[ol7_UEKR4_archive] kernel-uek-doc-4.1.12-94.8.3.el7uek.noarch

Name:	kernel-uek-doc
Version:	4.1.12
Release:	94.8.3.el7uek
Architecture:	noarch
Group:	Documentation
Size:	58089018
License:	GPLv2
RPM:	kernel-uek-doc-4.1.12-94.8.3.el7uek.noarch.rpm
Source RPM:	kernel-uek-4.1.12-94.8.3.el7uek.src.rpm
Build Date:	Thu Apr 26 2018
Build Host:	ca-build85.us.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	Various documentation bits found in the kernel source
Description:	This package contains documentation files from the kernel source. Various bits of information about the Linux kernel and the device drivers shipped with it are documented in these files. You'll want to install this package if you need a reference to the options that can be passed to Linux kernel modules at load time.

Changelog (Show File list) (Show related packages)

Wed Apr 25 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.8.3.el7uek]

- net/rds: ib: Release correct number of frags (Håkon Bugge)  [Orabug: 27924178]  
- mlx4: change the ICM table allocations to lowest needed size (Daniel Jurgens)  [Orabug: 27718304]  
- net/rds: Fix incorrect error handling (Håkon Bugge)  [Orabug: 27925101]

Fri Mar 23 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-94.8.2.el7uek]

- config: sort out retpoline config options (Brian Maly)  [Orabug: 27509502]  
- x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd Vierling)  [Orabug: 27630312]  
- kernel: on OL6 only, simulate the gcc 4.4 kABI for __stack_chk_fail() (Todd Vierling)  [Orabug: 27509502]  
- uek-rpm: configs: Don't set HAVE_FENTRY on OL6 builds. (Todd Vierling)  [Orabug: 27509502]  
- Revert "x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI" (Brian Maly)  [Orabug: 27630312]  
- Revert "Makefile: Build with -Werror=date-time if the compiler supports it" (Gayatri Vasudevan)  [Orabug: 27724742]

Mon Mar 19 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.8.1.el7uek]

