Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive
various security and bugfixes.

Following security bugs were fixed:

• CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
  through 3.17.2 did not properly maintain the semantics of rename_lock,
  which allowed local users to cause a denial of service (deadlock and
  system hang) via a crafted application (bnc#903640).
• CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
  Linux kernel through 3.18.1 did not restrict the number of Rock Ridge
  continuation entries, which allowed local users to cause a denial of
  service (infinite loop, and system crash or hang) via a crafted iso9660
  image (bnc#906545 911325).
• CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
  kernel before 3.17.2 on Intel processors did not ensure that the value
  in the CR4 control register remained the same after a VM entry, which
  allowed host OS users to kill arbitrary processes or cause a denial of
  service (system disruption) by leveraging /dev/kvm access, as
  demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU
  (bnc#902232).
• CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in
  net/sctp/associola.c in the SCTP implementation in the Linux kernel
  through 3.17.2 allowed remote attackers to cause a denial of service
  (panic) via duplicate ASCONF chunks that triggered an incorrect uncork
  within the side-effect interpreter (bnc#902349).
• CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
  Linux kernel through 3.18.2 did not properly choose memory locations for
  the vDSO area, which made it easier for local users to bypass the ASLR
  protection mechanism by guessing a location at the end of a PMD
  (bnc#912705).

The following non-security bugs were fixed:

• ACPI idle: permit sparse C-state sub-state numbers (bnc#907969).
• ALSA: hda - verify pin:converter connection on unsol event for HSW and
  VLV.
• ALSA: hda - verify pin:cvt connection on preparing a stream for Intel
  HDMI codec.
• ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec.
• ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH.
• ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP.
• Btrfs: Disable
  patches.suse/Btrfs-fix-abnormal-long-waiting-in-fsync.patch (bnc#910697)
  because it needs to be revisited due partial msync behavior.
• Btrfs: Fix misuse of chunk mutex (bnc#912514).
• Btrfs: always clear a block group node when removing it from the tree
  (bnc#912514).
• Btrfs: collect only the necessary ordered extents on ranged fsync
  (bnc#912946).
• Btrfs: do not access non-existent key when csum tree is empty.
• Btrfs: do not delay inode ref updates during log replay.
• Btrfs: do not ignore log btree writeback errors (bnc#912946).
• Btrfs: ensure btrfs_prev_leaf does not miss 1 item.
• Btrfs: ensure deletion from pinned_chunks list is protected (bnc#908198).
• Btrfs: ensure ordered extent errors are not missed on fsync (bnc#912946).
• Btrfs: fix abnormal long waiting in fsync (VM/FS Micro-optimisations).
• Btrfs: fix abnormal long waiting in fsync (bnc#912946).
• Btrfs: fix crash caused by block group removal (bnc#912514).
• Btrfs: fix freeing used extent after removing empty block group
  (bnc#912514).
• Btrfs: fix freeing used extents after removing empty block group
  (bnc#912514).
• Btrfs: fix fs corruption on transaction abort if device supports discard
  (bnc#908198).
• Btrfs: fix fs mapping extent map leak (bnc#908198).
• Btrfs: fix invalid block group rbtree access after bg is removed
  (bnc#912514).
• Btrfs: fix memory leak after block remove + trimming (bnc#908198).
• Btrfs: fix race between fs trimming and block group remove/allocation
  (bnc#908198).
• Btrfs: fix race between writing free space cache and trimming
  (bnc#908198).
• Btrfs: fix transaction leak during fsync call.
• Btrfs: fix unprotected deletion from pending_chunks list (bnc#908198).
• Btrfs: fix unprotected system chunk array insertion (bnc#912514).
• Btrfs: free ulist in qgroup_shared_accounting() error path.
• Btrfs: ioctl, do not re-lock extent range when not necessary.
• Btrfs: make btrfs_abort_transaction consider existence of new block
  groups (bnc#908198).
• Btrfs: make sure logged extents complete in the current transaction V3
  (bnc#912946).
• Btrfs: make sure we wait on logged extents when fsycning two subvols
  (bnc#912946).
