kernel security and bug fix update

2018-06-25T00:00:00
ID ELSA-2018-1854
Type oraclelinux
Reporter Oracle
Modified 2018-06-25T00:00:00

Description

[2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Rename RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639} - [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639} - [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639} - [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494] - [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351] - [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148] - [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130} - [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130} [2.6.32-753] - [x86] vm86-32: Properly set up vm86-32 stack for task switching (Waiman Long) [1572865] - [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts (Waiman Long) [1571362] - [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman Long) [1571362] [2.6.32-752] - [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1572487] - [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117] - [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357] - [net] security: export security_sk_clone (Marcelo Leitner) [1571357] [2.6.32-751] - [md] dm thin: fix regression that caused discards to be disabled if passdown was (Mike Snitzer) [1569377] - [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959] - [s390] correct nospec auto detection init order (Hendrik Brueckner) [1554959] - [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959] - [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959] - [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1554959] - [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1554959] - [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1554959] - [s390] Replace IS_ENABLED(EXPOLINE) with IS_ENABLED(CONFIG_EXPOLINE_) (Hendrik Brueckner) [1554959] - [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1554959] - [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1554959] - [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959] - [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1554959] - [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1554959] - [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1568241] - [net] sctp: verify size of a new chunk in sctp_make_chunk() (Stefano Brivio) [1551908] {CVE-2018-5803} [2.6.32-750] - [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi) [1387473] {CVE-2017-15121} - [documentation] kdump: fix documentation about panic_on_warn to match r (Pingfan Liu) [1555196] - [fs] Provide sane values for nlink (Leif Sahlberg) [1554342] [2.6.32-749] - [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1561788] - [powerpc] Move default security feature flags (Mauricio Oliveira) [1561788] - [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1561788] - [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788] - [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788] - [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1561788] - [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1561788] - [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1561788] - [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788] - [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1561786] - [x86] pti/32: Dont use trampoline stack on Xen PV (Waiman Long) [1562725] - [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1562725] - [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725] - [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1562725] - [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1562725] - [x86] entry: Remove extra argument in call instruction (Waiman Long) [1562552] - [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1557562 1562552] - [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845] - [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1558845] - [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1558845] - [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1558845] - [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1558845] [2.6.32-748] - [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh Sharma) [1494380] - [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh Sharma) [1494380] - [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380] - [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma) [1494380] - [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380] - [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [s390] mmap: randomize mmap base for bottom up direction (Bhupesh Sharma) [1494380] - [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: create Kconfig variable for PIE randomization (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: fix PIE execution with randomization disabled (Bhupesh Sharma) [1494380] - [acpi] acpica: Support calling _REG methods within ACPI interpreter (Lenny Szubowicz) [1522849] - [acpi] acpica: Function to test if ACPI interpreter already entered (Lenny Szubowicz) [1522849] - [acpi] acpica: Function to test if ACPI mutex held by this thread (Lenny Szubowicz) [1522849] [2.6.32-747] - [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S Peterson) [1559928] - [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S Peterson) [1559928] - [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil Horman) [1530378] - [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1559386] - [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1554631] - [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1554631] - [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1554630] - [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1554630] - [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630] [2.6.32-746] - [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike Snitzer) [1551999] {CVE-2017-18203} - [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1557562] - [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754} - [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1550599] {CVE-2017-5754} - [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1550599] {CVE-2017-5754} - [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony Camuso) [1484525] - [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525] - [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony Camuso) [1484525] - [ipmi] use smi_num for init_name (Tony Camuso) [1484525] - [ipmi] move platform device creation earlier in the initialization (Tony Camuso) [1484525] - [ipmi] clean up printks (Tony Camuso) [1484525] - [ipmi] cleanup error return (Tony Camuso) [1484525] - [md] raid0: apply base queue limits before disk_stack_limits (Xiao Ni) [1417294] - [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294] - [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni) [1417294] - [md] raid0: