Operating System:



13 December 2018

Protect yourself against future threats.

Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

               kernel updated for SLES  Live Patching12-SP4
                             13 December 2018


        AusCERT Security Bulletin Summary

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Console/Physical
                   Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
                   Unauthorised Access    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-19824 CVE-2018-18710 CVE-2018-18445
                   CVE-2018-18386 CVE-2018-18281 CVE-2018-16658
                   CVE-2018-10940 CVE-2017-18224 CVE-2017-16533

Reference:         ESB-2018.3841

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2018:4072-1
Rating:             important
References:         #1051510 #1055120 #1061840 #1065600 #1065729 
                    #1066674 #1067906 #1068273 #1076830 #1078248 
                    #1079524 #1082555 #1082653 #1083647 #1084760 
                    #1084831 #1085535 #1086196 #1089350 #1091800 
                    #1094825 #1095805 #1097755 #1100132 #1103356 
                    #1103925 #1104124 #1104731 #1104824 #1105025 
                    #1105428 #1106105 #1106110 #1106237 #1106240 
                    #1107256 #1107385 #1107866 #1108377 #1108468 
                    #1109330 #1109739 #1109772 #1109806 #1109818 
                    #1109907 #1109911 #1109915 #1109919 #1109951 
                    #1110006 #1110998 #1111040 #1111062 #1111174 
                    #1111506 #1111696 #1111809 #1111921 #1111983 
                    #1112128 #1112170 #1112173 #1112208 #1112219 
                    #1112221 #1112246 #1112372 #1112514 #1112554 
                    #1112708 #1112710 #1112711 #1112712 #1112713 
                    #1112731 #1112732 #1112733 #1112734 #1112735 
                    #1112736 #1112738 #1112739 #1112740 #1112741 
                    #1112743 #1112745 #1112746 #1112878 #1112894 
                    #1112899 #1112902 #1112903 #1112905 #1112906 
                    #1112907 #1112963 #1113257 #1113284 #1113295 
                    #1113408 #1113412 #1113501 #1113667 #1113677 
                    #1113722 #1113751 #1113769 #1113780 #1113972 
                    #1114015 #1114178 #1114279 #1114385 #1114576 
                    #1114577 #1114578 #1114579 #1114580 #1114581 
                    #1114582 #1114583 #1114584 #1114585 #1114839 
                    #1115074 #1115269 #1115431 #1115433 #1115440 
                    #1115567 #1115709 #1115976 #1116183 #1116692 
                    #1116693 #1116698 #1116699 #1116700 #1116701 
                    #1116862 #1116863 #1116876 #1116877 #1116878 
                    #1116891 #1116895 #1116899 #1116950 #1117168 
                    #1117172 #1117174 #1117181 #1117184 #1117188 
                    #1117189 #1117349 #1117561 #1117788 #1117789 
                    #1117790 #1117791 #1117792 #1117794 #1117795 
                    #1117796 #1117798 #1117799 #1117801 #1117802 
                    #1117803 #1117804 #1117805 #1117806 #1117807 
                    #1117808 #1117815 #1117816 #1117817 #1117818 
                    #1117819 #1117820 #1117821 #1117822 #1118102 
                    #1118136 #1118137 #1118138 #1118140 #1118152 
Cross-References:   CVE-2017-16533 CVE-2017-18224 CVE-2018-18281
                    CVE-2018-18386 CVE-2018-18445 CVE-2018-18710
Affected Products:
                    SUSE Linux Enterprise Live Patching 12-SP4

   An update that solves 7 vulnerabilities and has 184 fixes
   is now available.


   The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
     driver by supplying a malicious USB Sound device (with zero interfaces)
     that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
   - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
     pagetable locks. If a syscall such as ftruncate() removed entries from
     the pagetables of a task that is in the middle of mremap(), a stale TLB
     entry could remain for a short time that permits access to a physical
     page after it has been released back to the page allocator and reused.
   - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
     drivers/cdrom/cdrom.c could be used by local attackers to read kernel
     memory because a cast from unsigned long to int interferes with bounds
     checking. This is similar to CVE-2018-10940 and CVE-2018-16658
   - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier
     permitted out-of-bounds memory accesses because
     adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit
     right shifts (bnc#1112372).
   - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
     able to access pseudo terminals) to hang/block further usage of any
     pseudo terminal devices due to an EXTPROC versus ICANON confusion in
     TIOCINQ (bnc#1094825).
   - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and
     consequently had a race condition for access to the extent tree during
     read operations in DIRECT mode, which allowed local users to cause a
     denial of service (BUG) by modifying a certain e_cpos field
   - CVE-2017-16533: The usbhid_parse function in
     drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
     service (out-of-bounds read and system crash) or possibly have
     unspecified other impact via a crafted USB device (bnc#1066674).

   The following non-security bugs were fixed:

   - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
   - ACPICA: Tables: Add WSMT support (bsc#1089350).
   - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer
     value (bsc#1051510).
   - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
   - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895).
   - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads
   - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks
   - ACPI/nfit, x86/mce: Validate a MCE's address before using it
   - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
   - ACPI / processor: Fix the return value of acpi_processor_ids_walk()
   - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM
   - act_ife: fix a potential use-after-free (networking-stable-18_09_11).
   - Add the cherry-picked dup id for PCI dwc fix
   - Add version information to KLP_SYMBOLS file
   - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
   - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
   - ALSA: control: Fix race between adding and removing a user element
   - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
   - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
   - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
   - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
   - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
   - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
   - ALSA: hda: fix unused variable warning (bsc#1051510).
   - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop
   - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).
   - ALSA: hda/realtek - Allow skipping spec->init_amp detection
   - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
   - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
   - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops
   - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
   - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
   - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
   - ALSA: hda/realtek - Support ALC300 (bsc#1051510).
   - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
   - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
   - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock
   - ALSA: usb-audio: update quirk for B&W PX to remove microphone
   - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
   - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
   - arm64: KVM: Move CPU ID reg trap setup off the world switch path
   - arm64: KVM: Sanitize PSTATE.M when being set from userspace
   - arm64: KVM: Tighten guest core register access from userspace
   - ARM: dts: at91: add new compatibility string for macb on sama5d3
   - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc
   - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
   - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using
     pmc_plt_clk_0 (bsc#1051510).
   - ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
   - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
   - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
   - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
   - ASoC: rt5514: Fix the issue of the delay volume applied again
   - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510).
   - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
   - ASoC: wm8804: Add ACPI support (bsc#1051510).
   - ata: Fix racy link clearance (bsc#1107866).
   - ataflop: fix error handling during setup (bsc#1051510).
   - ath10k: fix kernel panic issue during pci probe (bsc#1051510).
   - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510).
   - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510).
   - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
   - autofs: fix autofs_sbi() does not check super block type (git-fixes).
   - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
   - autofs: mount point create should honour passed in mode (git-fixes).
   - badblocks: fix wrong return value in badblocks_set if badblocks are
     disabled (git-fixes).
   - batman-adv: Avoid probe ELP information leak (bsc#1051510).
   - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
   - batman-adv: fix backbone_gw refcount on queue_work() failure
   - batman-adv: fix hardif_neigh refcount on queue_work() failure
   - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
   - bdi: Fix another oops in wb_workfn() (bsc#1112746).
   - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746).
   - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
   - bitops: protect variables in set_mask_bits() macro (bsc#1051510).
   - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579)
   - Blacklist sd_zbc patch that is too invasive (bsc#1114583)
   - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585)
   - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713).
   - block, bfq: fix wrong init of saved start time for weight raising
   - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712).
   - block: copy ioprio in __bio_clone_fast() (bsc#1082653).
   - block: respect virtual boundary mask in bvecs (bsc#1113412).
   - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
   - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).
   - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
   - bnxt_en: free hwrm resources, if driver probe fails
   - bonding: avoid possible dead-lock (networking-stable-18_10_16).
   - bonding: fix length of actor system (networking-stable-18_11_02).
   - bonding: fix warning message (networking-stable-18_10_16).
   - bonding: pass link-local packets to bonding master also
   - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
   - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
   - bpf/verifier: disallow pointer subtraction (bsc#1083647).
   - bpf: wait for running BPF programs when updating map-in-map
   - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
   - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
   - brcmutil: really fix decoding channel info for 160 MHz bandwidth
   - bridge: do not add port to router list when receives query with source (networking-stable-18_11_02).
   - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
     for bsc#1113667).
   - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
   - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
   - Btrfs: fix assertion on fsync of regular file when using no-holes
     feature (bsc#1118137).
   - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
   - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
   - Btrfs: fix deadlock on tree root leaf when finding free extent
   - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).
   - Btrfs: fix infinite loop on inode eviction after deduplication of eof
     block (bsc#1116877).
   - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes
   - Btrfs: fix null pointer dereference on compressed write path error
   - Btrfs: fix use-after-free during inode eviction (bsc#1116701).
   - Btrfs: fix use-after-free when dumping free space (bsc#1116862).
   - Btrfs: fix warning when replaying log after fsync of a tmpfile
   - Btrfs: fix wrong dentries after fsync of file that got its parent
     replaced (bsc#1116693).
   - Btrfs: handle errors while updating refcounts in update_ref_for_cow
     (Git-fixes bsc#1109915).
   - Btrfs: make sure we create all new block groups (bsc#1116699).
   - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
   - Btrfs: send, fix infinite loop due to directory rename dependencies
   - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
   - can: dev: __can_get_echo_skb(): Do not crash the kernel if
     can_priv::echo_skb is accessed out of bounds (bsc#1051510).
   - can: dev: can_get_echo_skb(): factor out non sending code to
     __can_get_echo_skb() (bsc#1051510).
   - can: dev: __can_get_echo_skb(): print error message, if trying to echo
     non existing skb (bsc#1051510).
   - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame
     to access frame length (bsc#1051510).
   - can: hi311x: Use level-triggered interrupt (bsc#1051510).
   - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
   - can: rcar_can: Fix erroneous registration (bsc#1051510).
   - can: rx-offload: introduce can_rx_offload_get_echo_skb() and
     can_rx_offload_queue_sorted() functions (bsc#1051510).
   - cdc-acm: correct counting of UART states in serial state notification
   - cdc-acm: do not reset notification buffer index upon urb unlinking
   - cdc-acm: fix race between reset and control messaging (bsc#1051510).
   - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983).
   - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
   - ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
   - cfg80211: Address some corner cases in scan result channel updating
   - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
   - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
   - cifs: fix memory leak in SMB2_open() (bsc#1112894).
   - cifs: Fix use after free of a mid_q_entry (bsc#1112903).
   - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
   - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
   - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
   - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
   - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent
     call (bsc#1051510).
   - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
   - clk: s2mps11: Fix matching when built as module and DT node contains
     compatible (bsc#1051510).
   - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
   - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
   - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510).
   - clockevents/drivers/i8253: Add support for PIT shutdown quirk
   - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for
     non-am43 SoCs (bsc#1051510).
   - clocksource/drivers/timer-atmel-pit: Properly handle error cases
   - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510).
   - configfs: replace strncpy with memcpy (bsc#1051510).
   - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).
   - crypto: chelsio - Fix memory corruption in DMA Mapped buffers
   - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).
   - crypto: simd - correctly take reqsize of wrapped skcipher into account
   - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).
   - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951).
   - debugobjects: Make stack check warning more informative (bsc#1051510).
   - Documentation/l1tf: Fix small spelling typo (bsc#1051510).
   - Documentation/l1tf: Fix typos (bsc#1051510).
   - Documentation/l1tf: Remove Yonah processors from not vulnerable list
   - do d_instantiate/unlock_new_inode combinations safely (git-fixes).
   - Do not leak MNT_INTERNAL away from internal mounts (git-fixes).
   - driver/dma/ioat: Call del_timer_sync() without holding prep_lock
   - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type
   - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510).
   - drm/amdgpu: Fix vce work queue was not cancelled when suspend
   - drm/amdgpu/powerplay: fix missing break in switch statements
   - drm/ast: change resolution may cause screen blurred (boo#1112963).
   - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
   - drm/ast: Fix incorrect free on ioregs (bsc#1051510).
   - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
   - drm/dp_mst: Check if primary mstb is null (bsc#1051510).
   - drm/dp_mst: Skip validating ports during destruction, just ref
   - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
   - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
   - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510).
   - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
   - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer
   - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth
   - drm/i915/audio: Hook up component bindings even if displays are
   - drm/i915: Do not oops during modeset shutdown after lpe audio deinit
   - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
   - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit
     panel's native mode (bsc#1051510).
   - drm/i915/execlists: Force write serialisation into context image vs
     execution (bsc#1051510).
   - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
   - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
   - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510).
   - drm/i915/glk: Remove 99% limitation (bsc#1051510).
   - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
   - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
   - drm/i915: Mark pin flags as u64 (bsc#1051510).
   - drm/i915: Restore vblank interrupts earlier (bsc#1051510).
   - drm/i915: Skip vcpi allocation for MSTB ports that are gone
   - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
   - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510).
   - drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
   - drm/meson: add support for 1080p25 mode (bsc#1051510).
   - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
   - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut()
   - drm/msm: fix OF child-node lookup (bsc#1106110)
   - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
   - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).
   - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
   - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
   - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)
   - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110)
   - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722)
   - e1000: check on netif_running() before calling e1000_up() (bsc#1051510).
   - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510).
   - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
   - EDAC: Raise the maximum number of memory controllers (bsc#1113780).
   - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
   - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr()
   - eeprom: at24: change nvmem stride to 1 (bsc#1051510).
   - eeprom: at24: check at24_read/write arguments (bsc#1051510).
   - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510).
   - Enable LSPCON instead of blindly disabling HDMI
   - enic: do not call enic_change_mtu in enic_probe (bsc#1051510).
   - enic: handle mtu change for vf properly (bsc#1051510).
   - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510).
   - ethtool: fix a privilege escalation bug (bsc#1076830).
   - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554).
   - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
   - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
   - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
   - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736).
   - ext4: avoid buffer leak in ext4_orphan_add() after prior errors
   - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
   - ext4: avoid divide by zero fault when deleting corrupted inline
     directories (bsc#1112735).
   - ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
   - ext4: check for NUL characters in extended attribute's name
   - ext4: check to make sure the rename(2)'s destination is not freed
   - ext4: do not mark mmp buffer head dirty (bsc#1112743).
   - ext4: fix buffer leak in __ext4_read_dirblock() on error path
   - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
   - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while
     resizing (bsc#1117798).
   - ext4: fix online resize's handling of a too-small final block group
   - ext4: fix online resizing for bigalloc file systems with a 1k block size
   - ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
   - ext4: fix possible leak of sbi->s_group_desc_leak in error path
   - ext4: fix possible leak of s_journal_flag_rwsem in error path
   - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
   - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733).
   - ext4: fix use-after-free race in ext4_remount()'s error path
   - ext4: initialize retries variable in ext4_da_write_inline_data_begin()
   - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
   - ext4: recalucate superblock checksum after updating free blocks/inodes
   - ext4: release bs.bh before re-using in ext4_xattr_block_find()
   - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731).
   - ext4: show test_dummy_encryption mount option in /proc/mounts
   - fbdev: fix broken menu dependencies (bsc#1113722)
   - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510).
   - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
   - firmware: dcdbas: include linux/io.h (bsc#1089350).
   - Fix kABI for "Ensure we commit after writeback is complete"
   - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
   - flow_dissector: do not dissect l4 ports for fragments
   - fscache: fix race between enablement and dropping of object
   - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
   - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
   - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).
   - fs: Make extension of struct super_block transparent (bsc#1117822).
   - fsnotify: Fix busy inodes during unmount (bsc#1117822).
   - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
   - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745).
   - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able
   - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
   - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
   - ftrace: Remove incorrect setting of glob search field (bsc#1117184).
   - genirq: Fix race on spurious interrupt detection (bsc#1051510).
   - getname_kernel() needs to make sure that ->name != ->iname in long case
   - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error
     path (bsc#1051510).
   - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
   - gso_segment: Reset skb->mac_len after modifying network header
   - hfsplus: do not return 0 when fill_super() failed (bsc#1051510).
   - hfsplus: stop workqueue when fill_super() failed (bsc#1051510).
   - hfs: prevent crash on exit from failed search (bsc#1051510).
   - HID: hiddev: fix potential Spectre v1 (bsc#1051510).
   - HID: hid-sensor-hub: Force logical minimum to 1 for power and report
     state (bsc#1051510).
   - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510).
   - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub
     report (bsc#1051510).
   - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
   - hv: avoid crash in vmbus sysfs files (bnc#1108377).
