diff --git a/.gitignore b/.gitignore
index bcbad50..3744370 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/kernel-rt-3.10.0-957.12.2.rt56.929.tar.xz
+SOURCES/kernel-rt-3.10.0-957.21.2.rt56.934.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 1727343..32c89c0 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,3 +1,3 @@
-713d9a2d4e0d7c2a59a47266a4feab8699841bf6 SOURCES/kernel-rt-3.10.0-957.12.2.rt56.929.tar.xz
+a51b9f14a9b359bad648407b0b47b1af0418c80f SOURCES/kernel-rt-3.10.0-957.21.2.rt56.934.tar.xz
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der
deleted file mode 100644
index 44a2563..0000000
Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ
diff --git a/SOURCES/centos-kpatch.x509 b/SOURCES/centos-kpatch.x509
deleted file mode 100644
index ca57a43..0000000
Binary files a/SOURCES/centos-kpatch.x509 and /dev/null differ
diff --git a/SOURCES/centos-ldup.x509 b/SOURCES/centos-ldup.x509
deleted file mode 100644
index 9c65dd3..0000000
Binary files a/SOURCES/centos-ldup.x509 and /dev/null differ
diff --git a/SOURCES/centossecureboot001.crt b/SOURCES/centossecureboot001.crt
deleted file mode 100644
index c67b0f3..0000000
--- a/SOURCES/centossecureboot001.crt
+++ /dev/null
@@ -1,81 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            b6:16:15:71:72:fb:31:7e
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org
-        Validity
-            Not Before: Aug  1 11:47:30 2018 GMT
-            Not After : Dec 31 11:47:30 2037 GMT
-        Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa:
-                    76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51:
-                    cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2:
-                    4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3:
-                    24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0:
-                    bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18:
-                    00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97:
-                    a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57:
-                    6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35:
-                    6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0:
-                    aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65:
-                    53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46:
-                    f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f:
-                    6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2:
-                    76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4:
-                    94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28:
-                    4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef:
-                    94:0f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature
-            X509v3 Subject Key Identifier: 
-                F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29
-            X509v3 Authority Key Identifier: 
-                keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3
-
-    Signature Algorithm: sha256WithRSAEncryption
-        97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c:
-        dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da:
-        11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b:
-        2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a:
-        28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e:
-        b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef:
-        f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f:
-        0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56:
-        a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30:
-        17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a:
-        ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97:
-        58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c:
-        75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77:
-        da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71:
-        da:7f:89:1d
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV
-BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB
-FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx
-NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg
-BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4
-MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP
-f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2
-bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/
-VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR
-pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud
-EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb
-Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B
-AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G
-1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV
-IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv
-0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ
-+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD
-bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ==
------END CERTIFICATE-----
diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch
deleted file mode 100644
index 739855c..0000000
--- a/SOURCES/debrand-rh-i686-cpu.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/arch/x86/boot/main.c	2014-06-04 10:05:04.000000000 -0700
-+++ b/arch/x86/boot/main.c	2014-07-09 12:54:40.000000000 -0700
-@@ -146,7 +146,7 @@ void main(void)
- 
- 	/* Make sure we have all the proper CPU support */
- 	if (validate_cpu()) {
--		puts("This processor is unsupported in RHEL7.\n");
-+		puts("This processor is unsupported in CentOS 7.\n");
- 		die();
- 	}
- 
diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch
deleted file mode 100644
index 8ef4557..0000000
--- a/SOURCES/debrand-rh_taint.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 69c0d42cfa26515196896dea086857c2caccb6eb Mon Sep 17 00:00:00 2001
-From: Jim Perrin <jperrin@centos.org>
-Date: Thu, 19 Jun 2014 10:05:12 -0500
-Subject: [PATCH] branding patch for rh_taint
-
----
- kernel/rh_taint.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c
-index 59a74b0..0708e15 100644
---- a/kernel/rh_taint.c
-+++ b/kernel/rh_taint.c
-@@ -8,7 +8,7 @@
- void mark_hardware_unsupported(const char *msg)
- {
- 	/* Print one single message */
--	pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg);
-+	pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg);
- }
- EXPORT_SYMBOL(mark_hardware_unsupported);
- 
--- 
-1.8.3.1
-
diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch
deleted file mode 100644
index 9d2e08b..0000000
--- a/SOURCES/debrand-single-cpu.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 66185f5c6f881847776702e3a7956c504400f4f2 Mon Sep 17 00:00:00 2001
-From: Jim Perrin <jperrin@centos.org>
-Date: Thu, 19 Jun 2014 09:53:13 -0500
-Subject: [PATCH] branding patch for single-cpu systems
-
----
- arch/x86/kernel/setup.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index b289118..9d25982 100644
---- a/arch/x86/kernel/setup.c
-+++ b/arch/x86/kernel/setup.c
-@@ -846,7 +846,7 @@ static void rh_check_supported(void)
- 	if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) &&
- 	    !x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) {
- 		pr_crit("Detected single cpu native boot.\n");
--		pr_crit("Important:  In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems.");
-+		pr_crit("Important:  In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information");
- 	}
- 
- 	/* The RHEL7 kernel does not support this hardware.  The kernel will
--- 
-1.8.3.1
-
diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey
index d98f8fe..b1bbe38 100644
--- a/SOURCES/x509.genkey
+++ b/SOURCES/x509.genkey
@@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts
 