• Btrfs: make xattr replace operations atomic (bnc#913466).
• Btrfs: remove empty block groups automatically (bnc#912514).
• Btrfs: remove unused wait queue in struct extent_buffer.
• Btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.
• Btrfs: use helpers for last_trans_log_full_commit instead of opencode
  (bnc#912946).
• Drivers: hv: kvp,vss: Fast propagation of userspace communication
  failure.
• Drivers: hv: util: Properly pack the data for file copy functionality.
• Drivers: hv: util: make struct hv_do_fcopy match Hyper-V host messages.
• Drivers: hv: vmbus: Fix a race condition when unregistering a device.
• Drivers: hv: vss: Introduce timeout for communication with userspace.
• Fixed warning on DP unplugging driver in intel_dp.c (bnc#907536).
• Fixed warning on suspend in intel_display.c (bnc#907593).
• KEYS: Fix stale key registration at error path (bnc#908163).
• PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range()
  (bug#912281).
• PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range()
  (bug#912281).
• Refresh patches.xen/xen3-patch-3.9 (bsc#909829).
• Remove filesize checks for sync I/O journal commit (bnc#800255).
• SELinux: fix selinuxfs policy file on big endian systems (bsc#913233).
• Tools: hv: vssdaemon: ignore the EBUSY on multiple freezing the same
  partition.
• Tools: hv: vssdaemon: report freeze errors.
• Tools: hv: vssdaemon: skip all filesystems mounted readonly.
• Update Xen patches to 3.12.35.
• Update s390x kabi files again (bnc#903279, LTC#118177)
• benet: Use pci_enable_msix_range() instead of pci_enable_msix()
  (bug#912281).
• bfa: check for terminated commands (bnc#906027).
• cpuidle / menu: Return (-1) if there are no suitable states (cpuidle
  performance).
• cpuidle / menu: move repeated correction factor check to init (cpuidle
  performance).
• cpuidle: Do not substract exit latency from assumed sleep length
  (cpuidle performance).
• cpuidle: Ensure menu coefficients stay within domain (cpuidle
  performance).
• cpuidle: Move perf multiplier calculation out of the selection loop
  (cpuidle performance).
• cpuidle: Use actual state latency in menu governor (cpuidle performance).
• cpuidle: menu governor - remove unused macro STDDEV_THRESH (cpuidle
  performance).
• cpuidle: menu: Call nr_iowait_cpu less times (cpuidle performance).
• cpuidle: menu: Lookup CPU runqueues less (cpuidle performance).
• cpuidle: menu: Use ktime_to_us instead of reinventing the wheel (cpuidle
  performance).
• cpuidle: menu: Use shifts when calculating averages where possible
  (cpuidle performance).
• cpuidle: rename expected_us to next_timer_us in menu governor (cpuidle
  performance).
• crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106
  (bsc#913387).
• crypto: kernel oops at insmod of the z90crypt device driver (bnc#908057,
  LTC#119591).
• cxgb4: Add the MC1 registers to read in the interrupt handler
  (bsc#912290).
• cxgb4: Allow T4/T5 firmware sizes up to 1MB (bsc#912290).
• cxgb4: Fix FW flash logic using ethtool (bsc#912290).
• cxgb4: Fix T5 adapter accessing T4 adapter registers (bsc#912290).
• cxgb4: Fix for handling 1Gb/s SFP+ Transceiver Modules (bsc#912290).
• cxgb4: Fix race condition in cleanup (bsc#912290).
• cxgb4: Free completed tx skbs promptly (bsc#912290).
• cxgb4: Not need to hold the adap_rcu_lock lock when read adap_rcu_list
  (bsc#912290).
• cxgb4: Use FW interface to get BAR0 value (bsc#912290).
• drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).
• drm: add MIPI DSI encoder and connector types (bnc#907971).
• ext4: cache extent hole in extent status tree for ext4_da_map_blocks()
  (bnc#893428).
• ext4: change LRU to round-robin in extent status tree shrinker
  (bnc#893428).
• ext4: cleanup flag definitions for extent status tree (bnc#893428).
