-
Wed Sep 11 2019 John Mcwalters <john.mcwalters@oracle.com> - [4.18.0-80.11.1.el8_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
-
Tue Sep 03 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.11.1.el8_0]
- [wireless] mwifiex: Don't abort on small, spec-compliant vendor IEs (Jarod Wilson) [1714475 1728992]
- [wireless] mwifiex: fix 802.11n/WPA detection (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}
-
Tue Aug 06 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.10.1.el8_0]
- [x86] x86/entry/64: Use JMP instead of JMPQ (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/cpufeatures: Carve out CQM features retrieval (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
-
Mon Aug 05 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.9.1.el8_0]
- [netdrv] thunderx: eliminate extra calls to put_page() for pages held for recycling (Dean Nelson) [1726354 1644011]
- [netdrv] thunderx: enable page recycling for non-XDP case (Dean Nelson) [1726354 1644011]
- [arm64] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off (Mark Salter) [1726357 1673068]
- [arm64] arm64: kaslr: ensure randomized quantities are clean to the PoC (Mark Salter) [1726357 1673068]
- [mm] powerpc/mm/64s/hash: Reallocate context ids on fork (Gustavo Duarte) [1734689 1723808] {CVE-2019-12817}
- [powerpc] powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (Steve Best) [1733282 1720929]
- [powerpc] powerpc/pseries/mobility: prevent cpu hotplug during DT update (Steve Best) [1733282 1720929]
- [powerpc] powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (Steve Best) [1733282 1720929]
- [powerpc] powerpc/watchpoint: Restore NV GPRs while returning from exception (Steve Best) [1733281 1728557]
- [hid] HID: i2c-hid: Don't reset device upon system resume (Perry Yuan) [1727098 1715385]
- [netdrv] net/mlx5e: RX, Verify MPWQE stride size is in range (Alaa Hleihel) [1726372 1683589]
- [sound] ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Jaroslav Kysela) [1726371 1658924] {CVE-2018-19824}
- [sound] ALSA: hda - Enable runtime PM only for discrete GPU (Jaroslav Kysela) [1726361 1714817]
- [cpufreq] cpufreq: intel_pstate: Ignore turbo active ratio in HWP (David Arcari) [1726360 1711970]
- [infiniband] usnic_verbs: fix deadlock (Govindarajulu Varadarajan) [1726358 1688505]
- [infiniband] IB/usnic: Fix locking when unregistering (Govindarajulu Varadarajan) [1726358 1688505]
- [infiniband] IB/usnic: Fix potential deadlock (Govindarajulu Varadarajan) [1726358 1688505]
- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098]
- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098]
- [x86] x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (Frank Ramsay) [1724534 1677695]
- [security] selinux: overhaul sidtab to fix bug and improve performance (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: use separate table for initial SID lookup (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: refactor sidtab conversion (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: Cleanup printk logging in sidtab (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: Cleanup printk logging in services (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: Cleanup printk logging in policydb (Ondrej Mosnacek) [1717780 1656787]
- [crypto] crypto: authenc - fix parsing key with misaligned rta_len (Herbert Xu) [1715335 1707546]
- [mm] mm, page_alloc: fix has_unmovable_pages for HugePages (David Gibson) [1714758 1688114]
- [wireless] mwifiex: Abort at too short BSS descriptor element (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}
- [wireless] mwifiex: Fix possible buffer overflows at parsing bss descriptor (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}
- [nvme] nvme-pci: add missing unlock for reset error (Gopal Tiwari) [1712261 1703201]
- [nvme] nvme-pci: fix rapid add remove sequence (Gopal Tiwari) [1712261 1703201]
- [wireless] brcmfmac: add subtype check for event handling in data path (Stanislaw Gruszka) [1733895 1704684] {CVE-2019-9503}
- [wireless] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1705385 1705386] {CVE-2019-9500}
- [include] fs: fix kABI for struct pipe_buf_operations (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [fs] fs: prevent page refcount overflow in pipe_buf_get (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [mm] mm: prevent get_user_pages() from overflowing page refcount (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [include] mm: add 'try_get_page()' helper function (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [include] mm: make page ref count overflow check tighter and more explicit (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [fs] fuse: call pipe_buf_release() under pipe lock (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [kvm] KVM: x86: nVMX: fix x2APIC VTPR read intercept (Vitaly Kuznetsov) [1697198 1697199]