- x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk)   
- retpoline: selectively disable IBRS in disable_ibrs_and_friends() (Chuck Anderson)  [Orabug: 27673499]  
- retpoline: move setting of sysctl_ibrs_enabled and sysctl_ibpb_enabled to where SPEC_CTRL_IBRS_INUSE and SPEC_CTRL_IBPB_INUSE are set (Chuck Anderson)  [Orabug: 27672521]  
- retpoline: set IBRS and IBPB in use only on the boot CPU call to init_scattered_cpuid_features() (Chuck Anderson)  [Orabug: 27672521]  
- retpoline: display IBPB feature status along with IBRS status (Chuck Anderson)  [Orabug: 27672521]  
- retpoline: move lock/unlock of spec_ctrl_mutex to check_modinfo() (Chuck Anderson)  [Orabug: 27672521]  
- retpoline: call clear_retpoline_fallback() with boot parm spectre_v2_heuristics=off (Chuck Anderson)  [Orabug: 27672521]  
- retpoline: add brackets to check_ibrs_inuse() and clear_ibpb_inuse() (Chuck Anderson)  [Orabug: 27672521]  
- retpoline/module: do not enable IBRS/IPBP if SPEC_CTRL_IBRS_ADMIN_DISABLED/SPEC_CTRL_IBPB_ADMIN_DISABLED is set (Chuck Anderson)  [Orabug: 27547729]  
- retpoline: microcode incorrectly reported as broken during early boot (Chuck Anderson)  [Orabug: 27672521]  
- retpoline: move lock/unlock of spec_ctrl_mutex into init_scattered_cpuid_features() (Chuck Anderson)  [Orabug: 27672521]  
- KVM: Disable irq while unregistering user notifier (Ignacio Alvarado)   
- x86/speculation: Use IBRS if available before calling into firmware (David Woodhouse)  [Orabug: 27630399]  
- Revert "x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation" (Konrad Rzeszutek Wilk)  [Orabug: 27630379]  
- Revert "x86/spec: Add 'lfence_enabled' in sysfs" (Konrad Rzeszutek Wilk)   
- x86/spectre_v2: Fix the documentation to say the right thing. (Konrad Rzeszutek Wilk)   
- x86/spectre_v2: Don't check bad microcode versions when running under hypervisors. (Konrad Rzeszutek Wilk)  [Orabug: 27630364]  
- x86/ia32/syscall: RESTORE_EXTRA_REGS when returning from syscall (Ankur Arora)  [Orabug: 27630345]  {CVE-2017-5715} 
- x86/ia32/syscall: don't do RESTORE_EXTRA_REGS prematurely (Ankur Arora)  [Orabug: 27630345]  {CVE-2017-5715} 
- trace: declare blk_add_trace_rq non-static on OL6 (Todd Vierling)  [Orabug: 27630338]  
- x86/spectre: move microcode check before kernel ibrs flags are set (Daniel Jordan)  [Orabug: 27630331]  {CVE-2017-5715} 
- bonding: attempt to better support longer hw addresses (Jarod Wilson)  [Orabug: 27630325]  
- x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd Vierling)  [Orabug: 27630312]  
- retpoline/module: fall back to another spectre mitigation when disabling retpoline (Chuck Anderson)  [Orabug: 27630299]  
- retpoline/module: add bit defs for use_ibpb (Chuck Anderson)  [Orabug: 27630299]  
- x86/spectre_v2: Only use IBRS when ibrs_inuse tells us to (Konrad Rzeszutek Wilk)   
- x86/spectre_v2: Disable IBRS if spectre_v2=off (Konrad Rzeszutek Wilk)   
- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed)  [Orabug: 27630289]  
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny)  [Orabug: 27630283]  
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen)  [Orabug: 27630273]  
- x86/entry: RESTORE_IBRS needs to be done under kernel CR3 (Ankur Arora)  [Orabug: 27630254]  
- Fix typo IBRS_ATT, which should be IBRS_ALL (redux) (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Add spectre_v2_heuristics= (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Do not disable IBPB when disabling IBRS (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/scattered: Fix the order. (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: Favor IBRS on Skylake over retpoline (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (Darren Kenny)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/bugs: Drop one "mitigation" from dmesg (Borislav Petkov)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/nospec: Fix header guards names (Borislav Petkov)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Don't spam the console with these: (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/cpu: Keep model defines sorted by model number (Andy Shevchenko)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/msr: Add definitions for new speculation control MSRs (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/cpufeatures: Add AMD feature bits for Speculation Control (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Print what options are available. (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Add VMEXIT_FILL_RSB instead of RETPOLINE (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: If IBRS is enabled disable "Filling RSB on context switch" (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Don't allow {ibrs,ipbp,lfence}_enabled to be toggled if retpoline (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: Fix retpoline_enabled (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: Update sysctl values if toggled only by set_{ibrs,ibpb}_disabled (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- retpoline/module: Taint kernel for missing retpoline in module (Andi Kleen)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline: Fill RSB on context switch for affected CPUs (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (Andi Kleen)  [Orabug: 27630250]  {CVE-2017-5715} 
- kprobes/x86: Disable optimizing on the function jumps to indirect thunk (Masami Hiramatsu)  [Orabug: 27630250]  {CVE-2017-5715} 
- kprobes/x86: Blacklist indirect thunk functions for kprobes (Masami Hiramatsu)  [Orabug: 27630250]  {CVE-2017-5715} 
- retpoline: Introduce start/end markers of indirect thunk (Masami Hiramatsu)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/mce: Make machine check speculation protected (Thomas Gleixner)  [Orabug: 27630250]  {CVE-2017-5715} 
- kbuild: modversions for EXPORT_SYMBOL() for asm (Nicholas Piggin)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Tom Lendacky)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline: Remove compile time warning (Thomas Gleixner)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline: Fill return stack buffer on vmexit (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/irq32: Convert assembler indirect jumps (Andi Kleen)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/checksum32: Convert assembler indirect jumps (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/xen: Convert Xen hypercall indirect jumps (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/hyperv: Convert assembler indirect jumps (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/ftrace: Convert ftrace assembler indirect jumps (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/entry: Convert entry assembler indirect jumps (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline/crypto: Convert crypto assembler indirect jumps (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Add disable_ibrs_and_friends (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Figure out if STUFF_RSB macro needs to be used. (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre_v2: Figure out when to use IBRS. (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: Add IBRS option. (Konrad Rzeszutek Wilk)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/spectre: Add boot time option to select Spectre v2 mitigation (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/retpoline: Add initial retpoline support (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- kconfig.h: use __is_defined() to check if MODULE is defined (Masahiro Yamada)  [Orabug: 27630250]  {CVE-2017-5715} 
- EXPORT_SYMBOL() for asm (Al Viro)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/asm: Make asm/alternative.h safe from assembly (Andy Lutomirski)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/kbuild: enable modversions for symbols exported from asm (Adam Borowski)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/asm: Use register variable to get stack pointer value (Andrey Ryabinin)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (Andy Lutomirski)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/alternatives: Add missing '
' at end of ALTERNATIVE inline asm (David Woodhouse)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/alternatives: Fix optimize_nops() checking (Borislav Petkov)  [Orabug: 27630250]  {CVE-2017-5715} 
- x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang)  [Orabug: 27629973]  
- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov)  [Orabug: 27629973]  
- x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby)  [Orabug: 27630236]  
- x86: Fix compile issues if CONFIG_XEN not defined (Konrad Rzeszutek Wilk)   
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk)   
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk)   
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk)   
- x86/IBRS/IBPB: Remove procfs interface to ibrs/ibpb_enable (Boris Ostrovsky)  [Orabug: 27630222]  
- x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk)   
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky)  [Orabug: 27630203]  
- x86/IBRS: Don't try to change IBRS mode if IBRS is not available (Boris Ostrovsky)  [Orabug: 27630203]  
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky)  [Orabug: 27630203]  
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky)  [Orabug: 27630198]  
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk)   
- x86/spec: Don't print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk)   
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)   
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky)  [Orabug: 27630193]  
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)   
- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk)   
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk)  [Orabug: 27451922]  
- x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju)  [Orabug: 27445637]  
- x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju)  [Orabug: 27445637]  
- Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju)  [Orabug: 27445637]  
- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner)  [Orabug: 27445637]  
- sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse)  [Orabug: 27445637]  
- sysfs/cpu: Add vulnerability folder (Thomas Gleixner)  [Orabug: 27445637]  
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse)  [Orabug: 27445637]  
- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju)  [Orabug: 27445637]

