The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive
various security and bugfixes.
Following security bugs were fixed:
- CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
through 3.17.2 did not properly maintain the semantics of rename_lock,
which allowed local users to cause a denial of service (deadlock and
system hang) via a crafted application (bnc#903640).
- CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
Linux kernel through 3.18.1 did not restrict the number of Rock Ridge
continuation entries, which allowed local users to cause a denial of
service (infinite loop, and system crash or hang) via a crafted iso9660
image (bnc#906545 911325).
- CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
kernel before 3.17.2 on Intel processors did not ensure that the value
in the CR4 control register remained the same after a VM entry, which
allowed host OS users to kill arbitrary processes or cause a denial of
service (system disruption) by leveraging /dev/kvm access, as
demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU
(bnc#902232).
- CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in
net/sctp/associola.c in the SCTP implementation in the Linux kernel
through 3.17.2 allowed remote attackers to cause a denial of service
(panic) via duplicate ASCONF chunks that triggered an incorrect uncork
within the side-effect interpreter (bnc#902349).
- CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
Linux kernel through 3.18.2 did not properly choose memory locations for
the vDSO area, which made it easier for local users to bypass the ASLR
protection mechanism by guessing a location at the end of a PMD
(bnc#912705).
The following non-security bugs were fixed:
- ACPI idle: permit sparse C-state sub-state numbers (bnc#907969).
- ALSA: hda - verify pin:converter connection on unsol event for HSW and
VLV.
- ALSA: hda - verify pin:cvt connection on preparing a stream for Intel
HDMI codec.
- ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec.
- ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH.
- ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP.
- Btrfs: Disable
patches.suse/Btrfs-fix-abnormal-long-waiting-in-fsync.patch (bnc#910697)
because it needs to be revisited due partial msync behavior.
- Btrfs: Fix misuse of chunk mutex (bnc#912514).
- Btrfs: always clear a block group node when removing it from the tree
(bnc#912514).
- Btrfs: collect only the necessary ordered extents on ranged fsync
(bnc#912946).
- Btrfs: do not access non-existent key when csum tree is empty.
- Btrfs: do not delay inode ref updates during log replay.
- Btrfs: do not ignore log btree writeback errors (bnc#912946).
- Btrfs: ensure btrfs_prev_leaf does not miss 1 item.
- Btrfs: ensure deletion from pinned_chunks list is protected (bnc#908198).
- Btrfs: ensure ordered extent errors are not missed on fsync (bnc#912946).
- Btrfs: fix abnormal long waiting in fsync (VM/FS Micro-optimisations).
- Btrfs: fix abnormal long waiting in fsync (bnc#912946).
- Btrfs: fix crash caused by block group removal (bnc#912514).
- Btrfs: fix freeing used extent after removing empty block group
(bnc#912514).
- Btrfs: fix freeing used extents after removing empty block group
(bnc#912514).
- Btrfs: fix fs corruption on transaction abort if device supports discard
(bnc#908198).
- Btrfs: fix fs mapping extent map leak (bnc#908198).
- Btrfs: fix invalid block group rbtree access after bg is removed
(bnc#912514).
- Btrfs: fix memory leak after block remove + trimming (bnc#908198).
- Btrfs: fix race between fs trimming and block group remove/allocation
(bnc#908198).
- Btrfs: fix race between writing free space cache and trimming
(bnc#908198).
- Btrfs: fix transaction leak during fsync call.
- Btrfs: fix unprotected deletion from pending_chunks list (bnc#908198).
- Btrfs: fix unprotected system chunk array insertion (bnc#912514).
- Btrfs: free ulist in qgroup_shared_accounting() error path.
- Btrfs: ioctl, do not re-lock extent range when not necessary.
- Btrfs: make btrfs_abort_transaction consider existence of new block
groups (bnc#908198).
- Btrfs: make sure logged extents complete in the current transaction V3
(bnc#912946).
- Btrfs: make sure we wait on logged extents when fsycning two subvols
(bnc#912946).
- Btrfs: make xattr replace operations atomic (bnc#913466).