access mddev->queue (request queue member) conditionally because it is not set when accessed from dm-raid (Xiao Ni) [1417294] [2.6.32-745] - [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1550599] {CVE-2017-5754} - [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1550599] {CVE-2017-5754} - [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1550599] {CVE-2017-5754} - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548432] {CVE-2017-13166} - [scsi] lpfc: Fix crash from memory alloc at interrupt level with GFP_KERNEL set (Dick Kennedy) [1540706] [2.6.32-744] - [dm] io: fix duplicate bio completion due to missing ref count (Mikulas Patocka) [1334224] - [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1399822] - [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822] - [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1399822] [2.6.32-743] - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548432] {CVE-2017-13166} - [kernel] cgroup: initialize xattr before calling d_instantiate() (Aristeu Rozanski) [1533523] - [fs] ext: Dont clear SGID when inheriting ACLs (Andreas Grunbacher) [1473482] - [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076] - [fs] export __block_write_full_page (Robert S Peterson) [1331076] - [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei) [1462959] - [block] call blk_queue_enter() before allocating request (Ming Lei) [1462959] - [block] introduce blk_queue_enter() (Ming Lei) [1462959] - [mm] shmem: replace_page must flush_dcache and others (Waiman Long) [1412337] - [mm] shmem: replace page if mapping excludes its zone (Waiman Long) [1412337] - [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1550599] {CVE-2017-5754} - [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1550599] {CVE-2017-5754} - [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Restore segments before int registers (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1550599] {CVE-2017-5754} - [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1550599] {CVE-2017-5754} - [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599] {CVE-2017-5754} - [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754} - [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1550599] {CVE-2017-5754} [2.6.32-742] - [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero (Dave Anderson) [1405879] - [fs] proc: Resolve performance issues with multiple /proc/stat reads (Prarit Bhargava) [1544565] - [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900] - [fs] dcache: prevent multiple shrink_dcache_parent() on the same dentry (Miklos Szeredi) [1269288] - [fs] fifo: do not restart open() if it already found a partner (Miklos Szeredi) [1482983] - [audit] reinstate check for failed execve (Denys Vlasenko) [1488822] - [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri Olsa) [1427324] - [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980] - [lib] prevent BUG in kfree() due to memory exhaustion in __sg_alloc_table() (Larry Woodman) [1454453] - [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1212959] - [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1212959] - [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1212959] - [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1212959] - [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1212959] - [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1495167] - [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1495167] - [fs] gfs2: Defer deleting inodes under memory pressure (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks asynchronously (Andreas Grunbacher) [1255872] - [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872] - [fs] add set_nlink() (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas Grunbacher) [1255872] - [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872] - [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher) [1255872] - [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas Grunbacher) [1255872] - [fs] revert 'gfs2: Wait for iopen glock dequeues' (Andreas Grunbacher) [1255872] - [fs] gfs2: Fixup to 'Clear gl_object if gfs2_create_inode fails' (Andreas Grunbacher) [1506281] - [scsi] dual scan thread bug fix (Ewan Milne) [1508512] - [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512] - [scsi] bnx2fc: Fix check in SCSI completion handler for timed out request (Chad Dupuis) [1538168] [2.6.32-741] - [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543091] {CVE-2017-18017} - [net] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (Hangbin Liu) [1470559] - [net] sctp: use the right sk after waking up from wait_buf sleep (Hangbin Liu) [1470559] - [net] sctp: do not free asoc when it is already dead in sctp_sendmsg (Hangbin Liu) [1470559] - [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1535024] - [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1535024] - [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1535024] - [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1535024] - [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1532167] - [net] revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (Jesper Brouer) [1508504] - [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [1542773] - [scsi] hpsa: update driver version (Joseph Szczypek) [1541517] - [scsi] hpsa: correct resets on retried commands (Joseph Szczypek) [1541517] - [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517] [2.6.32-740] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1535645] - [x86] retpoline: Dont use kernel indirect thunks in vsyscalls (Waiman Long) [1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645] - [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1535645] - [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm (Waiman Long) [1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1535645] - [x86] alternatives: Document macros (Waiman Long) [1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1535645] - [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman Long) [1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645] [2.6.32-739] - [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543] - [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1538543] - [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542] - [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1538542] - [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1538542] - [s390] add ppa to system call and program check path (Hendrik Brueckner) [1538542] - [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542] - [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542] [2.6.32-738] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1519802] {CVE-2017-5754} - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519796] {CVE-2017-5715} - [x86] Revert 