- [kvm] KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887) (Vitaly Kuznetsov) [1697198 1697199]
-
Thu Aug 01 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.8.1.el8_0]
- [documentation] Documentation: Add ARM64 to kernel-parameters.rst (Jeremy Linton) [1726353 1640855]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: enable generic CPU vulnerabilites support (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: add sysfs vulnerability show for speculative store bypass (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Always enable ssb vulnerability detection (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: add sysfs vulnerability show for spectre-v2 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Always enable spectre-v2 vulnerability detection (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Advertise mitigation of Spectre-v2, or lack thereof (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: add sysfs vulnerability show for meltdown (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Add sysfs vulnerability show for spectre-v1 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Provide a command line to disable spectre_v2 mitigation (Jeremy Linton) [1726353 1640855]
- [documentation] powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (Jeremy Linton) [1726353 1640855]
- [documentation] Documentation: Document arm64 kpti control (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Add MIDR encoding for HiSilicon Taishan CPUs (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: capabilities: Merge duplicate Cavium erratum entries (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Use a raw spinlock in __install_bp_hardening_cb() (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: fix SSBS sanitization (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: don't zero DIT on signal return (Jeremy Linton) [1726353 1640855]
- [kvm] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: cpufeature: Detect SSBS and advertise to userspace (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h> (Jeremy Linton) [1726353 1640855]
- Revert: [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1726353 1640855] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kernel] ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (Aristeu Rozanski) [1730958 1730959] {CVE-2019-13272}
-
Mon Jun 24 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.7.1.el8_0]
- [x86] Update stepping values for Whiskey Lake U/Y (David Arcari) [1722372 1704801]
- [x86] x86/perf/amd: Resolve NMI latency issues for active PMCs (David Arcari) [1722367 1640238]
- [x86] x86/perf/amd: Resolve race condition when disabling PMC (David Arcari) [1722367 1640238]
- [edac] EDAC/amd64: Set maximum channel layer size depending on family (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Adjust printed chip select sizes when interleaved (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Recognize x16 symbol size (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Support more than two Unified Memory Controllers (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (Gary Hook) [1722365 1690984]
- [edac] EDAC, amd64: Add Family 17h, models 10h-2fh support (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Add Family 17h Model 30h PCI IDs (Aristeu Rozanski) [1722365 1696603]
- [x86] mark AMD Rome processors supported (David Arcari) [1721972 1520002]
- [x86] x86/mce: Handle varying MCA bank counts (David Arcari) [1721233 1668779]
- [iommu] iommu/vt-d: Disable ATS support on untrusted devices (Jerry Snitselaar) [1700376 1692246]
- [documentation] thunderbolt: Export IOMMU based DMA protection support to userspace (Jerry Snitselaar) [1700376 1692246]
- [iommu] iommu/vt-d: Do not enable ATS for untrusted devices (Jerry Snitselaar) [1700376 1692246]
- [iommu] iommu/vt-d: Force IOMMU on for platform opt in hint (Jerry Snitselaar) [1700376 1692246]
- [pci] PCI / ACPI: Identify untrusted PCI devices (Myron Stowe) [1700376 1704979]
- [acpi] ACPI / property: Allow multiple property compatible _DSD entries (Myron Stowe) [1700376 1537397]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719857 1719858] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719602 1719603] {CVE-2019-11477}
-
Tue Jun 18 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.6.1.el8_0]
- [mm] mm: defer ZONE_DEVICE page initialization to the point where we init pgmap (Waiman Long) [1719635 1666538]