- Btrfs: remove empty block groups automatically (bnc#912514).
- Btrfs: remove unused wait queue in struct extent_buffer.
- Btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.
- Btrfs: use helpers for last_trans_log_full_commit instead of opencode
(bnc#912946).
- Drivers: hv: kvp,vss: Fast propagation of userspace communication
failure.
- Drivers: hv: util: Properly pack the data for file copy functionality.
- Drivers: hv: util: make struct hv_do_fcopy match Hyper-V host messages.
- Drivers: hv: vmbus: Fix a race condition when unregistering a device.
- Drivers: hv: vss: Introduce timeout for communication with userspace.
- Fixed warning on DP unplugging driver in intel_dp.c (bnc#907536).
- Fixed warning on suspend in intel_display.c (bnc#907593).
- KEYS: Fix stale key registration at error path (bnc#908163).
- PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range()
(bug#912281).
- PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range()
(bug#912281).
- Refresh patches.xen/xen3-patch-3.9 (bsc#909829).
- Remove filesize checks for sync I/O journal commit (bnc#800255).
- SELinux: fix selinuxfs policy file on big endian systems (bsc#913233).
- Tools: hv: vssdaemon: ignore the EBUSY on multiple freezing the same
partition.
- Tools: hv: vssdaemon: report freeze errors.
- Tools: hv: vssdaemon: skip all filesystems mounted readonly.
- Update Xen patches to 3.12.35.
- Update s390x kabi files again (bnc#903279, LTC#118177)
- benet: Use pci_enable_msix_range() instead of pci_enable_msix()
(bug#912281).
- bfa: check for terminated commands (bnc#906027).
- cpuidle / menu: Return (-1) if there are no suitable states (cpuidle
performance).
- cpuidle / menu: move repeated correction factor check to init (cpuidle
performance).
- cpuidle: Do not substract exit latency from assumed sleep length
(cpuidle performance).
- cpuidle: Ensure menu coefficients stay within domain (cpuidle
performance).
- cpuidle: Move perf multiplier calculation out of the selection loop
(cpuidle performance).
- cpuidle: Use actual state latency in menu governor (cpuidle performance).
- cpuidle: menu governor - remove unused macro STDDEV_THRESH (cpuidle
performance).
- cpuidle: menu: Call nr_iowait_cpu less times (cpuidle performance).
- cpuidle: menu: Lookup CPU runqueues less (cpuidle performance).
- cpuidle: menu: Use ktime_to_us instead of reinventing the wheel (cpuidle
performance).
- cpuidle: menu: Use shifts when calculating averages where possible
(cpuidle performance).
- cpuidle: rename expected_us to next_timer_us in menu governor (cpuidle
performance).
- crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106
(bsc#913387).
- crypto: kernel oops at insmod of the z90crypt device driver (bnc#908057,
LTC#119591).
- cxgb4: Add the MC1 registers to read in the interrupt handler
(bsc#912290).
- cxgb4: Allow T4/T5 firmware sizes up to 1MB (bsc#912290).
- cxgb4: Fix FW flash logic using ethtool (bsc#912290).
- cxgb4: Fix T5 adapter accessing T4 adapter registers (bsc#912290).
- cxgb4: Fix for handling 1Gb/s SFP+ Transceiver Modules (bsc#912290).
- cxgb4: Fix race condition in cleanup (bsc#912290).
- cxgb4: Free completed tx skbs promptly (bsc#912290).
- cxgb4: Not need to hold the adap_rcu_lock lock when read adap_rcu_list
(bsc#912290).
- cxgb4: Use FW interface to get BAR0 value (bsc#912290).
- drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).
- drm: add MIPI DSI encoder and connector types (bnc#907971).
- ext4: cache extent hole in extent status tree for ext4_da_map_blocks()
(bnc#893428).
- ext4: change LRU to round-robin in extent status tree shrinker
(bnc#893428).
- ext4: cleanup flag definitions for extent status tree (bnc#893428).
- ext4: fix block reservation for bigalloc filesystems (bnc#893428).
