Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2022:1196-1
Rating:	important
References:	bsc#1065729 bsc#1114648 bsc#1180153 bsc#1184207 bsc#1189562 bsc#1191428 bsc#1191451 bsc#1191580 bsc#1192273 bsc#1193738 bsc#1194163 bsc#1194541 bsc#1194580 bsc#1194586 bsc#1194590 bsc#1194591 bsc#1194943 bsc#1195051 bsc#1195353 bsc#1195403 bsc#1195480 bsc#1195482 bsc#1196018 bsc#1196114 bsc#1196339 bsc#1196367 bsc#1196468 bsc#1196478 bsc#1196488 bsc#1196514 bsc#1196639 bsc#1196657 bsc#1196723 bsc#1196761 bsc#1196830 bsc#1196836 bsc#1196901 bsc#1196942 bsc#1196973 bsc#1196999 bsc#1197099 bsc#1197227 bsc#1197331 bsc#1197366 bsc#1197462 bsc#1197531 bsc#1197661 bsc#1197675 bsc#1197754 bsc#1197755 bsc#1197756 bsc#1197757 bsc#1197758 bsc#1197760 bsc#1197763 bsc#1197806 bsc#1197894 bsc#1197914 bsc#1198031 bsc#1198032 bsc#1198033 jsc#SLE-15288 jsc#SLE-18234 jsc#SLE-24125
Cross-References:	CVE-2021-39713 CVE-2021-45868 CVE-2022-0001 CVE-2022-0002 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23960 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390
CVSS scores:	CVE-2021-39713 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0001 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0812 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0812 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0850 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23960 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23960 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26966 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-27666 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28388 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28389 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28390 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves 22 vulnerabilities, contains three features and has 39 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated.

The following security bugs were fixed:

CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639)
CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
CVE-2022-0001,CVE-2022-0002,CVE-2022-23960: Fixed a new kind of speculation issues, exploitable via JITed eBPF for instance. (bsc#1191580)
CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)

The following non-security bugs were fixed:

asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes).
asix: Ensure asix_rx_fixup_info members are all reset (git-fixes).
asix: Fix small memory leak in ax88772_unbind() (git-fixes).
asix: fix uninit-value in asix_mdio_read() (git-fixes).
asix: fix wrong return value in asix_check_host_enable() (git-fixes).
ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
can: dev: can_restart: fix use after free bug (git-fixes).
cgroup: Correct privileges check in release_agent writes (bsc#1196723).
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723).
cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723).
dax: update to new mmu_notifier semantic (bsc#1184207).
drm: add a locked version of drm_is_current_master (bsc#1197914).
drm: drm_file struct kABI compatibility workaround (bsc#1197914).
drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
drm: serialize drm_file.master with a new spinlock (bsc#1197914).
drm: use the lookup lock in drm_is_current_master (bsc#1197914).
EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1114648).
ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125).
ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc#SLE-24125).
ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24125).
ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).
ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
ext4: do not use the orphan list when migrating an inode (bsc#1197756).
ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580).
ext4: make sure quota gets properly shutdown on error (bsc#1195480).
ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).
ext4: update i_disksize if direct write past ondisk size (bsc#1197806).
genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
gtp: fix an use-before-init in gtp_newlink() (git-fixes).
IB/core: Fix ODP get user pages flow (git-fixes)
IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes)
IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
IB/hfi1: Correct guard on eager buffer deallocation (git-fixes)
IB/hfi1: Ensure pq is not left on waitlist (git-fixes)
IB/hfi1: Fix another case where pq is left on waitlist (git-fixes)
IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes)
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes)
IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
IB/qib: Use struct_size() helper (git-fixes)
IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes)
IB/umad: Return EIO in case of when device disassociated (git-fixes)
IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).
llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).")
mdio: fix mdio-thunder.c dependency build error (git-fixes).
mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207).
mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207).
mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207).
net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
net: asix: add proper error handling of usb read errors (git-fixes).
net: asix: fix uninit value bugs (git-fixes).
net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
net: dp83867: Fix OF_MDIO config check (git-fixes).
net: dsa: bcm_sf2: put device node before return (git-fixes).
net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24125).
net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc#SLE-24125).
net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24125).
net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24125).
net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125).
net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24125).
net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24125).
net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24125).
net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125).
net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125).
net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125).
net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc#SLE-24125).
net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125).
net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24125).
net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125).
net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125).
net: ena: introduce XDP redirect implementation (bsc#1197099 jsc#SLE-24125).
net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24125).
net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125).
net: ena: optimize data access in fast-path code (bsc#1197099 jsc#SLE-24125).
net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24125).
net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24125).
net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125).
net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24125).
net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125).
net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125).
net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125).
net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125).
net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125).
net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24125).
net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24125).
net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc#SLE-24125).
net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125).
net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc#SLE-24125).
net: ethernet: Fix memleak in ethoc_probe (git-fixes).
net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes).
net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
net: hns: fix return value check in __lb_other_process() (git-fixes).
net: marvell: Fix OF_MDIO config check (git-fixes).
net: mcs7830: handle usb read errors properly (git-fixes).
net: usb: asix: add error handling for asix_mdio_* functions (git-fixes).
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018).
net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
NFS: Clamp WRITE offsets (git-fixes).
NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758).
powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288, jsc#ECO-2990).
powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes).
powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609).
powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jec#SLE-23780).
powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jec#SLE-23780).
powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
powerpc/xive: fix return value of __setup handler (bsc#1065729).
printk: Add panic_in_progress helper (bsc#1197894).
printk: disable optimistic spin during panic (bsc#1197894).
qed: select CONFIG_CRC32 (git-fixes).
quota: correct error number in free_dqentry() (bsc#1194590).
RDMA/addr: Be strict with gid size (git-fixes)
RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes)
RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes)
RDMA/core: Do not infoleak GRH fields (git-fixes)
RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes)
RDMA/cxgb4: add missing qpid increment (git-fixes)
RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
RDMA/cxgb4: Set queue pair state when being queried (git-fixes)
RDMA/cxgb4: Validate the number of CQEs (git-fixes)
RDMA/hns: Add a check for current state before modifying QP (git-fixes)
RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes)
RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes)
RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes)
RDMA/hns: Validate the pkey index (git-fixes)
RDMA/i40iw: Fix error unwinding when i40