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).
input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bnc#1012382).
input: matrix_keypad - use flush_delayed_work() (bnc#1012382).
input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382).
input: wacom_serial4 - add support for Wacom ArtPad II tablet (bnc#1012382).
intel_th: Do not reference unassigned outputs (bnc#1012382).
intel_th: gth: Fix an off-by-one in output unassigning (git-fixes).
iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345).
iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130346).
iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425).
iommu/amd: Set exclusion range correctly (bsc#1130425).
iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130).
iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822).
iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171, bsc#1122822).
iommu/vt-d: Check capability before disabling protected memory (bsc#1130347).
ip6: fix PMTU discovery when using /127 subnets (git-fixes).
ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012382).
ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes).
ipvlan: disallow userns cap_net_admin to change global mode/flags (bnc#1012382).
ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382).
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bnc#1012382).
iscsi_ibft: Fix missing break in switch statement (bnc#1012382).
isdn: avm: Fix string plus integer warning from Clang (bnc#1012382).
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382).
isdn: isdn_tty: fix build warning of strncpy (bnc#1012382).
iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1119086).
jbd2: clear dirty flag when revoking a buffer from an older transaction (bnc#1012382).
jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382).
kabi fixup gendisk disk_devt revert (bsc#1020989).
kbuild: setlocalversion: print error to STDERR (bnc#1012382).
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bnc#1012382).
keys: allow reaching the keys quotas exactly (bnc#1012382).
keys: always initialize keyring_index_key::desc_len (bnc#1012382).
keys: restrict /proc/keys by credentials at open time (bnc#1012382).
keys: user: Align the payload buffer (bnc#1012382).
kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132634).
kvm: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (bnc#1012382).
kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132635).
kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bnc#1012382).
kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bnc#1012382).
kvm: Reject device ioctls from processes other than the VM's creator (bnc#1012382).
kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132636).
kvm: VMX: Zero out all general purpose registers after VM-Exit (bsc#1132637).
kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534).
kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382).
kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132638).
l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).
leds: lp5523: fix a missing check of return value of lp55xx_read (bnc#1012382).
libertas: call into generic suspend code before turning off power (bsc#1106110).
libertas: fix suspend and resume for SDIO connected cards (bsc#1106110).
lib/int_sqrt: optimize small argument (bnc#1012382).
libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857).
locking/lockdep: Add debug_locks check in __lock_downgrade() (bnc#1012382).
locking/static_keys: Improve uninitialized key warning (bsc#1106913).
m68k: Add -ffreestanding to CFLAGS (bnc#1012382).
mac80211: do not initiate TDLS connection if station is not associated to AP (bnc#1012382).
mac80211: fix miscounting of ttl-dropped frames (bnc#1012382).
mac80211: fix "warning: target metric may be used uninitialized" (bnc#1012382).
mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382).
mac8390: Fix mmio access size probe (bnc#1012382).
md: Fix failed allocation of md_register_thread (bnc#1012382).
mdio_bus: Fix use-after-free on device_register fails (bnc#1012382 git-fixes).
md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).
media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1100132).
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bnc#1012382).
media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382).
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1119086).
media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382).
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() (bnc#1012382).
media: vivid: potential integer overflow in vidioc_g_edid() (bsc#11001132).
mfd: ab8500-core: Return zero in get_register_interruptible() (bnc#1012382).
mfd: db8500-prcmu: Fix some section annotations (bnc#1012382).
mfd: mc13xxx: Fix a missing check of a register-read failure (bnc#1012382).
mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382).
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bnc#1012382).
mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bnc#1012382).
mfd: wm5110: Add missing ASRC rate register (bnc#1012382).
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction (bnc#1012382).
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012382).
missing barriers in some of unix_sock ->addr and ->path accesses (bnc#1012382).
mmc: bcm2835: reset host on timeout (bsc#1070872).
mmc: block: Allow more than 8 partitions per card (bnc#1012382).
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails (bnc#1012382).
mmc: core: shut up "voltage-ranges unspecified" pr_info() (bnc#1012382).
mmc: debugfs: Add a restriction to mmc debugfs clock setting (bnc#1012382).
mmc: make MAN_BKOPS_EN message a debug (bnc#1012382).
mmc: mmc: fix switch timeout issue caused by jiffies precision (bnc#1012382).
mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382).
mmc: pxamci: fix enum type confusion (bnc#1012382).
mmc: sanitize 'bus width' in debug output (bnc#1012382).
mmc: spi: Fix card detection during probe (bnc#1012382).
mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382).
mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).
mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes).
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone (bnc#1012382).