- ext4: improve extents status tree trace point (bnc#893428).
- ext4: introduce aging to extent status tree (bnc#893428).
- ext4: limit number of scanned extents in status tree shrinker
(bnc#893428).
- ext4: move handling of list of shrinkable inodes into extent status code
(bnc#893428).
- ext4: track extent status tree shrinker delay statictics (bnc#893428).
- fix kABI after "x86: use custom dma_get_required_mask()".
- fsnotify: next_i is freed during fsnotify_unmount_inodes (bnc#908904).
- hv: hv_balloon: avoid memory leak on alloc_error of 2MB memory block.
- hyperv: Add processing of MTU reduced by the host.
- hyperv: Fix some variable name typos in send-buffer init/revoke.
- hyperv: Fix the total_data_buflen in send path.
- intel_idle: Add CPU model 54 (Atom N2000 series) (bnc#907969).
- intel_idle: allow sparse sub-state numbering, for Bay Trail (bnc#907969).
- intel_idle: support Bay Trail (bnc#907969).
- intel_pstate: Add setting voltage value for baytrail P states
(bnc#907973).
- intel_pstate: Add support for Baytrail turbo P states (bnc#907973).
- intel_pstate: Fix BYT frequency reporting (bnc#907973).
- intel_pstate: Fix setting VID (bnc#907973).
- intel_pstate: Set turbo VID for BayTrail (bnc#907973).
- intel_pstate: Use LFM bus ratio as min ratio/P state (bnc#907973).
- iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825).
- ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() (IPC
scalability).
- isofs: Fix unchecked printing of ER records.
- kABI: fix for move of d_rcu (bnc#903640 CVE-2014-8559).
- kABI: protect ipv6.h include in drivers/net.
- kABI: protect rmap include in mm/truncate.c.
- kABI: protect struct iwl_trans.
- kABI: protect struct pci_dev.
- kABI: protect struct user_namespace.
- kABI: protect user_namespace.h include in kernel/groups.c.
- kABI: reintroduce generic_write_sync.
- kABI: uninline of_property_count_string* functions. Omitted ppc64le kabi
fix for 3.12.33.
- kernel: kprobes instruction corruption (bnc#908057, LTC#119330).
- kernel: reduce function tracer overhead (bnc#903279, LTC#118177).
- kgr: allow to search various types of struct kgr_patch_fun.
- kgr: be consistent when applying patches on loaded modules.
- kgr: fix replace_all.
- kgr: fix typo in error message.
- kgr: fix unwinder and user addresses (bnc#908803).
- kgr: handle IRQ context using global variable.
- kgr: mark even more kthreads (bnc#905087 bnc#906140).
- kgr: prevent recursive loops of stubs in ftrace.
- kgr: set revert slow state for all reverted symbols when loading patched
module.
- kgr: unregister only the used ftrace ops when removing a patched module.
- kprobes: introduce weak arch_check_ftrace_location() helper function
(bnc#903279, LTC#118177).
- kvm: Do not expose MONITOR cpuid as available (bnc#887597)
- lpfc: Fix race on command completion (bnc#906027).
- macvlan: allow setting LRO independently of lower device (bnc#829110
bnc#891277 bnc#904053).
- mm, cma: drain single zone pcplists (VM Performance, bnc#904177).
- mm, compaction: always update cached scanner positions (VM Performance,
bnc#904177).
- mm, compaction: defer each zone individually instead of preferred zone
(VM Performance, bnc#904177).
- mm, compaction: defer only on COMPACT_COMPLETE (VM Performance,
bnc#904177).
- mm, compaction: do not count compact_stall if all zones skipped
compaction (VM Performance, bnc#904177).
- mm, compaction: do not recheck suitable_migration_target under lock (VM
Performance, bnc#904177).
- mm, compaction: khugepaged should not give up due to need_resched() (VM
Performance, bnc#904177).
- mm, compaction: more focused lru and pcplists draining (VM Performance,
bnc#904177).
