Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

• CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
  in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
  in the LISTEN state, which allowed local users to cause a denial of
  service (invalid free) or possibly have unspecified other impact via an
  application that made an IPV6_RECVPKTINFO setsockopt system call
  (bnc#1026024).
• CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
  net/sctp/socket.c in the Linux kernel allowed local users to cause a
  denial of service (assertion failure and panic) via a multithreaded
  application that peels off an association in a certain buffer-full state
  (bnc#1025235).
• CVE-2017-5970: The ipv4_pktinfo_prepare function in
  net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
  denial of service (system crash) via (1) an application that made
  crafted system calls or possibly (2) IPv4 traffic with invalid IP
  options (bnc#1024938).
• CVE-2017-5897: A potential remote denial of service within the IPv6 GRE
  protocol was fixed. (bsc#1023762)

The following non-security bugs were fixed:

• btrfs: support NFSv2 export (bnc#929871).
• btrfs: Direct I/O: Fix space accounting (bsc#1025058).
• btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069).
• btrfs: bail out if block group has different mixed flag (bsc#1025072).
• btrfs: be more precise on errors when getting an inode from disk
  (bsc#981038).
• btrfs: check pending chunks when shrinking fs to avoid corruption
  (bnc#936445).
• btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).
• btrfs: do not BUG() during drop snapshot (bsc#1025076).
• btrfs: do not collect ordered extents when logging that inode exists
  (bsc#977685).
• btrfs: do not initialize a space info as full to prevent ENOSPC
  (bnc#944001).
• btrfs: do not leak reloc root nodes on error (bsc#1025074).
• btrfs: fix block group ->space_info null pointer dereference
  (bnc#935088).
• btrfs: fix chunk allocation regression leading to transaction abort
  (bnc#938550).
• btrfs: fix crash on close_ctree() if cleaner starts new transaction
  (bnc#938891).
• btrfs: fix deadlock between direct IO reads and buffered writes
  (bsc#973855).
• btrfs: fix deadlock between direct IO write and defrag/readpages
  (bnc#965344).
• btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057).
• btrfs: fix empty symlink after creating symlink and fsync parent dir
  (bsc#977685).
• btrfs: fix extent accounting for partial direct IO writes (bsc#1025062).
• btrfs: fix file corruption after cloning inline extents (bnc#942512).
• btrfs: fix file loss on log replay after renaming a file and fsync
  (bsc#977685).
• btrfs: fix file read corruption after extent cloning and fsync
  (bnc#946902).
• btrfs: fix fitrim discarding device area reserved for boot loader’s use
  (bsc#904489).
• btrfs: fix for incorrect directory entries after fsync log replay
  (bsc#957805, bsc#977685).
• btrfs: fix hang when failing to submit bio of directIO (bnc#942685).
• btrfs: fix incremental send failure caused by balance (bsc#985850).
• btrfs: fix invalid page accesses in extent_same (dedup) ioctl
  (bnc#968230).
• btrfs: fix listxattrs not listing all xattrs packed in the same item
  (bsc#1025063).
• btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).
• btrfs: fix memory corruption on failure to submit bio for direct IO
  (bnc#942685).
• btrfs: fix memory leak in do_walk_down (bsc#1025075).
• btrfs: fix memory leak in reading btree blocks (bsc#1025071).
• btrfs: fix order by which delayed references are run (bnc#949440).
• btrfs: fix page reading in extent_same ioctl leading to csum errors
  (bnc#968230).
• btrfs: fix qgroup rescan worker initialization (bsc#1025077).
• btrfs: fix qgroup sanity tests (bnc#951615).
• btrfs: fix race between balance and unused block group deletion
  (bnc#938892).
• btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).
• btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
• btrfs: fix regression running delayed references when using qgroups
  (bnc#951615).
• btrfs: fix regression when running delayed references (bnc#951615).
• btrfs: fix relocation incorrectly dropping data references (bsc#990384).
• btrfs: fix shrinking truncate when the no_holes feature is enabled
  (bsc#1025053).
