Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:1366-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-1000199 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2018-1000199 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-10087 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-10087 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-10124 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-10124 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1065 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1065 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1130 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1130 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-3639 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2018-3639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-3639 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-5803 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5803 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7492 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7492 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-8781 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Container as a Service Platform 1.0
  • SUSE Container as a Service Platform 2.0
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12 SP3
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves nine vulnerabilities and has 71 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).

A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values:

  • auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.
  • on: disable Speculative Store Bypass
  • off: enable Speculative Store Bypass
  • prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.
  • seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out.

The default is "seccomp", meaning programs need explicit opt-in into the mitigation.

Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

  • "Vulnerable"
  • "Mitigation: Speculative Store Bypass disabled"
  • "Mitigation: Speculative Store Bypass disabled via prctl"
  • "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"

  • CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).

  • CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).
  • CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608).
  • CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)
  • CVE-2018-1130: The Linux kernel was vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).
  • CVE-2018-5803: An error in the _sctp_make_chunk() function when handling SCTP, packet length could have been exploited by a malicious local user to cause a kernel crash and a DoS. (bnc#1083900).
  • CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c (bnc#1083650 1091925).
  • CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).

The following non-security bugs were fixed:

  • acpica: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382).
  • acpica: Events: Add runtime stub support for event APIs (bnc#1012382).
  • acpi / hotplug / PCI: Check presence of slot itself in get_slot_status() (bnc#1012382).
  • acpi, PCI, irq: remove redundant check for null string pointer (bnc#1012382).
  • acpi / scan: Send change uevent with offine environmental data (bsc#1082485).
  • acpi / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382).
  • alsa: asihpi: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: control: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382).
  • alsa: hda: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: hda - New VIA controller suppor no-snoop path (bnc#1012382).
  • alsa: hda/realtek - Add some fixes for ALC233 (bnc#1012382).
  • alsa: hdspm: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: line6: Use correct endpoint type for midi output (bnc#1012382).
  • alsa: opl3: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382).
  • alsa: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382).
  • alsa: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382).
  • alsa: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382).
  • alsa: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382).
  • alsa: pcm: potential uninitialized return values (bnc#1012382).
  • alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382).
  • alsa: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382).
  • alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382).
  • alsa: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382).
  • alsa: rme9652: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382).
  • alsa: seq: oss: Hardening for potential Spectre v1 (bnc#1012382).
  • alsa: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).
  • arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382).
  • arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382).
  • arm: amba: Do not read past the end of sysfs "driver_override" buffer (bnc#1012382).
  • arm: amba: Fix race condition with driver_override (bnc#1012382).
  • arm: amba: Make driver_override output consistent with other buses (bnc#1012382).
  • arm: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382).
  • arm: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382).
  • arm: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382).
  • arm: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382).
  • arm: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382).
  • arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382).
  • arm: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382).
  • arm: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node (bnc#1012382).
  • arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382).
  • arp: fix arp_filter on l3slave devices (bnc#1012382).
  • arp: honour gratuitous ARP replies (bnc#1012382).
  • asoc: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382).
  • asoc: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382).
  • asoc: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).
  • asoc: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382).
  • async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382).
  • ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382).
  • ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382).