- mm, compaction: move pageblock checks up from
isolate_migratepages_range() (VM Performance, bnc#904177).
- mm, compaction: pass classzone_idx and alloc_flags to watermark checking
(VM Performance, bnc#904177).
- mm, compaction: pass gfp mask to compact_control (VM Cleanup,
bnc#904177).
- mm, compaction: periodically drop lock and restore IRQs in scanners (VM
Performance, bnc#904177).
- mm, compaction: prevent infinite loop in compact_zone (VM Functionality,
bnc#904177).
- mm, compaction: reduce zone checking frequency in the migration scanner
(VM Performance, bnc#904177).
- mm, compaction: remember position within pageblock in free pages scanner
(VM Performance, bnc#904177).
- mm, compaction: simplify deferred compaction (VM Performance,
bnc#904177).
- mm, compaction: skip buddy pages by their order in the migrate scanner
(VM Performance, bnc#904177).
- mm, compaction: skip rechecks when lock was already held (VM
Performance, bnc#904177).
- mm, memory_hotplug/failure: drain single zone pcplists (VM Performance,
bnc#904177).
- mm, page_isolation: drain single zone pcplists (VM Performance,
bnc#904177).
- mm, thp: avoid excessive compaction latency during fault (VM
Performance, bnc#904177).
- mm, thp: restructure thp avoidance of light synchronous migration (VM
Performance, bnc#904177).
- mm/compaction.c: avoid premature range skip in
isolate_migratepages_range (VM Functionality, bnc#904177).
- mm/compaction: skip the range until proper target pageblock is met (VM
Performance, bnc#904177).
- mm/vmscan.c: use DIV_ROUND_UP for calculation of zones balance_gap and
correct comments (VM Cleanup, bnc#904177).
- mm/vmscan: do not check compaction_ready on promoted zones (VM Cleanup,
bnc#904177).
- mm/vmscan: restore sc->gfp_mask after promoting it to __GFP_HIGHMEM (VM
Cleanup, bnc#904177).
- mm: Disable patches.suse/msync-fix-incorrect-fstart-calculation.patch
(bnc#910697) because it needs to be revisited due partial msync behavior.
- mm: Disabled
patches.suse/mm-msync.c-sync-only-the-requested-range-in-msync.patch
(bnc#910697) because it needs to be revisited due partial msync behavior.
- mm: improve documentation of page_order (VM Cleanup, bnc#904177).
- mm: introduce single zone pcplists drain (VM Performance, bnc#904177).
- mm: memcontrol: remove hierarchy restrictions for swappiness and
oom_control (VM Cleanup, bnc#904177).
- mm: page_alloc: determine migratetype only once (VM Performance,
bnc#904177).
- mm: rename allocflags_to_migratetype for clarity (VM Cleanup,
bnc#904177).
- mm: unmapped page migration avoid unmap+remap overhead (MM performance).
- mm: vmscan: clean up struct scan_control (VM Cleanup, bnc#904177).
- mm: vmscan: move call to shrink_slab() to shrink_zones() (VM Cleanup,
bnc#904177).
- mm: vmscan: move swappiness out of scan_control (VM Cleanup, bnc#904177).
- mm: vmscan: remove all_unreclaimable() (VM Cleanup, bnc#904177).
- mm: vmscan: remove remains of kswapd-managed zone->all_unreclaimable (VM
Cleanup, bnc#904177).
- mm: vmscan: remove shrink_control arg from do_try_to_free_pages() (VM
Cleanup, bnc#904177).
- mm: vmscan: rework compaction-ready signaling in direct reclaim (VM
Cleanup, bnc#904177).
- msync: fix incorrect fstart calculation (VM/FS Micro-optimisations).
- net, sunrpc: suppress allocation warning in rpc_malloc() (bnc#904659).
- net: Find the nesting level of a given device by type (bnc#829110
bnc#891277 bnc#904053).
- net: Hyper-V: Deletion of an unnecessary check before the function call
"vfree".
- net: generic dev_disable_lro() stacked device handling (bnc#829110
bnc#891277 bnc#904053).
