-
Thu Jun 14 2018 John Mcwalters <john.mcwalters@oracle.com> [3.10.0-862.3.3.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
-
Wed Jun 13 2018 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-862.3.3.el7]
- [x86] always enable eager FPU by default on non-AMD processors (Paolo Bonzini) [1589051 1589048] {CVE-2018-3665}
-
Tue May 15 2018 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-862.3.2.el7]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] entry: Add missing "$" in IBRS macros (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [uapi] prctl: Add speculation control prctls (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904 1566905] {CVE-2018-3639}
-
Thu May 10 2018 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-862.3.1.el7]
- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573173 1571162]
- [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087}
- [x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897}
- [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199}
-
Mon Apr 30 2018 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-862.2.1.el7]
- [md] dm: fix dropped return code from dm_get_bdev_for_ioctl (Mike Snitzer) [1567746 1562962]
- [crypto] aesni: Add support for 192 & 256 bit keys to AESNI RFC4106 (Bruno Eduardo de Oliveira Meneguele) [1570537 1568167]
-
Fri Apr 13 2018 Rado Vrbovsky <rvrbovsk@redhat.com> [3.10.0-862.1.1.el7]
- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1565700 1540061]
- [x86] pti: Rework the UEFI data corruption fix (Waiman Long) [1565700 1540061]
- [powerpc] tm: Flush TM only if CPU has TM feature (David Gibson) [1563773 1544676] {CVE-2018-1091}
- [gpu] drm/i915/glk: IPC linetime watermark workaround for GLK (Lyude Paul) [1563711 1548651]
- [x86] apic: Remove the (now) unused disable_IO_APIC() function (Baoquan He) [1563108 1521003]
- [x86] apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (Baoquan He) [1563108 1521003]
- [x86] apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (Baoquan He) [1563108 1521003]
- [x86] apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (Baoquan He) [1563108 1521003]
- [netdrv] i40e: Close client on suspend and restore client MSIx on resume (Stefan Assmann) [1563106 1538847]
- [fs] nfs: Fix unstable write completion (Scott Mayhew) [1563103 1544647]
- [x86] kvm: Fix device passthrough when SME is active (Suravee Suthikulpanit) [1563098 1557911]
- [powerpc] powernv: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927]
- [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927]
- [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1563096 1553927]
- [nvme] fixup nvme_sysfs_delete() (David Milburn) [1563092 1543716]
- [x86] smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a physical CPU (Prarit Bhargava) [1563091 1527731]
- [x86] tsc: Fix erroneous TSC rate on Skylake Xeon (Prarit Bhargava) [1563088 1466058]
- [x86] tsc: Print tsc_khz, when it differs from cpu_khz (Prarit Bhargava) [1563088 1466058]
- [x86] tsc: Future-proof native_calibrate_tsc() (Prarit Bhargava) [1563088 1466058]
- [scsi] csiostor: add support for 32 bit port capabilities (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4/cxgbvf: Handle 32-bit fw port capabilities (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4vf: define get_fecparam ethtool callback (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4: ethtool forward error correction management support (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4: core hardware/firmware support for Forward Error Correction on a link (Arjun Vynipadath) [1561906 1526163]
- [iscsi-target] Fix panic when adding second TCP connection to iSCSI session (Maurizio Lombardi) [1561900 1544670]
- [crypto] chelsio: Fix src buffer dma length (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: Move DMA un/mapping to chcr from lld cxgb4 driver (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: Remove unused parameter (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: Remove allocation of sg list to implement 2K limit of dsgl header (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: introduce __skb_put_zero() (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: make skb_put & friends return void pointers (Arjun Vynipadath) [1561899 1548047]
- [gpu] drm/i915/cfl: Remove alpha support protection (Rob Clark) [1561897 1464911]
