From a7516c3fe0241f3d74efbf2bcedf267764c0c789 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 14 2018 19:28:18 +0000 Subject: import kernel-rt-3.10.0-862.11.6.rt56.819.el7 --- diff --git a/.gitignore b/.gitignore index ce50c05..e79d6aa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/kernel-rt-3.10.0-862.6.3.rt56.811.tar.xz +SOURCES/kernel-rt-3.10.0-862.11.6.rt56.819.tar.xz SOURCES/rheldup3.x509 SOURCES/rhelkpatch1.x509 diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 297db5d..f76eb2b 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,3 +1,3 @@ -21ddd652beb741ad3f3f2b4a393dcb47a9dc5a2c SOURCES/kernel-rt-3.10.0-862.6.3.rt56.811.tar.xz +5fa62ffa7e775c00d22c19095bae4617e8001f5e SOURCES/kernel-rt-3.10.0-862.11.6.rt56.819.tar.xz 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SOURCES/kernel-3.10.0-x86_64-rt-debug.config b/SOURCES/kernel-3.10.0-x86_64-rt-debug.config index ec353c8..41a697d 100644 --- a/SOURCES/kernel-3.10.0-x86_64-rt-debug.config +++ b/SOURCES/kernel-3.10.0-x86_64-rt-debug.config @@ -236,6 +236,7 @@ CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_CRASH_CORE=y CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y CONFIG_HAVE_OPROFILE=y CONFIG_OPROFILE_NMI_TIMER=y CONFIG_KPROBES=y diff --git a/SOURCES/kernel-3.10.0-x86_64-rt-trace.config b/SOURCES/kernel-3.10.0-x86_64-rt-trace.config index 8551a39..6a2e59c 100644 --- a/SOURCES/kernel-3.10.0-x86_64-rt-trace.config +++ b/SOURCES/kernel-3.10.0-x86_64-rt-trace.config @@ -236,6 +236,7 @@ CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_CRASH_CORE=y CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y CONFIG_HAVE_OPROFILE=y CONFIG_OPROFILE_NMI_TIMER=y CONFIG_KPROBES=y diff --git a/SOURCES/kernel-3.10.0-x86_64-rt.config b/SOURCES/kernel-3.10.0-x86_64-rt.config index 74ededc..a0f0765 100644 --- a/SOURCES/kernel-3.10.0-x86_64-rt.config +++ b/SOURCES/kernel-3.10.0-x86_64-rt.config @@ -236,6 +236,7 @@ CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_CRASH_CORE=y CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y CONFIG_HAVE_OPROFILE=y CONFIG_OPROFILE_NMI_TIMER=y CONFIG_KPROBES=y diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index dc814f7..c05b910 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec @@ -7,10 +7,10 @@ Summary: The Linux Realtime kernel %global dist .el7 # realtimeN -%global rtbuild 811 +%global rtbuild 819 # RHEL7 build number -%global rhel_build 862.6.3 +%global rhel_build 862.11.6 # The preempt RT patch level %global rttag rt56 @@ -429,7 +429,7 @@ shipped in each kernel image subpackage. %package %{?1:%{1}-}kvm\ Summary: KVM modules for package %{name}%{?1:-%{1}}\ Group: System Environment/Kernel\ -Requires: %{name} = %{version}-%{release}\ +Requires: %{name}%{?1:-%{1}} = %{version}-%{release}\ Provides: installonlypkg(kernel-rt-kvm) = %{version}-%{release}\ Provides: kernel-rt%{?1:-%{1}}-kvm = %{version}-%{release}%{?1:.%{1}}\ Provides: kernel-rt-kvm-%{_target_cpu} = %{version}-%{release}%{?1:.%{1}}\ @@ -1411,15 +1411,209 @@ fi %endif %changelog -* Mon Jun 18 2018 Luis Claudio R. Goncalves [3.10.0-862.6.3.rt56.811.el7] +* Fri Aug 10 2018 Luis Claudio R. Goncalves [3.10.0-862.11.6.rt56.819.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} + +* Thu Aug 09 2018 Luis Claudio R. Goncalves [3.10.0-862.11.5.rt56.818.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} + +* Tue Aug 07 2018 Luis Claudio R. Goncalves [3.10.0-862.11.4.rt56.817.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3693} + +* Mon Aug 06 2018 Luis Claudio R. Goncalves [3.10.0-862.11.3.rt56.816.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] net: add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} +- [x86] x86/syscall: Fix regression when using the last syscall (pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693} + +* Thu Jul 26 2018 Luis Claudio R. Goncalves [3.10.0-862.11.2.rt56.815.