• btrfs: fix sleeping inside atomic context in qgroup rescan worker
  (bnc#960300).
• btrfs: fix stale dir entries after removing a link and fsync
  (bnc#942925).
• btrfs: fix unreplayable log after snapshot delete + parent dir fsync
  (bsc#977685).
• btrfs: fix warning in backref walking (bnc#966278).
• btrfs: fix warning of bytes_may_use (bsc#1025065).
• btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550).
• btrfs: handle quota reserve failure properly (bsc#1005666).
• btrfs: incremental send, check if orphanized dir inode needs delayed
  rename (bsc#1025049).
• btrfs: incremental send, do not delay directory renames unnecessarily
  (bsc#1025048).
• btrfs: incremental send, fix clone operations for compressed extents
  (fate#316463).
• btrfs: incremental send, fix premature rmdir operations (bsc#1025064).
• btrfs: keep dropped roots in cache until transaction commit (bnc#935087,
  bnc#945649, bnc#951615).
• btrfs: remove misleading handling of missing device scrub (bsc#1025055).
• btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock
  (bsc#904489).
• btrfs: return gracefully from balance if fs tree is corrupted
  (bsc#1025073).
• btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
• btrfs: send, fix corner case for reference overwrite detection
  (bsc#1025080).
• btrfs: send, fix file corruption due to incorrect cloning operations
  (bsc#1025060).
• btrfs: set UNWRITTEN for prealloc’ed extents in fiemap (bsc#1025047).
• btrfs: test_check_exists: Fix infinite loop when searching for free
  space entries (bsc#987192).
• btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,
  bnc#945649).
• btrfs: use received_uuid of parent during send (bsc#1025051).
• btrfs: wake up extent state waiters on unlock through clear_extent_bits
  (bsc#1025050).
• btrfs: Add handler for invalidate page (bsc#963193).
• btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
• btrfs: Avoid truncate tailing page if fallocate range does not exceed
  inode size (bsc#1025059).
• btrfs: Continue write in case of can_not_nocow (bsc#1025070).
• btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space
  (bsc#1005666).
• btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c
  (bsc#983087).
• btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,
  bsc#984779).
• btrfs: Handle unaligned length in extent_same (bsc#937609).
• btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081).
• btrfs: add missing discards when unpinning extents with -o discard
  (bsc#904489).
• btrfs: advertise which crc32c implementation is being used on mount
  (bsc#946057).
• btrfs: allow dedupe of same inode (bsc#1025067).
• btrfs: backref: Add special time_seq == (u64)-1 case for
  btrfs_find_all_roots() (bnc#935087, bnc#945649).
• btrfs: backref: Do not merge refs which are not for same block
  (bnc#935087, bnc#945649).
• btrfs: btrfs_issue_discard ensure offset/length are aligned to sector
  boundaries (bsc#904489).
• btrfs: change max_inline default to 2048 (bsc#949472).
• btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,
  bnc#945649).
• btrfs: delayed-ref: Use list to replace the ref_root in ref_head
  (bnc#935087, bnc#945649).
• btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref()
  (bsc#1025079).
• btrfs: delayed_ref: Add new function to record reserved space into
  delayed ref (bsc#963193).
• btrfs: delayed_ref: release and free qgroup reserved at proper timing
  (bsc#963193).
• btrfs: disable defrag of tree roots.
• btrfs: do not create or leak aliased root while cleaning up orphans
  (bsc#994881).
• btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).
• btrfs: explictly delete unused block groups in close_ctree and
  ro-remount (bsc#904489).
• btrfs: extent-tree: Add new version of btrfs_check_data_free_space and
  btrfs_free_reserved_data_space (bsc#963193).
• btrfs: extent-tree: Add new version of
  btrfs_delalloc_reserve/release_space (bsc#963193).
• btrfs: extent-tree: Switch to new check_data_free_space and
  free_reserved_data_space (bsc#963193).
• btrfs: extent-tree: Switch to new delalloc space reserve and release
  (bsc#963193).