- [gpu] drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin (Rob Clark) [1561897 1464911]
- [gpu] drm/i915: Add retries for LSPCON detection (Rob Clark) [1561897 1464911]
- [gpu] drm/i915: Don't give up waiting on INVALID_MODE (Rob Clark) [1561897 1464911]
- [nvme] pci: Fix EEH failure on ppc (Mauricio Oliveira) [1561894 1558499]
- [net] netfilter: ebtables: fix erroneous reject of last rule (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] netfilter: bridge: ebt_among: add more missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] netfilter: bridge: ebt_among: add missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] ipsec: Fix aborted xfrm policy dump crash (Bruno Eduardo de Oliveira Meneguele) [1517292 1517290] {CVE-2017-16939}
-
Wed Mar 21 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> [3.10.0-862.el7]
- [netdrv] i40e: Fix attach VF to VM issue (Stefan Assmann) [1528123]
- [netdrv] ixgbevf: Add check for ixgbe_mbox_api_13 to ixgbevf_probe when setting max_mtu (Ken Cox) [1556696]
- [md] dm btree: fix serious bug in btree_split_beneath() (Mike Snitzer) [1557849]
- [x86] pti: Disable PTI user page table update in EFI virtual mode (Waiman Long) [1540061]
-
Wed Mar 14 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> [3.10.0-861.el7]
- [netdrv] tg3: prevent scheduling while atomic splat (Jonathan Toppins) [1554590]
- [nvme] validate admin queue before unquiesce (David Milburn) [1549733]
-
Tue Mar 06 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> [3.10.0-860.el7]
- [acpi] sbshc: remove raw pointer from printk() message (Baoquan He) [1547009] {CVE-2018-5750}
- [fs] gfs2: fixes to "implement iomap for block_map" (Andreas Grunbacher) [1542594]
- [x86] kvm: svm: disable virtual GIF and VMLOAD/VMSAVE (Paolo Bonzini) [1552090]
-
Mon Mar 05 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> [3.10.0-859.el7]
- [media] v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548430] {CVE-2017-13166}
- [kernel] futex: Prevent overflow by strengthen input validation (Joe Lawrence) [1547585] {CVE-2018-6927}
- [fs] Revert dcache_readdir back to ->readdir() ("Eric W. Biederman") [1525541]
- [md] dm-raid: fix incorrect sync_ratio when degraded (Mike Snitzer) [1547979]
- [mm] page_alloc: fix memmap_init_zone pageblock alignment (Daniel Vacek) [1525121]
- [mm] revert kvmalloc: stress the vmalloc path in the debugging kernel (Jeff Moyer) [1550094]
- [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1543067]
- [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1543067]
- [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1543067]
- [x86] kvm: vmx: Cache IA32_DEBUGCTL in memory (Paolo Bonzini) [1537379]
- [x86] spec_ctrl: avoid rmb() on full retpoline kernels (Paolo Bonzini) [1537379]
- [x86] spec_ctrl: replace boot_cpu_has with a static key for IBRS checks (Paolo Bonzini) [1537379]
- [x86] spec_ctrl: actually use static key for retpolines (Paolo Bonzini) [1537379]
- [x86] kvm: vmx: optimize IBRS handling at vmenter/vmexit (Paolo Bonzini) [1537379]
- [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1537379]
- [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1537379]
- [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1537379]
- [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1537379]
- [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1537379]
- [x86] kvm: Add IBPB support (Paolo Bonzini) [1537379]
- [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1537379]
- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1537379]
- [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1537379]
- [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1537379]
- [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1537379]
- [x86] kvm: Update the reverse_cpuid list to include CPUID_7_EDX (Paolo Bonzini) [1537379]
- [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel (Paolo Bonzini) [1537379]
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Paolo Bonzini) [1537379]
- [x86] cpufeatures: Add Intel feature bits for Speculation Control (Paolo Bonzini) [1537379]
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Paolo Bonzini) [1537379]
- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Paolo Bonzini) [1537379]
- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Paolo Bonzini) [1537379]