kernel security, bug fix, and enhancement update

[3.10.0-957.27.2.OL7]

• Oracle Linux certificates (Alexey Petrenko)
• Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
• Update x509.genkey [bug 24817676]
  [3.10.0-957.27.2]
• [x86] hyper-v: fix hyperv.h UAPI header (Vitaly Kuznetsov) [1727109 1692492]
• [iommu] hyper-v: Add Hyper-V stub IOMMU driver (Vitaly Kuznetsov) [1727109 1661654]
• [x86] hyper-v: Set x2apic destination mode to physical when x2apic is available (Vitaly Kuznetsov) [1727109 1661654]
• [x86] hyper-v: Consolidate code for converting cpumask to vpset (Vitaly Kuznetsov) [1727109 1661654]
• [x86] hyper-v: Fix the circular dependency in IPI enlightenment (Vitaly Kuznetsov) [1727109 1661654]
• [pci] hv: Refactor hv_irq_unmask() to use cpumask_to_vpset() (Vitaly Kuznetsov) [1727109 1661654]
• [pci] hv: Replace hv_vp_set with hv_vpset (Vitaly Kuznetsov) [1727109 1661654]
• [pci] hv: Add __aligned(8) to struct retarget_msi_interrupt (Vitaly Kuznetsov) [1727109 1661654]
• [hwmon] k10temp: Add support for AMD family 17h, model 30h CPUs (Gary Hook) [1728000 1643292]
• [x86] amd_nb: Add PCI device IDs for family 17h, model 30h (Gary Hook) [1728000 1643292]
• [x86] amd_nb: Add support for newer PCI topologies (Gary Hook) [1728000 1643292]
• [hwmon] k10temp, x86/amd_nb: Consolidate shared device IDs (Gary Hook) [1728000 1643292]
• [hwmon] (k10temp) Use API function to access System Management Network (Gary Hook) [1728000 1643292]
• [x86] amd_nb: Add support for Raven Ridge CPUs (Gary Hook) [1728000 1643292]
• [hwmon] (k10temp) Add support for AMD Ryzen w/ Vega graphics (Gary Hook) [1728000 1643292]
• [hwmon] (k10temp) Add temperature offset for Ryzen 2700X (Gary Hook) [1728000 1643292]
• [x86] cpu/amd: Apply the Erratum 688 fix when the BIOS doesn’t (Gary Hook) [1728000 1643292]
  [3.10.0-957.27.1]
• [x86] Update stepping values for Whiskey Lake U/Y (David Arcari) [1718690 1704810]
• [x86] perf/amd: Resolve NMI latency issues for active PMCs (David Arcari) [1721611 1696764]
• [x86] perf/amd: Resolve race condition when disabling PMC (David Arcari) [1721611 1696764]
• [edac] amd64: Set maximum channel layer size depending on family (Gary Hook) [1720266 1705210]
• [edac] amd64: Adjust printed chip select sizes when interleaved (Gary Hook) [1720266 1705210]
• [edac] amd64: Recognize x16 symbol size (Gary Hook) [1720266 1705210]
• [edac] amd64: Support more than two Unified Memory Controllers (Gary Hook) [1720266 1705210]
• [edac] amd64: Use a macro for iterating over Unified Memory Controllers (Gary Hook) [1720266 1705210]
• [edac] amd64: Add Family 17h, models 10h-2fh support (Gary Hook) [1720266 1705210]
• [edac] amd64: Add Family 17h, models 10h-2fh support (Gary Hook) [1720266 1670608]
• [x86] mark AMD Rome processors supported (David Arcari) [1721604 1543509]
• [x86] Mark AMD EPYC guests as supported (David Arcari) [1721604 1664507]
• [x86] mark amd rome as unsupported (David Arcari) [1721604 1638504]
• [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479}
• [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479}
• [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478}
• [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477}
• [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477}
  [3.10.0-957.26.1]
• [x86] kvm: x86: Add AMD’s EX_CFG to the list of ignored MSRs (Eduardo Habkost) [1716306 1593190]
• [x86] kvm/mmu: reset MMU context when 32-bit guest switches PAE (Vitaly Kuznetsov) [1702172 1703797]
• [x86] kvm: x86: fix handling of role.cr4_pae and rename it to ‘gpte_size’ (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Do not inherit quadrant and invalid for the root shadow EPT (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: fix switch between root and guest MMUs (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: NMI-window and interrupt-window exiting should wake L2 from HLT (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: nsvm: fix switch to guest mmu (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: Fix race in emulated page table writes (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx/nsvm: Fix bug which sets vcpu->arch.tsc_offset to L1 tsc_offset (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: reintroduce pte_list_remove, but including mmu_spte_clear_track_bits (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: rename pte_list_remove to __pte_list_remove (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: check if MMU reconfiguration is needed in init_kvm_nested_mmu() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: check if tdp/shadow MMU reconfiguration is needed (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/nvmx: introduce source data cache for kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: make space for source data caching in struct kvm_mmu (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: get rid of redundant kvm_mmu_setup() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: introduce guest_mmu (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu.c: add kvm_mmu parameter to kvm_mmu_free_roots() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu.c: set get_pdptr hook in kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: make vcpu->mmu a pointer to the current MMU (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: move vmcs12 EPTP consistency check to check_vmentry_prereqs() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: move host EFER consistency checks to VMFail path (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: return 0 in case kvm_mmu_memory_cache has min number of objects (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Clear reserved bits of #DB exit qualification (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: restore host state in nested_vmx_vmexit for VMFail (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: fix entry with pending interrupt if APICv is enabled (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: hide flexpriority from guest when disabled at the module level (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: check for existence of secondary exec controls before accessing (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Wake blocked vCPU in guest-mode if pending interrupt in virtual APICv (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: don’t reset root in kvm_mmu_setup() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/lapic: always disable MMIO interface in x2APIC mode (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix loss of pending IRQ/NMI before entering L2 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Skip pae_root shadow allocation if tdp enabled (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/mmu: Combine flushing remote tlb in mmu_set_spte() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Add multi-entry LRU cache for previous CR3s (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Support selectively freeing either current or previous MMU root (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Add a root_hpa parameter to kvm_mmu->invlpg() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Add ability to skip TLB flush when switching CR3 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Use fast CR3 switch for nested VMX (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Support resetting the MMU context without resetting roots (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Add support for fast CR3 switch across different MMU modes (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Introduce KVM_REQ_LOAD_CR3 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Introduce kvm_mmu_calc_root_page_role() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Add fast CR3 switch code path (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Avoid taking MMU lock in kvm_mmu_sync_roots if no sync is needed (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Make sync_page() flush remote TLBs once only (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Restore exit qual for VM-entry failure due to MSR loading (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: Nested VM-entry prereqs for event inj (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: Don’t expose private memslots to L2 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: Add guest_mode to kvm_mmu_page_role (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: Basic APIC virtualization controls have three settings (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Eliminate APIC access page sharing between L1 and L2 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: Introduce lapic_mode enumeration (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Refactor mmu_free_roots() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: move MSR_IA32_TSC handling to x86.c (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: Properly update ‘tsc_offset’ to represent the running guest (Vitaly Kuznetsov) [1702172 1565739]
• [x86] Add check for APIC access address for vmentry of L2 guests (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Do not load EOI-exitmap while running L2 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: don’t configure EPT identity map for unrestricted guest (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Update the exit_qualification access bits while walking an address (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Enforce NMI controls on vmentry of L2 guests (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Don’t halt vcpu when L1 is injecting events to L2 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: shadow more fields that are read/written on every vmexits (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix bug of injecting L2 exception into L1 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm mmu: check pending exception before injecting APF (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: svm: prepare for new bit definition in nested_ctl (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix vmx_check_nested_events() return value in case an event was reinjected to L2 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: ioapic: Preserve read-only values in the redirection table (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: ioapic: Remove redundant check for Remote IRR in ioapic_set_irq (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: ioapic: Don’t fire level irq when Remote IRR set (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix mmu context after VMLAUNCH/VMRESUME failure (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Validate the IA32_BNDCFGS on nested VM-entry (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: extend usage of RET_MMIO_PF_* constants (Vitaly Kuznetsov) [1702172 1565739]