- nvme: Add missing hunk from backport (bnc#873252).
- parport: parport_pc, do not remove parent devices early (bnc#856659).
- patches.suse/supported-flag: fix mis-reported supported status
(bnc#809493).
- patches.xen/xen-privcmd-hcall-preemption: Fix EFLAGS.IF check.
- powerpc/fadump: Fix endianess issues in firmware assisted dump handling
(bsc#889192).
- powerpc/pseries/hvcserver: Fix endian issue in hvcs_get_partner_info
(bsc#912129).
- powerpc/pseries: Make CPU hotplug path endian safe (bsc#907069).
- powerpc: fix dlpar memory
- pseries: Fix endian issues in cpu hot-removal (bsc#907069).
- pseries: Fix endian issues in onlining cpu threads (bsc#907069).
- rpm/constraints.in: Require 10GB disk space on POWER A debuginfo build
currently requires about 8.5 GB on POWER. Also, require at least 8 CPUs,
so that builds do not get accidentally scheduled on slow machines.
- rpm/gitlog-fixups: Fix invalid address in two commits
- s390/ftrace,kprobes: allow to patch first instruction (bnc#903279,
LTC#118177).
- s390/ftrace: add HAVE_DYNAMIC_FTRACE_WITH_REGS support (bnc#903279,
LTC#118177).
- s390/ftrace: add code replacement sanity checks (bnc#903279, LTC#118177).
- s390/ftrace: enforce DYNAMIC_FTRACE if FUNCTION_TRACER is selected
(bnc#903279, LTC#118177).
- s390/ftrace: optimize function graph caller code (bnc#903279,
LTC#118177).
- s390/ftrace: optimize mcount code (bnc#903279, LTC#118177).
- s390/ftrace: remove 31 bit ftrace support (bnc#903279, LTC#118177).
- s390/ftrace: remove check of obsolete variable function_trace_stop
(bnc#903279, LTC#118177).
- s390/ftrace: revert mcount_adjust change (bnc#903279, LTC#118177).
- s390/ftrace: simplify enabling/disabling of ftrace_graph_caller
(bnc#903279, LTC#118177).
- s390: pass march flag to assembly files as well (bnc#903279, LTC#118177).
- sched/fair: cleanup: Remove useless assignment in select_task_rq_fair()
(cpuidle performance).
- scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags.
- scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.
- scripts/tags.sh: include compat_sys_* symbols in the generated tags.
- scsi: call device handler for failed TUR command (bnc#895814).
- series.conf: remove orphan bnc comments
- storvsc: ring buffer failures may result in I/O freeze.
- supported.conf: mark tcm_qla2xxx as supported Has not been ported from
SLES11 SP3 automatically.
- tags.sh: Fixup regex definition for etags.
- tcm_loop: Wrong I_T nexus association (bnc#907325).
- tools: hv: ignore ENOBUFS and ENOMEM in the KVP daemon.
- tools: hv: introduce -n/–no-daemon option.
- udf: Check component length before reading it.
- udf: Check path length when reading symlink.
- udf: Verify i_size when loading inode.
- udf: Verify symlink size before loading it.
- vmscan: memcg: always use swappiness of the reclaimed memcg (VM Cleanup,
bnc#904177).
- x86, cpu: Detect more TLB configuration (TLB Performance).
- x86-64/MCE: flip CPU and bank numbers in log message.
- x86/UV: Fix conditional in gru_exit() (bsc#909095).
- x86/early quirk: use gen6 stolen detection for VLV (bnc#907970).
- x86/efi: Do not export efi runtime map in case old map (bsc#904969).
- x86/mm: Add tracepoints for TLB flushes (TLB Performance).
- x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB
Performance).
- x86/uv: Update the UV3 TLB shootdown logic (bsc#909092).
- x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show (bsc#911181).
- x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181).
- x86: fix step size adjustment during initial memory mapping (bsc#910249).
- x86: use custom dma_get_required_mask().
- x86: use optimized ioresource lookup in ioremap function (Boot time
optimisations (bnc#895387)).