[3.10.0-1127.OL7] - Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] [3.10.0-1127] - [fs] flexfiles: Dont tie up all the rpciod threads in resends [1778963] [3.10.0-1126] - [scsi] scsi: qla2xxx: Fix unbound NVME response length [1788669] [3.10.0-1125] - [fs] mark struct file that had write access grabbed by open [1679829] - [fs] fold __get_file_write_access into its only caller [1679829] - [powerpc] get rid of DEBUG_WRITECOUNT [1679829] - [fs] dont bother with {get, put}_write_access on non-regular files [1679829] - [fs] gfs2: Use d_materialise_unique instead of d_splice_alias [1784550] - [fs] gfs2: gfs2_create_inode: dont bother with d_splice_alias [1784550] - [fs] gfs2: bugger off early if O_CREAT open finds a directory [1784550] - [fs] libceph: fix PG split vs OSD connect race [1785656] - [scsi] Fix driver intialization failure for sli4 non nvme [1783899] - [netdrv] hv_netvsc: fix race that may miss tx queue wakeup [1781322] [3.10.0-1124] - [s390] s390: wire up sys_renameat2 [1773504] - [net] ipvs: do not use random local source address for tunnels [1786676] - [misc] mei: me: add cannon point device ids for 4th device [1745139] - [misc] mei: me: add cannon point device ids [1745139] - [netdrv] bnxt_en: Support all variants of the 5750X chip family [1789345] [3.10.0-1123] - [mm] mm: prevent get_user_pages from overflowing page refcount [1705005] {CVE-2019-11487} - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors [1705005] {CVE-2019-11487} - [fs] CIFS: avoid using MID 0xFFFF [1771255] - [net] netfilter: xt_TRACE: add explicitly nf_logger_find_get call [1774444] - [wireless] rtlwifi: Fix potential overflow on P2P code [1775236] {CVE-2019-17666} [3.10.0-1122] - [drm] drm/amd/powerplay: use hardware fan control if no powerplay fan table [1729286] - [nvme] nvme-fc: fix double-free scenarios on hw queues [1731286] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it [1779768] - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality [1779768] {CVE-2019-19338} - [x86] kvm: x86: Mark expected switch fall-throughs [1779768] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID [1779768] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs [1779768] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES [1779768] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled [1779768] {CVE-2019-19338} - [s390] s390/qeth: ensure linear access to packet headers [1782927] - [s390] s390/qeth: guard against runt packets [1782927] - [s390] s390/qeth: consolidate skb allocation [1782927] - [s390] s390/qeth: clean up page frag creation [1782927] - [netdrv] i40e: Fix for persistent lldp support [1782689] [3.10.0-1121] - [platform] thinkpad_acpi: Dont yell on unsupported brightness interfaces [1305619] - [platform] thinkpad-acpi: fix handle locate for video and query of _BCL [1305619] - [s390] kernel: avoid cpu yield in SMT environment [1777876] - [scsi] scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd [1783016] - [scsi] scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX [1783016] - [scsi] scsi: qla2xxx: Correctly retrieve and interpret active flash region [1783016] - [powerpc] KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel [1777710] - [powerpc] powerpc/book3s64: Fix link stack flush on context switch [1777710] - [powerpc] powerpc/64s: support nospectre_v2 cmdline option [1777710] - [net] openvswitch: fix flow command message size [1776578] - [block] brd: re-enable __GFP_HIGHMEM in brd_insert_page [1781298] - [block] brd: remove dax support [1781298] - [nvme] nvme: dont access the inlined bio after nvmet request is completed [1631120] - [fs] epoll: fix race between ep_poll_callback and ep_free/ep_remove [1780128] - [nvme] nvme: fix NULL pointer dereference in nvme_init_subsystem [1781316] - [nvme] nvme-fabrics: allow duplicate connections to the discovery controller [1781316] - [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort [1772966] [3.10.0-1120] - [md] raid5: need to set STRIPE_HANDLE for batch head [1774330] - [drm] drm/radeon: fix si_enable_smc_cac failed issue [1780026] - [block] block: dont change REQ_NR_BITS [1779712] [3.10.0-1119] - [x86] mm: serialize against gup_fast in pmdp_splitting_flush [1674266] - [vhost] vsock: split packets to send using multiple buffers [1777349] - [md] md/raid10: prevent access of uninitialized resync_pages offset [1767935] - [x86] perf/x86: Modify error message in virtualized environment [1759758] - [fs] cifs: Fix infinite loop when using hard mount option [1770404] - [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame [1776157] {CVE-2019-14901} [3.10.0-1118] - [net] ipv6: support more tunnel interfaces for EUI64 link-local generation [1770686] - [net] netfilter: masquerade: dont flush all conntracks if only one address deleted on device [1771396] - [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup [1771396] - [net] ipvs: fix buffer overflow with sync daemon and service [1725440] - [net] ipvs: fix rtnl_lock lockups caused by start_sync_thread [1725440] - [net] ipvs: Pass ipvs not net to make_receive_sock [1725440] - [net] ipvs: Pass ipvs not net to make_send_sock [1725440] - [net] ipvs: Pass ipvs not net to start_sync_thread [1725440] - [net] ipvs: Pass ipvs not net to ip_vs_genl_new_daemon [1725440] - [net] ipvs: add sync_maxlen parameter for the sync daemon [1725440] - [net] ipvs: call rtnl_lock early [1725440] - [net] netfilter: dont use mutex_lock_interruptible [1725440] - [net] ipvs: fix memory leak in ip_vs_ctl.c [1725440] - [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie [1776206] - [scsi] Revert "qla2xxx: Mark NVMe/FC initiator mode usage as technology preview" [1642968] [3.10.0-1117] - [x86] x86/speculation: Remove unneeded STIBP code [1766540] {CVE-2019-11135} - [x86] x86/speculation: Fix redundant MDS mitigation message [1766540] {CVE-2019-11135} - [documentation] x86/speculation: Fix incorrect MDS/TAA mitigation status [1766540] {CVE-2019-11135} - [x86] x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs [1766540] {CVE-2019-11135} - [x86] x86/tsx: Add config options to set tsx=on|off|auto [1766540] {CVE-2019-11135} - [documentation] x86/speculation/taa: Add documentation for TSX Async Abort [1766540] {CVE-2019-11135} - [x86] x86/tsx: Add "auto" option to the tsx= cmdline parameter [1766540] {CVE-2019-11135} - [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort [1766540] {CVE-2019-11135} - [x86] x86/speculation/taa: Add mitigation for TSX Async Abort [1766540] {CVE-2019-11135} - [x86] x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default [1766540] {CVE-2019-11135} - [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr [1766540] {CVE-2019-11135} - [x86] x86/msr: Add the IA32_TSX_CTRL MSR [1766540] {CVE-2019-11135} - [documentation] documentation: Add ITLB_MULTIHIT documentation [1690343] {CVE-2018-12207} - [x86] kvm: x86: mmu: Recovery of shattered NX large pages [1690343] {CVE-2018-12207} - [virt] kvm: Add helper function for creating VM worker threads [1690343] {CVE-2018-12207} - [x86] kvm: mmu: ITLB_MULTIHIT mitigation [1690343] {CVE-2018-12207} - [kernel] cpu/speculation: Uninline and export CPU mitigations helpers [1690343] {CVE-2018-12207} - [x86] cpu: Add Tremont to the cpu vulnerability whitelist [1690343] {CVE-2018-12207} - [x86] Add ITLB_MULTIHIT bug infrastructure [1690343] {CVE-2018-12207} - [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active [1690343] {CVE-2018-12207} - [x86] kvm: x86: add tracepoints around __direct_map and FNAME [1690343] {CVE-2018-12207} - [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON [1690343] {CVE-2018-12207} - [x86] kvm: x86: remove now unneeded hugepage gfn adjustment [1690343] {CVE-2018-12207} - [x86] kvm: x86: make FNAME and __direct_map more similar [1690343] {CVE-2018-12207} - [x86] kvm: mmu: Do not release the page inside mmu_set_spte [1690343] {CVE-2018-12207} - [x86] kvm: x86: mmu: Remove unused parameter of __direct_map [1690343] {CVE-2018-12207} - [virt] kvm: Convert kvm_lock to a mutex [1690343] {CVE-2018-12207} - [x86] kvm: mmu: drop vcpu param in gpte_access [1690343] {CVE-2018-12207} - [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry [1690343] {CVE-2018-12207} [3.10.0-1116] - [netdrv] net/mlx5: Fix auto group size calculation [1769309] - [mm] x86/io: add interface to reserve io memtype for a resource range. [1739623] - [sound] alsa: emux: Fix potential Spectre v1 vulnerabilities [1672561] - [s390] s390/smt: Fix s390 SMT reporting [1764184] - [mm] mm: swap: clean up swap readahead [1725396] - [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault [1725396] - [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference [1725396] - [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active [1765975] [3.10.0-1115] - [scsi] Fix stack tarce when lpfc driver is unloaded [1774744] - [scsi] qla2xxx: Update driver version [1731581] - [scsi] scsi: qla2xxx: Fix partial flash write of MBI [1731581] - [scsi] scsi: qla2xxx: Fix device connect issues in P2P configuration [1731581] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference [1731581] - [scsi] scsi: qla2xxx: Fix double scsi_done for abort path [1731581] - [scsi] scsi: qla2xxx: Make qla2x00_abort_srb again decrease the sp reference count [1731581] - [scsi] scsi: qla2xxx: Fix driver unload hang [1731581] - [scsi] scsi: qla2xxx: Fix SRB leak on switch command timeout [1731581] - [scsi] scsi: qla2xxx: Fix premature timer expiration [1731581] - [scsi] scsi: qla2xxx: Uninline qla2x00_init_timer [1731581] - [scsi] scsi: qla2xxx: Do command completion on abort timeout [1731581] - [scsi] scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure [1731581] - [scsi] scsi: qla2xxx: Add error handling for PLOGI ELS passthrough [1731581] - [scsi] scsi: qla2xxx: Inline the qla2x00_fcport_event_handler function [1731581] - [scsi] scsi: qla2xxx: Dual FCP-NVMe target port support [1731581] - [scsi] scsi: qla2xxx: Use tabs instead of spaces for indentation [1731581] - [scsi] scsi: qla2xxx: Fix N2N link up fail [1731581] - [scsi] scsi: qla2xxx: Fix N2N link reset [1731581] - [scsi] scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command [1731581] - [scsi] scsi: qla2xxx: Introduce the function qla2xxx_init_sp [1731581] - [scsi] scsi: qla2xxx: Really fix qla2xxx_eh_abort [1731581] - [scsi] scsi: qla2xxx: Make qla24xx_async_abort_cmd static [1731581] - [scsi] scsi: qla2xxx: Reduce the number of forward declarations [1731581] - [scsi] scsi: qla2xxx: Remove a superfluous forward declaration [1731581] - [scsi] scsi: qla2xxx: Fix stuck login session [1731581] - [scsi] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd [1731581] - [media] cx24116: fix a buffer overflow when checking userspace params [1737279] {CVE-2015-9289} - [scsi] qedf: Initialize rport while creation of vport [1760746] - [fs] Fix the locking in dcache_readdir and friends [1510603] - [fs] much milder d_walk race [1510603] - [fs] libfs.c: new helper - next_positive [1510603] - [fs] dcache_{readdir, dir_lseek}: dont bother with nested -