[Oraclevm-errata] OVMSA-2018-0035 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Apr 18 15:43:35 PDT 2018


Oracle VM Security Advisory OVMSA-2018-0035

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.14.1.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.14.1.el6uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-124.14.1.el6uek.src.rpm



Description of changes:

[4.1.12-124.14.1.el6uek]
- ctf: drop the run-as-root error (Nick Alcock)  [Orabug: 27852654]
- rds: Node crashes when trace buffer is opened (Ka-Cheong Poon) 
[Orabug: 27846191]
- xfs: fix accidental reversion of aa6a6227435cb (Darrick J. Wong) 
[Orabug: 27845869]

[4.1.12-124.13.1.el6uek]
- net: cdc_ether: fix divide by 0 on bad descriptors (Bjørn Mork) 
[Orabug: 27841392]  {CVE-2017-16649}
- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou 
Chengming)  [Orabug: 27841944]  {CVE-2016-9191} {CVE-2016-9191} 
{CVE-2016-9191}
- Revert "sysctl: Drop reference added by grab_header in 
proc_sys_readdir" (Jack Vogel)

[4.1.12-124.12.1.el6uek]
- xfs: remove "no-allocation" reservations for file creations (Darrick 
J. Wong)  [Orabug: 27609439]
- xfs: don't print warnings when xfs_log_force fails (Christoph Hellwig) 
  [Orabug: 27609404]
- xfs: Properly retry failed dquot items in case of error during buffer 
writeback (Carlos Maiolino)  [Orabug: 27609404]
- xfs: Properly retry failed inode items in case of error during buffer 
writeback (Carlos Maiolino)  [Orabug: 27609404]
- xfs: Add infrastructure needed for error propagation during buffer IO 
failure (Carlos Maiolino)  [Orabug: 27609404]
- xfs: remove xfs_trans_ail_delete_bulk (Christoph Hellwig)  [Orabug: 
27609404]
- xfs: fix and streamline error handling in xfs_end_io (Darrick J. Wong) 
  [Orabug: 27609404]
- xfs: don't leave EFIs on AIL on mount failure (Brian Foster)  [Orabug: 
27609404]
- xfs: use EFI refcount consistently in log recovery (Brian Foster) 
[Orabug: 27609404]
- xfs: ensure EFD trans aborts on log recovery extent free failure 
(Brian Foster)  [Orabug: 27609404]
- xfs: fix efi/efd error handling to avoid fs shutdown hangs (Brian 
Foster)  [Orabug: 27609404]
- xfs: return committed status from xfs_trans_roll() (Brian Foster) 
[Orabug: 27609404]
- xfs: disentagle EFI release from the extent count (Brian Foster) 
[Orabug: 27609404]

[4.1.12-124.11.1.el6uek]
- netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets 
(Florian Westphal)  [Orabug: 27774012]  {CVE-2018-1068}
- ACPI / PAD: don't register acpi_pad driver if running as Xen dom0 
(Juergen Gross)  [Orabug: 27796473]
- sched/fair: Fix typo in sync_throttle() (Xunlei Pang)  [Orabug: 27787518]
- sched/fair: Do not announce throttled next buddy in 
dequeue_task_fair() (Konstantin Khlebnikov)  [Orabug: 27787518]
- sched/fair: Initialize and rework throttle_count for new task-groups 
(Peter Zijlstra)  [Orabug: 27787518]
- perf tools: Move syscall number fallbacks from perf-sys.h to 
tools/arch/x86/include/asm/ (Arnaldo Carvalho de Melo)  [Orabug: 27240053]
- crypto: FIPS - allow tests to be disabled in FIPS mode (Stephan 
Mueller)  [Orabug: 27809271]
- crypto: xts - consolidate sanity check for keys (Stephan Mueller) 
[Orabug: 27809271]
- crypto: rng - Zero seed in crypto_rng_reset (Herbert Xu)  [Orabug: 
27809271]
- enic: set IG desc cache flag in open (Govindarajulu Varadarajan) 
[Orabug: 27587345]

[4.1.12-124.10.1.el6uek]
- Drivers: hv: utils: fix crash when device is removed from host side 
(Vitaly Kuznetsov)  [Orabug: 27426102]
- Drivers: hv: utils: introduce HVUTIL_TRANSPORT_DESTROY mode (Vitaly 
Kuznetsov)  [Orabug: 27426102]
- Drivers: hv: utils: rename outmsg_lock (Vitaly Kuznetsov)  [Orabug: 
27426102]
- Drivers: hv: utils: fix memory leak on on_msg() failure (Vitaly 
Kuznetsov)  [Orabug: 27426102]
- Drivers: hv: utils: use memdup_user in hvt_op_write (Olaf Hering) 
[Orabug: 27426102]
- hv: util: checking the wrong variable (Dan Carpenter)  [Orabug: 27426102]
- net/rds: Avoid copy overhead if send buff is full (Gerd Rausch) 
[Orabug: 27747165]
- ext4: fix ->put_link panic (Junxiao Bi)  [Orabug: 27498770]
- KVM/VMX: Clear spec_ctrl status when resetting vcpu (Patrick Colp)
- mlx4: change the ICM table allocations to lowest needed size (Daniel 
Jurgens)  [Orabug: 27718303]
- Revert "Drivers: hv: utils: fix a race on userspace daemons 
registration" (Jack Vogel)  [Orabug: 27673755]

[4.1.12-124.9.1.el6uek]
- crypto: af_alg - Avoid sock_graft call warning (Herbert Xu)  [Orabug: 
26895616]
- iscsi-target: Fix initial login PDU asynchronous socket close OOPs 
(Nicholas Bellinger)  [Orabug: 27701211]
- target/iscsi: Fix indentation in iscsi_target_start_negotiation() 
(Bart Van Assche)  [Orabug: 27701211]
- iscsi-target: Fix early sk_data_ready LOGIN_FLAGS_READY race (Nicholas 
Bellinger)  [Orabug: 27701211]
- iscsi-target: Fix rx_login_comp hang after login failure (Nicholas 
Bellinger)  [Orabug: 27701211]
- KVM: x86: fix singlestepping over syscall (Paolo Bonzini)  [Orabug: 
27669904]  {CVE-2017-7518} {CVE-2017-7518}
- nfs: system crashes after NFS4ERR_MOVED recovery 
(Bill.Baker at oracle.com)  [Orabug: 27679350]
- NFS: Clean up nfs4_set_client() (Anna Schumaker)  [Orabug: 27679350]
- NFS4: Avoid migration loops (Benjamin Coddington)  [Orabug: 27679350]
- mstflint: update Makefile and Kconfig (Qing Huang)  [Orabug: 27707445]
- target: add inquiry_product module param to override LIO default (Kyle 
Fortin)  [Orabug: 27679431]
- target: add inquiry_vendor module param to override LIO-ORG (Kyle 
Fortin)  [Orabug: 27679431]
- IB/core: Avoid calling ib_query_device (Or Gerlitz)  [Orabug: 27687711]
- IB/core: Save the device attributes on the device structure (Ira 
Weiny)  [Orabug: 27687711]

[4.1.12-124.8.1.el6uek]
- nvme: fix uninitialized prp2 value on small transfers (Jan H. 
Schönherr)  [Orabug: 27624149]
- bnxt_en: initialize bnxt_pf_wq (Brian Maly)  [Orabug: 27674029]
- x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk)

[4.1.12-124.7.1.el6uek]
- retpoline: selectively disable IBRS in disable_ibrs_and_friends() 
(Chuck Anderson)  [Orabug: 27665263]