• [x86] arch/x86: remove redundant null checks before kmem_cache_destroy (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: cleanup init_rmode_identity_map() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: free_page can handle NULL (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix nested #PF intends to break L1’s vmlauch/vmresume (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Handle deferred early VMLAUNCH/VMRESUME failure properly (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: Handle VMLAUNCH/VMRESUME failure properly (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Remove nested_vmx_succeed after successful VM-entry (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: async_pf: Fix #DF due to inject ‘Page not Present’ and ‘Page Ready’ exceptions simultaneously (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Validate the virtual-APIC address on nested VM-entry (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix trying to cancel vmlauch/vmresume (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: use kvm_event_needs_reinjection (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Fix loss of exception which has not yet been injected (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: fix use of L1 MMIO areas in nested guests (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Avoid guest page table walk when gpa_available is set (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: simplify ept_misconfig (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Disallow illegal IA32_APIC_BASE MSR values (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: Bail out immediately if there is no available mmu page (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: validate eptp pointer (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Add support for fast unprotection of nested guest page tables (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: svm: Limit PFERR_NESTED_GUEST_PAGE error_code check to L1 guest (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: fixes to nested virt interrupt injection (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: do not fill vm_exit_intr_error_code in prepare_vmcs12 (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Disallow VM-entry in MOV-SS shadow (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: async_pf: Force a nested vmexit if the injected #PF is async_pf (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: async_pf: Add L1 guest async_pf #PF vmexit handler (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: Simplify kvm_x86_ops->queue_exception parameter list (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fix nested_vmx_check_msr_bitmap_controls (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Validate the I/O bitmaps on nested VM-entry (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Don’t set vmcs12 to ‘launched’ when VMLAUNCH fails (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Validate CR3 target count on nested VM-entry (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: Flush TLB when the APIC-access address changes (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: VMCLEAR should not cause the vCPU to shut down (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: vmx: Use the hardware provided GPA instead of page walk (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: svm: Use the hardware provided GPA instead of page walk (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: svm: Add support for additional SVM NPF error codes (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: CPUID.01H:EDX.APIC[bit 9] should mirror IA32_APIC_BASE[11] (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: nvmx: Fetch VM_INSTRUCTION_ERROR from vmcs02 on vmx->fail (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm/x86: Replace smp_mb() with smp_store_mb/release() in the walk_shadow_page_lockless_begin/end() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: coalesce more page zapping in mmu_sync_children (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: move zap/flush to kvm_mmu_get_page (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: invert return value of mmu.sync_page and kvm_sync_page (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: cleanup __kvm_sync_page and its callers (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: use kvm_sync_page in kvm_sync_pages (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: move TLB flush out of __kvm_sync_page (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: introduce kvm_mmu_flush_or_zap (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: mmu: Fix ubsan warnings (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: Remove unused parameter parent_pte from kvm_mmu_get_page() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: Use for_each_rmap_spte macro instead of pte_list_walk() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: Make mmu_set_spte() return emulate value (Vitaly Kuznetsov) [1702172 1565739]