 [ req_distinguished_name ]
-O = CentOS
-CN = CentOS Linux kernel signing key
-emailAddress = security@centos.org
+O = Red Hat
+CN = Red Hat Enterprise Linux kernel signing key
+emailAddress = secalert@redhat.com
 
 [ myexts ]
 basicConstraints=critical,CA:FALSE
diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec
index 31fc8de..2ece337 100644
--- a/SPECS/kernel-rt.spec
+++ b/SPECS/kernel-rt.spec
@@ -7,10 +7,10 @@ Summary: The Linux Realtime kernel
 %global dist .el7
 
 # realtimeN
-%global rtbuild 929
+%global rtbuild 934
 
 # RHEL7 build number
-%global rhel_build 957.12.2
+%global rhel_build 957.21.2
 
 # The preempt RT patch level
 %global rttag rt56
@@ -214,7 +214,7 @@ Summary: The Linux Realtime kernel
 # problems with the newer kernel or lack certain things that make
 # integration in the distro harder than needed.
 #
-%define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 1.25.3-14, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3, shim-x64 < 12-2
+%define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 1.25.3-14, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3
 
 # We moved the drm include files into kernel-headers, make sure there's
 # a recent enough libdrm-devel on the system that doesn't have those.
@@ -322,16 +322,16 @@ Source10: sign-modules
 Source11: x509.genkey
 Source12: extra_certificates
 %if %{?released_kernel}
-Source13: centos-ca-secureboot.der 
-Source14: centossecureboot001.crt
-%define pesign_name centossecureboot001
+Source13: securebootca.cer
+Source14: secureboot.cer
+%define pesign_name redhatsecureboot301
 %else
-Source13: centos-ca-secureboot.der 
-Source14: centossecureboot001.crt
-%define pesign_name centossecureboot001
+Source13: redhatsecurebootca2.cer
+Source14: redhatsecureboot003.cer
+%define pesign_name redhatsecureboot003
 %endif
-Source15: centos-ldup.x509
-Source16: centos-kpatch.x509
+Source15: rheldup3.x509
+Source16: rhelkpatch1.x509
 
 Source22: perf
 Source23: perf-archive
@@ -353,9 +353,6 @@ Source1000: modprobe-dccp-blacklist.conf
 
 # Empty final patch file to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch
-Patch1000: debrand-single-cpu.patch
-Patch1001: debrand-rh_taint.patch
-Patch1002: debrand-rh-i686-cpu.patch
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
 
@@ -611,9 +608,6 @@ cp -rl vanilla-%{kversion} linux-%{kversion}.%{_target_cpu}
 cd linux-%{kversion}.%{_target_cpu}
 
 ## Apply Patches here
-ApplyPatch debrand-single-cpu.patch
-ApplyPatch debrand-rh_taint.patch
-ApplyPatch debrand-rh-i686-cpu.patch
 ApplyPatch linux-kernel-test.patch
 