• ext4: fix block reservation for bigalloc filesystems (bnc#893428).
• ext4: improve extents status tree trace point (bnc#893428).
• ext4: introduce aging to extent status tree (bnc#893428).
• ext4: limit number of scanned extents in status tree shrinker
  (bnc#893428).
• ext4: move handling of list of shrinkable inodes into extent status code
  (bnc#893428).
• ext4: track extent status tree shrinker delay statictics (bnc#893428).
• fix kABI after "x86: use custom dma_get_required_mask()".
• fsnotify: next_i is freed during fsnotify_unmount_inodes (bnc#908904).
• hv: hv_balloon: avoid memory leak on alloc_error of 2MB memory block.
• hyperv: Add processing of MTU reduced by the host.
• hyperv: Fix some variable name typos in send-buffer init/revoke.
• hyperv: Fix the total_data_buflen in send path.
• intel_idle: Add CPU model 54 (Atom N2000 series) (bnc#907969).
• intel_idle: allow sparse sub-state numbering, for Bay Trail (bnc#907969).
• intel_idle: support Bay Trail (bnc#907969).
• intel_pstate: Add setting voltage value for baytrail P states
  (bnc#907973).
• intel_pstate: Add support for Baytrail turbo P states (bnc#907973).
• intel_pstate: Fix BYT frequency reporting (bnc#907973).
• intel_pstate: Fix setting VID (bnc#907973).
• intel_pstate: Set turbo VID for BayTrail (bnc#907973).
• intel_pstate: Use LFM bus ratio as min ratio/P state (bnc#907973).
• iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825).
• ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() (IPC
  scalability).
• isofs: Fix unchecked printing of ER records.
• kABI: fix for move of d_rcu (bnc#903640 CVE-2014-8559).
• kABI: protect ipv6.h include in drivers/net.
• kABI: protect rmap include in mm/truncate.c.
• kABI: protect struct iwl_trans.
• kABI: protect struct pci_dev.
• kABI: protect struct user_namespace.
• kABI: protect user_namespace.h include in kernel/groups.c.
• kABI: reintroduce generic_write_sync.
• kABI: uninline of_property_count_string* functions. Omitted ppc64le kabi
  fix for 3.12.33.
• kernel: kprobes instruction corruption (bnc#908057, LTC#119330).
• kernel: reduce function tracer overhead (bnc#903279, LTC#118177).
• kgr: allow to search various types of struct kgr_patch_fun.
• kgr: be consistent when applying patches on loaded modules.
• kgr: fix replace_all.
• kgr: fix typo in error message.
• kgr: fix unwinder and user addresses (bnc#908803).
• kgr: handle IRQ context using global variable.
• kgr: mark even more kthreads (bnc#905087 bnc#906140).
• kgr: prevent recursive loops of stubs in ftrace.
• kgr: set revert slow state for all reverted symbols when loading patched
  module.
• kgr: unregister only the used ftrace ops when removing a patched module.
• kprobes: introduce weak arch_check_ftrace_location() helper function
  (bnc#903279, LTC#118177).
• kvm: Do not expose MONITOR cpuid as available (bnc#887597)
• lpfc: Fix race on command completion (bnc#906027).
• macvlan: allow setting LRO independently of lower device (bnc#829110
  bnc#891277 bnc#904053).
• mm, cma: drain single zone pcplists (VM Performance, bnc#904177).
• mm, compaction: always update cached scanner positions (VM Performance,
  bnc#904177).
• mm, compaction: defer each zone individually instead of preferred zone
  (VM Performance, bnc#904177).
• mm, compaction: defer only on COMPACT_COMPLETE (VM Performance,
  bnc#904177).
• mm, compaction: do not count compact_stall if all zones skipped
  compaction (VM Performance, bnc#904177).
• mm, compaction: do not recheck suitable_migration_target under lock (VM
  Performance, bnc#904177).
• mm, compaction: khugepaged should not give up due to need_resched() (VM
  Performance, bnc#904177).
• mm, compaction: more focused lru and pcplists draining (VM Performance,
  bnc#904177).
