[ol7_MODRHCK] kernel-3.10.0-693.21.1.0.1.el7.x86_64

Name:	kernel
Version:	3.10.0
Release:	693.21.1.0.1.el7
Architecture:	x86_64
Group:	System Environment/Kernel
Size:	62645972
License:	GPLv2
RPM:	kernel-3.10.0-693.21.1.0.1.el7.x86_64.rpm
Source RPM:	kernel-3.10.0-693.21.1.0.1.el7.src.rpm
Build Date:	Fri Mar 09 2018
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	The Linux kernel
Description:	The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Changelog (Show File list) (Show related packages)

Wed Mar 07 2018 Bruce Hill <bruce.hill@oracle.com> - [3.10.0-693.21.1.0.1.el7.OL7]

- x86/xen: don't copy bogus duplicate entries into kernel page tables (joe.jin) [orabug 27095041]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]

Wed Mar 07 2018 Bruce Hill <bruce.hill@oracle.com> - [3.10.0-693.21.1.el7.OL7]

- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

Fri Feb 23 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.21.1.el7]

- [x86] platform/uv: Mark tsc_check_sync as an init function (Frank Ramsay) [1547870 1526066]
- [x86] platform/uv: Add check of TSC state set by UV BIOS (Frank Ramsay) [1547870 1526066]
- [x86] tsc: Provide a means to disable TSC ART (Frank Ramsay) [1547870 1526066]
- [x86] tsc: Drastically reduce the number of firmware bug warnings (Frank Ramsay) [1547870 1526066]
- [x86] tsc: Skip TSC test and error messages if already unstable (Frank Ramsay) [1547870 1526066]
- [x86] tsc: Add option that TSC on Socket 0 being non-zero is valid (Frank Ramsay) [1547870 1526066]
- [x86] tsc: Remove the TSC_ADJUST clamp (Frank Ramsay) [1547870 1526066]

Wed Feb 07 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.20.1.el7]

- [x86] locking/qspinlock: Fix kabi problem in a non-KVM/XEN VM (Waiman Long) [1539797 1533529]

Thu Feb 01 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.19.1.el7]

- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Josh Poimboeuf) [1539649 1535644]
- [kernel] x86/spec_ctrl: cleanup __ptrace_may_access (Josh Poimboeuf) [1539649 1535644]
- [x86] bugs: Drop one "mitigation" from dmesg (Josh Poimboeuf) [1539649 1535644]
- [x86] kvm: vmx: Make indirect call speculation safe (Josh Poimboeuf) [1539649 1535644]
- [x86] kvm: x86: Make indirect calls in emulator speculation safe (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB (Josh Poimboeuf) [1539649 1535644]
- [x86] mce: Make machine check speculation protected (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: fix ptrace IBPB optimization (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Josh Poimboeuf) [1539649 1535644]
- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: Document retpolines and ibrs_enabled=3 (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: upgrade GCC retpoline warning to an error (Josh Poimboeuf) [1539649 1535644]
- [x86] Use IBRS for firmware update path (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: enforce sane combinations of IBRS and retpoline (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: use upstream RSB stuffing function (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Josh Poimboeuf) [1539649 1535644]
- [kernel] x86/jump_label: warn on failed jump label patch (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: detect unretpolined modules (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline: Fill return stack buffer on vmexit (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline/xen: Convert Xen hypercall indirect jumps (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline/hyperv: Convert assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline/entry: Convert entry assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]
- [x86] retpoline: Add initial retpoline support (Josh Poimboeuf) [1539649 1535644]
- [x86] jump_label: add asm support for static keys (Josh Poimboeuf) [1539649 1535644]
- [x86] asm: Make asm/alternative.h safe from assembly (Josh Poimboeuf) [1539649 1535644]
- [tools] objtool: Support new GCC 6 switch jump table pattern (Josh Poimboeuf) [1539649 1535644]
- [tools] objtool: Detect jumps to retpoline thunks (Josh Poimboeuf) [1539649 1535644]
- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: print features changed by microcode loading (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: refactor the init and microcode loading paths (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: remove ibrs_enabled variable (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: add ibp_disabled variable (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: remove performance measurements from documentation (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: make ipbp_enabled read-only (Josh Poimboeuf) [1539649 1535644]
- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Josh Poimboeuf) [1539649 1535644]
- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Josh Poimboeuf) [1539649 1535644]
- [base] sysfs/cpu: Add vulnerability folder (Josh Poimboeuf) [1539649 1535644]
- [x86] cpu: Merge bugs.c and bugs_64.c (Josh Poimboeuf) [1539649 1535644]
- [x86] syscall: int80 must not clobber r12-15 (Josh Poimboeuf) [1539649 1535644]
- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Josh Poimboeuf) [1539649 1535644]
- [x86] boot: Add early cmdline parsing for options with arguments (Josh Poimboeuf) [1539649 1535644]
- [x86] boot: Pass in size to early cmdline parsing (Josh Poimboeuf) [1539649 1535644]
- [x86] boot: Simplify early command line parsing (Josh Poimboeuf) [1539649 1535644]
- [x86] boot: Fix early command-line parsing when partial word matches (Josh Poimboeuf) [1539649 1535644]
- [x86] boot: Fix early command-line parsing when matching at end (Josh Poimboeuf) [1539649 1535644]
- [scsi] storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [1536978 1502601]
- [fs] nfs: RPC_MAX_AUTH_SIZE is in bytes ("J. Bruce Fields") [1533378 1495321]
- [fs] nfsd: give out fewer session slots as limit approaches (Dave Wysochanski) [1533377 1492234]
- [fs] nfsd: increase DRC cache limit (Dave Wysochanski) [1533377 1492234]
- [x86] kvm: x86: fix RSM when PCID is non-zero (Paolo Bonzini) [1531662 1530711]
- [x86] iommu/amd: Reduce delay waiting for command buffer space (Suravee Suthikulpanit) [1531456 1508644]
- [x86] iommu/amd: Reduce amount of MMIO when submitting commands (Suravee Suthikulpanit) [1531456 1508644]
- [x86] amd: Remove cmd_buf_size and evt_buf_size from struct amd_iommu (Suravee Suthikulpanit) [1531456 1508644]
- [x86] amd: Fix the left value check of cmd buffer (Suravee Suthikulpanit) [1531456 1508644]
- [x86] amd: Don't put completion-wait semaphore on stack (Suravee Suthikulpanit) [1531456 1508644]
- [x86] kvm: svm: obey guest PAT (Suravee Suthikulpanit) [1530976 1478185]
- [tty] serial: 8250_pci: Add Amazon PCI serial device ID (Vitaly Kuznetsov) [1530137 1527545]
- [ata] libata: sata_down_spd_limit should return if driver has not recorded sstatus speed (David Milburn) [1530136 1457140]
- [fs] nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [1530135 1506382]
- [fs] nfsv4.0: Fix a lock leak in nfs40_walk_client_list (Scott Mayhew) [1530135 1506382]
- [fs] nfs: Create a common nfs4_match_client() function (Scott Mayhew) [1530135 1506382]
- [fs] autofs - revert: take more care to not update last_used on path walk (Ian Kent) [1525994 1489542]
- [vhost] vhost_net: correctly check tx avail during rx busy polling (Jason Wang) [1523784 1487551]
- [crypto] shash - Fix has_key setting (Herbert Xu) [1522932 1505817]
- [block] Fix a race between blk_cleanup_queue() and timeout handling (Ming Lei) [1522698 1513725]
- [x86] tsc: Force TSC_ADJUST register to value >= zero (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Validate cpumask pointer before accessing it (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Try to adjust TSC if sync test fails (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Prepare warp test for TSC adjustment (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Move sync cleanup to a safe place (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Sync test only for the first cpu in a package (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Verify TSC_ADJUST from idle (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Store and check TSC ADJUST MSR (Prarit Bhargava) [1519850 1497055]
- [x86] tsc: Detect random warps (Prarit Bhargava) [1519850 1497055]
- [x86] kvm: mmu: always terminate page walks at level 1 (Paolo Bonzini) [1500382 1500381] {CVE-2017-12188}
- [x86] kvm: nVMX: update last_nonleaf_level when initializing nested EPT (Denys Vlasenko) [1500382 1500381] {CVE-2017-12188}
- [x86] kvm: fix singlestepping over syscall (Paolo Bonzini) [1464480 1464481] {CVE-2017-7518}

Sun Jan 21 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.18.1.el7]

- [md] raid5: fix a race condition in stripe batch (Nigel Croxon) [1535883 1496836]
- [security] selinux: fix double free in selinux_parse_opts_str() (Paul Moore) [1532288 1456843]
- [fs] nfs: revert "nfs: Move the flock open mode check into nfs_flock()" (Benjamin Coddington) [1531095 1497225]

Sun Jan 14 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.17.1.el7]

- [s390] locking/barriers: remove old gmb() macro definition (Denys Vlasenko) [1519788 1519786]

Sat Jan 13 2018 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.16.1.el7]

- [x86] smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava) [1533022 1519503]
- [x86] topology: Add topology_max_smt_threads() (Prarit Bhargava) [1533022 1519503]
- [powerpc] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753}
- [powerpc] Prevent Meltdown attack with L1-D$ flush (Jon Masters) [1519800 1519801] {CVE-2017-5754}
- [s390] add ppa to system call and program check path (Jon Masters) [1519795 1519798] {CVE-2017-5715}
- [s390] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753}
- [s390] introduce CPU alternatives (Jon Masters) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Andrea Arcangeli) [1533373 1533250]
- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Andrea Arcangeli) [1533373 1533250]
- [fs] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1533372 1531287]
- [x86] kaiser/efi: unbreak tboot (Andrea Arcangeli) [1519795 1532989 1519798 1531559] {CVE-2017-5715}
- [x86] spec_ctrl: don't call ptrace_has_cap in the IBPB ctx switch optimization (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/efi: unbreak EFI old_memmap (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] cpuidle_idle_call: fix double local_irq_enable() (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] cpu: fix get_scattered_cpu_leaf sorting part #2 (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] cpu: fix get_scattered_cpu_leaf for IBPB feature (Paolo Bonzini) [1519795 1519798]