  • ath9k_hw: check if the chip failed to wake up (bnc#1012382).
  • audit: add tty field to LOGIN event (bnc#1012382).
  • autofs: mount point create should honour passed in mode (bnc#1012382).
  • bcache: segregate flash only volume write streams (bnc#1012382).
  • bcache: stop writeback thread after detaching (bnc#1012382).
  • blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718)
  • blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058).
  • blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382).
  • block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058).
  • block/loop: fix deadlock after loop_set_status (bnc#1012382).
  • block: sanity check for integrity intervals (bsc#1091728).
  • bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382).
  • bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382).
  • bna: Avoid reading past end of buffer (bnc#1012382).
  • bnx2x: Allow vfs to disable txvlan offload (bnc#1012382).
  • bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (bnc#1012382).
  • bonding: Do not update slave->link until ready to commit (bnc#1012382).
  • bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382).
  • bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382).
  • bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382).
  • btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382).
  • btrfs: Fix wrong first_key parameter in replace_path (Followup fix for bsc#1084721).
  • btrfs: Only check first key for committed tree blocks (bsc#1084721).
  • btrfs: Validate child tree block's level and first key (bsc#1084721).
  • bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382).
  • bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382).
  • cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (bnc#1012382).
  • cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382).
  • ceph: adding protection for showing cap reservation info (bsc#1089115).
  • ceph: always update atime/mtime/ctime for new inode (bsc#1089115).
  • ceph: check if mds create snaprealm when setting quota (fate#324665 bsc#1089115).
  • ceph: do not check quota for snap inode (fate#324665 bsc#1089115).
  • ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115).
  • ceph: fix root quota realm check (fate#324665 bsc#1089115).
  • ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115).
  • ceph: quota: add counter for snaprealms with quota (fate#324665 bsc#1089115).
  • ceph: quota: add initial infrastructure to support cephfs quotas (fate#324665 bsc#1089115).
  • ceph: quota: cache inode pointer in ceph_snap_realm (fate#324665 bsc#1089115).
  • ceph: quota: do not allow cross-quota renames (fate#324665 bsc#1089115).
  • ceph: quota: report root dir quota usage in statfs (fate#324665 bsc#1089115).
  • ceph: quota: support for ceph.quota.max_bytes (fate#324665 bsc#1089115).
  • ceph: quota: support for ceph.quota.max_files (fate#324665 bsc#1089115).
  • ceph: quota: update MDS when max_bytes is approaching (fate#324665 bsc#1089115).
  • cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382).
  • cifs: do not allow creating sockets except with SMB1 posix exensions (bnc#1012382).
  • cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734).
  • cifs: silence lockdep splat in cifs_relock_file() (bnc#1012382).
  • cifs: Use file_dentry() (bsc#1093008).
  • clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bnc#1012382).
  • clk: Fix __set_clk_rates error print-string (bnc#1012382).
  • clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382).
  • clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382).
  • clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382).
  • clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled (bsc#1090225).
  • cpumask: Add helper cpumask_available() (bnc#1012382).
  • crypto: ahash - Fix early termination in hash walk (bnc#1012382).
  • crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382).
  • cx25840: fix unchecked return values (bnc#1012382).
  • cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).
  • cxgb4: Fix queue free path of ULD drivers (bsc#1022743 FATE#322540).
  • cxgb4: FW upgrade fixes (bnc#1012382).
  • cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382).
  • dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382).
  • dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382).
  • dm ioctl: remove double parentheses (bnc#1012382).
  • Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382).
  • Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382).
  • drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (FATE#321732).
  • drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296,FATE#321265).
  • drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382).
  • drm/omap: fix tiled buffer stride calculations (bnc#1012382).
  • drm/radeon: Fix PCIe lane width calculation (bnc#1012382).
  • drm/virtio: fix vq wait_event condition (bnc#1012382).
  • e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382).
  • e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382).
  • edac, mv64x60: Fix an error handling path (bnc#1012382).
  • Enable uinput driver (bsc#1092566).
  • esp: Fix memleaks on error paths (git-fixes).
  • ext4: add validity checks for bitmap block numbers (bnc#1012382).
  • ext4: bugfix for mmaped pages in mpage_release_unused_pages() (bnc#1012382).
  • ext4: do not allow r/w mounts if metadata blocks overlap the superblock (bnc#1012382).
  • ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
  • ext4: fail ext4_iget for root directory if unallocated (bnc#1012382).
  • ext4: fix bitmap position validation (bnc#1012382).
  • ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() (bnc#1012382).
  • ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).
  • ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382).
  • ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382).
  • ext4: set h_journal if there is a failure starting a reserved handle (bnc#1012382).
  • fanotify: fix logic of events on child (bnc#1012382).
  • fix race in drivers/char/random.c:get_reg() (bnc#1012382).
  • frv: declare jiffies to be located in the .data section (bnc#1012382).
  • fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382).
  • fs/proc: Stop trying to report thread stacks (bnc#1012382).
  • fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382).
  • genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382).
  • getname_kernel() needs to make sure that ->name != ->iname in long case (bnc#1012382).
  • gpio: label descriptors using the device name (bnc#1012382).
  • hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382).
  • hid: core: Fix size as type u32 (bnc#1012382).
  • hid: Fix hid_report_len usage (bnc#1012382).
  • hid: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bnc#1012382).
  • hid: i2c-hid: fix size check and type usage (bnc#1012382).
  • hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes).
  • hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382).
  • hypfs_kill_super(): deal with failed allocations (bnc#1012382).
  • i40iw: Free IEQ resources (bsc#969476 FATE#319648 bsc#969477 FATE#319816).
  • ib/core: Fix possible crash to access NULL netdev (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
  • ib/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
  • ib/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
  • ib/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
  • ib/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • ib/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
  • ib/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
  • ib/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
  • ib/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • ib/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).
  • ibmvnic: Clear pending interrupt after device reset (bsc#1089644).
  • ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198).
  • ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).
  • ibmvnic: Handle all login error conditions (bsc#1089198).
  • ib/srp: Fix completion vector assignment algorithm (bnc#1012382).
  • ib/srp: Fix srp_abort() (bnc#1012382).
  • ib/srpt: Fix abort handling (bnc#1012382).
  • ib/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296,FATE#321265).
  • iio: hi8435: avoid garbage event at first enable (bnc#1012382).
  • iio: hi8435: cleanup reset gpio (bnc#1012382).
  • iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382).
  • input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes).
  • input: ALPS - fix trackstick button handling on V8 devices (git-fixes).
  • input: ALPS - fix TrackStick support for SS5 hardware (git-fixes).
  • input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad (git-fixes).
  • input: drv260x - fix initializing overdrive voltage (bnc#1012382).
  • input: elan_i2c - check if device is there before really probing (bnc#1012382).
  • input: elan_i2c - clear INT before resetting controller (bnc#1012382).
  • input: elantech - force relative mode on a certain module (bnc#1012382).
  • input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382).
  • input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382).
  • input: mousedev - fix implicit conversion warning (bnc#1012382).
  • iommu/vt-d: Fix a potential memory leak (bnc#1012382).
  • ip6_gre: better validate user provided tunnel names (bnc#1012382).
  • ip6_tunnel: better validate user provided tunnel names (bnc#1012382).
  • ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1012382).
  • ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062, bsc#1060799). Refresh patch to mainline version.
  • ipsec: check return value of skb_to_sgvec always (bnc#1012382).
  • ip_tunnel: better validate user provided tunnel names (bnc#1012382).
  • ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382).
  • ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382).
  • ipv6: sit: better validate user provided tunnel names (bnc#1012382).
  • ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382).
  • iw_cxgb4: print mapped ports correctly (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).
  • jbd2: fix use after free in kjournald2() (bnc#1012382).
  • jbd2: if the journal is aborted then do not allow update of the log tail (bnc#1012382).
  • jffs2_kill_sb(): deal with failed allocations (bnc#1012382).
  • jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp (bnc#1012382).
  • kABI: add tty include to audit.c (kabi).
  • kABI: protect hid report functions (kabi).
  • kABI: protect jiffies types (kabi).
  • kABI: protect skb_to_sgvec* (kabi).
  • kABI: protect sound/timer.h include in sound pcm.c (kabi).
  • kABI: protect struct cstate (kabi).
  • kABI: protect struct _lowcore (kabi).
  • kABI: protect tty include in audit.h (kabi).
  • kabi/severities: Ignore kgr_shadow_* kABI changes
  • kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).
  • kexec_file: do not add extra alignment to efi memmap (bsc#1044596).
  • keys: DNS: limit the length of option strings (bnc#1012382).
  • kGraft: fix small race in reversion code (bsc#1083125).
  • kobject: do not use WARN for registration failures (bnc#1012382).
  • kvm: Fix nopvspin static branch init usage (bsc#1056427).
  • kvm: Introduce nopvspin kernel parameter (bsc#1056427).
  • kvm: nVMX: Fix handling of lmsw instruction (bnc#1012382).
  • kvm: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382).
  • kvm: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382).
  • l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382).
  • l2tp: fix missing print session offset info (bnc#1012382).
  • lan78xx: Correctly indicate invalid OTP (bnc#1012382).
  • leds: pca955x: Correct I2C Functionality (bnc#1012382).
  • libceph, ceph: change permission for readonly debugfs entries (bsc#1089115).
  • libceph: fix misjudgement of maximum monitor number (bsc#1089115).
  • libceph: reschedule a tick in finish_hunting() (bsc#1089115).
  • libceph: un-backoff on tick when we have a authenticated session (bsc#1089115).
  • libceph: validate con->state at the top of try_write() (bsc#1089115).
  • livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296).
  • livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296).
  • llc: delete timers synchronously in llc_sk_free() (bnc#1012382).
  • llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382).