[4.1.12-124.6.1.el6uek]
- bnxt_en: Add cache line size setting to optimize performance. (Michael 
Chan)  [Orabug: 27648355]
- bnxt_en: Forward VF MAC address to the PF. (Vasundhara Volam) 
[Orabug: 27648355]
- bnxt_en: Add BCM5745X NPAR device IDs (Vasundhara Volam)  [Orabug: 
27648355]
- bnxt_en: Expand bnxt_check_rings() to check all resources. (Michael 
Chan)  [Orabug: 27648355]
- bnxt_en: Implement new method for the PF to assign SRIOV resources. 
(Michael Chan)  [Orabug: 27648355]
- bnxt_en: Reserve resources for RFS. (Michael Chan)  [Orabug: 27648355]
- bnxt_en: Implement new method to reserve rings. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Set initial default RX and TX ring numbers the same in 
combined mode. (Michael Chan)  [Orabug: 27648355]
- bnxt_en: Add the new firmware API to query hardware resources. 
(Michael Chan)  [Orabug: 27648355]
- bnxt_en: Refactor hardware resource data structures. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Restore MSIX after disabling SRIOV. (Michael Chan)  [Orabug: 
27648355]
- bnxt_en: Refactor bnxt_close_nic(). (Michael Chan)  [Orabug: 27648355]
- bnxt_en: Update firmware interface to 1.9.0. (Michael Chan)  [Orabug: 
27648355]
- bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. 
(Venkat Duvvuru)  [Orabug: 27648355]
- bnxt_en: Fix sources of spurious netpoll warnings (Calvin Owens) 
[Orabug: 27648355]
- bnxt_en: Don't print "Link speed -1 no longer supported" messages. 
(Michael Chan)  [Orabug: 27648355]
- bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (Vasundhara 
Volam)  [Orabug: 27648355]
- bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (Ray 
Jui)  [Orabug: 27648355]
- bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' 
(Christophe JAILLET)  [Orabug: 27648355]
- bnxt: fix bnxt_hwrm_fw_set_time for y2038 (Arnd Bergmann)  [Orabug: 
27648355]
- bnxt_en: Fix IRQ coalescing regression. (Michael Chan)  [Orabug: 
27648355]
- bnxt_en: fix typo in bnxt_set_coalesce (Andy Gospodarek)  [Orabug: 
27648355]
- bnxt_en: Refactor and simplify coalescing code. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Reorganize the coalescing parameters. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Add ethtool reset method (Vasundhara Volam)  [Orabug: 27648355]
- bnxt_en: Optimize .ndo_set_mac_address() for VFs. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Get firmware package version one time. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Check for zero length value in bnxt_get_nvram_item(). 
(Michael Chan)  [Orabug: 27648355]
- bnxt_en: adding PCI ID for SMARTNIC VF support (Rob Miller)  [Orabug: 
27648355]
- bnxt_en: Add PCIe device ID for bcm58804 (Ray Jui)  [Orabug: 27648355]
- bnxt_en: Update firmware interface to 1.8.3.1 (Michael Chan)  [Orabug: 
27648355]
- bnxt_en: Fix possible corruption in DCB parameters from firmware. 
(Sankar Patchineelam)  [Orabug: 27648355]
- bnxt_en: Fix VF resource checking. (Michael Chan)  [Orabug: 27648355]
- bnxt_en: Fix VF PCIe link speed and width logic. (Vasundhara Volam) 
[Orabug: 27648355]
- bnxt_en: Don't use rtnl lock to protect link change logic in 
workqueue. (Michael Chan)  [Orabug: 27648355]
- bnxt_en: Improve VF/PF link change logic. (Michael Chan)  [Orabug: 
27648355]
- bnxt_en: Remove redundant unlikely() (Tobias Klauser)  [Orabug: 27648355]
- drivers: net: bnxt: use setup_timer() helper. (Allen Pais)  [Orabug: 
27648355]
- bnxt_en: Reduce default rings on multi-port cards. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Improve -ENOMEM logic in NAPI poll loop. (Michael Chan) 
[Orabug: 27648355]
- bnxt: initialize board_info values with proper enums (Scott Branden) 
[Orabug: 27648355]
- bnxt: Add PCIe device IDs for bcm58802/bcm58808 (Ray Jui)  [Orabug: 
27648355]
- bnxt_en: assign CPU affinity hints to bnxt_en IRQs (Vasundhara Volam) 
[Orabug: 27648355]
- bnxt_en: Improve tx ring reservation logic. (Michael Chan)  [Orabug: 
27648355]
- bnxt_en: Update firmware interface spec. to 1.8.1.4. (Michael Chan) 
[Orabug: 27648355]
- bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps(). (Michael 
Chan)  [Orabug: 27648355]
- bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re. 
(Michael Chan)  [Orabug: 27648355]
- bnxt_en: Fix .ndo_setup_tc() to include XDP rings. (Michael Chan) 
[Orabug: 27648355]
- bnxt: fix unused variable warnings (stephen hemminger)  [Orabug: 
27648355]
- bnxt: fix unsigned comparsion with 0 (stephen hemminger)  [Orabug: 
27648355]
- bnxt_en: Use SWITCHDEV_SET_OPS(). (David S. Miller)  [Orabug: 27648355]
- bnxt_en: Set ETS min_bw parameter for older firmware. (Michael Chan) 
[Orabug: 27648355]
- dccp/tcp: fix routing redirect race (Jon Maxwell)  [Orabug: 27661864]
- Revert "RDS: don't commit to queue till transport connection is up" 
(Santosh Shilimkar)  [Orabug: 27606911]
- be2net: locking/atomics: COCCINELLE/treewide: Convert trivial 
ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() (Mark Rutland) 
[Orabug: 27615319]
- be2net: Handle transmit completion errors in Lancer (Suresh Reddy) 
[Orabug: 27615319]
- be2net: Fix HW stall issue in Lancer (Suresh Reddy)  [Orabug: 27615319]
- be2net: remove redundant initialization of 'head' and pointer txq 
(Colin Ian King)  [Orabug: 27615319]
- be2net: networking block comments don't use an empty /* line (Rohit 
Visavalia)  [Orabug: 27615319]
- be2net: restore properly promisc mode after queues reconfiguration 
(Ivan Vecera)  [Orabug: 27615319]
- be2net: use ARRAY_SIZE for array sizing calculation on array 
cmd_priv_map (Colin Ian King)  [Orabug: 27615319]
- RDS: IB: Fix null pointer issue (Guanglei Li)  [Orabug: 27636711]
- xen/acpi: upload _PSD info for non-dom0 CPUs too (Joao Martins) 
[Orabug: 27655759]
- scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright (James 
Smart)  [Orabug: 27631736]
- scsi: lpfc: update driver version to 11.4.0.7 (James Smart)  [Orabug: 
27631736]
- scsi: lpfc: Treat SCSI Write operation Underruns as an error (James 
Smart)  [Orabug: 27631736]
- scsi: lpfc: Fix SCSI io host reset causing kernel crash (James Smart) 
[Orabug: 27631736]
- scsi: lpfc: Fix issue_lip if link is disabled (James Smart)  [Orabug: 
27631736]
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing 
(James Smart)  [Orabug: 27631736]
- scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a 
target (James Smart)  [Orabug: 27631736]
- scsi: lpfc: Fix PRLI handling when topology type changes (James Smart) 
  [Orabug: 27631736]
- scsi: lpfc: fix a couple of minor indentation issues (Colin Ian King) 
[Orabug: 27631736]
- scsi: lpfc: update driver version to 11.4.0.6 (James Smart)  [Orabug: 
27631736]
- scsi: lpfc: update driver version to 11.4.0.5 (James Smart)  [Orabug: 
27631736]
- scsi: lpfc: FLOGI failures are reported when connected to a private 
loop. (James Smart)  [Orabug: 27631736]
- scsi: lpfc: Fix ndlp ref count for pt2pt mode issue RSCN (James Smart) 
  [Orabug: 27631736]
- scsi: lpfc: Linux LPFC driver does not process all RSCNs (James Smart) 
  [Orabug: 27631736]
- scsi: lpfc: Driver fails to detect direct attach storage array (James 
Smart)  [Orabug: 27631736]
- scsi: lpfc: Fix crash after bad bar setup on driver attachment (James 
Smart)  [Orabug: 27631736]
- scsi: lpfc: Fix hard lock up NMI in els timeout handling. (Dick 
Kennedy)  [Orabug: 27631736]
- scsi: lpfc: change version to 11.4.0.4 (Dick Kennedy)  [Orabug: 27631736]
- scsi: lpfc: Extend RDP support (Dick Kennedy)  [Orabug: 27631736]
- scsi: lpfc: Fix secure firmware updates (Dick Kennedy)  [Orabug: 
27631736]
- scsi: lpfc: PLOGI failures during NPIV testing (Dick Kennedy) 
[Orabug: 27631736]
- scsi: lpfc: Fix crash receiving ELS while detaching driver (Dick 
Kennedy)  [Orabug: 27631736]
- scsi: lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) 
[Orabug: 27631736]
- scsi: lpfc: fix pci hot plug crash in timer management routines (Dick 
Kennedy)  [Orabug: 27631736]
- scsi: lpfc: remove redundant null check on eqe (Colin Ian King) 
[Orabug: 27631736]
- scsi: lpfc: lpfc version bump 11.4.0.3 (Dick Kennedy)  [Orabug: 27631736]
- scsi: lpfc: fix "integer constant too large" error on 32bit archs 
(Maurizio Lombardi)  [Orabug: 27631736]
- scsi: lpfc: Add Buffer to Buffer credit recovery support (James Smart) 
  [Orabug: 27631736]
- scsi: lpfc: Correct issues with FAWWN and FDISCs (Dick Kennedy) 
[Orabug: 27631736]
- scsi: lpfc: Fix rediscovery on switch blade pull (Dick Kennedy) 
[Orabug: 27631736]
- scsi: lpfc: remove useless code in lpfc_sli4_bsg_link_diag_test 
(Gustavo A. R. Silva)  [Orabug: 27631736]
- scsi: lpfc: Fix plogi collision that causes illegal state transition 
(Dick Kennedy)  [Orabug: 27631736]
- lpfc: Fix Express lane queue creation (Maurizio Lombardi)  [Orabug: 
27631736]
- Cosmetic updates to arch/x86/kernel/cpu/microcode/xen.c to pass 
checkpatch.pl and match UEK5 code. (Aaron Young)  [Orabug: 27640697]
- Incorporate arch/x86/kernel/cpu/microcode/xen.c into cpu microcode 
driver. (Aaron Young)  [Orabug: 27640697]
- 1. Move arch/x86/kernel/microcode_xen.c file to proper cpu microcode 
driver    location and rename to arch/x86/kernel/cpu/microcode/xen.c. 
(Aaron Young)  [Orabug: 27640697]
- fork: fix incorrect fput of ->exe_file causing use-after-free (Eric 
Biggers)  [Orabug: 27648200]  {CVE-2017-17052}
- scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for 
Ventura controllers (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: NVMe passthrough command support (Shivasharan S) 
[Orabug: 27625001]
- scsi: megaraid: use ktime_get_real for firmware time (Arnd Bergmann) 
[Orabug: 27625001]
- scsi: megaraid_sas: driver version upgrade (Shivasharan S)  [Orabug: 
27625001]
- scsi: megaraid_sas: re-work DCMD refire code (Shivasharan S)  [Orabug: 
27625001]
- scsi: megaraid_sas: Expose fw_cmds_outstanding through sysfs 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Selectively apply stream detection based on IO 
type (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Update LD map after populating drv_map driver map 
copy (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Use megasas_wait_for_adapter_operational to detect 
controller state in IOCTL path (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Avoid firing DCMDs while OCR is in progress 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: unload flag should be set after scsi_remove_host 
is called (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Error handling for invalid ldcount provided by 
firmware in RAID map (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Reset ldio_outstanding in megasas_resume (Sumit 
Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: Return the DCMD status from megasas_get_seq_num 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: memset IOC INIT frame using correct size 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: zero out IOC INIT and stream detection memory 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: fix spelling mistake: "thershold" -> "threshold" 
(Colin Ian King)  [Orabug: 27625001]
- scsi: megaraid: Remove redundant code in megasas_alloc_cmds (Yisheng 
Xie)  [Orabug: 27625001]
- License cleanup: add SPDX GPL-2.0 license identifier to files with no 
license (Greg Kroah-Hartman)  [Orabug: 27625001]
- scsi: megaraid_sas: driver version upgrade (Shivasharan S)  [Orabug: 
27625001]
- scsi: megaraid_sas: Add support for 64bit consistent DMA (Sumit 
Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: Do not limit queue_depth to 1k in non-RDPQ mode 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Retry with reduced queue depth when alloc fails 
for higher QD (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Incorrect processing of IOCTL frames for SMP/STP 
commands (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Resize MFA frame used for IOC INIT to 4k 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Update current host time to FW during IOC Init 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Move controller memory allocations and DMA mask 
settings from probe to megasas_init_fw (Sumit Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: Move initialization of instance parameters inside 
newly created function megasas_init_ctrl_params (Shivasharan S) 
[Orabug: 27625001]
- scsi: megaraid_sas: remove instance->ctrl_info (Sumit Saxena) 
[Orabug: 27625001]
- scsi: megaraid_sas: Pre-allocate frequently used DMA buffers 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Create separate functions for allocating and 
freeing controller DMA buffers (Sumit Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: Create separate functions to allocate ctrl memory 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: reduce size of fusion_context and use kmalloc for 
allocation (Sumit Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: replace is_ventura with adapter_type checks (Sumit 
Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: Remove redundant checks for ctrl_context 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: replace instance->ctrl_context checks with 
instance->adapter_type (Sumit Saxena)  [Orabug: 27625001]
- scsi: megaraid_sas: Add support for Crusader controllers (Shivasharan 
S)  [Orabug: 27625001]
- scsi: megaraid_sas: use adapter_type for all gen controllers 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: driver version upgrade (Shivasharan S)  [Orabug: 
27625001]
- scsi: megaraid_sas: call megasas_dump_frame with correct IO frame size 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: modified few prints in OCR and IOC INIT path 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: replace internal FALSE/TRUE definitions with 
false/true (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Return pended IOCTLs with cmd_status 
MFI_STAT_WRONG_STATE in case adapter is dead (Shivasharan S)  [Orabug: 
27625001]
- scsi: megaraid_sas: use vmalloc for crash dump buffers and driver's 
local RAID map (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Use SMID for Task abort case only (Shivasharan S) 
[Orabug: 27625001]
- scsi: megaraid_sas: Check valid aen class range to avoid kernel panic 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Fix endianness issues in DCMD handling 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Do not re-fire shutdown DCMD after OCR 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Call megasas_complete_cmd_dpc_fusion every 1 
second while there are pending commands (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: Use synchronize_irq in target reset case 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs 
(Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: mismatch of allocated MFI frame size and length 
exposed in MFI MPT pass through command (Shivasharan S)  [Orabug: 27625001]
- scsi: megaraid_sas: fix error handle in megasas_probe_one (weiping 
zhang)  [Orabug: 27625001]
- scsi: megaraid_sas: fix allocate instance->pd_info twice (weiping) 
[Orabug: 27625001]
- scsi: remove DRIVER_ATTR() usage (Greg Kroah-Hartman)  [Orabug: 27625001]
- scsi: megaraid: Replace PCI pool old API (Romain Perier)  [Orabug: 
27625001]
- scsi: megaraid_sas: fix memleak in megasas_alloc_cmdlist_fusion (Shu 
Wang)  [Orabug: 27625001]
- scsi: megaraid: Fix a sleep-in-atomic bug (Jia-Ju Bai)  [Orabug: 
27625001]
- drivers/scsi/megaraid: remove expensive inline from megasas_return_cmd 
(Andi Kleen)  [Orabug: 27625001]
- megaraid_sas: remove redundant code initialzing *pDevHandle with 
MR_DEVHANDLE_INVALID (Sumit Saxena)  [Orabug: 27625001]
- usb: usbtest: fix NULL pointer dereference (Alan Stern)  [Orabug: 
27602322]  {CVE-2017-16532}
- rds: Incorrect reference counting in TCP socket creation (Ka-Cheong 
Poon)  [Orabug: 27602824]
- enic: enable rq before updating rq descriptors (Govindarajulu 
Varadarajan)  [Orabug: 27587345]
- enic: add sw timestamp support (Govindarajulu Varadarajan)  [Orabug: 
27587345]
- enic: add wq clean up budget (Govindarajulu Varadarajan)  [Orabug: 
27587345]
- enic: Add support for 'ethtool -g/-G' (Parvi Kaustubhi)  [Orabug: 
27587345]
- enic: reset fetch index (Parvi Kaustubhi)  [Orabug: 27587345]
- drivers: net: enic: use setup_timer() helper. (Allen Pais)  [Orabug: 
27587345]
- drivers: net: enic: use setup_timer() helper. (Allen Pais)  [Orabug: 
27587345]
- enic: update enic maintainers (Govindarajulu Varadarajan)  [Orabug: 
27587345]
- cisco: enic: Fic an error handling path in 'vnic_dev_init_devcmd2()' 
(Christophe Jaillet)  [Orabug: 27587345]
- enic: Fix format truncation warning (Govindarajulu Varadarajan) 
[Orabug: 27587345]
- enic: add devcmds for vxlan offload (Govindarajulu Varadarajan) 
[Orabug: 27587345]
- enic: increment devcmd2 result ring in case of timeout (Sandeep 
Pillai)  [Orabug: 27587345]
- scsi: fnic: use kzalloc in fnic_fcoe_process_vlan_resp (Rasmus 
Villemoes)  [Orabug: 27587343]
- scsi: fnic: add a space after %p in printf format (Nicolas Iooss) 
[Orabug: 27587343]
- scsi: fnic: Fix coccinelle warnings (Vasyl Gomonovych)  [Orabug: 
27587343]
- scsi: fnic: do not call host reset from command abort (Hannes 
Reinecke)  [Orabug: 27587343]
- scsi: fnic: fix format string overflow warning (Arnd Bergmann) 
[Orabug: 27587343]
- scsi: fnic: correct speed display and add support for 25,40 and 100G 
(Satish Kharat)  [Orabug: 27587343]
- scsi: fnic: added timestamp reporting in fnic debug stats (Satish 
Kharat)  [Orabug: 27587343]
- scsi: fnic: Zero io_cmpl_skip on fw reset completion (Satish Kharat) 
[Orabug: 27587343]
- scsi: fnic: Ratelimit printks to avoid flooding when vlan is not set 
by the switch.i (Satish Kharat)  [Orabug: 27587343]
- scsi: fnic: use kernel's '%pM' format option to print MAC (Andy 
Shevchenko)  [Orabug: 27587343]
- fnic: pci_dma_mapping_error() doesn't return an error code (Dan 
Carpenter)  [Orabug: 27587343]
- fnic: move printk()s outside of the critical code section. (Maurizio 
Lombardi)  [Orabug: 27587343]
- fnic: check pci_map_single() return value (Maurizio Lombardi) 
[Orabug: 27587343]
- retpoline: move setting of sysctl_ibrs_enabled and sysctl_ibpb_enabled 
to where SPEC_CTRL_IBRS_INUSE and SPEC_CTRL_IBPB_INUSE are set (Chuck 
Anderson)  [Orabug: 27625404]
- retpoline: set IBRS and IBPB in use only on the boot CPU call to 
init_scattered_cpuid_features() (Chuck Anderson)  [Orabug: 27625404]
- retpoline: display IBPB feature status along with IBRS status (Chuck 
Anderson)  [Orabug: 27625404]
- retpoline: move lock/unlock of spec_ctrl_mutex to check_modinfo() 
(Chuck Anderson)  [Orabug: 27625404]
- retpoline: call clear_retpoline_fallback() with boot parm 
spectre_v2_heuristics=off (Chuck Anderson)  [Orabug: 27625404]
- retpoline: add brackets to check_ibrs_inuse() and clear_ibpb_inuse() 
(Chuck Anderson)  [Orabug: 27625404]
- retpoline/module: do not enable IBRS/IPBP if 
SPEC_CTRL_IBRS_ADMIN_DISABLED/SPEC_CTRL_IBPB_ADMIN_DISABLED is set 
(Chuck Anderson)  [Orabug: 27625353]
- retpoline: microcode incorrectly reported as broken during early boot 
(Chuck Anderson)  [Orabug: 27625404]
- retpoline: move lock/unlock of spec_ctrl_mutex into 
init_scattered_cpuid_features() (Chuck Anderson)  [Orabug: 27625404]
- retpoline/module: fall back to another spectre mitigation when 
disabling retpoline (Chuck Anderson)  [Orabug: 27457549]
- retpoline/module: add bit defs for use_ibpb (Chuck Anderson)  [Orabug: 
27457549]
- x86/spectre_v2: Fix the documentation to say the right thing. (Konrad 
Rzeszutek Wilk)
- x86/spectre_v2: Don't check bad microcode versions when running under 
hypervisors. (Konrad Rzeszutek Wilk)  [Orabug: 27601736]
- x86/speculation: Use IBRS if available before calling into firmware 
(David Woodhouse)  [Orabug: 27516477]
- Revert "x86/spec_ctrl: Add 'nolfence' knob to disable fallback for 
spectre_v2 mitigation" (Konrad Rzeszutek Wilk)  [Orabug: 27601789]
- Revert "x86/spec: Add 'lfence_enabled' in sysfs" (Konrad Rzeszutek Wilk)
- KVM: Disable irq while unregistering user notifier (Ignacio Alvarado)
- dtrace: increase instruction limit for FBT entry probe detection (Kris 
Van Hees)  [Orabug: 27410742]