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone (bnc#1012382).
mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c (git-fixes prerequisity).
mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935)
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON (bnc#1012382).
mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bnc#1012382).
move power_up_on_resume flag to end of structure for kABI (bsc#1106110).
mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1100132).
ncpfs: fix build warning of strncpy (bnc#1012382).
net: add description for len argument of dev_get_phys_port_name (git-fixes).
net: Add __icmp_send helper (bnc#1012382).
net: altera_tse: fix connect_local_phy error path (bnc#1012382).
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (bnc#1012382).
net: avoid use IPCB in cipso_v4_error (bnc#1012382).
net: diag: support v4mapped sockets in inet_diag_find_one_icsk() (bnc#1012382).
net: do not decrement kobj reference count on init failure (git-fixes).
net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382).
net: ena: fix race between link up and device initalization (bsc#1129278).
net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129278).
netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry (git-fixes).
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (bnc#1012382).
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters (bnc#1012382).
netfilter: nfnetlink_log: just returns error for unknown command (bnc#1012382).
netfilter: nfnetlink: use original skbuff when acking batches (git-fixes).
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (bnc#1012382).
net: hns: Fix use after free identified by SLUB debug (bnc#1012382).
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (bnc#1012382).
net: hsr: fix memory leak in hsr_dev_finalize() (bnc#1012382).
net/hsr: fix possible crash in add_timer() (bnc#1012382).
netlabel: fix out-of-bounds memory accesses (bnc#1012382).
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (bnc#1012382).
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (bnc#1012382).
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (bnc#1012382).
net/packet: fix 4gb buffer limit due to overflow check (bnc#1012382).
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (bnc#1012382).
net: phy: Micrel KSZ8061: link failure after cable connect (bnc#1012382).
net: rose: fix a possible stack overflow (bnc#1012382).
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (bnc#1012382).
net: set static variable an initial value in atl2_probe() (bnc#1012382).
net: sit: fix UBSAN Undefined behaviour in check_6rd (bnc#1012382).
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (bnc#1012382).
net-sysfs: call dev_hold if kobject_init_and_add success (git-fixes).
net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012382).
net: systemport: Fix reception of BPDUs (bnc#1012382).
net: tcp_memcontrol: properly detect ancestor socket pressure (git-fixes).
net/x25: fix a race in x25_bind() (bnc#1012382).
net/x25: fix use-after-free in x25_device_event() (bnc#1012382).
net/x25: reset state in x25_connect() (bnc#1012382).
nfc: nci: memory leak in nci_core_conn_create() (git-fixes).
nfs41: pop some layoutget errors to application (bnc#1012382).
nfsd: fix memory corruption caused by readdir (bsc#1127445).
nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes).
nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).
nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).
nfs: fix mount/umount race in nlmclnt (git-fixes).
nfs: Fix NULL pointer dereference of dev_name (bnc#1012382).
nfsv4.x: always serialize open/close operations (bsc#1114893).
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES (bnc#1012382).
packets: Always register packet sk in the same order (bnc#1012382).
parport_pc: fix find_superio io compare code, should use equal test (bnc#1012382).
pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822).
pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (fate#327171, bsc#1122822).
perf auxtrace: Define auxtrace record alignment (bnc#1012382).
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks (bnc#1012382).
perf intel-pt: Fix CYC timestamp calculation after OVF (bnc#1012382).
perf intel-pt: Fix overlap calculation for padding (bnc#1012382).
perf intel-pt: Fix TSC slip (bnc#1012382).
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops (bnc#1012382).
perf symbols: Filter out hidden symbols from labels (bnc#1012382).
perf: Synchronously free aux pages in case of allocation failure (bnc#1012382).
perf tools: Handle TOPOLOGY headers with no CPU (bnc#1012382).
perf/x86/amd: Add event map for AMD Family 17h (bsc#1114648).
phonet: fix building with clang (bnc#1012382).
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bnc#1012382).
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bnc#1012382).
pm / Hibernate: Call flush_icache_range() on pages restored in-place (bnc#1012382).
pm / wakeup: Rework wakeup source timer cancellation (bnc#1012382).
powerpc/32: Clear on-stack exception marker upon exception return (bnc#1012382).
powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).
powerpc/64: Disable the speculation barrier from the command line (bsc#1131107).
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).
powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107).
powerpc/64s: Add support for software count cache flush (bsc#1131107).
powerpc/83xx: Also save/restore SPRG4-7 during suspend (bnc#1012382).
powerpc: Always initialize input array when calling epapr_hypercall() (bnc#1012382).
powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107).
powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).
powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900).
powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584).
powerpc/numa: improve control of topology updates (bsc#1133584).
powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).
powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043).
powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1053043, git-fixes).
powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1066223).
powerpc/powernv: Make opal log only readable by root (bnc#1012382).
powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107).
powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes).
powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107).
powerpc/security: Fix spectre_v2 reporting (bsc#1131107).
powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
powerpc/tm: Add commandline option to disable hardware trans