 # move off upstream version mechanism
@@ -845,9 +839,6 @@ BuildKernel() {
     rm -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/conmakehash
     rm -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/pnmtologo
 
-    # remove stale pyo and pyc files
-    find $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts/ -name "*.py?" -exec rm {} \;
-
     if [ -d arch/%{asmarch}/include ]; then
       cp -a --parents arch/%{asmarch}/include $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/
     fi
@@ -1373,8 +1364,6 @@ fi
 %ghost /boot/initramfs-%{KVERREL}%{?2:.%{2}}.img\
 %{expand:%%files %{?2:%{2}-}devel}\
 %defattr(-,root,root)\
-%exclude /usr/src/kernels/%{KVERREL}%{?2:.%{2}}/scripts/rt-tester/rt-tester.py?\
-%exclude /usr/src/kernels/%{KVERREL}%{?2:.%{2}}/scripts/tracing/draw_functrace.py?\
 %dir /usr/src/kernels\
 /usr/src/kernels/%{KVERREL}%{?2:.%{2}}\
 %if %{builddebuginfo}\
@@ -1434,47 +1423,94 @@ fi
 %endif
 
 %changelog
-* Fri Apr 26 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.2.rt56.929.el7]
+* Tue May 28 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.21.2.rt56.934.el7]
+- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
+- [security] xattr: use RH_KABI_CONST to avoid security_inode_init_security checksum change (Cestmir Kalina) [1702286 1710633]
+
+* Thu May 23 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.21.1.rt56.933.el7]
+- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
+- [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+
+* Thu May 16 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.20.1.rt56.932.el7]
+- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
+- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
+- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
+
+* Mon Apr 29 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.19.1.rt56.931.el7]
+- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
+- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1702923 1077929]
+- [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) [1702921 1701348]
+- [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 1701348]
+- [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian Foster) [1702922 1658749]
+- [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (Brian Foster) [1701293 1613405]
+- [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian Foster) [1701293 1613405]
+- [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian Foster) [1701293 1613405]
+- [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash (Tony Camuso) [1701991 1692236]
+- [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) [1701991 1692236]
+- [char] ipmi: Remove platform driver overrides and use the id_table (Tony Camuso) [1701991 1692236]
+- [security] xattr: Constify ->name member of "struct xattr" (Aaron Tomlin) [1702286 1607307]
+- [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) [1702282 1625454]
+- [s390] zcrypt: fix specification exception on z196 during ap probe (Hendrik Brueckner) [1700706 1669535]
+- [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (Mike Snitzer) [1699722 1693466]
+- [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 1686149]
+- [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 1686149]
+- [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() (Lukas Czerner) [1698110 1671293]
+- [powerpc] livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
+- [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
+- [powerpc] livepatch: relax reliable stack tracer checks for first-frame (Joe Lawrence) [1697867 1658435]
+- [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe Lawrence) [1697867 1658435]
+- [powerpc] 64s: Clear on-stack exception marker upon exception return (Joe Lawrence) [1697867 1658435]
+- [powerpc] livepatch: Fix build error with kprobes disabled (Joe Lawrence) [1697867 1658435]
+- [fs] xfs: don't screw up direct writes when freesp is fragmented (Brian Foster) [1693796 1667523]
+- [nvme] ensure forward progress during Admin passthru (David Milburn) [1690519 1672428]
+
+* Tue Apr 23 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.18.1.rt56.930.el7]
 - [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
-- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
-- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
-
-* Mon Apr 15 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.1.rt56.928.el7]
+- [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 1698825]
+
+* Mon Apr 15 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.17.1.rt56.929.el7]
+- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
+- [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas Henzl) [1699723 1661906]
+
+* Thu Apr 11 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.16.1.rt56.928.el7]
 - [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
 - kvm/hyper-v: avoid spurious pending stimer on vCPU init (Vitaly Kuznetsov)
-- KVM: x86: work around leak of uninitialized stack contents (Paolo Bonzini) {CVE-2019-7222}
+- [kvm] KVM: x86: work around leak of uninitialized stack contents (Paolo Bonzini) {CVE-2019-7222}
 - kvm: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (Vitaly Kuznetsov) [1647097 1631439]
 - kvm: x86: #GP when guest attempts to write MCi_STATUS register w/o 0 (Vitaly Kuznetsov) [1647097 1631439]
 - kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (Vitaly Kuznetsov) [1647097 1631439]
@@ -1506,57 +1542,43 @@ fi
 - kvm/x86: Hyper-V synthetic interrupt controller (Vitaly Kuznetsov) [1647097 1631439]
 - kvm/x86: split ioapic-handled and EOI exit bitmaps (Vitaly Kuznetsov) [1647097 1631439]
 - kvm/irqchip: kvm_arch_irq_routing_update renaming split (Vitaly Kuznetsov) [1647097 1631439]
-- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
-- [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