[4.1.12-124.5.1.el6uek]
- trace: declare blk_add_trace_rq non-static on OL6 (Todd Vierling) 
[Orabug: 27578618]
- x86/ia32/syscall: RESTORE_EXTRA_REGS when returning from syscall 
(Ankur Arora)  [Orabug: 27461990]  {CVE-2017-5715}
- x86/ia32/syscall: don't do RESTORE_EXTRA_REGS prematurely (Ankur 
Arora)  [Orabug: 27461990]  {CVE-2017-5715}
- firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) 
[Orabug: 27586223]
- uek-rpm: enable USERFAULTFD in debug kernels (UEK4 QU7) (Mike Kravetz) 
  [Orabug: 27579702]
- vmxnet3: repair memory leak (Neil Horman)  [Orabug: 27479086]
- bonding: attempt to better support longer hw addresses (Jarod Wilson) 
[Orabug: 27542370]
- scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (Bart 
Van Assche)  [Orabug: 27546768]
- scsi: Protect SCSI device state changes with a mutex (Bart Van Assche) 
  [Orabug: 27546768]
- scsi: Introduce scsi_start_queue() (Bart Van Assche)  [Orabug: 27546768]
- scsi: avoid a permanent stop of the scsi device's request queue (Wei 
Fang)  [Orabug: 27546768]
- IB/ipoib: ioctls IPOIBACLNADD and IPOIBACLNGET do not work correctly 
(Ka-Cheong Poon)  [Orabug: 27533123]
- x86/spectre: move microcode check before kernel ibrs flags are set 
(Daniel Jordan)  [Orabug: 27542331]  {CVE-2017-5715}

[4.1.12-124.4.1.el6uek]
- x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd 
Vierling)  [Orabug: 27540463]
- x86/spectre_v2: Only use IBRS when ibrs_inuse tells us to (Konrad 
Rzeszutek Wilk)
- kernel: on OL6 only, simulate the gcc 4.4 kABI for __stack_chk_fail() 
(Todd Vierling)  [Orabug: 27509351]
- uek-rpm: configs: Don't set HAVE_FENTRY on OL6 builds. (Todd Vierling) 
  [Orabug: 27509351]
- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) 
[Orabug: 27525575]
- x86/spectre_v2: Disable IBRS if spectre_v2=off (Konrad Rzeszutek Wilk)
- xenbus: track caller request id (Joao Martins)  [Orabug: 27472576]
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) 
  [Orabug: 27523393]
- x86/speculation: Use Indirect Branch Prediction Barrier in context 
switch (Tim Chen)  [Orabug: 27524608]
- Fix typo IBRS_ATT, which should be IBRS_ALL (redux) (Konrad Rzeszutek 
Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Add spectre_v2_heuristics= (Konrad Rzeszutek Wilk) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Do not disable IBPB when disabling IBRS (Konrad 
Rzeszutek Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/scattered: Fix the order. (Konrad Rzeszutek Wilk)  [Orabug: 
27477743]  {CVE-2017-5715}
- x86/spectre: Favor IBRS on Skylake over retpoline (Konrad Rzeszutek 
Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (Darren 
Kenny)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. 
(Konrad Rzeszutek Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support (David Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/bugs: Drop one "mitigation" from dmesg (Borislav Petkov)  [Orabug: 
27477743]  {CVE-2017-5715}
- x86/nospec: Fix header guards names (Borislav Petkov)  [Orabug: 
27477743]  {CVE-2017-5715}
- x86/spectre_v2: Don't spam the console with these: (Konrad Rzeszutek 
Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes (David Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/cpu: Keep model defines sorted by model number (Andy Shevchenko) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to 
Meltdown (David Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/msr: Add definitions for new speculation control MSRs (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/cpufeatures: Add AMD feature bits for Speculation Control (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Print what options are available. (Konrad Rzeszutek 
Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Add VMEXIT_FILL_RSB instead of RETPOLINE (Konrad 
Rzeszutek Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre: If IBRS is enabled disable "Filling RSB on context 
switch" (Konrad Rzeszutek Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL (Konrad Rzeszutek 
Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Don't allow {ibrs,ipbp,lfence}_enabled to be toggled 
if retpoline (Konrad Rzeszutek Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre: Fix retpoline_enabled (Konrad Rzeszutek Wilk)  [Orabug: 
27477743]  {CVE-2017-5715}
- x86/spectre: Update sysctl values if toggled only by 
set_{ibrs,ibpb}_disabled (Konrad Rzeszutek Wilk)  [Orabug: 27477743] 
{CVE-2017-5715}
- retpoline/module: Taint kernel for missing retpoline in module (Andi 
Kleen)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline: Fill RSB on context switch for affected CPUs (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (Andi 
Kleen)  [Orabug: 27477743]  {CVE-2017-5715}
- kprobes/x86: Disable optimizing on the function jumps to indirect 
thunk (Masami Hiramatsu)  [Orabug: 27477743]  {CVE-2017-5715}
- kprobes/x86: Blacklist indirect thunk functions for kprobes (Masami 
Hiramatsu)  [Orabug: 27477743]  {CVE-2017-5715}
- retpoline: Introduce start/end markers of indirect thunk (Masami 
Hiramatsu)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/mce: Make machine check speculation protected (Thomas Gleixner) 
[Orabug: 27477743]  {CVE-2017-5715}
- kbuild: modversions for EXPORT_SYMBOL() for asm (Nicholas Piggin) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Tom 
Lendacky)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline: Remove compile time warning (Thomas Gleixner)  [Orabug: 
27477743]  {CVE-2017-5715}
- x86/retpoline: Fill return stack buffer on vmexit (David Woodhouse) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/irq32: Convert assembler indirect jumps (Andi Kleen) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/checksum32: Convert assembler indirect jumps (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/xen: Convert Xen hypercall indirect jumps (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/hyperv: Convert assembler indirect jumps (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/ftrace: Convert ftrace assembler indirect jumps (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/entry: Convert entry assembler indirect jumps (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline/crypto: Convert crypto assembler indirect jumps (David 
Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Add disable_ibrs_and_friends (Konrad Rzeszutek Wilk) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Figure out if STUFF_RSB macro needs to be used. 
(Konrad Rzeszutek Wilk)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre_v2: Figure out when to use IBRS. (Konrad Rzeszutek Wilk) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/spectre: Add IBRS option. (Konrad Rzeszutek Wilk)  [Orabug: 
27477743]  {CVE-2017-5715}
- x86/spectre: Add boot time option to select Spectre v2 mitigation 
(David Woodhouse)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/retpoline: Add initial retpoline support (David Woodhouse) 
[Orabug: 27477743]  {CVE-2017-5715}
- kconfig.h: use __is_defined() to check if MODULE is defined (Masahiro 
Yamada)  [Orabug: 27477743]  {CVE-2017-5715}
- EXPORT_SYMBOL() for asm (Al Viro)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/asm: Make asm/alternative.h safe from assembly (Andy Lutomirski) 
[Orabug: 27477743]  {CVE-2017-5715}
- x86/kbuild: enable modversions for symbols exported from asm (Adam 
Borowski)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/asm: Use register variable to get stack pointer value (Andrey 
Ryabinin)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (Andy 
Lutomirski)  [Orabug: 27477743]  {CVE-2017-5715}
- x86/alternatives: Add missing '
' at end of ALTERNATIVE inline asm (David Woodhouse)  [Orabug: 27477743] 
  {CVE-2017-5715}
- x86/alternatives: Fix optimize_nops() checking (Borislav Petkov) 
[Orabug: 27477743]  {CVE-2017-5715}
- block: Check for gaps on front and back merges (Jens Axboe)  [Orabug: 
27484719]
- block: Copy a user iovec if it includes gaps (Sagi Grimberg)  [Orabug: 
27484719]
- block: Replace SG_GAPS with new queue limits mask (Keith Busch) 
[Orabug: 27484719]
- Revert "block: Copy a user iovec if it includes gaps" (Ashok Vairavan) 
  [Orabug: 27484719]
- Revert "block: Check for gaps on front and back merges" (Ashok 
Vairavan)  [Orabug: 27484719]
- Revert "blk: [Partial] Replace SG_GAPGS with new queue limits mask" 
(Ashok Vairavan)  [Orabug: 27484719]
- qlcnic: fix deadlock bug (Junxiao Bi)  [Orabug: 27496907]
- x86/entry: RESTORE_IBRS needs to be done under kernel CR3 (Ankur 
Arora)  [Orabug: 27501734]

