-
Wed Nov 13 2019 Alan Steinberg <alan.steinberg@oracle.com> [3.10.0-1062.4.3.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
-
Tue Nov 12 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.4.3.el7]
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
-
Tue Nov 05 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.4.2.el7]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] tsx: Add "auto" option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] cpu: Add a "tsx=" cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
-
Wed Sep 25 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.4.1.el7]
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879 1750880] {CVE-2019-14835}
-
Mon Sep 16 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.3.1.el7]
- [net] Bluetooth: Fix faulty expression for minimum encryption key size check (Gopal Tiwari) [1743084 1743085] {CVE-2019-9506}
- [net] Bluetooth: Fix regression with minimum encryption key size alignment (Gopal Tiwari) [1743084 1743085] {CVE-2019-9506}
- [net] Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (Gopal Tiwari) [1743084 1743085] {CVE-2019-9506}
- [net] macvlan: Support bonding events (Davide Caratti) [1751579 1733589]
- [wireless] mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Mark expected switch fall-through (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Fix skipped vendor specific IEs (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: fix 802.11n/WPA detection (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Don't abort on small, spec-compliant vendor IEs (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Abort at too short BSS descriptor element (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Fix possible buffer overflows at parsing bss descriptor (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [net] sunrpc: Fix possible autodisconnect during connect due to old last_used (Dave Wysochanski) [1749290 1723537]
- [drm] drm/ast: Fixed reboot test may cause system hanged (Dave Airlie) [1749296 1739971]
- [block] block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Ming Lei) [1739326 1739327] {CVE-2018-20856}
- [pci] PCI: hv: Fix a use-after-free bug in hv_eject_device_work() (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Add hv_pci_remove_slots() when we unload the driver (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Fix a memory leak in hv_eject_device_work() (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: support reporting serial number as slot information (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Remove unused reason for refcount handler (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Convert hv_pci_dev.refs from atomic_t to refcount_t (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Remove the bogus test in hv_eject_device_work() (Mohammed Gamal) [1748239 1732924]
- [fs] NFSv4: Replace closed stateids with the "invalid special stateid" (Steve Dickson) [1744946 1733347]
- [nvme] nvme-rdma: use dynamic dma mapping per command (David Milburn) [1744444 1637693]
- [nvme] nvme-rdma: remove redundant reference between ib_device and tagset (David Milburn) [1744444 1637693]
- [nvme] nvme-rdma: always have a valid trsvcid (David Milburn) [1744443 1717536]
- [nvme] nvme-rdma: use inet_pton_with_scope helper (David Milburn) [1744443 1717536]
- [nvme] nvmet-rdma: use generic inet_pton_with_scope (David Milburn) [1744443 1717536]
- [iommu] x86/hyper-v: add msi_setup_irq/msi_alloc_irq stubs to fix x2apic mode (Vitaly Kuznetsov) [1743324 1736750]
- [mm] slub: make dead caches discard free slabs immediately (Aristeu Rozanski) [1741920 1649189]
- [mm] mm: charge/uncharge kmemcg from generic page allocator paths (Aristeu Rozanski) [1741920 1649189]
- [mm] memcg: do not account memory used for cache creation (Aristeu Rozanski) [1741920 1649189]
- [mm] memcg: also test for skip accounting at the page allocation level (Aristeu Rozanski) [1741920 1649189]
- [fs] kmemcg: account certain kmem allocations to memcg (Aristeu Rozanski) [1741920 1649189]
- [mm] vmalloc: allow to account vmalloc to memcg (Aristeu Rozanski) [1741920 1649189]
- [mm] slab: add SLAB_ACCOUNT flag (Aristeu Rozanski) [1741920 1649189]
- [include] memcg: only account kmem allocations marked as __GFP_ACCOUNT (Aristeu Rozanski) [1741920 1649189]
- [include] mm: get rid of __GFP_KMEMCG (Aristeu Rozanski) [1741920 1649189]
- [mm] slb: charge slabs to kmemcg explicitly (Aristeu Rozanski) [1741920 1649189]
- [mm] mm: rename allocflags_to_migratetype for clarity (Rafael Aquini) [1741920 1730471]
- [x86] cpuidle-haltpoll: disable host side polling when kvm virtualized (Marcelo Tosatti) [1740192 1734501]
- [kvm] kvm: x86: add host poll control msrs (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: add haltpoll governor (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] governors: unify last_state_idx (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: add poll_limit_ns to cpuidle_device structure (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] add cpuidle-haltpoll driver (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Fix default time limit (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Disregard disable idle states (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Revise loop termination condition (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: menu: Fix wakeup statistics updates for polling state (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Avoid invoking local_clock() too often (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Add time limit to poll_idle() (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: Move polling state initialization code to separate file (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: Remove time measurement in poll state (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: Set polling in poll_idle (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: dont call poll_idle_init() for every cpu (Marcelo Tosatti) [1740192 1734501]