• mm, compaction: move pageblock checks up from
  isolate_migratepages_range() (VM Performance, bnc#904177).
• mm, compaction: pass classzone_idx and alloc_flags to watermark checking
  (VM Performance, bnc#904177).
• mm, compaction: pass gfp mask to compact_control (VM Cleanup,
  bnc#904177).
• mm, compaction: periodically drop lock and restore IRQs in scanners (VM
  Performance, bnc#904177).
• mm, compaction: prevent infinite loop in compact_zone (VM Functionality,
  bnc#904177).
• mm, compaction: reduce zone checking frequency in the migration scanner
  (VM Performance, bnc#904177).
• mm, compaction: remember position within pageblock in free pages scanner
  (VM Performance, bnc#904177).
• mm, compaction: simplify deferred compaction (VM Performance,
  bnc#904177).
• mm, compaction: skip buddy pages by their order in the migrate scanner
  (VM Performance, bnc#904177).
• mm, compaction: skip rechecks when lock was already held (VM
  Performance, bnc#904177).
• mm, memory_hotplug/failure: drain single zone pcplists (VM Performance,
  bnc#904177).
• mm, page_isolation: drain single zone pcplists (VM Performance,
  bnc#904177).
• mm, thp: avoid excessive compaction latency during fault (VM
  Performance, bnc#904177).
• mm, thp: restructure thp avoidance of light synchronous migration (VM
  Performance, bnc#904177).
• mm/compaction.c: avoid premature range skip in
  isolate_migratepages_range (VM Functionality, bnc#904177).
• mm/compaction: skip the range until proper target pageblock is met (VM
  Performance, bnc#904177).
• mm/vmscan.c: use DIV_ROUND_UP for calculation of zones balance_gap and
  correct comments (VM Cleanup, bnc#904177).
• mm/vmscan: do not check compaction_ready on promoted zones (VM Cleanup,
  bnc#904177).
• mm/vmscan: restore sc->gfp_mask after promoting it to __GFP_HIGHMEM (VM
  Cleanup, bnc#904177).
• mm: Disable patches.suse/msync-fix-incorrect-fstart-calculation.patch
  (bnc#910697) because it needs to be revisited due partial msync behavior.
• mm: Disabled
  patches.suse/mm-msync.c-sync-only-the-requested-range-in-msync.patch
  (bnc#910697) because it needs to be revisited due partial msync behavior.
• mm: improve documentation of page_order (VM Cleanup, bnc#904177).
• mm: introduce single zone pcplists drain (VM Performance, bnc#904177).
• mm: memcontrol: remove hierarchy restrictions for swappiness and
  oom_control (VM Cleanup, bnc#904177).
• mm: page_alloc: determine migratetype only once (VM Performance,
  bnc#904177).
• mm: rename allocflags_to_migratetype for clarity (VM Cleanup,
  bnc#904177).
• mm: unmapped page migration avoid unmap+remap overhead (MM performance).
• mm: vmscan: clean up struct scan_control (VM Cleanup, bnc#904177).
• mm: vmscan: move call to shrink_slab() to shrink_zones() (VM Cleanup,
  bnc#904177).
• mm: vmscan: move swappiness out of scan_control (VM Cleanup, bnc#904177).
• mm: vmscan: remove all_unreclaimable() (VM Cleanup, bnc#904177).
• mm: vmscan: remove remains of kswapd-managed zone->all_unreclaimable (VM
  Cleanup, bnc#904177).
• mm: vmscan: remove shrink_control arg from do_try_to_free_pages() (VM
  Cleanup, bnc#904177).
• mm: vmscan: rework compaction-ready signaling in direct reclaim (VM
  Cleanup, bnc#904177).
• msync: fix incorrect fstart calculation (VM/FS Micro-optimisations).
• net, sunrpc: suppress allocation warning in rpc_malloc() (bnc#904659).
• net: Find the nesting level of a given device by type (bnc#829110
  bnc#891277 bnc#904053).
• net: Hyper-V: Deletion of an unnecessary check before the function call
  "vfree".
• net: generic dev_disable_lro() stacked device handling (bnc#829110
  bnc#891277 bnc#904053).
