kernel security, bug fix, and enhancement update

2020-03-18T00:00:00
ID ELSA-2020-0834
Type oraclelinux
Reporter OracleLinux
Modified 2020-03-18T00:00:00

Description

[3.10.0-1062.18.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.18.1] - [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1798163 1773762] - [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1798163 1773762] - [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1796431 1784550] - [fs] gfs2: gfs2_create_inode(): don't bother with d_splice_alias() (Andreas Grunbacher) [1796431 1784550] - [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1796431 1784550] - [scsi] scsi: hpsa: remove printing internal cdb on tag collision (Joseph Szczypek) [1793579 1741355] - [scsi] scsi: hpsa: correct scsi command status issue after reset (Joseph Szczypek) [1793579 1741355] - [infiniband] IB/mlx5: Fix MR registration flow to use UMR properly (Alaa Hleihel) [1792371 1741343] - [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1791825 1760746] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1791782 1761978] - [block] block: don't change REQ_NR_BITS (Ming Lei) [1791781 1779712] - [scsi] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Himanshu Madhani) [1791595 1729270] - [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1789744 1780026] - [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1784824 1772966] - [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1781584 1767935] - [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1781159 1749390] - [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1780149 1765975] - [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1780035 1725396] - [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1780035 1725396] - [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1780035 1725396] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779766 1779768] - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1778691 1765123] - [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1778084 1753480] - [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1778084 1753480] - [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775235 1775236] {CVE-2019-17666} - [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1773482 1752061] - [fs] fscache: Don't use a constructor function on the slab allocator (David Howells) [1793086 1739996] - [mm] mm: fix insert_pfn regression (Jeff Moyer) [1793088 1739889] - [mm] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn (Rafael Aquini) [1768386 1730471] - [mm] mm/mlock.c: mlockall error for flag MCL_ONFAULT (Rafael Aquini) [1768386 1730471] - [mm] hugetlb: use same fault hash key for shared and private mappings (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: on restore reserve error path retain subpool reservation (Rafael Aquini) [1768386 1730471] - [mm] mm/memory.c: fix modifying of page protection by insert_pfn() (Rafael Aquini) [1768386 1730471] - [mm] mm, swap: bounds check swap_info array accesses to avoid NULL derefs (Rafael Aquini) [1768386 1730471] - [mm] mm/slub.c: remove an unused addr argument (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: fix races and page leaks during migration (Rafael Aquini) [1768386 1730471] - [mm] mm, oom: fix use-after-free in oom_kill_process (Rafael Aquini) [1768386 1730471] - [mm] percpu: convert spin_lock_irq to spin_lock_irqsave (Rafael Aquini) [1768386 1730471] - [mm] mm/swapfile.c: use kvzalloc for swap_info_struct allocation (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (Rafael Aquini) [1768386 1730471] - [mm] mm: Fix warning in insert_pfn() (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: dirty pages as they are added to pagecache (Rafael Aquini) [1768386 1730471] - [mm] mm/swapfile.c: fix swap_count comment about nonexistent SWAP_HAS_CONT (Rafael Aquini) [1768386 1730471] - [mm] slab: __GFP_ZERO is incompatible with a constructor (Rafael Aquini) [1768386 1730471] - [mm] mm: fix the NULL mapping case in __isolate_lru_page() (Rafael Aquini) [1768386 1730471] - [mm] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (Rafael Aquini) [1768386 1730471] - [fs] block_invalidatepage(): only release page if the full page was invalidated (Rafael Aquini) [1768386 1730471] - [mm] mm/mempolicy.c: avoid use uninitialized preferred_node (Rafael Aquini) [1768386 1730471] - [mm] mm: pin address_space before dereferencing it while isolating an LRU page (Rafael Aquini) [1768386 1730471] - [fs] fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (Rafael Aquini) [1768386 1730471] - [mm] mm: do not rely on preempt_count in print_vma_addr (Rafael Aquini) [1768386 1730471] - [mm] mm, swap: fix race between swap count continuation operations (Rafael Aquini) [1768386 1730471] - [mm] mm: meminit: mark init_reserved_page as __meminit (Rafael Aquini) [1768386 1730471] - [mm] mm/vmstat.c: fix wrong comment (Rafael Aquini) [1768386 1730471] - [mm] mm, hugetlb: do not allocate non-migrateable gigantic pages from movable zones (Rafael Aquini) [1768386 1730471] - [mm] mm: always flush VMA ranges affected by zap_page_range (Rafael Aquini) [1768386 