Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2018:2862-1
Rating:	important
References:	bsc#1012382 bsc#1015342 bsc#1015343 bsc#1017967 bsc#1019695 bsc#1019699 bsc#1020412 bsc#1021121 bsc#1022604 bsc#1024361 bsc#1024365 bsc#1024376 bsc#1027968 bsc#1030552 bsc#1031492 bsc#1033962 bsc#1042286 bsc#1048317 bsc#1050431 bsc#1053685 bsc#1055014 bsc#1056596 bsc#1062604 bsc#1063646 bsc#1064232 bsc#1066223 bsc#1068032 bsc#1068075 bsc#1069138 bsc#1078921 bsc#1080157 bsc#1083663 bsc#1085042 bsc#1085536 bsc#1085539 bsc#1087092 bsc#1089066 bsc#1090888 bsc#1092903 bsc#1096748 bsc#1097105 bsc#1098822 bsc#1099597 bsc#1099810 bsc#1099832 bsc#1099922 bsc#1099999 bsc#1100000 bsc#1100001 bsc#1100132 bsc#1102346 bsc#1102486 bsc#1102517 bsc#1104485 bsc#1104683 bsc#1105271 bsc#1105296 bsc#1105322 bsc#1105323 bsc#1105392 bsc#1105396 bsc#1105524 bsc#1105536 bsc#1105769 bsc#1106016 bsc#1106105 bsc#1106185 bsc#1106191 bsc#1106229 bsc#1106271 bsc#1106275 bsc#1106276 bsc#1106278 bsc#1106281 bsc#1106283 bsc#1106369 bsc#1106509 bsc#1106511 bsc#1106697 bsc#1106929 bsc#1106934 bsc#1106995 bsc#1107060 bsc#1107078 bsc#1107319 bsc#1107320 bsc#1107689 bsc#1107735 bsc#1107966 bsc#963575 bsc#966170 bsc#966172 bsc#969470 bsc#969476 bsc#969477
Cross-References:	CVE-2018-10902 CVE-2018-10938 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555
CVSS scores:	CVE-2018-10902 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10902 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10938 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-10938 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-1128 ( SUSE ): 8.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2018-1128 ( NVD ): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1129 ( SUSE ): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2018-1129 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-12896 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-12896 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-13093 ( SUSE ): 6.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2018-13093 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13094 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13094 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13095 ( SUSE ): 6.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2018-13095 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-15572 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-15572 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-16658 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-16658 ( NVD ): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2018-6554 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-6554 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-6555 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2018-6555 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Real Time 12 SP3 SUSE Linux Enterprise Server 12 SP3

An update that solves 12 vulnerabilities and has 83 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.155 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001)
CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999)
CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000)
CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)
CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689)
CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)
CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509)
CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748)
CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748)
CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016)
CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517)
CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322).

The following non-security bugs were fixed:

9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382).
9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382).
9p: fix multiple NULL-pointer-dereferences (bnc#1012382).
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382).
ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382).
ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382).
ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382).
ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382).
ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382).
ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382).
ALSA: memalloc: Do not exceed over the requested size (bnc#1012382).
ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810).
ALSA: virmidi: Fix too long output trigger loop (bnc#1012382).
ALSA: vx222: Fix invalid endian conversions (bnc#1012382).
ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382).
ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382).
ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382).
ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382).
ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382).
ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382).
ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382).
ARM: dts: da850: Fix interrups property for gpio (bnc#1012382).
ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382).
ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382).
ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382).
ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382).
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382).
ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (git-fixes).
ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382).
ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382).
ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382).
Bluetooth: avoid killing an already killed socket (bnc#1012382).
Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092).
Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092).
HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382).
IB/core: Make testing MR flags for writability a static inline function (bnc#1012382).
IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596).
IB/iser: Do not reduce max_sectors (bsc#1063646).
IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (git-fixes).
IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382).
IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343).
IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).
IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382).
KVM: MMU: always terminate page walks at level 1 (bsc#1062604).
KVM: MMU: simplify last_pte_bitmap (bsc#1062604).
KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369).
KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382).
KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382).
KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382).
KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604).
MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382).
MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012382).
PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382).
PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382).
PCI: pciehp: Fix use-after-free on unplug (bnc#1012382).
PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382).
RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477).
RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477).
RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477).
RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376).
RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343).
Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" (bnc#1012382).
Revert "UBIFS: Fix potential integer overflow in allocation" (bnc#1012382).
Revert "f2fs: handle dirty segments inside refresh_sit_entry" (bsc#1106281).
Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078).
Smack: Mark inode instant in smack_task_to_inode (bnc#1012382).
USB: musb: fix external abort on suspend (bsc#1085536).
USB: option: add support for DW5821e (bnc#1012382).
USB: serial: metro-usb: stop I/O after failed open (bsc#1085539).
USB: serial: sierra: fix potential deadlock at close (bnc#1012382).
Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319).
afs: Fix directory permissions check (bsc#1106283).
arc: fix build errors in arc/include/asm/delay.h (bnc#1012382).
arc: fix type warnings in arc/mm/cache.c (bnc#1012382).
arm64: make secondary_start_kernel() notrace (bnc#1012382).
arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382).
atl1c: reserve min skb headroom (bnc#1012382).
atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066).
backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929).
backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929).
bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232).
bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232).
bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232).
bcache: do not check return value of debugfs_create_dir() (bsc#1064232).
bcache: finish incremental GC (bsc#1064232).
bcache: fix I/O significant decline while backend devices registering (bsc#1064232).
bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232).
bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232).
bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232).
bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232).
bcache: set max writeback rate when I/O request is idle (bsc#1064232).
bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232).
be2net: remove unused old custom busy-poll fields (bsc#1021121 ).
blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663).
block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663).
block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663).
bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382).
bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382).
bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575).
bnxt_en: Fix for system hang if request_irq fails (bnc#1012382).
bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ).
brcmfmac: stop watchdog before detach and free everything (bnc#1012382).
bridge: Propagate vlan add failure to user (bnc#1012382).
btrfs: do not leak ret from do_chunk_alloc (bnc#1012382).
btrfs: round down size diff when shrinking/growing device (bsc#1097105).
can: mpc5xxx_can: check of_iomap return before use (bnc#1012382).
cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382).
ceph: fix incorrect use of strncpy (bsc#1107319).
ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320).
cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382).
cifs: add missing debug entries for kconfig options (bnc#1012382).
cifs: check kmalloc before use (bsc#1012382).
cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382).
crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382).
crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382).
crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382).
crypto: vmac - separate tfm and request context (bnc#1012382).
crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317).
cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382).
cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes).
dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382).
dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382).
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382).
drivers: net: lmc: fix case value for target abort error (bnc#1012382).
drm/armada: fix colorkey mode property (bnc#1012382).
drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929).
drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382).
drm/drivers: add support for using the arch wc mapping API (git-fixes).
drm/exynos/dsi: mask frame-done interrupt (bsc#1106929).
drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382).
drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382).
drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382).
drm/i915/userptr: reject zero user_size (bsc#1090888).
drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092).
drm/imx: fix typo in ipu_plane_formats (bsc#1106929).
drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382).
drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382).
drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929).
drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382).
drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769).
drm: Reject getfb for multi-plane framebuffers (bsc#1106929).
enic: do not call enic_change_mtu in enic_probe (git-fixes).
enic: handle mtu change for vf properly (bnc#1012382).
enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382).
ext4: check for NUL characters in extended attribute's name (bnc#1012382).
ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382).
ext4: reset error code in ext4_find_entry in fallback (bnc#1012382).
ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229).
fb: fix lost console when the user unplugs a USB adapter (bnc#1012382).
fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929).
fix __legitimize_mnt()/mntput() race (bnc#1012382).
fix mntput/mntput race (bnc#1012382).
fork: unconditionally clear stack on fork (bnc#1012382).
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382).
fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185).
fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382).
fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921).
fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382).
fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382).
fuse: Fix oops at process_init_reply() (bnc#1012382).
fuse: fix double request_end() (bnc#1012382).
fuse: fix unlocked access to processing queue (bnc#1012382).
fuse: umount should wait for all requests (bnc#1012382).
genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392).
getxattr: use correct xattr length (bnc#1012382).
hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552).
hwrng: exynos - Disable runtime PM on driver unbind (git-fixes).
i2c: davinci: Avoid zero value of CLKH (bnc#1012382).
i2c: imx: Fix race condition in dma read (bnc#1012382).
i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382).
i40e: use cpumask_copy instead of direct assignment (bsc#1053685).
i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477).
i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477).
ibmvnic: Include missing return code checks in reset function (bnc#1107966).
ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382).
ieee802154: at86rf230: use func macro for debug messages (bnc#1012382).
ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382).
igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365).
iio: ad9523: Fix displayed phase (bnc#1012382).
iio: ad9523: Fix return value for ad952x_store() (bnc#1012382).
iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105).
iommu/vt-d: Add definitions for PFSID (bnc#1012382).
iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382).
iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105).
ioremap: Update pgtable free interfaces with addr (bnc#1012382).
ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382).
ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382).
ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962).
iscsi target: fix session creation failure handling (bnc#1012382).
isdn: Disable IIOCDBGVAR (bnc#1012382).
iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477).
ixgbe: Be more careful when modifying MAC filters (bnc#1012382).
jfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
jump_label: Add RELEASE barrier after text changes (bsc#1105271).
jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271).
jump_label: Move CPU hotplug locking (bsc#1105271).
jump_label: Provide hotplug context variants (bsc#1105271).
jump_label: Reduce the size of struct static_key (bsc#1105271).
jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271).
jump_label: Split out code under the hotplug lock (bsc#1105271).
jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271).
kABI: protect enum tcp_ca_event (kabi).
kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)
kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536).
kasan: do not emit builtin calls when sanitization is off (bnc#1012382).
kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382).
kbuild: verify that $DEPMOD is installed (bnc#1012382).
kernel: improve spectre mitigation (bnc#1106934.
kprobes/x86: Fix %p uses in error messages (bnc#1012382).
kprobes: Make list and blacklist root user read only (bnc#1012382).
l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382).
libceph: check authorizer reply/challenge length before reading (bsc#1096748).
libceph: factor out __ceph_x_decrypt() (bsc#1096748).
libceph: factor out __prepare_write_connect() (bsc#1096748).
libceph: factor out encrypt_authorizer() (bsc#1096748).
libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748).
libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748).
llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382).
locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382).
locks: pass inode pointer to locks_free_lock_context (bsc@1099832).
locks: prink more detail when there are leaked locks (bsc#1099832).
locks: restore a warn for leaked locks on close (bsc#1099832).
m68k: fix "bad page state" oops on ColdFire boot (bnc#1012382).
mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382).
md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382).
media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431).
media: s5p-jpeg: fix number of components macro (bsc#1050431).
media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382).
mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697).
mm/memory.c: check return value of ioremap_prot (bnc#1012382).
mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382).
mm: Add vm_insert_pfn_prot() (bnc#1012382).
mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382).
mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382).
net/9p/client.c: version pointer uninitialized (bnc#1012382).
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382).
net/ethernet/freescale/fman: fix cross-build error (bnc#1012382).
net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343).
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172).
net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343).
net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172).
net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172).
net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343).
net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343).
net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343).
net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172).
net: 6lowpan: fix reserved space for single frames (bnc#1012382).
net: add skb_condense() helper (bsc#1089066).
net: adjust skb->truesize in ___pskb_trim() (bsc#1089066).
net: adjust skb->truesize in pskb_expand_head() (bsc#1089066).
net: axienet: Fix double deregister of mdio (bnc#1012382).
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382).
net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382).
net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968).
net: hamradio: use eth_broadcast_addr (bnc#1012382).
net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382).
net: mac802154: tx: expand tailroom if necessary (bnc#1012382).
net: prevent ISA drivers from building on PPC32 (bnc#1012382).
net: propagate dev_get_valid_name return code (bnc#1012382).
net: qca_spi: Avoid packet drop during initial sync (bnc#1012382).
net: qca_spi: Fix log level if probe fails (bnc#1012382).
net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382).
net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382).
net_sched: Fix missing res info when create new tc_index filter (bnc#1012382).
net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382).
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382).
netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382).
netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382).
netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).
nl80211: Add a missing break in parse_station_flags (bnc#1012382).
nvme-fc: release io queues to allow fast fail (bsc#1102486).
nvme: if_ready checks to fail io to deleting controller (bsc#1102486).
nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486).
nvmet-fc: fix target sgl list on large transfers (bsc#1102486).
osf_getdomainname(): use