   - hv_netvsc: fix schedule in RCU context ().
   - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
   - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
   - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
   - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
   - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
   - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
   - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
   - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
   - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
   - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
   - hwrng: core - document the quality field (bsc#1051510).
   - hypfs_kill_super(): deal with failed allocations (bsc#1051510).
   - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510).
   - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510).
   - ibmvnic: fix accelerated VLAN handling ().
   - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
   - ibmvnic: remove ndo_poll_controller ().
   - ibmvnic: Update driver queues after change in ring size support ().
   - iio: accel: adxl345: convert address field usage in iio_chan_spec
   - iio: ad5064: Fix regulator handling (bsc#1051510).
   - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).
   - iio: adc: at91: fix wrong channel number in triggered buffer mode
   - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
   - iio:st_magn: Fix enable device after trigger (bsc#1051510).
   - ima: fix showing large 'violations' or 'runtime_measurements_count'
   - include/linux/pfn_t.h: force '~' to be parsed as an unary operator
   - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
   - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510).
   - Input: atakbd - fix Atari keymap (bsc#1051510).
   - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
   - Input: synaptics - avoid using uninitialized variable when probing
   - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
   - Input: xpad - add support for Xbox1 PDP Camo series gamepad
   - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
   - Input: xpad - fix some coding style issues (bsc#1051510).
   - intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
   - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
   - iommu/arm-smmu: Error out only if not enough context interrupts
   - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
   - iommu/vt-d: Add definitions for PFSID (bsc#1106237).
   - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
   - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
   - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237).
   - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
   - ip6_tunnel: be careful when accessing the inner header
   - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
   - ip6_vti: fix a null pointer deference when destroy vti6 tunnel
   - ipmi: Fix timer race with module unload (bsc#1051510).
   - ip_tunnel: be careful when accessing the inner header
   - ip_tunnel: do not force DF when MTU is locked
   - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
   - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
     state (networking-stable-18_09_11).
   - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
   - ipv6: fix possible use-after-free in ip6_xmit()
   - ipv6: mcast: fix a use-after-free in inet6_mc_check
   - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
     called (networking-stable-18_11_02).
   - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
   - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
   - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a
     debug dump (bsc#1051510).
   - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
   - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
   - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510).
   - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
   - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
   - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
   - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
   - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
   - iwlwifi: mvm: fix regulatory domain update when the firmware starts
   - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510).
   - iwlwifi: mvm: send BCAST management frames to the right station
   - iwlwifi: mvm: support sta_statistics() even on older firmware
   - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
   - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510).
   - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value
   - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257).
   - KABI fix for "NFSv4.1: Fix up replays of interrupted requests"
   - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240).
   - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).
   - KABI: mask raw in struct bpf_reg_state (bsc#1083647).
   - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte
   - KABI: powerpc: Revert npu callback signature change (bsc#1055120).
   - KABI: protect struct fib_nh_exception (kabi).
   - KABI: protect struct rtable (kabi).
   - KABI/severities: ignore __xive_vm_h_* KVM internal symbols.
   - Kbuild: fix # escaping in .cmd files for future Make (git-fixes).
   - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
   - kbuild: move "_all" target out of $(KBUILD_SRC) conditional
   - kernfs: update comment about kernfs_path() return value (bsc#1051510).
   - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
   - kprobes/x86: Fix %p uses in error messages (bsc#1110006).
   - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
   - KVM: Make VM ioctl do valloc for some archs (bsc#1111506).
   - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
   - KVM: nVMX: move check_vmentry_postreqs() call to
     nested_vmx_enter_non_root_mode() (bsc#1106240).
   - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into
     it (bsc#1061840).
   - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode
   - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
   - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller
     physical pages (bsc#1061840).
   - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).
   - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
   - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions
   - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables
   - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).
   - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface
   - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9
   - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9
     v2.2 (bsc#1061840).
   - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page
     fault (bsc#1061840).
   - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
   - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs
   - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function
   - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping
     size (bsc#1061840).
   - KVM: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE
     escalations (bsc#1061840).
   - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
   - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded
   - KVM: PPC: Book3S HV: Enable migration of decrementer register
   - KVM: PPC: Book3S HV: Factor fake-suspend handling out of
     kvmppc_save/restore_tm (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
   - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault
     handler (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing
     code (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
   - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts
   - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry
   - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
   - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory
     backing (bsc#1061840).
   - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler
   - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9
   - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded
   - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
   - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
   - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
   - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in
     kvmppc_radix_tlbie_page (bsc#1061840).
   - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
   - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space
   - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write
     bits do not match (bsc#1061840).
   - KVM: PPC: Book3S HV: Radix page fault handler optimizations
   - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes
   - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock
   - KVM: PPC: Book3S HV: Recursively unmap all page table entries when
     unmapping (bsc#1061840).
   - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).
   - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
   - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers
   - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly
   - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry
   - KVM: PPC: Book3S HV: Streamline setting of reference and change bits
   - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path
   - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler
   - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority
     change (bsc#1061840).
   - KVM: PPC: Book3S PR: Add guest MSR parameter for
     kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).
   - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate
     file (bsc#1061840).
   - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).
   - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue
   - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).
   - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch
   - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).
   - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).
   - KVM: SVM: Add MSR-based feature support for serializing LFENCE
   - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
   - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).
   - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
   - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
   - KVM: x86: Add a framework for supporting MSR-based features
   - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506).
   - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
   - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240).
   - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506).
   - KVM: x86: Set highest physical address bits in non-present/reserved
     SPTEs (bsc#1106240).
   - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
   - libceph: fall back to sendmsg for slab pages (bsc#1118316).
   - libertas: call into generic suspend code before turning off power
   - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
   - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128).
   - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408,
   - libnvdimm: Hold reference on parent while scheduling async init
   - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128).
   - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408,
   - libnvdimm: move poison list functions to a new 'badrange' file
   - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128).
   - libnvdimm/nfit_test: adding support for unit testing enable LSS status
   - libnvdimm, region: Fail badblocks listing for inactive regions
   - libnvdimm, testing: Add emulation for smart injection commands
   - libnvdimm, testing: update the default smart ctrl_temperature
   - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510).
   - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
   - livepatch: create and include UAPI headers ().
   - llc: set SOCK_RCU_FREE in llc_sap_add_socket()
   - lockd: fix "list_add double add" caused by legacy signal interface
   - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711).
   - loop: do not call into filesystem while holding lo_ctl_mutex
   - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284).
   - mac80211: Always report TX status (bsc#1051510).
   - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
   - mac80211_hwsim: do not omit multicast announce of first added radio
   - mac80211: minstrel: fix using short preamble CCK rates on HT clients
   - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
   - mach64: detect the dot clock divider correctly on sparc (bsc#1051510).
   - mach64: fix display corruption on big endian machines (bsc#1113722)
   - mach64: fix image corruption due to reading accelerator registers
   - mailbox: PCC: handle parse error (bsc#1051510).
   - make sure that __dentry_kill() always invalidates d_seq, unhashed or not
   - md: allow metadata updates while suspending an array - fix (git-fixes).
   - MD: fix invalid stored role for a disk - try2 (git-fixes).
   - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
   - md/raid10: fix that replacement cannot complete recovery after
     reassemble (git-fixes).
   - md/raid1: add error handling of read error from FailFast device
   - md/raid5-cache: disable reshape completely (git-fixes).
   - md/raid5: fix data corruption of replacements after originals dropped
   - media: af9035: prevent buffer overflow on write (bsc#1051510).
   - media: cx231xx: fix potential sign-extension overflow on large shift
   - media: dvb: fix compat ioctl translation (bsc#1051510).
   - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).
   - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).
   - media: pci: cx23885: handle adding to list failure (bsc#1051510).
   - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).
   - media: tvp5150: fix switch exit in set control handler (bsc#1051510).
   - media: tvp5150: fix width alignment during set_selection() (bsc#1051510).
   - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
   - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
   - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).
   - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
   - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510).
   - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
   - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
   - mlxsw: spectrum: Fix IP2ME CPU policer configuration
   - mmc: block: avoid multiblock reads for the last sector in SPI mode
   - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
   - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
   - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
   - mm/migrate: Use spin_trylock() while resetting rate limit ().
   - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
     (Git-fixes bsc#1109907).
   - mm: rework memcg kernel stack accounting (bnc#1113677).
   - modpost: ignore livepatch unresolved relocations ().
   - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
   - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
   - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
   - move changes without Git-commit out of sorted section
   - neighbour: confirm neigh entries when ARP packet is received
   - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501,
   - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501,
   - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
   - net: aquantia: memory corruption on jumbo frames
   - net: bcmgenet: Poll internal PHY for GENETv5
   - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
   - net: bcmgenet: use MAC link status for fixed phy
   - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
   - net: dsa: bcm_sf2: Call setup during switch resume
   - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
   - net: ena: add functions for handling Low Latency Queues in ena_com
     (bsc#1111696 bsc#1117561).
   - net: ena: add functions for handling Low Latency Queues in ena_netdev
     (bsc#1111696 bsc#1117561).
   - net: ena: change rx copybreak default to reduce kernel memory pressure
     (bsc#1111696 bsc#1117561).
   - net: ena: complete host info to match latest ENA spec (bsc#1111696
   - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
   - net: ena: explicit casting and initialization, and clearer error
     handling (bsc#1111696 bsc#1117561).
   - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
   - net: ena: fix compilation error in xtensa architecture (bsc#1111696
   - net: ena: fix crash during failed resume from hibernation (bsc#1111696
   - net: ena: fix indentations in ena_defs for better readability
     (bsc#1111696 bsc#1117561).
   - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
   - net: ena: fix NULL dereference due to untimely napi initialization
     (bsc#1111696 bsc#1117561).
   - net: ena: fix rare bug when failed restart/resume is followed by driver
     removal (bsc#1111696 bsc#1117561).
   - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696
   - net: ena: introduce Low Latency Queues data structures according to ENA
     spec (bsc#1111696 bsc#1117561).
   - net: ena: limit refill Rx threshold to 256 to avoid latency issues
     (bsc#1111696 bsc#1117561).
   - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
   - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
   - net: ena: remove redundant parameter in ena_com_admin_init()
     (bsc#1111696 bsc#1117561).
   - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
   - net: ena: use CSUM_CHECKED device indication to report skb's checksum
     status (bsc#1111696 bsc#1117561).
   - net: fec: do not dump RX FIFO register when not available
   - net-gro: reset skb->pkt_type in napi_reuse_skb()
   - net: hns: fix for unmapping problem when SMMU is on
   - net: hp100: fix always-true check for link up state
   - net: ibm: fix return type of ndo_start_xmit function ().
   - net/ibmnvic: Fix deadlock problem in reset ().
   - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
   - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
   - net: ipv4: do not let PMTU updates increase route MTU (git-fixes).
   - net/ipv6: Display all addresses in output of /proc/net/if_inet6
   - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
   - netlabel: check for IPV4MASK in addrinfo_get
   - net: macb: do not disable MDIO bus at open/close time
   - net/mlx5: Check for error in mlx5_attach_interface
   - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
   - net/mlx5e: Set vlan masks for all offloaded TC rules
   - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB
     tables (networking-stable-18_09_18).
   - net/mlx5: E-Switch, Fix out of bound access when setting vport rate
   - net/mlx5: Fix debugfs cleanup in the device init/remove flow
   - net/mlx5: Fix use-after-free in self-healing flow
   - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
   - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
   - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
   - net/packet: fix packet drop as of virtio gso
   - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs
   - net: qca_spi: Fix race condition in spi transfers
   - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
   - net: sched: action_ife: take reference to meta module
   - net/sched: act_pedit: fix dump of extended layered op
   - net/sched: act_sample: fix NULL dereference in the data path
   - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
   - net: sched: Fix memory exposure from short TCA_U32_SEL
   - net: sched: gred: pass the right attribute to gred_change_table_def()
   - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
   - net: socket: fix a missing-check bug (networking-stable-18_11_02).
   - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
   - net: stmmac: Fixup the tail addr setting in xmit path
   - net: systemport: Fix wake-up interrupt race during resume
   - net: systemport: Protect stop from timeout (networking-stable-18_11_21).
   - net: udp: fix handling of CHECKSUM_COMPLETE packets
   - net/usb: cancel pending work when unbinding smsc75xx
   - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).
   - nfit_test: add error injection DSMs (bsc#1112128).
   - nfit_test: fix buffer overrun, add sanity check (bsc#1112128).
   - nfit_test: improve structure offset handling (bsc#1112128).
   - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128).
   - nfit_test: when clearing poison, also remove badrange entries
   - nfp: wait for posted reconfigs when disabling the device
   - NFS: Avoid quadratic search when freeing delegations (bsc#1084760).
   - NFS: Avoid RCU usage in tracepoints (git-fixes).
   - NFS: commit direct writes even if they fail partially (git-fixes).
   - nfsd4: permit layoutget of executable-only files (git-fixes).
   - nfsd: check for use of the closed special stateid (git-fixes).
   - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
   - nfsd: deal with revoked delegations appropriately (git-fixes).
   - nfsd: Ensure we check stateid validity in the seqid operation checks
   - nfsd: Fix another OPEN stateid race (git-fixes).
   - nfsd: fix corrupted reply to badly ordered compound (git-fixes).
   - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
   - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
   - NFS: do not wait on commit in nfs_commit_inode() if there were no commit
     requests (git-fixes).
   - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
   - NFS: Ensure we commit after writeback is complete (bsc#1111809).
   - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).
   - NFS: Fix a typo in nfs_rename() (git-fixes).
   - NFS: Fix typo in nomigration mount option (git-fixes).
   - NFS: Fix unstable write completion (git-fixes).
   - NFSv4.0 fix client reference leak in callback (git-fixes).
   - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
   - NFSv4.1 fix infinite loop on I/O (git-fixes).
   - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
   - NFSv4.1: Fix up replays of interrupted requests (git-fixes).
   - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).
   - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
   - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
   - nospec: Include <asm/barrier.h> dependency (bsc#1114279).
   - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921,
     bsc#1113408, bsc#1113972).
   - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408,
   - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).
   - nvdimm: Split label init out from the logic for getting config data
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - nvdimm: Use namespace index data to reduce number of label reads needed
     (bsc#1111921, bsc#1113408, bsc#1113972).
   - nvme: Free ctrl device name on init failure ().
   - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
   - ocfs2: fix locking for res->tracking and dlm->tracking_list
   - ocfs2: fix ocfs2 read block panic (bsc#1117815).
   - ocfs2: free up write context when direct IO failed (bsc#1117821).
   - ocfs2: subsystem.su_mutex is required while accessing the
     item->ci_parent (bsc#1117808).
   - of: add helper to lookup compatible child node (bsc#1106110)
   - openvswitch: Fix push/pop ethernet validation
   - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510).
   - orangefs: initialize op on loop restart in orangefs_devreq_read
   - orangefs_kill_sb(): deal with allocation failures (bsc#1051510).
   - orangefs: use list_for_each_entry_safe in purge_waiting_ops
   - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
   - PCI/ASPM: Do not initialize link state when aspm_disabled is set
   - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510).
   - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been
     already applied by the following commit: 9f73db8b7c PCI: dwc: Fix
     enumeration end when reaching root subordinate (bsc#1051510)
   - PCI: hv: Do not wait forever on a device that has disappeared
   - PCI: hv: Use effective affinity mask (bsc#1109772).
   - PCI: imx6: Fix link training status detection in link up check
   - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
   - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
   - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510).
   - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
   - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
   - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
   - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
   - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
   - perf: fix invalid bit in diagnostic entry (git-fixes).
   - pinctrl: at91-pio4: fix has_config check in
     atmel_pctl_dt_subnode_to_map() (bsc#1051510).
   - pinctrl: meson: fix pinconf bias disable (bsc#1051510).
   - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
   - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
   - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
   - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
   - pipe: match pipe_max_size data type with procfs (git-fixes).
   - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
   - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
   - pNFS: Always free the session slot on error in
     nfs4_layoutget_handle_exception (git-fixes).
   - pNFS: Do not release the sequence slot until we've processed layoutget
     on open (git-fixes).
   - pNFS: Prevent the layout header refcount going to zero in pnfs_roc()
   - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9
   - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
   - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
   - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
   - powerpc/mm: Fix typo in comments (bsc#1065729).
   - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb
   - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
   - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).
   - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure
   - powerpc/perf: Update raw-event code encoding comment for power8
   - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
   - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
   - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage
   - powerpc/powernv: Fix opal_event_shutdown() called with interrupts
     disabled (bsc#1065729).
   - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
   - powerpc/powernv/ioda: Allocate indirect TCE levels on demand
   - powerpc/powernv/ioda: Finish removing explicit max window size check
   - powerpc/powernv/ioda: Remove explicit max window size check
   - powerpc/powernv: Move TCE manupulation code to its own file
   - powerpc/powernv/npu: Add lock to prevent race in concurrent context
     init/destroy (bsc#1055120).
   - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
   - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
   - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex()
     callback parameters (bsc#1055120).
   - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm()
   - powerpc/powernv/pci: Work around races in PCI bridge enabling
   - powerpc/powernv: Rework TCE level allocation (bsc#1061840).
   - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug
     (bsc#1079524, git-fixes).
   - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).
   - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
   - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
   - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during
     DLPAR (bsc#1113295).
   - powerpc/pseries/mobility: Extend start/stop topology update scope
     (bsc#1116950, bsc#1115709).
   - powerpc: pseries: remove dlpar_attach_node dependency on full path
   - powerpc/xive: Move definition of ESB bits (bsc#1061840).
   - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
   - power: supply: max8998-charger: Fix platform data retrieval
   - pppoe: fix reception of frames with no mac header
   - printk: drop in_nmi check from printk_safe_flush_on_panic()
   - printk: Fix panic caused by passing log_buf_len to command line
   - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208).
   - provide linux/set_memory.h (bsc#1113295).
   - ptp: fix Spectre v1 vulnerability (bsc#1051510).
   - pwm: lpss: Release runtime-pm reference from the driver's remove
     callback (bsc#1051510).
   - pxa168fb: prepare the clock (bsc#1051510).
   - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
   - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
   - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
   - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
   - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
   - r8169: fix NAPI handling under high load (networking-stable-18_11_02).
   - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
   - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
   - random: rate limit unseeded randomness warnings (git-fixes).
   - rculist: add list_for_each_entry_from_rcu() (bsc#1084760).
   - rculist: Improve documentation for list_for_each_entry_from_rcu()
   - rds: fix two RCU related problems (networking-stable-18_09_18).
   - README: Clean-up trailing whitespace
   - reiserfs: add check to detect corrupted directory entry (bsc#1109818).
   - reiserfs: do not panic on bad directory entries (bsc#1109818).
   - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
   - rename a hv patch to reduce conflicts in -AZURE
   - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
   - reset: imx7: Fix always writing bits as 0 (bsc#1051510).
   - resource: Include resource end in walk_*() interfaces (bsc#1114279).
   - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839).
   - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729).
   - Revert "rpm/kernel-binary.spec.in: allow unsupported modules for -extra"
   - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
   - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes).
   - rtnetlink: Disallow FDB configuration for non-Ethernet device
   - rtnetlink: fix rtnl_fdb_dump() for ndmsg header
   - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
   - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
   - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
   - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
   - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
   - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its
     function (bnc#1113501, LTC#172682).
   - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
   - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501,
   - s390/qeth: handle failure on workqueue creation (git-fixes).
   - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
   - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
   - s390/sclp_tty: enable line mode tty even if there is an ascii console
   - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
   - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
   - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
   - sched/numa: Limit the conditions where scan period is reset ().
   - scsi: core: Allow state transitions from OFFLINE to BLOCKED
   - scsi: core: Allow state transitions from OFFLINE to BLOCKED
   - scsi: core: Avoid that SCSI device removal through sysfs triggers a
     deadlock (bsc#1114578).
   - scsi: libfc: check fc_frame_payload_get() return value for null
   - scsi: libfc: check fc_frame_payload_get() return value for null
   - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
   - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
   - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
   - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
   - scsi: lpfc: add Trunking support (bsc#1114015).
   - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
   - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
   - scsi: lpfc: Correct irq handling via locks when taking adapter offline
   - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
   - scsi: lpfc: Correct loss of fc4 type on remote port address change
   - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
   - scsi: lpfc: Correct soft lockup when running mds diagnostics
   - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
   - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
   - scsi: lpfc: Fix errors in log messages (bsc#1114015).
   - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
   - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
   - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
   - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point
   - scsi: lpfc: Implement GID_PT on Nameserver query to support faster
     failover (bsc#1114015).
   - scsi: lpfc: Raise nvme defaults to support a larger io and more
     connectivity (bsc#1114015).
   - scsi: lpfc: raise sg count for nvme to use available sg resources
   - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
   - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
   - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver
     PLOGI retry (bsc#1114015).
   - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
   - scsi: lpfc: update driver version to (bsc#1114015).
   - scsi: lpfc: update driver version to (bsc#1114015).
   - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()'
   - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
   - scsi: sg: fix minor memory leak in error path (bsc#1114584).
   - scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
   - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
   - scsi: target/tcm_loop: Avoid that static checkers warn about dead code
   - scsi: target: tcmu: add read length support (bsc#1097755).
   - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
   - sctp: fix strchange_flags name for Stream Change Event
   - sctp: hold transport before accessing its asoc in
     sctp_transport_get_next (networking-stable-18_09_11).
   - sctp: not allow to set asoc prsctp_enable by sockopt
   - sctp: not increase stream's incnt before sending addstrm_in request
   - sctp: update dst pmtu with the correct daddr
   - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).
   - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).
   - skip LAYOUTRETURN if layout is invalid (git-fixes).
   - smb2: fix missing files in root share directory listing (bsc#1112907).
   - smb2: fix missing files in root share directory listing (bsc#1112907).
   - smb3: fill in statfs fsid and correct namelen (bsc#1112905).
   - smb3: fill in statfs fsid and correct namelen (bsc#1112905).
   - smb3: fix reset of bytes read and written stats (bsc#1112906).
   - smb3: fix reset of bytes read and written stats (bsc#1112906).
   - smb3: on reconnect set PreviousSessionId field (bsc#1112899).
   - smb3: on reconnect set PreviousSessionId field (bsc#1112899).
   - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
   - soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
   - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
   - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510).
   - sound: enable interrupt after dma buffer initialization (bsc#1051510).
   - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
   - spi: bcm-qspi: switch back to reading flash using smaller chunks
   - spi: sh-msiof: fix deferred probing (bsc#1051510).
   - staging: comedi: ni_mio_common: protect register write overflow
   - staging:iio:ad7606: fix voltage scales (bsc#1051510).
   - staging: rtl8723bs: Fix the return value in case of error in
     'rtw_wx_read32()' (bsc#1051510).
   - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
   - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes).
   - sunrpc: Do not use stack buffer with scatterlist (git-fixes).
   - sunrpc: Fix rpc_task_begin trace point (git-fixes).
   - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status
   - target: fix buffer offset in core_scsi3_pri_read_full_status
   - target: log Data-Out timeouts as errors (bsc#1095805).
   - target: log NOP ping timeouts as errors (bsc#1095805).
   - target: split out helper for cxn timeout error stashing (bsc#1095805).
   - target: stash sess_err_stats on Data-Out timeout (bsc#1095805).
   - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).
   - tcp: do not restart timewait timer on rst reception
   - test_firmware: fix error return getting clobbered (bsc#1051510).
   - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control
     paths (networking-stable-18_11_21).
   - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
   - thermal: da9062/61: Prevent hardware access during system suspend
   - thermal: rcar_thermal: Prevent hardware access during system suspend
   - tipc: do not assume linear buffer when reading ancillary data
   - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
   - tipc: fix flow control accounting for implicit connect
   - tools build: fix # escaping in .cmd files for future Make (git-fixes).
   - tools/testing/nvdimm: advertise a write cache for nfit_test
   - tools/testing/nvdimm: allow custom error code injection (bsc#1112128).
   - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128).
   - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128).
   - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle'
     attribute (bsc#1112128).
   - tools/testing/nvdimm: Fix support for emulating controller temperature
   - tools/testing/nvdimm: force nfit_test to depend on instrumented modules
   - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128).
   - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
   - tools/testing/nvdimm: Make DSM failure code injection an override
   - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128).
   - tools/testing/nvdimm: stricter bounds checking for error injection
     commands (bsc#1112128).
   - tools/testing/nvdimm: support nfit_test_dimm attributes under
     nfit_test.1 (bsc#1112128).
   - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128).
   - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510).
   - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510).
   - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
   - tpm: add retry logic (bsc#1082555).
   - tpm: consolidate the TPM startup code (bsc#1082555).
   - tpm: do not suspend/resume if power stays on (bsc#1082555).
   - tpm: fix intermittent failure with self tests (bsc#1082555).
   - tpm: fix response size validation in tpm_get_random() (bsc#1082555).
   - tpm: move endianness conversion of ordinals to tpm_input_header
   - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to
     tpm_input_header (bsc#1082555).
   - tpm: move the delay_msec increment after sleep in tpm_transmit()
   - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
   - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers
   - tpm: Restore functionality to xen vtpm driver (bsc#1082555).
   - tpm: self test failure should not cause suspend to fail (bsc#1082555).
   - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
   - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
   - tpm: Use dynamic delay to wait for TPM 2.0 self test result
   - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
   - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
   - tracing: Add barrier to trace_printk() buffer nesting modification
   - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
   - tracing: Erase irqsoff trace with empty write (bsc#1117189).
   - tty: check name length in tty_find_polling_driver() (bsc#1051510).
   - tty: Do not block on IO when ldisc change is pending (bnc#1105428).
   - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).
   - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).
   - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
   - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
   - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).
   - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).
   - tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
   - tty: wipe buffer (bsc#1051510).
   - tty: wipe buffer if not echoing data (bsc#1051510).
   - tun: Consistently configure generic netdev params via rtnetlink
   - tuntap: fix multiqueue rx (networking-stable-18_11_21).
   - udp4: fix IP_CMSG_CHECKSUM for connected sockets
   - udp6: add missing checks on edumux packet processing
   - udp6: fix encap return code for resubmitting (git-fixes).
   - uio: ensure class is registered before devices (bsc#1051510).
   - uio: Fix an Oops on load (bsc#1051510).
   - uio: make symbol 'uio_class_registered' static (bsc#1051510).
   - Update config files. Enabled ENA (Amazon network driver) for arm64.
   - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
   - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).
   - usb: core: Fix hub port connection events lost (bsc#1051510).
   - usb: dwc2: host: do not delay retries for CONTROL IN transfers
   - usb: dwc2: host: Do not retry NAKed transactions right away
   - usb: dwc3: core: Clean up ULPI device (bsc#1051510).
   - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
   - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
   - usb: gadget: fsl_udc_core: check allocation return value and cleanup on
     failure (bsc#1051510).
   - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation
   - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
   - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
   - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
   - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
   - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).
   - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
   - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510).
   - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
   - usb: omap_udc: fix rejection of out transfers when DMA is used
   - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
   - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
   - usb: remove LPM management from usb_driver_claim_interface()
   - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).
   - usb: serial: option: add two-endpoints device-id flag (bsc#1051510).
   - usb: serial: option: drop redundant interface-class test (bsc#1051510).
   - usb: serial: option: improve Quectel EP06 detection (bsc#1051510).
   - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
   - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
   - Use upstream version of pci-hyperv patch (35a88a1)
   - VFS: close race between getcwd() and d_move() (git-fixes).
   - VFS: fix freeze protection in mnt_want_write_file() for overlayfs
   - vhost: Fix Spectre V1 vulnerability (bsc#1051510).
   - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
   - virtio_net: avoid using netif_tx_disable() for serializing tx routine
   - VMCI: Resource wildcard match fixed (bsc#1051510).
   - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
   - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).
   - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
   - x86/boot/KASLR: Work around firmware bugs by excluding
     EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878).
   - x86/boot: Move EISA setup to a separate file (bsc#1110006).
   - x86/corruption-check: Fix panic in memory_corruption_check() when boot
     option without value is provided (bsc#1110006).
   - x86/cpufeature: Add User-Mode Instruction Prevention definitions
   - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature
   - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
   - x86/eisa: Add missing include (bsc#1110006).
   - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006).
   - x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
   - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
   - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12
   - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006).
   - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).
   - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
   - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
   - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
   - x86/MCE/AMD: Fix the thresholding machinery initialization order
   - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
   - x86/MCE: Make correctable error detection look at the Deferred bit
   - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
   - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128).
   - x86/paravirt: Fix some warning messages (bnc#1065600).
   - x86/percpu: Fix this_cpu_read() (bsc#1110006).
   - x86/speculation: Support Enhanced IBRS on future CPUs ().
   - x86/time: Correct the attribute on jiffies' definition (bsc#1110006).
   - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
   - xen/balloon: Support xend-based toolstack (bnc#1065600).
   - xen/blkfront: avoid NULL blkfront_info dereference on device removal
   - xen: fix race in xen_qlock_wait() (bnc#1107256).
   - xen: fix xen_qlock_wait() (bnc#1107256).
   - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
   - xen: make xen_qlock_wait() nestable (bnc#1107256).
   - xen/netfront: do not bug in case of too many frags (bnc#1104824).
   - xen/pvh: do not try to unplug emulated devices (bnc#1065600).
   - xen/pvh: increase early stack size (bnc#1065600).
   - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600).
   - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
   - xen-swiotlb: use actually allocated size on check physical continuous
   - xen/x86: add diagnostic printout to xen_mc_flush() in case of error
   - xfrm: use complete IPv6 addresses for hash (bsc#1109330).
   - xfs: do not fail when converting shortform attr to long form during
     ATTR_REPLACE (bsc#1105025).
   - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
   - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
   - xhci: Add check for invalid byte size error when UAS devices are
     connected (bsc#1051510).
   - xhci: Do not print a warning when setting link state for disabled ports
   - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
   - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Live Patching 12-SP4:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2018-2894=1

Package List:

   - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64):




sle-security-updates mailing list

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967