• [x86] kvm: x86: mmu: Add helper function to clear a bit in unsync child bitmap (Vitaly Kuznetsov) [1702172 1565739]
• [x86] mce: Handle varying MCA bank counts (David Arcari) [1715868 1693352]
• [drm] drm/i915/gvt: Fix mmap range check (Alex Williamson) [1713566 1713567] {CVE-2019-11085}
• [nvme] cancel request synchronously (Ming Lei) [1715320 1688518]
• [block] blk-mq: introduce blk_mq_complete_request_sync() (Ming Lei) [1715320 1688518]
• [char] ipmi_si: fix use-after-free of resource->name (Tony Camuso) [1714407 1714408] {CVE-2019-11811}
• [fs] sunrpc: make visible processing error in bc_svc_process() (‘J. Bruce Fields’) [1660818 1653675] {CVE-2018-16884}
• [fs] sunrpc: remove unused xpo_prep_reply_hdr callback (‘J. Bruce Fields’) [1660818 1653675] {CVE-2018-16884}
• [fs] sunrpc: remove svc_tcp_bc_class (‘J. Bruce Fields’) [1660818 1653675] {CVE-2018-16884}
• [fs] sunrpc: replace svc_serv->sv_bc_xprt by boolean flag (‘J. Bruce Fields’) [1660818 1653675] {CVE-2018-16884}
• [fs] sunrpc: use-after-free in svc_process_common() (‘J. Bruce Fields’) [1660818 1653675] {CVE-2018-16884}
• [fs] svcauth_gss: Close connection when dropping an incoming message (‘J. Bruce Fields’) [1660818 1653675] {CVE-2018-16884}
• [tty] Fix low_latency BUG (Aristeu Rozanski) [1715331 1710039]
• [tty] n_tty: Fix termios_rwsem lockdep false positive (Artem Savkov) [1715328 1712744]
• [tty] Fix lock order in tty_do_resize() (Aristeu Rozanski) [1708063 1684982]
• [tty] n_tty: Access termios values safely (Aristeu Rozanski) [1708063 1684982]
• [tty] Convert termios_mutex to termios_rwsem (Aristeu Rozanski) [1708063 1684982]
• [md] batch flush requests. (Xiao Ni) [1713564 1576466]
• [md] revert ‘md: fix lock contention for flush bios’ (Xiao Ni) [1713564 1576466]
• [mm] tlb: Remove tlb_remove_table() non-concurrent condition (Vitaly Kuznetsov) [1712766 1448188]
• [kernel] sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (Phil Auld) [1712764 1707397]
• [x86] livepatch: apply alternatives and paravirt patches after relocations (Artem Savkov) [1712761 1706733]
• [block] blk-mq: fix IO accounting in case of none io scheduler (Ming Lei) [1711013 1669684]
• [net] netfilter: ipv6: Don’t preserve original oif for loopback address (Florian Westphal) [1709186 1701496]
• [net] netfilter: ipv6: Preserve link scope traffic original oif (Florian Westphal) [1709186 1701496]
• [x86] mce/amd, edac/mce_amd: Add new error descriptions for some SMCA bank types (Gary Hook) [1703376 1685269]
• [edac] x86/mce/amd, edac/mce_amd: Add new McaTypes for CS, PSP, and SMU units (Gary Hook) [1703376 1685269]
• [edac] x86/mce/amd, edac/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (Gary Hook) [1703376 1685269]
• [x86] mce/amd: Fix the thresholding machinery initialization order (Gary Hook) [1703376 1685269]
• [x86] mce/amd: Read MCx_MISC block addresses on any CPU (Gary Hook) [1703376 1685269]
• [x86] mce/amd: Cache SMCA MISC block addresses (Gary Hook) [1703376 1685269]
• [x86] mce/amd: Carve out SMCA get_block_address() code (Gary Hook) [1703376 1685269]
• [x86] mce/amd: Get address from already initialized block (Gary Hook) [1703376 1685269]
• [edac] x86/mce/amd, edac/mce_amd: Enumerate Reserved SMCA bank type (David Arcari) [1712763 1676301]
• [x86] mce/amd: Pass the bank number to smca_get_bank_type() (David Arcari) [1712763 1676301]
• [x86] mce/amd: Define a function to get SMCA bank type (David Arcari) [1712763 1676301]
• [x86] mce/amd: Allow any CPU to initialize the smca_banks array (David Arcari) [1712763 1676301]
• [x86] mce/amd: Carve out SMCA bank configuration (David Arcari) [1712763 1676301]
• [x86] mce: Convert threshold_bank.cpus from atomic_t to refcount_t (David Arcari) [1712763 1676301]
• [x86] ras/amd: Make sysfs names of banks more user-friendly (David Arcari) [1712763 1676301]
• [x86] mce/amd: Make the init code more robust (David Arcari) [1712763 1676301]
• [x86] ras: Hide SMCA bank names (David Arcari) [1712763 1676301]
• [powerpc] security: Fix spectre_v2 reporting (Gustavo Duarte) [1708546 1694459]
• [powerpc] fsl: Update Spectre v2 reporting (Gustavo Duarte) [1708546 1694459]
• [powerpc] fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1708546 1694459]
• [powerpc] fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1708546 1694459]
• [powerpc] powernv: Query firmware for count cache flush settings (Gustavo Duarte) [1708546 1694459]
• [powerpc] pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Add support for software count cache flush (Gustavo Duarte) [1708546 1694459]
• [powerpc] Introduce asm-prototypes.h (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1708546 1694459]
• [powerpc] asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1708546 1694459]
• [powerpc] Add helper to check if offset is within relative branch range (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64: Disable the speculation barrier from the command line (Gustavo Duarte) [1708546 1694459]
• [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Patch barrier_nospec in modules (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1708546 1694459]
• [powerpc] 64s: Add barrier_nospec (Gustavo Duarte) [1708546 1694459]
• [powerpc] reuse asm-generic/barrier.h (Gustavo Duarte) [1708546 1694459]
• [x86] locking/arch: Rename set_mb() to smp_store_mb() (Waiman Long) [1708546 1522387]