Thu Dec 28 2017 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.11.6.el7]

- [x86] spec_ctrl: Eliminate redundant FEATURE Not Present messages (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/mm: skip IBRS/CR3 restore when paranoid exception returns to userland (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/mm: consider the init_mm.pgd a kaiser pgd (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/mm: convert userland visible "kpti" name to "pti" (Andrea Arcangeli) [1519795 1519798]
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Andrea Arcangeli) [1519795 1519798]
- [x86] kaiser/mm: __load_cr3 in resume from RAM after kernel gs has been restored (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: issue a __spec_ctrl_ibpb if a credential check isn't possible (Andrea Arcangeli) [1519795 1519798]
- [x86] mm/kaiser: disable global pages by default with KAISER (Andrea Arcangeli) [1519795 1519798]
- Revert "x86/mm/kaiser: Disable global pages by default with KAISER" (Andrea Arcangeli) [1519795 1519798]
- [x86] ibpb: don't optimize spec_cntrl_ibpb on PREEMPT_RCU (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: clear registers after 32bit syscall stackframe is setup (Andrea Arcangeli) [1519800 1519801]
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Andrea Arcangeli) [1519800 1519801]
- [x86] kaiser/mm: fix pgd freeing in error path (Andrea Arcangeli) [1519800 1519801]
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] dumpstack: Remove raw stack dump (Josh Poimboeuf) [1519795 1519798]
- [x86] spec_ctrl: remove SPEC_CTRL_DEBUG code (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup unnecessary ptregscall_common function (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: add debug aid to test the entry code without microcode (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace current thread (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable on wakeup (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] kvm: pad RSB on VM transition (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [tools] objtool: Don't print 'call dest' warnings for ignored functions (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [fs] prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [kernel] userns: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [misc] locking/barriers: introduce new memory barrier gmb() (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: fix RESTORE_CR3 crash in kaiser_stop_machine (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use atomic ops to poison/unpoison user pagetables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/64: Fix reboot interaction with CR4.PCIDE (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: enable kaiser in build (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: handle call to xen_pv_domain() on PREEMPT_RT (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: trampoline stack comments (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: remove paravirt clock warning (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map debug IDT tables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [perf] x86/intel/uncore: Fix memory leaks on allocation failures (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [mm] userfaultfd: hugetlbfs: prevent UFFDIO_COPY to fill beyond the end of i_size (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [fs] userfaultfd: non-cooperative: fix fork use after free (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [mm] userfaultfd: hugetlbfs: remove superfluous page unlock in VM_SHARED case (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [mm] fix bad rss-counter if remap_file_pages raced migration (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}

Thu Dec 14 2017 Denys Vlasenko <dvlasenk@redhat.com> [3.10.0-693.15.1.el7]

- [net] udp: fix bcast packet reception (Paolo Abeni) [1506530 1493238]
- [net] udp: perform source validation for mcast early demux (Paolo Abeni) [1506530 1493238]
- [net] ipv4: early demux can return an error code (Paolo Abeni) [1506530 1493238]
- [net] tcp: reset sk_rx_dst in tcp_disconnect() (Jamie Bainbridge) [1520296 1467770]
- [md] dm cache: fix race condition in the writeback mode overwrite_bio optimisation (Mike Snitzer) [1517795 1512095]
- [net] packet: in packet_do_bind, test fanout with bind_lock held (Hangbin Liu) [1505430 1505429] {CVE-2017-15649}
- [net] packet: hold bind lock when rebinding to fanout hook (Hangbin Liu) [1505430 1505429] {CVE-2017-15649}
- [net] packet: Do not call fanout_release from atomic contexts (Hangbin Liu) [1505430 1505429] {CVE-2017-15649}
- [net] packet: fix races in fanout_add() (Hangbin Liu) [1505430 1505429] {CVE-2017-15649}
- [security] keys: Fix handling of stored error in a negatively instantiated user key (David Howells) [1411618 1479727 1411622 1450158] {CVE-2015-8539 CVE-2017-7472}
- [security] keys: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (David Howells) [1411618 1479727 1411622 1450158] {CVE-2015-8539 CVE-2017-7472}
- [security] keys: Differentiate uses of rcu_dereference_key() and user_key_payload() (David Howells) [1411618 1479727 1411622 1450158] {CVE-2015-8539 CVE-2017-7472}
- [security] keys: Use memzero_explicit() for secret data (David Howells) [1411618 1479727 1411622 1450158] {CVE-2015-8539 CVE-2017-7472}
- [security] keys: Fix an error code in request_master_key() (David Howells) [1411618 1479727 1411622 1450158] {CVE-2015-8539 CVE-2017-7472}