[4.1.12-124.3.1.el6uek]
- rds: Fix NULL pointer dereference in __rds_rdma_map (Håkon Bugge) 
[Orabug: 27477010]
- Btrfs: fix unexpected EEXIST from btrfs_get_extent (Liu Bo)  [Orabug: 
27446668]
- Btrfs: fix incorrect block_len in merge_extent_mapping (Liu Bo) 
[Orabug: 27446668]
- Btrfs: add WARN_ONCE to detect unexpected error from 
merge_extent_mapping (Liu Bo)  [Orabug: 27446668]
- Btrfs: deal with existing encompassing extent map in 
btrfs_get_extent() (Omar Sandoval)  [Orabug: 27446668]
- Btrfs: deal with duplciates during extent_map insertion in 
btrfs_get_extent (Chris Mason)  [Orabug: 27446668]
- x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby) 
[Orabug: 27470687]
- Drivers: hv: util: Backup: Fix a rescind processing issue (K. Y. 
Srinivasan)  [Orabug: 27426063]
- Drivers: hv: vss: Operation timeouts should match host expectation 
(Alex Ng)  [Orabug: 27426063]
- Drivers: hv: vss: Improve log messages. (Alex Ng)  [Orabug: 27426063]
- Drivers: hv: utils: Check VSS daemon is listening before a hot backup 
(Alex Ng)  [Orabug: 27426063]
- Drivers: hv: utils: Continue to poll VSS channel after handling 
requests. (Alex Ng)  [Orabug: 27426063]
- Drivers: hv: utils: fix a race on userspace daemons registration 
(Vitaly Kuznetsov)  [Orabug: 27426063]
- Drivers: hv: util: catch allocation errors (Olaf Hering)  [Orabug: 
27426063]
- Drivers: hv: vss: run only on supported host versions (Olaf Hering) 
[Orabug: 27426063]
- Drivers: hv: utils: unify driver registration reporting (Vitaly 
Kuznetsov)  [Orabug: 27426063]
- drivers/char/mem.c: deny access in open operation when securelevel is 
set (Ethan Zhao)  [Orabug: 26943864] [Orabug: 27465736]
- rds: Calling getsockname() on unbounded socket generates seg fault 
(Ka-Cheong Poon)  [Orabug: 27463484]
- rds: Second bind() can overwrite the first bind() (Ka-Cheong Poon) 
[Orabug: 27463500]
- rds: Un-connected socket sendmsg() with a NULL destination does not 
fail (Ka-Cheong Poon)  [Orabug: 27463507]
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek 
Wilk)
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk)
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 
mitigation (Konrad Rzeszutek Wilk)
- x86: Fix compile issues if CONFIG_XEN not defined (Konrad Rzeszutek 
Wilk)
- hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. 
Shutemov)  [Orabug: 27451809]
- net/mlx4_core: allow QPs with enable_smi_admin enabled (Zhu Yanjun) 
[Orabug: 27452072]
- net/rds: Fix incorrect error handling (Håkon Bugge)  [Orabug: 27469760]

[4.1.12-124.2.1.el6uek]
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad 
Rzeszutek Wilk)
- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk)
- x86/spec: Don't print the Missing arguments for option spectre_v2. 
(Konrad Rzeszutek Wilk)
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk)
- x86/IBRS: Don't try to change IBRS mode if IBRS is not available 
(Boris Ostrovsky)  [Orabug: 27448280]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) 
[Orabug: 27448280]
- x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk)
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky)  [Orabug: 
27448280]
- x86/IBRS/IBPB: Remove procfs interface to ibrs/ibpb_enable (Boris 
Ostrovsky)  [Orabug: 27448280]
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris 
Ostrovsky)  [Orabug: 27448313]
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky)  [Orabug: 
27448330]
- fs/ocfs2: remove page cache for converted direct write (Wengang Wang)
- Revert "ocfs2: code clean up for direct io" (Wengang Wang)
- mlx4: add mstflint secure boot access kernel support (Qing Huang) 
[Orabug: 27424392]
- x86/microcode/intel: Extend BDW late-loading with a revision check 
(Jia Zhang)  [Orabug: 27343609]
- x86/microcode/intel: Disable late loading on model 79 (Borislav 
Petkov)  [Orabug: 27343609]
- autofs: use dentry flags to block walks during expire (Ian Kent) 
[Orabug: 26032471]
- autofs races (Al Viro)  [Orabug: 26032471]
- Revert "kernel.spec: Require the new microcode_ctl." (Brian Maly)

[4.1.12-124.1.1.el6uek]
- dtrace: revive dtrace_gethrtime() (Tomas Jedlicka)  [Orabug: 27409933]

[4.1.12-124.el6uek]
- x86: Clean up IBRS functionality resident in common code (Kanth 
Ghatraju)  [Orabug: 27353383]
- x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) 
[Orabug: 27353383]
- Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju)  [Orabug: 
27353383]
- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas 
Gleixner)  [Orabug: 27353383]
- sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) 
[Orabug: 27353383]
- sysfs/cpu: Add vulnerability folder (Thomas Gleixner)  [Orabug: 27353383]
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse)  [Orabug: 
27353383]
- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju)  [Orabug: 
27353383]
- KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) 
{CVE-2017-5753}
- KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) 
[Orabug: 27206805]  {CVE-2017-1000407} {CVE-2017-1000407}
- ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins) 
[Orabug: 27397028]
- xen-blkback: add pending_req allocation stats (Ankur Arora)  [Orabug: 
26670475]
- xen-blkback: move indirect req allocation out-of-line (Ankur Arora) 
[Orabug: 26670475]
- xen-blkback: pull nseg validation out in a function (Ankur Arora) 
[Orabug: 26670475]
- xen-blkback: make struct pending_req less monolithic (Ankur Arora) 
[Orabug: 26670475]
- x86/fpu: Don't let userspace set bogus xcomp_bv (Tim Tianyang Chen) 
[Orabug: 27050688]  {CVE-2017-15537}
- sctp: do not peel off an assoc from one netns to another one (Xin 
Long)  [Orabug: 27386997]  {CVE-2017-15115}
- media: dib0700: fix invalid dvb_detach argument (Andrey Konovalov) 
[Orabug: 27215141]  {CVE-2017-16646}
- Sanitize 'move_pages()' permission checks (Linus Torvalds)  [Orabug: 
27364683]  {CVE-2017-14140}
- assoc_array: Fix a buggy node-splitting case (David Howells)  [Orabug: 
27364588]  {CVE-2017-12193} {CVE-2017-12193}
- net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) 
[Orabug: 27390679]  {CVE-2017-17712}

[4.1.12-123.el6uek]
- x86/pti/efi: broken conversion from efi to kernel page table (Pavel 
Tatashin)  [Orabug: 27378516] [Orabug: 27333760]  {CVE-2017-5754}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT 
(redux) (Konrad Rzeszutek Wilk)  [Orabug: 27378451]
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value 
(Boris Ostrovsky)  [Orabug: 27378102]
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) 
  [Orabug: 27382723]
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. 
(Konrad Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) 
[Orabug: 27344012]  {CVE-2017-5715}
- ptrace: remove unlocked RCU dereference. (Jamie Iles)  [Orabug: 
27344012]  {CVE-2017-5715}
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. 
(Konrad Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) 
[Orabug: 27344012]  {CVE-2017-5715}
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) 
[Orabug: 27344012]  {CVE-2017-5715}
- x86/spec: Always set IBRS to guest value on VMENTER and host on 
VMEXIT. (Konrad Rzeszutek Wilk)  [Orabug: 27365575]  {CVE-2017-5715}
- x86/ia32: save and clear registers on syscall. (Jamie Iles)  [Orabug: 
27365431]  {CVE-2017-5754}
- x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) 
[Orabug: 27365419]
- pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) 
[Orabug: 27333760]  {CVE-2017-5754}
- x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) 
[Orabug: 27365403]
- Make use of ibrs_inuse consistent. (Jun Nakajima)  [Orabug: 27365390]
- x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek 
Wilk)  [Orabug: 27364900]
- Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees)  [Orabug: 
27344012]  {CVE-2017-5715}
- x86: more ibrs/pti fixes (Pavel Tatashin)  [Orabug: 27333760] 
{CVE-2017-5754}
- x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek 
Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek 
Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) 
[Orabug: 27333760]  {CVE-2017-5754}
- x86: Don't ENABLE_IBRS in nmi when we are still running on user cr3 
(Konrad Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk)  [Orabug: 
27333760]  {CVE-2017-5754}
- PTI: unbreak EFI old_memmap (Jiri Kosina)  [Orabug: 27333760] 
{CVE-2017-5754}
- KAISER KABI tweaks. (Martin K. Petersen)  [Orabug: 27333760] 
{CVE-2017-5754}
- x86/ldt: fix crash in ldt freeing. (Jamie Iles)  [Orabug: 27333760] 
{CVE-2017-5754}
- x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys 
Vlasenko)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys 
Vlasenko)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: Set _PAGE_NX only if supported (Guenter Roeck)  [Orabug: 
27333760]  {CVE-2017-5754}
- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap 
(Andy Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- KPTI: Report when enabled (Kees Cook)  [Orabug: 27333760]  {CVE-2017-5754}
- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook)  [Orabug: 27333760] 
{CVE-2017-5754}
- x86/kaiser: Move feature detection up (Borislav Petkov)  [Orabug: 
27333760]  {CVE-2017-5754}
- x86/kaiser: Reenable PARAVIRT (Borislav Petkov)  [Orabug: 27333760] 
{CVE-2017-5754}
- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) 
  [Orabug: 27333760]  {CVE-2017-5754}
- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) 
  [Orabug: 27333760]  {CVE-2017-5754}
- x86/kaiser: Check boottime cmdline params (Borislav Petkov)  [Orabug: 
27333760]  {CVE-2017-5754}
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav 
Petkov)  [Orabug: 27333760]  {CVE-2017-5754}
- kaiser: add "nokaiser" boot option, using ALTERNATIVE (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh 
Dickins)  [Orabug: 27333760]  {CVE-2017-5754}
- kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh 
Dickins)  [Orabug: 27333760]  {CVE-2017-5754}
- kaiser: enhanced by kernel and user PCIDs (Dave Hansen)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: cleanups while trying for gold link (Hugh Dickins)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: fix perf crashes (Hugh Dickins)  [Orabug: 27333760] 
{CVE-2017-5754}
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: KAISER depends on SMP (Hugh Dickins)  [Orabug: 27333760] 
{CVE-2017-5754}
- kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) 
[Orabug: 27333760]  {CVE-2017-5754}
- kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins)  [Orabug: 
27333760]  {CVE-2017-5754}
- kaiser: merged update (Dave Hansen)  [Orabug: 27333760]  {CVE-2017-5754}
- KAISER: Kernel Address Isolation (Richard Fellner)  [Orabug: 27333760] 
  {CVE-2017-5754}
- x86/boot: Add early cmdline parsing for options with arguments (Tom 
Lendacky)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) 
[Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) 
[Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski)  [Orabug: 
27333760]  {CVE-2017-5754}
- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) 
SMP code (Andy Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) 
[Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() 
(Andy Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) 
  [Orabug: 27333760]  {CVE-2017-5754}
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) 
  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) 
[Orabug: 27333760]  {CVE-2017-5754}
- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski)  [Orabug: 
27333760]  {CVE-2017-5754}
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) 
[Orabug: 27333760]  {CVE-2017-5754}
- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) 
  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: If INVPCID is available, use it to flush global mappings (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy 
Lutomirski)  [Orabug: 27333760]  {CVE-2017-5754}
- x86/mm: Fix INVPCID asm constraint (Borislav Petkov)  [Orabug: 
27333760]  {CVE-2017-5754}
- x86/mm: Add INVPCID helpers (Andy Lutomirski)  [Orabug: 27333760] 
{CVE-2017-5754}
- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek 
Wilk)  [Orabug: 27351274]
- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- userns: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- udf: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- net: mpls: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- fs: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- ipv6: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- ipv4: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- Thermal/int340x: prevent speculative execution (Elena Reshetova) 
[Orabug: 27340445]  {CVE-2017-5753}
- cw1200: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- qla2xxx: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- p54: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- carl9170: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- uvcvideo: prevent speculative execution (Elena Reshetova)  [Orabug: 
27340445]  {CVE-2017-5753}
- bpf: prevent speculative execution in eBPF interpreter (Elena 
Reshetova)  [Orabug: 27340445]  {CVE-2017-5753}
- locking/barriers: introduce new observable speculation barrier (Elena 
Reshetova)  [Orabug: 27340445]  {CVE-2017-5753}
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature 
(Elena Reshetova)  [Orabug: 27340445]  {CVE-2017-5753}
- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) 
[Orabug: 27340445]  {CVE-2017-5753}
- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) 
[Orabug: 27344012]  {CVE-2017-5715}
- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) 
[Orabug: 27344012]  {CVE-2017-5715} {CVE-2017-5715}
- x86/microcode/AMD: Add support for fam17h microcode loading (Tom 
Lendacky)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek 
Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- Set IBPB when running a different VCPU (Dave Hansen)  [Orabug: 
27344012]  {CVE-2017-5715}
- Clear the host registers after setbe (Jun Nakajima)  [Orabug: 
27344012]  {CVE-2017-5715}
- Use the ibpb_inuse variable. (Jun Nakajima)  [Orabug: 27344012] 
{CVE-2017-5715}
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) 
[Orabug: 27344012]  {CVE-2017-5715}
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) 
  [Orabug: 27344012]  {CVE-2017-5715}
- Use the "ibrs_inuse" variable. (Jun Nakajima)  [Orabug: 27344012] 
{CVE-2017-5715}
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea 
Arcangeli)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) 
[Orabug: 27344012]  {CVE-2017-5715}
- x86/kvm: Pad RSB on VM transition (Tim Chen)  [Orabug: 27344012] 
{CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) 
[Orabug: 27344012]  {CVE-2017-5715}
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim 
Chen)  [Orabug: 27344012]  {CVE-2017-5715}
- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) 
[Orabug: 27344012]  {CVE-2017-5715}
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control 
(Tim Chen)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature 
(Konrad Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/kvm: clear registers on VM exit (Tom Lendacky)  [Orabug: 27344012] 
  {CVE-2017-5715}
- x86/kvm: Set IBPB when switching VM (Tim Chen)  [Orabug: 27344012] 
{CVE-2017-5715}
- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall 
entrance (Konrad Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad 
Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread 
(Konrad Rzeszutek Wilk)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/mm: Set IBPB upon context switch (Tim Chen)  [Orabug: 27344012] 
{CVE-2017-5715}
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim 
Chen)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim 
Chen)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea 
Arcangeli)  [Orabug: 27344012]  {CVE-2017-5715}
- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable 
SPEC_CTRL feature (Tim Chen)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/enter: Use IBRS on syscall and interrupts (Tim Chen)  [Orabug: 
27344012]  {CVE-2017-5715}
- x86: Add macro that does not save rax, rcx, rdx on stack to disable 
IBRS (Tim Chen)  [Orabug: 27344012]  {CVE-2017-5715}
- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen)  [Orabug: 
27344012]  {CVE-2017-5715}
- x86/feature: Report presence of IBPB and IBRS control (Tim Chen) 
[Orabug: 27344012]  {CVE-2017-5715}
- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk)  [Orabug: 
27344012]  {CVE-2017-5715}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and 
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk)  [Orabug: 27344012] 
{CVE-2017-5715}
- x86/feature: Enable the x86 feature to control (Tim Chen)  [Orabug: 
27344012]  {CVE-2017-5715}
- dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) 
[Orabug: 27290292]  {CVE-2017-8824}
- negotiate_mq should happen in all cases of a new VBD being discovered 
by xen-blkfront, whether called through _probe() or a hot-attached new 
VBD from dom-0 via xenstore. Otherwise, hot-attached new VBDs are left 
configured without multi-queue. (Patrick Colp)  [Orabug: 27180421]
- e1000: avoid null pointer dereference on invalid stat type (Colin Ian 
King)  [Orabug: 27069012]
- e1000: fix race condition between e1000_down() and e1000_watchdog 
(Vincenzo Maffione)  [Orabug: 27069012]
- e1000e: Be drop monitor friendly (Florian Fainelli)  [Orabug: 27069012]
- e1000e: apply burst mode settings only on default (Willem de Bruijn) 
[Orabug: 27069012]
- e1000e: fix buffer overrun while the I219 is processing DMA 
transactions (Sasha Neftin)  [Orabug: 27069012]
- e1000e: Avoid receiver overrun interrupt bursts (Benjamin Poirier) 
[Orabug: 27069012]
- e1000e: Separate signaling for link check/link up (Benjamin Poirier) 
[Orabug: 27069012]
- e1000e: Fix return value test (Benjamin Poirier)  [Orabug: 27069012]
- e1000e: Fix wrong comment related to link detection (Benjamin Poirier) 
  [Orabug: 27069012]
- e1000e: Fix error path in link detection (Benjamin Poirier)  [Orabug: 
27069012]
- drivers: net: e1000e: use setup_timer() helper. (Allen Pais)  [Orabug: 
27069012]
- e1000e: Initial Support for IceLake (Sasha Neftin)  [Orabug: 27069012]
- e1000e: add check on e1e_wphy() return value (Gustavo A R Silva) 
[Orabug: 27069012]
- e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (Chris Wilson) 
  [Orabug: 27069012]