-- [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]
-- [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]
-- [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]
-- [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]
-- [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]
-- [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]
-- [net] igmp: Don't flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]
-- [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]
-- [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]
-- [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]
-- [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]
-- [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]
-- [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]
-- [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
-- [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]
-- [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]
-- [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]
-- [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]
-- [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]
-- [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]
-- [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]
-- [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]
-- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]
-- [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]
-- [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]
-- [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]
-- [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]
-- [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
-- [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]
-- [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
-- [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]
-- [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]
-- [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]
-- [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]
-- [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}
-- [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
-- [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]
-- [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]
-
-* Fri Apr 05 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.1.rt56.927.el7]
-- build: remove stale files from the -devel packages (v3) [1689417 1642619]
-
-* Tue Apr 02 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.1.rt56.926.el7]
+- [netdrv] net/mlx5e: Properly set steering match levels for offloaded TC decap rules (Alaa Hleihel) [1686292 1618427]
+- [netdrv] net/mlx5e: Always use the match level enum when parsing TC rule match (Alaa Hleihel) [1686292 1618427]
+- [netdrv] net/mlx5e: Support offloaded TC flows with no matches on headers (Alaa Hleihel) [1686292 1618427]
+- [netdrv] net/mlx5e: Get the required HW match level while parsing TC flow matches (Alaa Hleihel) [1686292 1618427]
+- [netdrv] net/mlx5e: Properly order min inline mode setup while parsing TC matches (Alaa Hleihel) [1686292 1618427]
+- [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow attributes (Alaa Hleihel) [1686292 1618427]
+- [netdrv] net/mlx5e: Err if asked to offload TC match on frag being first (Alaa Hleihel) [1686292 1618427]
+- [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) [1697940 1691421]
+- [net] geneve: correctly handle ipv6.disable module parameter (Jiri Benc) [1694981 1677049]
+- [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 1691227]
+- [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos Szeredi) [1696292 1677705]
+- [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 1697241 1676613 1662887]
+- [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav Kysela) [1693562 1680180]
+- [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (Jaroslav Kysela) [1693562 1657855]
+- [block] mtip32xx: fix memory corruption by initializing internal command header (Ming Lei) [1689929 1660292]
+- [fs] nfsd: deal with revoked delegations appropriately (Dave Wysochanski) [1689811 1552203]
+
+* Thu Mar 28 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.15.1.rt56.927.el7]
 - [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
-- build: remove stale files from the -devel packages (v2)
+- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1693561 1684780]
+- [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) [1693110 1676462]
 
-* Tue Apr 02 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.1.rt56.925.el7]
+* Tue Mar 26 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.14.1.rt56.926.el7]
+- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
+- [fs] move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001]
+- [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng Yan) [1692266 1627001]
+- [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 1627001]
+- [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng Yan) [1692266 1627001]
+- [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 1627001]
+- [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001]
+- [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) [1692266 1627001]
+- [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries (Zheng Yan) [1692266 1627001]
+- [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) [1692266 1627001]
+
+* Thu Mar 21 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.13.1.rt56.925.el7]
 - [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
-- build: clean up stale files in the -devel package
+- [drm] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer (Ben Skeggs) [1690761 1669098]
 
 * Wed Mar 20 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.1.rt56.924.el7]
 - [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]