• nvme: Add missing hunk from backport (bnc#873252).
• parport: parport_pc, do not remove parent devices early (bnc#856659).
• patches.suse/supported-flag: fix mis-reported supported status
  (bnc#809493).
• patches.xen/xen-privcmd-hcall-preemption: Fix EFLAGS.IF check.
• powerpc/fadump: Fix endianess issues in firmware assisted dump handling
  (bsc#889192).
• powerpc/pseries/hvcserver: Fix endian issue in hvcs_get_partner_info
  (bsc#912129).
• powerpc/pseries: Make CPU hotplug path endian safe (bsc#907069).
• powerpc: fix dlpar memory
• pseries: Fix endian issues in cpu hot-removal (bsc#907069).
• pseries: Fix endian issues in onlining cpu threads (bsc#907069).
• rpm/constraints.in: Require 10GB disk space on POWER A debuginfo build
  currently requires about 8.5 GB on POWER. Also, require at least 8 CPUs,
  so that builds do not get accidentally scheduled on slow machines.
• rpm/gitlog-fixups: Fix invalid address in two commits
• s390/ftrace,kprobes: allow to patch first instruction (bnc#903279,
  LTC#118177).
• s390/ftrace: add HAVE_DYNAMIC_FTRACE_WITH_REGS support (bnc#903279,
  LTC#118177).
• s390/ftrace: add code replacement sanity checks (bnc#903279, LTC#118177).
• s390/ftrace: enforce DYNAMIC_FTRACE if FUNCTION_TRACER is selected
  (bnc#903279, LTC#118177).
• s390/ftrace: optimize function graph caller code (bnc#903279,
  LTC#118177).
• s390/ftrace: optimize mcount code (bnc#903279, LTC#118177).
• s390/ftrace: remove 31 bit ftrace support (bnc#903279, LTC#118177).
• s390/ftrace: remove check of obsolete variable function_trace_stop
  (bnc#903279, LTC#118177).
• s390/ftrace: revert mcount_adjust change (bnc#903279, LTC#118177).
• s390/ftrace: simplify enabling/disabling of ftrace_graph_caller
  (bnc#903279, LTC#118177).
• s390: pass march flag to assembly files as well (bnc#903279, LTC#118177).
• sched/fair: cleanup: Remove useless assignment in select_task_rq_fair()
  (cpuidle performance).
• scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags.
• scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.
• scripts/tags.sh: include compat_sys_* symbols in the generated tags.
• scsi: call device handler for failed TUR command (bnc#895814).
• series.conf: remove orphan bnc comments
• storvsc: ring buffer failures may result in I/O freeze.
• supported.conf: mark tcm_qla2xxx as supported Has not been ported from
  SLES11 SP3 automatically.
• tags.sh: Fixup regex definition for etags.
• tcm_loop: Wrong I_T nexus association (bnc#907325).
• tools: hv: ignore ENOBUFS and ENOMEM in the KVP daemon.
• tools: hv: introduce -n/–no-daemon option.
• udf: Check component length before reading it.
• udf: Check path length when reading symlink.
• udf: Verify i_size when loading inode.
• udf: Verify symlink size before loading it.
• vmscan: memcg: always use swappiness of the reclaimed memcg (VM Cleanup,
  bnc#904177).
• x86, cpu: Detect more TLB configuration (TLB Performance).
• x86-64/MCE: flip CPU and bank numbers in log message.
• x86/UV: Fix conditional in gru_exit() (bsc#909095).
• x86/early quirk: use gen6 stolen detection for VLV (bnc#907970).
• x86/efi: Do not export efi runtime map in case old map (bsc#904969).
• x86/mm: Add tracepoints for TLB flushes (TLB Performance).
• x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB
  Performance).
• x86/uv: Update the UV3 TLB shootdown logic (bsc#909092).
• x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show (bsc#911181).
• x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181).
• x86: fix step size adjustment during initial memory mapping (bsc#910249).
• x86: use custom dma_get_required_mask().
• x86: use optimized ioresource lookup in ioremap function (Boot time
  optimisations (bnc#895387)).