[4.1.12-122.el6uek]
- qla2xxx: Fix system crash in qlt_plogi_ack_unref (Quinn Tran) 
[Orabug: 27235104]
- qla2xxx: Remove aborting ELS IOCB call issued as part of timeout. 
(Giridhar Malavali)  [Orabug: 27235104]
- qla2xxx: Defer processing of GS IOCB calls (Giridhar Malavali) 
[Orabug: 27235104]
- qla2xxx: Clear loop id after delete (Quinn Tran)  [Orabug: 27235104]
- qla2xxx: Fix scan state field for fcport (Quinn Tran)  [Orabug: 27235104]
- qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport (Quinn Tran) 
[Orabug: 27235104]
- qla2xxx: Fix abort command deadlock due to spinlock (Quinn Tran) 
[Orabug: 27235104]
- qla2xxx: Fix PRLI state check (Quinn Tran)  [Orabug: 27235104]
- qla2xxx: Clear send ELS LOGO flag after target re-login (Quinn Tran) 
[Orabug: 27235104]
- qla2xxx: Fix Relogin being triggered too fast (Quinn Tran)  [Orabug: 
27235104]
- qla2xxx: Relogin to target port on a cable swap (Quinn Tran)  [Orabug: 
27235104]
- qla2xxx: Recheck session state after RSCN. (Quinn Tran)  [Orabug: 
27235104]
- qla2xxx: Fix login state machine stuck at GPDB (Quinn Tran)  [Orabug: 
27235104]
- qla2xxx: Serialize GPNID for multiple RSCN (Quinn Tran)  [Orabug: 
27235104]
- qla2xxx: fix stale memory access. (Quinn Tran)  [Orabug: 27235104]
- qla2xxx: Retry switch command on time out (Quinn Tran)  [Orabug: 
27235104]
- qla2xxx: Fix system crash for Notify ack timeout handling (Quinn Tran) 
  [Orabug: 27235104]
- qla2xxx: Fix re-login for Nport Handle in use (Quinn Tran)  [Orabug: 
27235104]
- scsi: qla2xxx: Cleanup debug message IDs (Quinn Tran)  [Orabug: 27235104]
- scsi: qla2xxx: Fix name server relogin (Quinn Tran)  [Orabug: 27235104]
- scsi: qla2xxx: Fix path recovery (Quinn Tran)  [Orabug: 27235104]
- scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) 
[Orabug: 27235104]
- scsi: qla2xxx: don't disable a not previously enabled PCI device 
(Johannes Thumshirn)  [Orabug: 27235104]
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser)  [Orabug: 
27344839]  {CVE-2017-0861} {CVE-2017-0861}
- kernel-uek.spec: update linux-firmware and linux-nano-firmware 
dependency (Ethan Zhao)  [Orabug: 27185358]

[4.1.12-121.el6uek]
- x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels 
(Andrey Ryabinin)  [Orabug: 27132235]
- x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels 
(Andrey Ryabinin)  [Orabug: 27132235]
- x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey 
Ryabinin)  [Orabug: 27132235]
- Revert "Makefile: Build with -Werror=date-time if the compiler 
supports it" (Gayatri Vasudevan)  [Orabug: 27132235]

[4.1.12-120.el6uek]
- x86/efi: Initialize and display UEFI secure boot state a bit later 
during init (Daniel Kiper)  [Orabug: 27258204]
- bnxt_en: Fix possible corrupted NVRAM parameters from firmware 
response. (Michael Chan)  [Orabug: 27285190]
- dtrace: do not use copy_from_user when accessing kernel stack (Kris 
Van Hees)  [Orabug: 25949088]
- dtrace: fix arg5 and up retrieval for FBT entry probes on x86 (Kris 
Van Hees)  [Orabug: 25949088]
- x86/espfix: Init espfix on the boot CPU side (Zhu Guihua)  [Orabug: 
26523661]
- x86/espfix: Add 'cpu' parameter to init_espfix_ap() (Zhu Guihua) 
[Orabug: 26523661]
- xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva)

[4.1.12-119.el6uek]
- ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() 
(Eryu Guan)  [Orabug: 27255674]
- DTrace: IO wait probes b_flags can contain incorrect operation 
(Nicolas Droux)  [Orabug: 27193447]
- KVM: x86: pvclock: Handle first-time write to pvclock-page contains 
random junk (Liran Alon)  [Orabug: 27146591]
- KVM: x86: always fill in vcpu->arch.hv_clock (Paolo Bonzini)  [Orabug: 
27146591]
- KVM: nVMX: Fix vmx_check_nested_events() return value in case an event 
was reinjected to L2 (Liran Alon)  [Orabug: 27200329]
- KVM: VMX: use kvm_event_needs_reinjection (Wanpeng Li)  [Orabug: 
27200329]
- KVM: nVMX: Fix pending events injection (Wanpeng Li)  [Orabug: 27200329]