- [hv] hv: vmbus: Implement Direct Mode for stimer0 (Vitaly Kuznetsov) [1740188 1712344]
- [kernel] sched: Reduce contention in update_cfs_rq_blocked_load() (Marcelo Tosatti) [1740180 1734515]
- [ipc] ipc: drop non-RCU allocation (Vladis Dronov) [1740178 1733016]
- [ipc] ipc/util.c: use kvfree() in ipc_rcu_free() (Vladis Dronov) [1740178 1733016]
- [ipc] tree wide: use kvfree() than conditional kfree()/vfree() (Vladis Dronov) [1740178 1733016]
- [ipc] standardize code comments (Waiman Long) [1740178 1373519]
- [ipc] whitespace cleanup (Waiman Long) [1740178 1373519]
- [fs] gfs2: gfs2_walk_metadata fix (Andreas Grunbacher) [1737373 1724362]
- [fs] gfs2: Inode dirtying fix (Andreas Grunbacher) [1737373 1724362]
- [fs] gfs2: Fix rounding error in gfs2_iomap_page_prepare (Andreas Grunbacher) [1737373 1724362]
- [fs] iomap: fix page_done callback for short writes (Andreas Grunbacher) [1737373 1724362]
- [fs] fs: fold __generic_write_end back into generic_write_end (Andreas Grunbacher) [1737373 1724362]
- [fs] iomap: don't mark the inode dirty in iomap_write_end (Andreas Grunbacher) [1737373 1724362]
- [fs] gfs2: Fix iomap write page reclaim deadlock (Andreas Grunbacher) [1737373 1724362]
- [fs] iomap: Add a page_prepare callback (Andreas Grunbacher) [1737373 1724362]
- [fs] iomap: Fix use-after-free error in page_done callback (Andreas Grunbacher) [1737373 1724362]
- [fs] fs: Turn __generic_write_end into a void function (Andreas Grunbacher) [1737373 1724362]
- [fs] iomap: Clean up __generic_write_end calling (Andreas Grunbacher) [1737373 1724362]
-
Thu Aug 22 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.2.1.el7]
- [x86] aesni: initialize gcm(aes) cryptd child's key/authsize (Sabrina Dubroca) [1744442 1698551]
- [netdrv] bnx2x: Disable multi-cos feature (Manish Chopra) [1741926 1704157]
-
Tue Aug 13 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.1.1.el7]
- [fs] nfsv4.1: Avoid false retries when RPC calls are interrupted (Benjamin Coddington) [1739077 1732427]
- [fs] NFS4.1 handle interrupted slot reuse from ERR_DELAY (Benjamin Coddington) [1739077 1732427]
- [fs] nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (Benjamin Coddington) [1739077 1732427]
- [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1737382 1702264]
- [scsi] sg: protect against races between mmap() and SG_SET_RESERVED_SIZE (Ewan Milne) [1737380 1710533]
- [scsi] sg: recheck MMAP_IO request length with lock held (Ewan Milne) [1737380 1710533]
- [scsi] sg: reset 'res_in_use' after unlinking reserved array (Ewan Milne) [1737380 1710533]
- [scsi] sg: protect accesses to 'reserved' page array (Ewan Milne) [1737380 1710533]
- [netdrv] mlx4/en_netdev: allow offloading VXLAN over VLAN (Paolo Abeni) [1734333 1733671]
- [netdrv] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1704879 1704880] {CVE-2019-9500}
- [net] tcp: be more careful in tcp_fragment() (Marcelo Leitner) [1739130 1732106]
- [documentation] Documentation: Add swapgs description to the Spectre v1 documentation (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [documentation] Documentation: Add section about CPU vulnerabilities for Spectre (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/feature: Relocate X86_FEATURE_INVPCID_SINGLE (Waiman Long) [1729810 1724510] {CVE-2019-1125}
-
Thu Jul 18 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> [3.10.0-1062.el7]
- [fs] revert "xfs: disable copy_file_range() to avoid broken splice copy" (Eric Sandeen) [1731205]
-
Thu Jul 11 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> [3.10.0-1061.el7]
- [linux] efi: Disable local interrupts across efi run-time calls (Lenny Szubowicz) [1716252]
- [net] tcp: refine memory limit test in tcp_fragment() (Florian Westphal) [1723032]
- [net] tcp: provide TCP_FRAG_IN_WRITE/RTX_QUEUE for tcp_fragment use (Florian Westphal) [1723032]
-
Mon Jul 01 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> [3.10.0-1060.el7]
- [char] random: move FIPS continuous test to output functions (Herbert Xu) [1723910]
- [netdrv] i40e: fix WoL support check (Stefan Assmann) [1720021]
- [fs] revert "gfs2: Use d_materialise_unique instead of d_splice_alias" (Robert S Peterson) [1677686]
- [mm] vmpressure: make sure there are no events queued after memcg is offlined (Vratislav Bendel) [1685447]
- [mm] revert "mm: split page_type out from _mapcount" (David Hildenbrand) [1723689]
- [mm] huge_memory: make pmd huge before dirty (Rafael Aquini) [1720278]
- [mm] revert "don't split THP page when MADV_FREE syscall is called" (Rafael Aquini) [1720278]
- [mm] revert "fix incorrect unlock error path in madvise_free_huge_pmd" (Rafael Aquini) [1720278]
- [mm] revert "pmd dirty emulation in page fault handler" (Rafael Aquini) [1720278]
- [mm] revert "thp: fix crash due race in MADV_FREE handling" (Rafael Aquini) [1720278]