- [mm] mm: create non-atomic version of SetPageReserved for init use (Waiman Long) [1719635 1666538]
- [mm] mm: provide kernel parameter to allow disabling page init poisoning (Waiman Long) [1719635 1666538]
- [mm] mm, slub: restore the original intention of prefetch_freepointer() (Rafael Aquini) [1718237 1714671]
- [security] selinux: do not report error on connect(AF_UNSPEC) (Ondrej Mosnacek) [1717870 1707828]
- [security] selinux: Check address length before reading address family (Ondrej Mosnacek) [1717870 1707828]
- [powerpc] powerpc/tm: Fix stack pointer corruption (Desnes Augusto Nunes do Rosario) [1717869 1707635]
- [md] dm cache metadata: Fix loading discard bitset (Mike Snitzer) [1717868 1701618]
- [md] dm mpath: fix missing call of path selector type->end_io (Mike Snitzer) [1717804 1686227]
- [mm] mm/memory.c: do_fault: avoid usage of stale vm_area_struct ("Herton R. Krzesinski") [1717801 1684734]
- [net] sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (Scott Mayhew) [1717800 1679183]
- [net] sunrpc: Don't use stack buffer with scatterlist (Scott Mayhew) [1717800 1679183]
- [scsi] scsi: mpt3sas: Fix kernel panic during expander reset (Tomas Henzl) [1717791 1677693]
- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1717777 1647723]
- [drm] drm/bufs: Fix Spectre v1 vulnerability (Rob Clark) [1717382 1663467]
- [drm] drm/ioctl: Fix Spectre v1 vulnerabilities (Rob Clark) [1717382 1663467]
- [tools] perf annotate: Fix getting source line failure (Michael Petlan) [1716887 1614435]
- [iommu] iommu/amd: Set exclusion range correctly (Jerry Snitselaar) [1715336 1702766]
- [iommu] iommu/amd: Reserve exclusion range in iova-domain (Jerry Snitselaar) [1717344 1694835]
- [kvm] KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() (Vitaly Kuznetsov) [1715018 1694456]
- [s390] kvm: s390: Fix potential spectre warnings (Thomas Huth) [1714754 1702344]
- [drm] drm/i915/gvt: Fix mmap range check (Alex Williamson) [1713572 1713573] {CVE-2019-11085}
- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712862 1712863] {CVE-2019-11810}
-
Wed Jun 05 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.5.1.el8_0]
- [kernel] sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (Joel Savitz) [1715345 1695651]
- [kernel] sched/fair: Fix O(nr_cgroups) in the load balancing path (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [kernel] sched/fair: Fix insertion in rq->leaf_cfs_rq_list (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [kernel] sched/fair: Add tmp_alone_branch assertion (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [kernel] sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [rpmspec] apply linux-kernel-test.patch when building ("Herton R. Krzesinski") [1715340 1690534]
- [rpmspec] Fix cross builds (Jiri Olsa) [1715339 1694956]
- [kernel] sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (Phil Auld) [1715337 1701762]
- [kvm] KVM: PPC: Book3S HV: Save/restore vrsave register in kvmhv_p9_guest_entry() (Suraj Jitindar Singh) [1714753 1700272]
- [powerpc] KVM: PPC: Book3S HV: Perserve PSSCR FAKE_SUSPEND bit on guest exit (Suraj Jitindar Singh) [1714751 1689768]
- [powerpc] powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (David Gibson) [1714746 1674410]
- [char] ipmi_si: fix use-after-free of resource->name (Tony Camuso) [1714409 1714410] {CVE-2019-11811}
- [x86] Update stepping values for coffee lake desktop (David Arcari) [1711048 1704800]
-
Thu May 16 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.4.1.el8_0]
- [netdrv] ice: Do autoneg based on VSI state (Jonathan Toppins) [1709433 1687903]
- [arm64] arm64: apply workaround on A64FX v1r0 (Mark Langsdorf) [1700901 1692306]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [include] locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
-
Tue May 14 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-80.3.1.el8_0]
- [mm] mm: enforce min addr even if capable() in expand_downwards() (Rafael Aquini) [1708829 1687667] {CVE-2019-9213}
- [powerpc] powerpc/radix: Fix kernel crash with mremap() (Steve Best) [1708617 1674186]
- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/powernv: Query firmware for count cache flush settings (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1708112 1694456]
- [of] of: __of_detach_node() - remove node from phandle cache (Steve Best) [1708102 1669198]
- [of] of: of_node_get()/of_node_put() nodes held in phandle cache (Steve Best) [1708102 1669198]
- [fs] debugfs: Fix EPERM regression from kernel lockdown check (Lenny Szubowicz) [1708100 1686755]
- [block] nvme: lock NS list changes while handling command effects (David Milburn) [1701140 1672759]