[4.1.12-118.el6uek]
- xen/time: do not decrease steal time after live migration on xen 
(Dongli Zhang)  [Orabug: 27181243]
- bnx2x: fix slowpath null crash (Zhu Yanjun)  [Orabug: 27041078]
- Replace max_t() with sub_positive() in dequeue_entity_load_avg() 
(Gayatri Vasudevan)  [Orabug: 27026563]
- sched/fair: Fix cfs_rq avg tracking underflow (Gayatri Vasudevan) 
[Orabug: 27026563]
- rds: System panic if RDS netfilter is enabled and RDS/TCP is used 
(Ka-Cheong Poon)  [Orabug: 26950401]
- fuse: Call end_queued_requests() after releasing fc->lock in 
fuse_dev_release() (Ashish Samant)  [Orabug: 27215268]
- rds: IB active bonding IPv6 changes (Ka-Cheong Poon)  [Orabug: 25410192]
- {IB/{core,ipoib},net/rds}: IPv6 support for ACL (Ka-Cheong Poon) 
[Orabug: 25410192]
- rds: Enable RDS IPv6 support (Ka-Cheong Poon)  [Orabug: 25410192]
- rds: Changed IP address internal representation to struct in6_addr 
(Ka-Cheong Poon)  [Orabug: 25410192]
- IB/ipoib: Remove ACL sysfs debug files (Ka-Cheong Poon)  [Orabug: 
25410192]
- rds: C-style nits (Ka-Cheong Poon)  [Orabug: 25410192]
- rds: ib: Fix NULL pointer dereference in debug code (Håkon Bugge) 
[Orabug: 24303333]
- USB: serial: console: fix use-after-free after failed setup (Johan 
Hovold)  [Orabug: 27206824]  {CVE-2017-16525}
- uwb: properly check kthread_run return value (Andrey Konovalov) 
[Orabug: 27206874]  {CVE-2017-16526}
- ALSA: usb-audio: Check out-of-bounds access by corrupted buffer 
descriptor (Takashi Iwai)  [Orabug: 27206916]  {CVE-2017-16529}
- USB: uas: fix bug in handling of alternate settings (Alan Stern) 
[Orabug: 27206993]  {CVE-2017-16530}
- USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) 
[Orabug: 27207211]  {CVE-2017-16531}
- cgroup: make sure a parent css isn't offlined before its children 
(Tejun Heo)  [Orabug: 27045648]
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim)  [Orabug: 27207901] 
{CVE-2017-16533}
- USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() 
(Alan Stern)  [Orabug: 27207955]  {CVE-2017-16535}
- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjørn Mork) 
[Orabug: 27215213]  {CVE-2017-16650}
- [media] cx231xx-cards: fix NULL-deref on missing association 
descriptor (Johan Hovold)  [Orabug: 27208030]  {CVE-2017-16536}
- ctf: fix thinko preventing linking of out-of-tree modules when CTF is 
off (Nick Alcock)  [Orabug: 27215305]
- ctf: allow dwarf2ctf to run as root but produce no output (Nick 
Alcock)  [Orabug: 27205676]
- mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk)
- xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad 
Rzeszutek Wilk)
- xen/pcifront: Walk the PCI bus after XenStore notification (Konrad 
Rzeszutek Wilk)
- mm, thp: Do not make page table dirty unconditionally in 
follow_trans_huge_pmd() (Kirill A. Shutemov)  [Orabug: 27165913] 
{CVE-2017-1000405}
- mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk)
- xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad 
Rzeszutek Wilk)
- xen/pcifront: Walk the PCI bus after XenStore notification (Konrad 
Rzeszutek Wilk)
- mm, thp: Do not make page table dirty unconditionally in 
follow_trans_huge_pmd() (Kirill A. Shutemov)  [Orabug: 27165913]
- Revert "firmware: dmi_scan: add SBMIOS entry and DMI tables" (Dan 
Duval)  [Orabug: 27100376]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai)  [Orabug: 
27117850]  {CVE-2017-16527}
- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. 
Milne)  [Orabug: 26934329]
- scsi: qla2xxx: Fix NULL pointer access due to redundant 
fc_host_port_name call (Quinn Tran)  [Orabug: 27184882]
- scsi: qla2xxx: Initialize Work element before requesting IRQs 
(Himanshu Madhani)  [Orabug: 27184882]
- scsi: qla2xxx: Fix uninitialized work element (Quinn Tran)  [Orabug: 
27184882]
- Revert "Improves clear_huge_page() using work queues" (Jack Vogel) 
[Orabug: 27162196]
- kvm: x86: don't print warning messages for unimplemented msrs (Bandan 
Das)  [Orabug: 26933160]
- scsi: qla2xxx: Fix slow mem alloc behind lock (Quinn Tran)  [Orabug: 
27134422]
- packet: in packet_do_bind, test fanout with bind_lock held (Willem de 
Bruijn)  [Orabug: 27050772]  {CVE-2017-15649}
- packet: hold bind lock when rebinding to fanout hook (Willem de 
Bruijn)  [Orabug: 27050772]  {CVE-2017-15649}
- net: convert packet_fanout.sk_ref from atomic_t to refcount_t 
(Reshetova, Elena)  [Orabug: 27050772]  {CVE-2017-15649}
- packet: fix races in fanout_add() (Eric Dumazet)  [Orabug: 27050772] 
{CVE-2017-15649}
- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) 
  [Orabug: 27050772]  {CVE-2017-15649}
- locking/atomics: Add _{acquire|release|relaxed}() variants of some 
atomic operations (Will Deacon)  [Orabug: 27050772]  {CVE-2017-15649}
- xen-netback: enable skip_guestrx_thread by default (Joao Martins) 
[Orabug: 27125766]
- net:xen-netback - Change 1 to true for bool type variable. (Shailendra 
Verma)  [Orabug: 27125766]
- xen-netfront: Improve error handling during initialization (Ross 
Lagerwall)  [Orabug: 22817043]
- lib/vsprintf.c: warn about too large precisions and field widths 
(Rasmus Villemoes)  [Orabug: 26178769]
- lib/vsprintf.c: help gcc make number() smaller (Rasmus Villemoes) 
[Orabug: 26178769]
- lib/vsprintf.c: expand field_width to 24 bits (Rasmus Villemoes) 
[Orabug: 26178769]
- ocfs2: code clean up for direct io (Ryan Ding)
- net/rds: use multiple sge than buddy allocation in congestion code 
(Wei Lin Guay)  [Orabug: 26770234]
- Revert "RDS: fix the sg allocation based on actual message size" (Wei 
Lin Guay)  [Orabug: 26770234]
- Revert "RDS: avoid large pages for sg allocation for TCP transport" 
(Wei Lin Guay)  [Orabug: 26770234]
- Revert "net/rds: Reduce memory footprint in rds_sendmsg" (Wei Lin 
Guay)  [Orabug: 26770234]
- net/rds: reduce memory footprint during ib_post_recv in IB transport 
(Wei Lin Guay)  [Orabug: 26770234]
- net/rds: reduce memory footprint during rds_sendmsg with IB transport 
(Wei Lin Guay)  [Orabug: 26770234]
- net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin 
Guay)  [Orabug: 26770234]
-     scsi: Don't abort scsi_scan due to unexpected response (John 
Sobecki)  [Orabug: 27072286]
- rds: Fix inaccurate accounting of unsignaled wrs in rds_ib_xmit_rdma 
(Håkon Bugge)  [Orabug: 27090772]
- rds: Fix inaccurate accounting of unsignaled wrs (Håkon Bugge) 
[Orabug: 27090772]
- ocfs2: fstrim: Fix start offset of first cluster group during fstrim 
(Ashish Samant)  [Orabug: 27111255]
- rtc: cmos: century support (Sylvain Chouleur)  [Orabug: 27111144]

[4.1.12-117.el6uek]
- xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() 
(Jan Kara)  [Orabug: 27093425]
- xfs: Fix missed holes in SEEK_HOLE implementation (Jan Kara)  [Orabug: 
27093425]
- ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff() 
(Jan Kara)  [Orabug: 27093425]
- ext4: fix SEEK_HOLE (Jan Kara)  [Orabug: 27093425]
- uek-rpm: Add more missing modules to OL7 ueknano (Somasundaram 
Krishnasamy)  [Orabug: 27092501]
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly 
Mayatskikh)  [Orabug: 27062562]  {CVE-2017-12190}
- more bio_map_user_iov() leak fixes (Al Viro)  [Orabug: 27062562] 
{CVE-2017-12190}
- virtio-pci: alloc only resources actually used. (Gerd Hoffmann) 
[Orabug: 27054871] [Orabug: 26388044] [Orabug: 26388044] [Orabug: 
26388044] [Orabug: 26388044] [Orabug: 26388044] [Orabug: 26388044] 
[Orabug: 26388044] [Orabug: 26388044]
- usb: Quiet down false peer failure messages (Don Zickus)  [Orabug: 
27080216]
- xscore: add dma address check (Zhu Yanjun)  [Orabug: 27074085]
- netlink: allow to listen "all" netns (Nicolas Dichtel)  [Orabug: 
23634951]
- netlink: rename private flags and states (Nicolas Dichtel)  [Orabug: 
23634951]
- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) 
[Orabug: 23634951]
- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) 
[Orabug: 23634951]
- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) 
[Orabug: 23634951]
- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) 
[Orabug: 23634951]
- netns: returns always an id in __peernet2id() (Nicolas Dichtel) 
[Orabug: 23634951]
- uek-rpm: add update-el-x86; fix-up ol6/update-el (Chuck Anderson) 
[Orabug: 27004340]
- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) 
[Orabug: 26798697]
- qla2xxx: Update driver version to 9.00.00.00.40.0-k (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Fix delayed response to command for loop mode/direct connect. 
(Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Use IOCB interface to submit non-critical MBX. (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Add async new target notification (Quinn Tran)  [Orabug: 
26844197]
- qla2xxx: Allow relogin to proceed if remote login did not finish 
(Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Fix sess_lock & hardware_lock lock order problem. (Quinn 
Tran)  [Orabug: 26844197]
- qla2xxx: Fix inadequate lock protection for ABTS. (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Fix request queue corruption. (Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Fix memory leak for abts processing (Quinn Tran)  [Orabug: 
26844197]
- scsi: qla2xxx: Fix ql_dump_buffer (Joe Perches)  [Orabug: 26844197]
- scsi: qla2xxx: Fix response queue count for Target mode. (Michael 
Hernandez)  [Orabug: 26844197]
- scsi: qla2xxx: Cleaned up queue configuration code. (Michael 
Hernandez)  [Orabug: 26844197]
- qla2xxx: Fix a warning reported by the "smatch" static checker (Quinn 
Tran)  [Orabug: 26844197]
- qla2xxx: Simplify usage of SRB structure in driver (Bart Van Assche) 
[Orabug: 26844197]
- qla2xxx: Simplify usage of SRB structure in driver (Joe Carnuccio) 
[Orabug: 26844197]
- qla2xxx: Improve RSCN handling in driver (Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Add framework for async fabric discovery (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Track I-T nexus as single fc_port struct (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: introduce a private sess_kref (Christoph Hellwig)  [Orabug: 
26844197]
- qla2xxx: Use d_id instead of s_id for more clarity (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Fix wrong argument in sp done callback (Quinn Tran)  [Orabug: 
26844197]
- qla2xxx: Remove SRR code (Himanshu Madhani)  [Orabug: 26844197]
- qla2xxx: Cleanup TMF code translation from qla_target (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Disable out-of-order processing by default in firmware (Quinn 
Tran)  [Orabug: 26844197]
- qla2xxx: Fix erroneous invalid handle message (Quinn Tran)  [Orabug: 
26844197]
- qla2xxx: Reduce exess wait during chip reset (Quinn Tran)  [Orabug: 
26844197]
- qla2xxx: Terminate exchange if corrupted (Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Fix crash due to null pointer access (Quinn Tran)  [Orabug: 
26844197]
- qla2xxx: Collect additional information to debug fw dump (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Reset reserved field in firmware options to 0 (Himanshu 
Madhani)  [Orabug: 26844197]
- qla2xxx: Include ATIO queue in firmware dump when in target mode 
(Himanshu Madhani)  [Orabug: 26844197]
- qla2xxx: Fix wrong IOCB type assumption (Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Add DebugFS node for target sess list. (Quinn Tran)  [Orabug: 
26844197]
- tcm_qla2xxx: Convert to target_alloc_session usage (Nicholas 
Bellinger)  [Orabug: 26844197]
- qla2xxx: Use ATIO type to send correct tmr response (Swapnil Nagle) 
[Orabug: 26844197]
- qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM 
(Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Move atioq to a different lock to reduce lock contention 
(Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Remove dependency on hardware_lock to reduce lock contention. 
(Quinn Tran)  [Orabug: 26844197]
- qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit. (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Wait for all conflicts before ack'ing PLOGI (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: Delete session if initiator is gone from FW (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: Added interface to send explicit LOGO. (Himanshu Madhani) 
[Orabug: 26844197]
- qla2xxx: Add FW resource count in DebugFS. (Quinn Tran)  [Orabug: 
26844197]
- qla2xxx: Enable Target counters in DebugFS. (Himanshu Madhani) 
[Orabug: 26844197]
- qla2xxx: terminate exchange when command is aborted by LIO (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: drop cmds/tmrs arrived while session is being deleted (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: disable scsi_transport_fc registration in target mode (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: added sess generations to detect RSCN update races (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: Abort stale cmds on qla_tgt_wq when plogi arrives (Alexei 
Potashnik)  [Orabug: 26844197]
- qla2xxx: delay plogi/prli ack until existing sessions are deleted 
(Alexei Potashnik)  [Orabug: 26844197]
- qla2xxx: cleanup cmd in qla workqueue before processing TMR (Swapnil 
Nagle)  [Orabug: 26844197]
- qla2xxx: Add flush after updating ATIOQ consumer index. (Quinn Tran) 
[Orabug: 26844197]
- qla2xxx: Enable target mode for ISP27XX (Himanshu Madhani)  [Orabug: 
26844197]
- KVM: nVMX: Fix loss of L2's NMI blocking state (Wanpeng Li)
- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo 
Bonzini)
- KVM: VMX: require virtual NMI support (Paolo Bonzini)
- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li)
- NFS: Add static NFS I/O tracepoints (Chuck Lever)
- firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) 
[Orabug: 27023745]
- x86/platform/uv: Fix kdump for UV (Kirtikar Kashyap)  [Orabug: 27031345]
- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers)  [Orabug: 
27049926]  {CVE-2017-12192}
- virtio:rng: Virtio RNG devices need to be re-registered after 
suspend/resume (Jim Quigley)  [Orabug: 26989940]
- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) 
[Orabug: 26908674]