• btrfs: extent-tree: Use ref_node to replace unneeded parameters in
  __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
• btrfs: extent_io: Introduce needed structure for recoding set/clear bits
  (bsc#963193).
• btrfs: extent_io: Introduce new function clear_record_extent_bits()
  (bsc#963193).
• btrfs: extent_io: Introduce new function set_record_extent_bits
  (bsc#963193).
• btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).
• btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
  (bsc#1018100).
• btrfs: fix clone / extent-same deadlocks (bsc#937612).
• btrfs: fix deadlock with extent-same and readpage (bsc#937612).
• btrfs: fix resending received snapshot with parent (bsc#1025061).
• btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).
• btrfs: increment ctx->pos for every emitted or skipped dirent in
  readdir (bsc#981709).
• btrfs: iterate over unused chunk space in FITRIM (bsc#904489).
• btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).
• btrfs: make file clone aware of fatal signals (bsc#1015787).
• btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).
• btrfs: properly track when rescan worker is running (bsc#989953).
• btrfs: provide super_operations->inode_get_dev (bsc#927455).
• btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,
  bnc#945649).
• btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,
  bnc#945649).
• btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).
• btrfs: qgroup: Add new function to record old_roots (bnc#935087,
  bnc#945649).
• btrfs: qgroup: Add new qgroup calculation function
  btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
• btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).
• btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots
  (bnc#935087, bnc#945649).
• btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in
  clear_bit_hook (bsc#963193).
• btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).
• btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).
• btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read
  (bnc#935087, bnc#945649).
• btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,
  bnc#945649).
• btrfs: qgroup: Do not copy extent buffer to do qgroup rescan
  (bnc#960300).
• btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans
  (bsc#963193).
• btrfs: qgroup: Fix a rebase bug which will cause qgroup double free
  (bsc#963193).
• btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,
  bnc#945649).
• btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993).
• btrfs: qgroup: Fix qgroup data leaking by using subtree tracing
  (bsc#983087).
• btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).
• btrfs: qgroup: Introduce functions to release/free qgroup reserve data
  space (bsc#963193).
• btrfs: qgroup: Introduce new functions to reserve/free metadata
  (bsc#963193).
• btrfs: qgroup: Make snapshot accounting work with new extent-oriented
  qgroup (bnc#935087, bnc#945649).
• btrfs: qgroup: Record possible quota-related extent for qgroup
  (bnc#935087, bnc#945649).
• btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
• btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism
  (bnc#935087, bnc#945649).
• btrfs: qgroup: Switch to new extent-oriented qgroup mechanism
  (bnc#935087, bnc#945649).
• btrfs: qgroup: Use new metadata reservation (bsc#963193).
• btrfs: qgroup: account shared subtree during snapshot delete
  (bnc#935087, bnc#945649).
• btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
• btrfs: qgroup: fix quota disable during rescan (bnc#960300).
• btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
  (bsc#981709).
• btrfs: serialize subvolume mounts with potentially mismatching rw flags
  (bsc#951844).
• btrfs: skip superblocks during discard (bsc#904489).
• btrfs: syslog when quota is disabled.
• btrfs: syslog when quota is enabled
• btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
• btrfs: use the new VFS super_block_dev (bnc#865869).
• btrfs: waiting on qgroup rescan should not always be interruptible
  (bsc#992712).
• fs/super.c: add new super block sub devices super_block_dev (bnc#865869).
• fs/super.c: fix race between freeze_super() and thaw_super()
  (bsc#1025066).
• kabi: only use sops->get_inode_dev with proper fsflag (bsc#927455).
• qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).
• vfs: add super_operations->get_inode_dev (bsc#927455).
• xfs: do not allow di_size with high bit set (bsc#1024234).
• xfs: exclude never-released buffers from buftarg I/O accounting
  (bsc#1024508).
• xfs: fix broken multi-fsb buffer logging (bsc#1024081).
• xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
• xfs: track and serialize in-flight async buffers against unmount - kABI
  (bsc#1024508).
• xfs: track and serialize in-flight async buffers against unmount
  (bsc#1024508).