Fri Mar 16 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.9.el7uek]

- net/rds: use multiple sge than buddy allocation in congestion code (Wei Lin Guay)  [Orabug: 26848749]  
- Revert "RDS: fix the sg allocation based on actual message size" (Wei Lin Guay)  [Orabug: 26848749]  
- Revert "RDS: avoid large pages for sg allocation for TCP transport" (Wei Lin Guay)  [Orabug: 26848749]  
- Revert "net/rds: Reduce memory footprint in rds_sendmsg" (Wei Lin Guay)  [Orabug: 26848749]  
- net/rds: reduce memory footprint during ib_post_recv in IB transport (Wei Lin Guay)  [Orabug: 26848749]  
- net/rds: reduce memory footprint during rds_sendmsg with IB transport (Wei Lin Guay)  [Orabug: 26848749]  
- net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin Guay)  [Orabug: 26848749]

Thu Jan 11 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.8.el7uek]

- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin)  [Orabug: 27378087] [Orabug: 27352353]  {CVE-2017-5754} 
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk)  [Orabug: 27378074]  
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky)  [Orabug: 27378063]  
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky)  [Orabug: 27378035]  
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles)  [Orabug: 27345388]  {CVE-2017-5715} 
- ptrace: remove unlocked RCU dereference. (Jamie Iles)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715}

Wed Jan 10 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.7.el7uek]

- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk)  [Orabug: 27365568]  {CVE-2017-5715} 
- x86/ia32: save and clear registers on syscall. (Jamie Iles)  [Orabug: 27364707]  {CVE-2017-5754} 
- x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky)  [Orabug: 27364720]  
- pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk)   
- Make use of ibrs_inuse consistent. (Jun Nakajima)   
- x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk)   
- Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86: more ibrs/pti fixes (Pavel Tatashin)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86: Don't ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk)   {CVE-2017-5715} 
- x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk)  [Orabug: 27358615]  {CVE-2017-5754} 
- PTI: unbreak EFI old_memmap (Jiri Kosina)  [Orabug: 27358615]  {CVE-2017-5754} 
- KAISER KABI tweaks. (Martin K. Petersen)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/ldt: fix crash in ldt freeing. (Jamie Iles)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: Set _PAGE_NX only if supported (Guenter Roeck)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- KPTI: Report when enabled (Kees Cook)  [Orabug: 27358615]  {CVE-2017-5754} 
- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/kaiser: Move feature detection up (Borislav Petkov)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/kaiser: Reenable PARAVIRT (Borislav Petkov)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/kaiser: Check boottime cmdline params (Borislav Petkov)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: add "nokaiser" boot option, using ALTERNATIVE (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: enhanced by kernel and user PCIDs (Dave Hansen)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: cleanups while trying for gold link (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: fix perf crashes (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: KAISER depends on SMP (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins)  [Orabug: 27358615]  {CVE-2017-5754} 
- kaiser: merged update (Dave Hansen)  [Orabug: 27358615]  {CVE-2017-5754} 
- KAISER: Kernel Address Isolation (Richard Fellner)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu)  [Orabug: 27358615]  {CVE-2017-5754} 
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Fix INVPCID asm constraint (Borislav Petkov)  [Orabug: 27358615]  {CVE-2017-5754} 
- x86/mm: Add INVPCID helpers (Andy Lutomirski)  [Orabug: 27358615]  {CVE-2017-5754}

Sat Jan 06 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.6.el7uek]

- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk)  [Orabug: 27351275]  
- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk)   {CVE-2017-5715}

Fri Jan 05 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.5.el7uek]

- userns: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- udf: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- net: mpls: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- fs: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- ipv6: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- ipv4: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- Thermal/int340x: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- cw1200: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- qla2xxx: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- p54: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- carl9170: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- uvcvideo: prevent speculative execution (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- locking/barriers: introduce new observable speculation barrier (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova)  [Orabug: 27345402]  {CVE-2017-5753} 
- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} {CVE-2017-5715} 
- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- Set IBPB when running a different VCPU (Dave Hansen)  [Orabug: 27345388]  {CVE-2017-5715} 
- Clear the host registers after setbe (Jun Nakajima)  [Orabug: 27345388]  {CVE-2017-5715} 
- Use the ibpb_inuse variable. (Jun Nakajima)  [Orabug: 27345388]  {CVE-2017-5715} 
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli)  [Orabug: 27345388]  {CVE-2017-5715} 
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini)  [Orabug: 27345388]  {CVE-2017-5715} 
- Use the "ibrs_inuse" variable. (Jun Nakajima)  [Orabug: 27345388]  {CVE-2017-5715} 
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/kvm: Pad RSB on VM transition (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/kvm: clear registers on VM exit (Tom Lendacky)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/kvm: Set IBPB when switching VM (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/mm: Set IBPB upon context switch (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli)  [Orabug: 27345388]  {CVE-2017-5715} 
- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/enter: Use IBRS on syscall and interrupts (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/feature: Report presence of IBPB and IBRS control (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk)  [Orabug: 27345388]  {CVE-2017-5715} 
- x86/feature: Enable the x86 feature to control (Tim Chen)  [Orabug: 27345388]  {CVE-2017-5715}

Mon Nov 13 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.4.el7uek]

- KVM: nVMX: Fix loss of L2's NMI blocking state (Wanpeng Li)  [Orabug: 27062526]  
- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini)  [Orabug: 27062526]  
- KVM: VMX: require virtual NMI support (Paolo Bonzini)  [Orabug: 27062526]  
- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li)  [Orabug: 27062526]  
- netlink: allow to listen "all" netns (Nicolas Dichtel)  [Orabug: 27098332]  
- netlink: rename private flags and states (Nicolas Dichtel)  [Orabug: 27098332]  
- netns: use a spin_lock to protect nsid management (Nicolas Dichtel)  [Orabug: 27098332]  
- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel)  [Orabug: 27098332]  
- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel)  [Orabug: 27098332]  
- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel)  [Orabug: 27098332]  
- netns: returns always an id in __peernet2id() (Nicolas Dichtel)  [Orabug: 27098332]

Tue Oct 31 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-94.7.3.el7uek]

- Revert "drivers/char/mem.c: deny access in open operation when securelevel is set" (Brian Maly)  [Orabug: 27037818]