[4.1.12-116.el6uek]
- dtrace: Add CTF archive to the UEK nano package (Tomas Jedlicka) 
[Orabug: 26983106]
- uek-rpm: Update kernel-ueknano's provides list. (Somasundaram 
Krishnasamy)  [Orabug: 27037687]
- uek-rpm: Add more modules to ueknano for OL7 (Somasundaram 
Krishnasamy)  [Orabug: 27037696]
- Revert "drivers/char/mem.c: deny access in open operation when 
securelevel is set" (Dhaval Giani)  [Orabug: 27037788]
- scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (Sreekanth 
Reddy)  [Orabug: 26894858]
- scsi: mpt3sas: Adding support for SAS3616 HBA device (Sreekanth Reddy) 
  [Orabug: 26894858]
- scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for 
SAS device after host reset (Sreekanth Reddy)  [Orabug: 26894858]
- scsi: mpt3sas: Display chassis slot information of the drive 
(Sreekanth Reddy)  [Orabug: 26894858]
- scsi: mpt3sas: Updated MPI headers to v2.00.48 (Sreekanth Reddy) 
[Orabug: 26894858]
- scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 
volume created on two SATA drive (Sreekanth Reddy)  [Orabug: 26894858]
- scsi: mpt3sas: Fix removal and addition of vSES device during host 
reset (Sreekanth Reddy)  [Orabug: 26894858]
- scsi: mpt3sas: Reduce memory footprint in kdump kernel (Sreekanth 
Reddy)  [Orabug: 26894858]
- scsi: mpt3sas: Fixed memory leaks in driver (Sreekanth Reddy) 
[Orabug: 26894858]
- scsi: mpt3sas: Processing of Cable Exception events (Sreekanth Reddy) 
[Orabug: 26894858]
- selinux: fix off-by-one in setprocattr (Stephen Smalley)  [Orabug: 
25660054]  {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}
- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou 
Chengming)  [Orabug: 25062944]  {CVE-2016-9191} {CVE-2016-9191}
- storvsc: don't assume SG list is contiguous (Aruna Ramakrishna) 
[Orabug: 26492697]
- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. 
Shutemov)  [Orabug: 27026170]
- scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands 
(James Bottomley)  [Orabug: 26824565]
- ovl: during copy up, switch to mounter's creds early (Vivek Goyal) 
[Orabug: 25684456]
- ovl: lookup: do getxattr with mounter's permission (Miklos Szeredi) 
[Orabug: 25684456]
- ovl: get rid of the dead code left from broken (and disabled) 
optimizations (Al Viro)  [Orabug: 25684456]
- selinux: Implement dentry_create_files_as() hook (Vivek Goyal) 
[Orabug: 25684456]
- security, overlayfs: Provide hook to correctly label newly created 
files (Vivek Goyal)  [Orabug: 25684456]
- selinux: Pass security pointer to determine_inode_label() (Vivek 
Goyal)  [Orabug: 25684456]
- selinux: Implementation for inode_copy_up_xattr() hook (Vivek Goyal) 
[Orabug: 25684456]
- security,overlayfs: Provide security hook for copy up of xattrs for 
overlay file (Vivek Goyal)  [Orabug: 25684456]
- selinux: Implementation for inode_copy_up() hook (Vivek Goyal) 
[Orabug: 25684456]
- security, overlayfs: provide copy up security hook for unioned files 
(Vivek Goyal)  [Orabug: 25684456]
- selinux: delay inode label lookup as long as possible (Paul Moore) 
[Orabug: 25684456]
- selinux: Add accessor functions for inode->i_security (Andreas 
Gruenbacher)  [Orabug: 25684456]
- selinux: Create a common helper to determine an inode label [ver #3] 
(David Howells)  [Orabug: 25684456]
- rds: Proper init/exit declaration for module init/exit function 
(Ka-Cheong Poon)  [Orabug: 27013833]
- rds: Remove .exit from struct rds_transport (Ka-Cheong Poon)  [Orabug: 
27013833]
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina 
Dubroca)  [Orabug: 26540159]  {CVE-2017-7542}
- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian 
Foster)
- udp: consistently apply ufo or fragmentation (Willem de Bruijn) 
[Orabug: 26921303]  {CVE-2017-1000112}
- nvme-pci: Remove nvme_setup_prps BUG_ON (Keith Busch)  [Orabug: 26871819]
- block: Check for gaps on front and back merges (Jens Axboe)  [Orabug: 
26871819]
- block: Copy a user iovec if it includes gaps (Sagi Grimberg)
- blk: [Partial] Replace SG_GAPGS with new queue limits mask (Ashok 
Vairavan)  [Orabug: 26871819]

[4.1.12-115.el6uek]
- CVE-2016-10318 missing authorization check fscrypt_process_policy 
(Jack Vogel)  [Orabug: 25883175]
- uek-rpm: Build kernel ueknano rpm for OL7 (Somasundaram Krishnasamy) 
[Orabug: 27002543]
- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) 
[Orabug: 26999048]
- ocfs2: fix posix_acl_create deadlock (Junxiao Bi)  [Orabug: 26731834]
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
parse nlmsg properly (Xin Long)  [Orabug: 26828494]  {CVE-2017-14489}
- uek/config: enable NVME SG_IO support by default (Shan Hai)  [Orabug: 
26993705]
- nvme: report the scsi TUR state correctly (Shan Hai)  [Orabug: 26993705]
- vring: Use the DMA API on Xen (Andy Lutomirski)  [Orabug: 26388044]
- virtio_pci: Use the DMA API if enabled (Andy Lutomirski)  [Orabug: 
26388044]
- virtio_mmio: Use the DMA API if enabled (Andy Lutomirski)  [Orabug: 
26388044]
- virtio: Add improved queue allocation API (Andy Lutomirski)  [Orabug: 
26388044]
- virtio_ring: Support DMA APIs (Andy Lutomirski)  [Orabug: 26388044]
- vring: Introduce vring_use_dma_api() (Andy Lutomirski)
- smartpqi: update driver version (Don Brace)  [Orabug: 26943380]
- smartpqi: cleanup raid map warning message (Kevin Barnett)  [Orabug: 
26943380]
- smartpqi: update controller ids (Kevin Barnett)  [Orabug: 26943380]
- scsi: smartpqi: remove the smp_handler stub (Christoph Hellwig) 
[Orabug: 26943380]
- scsi: smartpqi: change driver version to 1.1.2-125 (Kevin Barnett) 
[Orabug: 26943380]
- scsi: smartpqi: add in new controller ids (Kevin Barnett)  [Orabug: 
26943380]
- scsi: smartpqi: update kexec and power down support (Kevin Barnett) 
[Orabug: 26943380]
- scsi: smartpqi: cleanup doorbell register usage. (Kevin Barnett) 
[Orabug: 26943380]
- scsi: smartpqi: update pqi passthru ioctl (Kevin Barnett)  [Orabug: 
26943380]
- scsi: smartpqi: enhance BMIC cache flush (Kevin Barnett)  [Orabug: 
26943380]
- scsi: smartpqi: add pqi reset quiesce support (Kevin Barnett) 
[Orabug: 26943380]
- scsi: smartpqi: make pdev pointer names consistent (Kevin Barnett) 
[Orabug: 26943380]
- be2net: fix TSO6/GSO issue causing TX-stall on Lancer/BEx (Suresh 
Reddy)  [Orabug: 26943365]