'entry: Use retpoline for syscalls indirect calls' (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has been restored (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754} - [x86] Revert 'mm/kaiser: Disable global pages by default with KAISER' (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscalls indirect calls (Waiman Long) [1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519796] {CVE-2017-5715} - [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP macros work from assembly (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Dont switch to trampoline stack in paranoid_exit (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519802] {CVE-2017-5754} [2.6.32-737] - [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592] - [fs] gfs2: Special case the rindex in gfs2_write_alloc_required() (Andrew Price) [1384184] - [scsi] scsi_dh_alua: fix race condition that causes multipath to hang (Mike Snitzer) [1500192] - [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang) [1281754] - [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594] - [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594] [2.6.32-736] - [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben Skeggs) [1468825] - [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626] {CVE-2017-1000410} - [scsi] storvsc: do not assume SG list is continuous when doing bounce buffers (for 4.1 and prior) (Cathy Avery) [1533175] [2.6.32-735] - [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: remove redundant test on len (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1538340] [2.6.32-734] - [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1518669] - [hv] vss: Operation timeouts should match host expectation (Mohammed Gamal) [1511431] - [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431] - [hv] utils: Check VSS daemon is listening before a hot backup (Mohammed Gamal) [1511431] - [hv] utils: Continue to poll VSS channel after handling requests (Mohammed Gamal) [1511431] - [md] dm: clear all discard attributes in queue_limits when discards are disabled (Mike Snitzer) [1433297] - [md] dm: discard support requires all targets in a table support discards (Mike Snitzer) [1433297] - [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817] {CVE-2017-8824} - [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139] - [net] sctp: fix src address selection if using secondary addresses for ipv6 (Xin Long) [1445919] - [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1470559] - [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559] - [net] tcp: fix race during timewait sk creation (Florian Westphal) [1205025] [2.6.32-733] - [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1532786] - [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca) [1459263] - [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1520860] - [s390] fix transactional execution control register handling (Hendrik Brueckner) [1520862] - [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1408108] [2.6.32-732] - [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [988988] - [mm] dont return 0 too early from find_get_pages() (Ian Kent) [988988] - [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1503322] - [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105] - [fs] gfs2: Withdraw for IO errors writing to the journal or statfs (Robert S Peterson) [1505956] - [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Ken Cox) [1523856] [2.6.32-731] - [kernel] fix __wait_on_atomic_t() to call the action func if the counter != 0 (David Howells) [1418631] - [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631] - [fs] fscache: clear outstanding writes when disabling a cookie (David Howells) [1418631] - [fs] fscache: initialise stores_lock in netfs cookie (David Howells) [1418631] - [fs] cachefiles: fix attempt to read i_blocks after deleting file (David Howells) [1418631] - [fs] cachefiles: fix race between inactivating and culling a cache object (David Howells) [1418631] - [fs] fscache: make check_consistency callback return int (David Howells) [1418631] - [fs] fscache: wake write waiter after invalidating writes (David Howells) [1418631] - [fs] cachefiles: provide read-and-reset release counters for cachefilesd (David Howells) [1418631] - [s390] disassembler: increase show_code buffer size (Hendrik Brueckner) [1516654] - [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski) [1424630] - [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting success (Scott Mayhew) [1205448] - [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif Sahlberg) [1494999] - [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447168] [2.6.32-730] - [scsi] avoid a permanent stop of the scsi devices request queue (Ewan Milne) [1513455] - [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590] {CVE-2017-12190} - [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming Lei) [1503590] {CVE-2017-12190} [2.6.32-729] - [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1504260] [2.6.32-728] - [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do lru_add_drain_all (Waiman Long) [1463754] - [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun Vynipadath) [1446952] - [netdrv] chelsio : Fixes the issue seen on initiator while stopping the target (Sai Vemuri) [1442097] - [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991] - [netdrv] cxgb4vf: dont offload Rx checksums for IPv6 fragments (Davide Caratti) [1427036] - [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu Madhani) [1408549] [2.6.32-727] - [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1492220] - [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1492220] [2.6.32-726] - [s390] qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1467962] [2.6.32-725] - [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1497000] - [ipmi] create hardware-independent softdep for ipmi_devintf (Tony Camuso) [1457915] [2.6.32-724] - [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1435787] - [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1435787] - [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1435787] - [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787] - [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1435787] - [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1435787] [2.6.32-723] - [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] [2.6.32-722] - [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152] - [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476124] {CVE-2017-11176} [2.6.32-721] - [char] ipmi: use rcu lock around call to intf->handlers->sender() (Tony