  • llc: hold llc_sap before release_sock() (bnc#1012382).
  • llist: clang: introduce member_address_is_nonnull() (bnc#1012382).
  • lockd: fix lockd shutdown race (bnc#1012382).
  • lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes).
  • mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382).
  • mceusb: sporadic RX truncation corruption fix (bnc#1012382).
  • md: document lifetime of internal rdev pointer (bsc#1056415).
  • md: fix two problems with setting the "re-add" device state (bsc#1089023).
  • md: only allow remove_and_add_spares when no sync_thread running (bsc#1056415).
  • md raid10: fix NULL deference in handle_write_completed() (git-fixes).
  • md/raid10: reset the 'first' at the end of loop (bnc#1012382).
  • md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382).
  • media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382).
  • media: videobuf2-core: do not go out of the buffer range (bnc#1012382).
  • mei: remove dev_err message on an unsupported ioctl (bnc#1012382).
  • mISDN: Fix a sleep-in-atomic bug (bnc#1012382).
  • mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382).
  • mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382).
  • mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382).
  • mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382).
  • mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block (bnc#1012382).
  • mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382).
  • mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block (bnc#1012382).
  • mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382).
  • neighbour: update neigh timestamps iff update is effective (bnc#1012382).
  • net: af_packet: fix race in PACKET_{R|T}X_RING (bnc#1012382).
  • net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" (bnc#1012382).
  • net: cdc_ncm: Fix TX zero padding (bnc#1012382).
  • net: emac: fix reset timeout with AR8035 phy (bnc#1012382).
  • net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382).
  • netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382).
  • netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382).
  • netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382).
  • netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382).
  • netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382).
  • net: fix deadlock while clearing neighbor proxy table (bnc#1012382).
  • net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382).
  • net: fool proof dev_valid_name() (bnc#1012382).
  • net: freescale: fix potential null pointer dereference (bnc#1012382).
  • net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511).
  • net: ieee802154: fix net_device reference release too early (bnc#1012382).
  • net/ipv6: Fix route leaking between VRFs (bnc#1012382).
  • net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382).
  • netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382).
  • net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382).
  • net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382).
  • net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
  • net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382).
  • net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 FATE#321685 bsc#1015337 FATE#321686 bsc#1015340 FATE#321687).
  • net/mlx4: Fix the check in attaching steering rules (bnc#1012382).
  • net/mlx5: avoid build warning for uniprocessor (bnc#1012382).
  • net/mlx5e: Add error print in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
  • net/mlx5e: Check support before TC swap in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
  • net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • net/mlx5: Fix error handling in load one (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
  • net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382).
  • net: move somaxconn init from sysctl code (bnc#1012382).
  • net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382).
  • net: qca_spi: Fix alignment issues in rx path (bnc#1012382).
  • net sched actions: fix dumping which requires several messages to user space (bnc#1012382).
  • net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382).
  • net: validate attribute sizes in neigh_dump_table() (bnc#1012382).
  • net: x25: fix one potential use-after-free issue (bnc#1012382).
  • net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382).
  • nfsv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382).
  • nfsv4.1: Work around a Linux server bug.. (bnc#1012382).
  • nospec: Kill array_index_nospec_mask_check() (bnc#1012382).
  • nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382).
  • ovl: filter trusted xattr for non-admin (bnc#1012382).
  • packet: fix bitfield update race (bnc#1012382).
  • parisc: Fix out of array access in match_pci_device() (bnc#1012382).
  • parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382).
  • partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382).
  • pci/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348).
  • pci: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382).
  • perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382).
  • perf/core: Fix locking for children siblings group read (git-fixes).
  • perf header: Set proper module name when build-id event found (bnc#1012382).
  • perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382).
  • perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382).
  • perf intel-pt: Fix overlap detection to identify consecutive buffers correctly (bnc#1012382).
  • perf intel-pt: Fix sync_switch (bnc#1012382).
  • perf intel-pt: Fix timestamp following overflow (bnc#1012382).
  • perf probe: Add warning message if there is unexpected event name (bnc#1012382).
  • perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382).
  • perf: Return proper values for user stack errors (bnc#1012382).
  • perf tests: Decompress kernel module before objdump (bnc#1012382).
  • perf tools: Fix copyfile_offset update of output offset (bnc#1012382).
  • perf trace: Add mmap alias for s390 (bnc#1012382).
  • pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() (bnc#1012382).
  • pNFS/flexfiles: missing err