[4.1.12-114.el6uek]
- ovl: fix get_acl() on tmpfs (Miklos Szeredi)  [Orabug: 26975443]
- ixgbe: Initialize 64-bit stats seqcounts (Florian Fainelli)  [Orabug: 
26785078]
- ixgbe: Disable flow control for XFI (Tony Nguyen)  [Orabug: 26785078]
- ixgbe: Do not support flow control autonegotiation for X553 (Tony 
Nguyen)  [Orabug: 26785078]
- ixgbe: Update NW_MNG_IF_SEL support for X553 (Tony Nguyen)  [Orabug: 
26785078]
- ixgbe: Enable LASI interrupts for X552 devices (Tony Nguyen)  [Orabug: 
26785078]
- ixgbe: Ensure MAC filter was added before setting MACVLAN (Tony 
Nguyen)  [Orabug: 26785078]
- ixgbe: pci_set_drvdata must be called before register_netdev (Jeff 
Mahoney)  [Orabug: 26785078]
- ixgbe: Resolve cppcheck format string warning (Tony Nguyen)  [Orabug: 
26785078]
- ixgbe: fix writes to PFQDE (Emil Tantilov)  [Orabug: 26785078]
- ixgbevf: Bump version number (Tony Nguyen)  [Orabug: 26785078]
- ixgbe: Bump version number (Tony Nguyen)  [Orabug: 26785078]
- ixgbe: check for Tx timestamp timeouts during watchdog (Jacob Keller) 
[Orabug: 26785078]
- ixgbe: add statistic indicating number of skipped Tx timestamps (Jacob 
Keller)  [Orabug: 26785078]
- ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) 
[Orabug: 26785078]
- ixgbe: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) 
[Orabug: 26785078]
- net: better skb->sender_cpu and skb->napi_id cohabitation (Eric 
Dumazet)  [Orabug: 26953388] [Orabug: 26591689]
- uek-rpm: Clean up installed directories when uninstalling 
kernel-ueknano (Somasundaram Krishnasamy)  [Orabug: 26929773]
- uek-rpm: Add missing ko modules to nano rpm (Somasundaram Krishnasamy) 
  [Orabug: 26929773]
- i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Jacob 
Keller)  [Orabug: 26785018]
- i40e: avoid NVM acquire deadlock during NVM update (Anjali Singhai 
Jain)  [Orabug: 26785018]
- i40e/i40evf: avoid dynamic ITR updates when polling or low packet rate 
(Jacob Keller)  [Orabug: 26785018]
- i40e/i40evf: remove ULTRA latency mode (Jacob Keller)  [Orabug: 26785018]
- i40e: invert logic for checking incorrect cpu vs irq affinity (Jacob 
Keller)  [Orabug: 26785018]
- i40e: initialize our affinity_mask based on cpu_possible_mask (Jacob 
Keller)  [Orabug: 26785018]
- i40e: move enabling icr0 into i40e_update_enable_itr (Jacob Keller) 
[Orabug: 26785018]
- i40e: remove workaround for resetting XPS (Jacob Keller)  [Orabug: 
26785018]
- i40e: Fix for unused value issue found by static analysis (Carolyn 
Wyborny)  [Orabug: 26785018]
- i40e: 25G FEC status improvements (Mariusz Stachura)  [Orabug: 26785018]
- i40e: force VMDQ device name truncation (Jacob Keller)  [Orabug: 
26785018]
- i40evf: fix possible snprintf truncation of q_vector->name (Jacob 
Keller)  [Orabug: 26785018]
- i40e: Use correct flag to enable egress traffic for unicast promisc 
(Akeem G Abodunrin)  [Orabug: 26785018]
- i40e: prevent snprintf format specifier truncation (Jacob Keller) 
[Orabug: 26785018]
- i40e: Store the requested FEC information (Mariusz Stachura)  [Orabug: 
26785018]
- i40e: Update state variable for adminq subtask (Sudheer Mogilappagari) 
  [Orabug: 26785018]
- i40e: synchronize nvmupdate command and adminq subtask (Sudheer 
Mogilappagari)  [Orabug: 26785018]
- i40e: prevent changing ITR if adaptive-rx/tx enabled (Alan Brady) 
[Orabug: 26785018]
- i40evf: use netdev variable in reset task (Alan Brady)  [Orabug: 
26785018]
- i40e: move check for avoiding VID=0 filters into i40e_vsi_add_vlan 
(Jacob Keller)  [Orabug: 26785018]
- i40e/i40evf: use cmpxchg64 when updating private flags in ethtool 
(Jacob Keller)  [Orabug: 26785018]
- i40e: Detect ATR HW Evict NVM issue and disable the feature (Anjali 
Singhai Jain)  [Orabug: 26785018]
- i40e: Fix a bug with VMDq RSS queue allocation (Anjali Singhai Jain) 
[Orabug: 26785018]
- i40evf: prevent VF close returning before state transitions to DOWN 
(Sudheer Mogilappagari)  [Orabug: 26785018]
- i40e: Initialize 64-bit statistics TX ring seqcount (Florian Fainelli) 
  [Orabug: 26785018]
- i40e: handle setting administratively set MAC address back to zero 
(Stefan Assmann)  [Orabug: 26785018]
- i40evf: remove unnecessary __packed (Tushar Dave)  [Orabug: 26785018]
- i40evf: add some missing includes (Jesse Brandeburg)  [Orabug: 26785018]
- i40e: display correct UDP tunnel type name (Jacob Keller)  [Orabug: 
26785018]
- i40e/i40evf: remove mismatched type warnings (Jesse Brandeburg) 
[Orabug: 26785018]
- i40e/i40evf: make IPv6 ATR code clearer (Jesse Brandeburg)  [Orabug: 
26785018]
- i40e: fix odd formatting and indent (Jesse Brandeburg)  [Orabug: 
26785018]
- i40e: fix up 32 bit timespec references (Jesse Brandeburg)  [Orabug: 
26785018]
- i40e: Handle admin Q timeout when releasing NVM (Paul M Stillwell Jr) 
[Orabug: 26785018]
- i40e: remove WQ_UNBOUND and the task limit of our workqueue (Jacob 
Keller)  [Orabug: 26785018]
- i40e: Fix for trace found with S4 state (Carolyn Wyborny)  [Orabug: 
26785018]
- i40e: fix incorrect variable assignment (Gustavo A R Silva)  [Orabug: 
26785018]
- i40e: don't hold RTNL lock for the entire reset (Jacob Keller) 
[Orabug: 26785018]
- i40e: clear only cause_ena bit (Shannon Nelson)  [Orabug: 26785018]
- i40e: fix disabling overflow promiscuous mode (Alan Brady)  [Orabug: 
26785018]
- i40e: Add support for OEM firmware version (Filip Sadowski)  [Orabug: 
26785018]
- i40e: genericize the partition bandwidth control (Shannon Nelson) 
[Orabug: 26785018]
- i40e: Add message for unsupported MFP mode (Carolyn Wyborny)  [Orabug: 
26785018]
- i40e: Support firmware CEE DCB UP to TC map re-definition (Greg 
Bowers)  [Orabug: 26785018]
- i40e: Fix potential out of bound array access (Sudheer Mogilappagari) 
[Orabug: 26785018]
- i40e: comment that udp_port must be in host byte order (Jacob Keller) 
[Orabug: 26785018]
- i40e: use dev_dbg instead of dev_info when warning about missing 
routine (Jacob Keller)  [Orabug: 26785018]
- i40e/i40evf: update WOL and I40E_AQC_ADDR_VALID_MASK flags (Alice 
Michael)  [Orabug: 26785018]
- i40evf: assign num_active_queues inside i40evf_alloc_queues (Jacob 
Keller)  [Orabug: 26785018]
- i40e: Fix a sleep-in-atomic bug (Jia-Ju Bai)  [Orabug: 26785018]
- i40e: fix handling of HW ATR eviction (Jacob Keller)  [Orabug: 26785018]
- i40evf: update i40evf.txt with new content (Jesse Brandeburg) 
[Orabug: 26785018]
- i40evf: Add support for Adaptive Virtual Function (Preethi Banala) 
[Orabug: 26785018]
- i40evf: drop i40e_type.h include (Jesse Brandeburg)  [Orabug: 26785018]
- i40e: Check for memory allocation failure (Christophe Jaillet) 
[Orabug: 26785018]
- i40e: check for Tx timestamp timeouts during watchdog (Jacob Keller) 
[Orabug: 26785018]
- i40e: use pf data structure directly in i40e_ptp_rx_hang (Jacob 
Keller)  [Orabug: 26785018]
- i40e: add statistic indicating number of skipped Tx timestamps (Jacob 
Keller)  [Orabug: 26785018]
- i40e: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) 
[Orabug: 26785018]
- i40e: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) 
[Orabug: 26785018]
- i40evf: disable unused flags (Jesse Brandeburg)  [Orabug: 26785018]
- i40evf: fix merge error in older patch (Jesse Brandeburg)  [Orabug: 
26785018]
- i40evf: fix duplicate lines (Jesse Brandeburg)  [Orabug: 26785018]
- i40evf: hide unused variable (Arnd Bergmann)  [Orabug: 26785018]
- i40evf: allocate queues before we setup the interrupts and q_vectors 
(Jacob Keller)  [Orabug: 26785018]
- i40evf: remove I40E_FLAG_FDIR_ATR_ENABLED (Jacob Keller)  [Orabug: 
26785018]
- i40e: remove hw_disabled_flags in favor of using separate flag bits 
(Jacob Keller)  [Orabug: 26785018]
- i40evf: remove needless min_t() on num_online_cpus()*2 (Jacob Keller) 
[Orabug: 26785018]
- i40e: remove unnecessary msleep() delay in i40e_free_vfs (Jacob 
Keller)  [Orabug: 26785018]
- i40e: amortize wait time when disabling lots of VFs (Jacob Keller) 
[Orabug: 26785018]
- i40e: Reprogram port offloads after reset (Alexander Duyck)  [Orabug: 
26785018]
- i40e: rename index to port to avoid confusion (Jacob Keller)  [Orabug: 
26785018]
- i40e: make use of i40e_reset_all_vfs when initializing new VFs (Jacob 
Keller)  [Orabug: 26785018]
- i40e: properly spell I40E_VF_STATE_* flags (Jacob Keller)  [Orabug: 
26785018]
- i40e: use i40e_stop_rings_no_wait to implement PORT_SUSPENDED state 
(Jacob Keller)  [Orabug: 26785018]
- i40e: reset all VFs in parallel when rebuilding PF (Jacob Keller) 
[Orabug: 26785018]
- i40e: split some code in i40e_reset_vf into helpers (Jacob Keller) 
[Orabug: 26785018]
- i40e: remove I40E_FLAG_IN_NETPOLL entirely (Jacob Keller)  [Orabug: 
26785018]
- i40e: reduce wait time for adminq command completion (Jacob Keller) 
[Orabug: 26785018]
- i40e: fix CONFIG_BUSY checks in i40e_set_settings function (Jacob 
Keller)  [Orabug: 26785018]
- i40e: factor out queue control from i40e_vsi_control_(tx|rx) (Jacob 
Keller)  [Orabug: 26785018]
- i40e: don't hold RTNL lock while waiting for VF reset to finish (Jacob 
Keller)  [Orabug: 26785018]
- i40e: new AQ commands (Jingjing Wu)  [Orabug: 26785018]
- i40e/i40evf: Add tracepoints (Scott Peterson)  [Orabug: 26785018]
- i40evf: add client interface (Mitch Williams)  [Orabug: 26785018]
- i40e: dump VF information in debugfs (Mitch Williams)  [Orabug: 26785018]
- i40e: Fix support for flow director programming status (Alexander 
Duyck)  [Orabug: 26785018]
- i40e/i40evf: Remove VF Rx csum offload for tunneled packets (alice 
michael)  [Orabug: 26785018]
- i40evf: Use net_device_stats from struct net_device (Tobias Klauser) 
[Orabug: 26785018]
- i40e: clean up historic deprecated flag definitions (Jacob Keller) 
[Orabug: 26785018]
- i40e: remove I40E_FLAG_NEED_LINK_UPDATE (Alice Michael)  [Orabug: 
26785018]
- i40e: remove extraneous loop in i40e_vsi_wait_queues_disabled (Jacob 
Keller)  [Orabug: 26785018]
- i40e: Simplify i40e_detect_recover_hung_queue logic (Alan Brady) 
[Orabug: 26785018]
- i40e: Decrease the scope of rtnl lock (Maciej Sosin)  [Orabug: 26785018]
- i40e: Swap use of pf->flags and pf->hw_disabled_flags for ATR Eviction 
(Alexander Duyck)  [Orabug: 26785018]
- i40e: update error message when trying to add invalid filters (Jacob 
Keller)  [Orabug: 26785018]
- i40e: only register client on iWarp-capable devices (Mitch Williams) 
[Orabug: 26785018]
- i40e: close client on remove and shutdown (Mitch Williams)  [Orabug: 
26785018]
- i40e: register existing client on probe (Mitch Williams)  [Orabug: 
26785018]
- i40e: remove client instance on driver unload (Mitch Williams) 
[Orabug: 26785018]
- i40e: fix for queue timing delays (Wyborny, Carolyn)  [Orabug: 26785018]
- i40e/i40evf: Change the way we limit the maximum frame size for Rx 
(Alexander Duyck)  [Orabug: 26785018]
- i40e/i40evf: Add legacy-rx private flag to allow fallback to old Rx 
flow (Alexander Duyck)  [Orabug: 26785018]
- i40e/i40evf: Pull code for grabbing and syncing rx_buffer from 
fetch_buffer (Alexander Duyck)  [Orabug: 26785018]
- i40e/i40evf: Use length to determine if descriptor is done (Alexander 
Duyck)  [Orabug: 26785018]
- drivers/char/mem.c: deny access in open operation when securelevel is 
set (Ethan Zhao)  [Orabug: 26943864]

[4.1.12-113.el6uek]
- x86/mm/64: Enable SWIOTLB if system has SRAT memory regions above 
MAX_DMA32_PFN (Igor Mammedov)  [Orabug: 26754302]
- x86/mm: Introduce max_possible_pfn (Igor Mammedov)  [Orabug: 26754302]
- dtrace lockstat provider probes (Alan Maguire)  [Orabug: 26149674] 
[Orabug: 26149956]
- rds: RDS diagnostics when connections are stuck in Receiver Not Ready 
state. (hui.han)
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
[Orabug: 26673877]  {CVE-2017-10661}
- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() 
(Tim Tianyang Chen)  [Orabug: 26540118]  {CVE-2017-7541}
- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) 
[Orabug: 25882988]  {CVE-2017-7618}
- xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables 
mapping (Zhenzhong Duan)  [Orabug: 26883325]
- selftests/memfd: add memfd_create hugetlbfs selftest (Mike Kravetz) 
[Orabug: 26768367]
- mm/shmem: add hugetlbfs support to memfd_create() (Mike Kravetz) 
[Orabug: 26768367]
- mm: shm: use new hugetlb size encoding definitions (Mike Kravetz) 
[Orabug: 26768367]
- mm: arch: consolidate mmap hugetlb size encodings (Mike Kravetz) 
[Orabug: 26768367]
- uapi/Kbuild: add new header file hugetlb_encode.h (Mike Kravetz) 
[Orabug: 26768367]
- mm: hugetlb: define system call hugetlb size encodings in single file 
(Mike Kravetz)  [Orabug: 26768367]
- RDS: IB: Change the proxy qp's path_mtu to IB_MTU_256 (Avinash Repaka) 
  [Orabug: 26864694]
- devpts: clean up interface to pty drivers (Linus Torvalds)  [Orabug: 
26743034]
- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal 
Cardwell)  [Orabug: 26646104]
- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) 
{CVE-2017-12154} {CVE-2017-12154}
- dtrace: ensure SDT stub function returns 0 (Kris Van Hees)  [Orabug: 
26909775]
- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) 
[Orabug: 26796038]  {CVE-2017-14106}
- xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 
(Sabrina Dubroca)  [Orabug: 25959303]
- rxrpc: Fix several cases where a padded len isn't checked in ticket 
decode (David Howells)  [Orabug: 26376434]  {CVE-2017-7482} {CVE-2017-7482}
- xen: don't print error message in case of missing Xenstore entry 
(Juergen Gross)  [Orabug: 26841566]
- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin 
Guay)  [Orabug: 26526968]
- xen/x86: Add interface for querying amount of host memory (Boris 
Ostrovsky)  [Orabug: 26526923]
- rds: Fix non-atomic operation on shared flag variable (Håkon Bugge) 
[Orabug: 26842076]
- rds: Fix incorrect statistics counting (Håkon Bugge)  [Orabug: 26847583]
- i40e: use cpumask_copy instead of direct assignment (Jacob Keller) 
[Orabug: 26822609]
- mm: thp: set THP defrag by default to madvise and add a stall-free 
defrag option (Mel Gorman)  [Orabug: 26587019]
- crypto: testmgr - Set struct aead_testvec iv member size to MAX_IVLEN 
(Somasundaram Krishnasamy)  [Orabug: 25925256]
- SPEC: remove ctf.ko from ueknano modules list (Nick Alcock)  [Orabug: 
25815362]
- SPEC: generate CTF when DTrace is enabled. (Nick Alcock)  [Orabug: 
25815362]
- SPEC: bump libdtrace-ctf requirement to 0.7+. (Nick Alcock)  [Orabug: 
25815362]
- Documentation: add watermark_scale_factor to the list of vm systcl 
file (Jerome Marchand)  [Orabug: 26643957]
- mm: scale kswapd watermarks in proportion to memory (Johannes Weiner) 
[Orabug: 26643957]
- ctf: delete the deduplication blacklist (Nick Alcock)  [Orabug: 26765112]
- ctf: automate away the deduplication blacklist (Nick Alcock)  [Orabug: 
26765112]
- ctf: drop CONFIG_DT_DISABLE_CTF, ctf.ko, and all that it implies (Nick 
Alcock)  [Orabug: 25815362]
- ctf: do not allow dwarf2ctf to run as root (Nick Alcock)  [Orabug: 
25815362]
- ctf: decouple CTF building from the kernel build (Nick Alcock) 
[Orabug: 25815362]
- ctf: handle the bit_offset in members with a DW_FORM_block 
data_member_location (Nick Alcock)  [Orabug: 26387109]
- ctf: handle DW_AT_specification (Nick Alcock)  [Orabug: 26386100]



More information about the Oraclevm-errata mailing list