Camuso) [1466034] - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1484946] {CVE-2017-7308} - [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1484946] {CVE-2017-7308} - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492961] {CVE-2017-1000253} [2.6.32-720] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488340] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488340] {CVE-2017-14106} - [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477006] {CVE-2017-7542} - [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477006] {CVE-2017-7542} - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481529] {CVE-2017-1000112} - [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112} [2.6.32-719] - [fs] nfs: dont disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1459636] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490062] {CVE-2017-1000251} [2.6.32-718] - [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1477288] - [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1477288] [2.6.32-717] - [video] efifb: allow user to disable write combined mapping (Dave Airlie) [1465097] [2.6.32-716] - [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1441773] - [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541} - [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1441169] - [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1441169] - [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1441169] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169] - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1441169] - [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1441169] [2.6.32-715] - [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1466530] [2.6.32-714] - [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1464541] - [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1464541] - [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1464541] - [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1464541] [2.6.32-713] - [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1459951] {CVE-2017-9074} [2.6.32-712] - [mm] backport upstream large stack guard patch to RHEL6 (Larry Woodman) [1464237 1452730] {CVE-2017-1000364} - [mm] revert 'enlarge stack guard gap' (Larry Woodman) [1452730] {CVE-2017-1000364} - [mm] revert 'allow JVM to implement its own stack guard pages' (Larry Woodman) [1464237] [2.6.32-711] - [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1459978] - [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1452358] [2.6.32-710] - [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1464237] - [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364} [2.6.32-709] - [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for firmware updates for additional processors (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for updating flash more securely (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Request firmware reset after successful firwmare update (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add installed-package firmware version reporting via Ethtool GDRVINFO (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Reset embedded processor after applying firmware upgrade (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via Ethtool FLASHDEV (Jonathan Toppins) [1439450] - [net] sctp: do not inherit ipv6(mc|ac|fl)_list from parent (Florian Westphal) [1455612] {CVE-2017-9075} - [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077} - [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal) [1455612] {CVE-2017-8890} - [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket (Florian Westphal) [1455612] [2.6.32-708] - [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave Wysochanski) [1458421] - [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno E. O. Meneguele) [1443539] {CVE-2017-7616} - [s390] zfcp: fix use-after-'free' in FC ingress path after TMF (Hendrik Brueckner) [1421762] - [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305] - [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don Dutile) [1417305] - [block] make blk_cleanup_queue() wait until request_fn finished (Don Dutile) [1417305] [2.6.32-707] - [kernel] audit: acquire creds selectively to reduce atomic op overhead (Paul Moore) [1454847] - [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326] - [s390] zfcp: do not trace pure benign residual HBA responses at default level (Hendrik Brueckner) [1421760] - [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1421761] [2.6.32-706] - [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030] - [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio Lombardi) [1393672] [2.6.32-705] - [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1446755] {CVE-2017-7895} - [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1446755] {CVE-2017-7895} - [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] remove confusing comment and move put_ctx() (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] restructure perf syscall point of no return (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001} - [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440] [2.6.32-704] - [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1448170] - [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1441909] [2.6.32-703] - [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [869942] - [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942] [2.6.32-702] - [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1440361] - [net] ping: implement proper locking (Jakub Sitnicki) [1438999] {CVE-2017-2671} - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430578] {CVE-2017-6214} - [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes Frederic Sowa) [1412331] [2.6.32-701] - [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1146727] - [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1434560] [2.6.32-700] - [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1431508] - [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1436527] - [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398456] {CVE-2016-8650} - [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517] {CVE-2015-8830} - [fs] vfs: make AIO use the proper rw_verify_area() area helpers (Mateusz Guzik) [1337535] {CVE-2012-6701} [2.6.32-699] - [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1429881] - [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1429881] [2.6.32-698] - [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762] - [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762] - [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1250762] - [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1250762] [2.6.32-697] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1360930] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429918] {CVE-2017-2636}