1730471] - [mm] mm/mremap: fail map duplication attempts for private mappings (Rafael Aquini) [1768386 1730471] - [mm] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (Rafael Aquini) [1768386 1730471] - [mm] mm: numa: avoid waiting on freed migrated pages (Rafael Aquini) [1768386 1730471] - [mm] mm/memory-failure.c: use compound_head() flags for huge pages (Rafael Aquini) [1768386 1730471] - [fs] fs/block_dev: always invalidate cleancache in invalidate_bdev() (Rafael Aquini) [1768386 1730471] - [mm] percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (Rafael Aquini) [1768386 1730471] - [mm] percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages (Rafael Aquini) [1768386 1730471] - [mm] mm: do not access page->mapping directly on page_endio (Rafael Aquini) [1768386 1730471] - [mm] mm/page_alloc: fix nodes for reclaim in fast path (Rafael Aquini) [1768386 1730471] - [mm] mm: alloc_contig_range: allow to specify GFP mask (Rafael Aquini) [1768386 1730471] - [mm] mm: vmscan: scan dirty pages even in laptop mode (Rafael Aquini) [1768386 1730471] - [mm] mm/mempolicy.c: do not put mempolicy before using its nodemask (Rafael Aquini) [1768386 1730471] - [mm] mm: fix set pageblock migratetype in deferred struct page init (Rafael Aquini) [1768386 1730471] - [mm] mm: delete unnecessary and unsafe init_tlb_ubc() (Rafael Aquini) [1768386 1730471] - [kernel] mm, mempolicy: task->mempolicy must be NULL before dropping final reference (Rafael Aquini) [1768386 1730471] - [mm] mm: use phys_addr_t for reserve_bootmem_region() arguments (Rafael Aquini) [1768386 1730471] - [mm] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (Rafael Aquini) [1768386 1730471] - [mm] mm: soft-offline: check return value in second __get_any_page() call (Rafael Aquini) [1768386 1730471] - [include] include/linux/memblock.h: fix ordering of 'flags' argument in comments (Rafael Aquini) [1768386 1730471] - [mm] rmap: fix theoretical race between do_wp_page and shrink_active_list (Rafael Aquini) [1768386 1730471] - [mm] mm/mremap.c: clean up goto just return ERR_PTR (Rafael Aquini) [1768386 1730471] - [mm] mremap should return -ENOMEM when __vm_enough_memory fail (Rafael Aquini) [1768386 1730471] - [mm] writeback: fix possible underflow in write bandwidth calculation (Rafael Aquini) [1768386 1730471] - [mm] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() (Rafael Aquini) [1768386 1730471] - [mm] mm/memory.c: actually remap enough memory (Rafael Aquini) [1768386 1730471] - [mm] mm/compaction: fix wrong order check in compact_finished() (Rafael Aquini) [1768386 1730471] - [mm] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (Rafael Aquini) [1768386 1730471] - [mm] mm: fix anon_vma_clone() error treatment (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: fix collapsing of hugepages on madvise (Rafael Aquini) [1768386 1730471] - [mm] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations (Rafael Aquini) [1768386 1730471] - [mm] OOM, PM: OOM killed task shouldn't escape PM suspend (Rafael Aquini) [1768386 1730471] - [mm] mm, compaction: pass gfp mask to compact_control (Rafael Aquini) [1768386 1730471] - [mm] mm: page_alloc: abort fair zone allocation policy when remotes nodes are encountered (Rafael Aquini) [1768386 1730471] - [mm] mm: vmscan: only update per-cpu thresholds for online CPU (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: replace smp_mb after atomic_add by smp_mb__after_atomic (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: move invariant bug check out of loop in __split_huge_page_map (Rafael Aquini) [1768386 1730471] - [mm] thp: consolidate assert checks in __split_huge_page() (Rafael Aquini) [1768386 1730471] - [mm] mm: fix sleeping function warning from __put_anon_vma (Rafael Aquini) [1768386 1730471] - [mm] mm: cleanup add_to_page_cache_locked() (Rafael Aquini) [1768386 1730471] - [mm] mm: mempolicy: turn vma_set_policy() into vma_dup_policy() (Rafael Aquini) [1768386 1730471] - [powerpc] powerpc/pseries: correctly track irq state in default idle (Steve Best) [1767620 1751970] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487} - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487} [3.10.0-1062.17.1] - [kvm] kvm: x86: always expose VIRT_SSBD to guests (Eduardo Habkost) [1797511 1744281] - [kvm] kvm: x86: fix reporting of AMD speculation bug CPUID leaf (Eduardo Habkost) [1797511 1744281] [3.10.0-1062.16.1] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796798 1794812] - [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796261 1771094] [3.10.0-1062.15.1] - [tools] perf top: Fix global-buffer-overflow issue (Michael Petlan) [1793581 1757325] - [tools] perf top: Always sample time to satisfy needs of use of ordered queuing (Michael Petlan) [1793581 1757325] [3.10.0-1062.14.1] - [s390] jump_label: replace stop_machine with smp_call_function (Hendrik Brueckner) [1787559 1720387] - [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1787558 1777876] - [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1783177 1674266] [3.10.0-1062.13.1] - [scsi] libiscsi: fall back to sendmsg for slab pages (Oleksandr Natalenko) [1784826 1720506]