• [kernel] locking/arch: Add WRITE_ONCE() to set_mb() (Waiman Long) [1708546 1522387]
• [kernel] rcu: Don’t wake rcuc/X kthreads on NOCB CPUs (Daniel Bristot de Oliveira) [1711325 1626129]
• [x86] Update stepping values for coffee lake desktop (David Arcari) [1710803 1704812]
• [security] selinux: overhaul sidtab to fix bug and improve performance (Ondrej Mosnacek) [1710468 1335986]
• [security] selinux: use separate table for initial SID lookup (Ondrej Mosnacek) [1710468 1335986]
• [security] selinux: refactor sidtab conversion (Ondrej Mosnacek) [1710468 1335986]
• [nvme] nvme-pci: fix memory leak on probe failure (David Milburn) [1710799 1689008]
• [nvme] nvme-pci: limit max IO size and segments to avoid high order allocations (David Milburn) [1710799 1689008]
• [lib] locking/rwsem: Prevent decrement of reader count before increment (Waiman Long) [1709704 1708667]
• [fs] nfsd: COPY and CLONE operations require the saved filehandle to be set (Scott Mayhew) [1672147 1645353] {CVE-2018-16871}
• [iommu] amd: Set exclusion range correctly (Jerry Snitselaar) [1698338 1702763]
• [iommu] amd: Reserve exclusion range in iova-domain (Jerry Snitselaar) [1698338 1691196]
• [nvdimm] libnvdimm, pmem: Fix badblocks population for ‘raw’ namespaces (Frank Ramsay) [1708548 1672302]
• [netdrv] mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom (Stanislaw Gruszka) [1706698 1639674]
• [net] nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (Stanislaw Gruszka) [1706698 1639674]
• [net] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (Stanislaw Gruszka) [1706698 1639674]
• [netdrv] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (Stanislaw Gruszka) [1706698 1626463]
• [md] dm cache metadata: Fix loading discard bitset (Mike Snitzer) [1703586 1701619]
• [infiniband] hfi1: Close race condition on user context disable and close (Alex Estrin) [1705369 1680069]
• [mm] thp: relocate flush_cache_range() in migrate_misplaced_transhuge_page() (Andrea Arcangeli) [1698108 1636066]
• [mm] thp: fix mmu_notifier in migrate_misplaced_transhuge_page() (Andrea Arcangeli) [1698108 1636066]
• [mm] thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition (Andrea Arcangeli) [1698108 1636066]
• [mm] revert ‘mm: numa: defer TLB flush for THP migration as long as possible’ (Andrea Arcangeli) [1698108 1636066]
• [mm] thp/migration: switch from flush_tlb_range to flush_pmd_tlb_range (Andrea Arcangeli) [1698108 1636066]
• [mm] migrate.c: stabilise page count when migrating transparent hugepages (Andrea Arcangeli) [1698108 1636066]
• [mm] numa: add migrated transhuge pages to LRU the same way as base pages (Andrea Arcangeli) [1698108 1636066]
• [mm] thp: fix MADV_DONTNEED vs. MADV_FREE race (Andrea Arcangeli) [1698108 1636066]
• [mm] memcg, slab: simplify synchronization scheme (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, slab: do not schedule cache destruction when last page goes away (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, slab: separate memcg vs root cache creation paths (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, slab: cleanup memcg cache creation (Aaron Tomlin) [1691428 1674401]
• [mm] memcg: remove KMEM_ACCOUNTED_ACTIVATED flag (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, slab: RCU protect memcg_params for root caches (Aaron Tomlin) [1691428 1674401]
• [mm] slab: do not panic if we fail to create memcg cache (Aaron Tomlin) [1691428 1674401]
• [mm] memcg: get rid of kmem_cache_dup() (Aaron Tomlin) [1691428 1674401]
• [mm] memcg: fix possible NULL deref while traversing memcg_slab_caches list (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, slab: fix barrier usage when accessing memcg_caches (Aaron Tomlin) [1691428 1674401]
• [mm] slab: clean up kmem_cache_create_memcg() error handling (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, kmem: use cache_from_memcg_idx instead of hard code (Aaron Tomlin) [1691428 1674401]
• [mm] memcg, kmem: rename cache_from_memcg to cache_from_memcg_idx (Aaron Tomlin) [1691428 1674401]
• [mm] memcg: make memcg_update_cache_sizes() static (Aaron Tomlin) [1691428 1674401]
• [mm] memcg: fix kmem_account_flags check in memcg_can_account_kmem() (Aaron Tomlin) [1691428 1674401]
• [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633]
  [3.10.0-957.25.1]
• [mm] memcontrol: release kmemcg_id only when allocated (Aaron Tomlin) [1717099 1593417]
  [3.10.0-957.24.1]
• [netdrv] qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (Lubomir Rintel) [1715870 1678156]
  [3.10.0-957.23.1]
• [md] dm thin metadata: do not write metadata if no changes occurred (Mike Snitzer) [1713800 1710051]
• [md] dm thin metadata: add wrappers for managing write locking of metadata (Mike Snitzer) [1713800 1710051]
• [md] dm thin metadata: check __commit_transaction()'s return (Mike Snitzer) [1713800 1710051]
• [md] dm space map common: zero entire ll_disk (Mike Snitzer) [1713800 1710051]
• [scsi] smartpqi: correct lun reset issues (Don Brace) [1709469 1641112]
• [net] openvswitch: Remove padding from packet before L3+ conntrack processing (Eelco Chaudron) [1713562 1684518]
  [3.10.0-957.22.1]
• [md] raid: raid5 preserve the writeback action after the parity check (Nigel Croxon) [1698109 1701350]
• [net] route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (Xin Long) [1709727 1630136]