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu: hotplug: Expose SMT control init function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] bugs: Concentrate bug reporting into a separate function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu: hotplug: Online siblings when SMT control is turned on (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- Revert "x86/apic: Ignore secondary threads if nosmt=force" (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] cpu/topology: Provide detect_extended_topology_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] CPU: Modify detect_extended_topology() to return result (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Report if too much memory for L1TF workaround (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Make sure the first page is always reserved (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} +- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} + +* Tue Jul 24 2018 Luis Claudio R. Goncalves [3.10.0-862.11.1.rt56.814.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [tcmu] allow userspace to reset ring (Xiubo Li) [1599669 1562587] +- [tcmu] remove commands_lock (Xiubo Li) [1599669 1562587] +- [tcmu] move expired command completion to unmap thread (Xiubo Li) [1599669 1562587] +- [tcmu] add cmd timeout handling wq (Xiubo Li) [1599669 1562587] +- [tcmu] don't block submitting context for block waits (Xiubo Li) [1599669 1562587] +- [tcmu] fix double se_cmd completion (Xiubo Li) [1599669 1562587] +- [tcmu] replace spin lock with mutex (Xiubo Li) [1599669 1562587] +- [target] add SAM_STAT_BUSY sense reason (Xiubo Li) [1599669 1562587] +- [target] core: add device action configfs files (Xiubo Li) [1599669 1562587] +- [target] Avoid mappedlun symlink creation during lun shutdown (Xiubo Li) [1599656 1585081] +- [spectre] update Spectre v1 mitigation string (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [spectre] fix hiddev nospec issues (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] syscall: clarify clobbered registers in entry code (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [powerpc] add missing barrier_nospec() in __get_user64_nocheck() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [spectre] fix gadgets found by smatch scanner (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] hdspm: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] asihpi: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [kernel] time: Protect posix clock array access against speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [sched] autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [perf] core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [sysvipc] sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [alsa] control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [usbip] vhci_sysfs: fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] kvm: Update spectre-v1 mitigation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] kvm: Add memory barrier on vmcs field lookup (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [documentation] Document array_index_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] nospec: Include dependency (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] usercopy: Replace open coded stac/clac with __uaccess_{begin, end} (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} +- [x86] uaccess: fix sparse errors (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} + +* Wed Jul 04 2018 Clark Williams [3.10.0-862.10.1.rt56.813.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [x86] add _TIF_UPROBE to _TIF_DO_NOTIFY_MASK (Oleg Nesterov) [1595155 1579521] +- [x86] spec_ctrl: Always clear SPEC_CTRL MSRs when disabling IBRS (Radomir Vrbovsky) [1586150 1574730] +- [sound] alsa: hda/realtek - Add headset mode support for Dell laptop (Jaroslav Kysela) [1588946 1528587] +- [sound] alsa: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (Jaroslav Kysela) [1593586 1535427] +- [mm] compaction: release zone irqlock in isolate_freepages_block (Andrea Arcangeli) [1596283 1582793] +- [mm] compaction: change the timing to check to drop the spinlock (Andrea Arcangeli) [1596283 1582793] +- [fs] dcache.c: add cond_resched() in shrink_dentry_list() (Aaron Tomlin) [1596184 1584693] +- [misc] vmware balloon: Treat init like reset (Cathy Avery) [1595601 1540110] +- [netdrv] qede: Fix ref-cnt usage count (Chad Dupuis) [1594700 1574847] +- [x86] kvm: fix LAPIC timer drift when guest uses periodic mode ("Dr. David Alan Gilbert") [1594292 1584775] +- [x86] kvm: remove APIC Timer periodic/oneshot spikes ("Dr. David Alan Gilbert") [1594292 1584775] +- [netdrv] mlx4_en: Increase number of default RX rings (Erez Alfasi) [1594127 1520295] +- [netdrv] mlx4_en: Limit the number of RX rings (Erez Alfasi) [1594127 1520295] +- [netdrv] mlx4_en: Limit the number of TX rings (Erez Alfasi) [1594127 1520295] +- [fs] ceph: don't set read_ahead_kb to 0 by default (Ilya Dryomov) [1590825 1579539] +- [scsi] qla2xxx: Remove stale debug value for login_retry flag (Himanshu Madhani) [1588937 1578880] +- [x86] topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Prarit Bhargava) [1588563 1582023] +- [acpi] osi: Add OEM _OSI strings to disable NVidia RTD3 (Jaroslav Kysela) [1584685 1581391] +- [hv] vmbus: Fix a rescind issue (Eduardo Otubo) [1582124 1518498] +- [linux] libata: enable host-wide tags (Ewan Milne) [1581728 1491014] +- [ata] libata: remove ATA_FLAG_LOWTAG (Ewan Milne) [1581728 1491014] +- [ata] Add a new flag to destinguish sas controller (Ewan Milne) [1581728 1491014] +- [ata] libata: make sata_sil24 use fifo tag allocator (Ewan Milne) [1581728 1491014] +- [ata] libata: move sas ata tag allocation to libata-scsi.c (Ewan Milne) [1581728 1491014] +- [ata] libata: use blk taging (Ewan Milne) [1581728 1491014] +- [nvme] rdma: Use mr pool (David Milburn) [1581347 1547273] +- [nvme] rdma: Check remotely invalidated rkey matches our expected rkey (David Milburn) [1581347 1547273] +- [nvme] rdma: wait for local invalidation before completing a request (David Milburn) [1581347 1547273] +- [nvme] rdma: don't complete requests before a send work request has completed (David Milburn) [1581347 1547273] +- [nvme] rdma: don't suppress send completions (David Milburn) [1581347 1547273] +- [x86] kvm: Fix loss of pending INIT due to race (Radim Krcmar) [1580467 1569473] +- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576759 1576755] {CVE-2018-10675} +- [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550171 1593586 1550169 1535427] {CVE-2018-7566} +- [crypto] algif_skcipher: Load TX SG list after waiting (Bruno Eduardo de Oliveira Meneguele) [1541870 1541875] {CVE-2017-13215} + +* Mon Jun 18 2018 Luis Claudio R. Goncalves [3.10.0-862.8.1.rt56.812.el7] - [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] - [x86] always enable eager FPU by default on non-AMD processors (Paolo Bonzini) [1589051 1589048] {CVE-2018-3665} +- [net] nf_reset: also clear nfctinfo bits (Florian Westphal) [1588458 1572983] - [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584323 1584569] {CVE-2018-3639} - -* Mon Jun 18 2018 Luis Claudio R. Goncalves [3.10.0-862.6.2.rt56.810.el7] - [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584323 1584569] {CVE-2018-3639} @@ -1456,6 +1650,10 @@ fi - [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639} +* Wed Jun 06 2018 Luis Claudio R. Goncalves [3.10.0-862.7.1.rt56.811.el7] +- [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] +- [linux] fsnotify: Fix fsnotify_mark_connector race (Miklos Szeredi) [1584684 1569921] + * Mon Jun 04 2018 Luis Claudio R. Goncalves [3.10.0-862.6.1.rt56.810.el7] - [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] - [x86] microcode: Load microcode on all cpus (Prarit Bhargava) [1578047 1568249]